Improve server configuration (#284)

2026-05-18 05:05:03 +02:00 · 2026-01-10 22:58:16 +01:00
parent 33a6110e24
commit 9e7e21d336
38 changed files with 699 additions and 631 deletions
--- a/hosting/docker/docker-compose.yaml
+++ b/hosting/docker/docker-compose.yaml
@@ -95,23 +95,20 @@ services:
      # ------------------------------------------------------------------
      NODE_ENV: production

-      # Required env:// secrets (config.json marks these as env://VAR)
+      # Required env:// secrets (default configuration references these as env://VAR)
      POSTGRES_URL: postgres://colanode_user:postgrespass123@postgres:5432/colanode_db
      REDIS_URL: redis://:your_valkey_password@valkey:6379/0

-      # Optional env://? secrets – include only the entries referenced in JSON
-      # Use file://path entries in config.json when you want to read the value from mounted files instead.
-      # ACCOUNT_GOOGLE_CLIENT_ID: ''
-      # ACCOUNT_GOOGLE_CLIENT_SECRET: ''
-      # ...
+      # If you want to override the default configuration mount a config.json as explained below
+      # and add the config.json path as an environment variable:
+      # CONFIG: /config.json

    ports:
      - '3000:3000'
    volumes:
      - server_storage:/var/lib/colanode/storage
      # Mount a config.json sitting next to this compose file to override defaults.
-      # If omitted, the already included config.json inside the server image is used.
-      - ./config.json:/app/apps/server/config.json:ro
+      # - ./config.json:/config.json:ro
    networks:
      - colanode_network

--- a/hosting/kubernetes/README.md
+++ b/hosting/kubernetes/README.md
@@ -75,9 +75,9 @@ helm install my-colanode ./hosting/kubernetes/chart \

 ### Using config.json with Helm

- The server image already ships with a default `config.json`. Only two env vars are strictly required: `POSTGRES_URL` and `REDIS_URL` (because the JSON references them via `env://`).
- If you do not override `config.json`, the bundled file still expects those pointers. The chart wires them up automatically via `POSTGRES_URL=env://POSTGRES_URL` and `REDIS_URL=env://REDIS_URL`, so a vanilla install works without extra values.
- To supply your own JSON file, copy `apps/server/config.json`, edit it, and enable the new override:
+- The server image already ships with a default configuration. Only two env vars are strictly required: `POSTGRES_URL` and `REDIS_URL` (because the default configuration references them via `env://`).
+- If you do add your own `config.json`, the default configuration still expects those pointers. The chart wires them up automatically via `POSTGRES_URL=env://POSTGRES_URL` and `REDIS_URL=env://REDIS_URL`, so a vanilla install works without extra values.
+- To supply your own JSON file, copy `apps/server/config.example.json`, edit it, and enable the new override:

  ```bash
  helm install my-colanode ./hosting/kubernetes/chart \
@@ -87,29 +87,30 @@ helm install my-colanode ./hosting/kubernetes/chart \

 - Alternatively, create a ConfigMap yourself (`kubectl create configmap colanode-config --from-file=config.json`) and set `colanode.configFile.existingConfigMap=colanode-config`.
 - Environment variables no longer override config values. Only secrets referenced via `env://` (and values from files via `file://`) are read at runtime. Keep non-secret settings in your JSON, mount it with `colanode.configFile`, and surface additional env vars through `colanode.additionalEnv` when a pointer needs a value from Kubernetes secrets.
- To use `file://` pointers, mount the target files next to `config.json` (the chart stores it at `/app/apps/server/config.json`). For example, to load a PostgreSQL CA cert via `"file://secrets/postgres-ca.crt"`:
-  1. Create a secret with the cert contents:
+- To use `file://` pointers, mount the target files next to `config.json` (the chart stores it at `/config.json`). For example, to load a PostgreSQL CA cert via `"file://secrets/postgres-ca.crt"`:

-     ```bash
-     kubectl create secret generic postgres-ca \
-       --from-file=postgres-ca.crt=./certs/rootCA.crt
-     ```
+1.  Create a secret with the cert contents:

-  2. Mount the secret and expose it inside the pod:
+    ```bash
+    kubectl create secret generic postgres-ca \
+      --from-file=postgres-ca.crt=./certs/rootCA.crt
+    ```

-     ```yaml
-     colanode:
-       extraVolumes:
-         - name: postgres-ca
-           secret:
-             secretName: postgres-ca
-       extraVolumeMounts:
-         - name: postgres-ca
-           mountPath: /app/apps/server/secrets
-           readOnly: true
-     ```
+2.  Mount the secret and expose it inside the pod:

-  3. Point your `config.json` field to `"file://secrets/postgres-ca.crt"`. The loader resolves the path relative to the directory containing `config.json`.
+    ```yaml
+    colanode:
+      extraVolumes:
+        - name: postgres-ca
+          secret:
+            secretName: postgres-ca
+      extraVolumeMounts:
+        - name: postgres-ca
+          mountPath: /config/secrets
+          readOnly: true
+    ```
+
+3.  Point your `config.json` field to `"file://secrets/postgres-ca.crt"`. The loader resolves the path relative to the directory containing `config.json`.

 ### Storage Configuration

--- a/hosting/kubernetes/chart/Chart.yaml
+++ b/hosting/kubernetes/chart/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: colanode
 description: A Helm chart for Colanode - open-source & local-first collaboration workspace
 type: application
-version: 0.2.0
+version: 0.2.1
 # appVersion is auto-updated by the release workflow
 appVersion: '1.0.0'

--- a/hosting/kubernetes/chart/templates/_helpers.tpl
+++ b/hosting/kubernetes/chart/templates/_helpers.tpl
@@ -170,6 +170,13 @@ Colanode Server Environment Variables
 - name: REDIS_URL
  value: "redis://:$(REDIS_PASSWORD)@{{ include "colanode.redis.hostname" . }}:6379/0"

+{{- $configFile := .Values.colanode.configFile }}
+{{- $mountConfigFile := or $configFile.enabled $configFile.existingConfigMap }}
+{{- if $mountConfigFile }}
+- name: CONFIG
+  value: "/config.json"
+{{- end }}
+
 {{- range $index, $env := .Values.colanode.additionalEnv }}
 - name: {{ required (printf "colanode.additionalEnv[%d].name is required" $index) $env.name }}
  {{- if hasKey $env "valueFrom" }}
--- a/hosting/kubernetes/chart/templates/deployment.yaml
+++ b/hosting/kubernetes/chart/templates/deployment.yaml
@@ -61,7 +61,7 @@ spec:
 {{- end }}
 {{- if $mountConfigFile }}
            - name: config-json
-              mountPath: /app/apps/server/config.json
+              mountPath: /config.json
              subPath: {{ default "config.json" $configFile.key }}
              readOnly: true
 {{- end }}
--- a/hosting/kubernetes/chart/values.yaml
+++ b/hosting/kubernetes/chart/values.yaml
@@ -91,7 +91,7 @@ colanode:
  #    Example: config.json contains "ca": "file://secrets/postgres-ca.crt".
  #      extraVolumeMounts:
  #        - name: postgres-ca
-  #          mountPath: /app/apps/server/secrets
+  #          mountPath: /config/secrets
  #          readOnly: true
  extraVolumeMounts: []