update with latest build versions, includes custom build for postgres and migrating from v16 to v18

build/piefed/README.md

@@ -33,18 +33,18 @@ This will:
 1. Build the base image with all PieFed dependencies
 2. Build the web container with Nginx + Python/Flask (uWSGI)
 3. Build the worker container with Celery workers
-4. Push to your Harbor registry: `<YOUR_REGISTRY_URL>`
+4. Push to your Harbor registry: `registry.keyboardvagabond.com`
 
 ### **Individual Container Builds**
 
 ```bash
 # Build just web container
 cd piefed-web && docker build --platform linux/arm64 \
-  -t <YOUR_REGISTRY_URL>/library/piefed-web:latest .
+  -t registry.keyboardvagabond.com/library/piefed-web:latest .
 
 # Build just worker container  
 cd piefed-worker && docker build --platform linux/arm64 \
-  -t <YOUR_REGISTRY_URL>/library/piefed-worker:latest .
+  -t registry.keyboardvagabond.com/library/piefed-worker:latest .
 ```
 
 ## 📦 **Container Details**
@@ -85,14 +85,14 @@ PIEFED_DOMAIN=piefed.keyboardvagabond.com
 DB_HOST=postgresql-shared-rw.postgresql-system.svc.cluster.local
 DB_NAME=piefed
 DB_USER=piefed_user
-DB_PASSWORD=<REPLACE_WITH_DATABASE_PASSWORD>
+DB_PASSWORD=secure_password_here
 ```
 
 #### **Redis Configuration**
 ```bash
 REDIS_HOST=redis-ha-haproxy.redis-system.svc.cluster.local
 REDIS_PORT=6379
-REDIS_PASSWORD=<REPLACE_WITH_REDIS_PASSWORD>
+REDIS_PASSWORD=redis_password_if_needed
 ```
 
 #### **S3 Media Storage (Backblaze B2)**
@@ -101,18 +101,18 @@ REDIS_PASSWORD=<REPLACE_WITH_REDIS_PASSWORD>
 S3_ENABLED=true
 S3_BUCKET=piefed-bucket
 S3_REGION=eu-central-003
-S3_ENDPOINT=<REPLACE_WITH_S3_ENDPOINT>
-S3_ACCESS_KEY=<REPLACE_WITH_S3_ACCESS_KEY>
-S3_SECRET_KEY=<REPLACE_WITH_S3_SECRET_KEY>
+S3_ENDPOINT=https://s3.eu-central-003.backblazeb2.com
+S3_ACCESS_KEY=your_b2_key_id
+S3_SECRET_KEY=your_b2_secret_key
 S3_PUBLIC_URL=https://pfm.keyboardvagabond.com/
 ```
 
-#### **Email (SMTP)**
+#### **Email (Mailgun)**
 ```bash
-MAIL_SERVER=<YOUR_SMTP_SERVER>
+MAIL_SERVER=smtp.eu.mailgun.org
 MAIL_PORT=587
 MAIL_USERNAME=piefed@mail.keyboardvagabond.com
-MAIL_PASSWORD=<REPLACE_WITH_EMAIL_PASSWORD>
+MAIL_PASSWORD=<mail password>
 MAIL_USE_TLS=true
 MAIL_DEFAULT_SENDER=piefed@mail.keyboardvagabond.com
 ```

build/piefed/build-all.sh

@@ -2,8 +2,8 @@
 set -e
 
 # Configuration
-REGISTRY="<YOUR_REGISTRY_URL>"
-VERSION="v1.3.9"
+REGISTRY="registry.keyboardvagabond.com"
+VERSION="v1.5.1"
 PLATFORM="linux/arm64"
 
 # Colors for output
@@ -65,6 +65,11 @@ echo -e "${BLUE}Built containers:${NC}"
 echo -e "  • ${GREEN}$REGISTRY/library/piefed-web:$VERSION${NC}"
 echo -e "  • ${GREEN}$REGISTRY/library/piefed-worker:$VERSION${NC}"
 
+# Show image sizes
+echo
+echo -e "${BLUE}📊 Built image sizes:${NC}"
+docker images --format "table {{.Repository}}\t{{.Tag}}\t{{.Size}}" | grep -E "(piefed-base|piefed-web|piefed-worker)" | head -10
+
 # Ask about pushing to registry
 echo
 read -p "Push all containers to Harbor registry? (y/N): " -n 1 -r

build/piefed/piefed-base/.dockerignore

@@ -0,0 +1,29 @@
+# Git
+.git
+.gitignore
+
+# Documentation
+*.md
+README*
+
+# Python cache
+__pycache__
+*.pyc
+*.pyo
+*.pyd
+.pytest_cache
+.coverage
+htmlcov/
+
+# Environment files
+.env*
+*.env
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# Build artifacts
+*.log

build/piefed/piefed-base/Dockerfile

@@ -1,11 +1,8 @@
 # Multi-stage build for smaller final image
-FROM python:3.11-alpine AS builder
+FROM python:3.11-alpine3.21 AS builder
 
-# Use HTTP repositories to avoid SSL issues, then install dependencies
-RUN echo "http://dl-cdn.alpinelinux.org/alpine/v3.22/main" > /etc/apk/repositories \
-    && echo "http://dl-cdn.alpinelinux.org/alpine/v3.22/community" >> /etc/apk/repositories \
-    && apk update \
-    && apk add --no-cache \
+# Install build dependencies
+RUN apk add --no-cache \
         pkgconfig \
         gcc \
         python3-dev \
@@ -19,21 +16,24 @@ RUN echo "http://dl-cdn.alpinelinux.org/alpine/v3.22/main" > /etc/apk/repositori
 # Set working directory
 WORKDIR /app
 
-# v1.3.x
-ARG PIEFED_VERSION=main
+# Clone PieFed source
+ARG PIEFED_VERSION=v1.5.1
 RUN git clone https://codeberg.org/rimu/pyfedi.git /app \
     && cd /app \
     && git checkout ${PIEFED_VERSION} \
     && rm -rf .git
 
-# Install Python dependencies to /app/venv
+# Install Python dependencies to /app/venv and clean up cache/bytecode
 RUN python -m venv /app/venv \
     && source /app/venv/bin/activate \
     && pip install --no-cache-dir -r requirements.txt \
-    && pip install --no-cache-dir uwsgi
+    && pip install --no-cache-dir uwsgi \
+    && find /app/venv -name "*.pyc" -delete \
+    && find /app/venv -name "__pycache__" -type d -exec rm -rf {} + 2>/dev/null || true \
+    && find /app -name "*.pyo" -delete 2>/dev/null || true
 
 # Runtime stage - much smaller
-FROM python:3.11-alpine AS runtime
+FROM python:3.11-alpine3.21 AS runtime
 
 # Set environment variables
 ENV TZ=UTC
@@ -41,55 +41,43 @@ ENV PYTHONUNBUFFERED=1
 ENV PYTHONDONTWRITEBYTECODE=1
 ENV PATH="/app/venv/bin:$PATH"
 
-# Install only runtime dependencies
-RUN echo "http://dl-cdn.alpinelinux.org/alpine/v3.22/main" > /etc/apk/repositories \
-    && echo "http://dl-cdn.alpinelinux.org/alpine/v3.22/community" >> /etc/apk/repositories \
-    && apk update \
-    && apk add --no-cache \
+# Install only runtime dependencies (no redis server, nginx, dcron, or tesseract - not needed)
+# - redis: using external Redis cluster, only Python client needed
+# - nginx: only needed in web container, installed there
+# - dcron: using Kubernetes CronJobs for scheduling
+# - tesseract: OCR not used by PieFed
+RUN apk add --no-cache \
         ca-certificates \
         curl \
         su-exec \
-        dcron \
         libpq \
         jpeg \
         freetype \
         lcms2 \
         openjpeg \
         tiff \
-        nginx \
         supervisor \
-        redis \
-        bash \
-        tesseract-ocr \
-        tesseract-ocr-data-eng
+        bash
 
-# Create piefed user
+# Create piefed user and set up directories in a single layer
 RUN addgroup -g 1000 piefed \
-    && adduser -u 1000 -G piefed -s /bin/sh -D piefed
+    && adduser -u 1000 -G piefed -s /bin/sh -D piefed \
+    && mkdir -p /app/logs /app/app/static/tmp /app/app/static/media \
+        /var/log/piefed /var/run/piefed \
+    && chown -R piefed:piefed /var/log/piefed /var/run/piefed
 
 # Set working directory
 WORKDIR /app
 
-# Copy application and virtual environment from builder
-COPY --from=builder /app /app
-COPY --from=builder /app/venv /app/venv
+# Copy application and virtual environment from builder (venv is inside /app)
+COPY --from=builder --chown=piefed:piefed /app /app
 
-# Compile translations (matching official Dockerfile)
-RUN source /app/venv/bin/activate && \
-    (pybabel compile -d app/translations || true)
-
-# Set proper permissions - ensure logs directory is writable for dual logging
-RUN chown -R piefed:piefed /app \
-    && mkdir -p /app/logs /app/app/static/tmp /app/app/static/media \
-    && chown -R piefed:piefed /app/logs /app/app/static/tmp /app/app/static/media \
-    && chmod -R 755 /app/logs /app/app/static/tmp /app/app/static/media \
-    && chmod 777 /app/logs
+# Compile translations and set permissions in a single layer
+RUN source /app/venv/bin/activate \
+    && (pybabel compile -d app/translations || true) \
+    && chmod 755 /app/logs /app/app/static/tmp /app/app/static/media
 
 # Copy shared entrypoint utilities
 COPY entrypoint-common.sh /usr/local/bin/entrypoint-common.sh
 COPY entrypoint-init.sh /usr/local/bin/entrypoint-init.sh
-RUN chmod +x /usr/local/bin/entrypoint-common.sh /usr/local/bin/entrypoint-init.sh
-
-# Create directories for logs and runtime
-RUN mkdir -p /var/log/piefed /var/run/piefed \
-    && chown -R piefed:piefed /var/log/piefed /var/run/piefed 
+RUN chmod +x /usr/local/bin/entrypoint-common.sh /usr/local/bin/entrypoint-init.sh 

build/piefed/piefed-base/entrypoint-init.sh

@@ -4,73 +4,11 @@ set -e
 # Database initialization entrypoint for PieFed
 # This script runs as a Kubernetes Job before web/worker pods start
 
-log() {
-    echo "[$(date +'%Y-%m-%d %H:%M:%S')] $1"
-}
+# Source common functions (wait_for_db, wait_for_redis, log)
+. /usr/local/bin/entrypoint-common.sh
 
 log "Starting PieFed database initialization..."
 
-# Wait for database to be available
-wait_for_db() {
-    log "Waiting for database connection..."
-    until python -c "
-import psycopg2
-import os
-from urllib.parse import urlparse
-
-try:
-    # Parse DATABASE_URL
-    database_url = os.environ.get('DATABASE_URL', '')
-    if not database_url:
-        raise Exception('DATABASE_URL not set')
-    
-    # Parse the URL to extract connection details
-    parsed = urlparse(database_url)
-    conn = psycopg2.connect(
-        host=parsed.hostname,
-        port=parsed.port or 5432,
-        database=parsed.path[1:],  # Remove leading slash
-        user=parsed.username,
-        password=parsed.password
-    )
-    conn.close()
-    print('Database connection successful')
-except Exception as e:
-    print(f'Database connection failed: {e}')
-    exit(1)
-" 2>/dev/null; do
-        log "Database not ready, waiting 2 seconds..."
-        sleep 2
-    done
-    log "Database connection established"
-}
-
-# Wait for Redis to be available  
-wait_for_redis() {
-    log "Waiting for Redis connection..."
-    until python -c "
-import redis
-import os
-
-try:
-    cache_redis_url = os.environ.get('CACHE_REDIS_URL', '')
-    if cache_redis_url:
-        r = redis.from_url(cache_redis_url)
-    else:
-        # Fallback to separate host/port for backwards compatibility
-        r = redis.Redis(host='redis', port=6379, password=os.environ.get('REDIS_PASSWORD', ''))
-    r.ping()
-    print('Redis connection successful')
-except Exception as e:
-    print(f'Redis connection failed: {e}')
-    exit(1)
-" 2>/dev/null; do
-        log "Redis not ready, waiting 2 seconds..."
-        sleep 2
-    done
-    log "Redis connection established"
-}
-
 # Main initialization sequence
 main() {
     # Change to application directory

build/piefed/piefed-web/.dockerignore

@@ -0,0 +1,29 @@
+# Git
+.git
+.gitignore
+
+# Documentation
+*.md
+README*
+
+# Python cache
+__pycache__
+*.pyc
+*.pyo
+*.pyd
+.pytest_cache
+.coverage
+htmlcov/
+
+# Environment files
+.env*
+*.env
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# Build artifacts
+*.log

build/piefed/piefed-web/Dockerfile

@@ -1,6 +1,7 @@
 FROM piefed-base AS piefed-web
 
-# No additional Alpine packages needed - uWSGI installed via pip in base image
+# Install nginx (only needed for web container)
+RUN apk add --no-cache nginx
 
 # Web-specific Python configuration for Flask
 RUN echo 'import os' > /app/uwsgi_config.py && \
@@ -13,14 +14,10 @@ COPY supervisord-web.conf /etc/supervisor/conf.d/supervisord.conf
 COPY entrypoint-web.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 
-# Create nginx directories and set permissions
-RUN mkdir -p /var/log/nginx /var/log/supervisor /var/log/uwsgi \
-    && chown -R nginx:nginx /var/log/nginx \
-    && chown -R piefed:piefed /var/log/uwsgi \
-    && mkdir -p /var/cache/nginx \
-    && chown -R nginx:nginx /var/cache/nginx \
-    && chown -R piefed:piefed /app/logs \
-    && chmod -R 755 /app/logs
+# Create nginx and log directories with proper permissions in a single layer
+RUN mkdir -p /var/log/nginx /var/log/supervisor /var/log/uwsgi /var/cache/nginx \
+    && chown -R nginx:nginx /var/log/nginx /var/cache/nginx \
+    && chown -R piefed:piefed /var/log/uwsgi /app/logs
 
 # Health check optimized for web container
 HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \

build/piefed/piefed-worker/.dockerignore

@@ -0,0 +1,29 @@
+# Git
+.git
+.gitignore
+
+# Documentation
+*.md
+README*
+
+# Python cache
+__pycache__
+*.pyc
+*.pyo
+*.pyd
+.pytest_cache
+.coverage
+htmlcov/
+
+# Environment files
+.env*
+*.env
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+
+# Build artifacts
+*.log

build/piefed/piefed-worker/Dockerfile

@@ -1,8 +1,5 @@
 FROM piefed-base AS piefed-worker
 
-# Install additional packages needed for worker container
-RUN apk add --no-cache redis
-
 # Worker-specific Python configuration for background processing
 RUN echo "import sys" > /app/worker_config.py && \
     echo "sys.path.append('/app')" >> /app/worker_config.py