xrforge/manyfold/README.md

# Manyfold container

The XRForge-serverimage is a pre-configured Manyfold container (reproducably via [nix](https://nixos.org) dockertools).
It also contains some extra's, to better fit an XR audience.

> To run the container, see the [sysadmin](https://manyfold.app/sysadmin/) documentation of the [manyfold](https://github.com/manyfold3d/manyfold) project.

# Build the container-image

```bash
$ docker load < $(nix-build nix/docker.nix)
```

# Extra environment-variables

| environment variable  | default      | info                   |
|-----------------------|--------------|------------------------|
| `APPNAME`             | `manyfold`   | manyfold instance name |
| `THEME`               | `default`    | bootstrap theme        |
| `RUNTESTS`            | `0`          | set to `1` to run XRForge related [/test](test) scripts |
| `NO_OVERLAYFS`        | ``           | disable the filesystem overlay mechanism |
| `NO_DEFAULTDB`        | ``           | disable the default db (activates manyfold installer) |
| `NO_DELETEBIGFILES`   | ``           | disable deleting big files which are older than 5 days and bigger than ($currentyear-2020) MB's |
| `NO_PACKAGEALL`       | ``           | don't package all experiences every hour to /usr/src/app/public/experiences.zip |
| `RCLONE_REMOTE`       | ``           | specify **single** rclone remote name (without semicolon) to mount (default: mount all rclone remotes)|
| `UPLOAD_PATH`         | `/mnt/models`| specify default library where user-files are uploaded (regular dir or mounted rclone path) |
| `FEDERATE_DRIVE_PATH` | `/mnt/models`| serve path over HTTP (so other instances can add it as a remote). Specify `0` to disable |
| `FEDERATE_DRIVE_PORT` | `3215`       | specify default library where user-files are uploaded (regular dir or mounted rclone path) |
| `FEDERATE_DRIVE_USER` | ``           | specify HTTP AUTH credentials (`user` e.g.) for restricted sharing |          
| `FEDERATE_DRIVE_PW`   | ``           | specify HTTP AUTH credentials (`pass` e.g.) for restricted sharing |          
| `FEDERATE_DRIVE_CACHE`| `1m0s`       | specify interval to re-check all models/directories |
| `FEDERATE_DRIVE_KEY`  | ``           | specify path to TLS PEM private key file  (`-v ./key.pem:/key.pem -e FEDERATE_DRIVE_KEY=/key.pem` dockerflag e.g.) |
| `FEDERATE_DRIVE_CERT` | ``           | specify path to TLS PEM public key certificate/CA/intermediate file (`-v ./cert.pem:/cert.pem -e FEDERATE_DRIVE_KEY=/cert.pem` dockerflag e.g.) |

> NOTE: if you have nix installed, you can easily try out environment-flags by running: `docker load < $(nix-build nix/docker.nix) && manyfold/cli/manyfold run -e RUNTESTS=1` e.g.

# Default database / admin login

* email: `xrforge@localhost`
* login: `xrforge`
* password: `xrforge!1`

> please modify the password in the settings screen of the webinterface.

# Filesystem overlay-mechanism

The server-image will boot `manyfold/cli/manyfold.sh boot` and check for directory `/manyfold` (in the container).
When found, it uses the files in there instead (`/manyfold/usr/src/app/public/404.html` instead of `/usr/src/app/public/404.html` e.g.).

# Federated drives

Besides ActivitPub, XRForge allows federating manyfold libraries too, allowing manyfold libraries to scale horizontally across instances:

```
                                                                       
   ┌────────────────────────┐              ┌────────────────────────┐  
   │                        │              │                        │  
   │      server instance A │              │      server instance B │  
   │                        │              │                        │  
   │ ┌──────────────────┐   │   rclone     │ ┌─────────────────┐    │  
   │ │ library          │   │              │ │ library         │    │  
   │ │                  ┼───┼──────────────┼─┤                 │    │  
   │ │                  │   │ http-drive   │ │                 │    │  
   │ │                  │   │              │ │                 │    │  
   │ └──────────────────┘   │              │ └─────────────────┘    │  
   │                        │              │                        │  
   └────────────────────────┘              └────────────────────────┘  
                                                                       
        READ / WRITE                               READ-ONLY           

```

It does this by automatically mapping [rclone](https://rclone.org) network-drives as manyfold libraries.

![](https://i.imgur.com/4VMF3CQ.png)

To enable rclone to mount **readonly** network drives (=remotes), the container must be run with FUSE-device support.
The quickest way is:

1. create directory `./manyfold/root/.config` outside of the container
2. add `-v ./manyfold/root/.config:/root/.config --cap-add SYS_ADMIN --security-opt apparmor:unconfined --device /dev/fuse` to the docker cmd 
3. now federate XRForge libraries by running `docker exec -it xrforge rclone config create myhttp http url=https://xrforgeinstanceB.com user=myuser pass=$(rclone obscure mypassword)` in a running container
4. profit! 

**Default behaviour**: your drives will/should get automagically mounted **readonly** and added as a library automagically (by [manyfold.sh](cli/manyfold.sh) `rclone_automount`-cmd) during container boot.

* TIP2: use env-var `RCLONE_REMOTE` to mount only one specific remote (in case of a [combined](https://rclone.org/combine/) or [union](https://rclone.org/union/) rclone remote e.g.).
* TIP2: use **alphanumeric** names for rclone remotes (manyfold libraries choke on dot- or other special-characters)

By default environment-flag `FEDERATE_DRIVE_PATH` will share path `/mnt/models` as an open web directory.
Make sure that the URL (and credentials if configure) of step 3 are setup properly, so it matches your reverse proxy/ or SSL configuration (via `FEDERATE_DRIVE_CERT` and `FEDERATE_DRIVE_KEY` flags)

# Unixy event hooks 

Until WebEvents [will get implemented on a REST-level in manyfold](https://github.com/orgs/manyfold3d/projects/4/views/1?filterQuery=Pub&pane=issue&itemId=108834509&issue=manyfold3d%7Cmanyfold%7C4097) Things like boot-phase, scheduler and file-changes can be reacted up via the `/root/hook.d` directory:

```
$ ls /root/hook.d
boot
daily
hourly
inotify_CREATE
inotify_MODIFY
```

You can put scripts in there, which are fired when needed.

> Example: [manyfold/root/hook.d/daily/delete_big_files.sh] is triggered daily to cleanup files which exceed a certain age/size.

Currently inotify events (`inotify_MODIFY` e.g.) are triggered for local file-changes (`/mnt/models` e.g.).
In theory, federated drives can still be reacted upon, but by integrating with XRForge's ActivityPub (**Follow** feature e.g.)

> Perhaps in the future this will also work for rclone remotes, by writing a `hourly`-script which scans them and fires `inotify_MODIFY` accordingly.