====== Grist ======

[[https://github.com/gristlabs/grist-core|Grist]] Grist is a modern relational spreadsheet. It combines the flexibility of a spreadsheet with the robustness of a database.

==== Installation ====

Create the usual dedicated user. Also, all data needs to be located in a dedicated folder that will be **/data/grist**:
<code>
useradd -d /data/daemons/grist -m grist
mkdir /data/grist
chown grist:grist /data/grist
</code>

Now, as //grist// user, create the following docker compose file:
<file - docker-compose.yml>
services:
  grist:
    ports:
      - 8484:8484
    volumes:
      - /data/grist:/persist
    environment:
      - GRIST_SESSION_SECRET=here_write_a_secret_passcode
      - GRIST_DEFAULT_EMAIL=me@mydomain.com
      - GRIST_FORWARD_AUTH_HEADER=Remote-Email
      - GRIST_PROXY_AUTH_HEADER=Remote-Email
      - APP_HOME_URL=https://grist.mydomain.com
      - APP_DOC_URL=https://grist.mydomain.com
      - GRIST_IGNORE_SESSION=true    
    stdin_open: true
    tty: true
    image: gristlabs/grist-oss
    networks:
      - grist-net

networks:
  grist-net: {}
</file>

Remember to set an available port (8484)! I have not been able to make grist run as user //grist// inside the container, it will run as user 1001. This is not an issue, just a cosmetic annoyance.

Now pull it:
<code bash>
podman compose pull
</code>


==== Single Sign On ====

Grist will happily inherit your SSO authentication from the reverse proxy, the key point are the following settings in your docker compose:
<code>
      - GRIST_FORWARD_AUTH_HEADER=Remote-Email
      - GRIST_PROXY_AUTH_HEADER=Remote-Email
      - GRIST_IGNORE_SESSION=true    
</code>

If you need //multiple// users, each one with it's own Grist user you will need to remove the GRIST_IGNORE_SESSION setting.

==== Reverse Proxy ====

You can run Grist only on a sub-domain.

I assume it will be reachable as **https://grist.mydomain.com**.

Following [[https://docs.searxng.org/admin/installation-nginx.html#installation-nginx|this page]] create a NGINX config file called **/etc/nginx/com.mydomain/grist/grist.conf** like this:

<file - grist.conf>
server {
        server_name grist.mydomain.com;
        listen 443 ssl; 
        listen 8443 ssl; 

        access_log /var/log/nginx/grist.mydomain.com_access_log main;
        error_log /var/log/nginx/grist.mydomain.com_error_log info;

        include "com.mydomain/authelia_location.conf";

         location / {
                include "com.mydomain/authelia_proxy.conf";
                include "com.mydomain/authelia_authrequest.conf";

                proxy_pass http://127.0.0.1:8484;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
    }
}
</file>

This will enable Authelia SSO (see [[selfhost:sso|here]] for your Grist installation as well.


===== Autostart =====

To start it, and set it up on boot, as usual follow my indications [[gentoo:containers|Using Containers on Gentoo]], so link the **user-containers** init script:
<code>
ln -s /etc/init.d/user-containers /etc/init.d/user-containers.grist
</code>

and create the following config file:
<file - /etc/conf.d/user-containers.grist>
USER=grist
DESCRIPTION="Online spreadsheet"
</file>

Add the service to the default runlevel and start it now:
<code bash>
rc-update add user-containers.grist default
rc-service user-containers.grist start
</code>