1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/friendica_ynh.git synced 2024-09-03 18:36:14 +02:00

Merge pull request #130 from YunoHost-Apps/testing

Testing v2023.12~ynh3 aka "the daemon"
This commit is contained in:
OniriCorpe 2024-02-22 05:39:13 +01:00 committed by GitHub
commit c1fb9d2f98
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
17 changed files with 161 additions and 45 deletions

View file

@ -1,5 +1,5 @@
<!-- <!--
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/readme_generator
It shall NOT be edited by hand. It shall NOT be edited by hand.
--> -->
@ -20,7 +20,7 @@ Friendica is a decentralised communications platform that integrates social comm
Friendica connects you effortlessly to a federated communications network of several thousand servers, with more than half a million user registrations. You can directly connect to anyone on Friendica, Mastodon, Diaspora, GnuSocial, Pleroma, or Hubzilla, regardless where each user profile is hosted. Friendica connects you effortlessly to a federated communications network of several thousand servers, with more than half a million user registrations. You can directly connect to anyone on Friendica, Mastodon, Diaspora, GnuSocial, Pleroma, or Hubzilla, regardless where each user profile is hosted.
**Shipped version:** 2023.12~ynh2 **Shipped version:** 2023.12~ynh3
**Demo:** https://dir.friendica.social/servers **Demo:** https://dir.friendica.social/servers

View file

@ -1,5 +1,5 @@
<!-- <!--
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/readme_generator
It shall NOT be edited by hand. It shall NOT be edited by hand.
--> -->
@ -20,7 +20,7 @@ Friendica is a decentralised communications platform that integrates social comm
Friendica connects you effortlessly to a federated communications network of several thousand servers, with more than half a million user registrations. You can directly connect to anyone on Friendica, Mastodon, Diaspora, GnuSocial, Pleroma, or Hubzilla, regardless where each user profile is hosted. Friendica connects you effortlessly to a federated communications network of several thousand servers, with more than half a million user registrations. You can directly connect to anyone on Friendica, Mastodon, Diaspora, GnuSocial, Pleroma, or Hubzilla, regardless where each user profile is hosted.
**Version incluse :** 2023.12~ynh2 **Version incluse :** 2023.12~ynh3
**Démo :** https://dir.friendica.social/servers **Démo :** https://dir.friendica.social/servers

View file

@ -1,6 +1,7 @@
<?php <?php
// Addon configuration // Addon configuration
// Copy this configuration file to addon.config.php and edit it if you want to configure addons, see below example for the twitter addon // LDAP config for YunoHost
return [ return [
'ldapauth' => [ 'ldapauth' => [
'ldap_server' => 'localhost', 'ldap_server' => 'localhost',

View file

@ -1,2 +0,0 @@
# Run poller periodically to update Friendica
*/10 * * * * __APP__ /usr/bin/php__PHPVERSION__ -f __INSTALL_DIR__/bin/worker.php

View file

@ -1,20 +1,8 @@
<?php <?php
// Local configuration // Local configuration
// Docs: https://github.com/friendica/friendica/blob/stable/static/settings.config.php
/* If automatic system installation fails:
*
* Copy this file to local.config.php
*
* Why local.config.php? Because it contains sensitive information which could
* give somebody complete control of your database. Apache's default
* configuration will interpret any .php file as a script and won't show the values
*
* Then set the following for your MySQL installation
*
* If you're unsure about what any of the config keys below do, please check the static/defaults.config.php file for
* detailed documentation of their data type and behavior.
*/
return [ return [
'database' => [ 'database' => [
@ -37,11 +25,17 @@ return [
'sitename' => 'Friendica Social Network', 'sitename' => 'Friendica Social Network',
'register_policy' => \Friendica\Module\Register::OPEN, 'register_policy' => \Friendica\Module\Register::OPEN,
'max_import_size' => 200000, 'max_import_size' => 200000,
'register_text' => '',
], ],
'system' => [ 'system' => [
'url' => 'https://__DOMAIN__', 'url' => 'https://__DOMAIN__',
'basepath' => '__INSTALL_DIR__', 'basepath' => '__INSTALL_DIR__',
'default_timezone' => '__TIMEZONE__', 'default_timezone' => '__TIMEZONE__',
'language' => '__LANGUAGE__', 'language' => '__LANGUAGE__',
'pidfile' => '__INSTALL_DIR__/daemon.pid',
// Blocks search for users who are not logged in to prevent crawlers from blocking your system.
'local_search' => false,
'logfile' => '/var/log/friendica/friendica.log',
'loglevel' => 'notice',
], ],
]; ];

59
conf/systemd.service Normal file
View file

@ -0,0 +1,59 @@
[Unit]
Description=Friendica daemon
After=network.target mariadb.service
Requires=network.target remote-fs.target nss-lookup.target
[Service]
User=__APP__
Group=__APP__
WorkingDirectory=__INSTALL_DIR__/
Type=simple
StandardOutput=append:/var/log/__APP__/daemon.log
StandardError=inherit
ExecStart=/usr/bin/php__PHPVERSION__ __INSTALL_DIR__/bin/daemon.php start
ExecStop=/usr/bin/php__PHPVERSION__ __INSTALL_DIR__/bin/daemon.php stop
PIDFile=__INSTALL_DIR__/daemon.pid
PrivateTmp=true
InaccessibleDirectories=/home /root /boot /opt /mnt /media
ReadOnlyDirectories=/etc /usr
Restart=always
RestartSec=10
StartLimitBurst=1
StartLimitIntervalSec=10
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectClock=yes
ProtectHostname=yes
ProtectProc=invisible
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

1
doc/POST_INSTALL.md Normal file
View file

@ -0,0 +1 @@
You can now login to <https://__DOMAIN__> using `__EMAIL__` and your usual YunoHost password.

1
doc/POST_INSTALL_fr.md Normal file
View file

@ -0,0 +1 @@
Vous pouvez désormais vous connecter à <https://__DOMAIN__> en utilisant `__EMAIL__` et votre mot de passe YunoHost habituel.

View file

@ -0,0 +1 @@
This update will make your Friendica instance use a daemon to handle background tasks, instead of a cron.

View file

@ -1,3 +1,5 @@
#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/manifest.v2.schema.json
packaging_format = 2 packaging_format = 2
id = "friendica" id = "friendica"
@ -5,7 +7,7 @@ name = "Friendica"
description.en = "Decentralized Social Network" description.en = "Decentralized Social Network"
description.fr = "Réseau social décentralisé" description.fr = "Réseau social décentralisé"
version = "2023.12~ynh2" version = "2023.12~ynh3"
maintainers = [ "" ] maintainers = [ "" ]
@ -31,10 +33,6 @@ ram.runtime = "50M"
[install.domain] [install.domain]
type = "domain" type = "domain"
[install.init_main_permission]
type = "group"
default = "visitors"
[install.admin] [install.admin]
type = "user" type = "user"
@ -65,6 +63,9 @@ ram.runtime = "50M"
[resources.permissions] [resources.permissions]
main.url = "/" main.url = "/"
main.show_tile = true
main.allowed = [ "visitors", "all_users" ]
main.protected = true
[resources.apt] [resources.apt]
packages = "mariadb-server, php8.2-curl, php8.2-mbstring, php8.2-imagick, php8.2-xml, php8.2-zip, php8.2-mysql, php8.2-gd, php8.2-gmp, php8.2-intl" packages = "mariadb-server, php8.2-curl, php8.2-mbstring, php8.2-imagick, php8.2-xml, php8.2-zip, php8.2-mysql, php8.2-gd, php8.2-gmp, php8.2-intl"

View file

@ -54,7 +54,8 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
# BACKUP VARIOUS FILES # BACKUP VARIOUS FILES
#================================================= #=================================================
ynh_backup --src_path="/etc/cron.d/$app" ynh_backup --src_path="/var/log/$app"
ynh_backup --src_path="/etc/systemd/system/$app-daemon.service"
#================================================= #=================================================
# BACKUP THE MYSQL DATABASE # BACKUP THE MYSQL DATABASE

View file

@ -16,6 +16,15 @@ ynh_script_progression --message="Updating NGINX web server configuration..." --
ynh_change_url_nginx_config ynh_change_url_nginx_config
#=================================================
# MODIFY URL IN FRIENDICA CONF
#=================================================
ynh_print_info --message="Updating the Friendica config..."
ynh_replace_string --match_string="'url' => 'https://.*'," --replace_string="'url' => 'https://$domain'," --target_file="$install_dir/config/local.config.php"
ynh_store_file_checksum --file="$install_dir/config/local.config.php"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

View file

@ -48,12 +48,12 @@ ynh_script_progression --message="Adding system configurations related to $app..
# Create a dedicated PHP-FPM configy # Create a dedicated PHP-FPM configy
ynh_add_fpm_config ynh_add_fpm_config
ynh_add_systemd_config --service="$app-daemon"
# Create a dedicated nginx config # Create a dedicated nginx config
ynh_add_nginx_config ynh_add_nginx_config
ynh_add_config --template="cron" --destination="/etc/cron.d/$app" yunohost service add "$app-daemon" --description="Friendica daemon" --log="/var/log/$app/daemon.log"
chown root: "/etc/cron.d/$app"
chmod 644 "/etc/cron.d/$app"
# Use logrotate to manage application logfile(s) # Use logrotate to manage application logfile(s)
ynh_use_logrotate ynh_use_logrotate
@ -79,15 +79,19 @@ pushd "$install_dir"
ynh_exec_as "$app" "php$phpversion" bin/composer.phar install --no-dev --quiet ynh_exec_as "$app" "php$phpversion" bin/composer.phar install --no-dev --quiet
# Install application # Install application
ynh_exec_as "$app" "php$phpversion" bin/console.php autoinstall\ ynh_exec_as "$app" "php$phpversion" bin/console.php -f "$install_dir/config/local.config.php"
--dbhost "localhost" --dbdata "$db_name" --dbuser "$db_user" --dbpass "$db_pwd"\
--admin "$email" --tz "$timezone" --lang "$language" --url "https://$domain"
# Enable LDAP Auth addon # Enable LDAP Auth addon
ynh_exec_as "$app" "php$phpversion" bin/console.php addon enable ldapauth ynh_exec_as "$app" "php$phpversion" bin/console.php addon enable ldapauth
popd popd
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name="$app-daemon" --action="start" --log_path="/var/log/$app/daemon.log"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

View file

@ -11,6 +11,17 @@ source /usr/share/yunohost/helpers
#================================================= #=================================================
# REMOVE SYSTEM CONFIGURATIONS # REMOVE SYSTEM CONFIGURATIONS
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
#=================================================
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status "$app" >/dev/null
then
ynh_script_progression --message="Removing $app service integration..." --weight=1
yunohost service remove "$app-daemon"
fi
#================================================= #=================================================
# REMOVE SYSTEMD SERVICE # REMOVE SYSTEMD SERVICE
#================================================= #=================================================
@ -27,7 +38,7 @@ ynh_remove_logrotate
ynh_remove_fail2ban_config ynh_remove_fail2ban_config
ynh_secure_remove --file="/etc/cron.d/$app" ynh_remove_systemd_config --service="$app-daemon"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

View file

@ -17,6 +17,9 @@ ynh_script_progression --message="Restoring the app main directory..." --weight=
ynh_restore_file --origin_path="$install_dir" ynh_restore_file --origin_path="$install_dir"
if [ -f "$install_dir/daemon.pid" ]; then ynh_secure_remove --file="$install_dir/daemon.pid"; fi
chmod -R o-rwx "$install_dir"
chown -R "$app:www-data" "$install_dir" chown -R "$app:www-data" "$install_dir"
chmod -R 775 "$install_dir/view/smarty3" chmod -R 775 "$install_dir/view/smarty3"
@ -38,14 +41,19 @@ ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore_file --origin_path="/etc/systemd/system/$app-daemon.service"
systemctl enable "$app-daemon.service" --quiet
yunohost service add "$app-daemon" --description="Friendica daemon" --log="/var/log/$app/daemon.log"
ynh_restore_file --origin_path="/var/log/$app"
ynh_restore_file --origin_path="/etc/logrotate.d/$app" ynh_restore_file --origin_path="/etc/logrotate.d/$app"
ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
ynh_systemd_action --action=restart --service_name=fail2ban ynh_systemd_action --action=restart --service_name=fail2ban
ynh_restore_file --origin_path="/etc/cron.d/$app"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
@ -57,6 +65,8 @@ ynh_systemd_action --service_name="php$phpversion-fpm" --action=reload
ynh_systemd_action --service_name=nginx --action=reload ynh_systemd_action --service_name=nginx --action=reload
ynh_systemd_action --service_name="$app-daemon" --action="start" --log_path="/var/log/$app/daemon.log"
#============== #==============
# FINALIZATION # FINALIZATION
#============== #==============

View file

@ -20,7 +20,7 @@ upgrade_type=$(ynh_check_app_version_changed)
#================================================= #=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1 ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name="$app-daemon" --action="stop" --log_path="/var/log/$app/daemon.log"
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
@ -51,9 +51,14 @@ ynh_add_fpm_config
ynh_use_logrotate --non-append ynh_use_logrotate --non-append
ynh_add_config --template="cron" --destination="/etc/cron.d/$app" if [ -f "/etc/cron.d/$app" ]; then
chown root: "/etc/cron.d/$app" ynh_print_info --message="Removing the legacy cron..."
chmod 644 "/etc/cron.d/$app" ynh_secure_remove --file="/etc/cron.d/$app"
fi
ynh_add_systemd_config --service="$app-daemon"
yunohost service add "$app-daemon" --description="Friendica daemon" --log="/var/log/$app/daemon.log"
# Create a dedicated Fail2Ban config # Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="^.*authenticate\: failed login attempt.*\"ip\"\:\"<HOST>\".*$" ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="^.*authenticate\: failed login attempt.*\"ip\"\:\"<HOST>\".*$"
@ -65,7 +70,16 @@ ynh_script_progression --message="Updating a configuration file..." --weight=1
# fix the url if necessary (there should be no trailing slash) # fix the url if necessary (there should be no trailing slash)
if [ -f "$install_dir/config/local.config.php" ] && ! grep -q -e "'url' => 'https://$domain'," "$install_dir/config/local.config.php"; then if [ -f "$install_dir/config/local.config.php" ] && ! grep -q -e "'url' => 'https://$domain'," "$install_dir/config/local.config.php"; then
ynh_print_info --message="Patching the Friendica config file: fix the domain setting..."
ynh_replace_string --match_string="'url' => 'https://.*'," --replace_string="'url' => 'https://$domain'," --target_file="$install_dir/config/local.config.php" ynh_replace_string --match_string="'url' => 'https://.*'," --replace_string="'url' => 'https://$domain'," --target_file="$install_dir/config/local.config.php"
ynh_store_file_checksum --file="$install_dir/config/local.config.php"
fi
# add the path to the pidfile if missing
if [ -f "$install_dir/config/local.config.php" ] && ! grep -q -e "pidfile" "$install_dir/config/local.config.php"; then
ynh_print_info --message="Patching the Friendica config file: add the PID file path for the daemon..."
ynh_replace_string --match_string="'basepath' => '$install_dir'," --replace_string="'basepath' => '$install_dir',\n 'pidfile' => '$install_dir/daemon.pid'," --target_file="$install_dir/config/local.config.php"
ynh_store_file_checksum --file="$install_dir/config/local.config.php"
fi fi
#================================================= #=================================================
@ -78,6 +92,13 @@ pushd "$install_dir"
ynh_exec_as "$app" "php$phpversion" bin/console.php dbstructure update ynh_exec_as "$app" "php$phpversion" bin/console.php dbstructure update
popd popd
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name="$app-daemon" --action="start" --log_path="/var/log/$app/daemon.log"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

View file

@ -1,9 +1,13 @@
#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/tests.v1.schema.json
test_format = 1.0 test_format = 1.0
[default] [default]
# ------------------------------- exclude = [ "install.private" ]
# Commits to test upgrade from
# -------------------------------
test_upgrade_from.dc7cd3eabe212708375c0dcd4ee994a1373a8122.name = "Upgrade from 2023.01~ynh1" # -------------------------------
# Commits to test upgrade from
# -------------------------------
test_upgrade_from.dc7cd3eabe212708375c0dcd4ee994a1373a8122.name = "Upgrade from 2023.01~ynh1"