From 4648140a978d019705ea7c350e160c357c1c9b98 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 31 Mar 2021 02:39:02 +0200 Subject: [PATCH] Apply example_ynh Fix #15 --- README.md | 10 +- README_fr.md | 14 +- check_process | 4 + conf/api.src | 7 + conf/app.src | 6 - conf/env.prod | 56 ++++- conf/{app-frontend.src => front.src} | 5 +- conf/funkwhale-beat.service | 12 +- conf/funkwhale-server.service | 14 +- conf/funkwhale-worker.service | 12 +- conf/nginx.conf | 106 ++++++++-- issue_template.md | 55 +++++ manifest.json | 7 +- pull_request_template.md | 16 ++ scripts/_common.sh | 7 +- scripts/backup | 31 +-- scripts/install | 133 ++++++------ scripts/remove | 65 +++--- scripts/restore | 69 +++---- scripts/upgrade | 192 ++++++++---------- .../extra_files/app/api/requirements/base.txt | 77 ------- 21 files changed, 489 insertions(+), 409 deletions(-) create mode 100644 conf/api.src delete mode 100644 conf/app.src rename conf/{app-frontend.src => front.src} (75%) create mode 100644 issue_template.md create mode 100644 pull_request_template.md delete mode 100644 sources/extra_files/app/api/requirements/base.txt diff --git a/README.md b/README.md index 410335c..4dd5013 100644 --- a/README.md +++ b/README.md @@ -6,7 +6,7 @@ *[Lire ce readme en français.](./README_fr.md)* > *This package allows you to install Funkwhale quickly and simply on a YunoHost server. -If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* +If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* ## Overview A modern, convivial and free music server on YunoHost @@ -17,7 +17,7 @@ Installation requires a dedicated domain or subdomain. Installing in a subpath i ## Screenshots -![](https://funkwhale.audio/img/desktop.5e79eb16.jpg) +![](https://upload.wikimedia.org/wikipedia/commons/d/d8/Capture_d%27%C3%A9cran_de_la_page_d%27accueil_de_Funkwhale.png) ## Demo @@ -60,16 +60,16 @@ The admin interface is accessible at the address: `your.domain.fr/api/admin` ## Links - * Report a bug about this package: https://github.com/YunoHost-Apps/funkwhale_ynh + * Report a bug: https://github.com/YunoHost-Apps/funkwhale_ynh/issues * App website: https://docs.funkwhale.audio * Upstream app repository: https://dev.funkwhale.audio/funkwhale/funkwhale * YunoHost website: https://yunohost.org/ --- -## Developers info +## Developer info -Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/funkwhale_ynh/tree/testing). +Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/funkwhale_ynh/tree/testing). To try the testing branch, please proceed like that. ``` diff --git a/README_fr.md b/README_fr.md index 0c14ba1..0cd2f70 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,7 +1,7 @@ # Funkwhale pour YunoHost -[![Integration level](https://dash.yunohost.org/integration/funkwhale.svg)](https://dash.yunohost.org/appci/app/funkwhale) ![](https://ci-apps.yunohost.org/ci/badges/funkwhale.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/funkwhale.maintain.svg) -[![Install Funkwhale with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=funkwhale) +[![Niveau d'intégration](https://dash.yunohost.org/integration/funkwhale.svg)](https://dash.yunohost.org/appci/app/funkwhale) ![](https://ci-apps.yunohost.org/ci/badges/funkwhale.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/funkwhale.maintain.svg) +[![Installer Funkwhale avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=funkwhale) *[Read this readme in english.](./README.md)* @@ -17,13 +17,13 @@ L'installation nécessite un domaine ou un sous-domaine dédié. L'installation ## Captures d'écran -![](https://funkwhale.audio/img/desktop.5e79eb16.jpg) +![](https://upload.wikimedia.org/wikipedia/commons/d/d8/Capture_d%27%C3%A9cran_de_la_page_d%27accueil_de_Funkwhale.png) ## Démo * [Démo officielle](https://demo.funkwhale.audio) -**Nom d’utilisateur :** demo **Mot de passe :** demo +**Nom d’utilisateur :** demo **Mot de passe :** demo ## Admin @@ -62,8 +62,8 @@ L'interface d'administration est accessible à l'adresse : votre.domaine.fr/api/ ## Liens - * Signaler un bug : https://github.com/YunoHost-Apps/funkwhale_ynh - * Site de l’application : https://docs.funkwhale.audio + * Signaler un bug : https://github.com/YunoHost-Apps/funkwhale_ynh/issues + * Site de l'application : https://docs.funkwhale.audio * Dépôt de l'application principale : https://dev.funkwhale.audio/funkwhale/funkwhale * Site web YunoHost : https://yunohost.org/ @@ -76,6 +76,6 @@ Merci de faire vos pull request sur la [branche testing](https://github.com/Yuno Pour essayer la branche testing, procédez comme suit. ``` sudo yunohost app install https://github.com/YunoHost-Apps/funkwhale_ynh/tree/testing --debug -or +ou sudo yunohost app upgrade funkwhale -u https://github.com/YunoHost-Apps/funkwhale_ynh/tree/testing --debug ``` diff --git a/check_process b/check_process index b0e4657..464801b 100644 --- a/check_process +++ b/check_process @@ -17,6 +17,8 @@ setup_public=1 upgrade=1 upgrade=1 from_commit=4d4bf0981e2d3a00eaae6b19bd54344fe55d6530 + # 1.1~ynh1 + upgrade=1 from_commit=8172790fb461d16f09089593fdac380f0d499c83 backup_restore=1 multi_instance=1 incorrect_path=0 @@ -29,3 +31,5 @@ Notification=all ; commit=4d4bf0981e2d3a00eaae6b19bd54344fe55d6530 name=Upgrade to 0.19.1 and fix channels-redis bug manifest_arg=domain=DOMAIN&path=/&admin=USER&is_public=1 + ; commit=8172790fb461d16f09089593fdac380f0d499c83 + name=1.1~ynh1 diff --git a/conf/api.src b/conf/api.src new file mode 100644 index 0000000..9c8d20e --- /dev/null +++ b/conf/api.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.1/download?job=build_api +SOURCE_SUM=ab51c0bfafc07ef0de9e53b699d4b2e211aa69ddfce62e3534c3c89a83789073 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=zip +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME=api-1.1.zip +SOURCE_EXTRACT=true diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index 67a52e9..0000000 --- a/conf/app.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/-/archive/1.1/funkwhale-1.1.tar.gz -SOURCE_SUM=924a31ba385c9c52204d78aa89a00b5f53240bf91a13b2c08945fde8f770d345 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.bz2 -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= diff --git a/conf/env.prod b/conf/env.prod index 4a62772..f579f0f 100644 --- a/conf/env.prod +++ b/conf/env.prod @@ -38,7 +38,8 @@ FUNKWHALE_API_PORT=__PORT__ # more concurrent requests, but also leads to higher CPU/Memory usage FUNKWHALE_WEB_WORKERS=1 # Replace this by the definitive, public domain you will use for -# your instance +# your instance. It cannot be changed after initial deployment +# without breaking your instance. FUNKWHALE_HOSTNAME=__DOMAIN__ FUNKWHALE_PROTOCOL=https @@ -52,6 +53,10 @@ FUNKWHALE_PROTOCOL=https # EMAIL_CONFIG=smtp+ssl://user@:password@youremail.host:465 # EMAIL_CONFIG=smtp+tls://user@:password@youremail.host:587 +# Make email verification mandatory before using the service +# Doesn't apply to admins. +# ACCOUNT_EMAIL_VERIFICATION_ENFORCE=false + # The email address to use to send system emails. # DEFAULT_FROM_EMAIL=noreply@yourdomain @@ -67,7 +72,7 @@ REVERSE_PROXY_TYPE=nginx # DATABASE_URL=postgresql://:@:/ # DATABASE_URL=postgresql://funkwhale:passw0rd@localhost:5432/funkwhale_database # Use the next one if you followed Debian installation guide -DATABASE_URL=postgresql://__DBUSER__:__DBPWD__@:5432/__DBNAME__ +DATABASE_URL=postgresql://__DB_USER__:__DB_PWD__@:5432/__DB_NAME__ # Cache configuration # Examples: @@ -86,16 +91,22 @@ CACHE_URL=redis://127.0.0.1:6379/__REDIS_DB__ # For the Celery/asynchronous tasks part: # CELERY_BROKER_URL=redis+socket:///run/redis/redis.sock?virtual_host=0 +# Number of worker processes to execute. Defaults to 0, in which case it uses your number of CPUs +# Celery workers handle background tasks (such file imports or federation +# messaging). The more processes a worker gets, the more tasks +# can be processed in parallel. However, more processes also means +# a bigger memory footprint. +# CELERYD_CONCURRENCY=0 # Where media files (such as album covers or audio tracks) should be stored # on your system? # (Ensure this directory actually exists) -MEDIA_ROOT=__FINALPATH__/media +MEDIA_ROOT=__DATADIR__/media # Where static files (such as API css or icons) should be compiled # on your system? # (Ensure this directory actually exists) -STATIC_ROOT=__FINALPATH__/code/data/static +STATIC_ROOT=__DATADIR__/static # which settings module should django use? # You don't have to touch this unless you really know what you're doing @@ -125,8 +136,8 @@ RAVEN_DSN=https://44332e9fdd3d42879c7d35bf8562c6a4:0062dc16a22b41679cd5765e5342f # MUSIC_DIRECTORY_PATH=/srv/funkwhale/data/music # # MUSIC_DIRECTORY_SERVE_PATH= # stays commented, not needed -MUSIC_DIRECTORY_PATH=__FINALPATH__/import -MUSIC_DIRECTORY_SERVE_PATH=__FINALPATH__/import +MUSIC_DIRECTORY_PATH=__DATADIR__/music +MUSIC_DIRECTORY_SERVE_PATH=__DATADIR__/music # LDAP settings # Use the following options to allow authentication on your Funkwhale instance @@ -144,8 +155,37 @@ LDAP_START_TLS=False LDAP_ROOT_DN=ou=users,dc=yunohost,dc=org LDAP_USER_ATTR_MAP={"username":"uid"} -FUNKWHALE_FRONTEND_PATH=__FINALPATH__/code/front/dist -FUNKWHALE_SPA_HTML_ROOT=__FINALPATH__/code/front/dist/index.html +FUNKWHALE_FRONTEND_PATH=__FINALPATH__/front/dist # Nginx related configuration NGINX_MAX_BODY_SIZE=100M + +## External storages configuration +# Funkwhale can store uploaded files on Amazon S3 and S3-compatible storages (such as Minio) +# Uncomment and fill the variables below + +# AWS_ACCESS_KEY_ID= +# AWS_SECRET_ACCESS_KEY= +# AWS_STORAGE_BUCKET_NAME= +# An optional bucket subdirectory were you want to store the files. This is especially useful +# if you plan to use share the bucket with other services +# AWS_LOCATION= + +# If you use a S3-compatible storage such as minio, set the following variable +# the full URL to the storage server. Example: +# AWS_S3_ENDPOINT_URL=https://minio.mydomain.com +# AWS_S3_ENDPOINT_URL= + +# If you want to serve media directly from your S3 bucket rather than through a proxy, +# set this to true +# PROXY_MEDIA=false + +# If you are using Amazon S3 to serve media directly, you will need to specify your region +# name in order to access files. Example: +# AWS_S3_REGION_NAME=eu-west-2 +# AWS_S3_REGION_NAME= + +# If you are using Amazon S3, use this setting to configure how long generated URLs should stay +# valid. The default value is 3600 (60 minutes). The maximum accepted value is 604800 (7 days) + +# AWS_QUERYSTRING_EXPIRE= diff --git a/conf/app-frontend.src b/conf/front.src similarity index 75% rename from conf/app-frontend.src rename to conf/front.src index 52d9f61..750043f 100644 --- a/conf/app-frontend.src +++ b/conf/front.src @@ -2,5 +2,6 @@ SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/1.1/ SOURCE_SUM=cf985340ba0fe477fa5f9b8940102e016c0c75a9941dd8acabb8dc5f77cda000 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip -SOURCE_IN_SUBDIR=false -SOURCE_FILENAME= +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME=front-1.1.zip +SOURCE_EXTRACT=true diff --git a/conf/funkwhale-beat.service b/conf/funkwhale-beat.service index 55fae20..77234aa 100644 --- a/conf/funkwhale-beat.service +++ b/conf/funkwhale-beat.service @@ -6,11 +6,9 @@ PartOf=__APP__.target [Service] User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/code/api -EnvironmentFile=__FINALPATH__/code/config/.env - -ExecStart=__FINALPATH__/code/virtualenv/bin/celery -A funkwhale_api.taskapp beat \ - --loglevel INFO --logfile=/var/log/__APP__/beat.log +WorkingDirectory=__FINALPATH__/api +EnvironmentFile=__FINALPATH__/config/.env +ExecStart=__FINALPATH__/virtualenv/bin/celery -A funkwhale_api.taskapp beat --loglevel INFO --logfile=/var/log/__APP__/beat.log #NoNewPrivileges=true #PrivateDevices=true @@ -19,8 +17,8 @@ ExecStart=__FINALPATH__/code/virtualenv/bin/celery -A funkwhale_api.taskapp beat #ProtectSystem=strict #ProtectControlGroups=yes #ProtectKernelModules=yes -#ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/ -#ReadWritePaths=__FINALPATH__/media __FINALPATH__/import __FINALPATH__/code/api /var/log/__APP__ +#ReadOnlyPaths=__FINALPATH__/config/.env __FINALPATH__/ +#ReadWritePaths=__DATADIR__/media __DATADIR__/music __FINALPATH__/api /var/log/__APP__ StandardOutput=syslog StandardError=syslog diff --git a/conf/funkwhale-server.service b/conf/funkwhale-server.service index 88c482d..4e9a110 100644 --- a/conf/funkwhale-server.service +++ b/conf/funkwhale-server.service @@ -6,13 +6,9 @@ PartOf=__APP__.target [Service] User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/code/api -EnvironmentFile=__FINALPATH__/code/config/.env - -ExecStart=__FINALPATH__/code/virtualenv/bin/gunicorn config.asgi:application \ - -w ${FUNKWHALE_WEB_WORKERS} \ - -k uvicorn.workers.UvicornWorker \ - -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT} +WorkingDirectory=__FINALPATH__/api +EnvironmentFile=__FINALPATH__/config/.env +ExecStart=__FINALPATH__/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT} #NoNewPrivileges=true #PrivateDevices=true @@ -21,8 +17,8 @@ ExecStart=__FINALPATH__/code/virtualenv/bin/gunicorn config.asgi:application \ #ProtectSystem=strict #ProtectControlGroups=yes #ProtectKernelModules=yes -#ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/ -#ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__ +#ReadOnlyPaths=__FINALPATH__/config/.env __FINALPATH__/ +#ReadWritePaths=__DATADIR__/media __DATADIR__/music /var/log/__APP__ StandardOutput=syslog StandardError=syslog diff --git a/conf/funkwhale-worker.service b/conf/funkwhale-worker.service index c0cefea..6b685cc 100644 --- a/conf/funkwhale-worker.service +++ b/conf/funkwhale-worker.service @@ -6,11 +6,9 @@ PartOf=__APP__.target [Service] User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/code/api -EnvironmentFile=__FINALPATH__/code/config/.env - -ExecStart=__FINALPATH__/code/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO \ - --loglevel INFO --logfile=/var/log/__APP__/worker.log +WorkingDirectory=__FINALPATH__/api +EnvironmentFile=__FINALPATH__/config/.env +ExecStart=__FINALPATH__/virtualenv/bin/celery -A funkwhale_api.taskapp worker --concurrency=${CELERYD_CONCURRENCY-0} --loglevel INFO --logfile=/var/log/__APP__/worker.log #NoNewPrivileges=true #PrivateDevices=true @@ -19,8 +17,8 @@ ExecStart=__FINALPATH__/code/virtualenv/bin/celery -A funkwhale_api.taskapp work #ProtectSystem=strict #ProtectControlGroups=yes #ProtectKernelModules=yes -#ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/ -#ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__ +#ReadOnlyPaths=__FINALPATH__/config/.env __FINALPATH__/ +#ReadWritePaths=__DATADIR__/media __DATADIR__/music /var/log/__APP__ StandardOutput=syslog StandardError=syslog diff --git a/conf/nginx.conf b/conf/nginx.conf index 62e96a0..e7fc380 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,51 +1,108 @@ location / { - include __FINALPATH__/code/deploy/funkwhale_proxy.conf; + + # Force usage of https + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + + # global proxy conf + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host:$server_port; + proxy_set_header X-Forwarded-Port $server_port; + proxy_redirect off; + + # websocket support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + # this is needed if you have file import via upload enabled client_max_body_size 100M; proxy_pass http://127.0.0.1:__PORT__/; + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; } location /front/ { - alias __FINALPATH__/code/front/dist/; + more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"; + more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; + more_set_headers "Service-Worker-Allowed: /"; + more_set_headers "X-Frame-Options: SAMEORIGIN"; + alias __FINALPATH__/front/dist/; expires 30d; more_set_headers "Pragma: public"; more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate"; - more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"; - more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; - more_set_headers "X-Frame-Options: SAMEORIGIN"; - more_set_headers "Service-Worker-Allowed: /"; - } location /front/embed.html { more_set_headers "Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"; more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; + more_set_headers "X-Frame-Options: ALLOW"; + alias __FINALPATH__/front/dist/embed.html; + expires 30d; more_set_headers "Pragma: public"; more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate"; - alias __FINALPATH__/code/front/dist/embed.html; - expires 30d; } location /federation/ { - include __FINALPATH__/code/deploy/funkwhale_proxy.conf; + # global proxy conf + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host:$server_port; + proxy_set_header X-Forwarded-Port $server_port; + proxy_redirect off; + + # websocket support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; proxy_pass http://127.0.0.1:__PORT__/federation/; } - +# You can comment this if you do not plan to use the Subsonic API location /rest/ { - include __FINALPATH__/code/deploy/funkwhale_proxy.conf; + # global proxy conf + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host:$server_port; + proxy_set_header X-Forwarded-Port $server_port; + proxy_redirect off; + + # websocket support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/; } - location /.well-known/ { - include __FINALPATH__/code/deploy/funkwhale_proxy.conf; + # global proxy conf + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Host $host:$server_port; + proxy_set_header X-Forwarded-Port $server_port; + proxy_redirect off; + + # websocket support + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; proxy_pass http://127.0.0.1:__PORT__/.well-known/; } location /media/ { - alias __FINALPATH__/media/; + alias __DATADIR__/media/; } location /_protected/media/ { @@ -53,15 +110,28 @@ location /_protected/media/ { # audio files once correct permission / authentication # has been checked on API side internal; - alias __FINALPATH__/media/; + alias __DATADIR__/media/; } +# Comment the previous location and uncomment this one if you're storing +# media files in a S3 bucket +# location ~ /_protected/media/(.+) { +# internal; +# # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932 +# proxy_set_header Authorization ""; +# proxy_pass $1; +# } + location /_protected/music/ { + # this is an internal location that is used to serve + # audio files once correct permission / authentication + # has been checked on API side + # Set this to the same value as your MUSIC_DIRECTORY_PATH setting internal; - alias __FINALPATH__/import/; + alias __DATADIR__/music/; } location /staticfiles/ { # django static files - alias __FINALPATH__/code/data/static/; + alias __DATADIR__/static/; } diff --git a/issue_template.md b/issue_template.md new file mode 100644 index 0000000..faf5143 --- /dev/null +++ b/issue_template.md @@ -0,0 +1,55 @@ +--- +name: Bug report +about: When creating a bug report, please use the following template to provide all the relevant information and help debugging efficiently. + +--- + +**How to post a meaningful bug report** +1. *Read this whole template first.* +2. *Determine if you are on the right place:* + - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!* + - *Otherwise, the issue may be due to Funkwhale itself. Refer to its documentation or repository for help.* + - *When in doubt, post here and we will figure it out together.* +3. *Delete the italic comments as you write over them below, and remove this guide.* +--- + +### Describe the bug + +*A clear and concise description of what the bug is.* + +### Context + +- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...* +- YunoHost version: x.x.x +- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...* +- Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes* + - If yes, please explain: +- Using, or trying to install package version/branch: +- If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`* + +### Steps to reproduce + +- *If you performed a command from the CLI, the command itself is enough. For example:* + ```sh + sudo yunohost app install funkwhale + ``` +- *If you used the webadmin, please perform the equivalent command from the CLI first.* +- *If the error occurs in your browser, explain what you did:* + 1. *Go to '...'* + 2. *Click on '...'* + 3. *Scroll down to '...'* + 4. *See error* + +### Expected behavior + +*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.* + +### Logs + +*When an operation fails, YunoHost provides a simple way to share the logs.* +- *In the webadmin, the error message contains a link to the relevant log page. On that page, you will be able to 'Share with Yunopaste'. If you missed it, the logs of previous operations are also available under Tools > Logs.* +- *In command line, the command to share the logs is displayed at the end of the operation and looks like `yunohost log display [log name] --share`. If you missed it, you can find the log ID of a previous operation using `yunohost log list`.* + +*After sharing the log, please copypaste directly the link provided by YunoHost (to help readability, no need to copypaste the entire content of the log here, just the link is enough...)* + +*If applicable and useful, add screenshots to help explain your problem.* diff --git a/manifest.json b/manifest.json index d5f1259..040598a 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Modern, convivial and free music server", "fr": "Serveur de musique moderne, convivial et gratuit" }, - "version": "1.1~ynh1", + "version": "1.1~ynh2", "url": "https://funkwhale.audio", "license": "AGPL-3.0-or-later", "maintainer": { @@ -18,14 +18,15 @@ "email": "jean-baptiste@holcroft.fr" }], "requirements": { - "yunohost": ">= 4.0.0" + "yunohost": ">= 4.1.3" }, "multi_instance": true, "services": [ "nginx" ], "arguments": { - "install": [{ + "install" : [ + { "name": "domain", "type": "domain", "ask": { diff --git a/pull_request_template.md b/pull_request_template.md new file mode 100644 index 0000000..6c28fc5 --- /dev/null +++ b/pull_request_template.md @@ -0,0 +1,16 @@ +## Problem +- *Description of why you made this PR* + +## Solution +- *And how do you fix that problem* + +## PR Status +- [ ] Code finished. +- [ ] Tested with Package_check. +- [ ] Fix or enhancement tested. +- [ ] Upgrade from last version tested. +- [ ] Can be reviewed and tested. + +## Package_check results +--- +* An automatic package_check will be launch at https://ci-apps-dev.yunohost.org/, when you add a specific comment to your Pull Request: "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!"* diff --git a/scripts/_common.sh b/scripts/_common.sh index 45b1e90..9916587 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,9 +5,9 @@ #================================================= # dependencies used by the app -pkg_dependencies="build-essential curl ffmpeg \ - libjpeg-dev libmagic-dev libpq-dev postgresql postgresql-contrib python3-dev virtualenv \ - redis-server libldap2-dev libsasl2-dev \ +pkg_dependencies="curl python3-pip python3-venv git unzip libldap2-dev libsasl2-dev gettext-base zlib1g-dev libffi-dev libssl-dev \ + build-essential ffmpeg libjpeg-dev libmagic-dev libpq-dev postgresql postgresql-contrib python3-dev make \ + redis-server \ `# add arm support` \ zlib1g-dev libffi-dev libssl-dev" @@ -15,7 +15,6 @@ pkg_dependencies="build-essential curl ffmpeg \ # PERSONAL HELPERS #================================================= - #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 3c0c590..d8b59c2 100644 --- a/scripts/backup +++ b/scripts/backup @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -27,9 +27,10 @@ ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) -domain=$(ynh_app_setting_get --app="$app" --key=domain) -db_name=$(ynh_app_setting_get --app="$app" --key=db_name) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # DECLARE DATA AND CONF FILES TO BACKUP @@ -42,14 +43,13 @@ ynh_print_info --message="Declaring files to be backed up..." backup_core_only=$(ynh_app_setting_get --app="$app" --key=backup_core_only) # If backup_core_only have any value in the settings.yml file, do not backup the data directory -if [ -z "$backup_core_only" ] +if [ "$backup_core_only" ] then - ynh_backup --src_path="$final_path" -else - echo "Data dir will not be saved, because backup_core_only is set." >&2 - ynh_backup --src_path="$final_path/code" + ynh_backup --src_path="$datadir" fi +ynh_backup --src_path="$final_path" + #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= @@ -58,11 +58,11 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/nginx/conf.d/$domain.conf" #================================================= -# BACKUP THE POSTGRESQL DATABASE +# BACKUP FAIL2BAN CONFIGURATION #================================================= -ynh_print_info --message="Backing up the PostgreSQL database..." -ynh_psql_dump_db --database="$db_name" > db.sql +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" #================================================= # SPECIFIC BACKUP @@ -75,6 +75,13 @@ ynh_backup --src_path="/etc/systemd/system/$app-server.service" ynh_backup --src_path="/etc/systemd/system/$app-worker.service" ynh_backup --src_path="/etc/systemd/system/$app.target" +#================================================= +# BACKUP THE POSTGRESQL DATABASE +#================================================= +ynh_print_info --message="Backing up the PostgreSQL database..." + +ynh_psql_dump_db --database="$db_name" > db.sql + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index beb1454..9019367 100644 --- a/scripts/install +++ b/scripts/install @@ -28,6 +28,8 @@ path_url="/" is_public=$YNH_APP_ARG_IS_PUBLIC admin=$YNH_APP_ARG_ADMIN +admin_mail=$(ynh_user_get_info --username="$admin" --key="mail") + app=$YNH_APP_INSTANCE_NAME #================================================= @@ -35,20 +37,22 @@ app=$YNH_APP_INSTANCE_NAME #================================================= ynh_script_progression --message="Validating installation parameters..." -final_path="/var/www/$app" +final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" +datadir="/home/yunohost.app/${app}/data" + # Register (book) web path -ynh_webpath_register --app="$app" --domain="$domain" --path_url="$path_url" +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." -ynh_app_setting_set --app="$app" --key=domain --value="$domain" -ynh_app_setting_set --app="$app" --key=path --value="$path_url" -ynh_app_setting_set --app="$app" --key=admin --value="$admin" +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=admin --value=$admin #================================================= # STANDARD MODIFICATIONS @@ -57,10 +61,9 @@ ynh_app_setting_set --app="$app" --key=admin --value="$admin" #================================================= ynh_script_progression --message="Finding an available port..." -# Find a free port +# Find an available port port=$(ynh_find_port --port=5000) -# Open this port -ynh_app_setting_set --app="$app" --key=port --value="$port" +ynh_app_setting_set --app=$app --key=port --value=$port #================================================= # INSTALL DEPENDENCIES @@ -76,36 +79,41 @@ ynh_script_progression --message="Creating a PostgreSQL database..." ynh_psql_test_if_first_run -db_name=$(ynh_sanitize_dbid "$app") -db_user="$db_name" +db_name=$(ynh_sanitize_dbid --db_name=$app) +db_user=$db_name db_pwd=$(ynh_string_random) -ynh_app_setting_set --app="$app" --key=db_name --value="$db_name" -ynh_app_setting_set --app="$app" --key=psqlpwd --value="$db_pwd" +ynh_app_setting_set --app=$app --key=db_name --value=$db_name +ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd # Initialize database and store postgres password for upgrade -ynh_psql_setup_db --db_name="$db_name" --db_user="$db_user" --db_pwd="$db_pwd" +ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." -ynh_app_setting_set --app="$app" --key=final_path --value="$final_path" +ynh_app_setting_set --app=$app --key=final_path --value=$final_path +ynh_app_setting_set --app=$app --key=datadir --value=$datadir # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path/code" -ynh_setup_source --dest_dir="$final_path/code" --source_id="app-frontend" +ynh_setup_source --dest_dir="$final_path/api" --source_id="api" +ynh_setup_source --dest_dir="$final_path/front" --source_id="front" -( - cd "$final_path" - mkdir -p code/config code/api code/data/static media import code/front -) +pushd $final_path + mkdir -p config +popd + +mkdir -p $datadir +pushd $datadir + mkdir -p static media music +popd #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring nginx web server..." +ynh_script_progression --message="Configuring NGINX web server..." -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config #================================================= @@ -114,58 +122,45 @@ ynh_add_nginx_config ynh_script_progression --message="Configuring system user..." # Create a system user -ynh_system_user_create --username="$app" --home_dir="$final_path" +ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # SPECIFIC SETUP #================================================= -# PYTHON DEPENDENCIES +# INSTALL PYTHON DEPENDENCIES #================================================= +ynh_script_progression --message="Installing Python dependencies..." -virtualenv -p python3 "$final_path/code/virtualenv" -( - set +o nounset - source "${final_path}/code/virtualenv/bin/activate" - set -o nounset +pushd $final_path + python3 -m venv $final_path/virtualenv + source $final_path/virtualenv/bin/activate pip install --upgrade pip pip install --upgrade setuptools pip install wheel - pip install -r "${final_path}/code/api/requirements.txt" -) + pip install -r api/requirements.txt +popd #================================================= # MODIFY THE CONFIG FILE #================================================= +ynh_script_progression --message="Modifying a config file..." -configfile="$final_path/code/config/.env" - -cp ../conf/env.prod "$configfile" - -key=$(ynh_string_random) +key=$(ynh_string_random --length=45 | base64) redis_db=$(ynh_redis_get_free_db) ynh_app_setting_set --app="$app" --key=key --value="$key" ynh_app_setting_set --app="$app" --key=redis_db --value="$redis_db" -ynh_replace_string --match_string="__REDIS_DB__" --replace_string="$redis_db" --target_file="$configfile" -ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$configfile" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$configfile" -ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$configfile" -ynh_replace_string --match_string="__DBPWD__" --replace_string="$db_pwd" --target_file="$configfile" -ynh_replace_string --match_string="__DBNAME__" --replace_string="$app" --target_file="$configfile" -ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$configfile" -ynh_replace_string --match_string="__KEY__" --replace_string="$key" --target_file="$configfile" +ynh_add_config --template="../conf/env.prod" --destination="$final_path/config/.env" #================================================= -# CONFIGURE ADMIN USER +# BUILDING FUNKWHALE #================================================= +ynh_script_progression --message="Building funkwhale..." -admin_mail=$(ynh_user_get_info --username="$admin" --key="mail") -( - set +o nounset - source "${final_path}/code/virtualenv/bin/activate" - set -o nounset - cd "$final_path/code/" + +pushd $final_path + source $final_path/virtualenv/bin/activate # needed for enabling the 'unaccent' extension ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name" @@ -173,56 +168,52 @@ admin_mail=$(ynh_user_get_info --username="$admin" --key="mail") ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name" echo "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('$admin', '$admin_mail', 'funkwhale') " | python api/manage.py shell python api/manage.py collectstatic -) +popd #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Configuring a systemd service..." -cp ../conf/funkwhale.target "/etc/systemd/system/$app.target" -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="/etc/systemd/system/$app.target" +ynh_add_config --template="../conf/funkwhale.target" --destination="/etc/systemd/system/$app.target" # Create a dedicated systemd config ynh_add_systemd_config --service="$app-server" --template="funkwhale-server.service" ynh_add_systemd_config --service="$app-worker" --template="funkwhale-worker.service" ynh_add_systemd_config --service="$app-beat" --template="funkwhale-beat.service" -#================================================= -# STORE THE CONFIG FILE CHECKSUM -#================================================= - -# Calculate and store the config file checksum into the app settings -ynh_store_file_checksum --file="$configfile" - #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= +ynh_script_progression --message="Securing files and directories..." -chown -R "$app": "$final_path" -chmod -R 755 "$final_path/code/front/dist/" +# Set permissions to app files +chown -R "$app": $final_path +chmod -R 755 "$final_path/front/dist/" mkdir -p "/var/log/$app" chown -R "$app": "/var/log/$app" #================================================= -# ADVERTISE SERVICE IN ADMIN PANEL +# INTEGRATE SERVICE IN YUNOHOST #================================================= +ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add "$app-server" --log="/var/log/$app/server.log" -yunohost service add "$app-worker" --log="/var/log/$app/worker.log" -yunohost service add "$app-beat" --log="/var/log/$app/beat.log" +yunohost service add "${app}-beat" --log="/var/log/$app/beat.log" +yunohost service add "${app}-server" --log="/var/log/$app/server.log" +yunohost service add "${app}-worker" --log="/var/log/$app/worker.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." -ynh_systemd_action --action="start" --service_name="${app}-beat" -ynh_systemd_action --action="start" --service_name="${app}-server" -ynh_systemd_action --action="start" --service_name="${app}-worker" +# Start a systemd service +ynh_systemd_action --service_name="${app}-beat" --action="start" --log_path="/var/log/$app/beat.log" +ynh_systemd_action --service_name="${app}-server" --action="start" --log_path="/var/log/$app/server.log" +ynh_systemd_action --service_name="${app}-worker" --action="start" --log_path="/var/log/$app/worker.log" #================================================= # SETUP FAIL2BAN @@ -237,7 +228,7 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-access.log" --failrege #================================================= ynh_script_progression --message="Configuring permissions..." -# Make app public if necessary or protect it +# Make app public if necessary if [ $is_public -eq 1 ] then # Everyone can access the app. diff --git a/scripts/remove b/scripts/remove index 0567cde..f5e544e 100644 --- a/scripts/remove +++ b/scripts/remove @@ -16,42 +16,42 @@ ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app="$app" --key=domain) -port=$(ynh_app_setting_get --app="$app" --key=port) -db_name=$(ynh_app_setting_get --app="$app" --key=db_name) -db_user="$db_name" -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) -redis_db=$(ynh_app_setting_get --app="$app" --key=redis_db) +domain=$(ynh_app_setting_get --app=$app --key=domain) +port=$(ynh_app_setting_get --app=$app --key=port) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +redis_db=$(ynh_app_setting_get --app=$app --key=redis_db) #================================================= # STANDARD REMOVE #================================================= -# REMOVE SERVICE FROM ADMIN PANEL +# REMOVE SERVICE INTEGRATION IN YUNOHOST #================================================= -# Remove a service from the admin panel, added by `yunohost service add` -if yunohost service status "$app-server" >/dev/null 2>&1 +# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) +if yunohost service status "$app-server" >/dev/null then - ynh_script_progression --message="Remove $app-server service" + ynh_script_progression --message="Remove $app-server service integration..." yunohost service remove "$app-server" fi -if yunohost service status "$app-worker" >/dev/null 2>&1 +if yunohost service status "$app-worker" >/dev/null then - ynh_script_progression --message="Remove $app-worker service" + ynh_script_progression --message="Remove $app-worker service integration..." yunohost service remove "$app-worker" fi -if yunohost service status "$app-beat" >/dev/null 2>&1 +if yunohost service status "$app-beat" >/dev/null then - ynh_script_progression --message="Remove $app-beat service" + ynh_script_progression --message="Remove $app-beat service integration..." yunohost service remove "$app-beat" fi #================================================= # STOP AND REMOVE SERVICE #================================================= -ynh_script_progression --message="Stopping and removing the systemd service" +ynh_script_progression --message="Stopping and removing the systemd service..." ynh_systemd_action --action="stop" --service_name="${app}-beat" ynh_systemd_action --action="stop" --service_name="${app}-server" @@ -67,23 +67,23 @@ ynh_secure_remove --file="/etc/systemd/system/$app.target" #================================================= # REMOVE THE POSTGRESQL DATABASE #================================================= -ynh_script_progression --message="Removing the PostgreSQL database" +ynh_script_progression --message="Removing the PostgreSQL database..." # Remove a database if it exists, along with the associated user -ynh_psql_remove_db --db_name="$db_name" --db_user="$db_user" +ynh_psql_remove_db --db_user=$db_user --db_name=$db_name #================================================= # REMOVE THE REDIS DATABASE #================================================= -ynh_script_progression --message="Removing the Redis database" +ynh_script_progression --message="Removing the Redis database..." # Remove a database if it exists, along with the associated user -ynh_redis_remove_db "$redis_db" +ynh_redis_remove_db $redis_db #================================================= # REMOVE DEPENDENCIES #================================================= -ynh_script_progression --message="Removing dependencies" +ynh_script_progression --message="Removing dependencies..." # Remove metapackage and its dependencies ynh_remove_app_dependencies @@ -91,37 +91,46 @@ ynh_remove_app_dependencies #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing app main directory" +ynh_script_progression --message="Removing app main directory..." # Remove the app directory securely ynh_secure_remove --file="$final_path" -ynh_secure_remove --file="/var/log/$app" - #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing NGINX web server configuration" +ynh_script_progression --message="Removing NGINX web server configuration..." -# Remove the dedicated nginx config +# Remove the dedicated NGINX config ynh_remove_nginx_config #================================================= # REMOVE FAIL2BAN CONFIGURATION #================================================= -ynh_script_progression --message="Removing Fail2Ban configuration..." +ynh_script_progression --message="Removing Fail2ban configuration..." +# Remove the dedicated Fail2Ban config ynh_remove_fail2ban_config +#================================================= +# SPECIFIC REMOVE +#================================================= +# REMOVE VARIOUS FILES +#================================================= +ynh_script_progression --message="Removing various files..." + +# Remove the log files +ynh_secure_remove --file="/var/log/$app" + #================================================= # GENERIC FINALIZATION #================================================= # REMOVE DEDICATED USER #================================================= -ynh_script_progression --message="Removing the dedicated system user" +ynh_script_progression --message="Removing the dedicated system user..." # Delete a system user -ynh_system_user_delete --username="$app" +ynh_system_user_delete --username=$app #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index 7802232..1110799 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -27,21 +27,22 @@ ynh_script_progression --message="Loading settings..." app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app="$app" --key=domain) -path_url=$(ynh_app_setting_get --app="$app" --key=path) -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) -db_name=$(ynh_app_setting_get --app="$app" --key=db_name) -db_user="$db_name" -db_pwd=$(ynh_app_setting_get --app="$app" --key=psqlpwd) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name +db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= ynh_script_progression --message="Validating restoration parameters..." -ynh_webpath_available --domain="$domain" --path_url="$path_url" \ +ynh_webpath_available --domain=$domain --path_url=$path_url \ || ynh_die --message="Path not available: ${domain}${path_url}" -test ! -d "$final_path" \ +test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " #================================================= @@ -49,39 +50,31 @@ test ! -d "$final_path" \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." -backup_core_only=$(ynh_app_setting_get --app="$app" --key=backup_core_only) +backup_core_only=$(ynh_app_setting_get --app=$app --key=backup_core_only) # If backup_core_only have any value, then restore only code -if [ -z "$backup_core_only" ] +if [ "$backup_core_only" ] then - ynh_restore_file --origin_path="$final_path/code" -else - ynh_restore_file --origin_path="$final_path" + ynh_restore_file --origin_path="$datadir" fi +ynh_restore_file --origin_path="$final_path" + # Remove the option backup_core_only if it's in the settings.yml file ynh_app_setting_delete --app="$app" --key=backup_core_only -code_migration=$(ynh_app_setting_get --app="$app" --key=code_migration) - -# make sure we revert the last code organization -if [ "$code_migration" -eq 1 ] -then - mv "$final_path/code/"* "$final_path" - mv "$final_path/media" "$final_path/code/data/media" - mv "$final_path/import" "$final_path/code/data/music" - ynh_secure_remove --file="$final_path/code" - ynh_app_setting_delete --app="$app" --key=code_migration -fi +pushd $datadir + mkdir -p static media music +popd #================================================= # RECREATE THE DEDICATED USER @@ -89,14 +82,15 @@ fi ynh_script_progression --message="Recreating the dedicated system user..." # Create the dedicated user (if not existing) -ynh_system_user_create --username="$app" --home_dir="$final_path" +ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # RESTORE USER RIGHTS #================================================= +ynh_script_progression --message="Restoring user rights..." # Restore permissions on app files -chown -R "$app": "$final_path" +chown -R $app: $final_path chmod -R 755 "$final_path/code/front/dist/" mkdir -p "/var/log/$app" @@ -118,8 +112,8 @@ ynh_install_app_dependencies $pkg_dependencies ynh_script_progression --message="Restoring the PostgreSQL database..." ynh_psql_test_if_first_run -ynh_psql_setup_db --db_user="$db_user" --db_name="$db_name" --db_pwd="$db_pwd" -ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" +ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd +ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name #================================================= # RESTORE SYSTEMD @@ -136,21 +130,22 @@ systemctl enable "$app-server.service" --quiet systemctl enable "$app-worker.service" --quiet #================================================= -# ADVERTISE SERVICE IN ADMIN PANEL +# INTEGRATE SERVICE IN YUNOHOST #================================================= +ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add "$app-server" --log="/var/log/$app/server.log" -yunohost service add "$app-worker" --log="/var/log/$app/worker.log" -yunohost service add "$app-beat" --log="/var/log/$app/beat.log" +yunohost service add "${app}-beat" --log="/var/log/$app/beat.log" +yunohost service add "${app}-server" --log="/var/log/$app/server.log" +yunohost service add "${app}-worker" --log="/var/log/$app/worker.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." -ynh_systemd_action --action="start" --service_name="${app}-beat" -ynh_systemd_action --action="start" --service_name="${app}-server" -ynh_systemd_action --action="start" --service_name="${app}-worker" +ynh_systemd_action --service_name="${app}-beat" --action="start" --log_path="/var/log/$app/beat.log" +ynh_systemd_action --service_name="${app}-server" --action="start" --log_path="/var/log/$app/server.log" +ynh_systemd_action --service_name="${app}-worker" --action="start" --log_path="/var/log/$app/worker.log" #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index a01b565..f0b40e4 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -16,15 +16,15 @@ ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app="$app" --key=domain) -path_url=$(ynh_app_setting_get --app="$app" --key=path) -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) -db_name=$(ynh_app_setting_get --app="$app" --key=db_name) -db_user="$db_name" -port=$(ynh_app_setting_get --app="$app" --key=port) -db_pwd=$(ynh_app_setting_get --app="$app" --key=psqlpwd) -redis_db=$(ynh_app_setting_get --app="$app" --key=redis_db) -code_migration=$(ynh_app_setting_get --app="$app" --key=code_migration) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name +port=$(ynh_app_setting_get --app=$app --key=port) +db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) +redis_db=$(ynh_app_setting_get --app=$app --key=redis_db) +key=$(ynh_app_setting_get --app=$app --key=key) #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -37,18 +37,10 @@ if [ -z "$redis_db" ]; then ynh_app_setting_set --app="$app" --key=redis_db --value="$redis_db" fi -# make sure we have the last code organization -if [ ! -d "$final_path/code/" ]; then - mkdir "$final_path-tmp" - mv "$final_path"/* "$final_path-tmp/" - - mkdir "$final_path/code" - mv "$final_path-tmp/data/media" "$final_path/media" - mv "$final_path-tmp/data/music" "$final_path/import" - mv "$final_path-tmp"/* "$final_path/code" - - ynh_secure_remove --file="$final_path-tmp/" - ynh_app_setting_set --app="$app" --key=code_migration --value=1 +# If db_pwd doesn't exist, create it +if [ -z "$db_pwd" ]; then + db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) + ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd fi # Cleaning legacy permissions @@ -69,23 +61,13 @@ ynh_app_setting_set --app="$app" --key=backup_core_only --value=1 # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # restore it if the upgrade fails + # Restore it if the upgrade fails ynh_clean_check_starting ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors -#================================================= -# CHECK THE PATH -#================================================= - -# see 0.20.0: https://docs.funkwhale.audio/changelog.html#automatically-load-env-file -loadfile="$final_path/code/load_env" -if [ -e "$loadfile" ] ; then - ynh_secure_remove --file="$loadfile" -fi - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -93,24 +75,47 @@ fi #================================================= ynh_script_progression --message="Stopping a systemd service..." -ynh_systemd_action --action="stop" --service_name="${app}-beat" -ynh_systemd_action --action="stop" --service_name="${app}-server" -ynh_systemd_action --action="stop" --service_name="${app}-worker" +ynh_systemd_action --service_name="${app}-beat" --action="stop" --log_path="/var/log/$app/beat.log" +ynh_systemd_action --service_name="${app}-server" --action="stop" --log_path="/var/log/$app/server.log" +ynh_systemd_action --service_name="${app}-worker" --action="stop" --log_path="/var/log/$app/worker.log" + +#================================================= +# MOVE DATAS +#================================================= + +# If datadir doesn't exist, create it +if [ -z "$datadir" ]; then + ynh_script_progression --message="Moving datas..." + datadir="/home/yunohost.app/${app}/data" + ynh_app_setting_set --app=$app --key=datadir --value=$datadir + mv $finalpath/code/data/static $datadir/static + mv $finalpath/media $datadir/media + mv $finalpath/import $datadir/music + + ynh_backup_if_checksum_is_different --file="$finalpath/code/config/.env" + mv $finalpath/code/config $finalpath/config + ynh_store_file_checksum --file="$finalpath/config/.env" + ynh_delete_file_checksum --file="$finalpath/code/config/.env" + + ynh_secure_remove --file="$finalpath/code" + configfile="$final_path/code/config/.env" +fi #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Upgrading source files..." -ynh_app_setting_set --app="$app" --key=final_path --value="$final_path" -# Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path/code" -ynh_setup_source --dest_dir="$final_path/code" --source_id="app-frontend" +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." -( - cd "$final_path" - mkdir -p code/config code/api code/data/static media import code/front -) + ynh_secure_remove --file="$final_path/api" + ynh_secure_remove --file="$final_path/front" + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path/api" --source_id="api" + ynh_setup_source --dest_dir="$final_path/front" --source_id="front" +fi #================================================= # NGINX CONFIGURATION @@ -133,59 +138,39 @@ ynh_install_app_dependencies $pkg_dependencies ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) -ynh_system_user_create --username="$app" --home_dir="$final_path" +ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # SPECIFIC UPGRADE #================================================= -# PYTHON DEPENDENCIES +# INSTALL PYTHON DEPENDENCIES #================================================= +ynh_script_progression --message="Installing Python dependencies..." -ynh_secure_remove --file="$final_path/code/virtualenv" -virtualenv -p python3 "$final_path/code/virtualenv" -( - set +o nounset - source "${final_path}/code/virtualenv/bin/activate" - set -o nounset +pushd $final_path + ynh_secure_remove --file="$final_path/virtualenv" + python3 -m venv $final_path/virtualenv + source $final_path/virtualenv/bin/activate pip install --upgrade pip pip install --upgrade setuptools pip install wheel - pip install -r "${final_path}/code/api/requirements.txt" - - # https://code.eliotberriot.com/funkwhale/funkwhale/tags/0.16 - pip uninstall django-cacheops --yes -) + pip install -r api/requirements.txt +popd #================================================= # MODIFY THE CONFIG FILE #================================================= +ynh_script_progression --message="Modifying a config file..." -configfile="$final_path/code/config/.env" -ynh_backup_if_checksum_is_different --file="$configfile" -cp ../conf/env.prod "$configfile" - -key=$(ynh_string_random) - -ynh_app_setting_set --app="$app" --key=key --value="$key" - -ynh_replace_string --match_string="__REDIS_DB__" --replace_string="$redis_db" --target_file="$configfile" -ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$configfile" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$configfile" -ynh_replace_string --match_string="__DBUSER__" --replace_string="$db_name" --target_file="$configfile" -ynh_replace_string --match_string="__DBPWD__" --replace_string="$db_pwd" --target_file="$configfile" -ynh_replace_string --match_string="__DBNAME__" --replace_string="$app" --target_file="$configfile" -ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$configfile" -ynh_replace_string --match_string="__KEY__" --replace_string="$key" --target_file="$configfile" +ynh_add_config --template="../conf/env.prod" --destination="$final_path/config/.env" #================================================= -# MIGRATE +# MIGRATE FUNKWHALE #================================================= +ynh_script_progression --message="Migrating Funkwhale..." -( - set +o nounset - source "${final_path}/code/virtualenv/bin/activate" - set -o nounset - cd "$final_path/code" +pushd $final_path + source $final_path/virtualenv/bin/activate # needed for enabling the 'unaccent' extension ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name" @@ -209,24 +194,16 @@ ynh_replace_string --match_string="__KEY__" --replace_string="$key" # Delete the original thumbnails and generate new ones for # higher quality images # https://docs.funkwhale.audio/changelog.html#increased-quality-of-jpeg-thumbnails-manual-action-required - ynh_secure_remove "$final_path/media/__sized__" + ynh_secure_remove --file="$final_path/media/__sized__" python api/manage.py fw media generate-thumbnails ) -#================================================= -# STORE THE CONFIG FILE CHECKSUM -#================================================= - -# Recalculate and store the checksum of the file for the next upgrade. -ynh_store_file_checksum --file="$configfile" - #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Upgrading systemd configuration..." -cp ../conf/funkwhale.target "/etc/systemd/system/$app.target" -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="/etc/systemd/system/$app.target" +ynh_add_config --template="../conf/funkwhale.target" --destination="/etc/systemd/system/$app.target" # Create a dedicated systemd config ynh_add_systemd_config --service="$app-server" --template="funkwhale-server.service" @@ -235,17 +212,12 @@ ynh_add_systemd_config --service="$app-beat" --template="funkwhale-beat.servic #================================================= # GENERIC FINALIZATION -#================================================= -# UPGRADE FAIL2BAN -#================================================= -ynh_script_progression --message="Reconfiguring Fail2Ban..." - -ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-access.log" --failregex=".* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5 - #================================================= # SECURE FILES AND DIRECTORIES #================================================= +ynh_script_progression --message="Securing files and directories..." +# Set permissions on app files chown -R "$app": "$final_path" chmod -R 755 "$final_path/code/front/dist/" @@ -253,21 +225,31 @@ mkdir -p "/var/log/$app" chown -R "$app": "/var/log/$app" #================================================= -# ADVERTISE SERVICE IN ADMIN PANEL +# INTEGRATE SERVICE IN YUNOHOST #================================================= +ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add "$app-server" --log="/var/log/$app/server.log" -yunohost service add "$app-worker" --log="/var/log/$app/worker.log" -yunohost service add "$app-beat" --log="/var/log/$app/beat.log" +yunohost service add "${app}-beat" --log="/var/log/$app/beat.log" +yunohost service add "${app}-server" --log="/var/log/$app/server.log" +yunohost service add "${app}-worker" --log="/var/log/$app/worker.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." -ynh_systemd_action --action="start" --service_name="${app}-beat" -ynh_systemd_action --action="start" --service_name="${app}-server" -ynh_systemd_action --action="start" --service_name="${app}-worker" +# Start a systemd service +ynh_systemd_action --service_name="${app}-beat" --action="start" --log_path="/var/log/$app/beat.log" +ynh_systemd_action --service_name="${app}-server" --action="start" --log_path="/var/log/$app/server.log" +ynh_systemd_action --service_name="${app}-worker" --action="start" --log_path="/var/log/$app/worker.log" + +#================================================= +# UPGRADE FAIL2BAN +#================================================= +ynh_script_progression --message="Reconfiguring Fail2Ban..." + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-access.log" --failregex=".* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5 #================================================= # RELOAD NGINX @@ -276,12 +258,6 @@ ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload -#================================================= -# REMOVE CODE MIGRATION FLAG -#================================================= - -ynh_app_setting_set --app="$app" --key=code_migration --value=2 - #================================================= # END OF SCRIPT #================================================= diff --git a/sources/extra_files/app/api/requirements/base.txt b/sources/extra_files/app/api/requirements/base.txt deleted file mode 100644 index 35d71c2..0000000 --- a/sources/extra_files/app/api/requirements/base.txt +++ /dev/null @@ -1,77 +0,0 @@ -django~=3.0.8 -setuptools>=49 -# Configuration -django-environ~=0.4.0 - -# Images -Pillow~=7.0.0 - -django-allauth~=0.42.0 - -psycopg2-binary~=2.8.0 - -# Time zones support -pytz==2020.1 - -# Redis support -django-redis~=4.12.0 -redis~=3.5.0 -kombu~=4.6.0 - -celery~=4.4.0 - - -# Your custom requirements go here -django-cors-headers~=3.4.0 -musicbrainzngs~=0.7.1 -djangorestframework~=3.11.0 -djangorestframework-jwt~=1.11.0 -arrow~=0.15.5 -persisting-theory~=0.2.0 -django-versatileimagefield~=2.0.0 -django-filter~=2.3.0 -django-rest-auth~=0.9.0 -ipython~=7.10.0 -mutagen~=1.45.0 - -pymemoize~=1.0.0 - -django-dynamic-preferences~=1.10 -raven~=6.10.0 -python-magic~=0.4.0 -channels~=2.4.0 -channels_redis~=3.0.0 -uvicorn[standard]~=0.12.0 -gunicorn~=20.0.0 - -cryptography~=2.9.0 -# requests-http-signature==0.0.3 -# clone until the branch is merged and released upstream -git+https://github.com/agateblue/requests-http-signature.git@signature-header-support -django-cleanup~=5.0.0 -requests~=2.24.0 -pyOpenSSL~=19.1.0 - -# for LDAP authentication -python-ldap~=3.3.0 -django-auth-ldap~=2.2.0 - -pydub~=0.24.0 -pyld~=1.0.0 -aiohttp~=3.6.0 - -django-oauth-toolkit~=1.3.0 -django-storages~=1.9.0 -boto3~=1.14.0 -unicode-slugify~=0.1.0 -django-cacheops~=5.0.0 - -click~=7.1.0 -service_identity~=18.1.0 -markdown~=3.2.0 -bleach~=3.1.0 -feedparser~=6.0.0 -watchdog~=1.0.2 - -## Pin third party dependency to avoid issue with latest version -twisted==20.3.0