1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/funkwhale_ynh.git synced 2024-09-03 18:36:24 +02:00

Merge pull request #58 from PierrickBrun/0.18

WIP: Update 0.18
This commit is contained in:
Jean-Baptiste 2019-03-02 06:56:14 +01:00 committed by GitHub
commit b858d7762e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 115 additions and 145 deletions

View file

@ -1,5 +1,5 @@
SOURCE_URL=https://code.eliotberriot.com/funkwhale/funkwhale/-/jobs/artifacts/0.17/download?job=build_front SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/0.18.2/download?job=build_front
SOURCE_SUM=3578e1c60da578681c4e60a94dde1e18511f2455814c980b24748c87ffb8b4a2 SOURCE_SUM=cec96c574c7de95a94380bde3ab5f26d61b78018821bc012f80ef62caf3b2448
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=false SOURCE_IN_SUBDIR=false

View file

@ -1,5 +1,5 @@
SOURCE_URL=https://code.eliotberriot.com/funkwhale/funkwhale/-/archive/0.17/funkwhale-0.17.tar.bz2 SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/-/archive/0.18.2/funkwhale-0.18.2.tar.bz2
SOURCE_SUM=100eb3dfa5285eb9886d05dd575251e24cf43525596083b3793e8f80e369db1b SOURCE_SUM=a4ae89e7f92ed4d047849ce36db86690d9114ec48226225e7b6db35c1cc1f936
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.bz2 SOURCE_FORMAT=tar.bz2
SOURCE_IN_SUBDIR=true SOURCE_IN_SUBDIR=true

View file

@ -40,7 +40,8 @@ FUNKWHALE_API_PORT=__PORT__
# Replace this by the definitive, public domain you will use for # Replace this by the definitive, public domain you will use for
# your instance # your instance
FUNKWHALE_URL=https://__DOMAIN__ FUNKWHALE_HOSTNAME=__DOMAIN__
FUNKWHALE_PROTOCOL=https
# Configure email sending using this variale # Configure email sending using this variale
# By default, funkwhale will output emails sent to stdout # By default, funkwhale will output emails sent to stdout
@ -86,11 +87,6 @@ MEDIA_ROOT=__FINALPATH__/media
# (Ensure this directory actually exists) # (Ensure this directory actually exists)
STATIC_ROOT=__FINALPATH__/code/data/static STATIC_ROOT=__FINALPATH__/code/data/static
# Update it to match the domain that will be used to reach your funkwhale
# instance
# Example: DJANGO_ALLOWED_HOSTS=funkwhale.yourdomain.com
DJANGO_ALLOWED_HOSTS=__DOMAIN__
# which settings module should django use? # which settings module should django use?
# You don't have to touch this unless you really know what you're doing # You don't have to touch this unless you really know what you're doing
DJANGO_SETTINGS_MODULE=config.settings.production DJANGO_SETTINGS_MODULE=config.settings.production
@ -119,8 +115,8 @@ RAVEN_DSN=https://44332e9fdd3d42879c7d35bf8562c6a4:0062dc16a22b41679cd5765e5342f
# MUSIC_DIRECTORY_PATH=/srv/funkwhale/data/music # MUSIC_DIRECTORY_PATH=/srv/funkwhale/data/music
# # MUSIC_DIRECTORY_SERVE_PATH= # stays commented, not needed # # MUSIC_DIRECTORY_SERVE_PATH= # stays commented, not needed
MUSIC_DIRECTORY_SERVE_PATH=__FINALPATH__/import
MUSIC_DIRECTORY_PATH=__FINALPATH__/import MUSIC_DIRECTORY_PATH=__FINALPATH__/import
MUSIC_DIRECTORY_SERVE_PATH=__FINALPATH__/import
# LDAP settings # LDAP settings
# Use the following options to allow authentication on your Funkwhale instance # Use the following options to allow authentication on your Funkwhale instance
@ -138,7 +134,8 @@ LDAP_START_TLS=False
LDAP_ROOT_DN=ou=users,dc=yunohost,dc=org LDAP_ROOT_DN=ou=users,dc=yunohost,dc=org
LDAP_USER_ATTR_MAP={"username":"uid"} LDAP_USER_ATTR_MAP={"username":"uid"}
FUNKWHALE_FRONTEND_PATH=/srv/funkwhale/front/dist FUNKWHALE_FRONTEND_PATH=__FINALPATH__/code/front/dist
FUNKWHALE_SPA_HTML_ROOT=__FINALPATH__/code/front/dist/index.html
# Nginx related configuration # Nginx related configuration
NGINX_MAX_BODY_SIZE=30M NGINX_MAX_BODY_SIZE=100M

View file

@ -12,15 +12,15 @@ EnvironmentFile=__FINALPATH__/code/config/.env
ExecStart=__FINALPATH__/code/virtualenv/bin/celery -A funkwhale_api.taskapp beat \ ExecStart=__FINALPATH__/code/virtualenv/bin/celery -A funkwhale_api.taskapp beat \
--loglevel INFO --logfile=/var/log/__APP__/beat.log --loglevel INFO --logfile=/var/log/__APP__/beat.log
NoNewPrivileges=true #NoNewPrivileges=true
PrivateDevices=true #PrivateDevices=true
PrivateTmp=true #PrivateTmp=true
ProtectHome=true #ProtectHome=true
ProtectSystem=strict #ProtectSystem=strict
ProtectControlGroups=yes #ProtectControlGroups=yes
ProtectKernelModules=yes #ProtectKernelModules=yes
ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/ #ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/
ReadWritePaths=__FINALPATH__/media __FINALPATH__/import __FINALPATH__/code/api /var/log/__APP__ #ReadWritePaths=__FINALPATH__/media __FINALPATH__/import __FINALPATH__/code/api /var/log/__APP__
StandardOutput=syslog StandardOutput=syslog
StandardError=syslog StandardError=syslog

View file

@ -12,15 +12,15 @@ EnvironmentFile=__FINALPATH__/code/config/.env
ExecStart=__FINALPATH__/code/virtualenv/bin/daphne -b ${FUNKWHALE_API_IP} -p ${FUNKWHALE_API_PORT} config.asgi:application --proxy-headers \ ExecStart=__FINALPATH__/code/virtualenv/bin/daphne -b ${FUNKWHALE_API_IP} -p ${FUNKWHALE_API_PORT} config.asgi:application --proxy-headers \
--verbosity 1 --access-log=/var/log/__APP__/server.log --verbosity 1 --access-log=/var/log/__APP__/server.log
NoNewPrivileges=true #NoNewPrivileges=true
PrivateDevices=true #PrivateDevices=true
PrivateTmp=true #PrivateTmp=true
ProtectHome=true #ProtectHome=true
ProtectSystem=strict #ProtectSystem=strict
ProtectControlGroups=yes #ProtectControlGroups=yes
ProtectKernelModules=yes #ProtectKernelModules=yes
ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/ #ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/
ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__ #ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__
StandardOutput=syslog StandardOutput=syslog
StandardError=syslog StandardError=syslog

View file

@ -12,15 +12,15 @@ EnvironmentFile=__FINALPATH__/code/config/.env
ExecStart=__FINALPATH__/code/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO \ ExecStart=__FINALPATH__/code/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO \
--loglevel INFO --logfile=/var/log/__APP__/worker.log --loglevel INFO --logfile=/var/log/__APP__/worker.log
NoNewPrivileges=true #NoNewPrivileges=true
PrivateDevices=true #PrivateDevices=true
PrivateTmp=true #PrivateTmp=true
ProtectHome=true #ProtectHome=true
ProtectSystem=strict #ProtectSystem=strict
ProtectControlGroups=yes #ProtectControlGroups=yes
ProtectKernelModules=yes #ProtectKernelModules=yes
ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/ #ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/
ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__ #ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__
StandardOutput=syslog StandardOutput=syslog
StandardError=syslog StandardError=syslog

View file

@ -1,22 +1,16 @@
location / { location / {
alias __FINALPATH__/code/front/dist/;
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
try_files $uri $uri/ @rewrites;
}
location @rewrites {
rewrite ^(.+)$ /index.html last;
}
location /api/ {
include __FINALPATH__/code/deploy/funkwhale_proxy.conf; include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
# this is needed if you have file import via upload enabled # this is needed if you have file import via upload enabled
client_max_body_size 100M; client_max_body_size 100M;
proxy_pass http://127.0.0.1:__PORT__/api/; proxy_pass http://127.0.0.1:__PORT__/;
}
location /front/ {
alias __FINALPATH__/code/front/dist/;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
} }
location /federation/ { location /federation/ {
@ -24,6 +18,13 @@ location /federation/ {
proxy_pass http://127.0.0.1:__PORT__/federation/; proxy_pass http://127.0.0.1:__PORT__/federation/;
} }
location /rest/ {
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/;
}
location /.well-known/ { location /.well-known/ {
include __FINALPATH__/code/deploy/funkwhale_proxy.conf; include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
proxy_pass http://127.0.0.1:__PORT__/.well-known/; proxy_pass http://127.0.0.1:__PORT__/.well-known/;
@ -33,7 +34,7 @@ location /media/ {
alias __FINALPATH__/media/; alias __FINALPATH__/media/;
} }
location __PATH__/_protected/media/ { location /_protected/media/ {
# this is an internal location that is used to serve # this is an internal location that is used to serve
# audio files once correct permission / authentication # audio files once correct permission / authentication
# has been checked on API side # has been checked on API side
@ -41,56 +42,12 @@ location __PATH__/_protected/media/ {
alias __FINALPATH__/media/; alias __FINALPATH__/media/;
} }
# Transcoding logic and caching location /_protected/music/ {
# TODO: try to enable this
# https://code.eliotberriot.com/funkwhale/funkwhale/blob/0.8/deploy/nginx.conf#L4
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache
location = /transcode-auth {
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
# needed so we can authenticate transcode requests, but still
# cache the result
internal; internal;
set $query ''; alias __FINALPATH__/import/;
# ensure we actually pass the jwt to the underlytin auth url
if ($request_uri ~* "[^\?]+\?(.*)$") {
set $query $1;
} }
proxy_pass http://127.0.0.1:__PORT__/api/v1/trackfiles/viewable/?$query;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
location /api/v1/trackfiles/transcode/ {
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
# this block deals with authenticating and caching transcoding
# requests. Caching is heavily recommended as transcoding
# is a CPU intensive process.
auth_request /transcode-auth;
if ($args ~ (.*)jwt=[^&]*(.*)) {
set $cleaned_args $1$2;
}
proxy_cache_key "$scheme$request_method$host$uri$is_args$cleaned_args";
proxy_cache __NAME__-transcode;
proxy_cache_valid 200 7d;
proxy_ignore_headers "Set-Cookie";
proxy_hide_header "Set-Cookie";
add_header X-Cache-Status $upstream_cache_status;
proxy_pass http://127.0.0.1:__PORT__;
}
# end of transcoding logic
location /staticfiles/ { location /staticfiles/ {
# django static files # django static files
alias __FINALPATH__/code/data/static/; alias __FINALPATH__/code/data/static/;
} }
location /rest/ {
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/;
}
location /_protected/music {
internal;
alias __FINALPATH__/import;
}

View file

@ -3,12 +3,12 @@
"id": "funkwhale", "id": "funkwhale",
"packaging_format": 1, "packaging_format": 1,
"requirements": { "requirements": {
"yunohost": ">= 3.2.0" "yunohost": ">= 3.3.0"
}, },
"description": { "description": {
"en": "A modern, convivial and free music server" "en": "A modern, convivial and free music server"
}, },
"version": "0.17.0~ynh3", "version": "0.18.2~ynh1",
"url": "https://funkwhale.audio", "url": "https://funkwhale.audio",
"license": "BSD-3-Clause", "license": "BSD-3-Clause",
"maintainer": { "maintainer": {
@ -41,7 +41,7 @@
"name": "admin", "name": "admin",
"type": "user", "type": "user",
"ask": { "ask": {
"en": "Choose an admin user for Funkwhale?" "en": "Choose an admin user for Funkwhale"
}, },
"example": "jibec" "example": "jibec"
} }

View file

@ -1,5 +1,40 @@
#!/bin/bash #!/bin/bash
# funkwhale needs edits to the domain config file
# this function removes funkwhale specifics
funkwhale_nginx_domain_cleaning() {
local line
local tempFile
local nginxConf
nginxConf="/etc/nginx/conf.d/$domain.conf"
tempFile="$nginxConf.temp"
line=$(sed -n '/server /=' "$nginxConf" | head -n 1)
tail -n +"$line" "$nginxConf" > "$tempFile"
mv "$tempFile" "$nginxConf"
}
# funkwhale needs edits to the domain config file
# this function adds funkwhale specifics
funkwhale_nginx_domain_configure() {
local tempFile
local nginxConf
nginxConf="/etc/nginx/conf.d/$domain.conf"
tempFile="$nginxConf.temp"
echo "
# required for websocket support
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
" | cat - "$nginxConf" > "$tempFile"
mv "$tempFile" "$nginxConf"
}
#================================================= #=================================================
# #
# Redis HELPERS # Redis HELPERS

View file

@ -110,17 +110,8 @@ ynh_setup_source "$final_path/code" "app-frontend"
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
# add proxy_cache and connection_upgrade at the beginning of the domain configuration # add funkwhale specifics at the beginning of the domain configuration
echo " funkwhale_nginx_domain_configure
proxy_cache_path /tmp/$app-transcode levels=1:2 keys_zone=$app-transcode:10m max_size=1g inactive=7d;
# required for websocket support
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
" | cat - "/etc/nginx/conf.d/$domain.conf" > temp && mv temp "/etc/nginx/conf.d/$domain.conf"
# Create a dedicated nginx config # Create a dedicated nginx config
ynh_add_nginx_config ynh_add_nginx_config

View file

@ -95,15 +95,11 @@ ynh_secure_remove "/var/log/$app"
#================================================= #=================================================
# remove domain specific configuration # remove domain specific configuration
tail -n +11 "/etc/nginx/conf.d/$domain.conf" > "/etc/nginx/conf.d/$domain.conf.temp" funkwhale_nginx_domain_cleaning
mv "/etc/nginx/conf.d/$domain.conf.temp" "/etc/nginx/conf.d/$domain.conf"
# Remove the dedicated nginx config # Remove the dedicated nginx config
ynh_remove_nginx_config ynh_remove_nginx_config
# remove local nginx cache
ynh_secure_remove "/tmp/$app-transcode"
#================================================= #=================================================
# CLOSE A PORT # CLOSE A PORT
#================================================= #=================================================

View file

@ -115,18 +115,11 @@ ynh_psql_execute_file_as_root ./db.sql "$db_name"
# Restore permissions on app files # Restore permissions on app files
chown -R "$app": "$final_path" chown -R "$app": "$final_path"
chmod -R 755 "$final_path/code/front/dist/"
mkdir -p "/var/log/$app" mkdir -p "/var/log/$app"
chown -R "$app": "/var/log/$app" chown -R "$app": "/var/log/$app"
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add "$app-server" --log "/var/log/$app/server.log"
yunohost service add "$app-worker" --log "/var/log/$app/worker.log"
yunohost service add "$app-beat" --log "/var/log/$app/beat.log"
#================================================= #=================================================
# RESTORE SYSTEMD # RESTORE SYSTEMD
#================================================= #=================================================
@ -141,6 +134,14 @@ systemctl enable "$app-server.service"
systemctl enable "$app-worker.service" systemctl enable "$app-worker.service"
systemctl restart "$app.target" systemctl restart "$app.target"
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add "$app-server" --log "/var/log/$app/server.log"
yunohost service add "$app-worker" --log "/var/log/$app/worker.log"
yunohost service add "$app-beat" --log "/var/log/$app/beat.log"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================

View file

@ -111,22 +111,11 @@ ynh_setup_source "$final_path/code" "app-frontend"
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
# change the global configuration
# remove domain specific configuration # remove domain specific configuration
tail -n +11 "/etc/nginx/conf.d/$domain.conf" > "/etc/nginx/conf.d/$domain.conf.temp" funkwhale_nginx_domain_cleaning
mv "/etc/nginx/conf.d/$domain.conf.temp" "/etc/nginx/conf.d/$domain.conf"
# add proxy_cache and connection_upgrade at the beginning of the domain configuration # add funkwhale specifics at the beginning of the domain configuration
echo " funkwhale_nginx_domain_configure
proxy_cache_path /tmp/$app-transcode levels=1:2 keys_zone=$app-transcode:10m max_size=1g inactive=7d;
# required for websocket support
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
" | cat - "/etc/nginx/conf.d/$domain.conf" > temp && mv temp "/etc/nginx/conf.d/$domain.conf"
# Create a dedicated nginx config # Create a dedicated nginx config
ynh_add_nginx_config ynh_add_nginx_config
@ -226,6 +215,10 @@ ynh_replace_string "__FINALPATH__" "$final_path" "$loadfile"
# https://docs.funkwhale.audio/upgrading/0.17.html#upgrade-instructions # https://docs.funkwhale.audio/upgrading/0.17.html#upgrade-instructions
python api/manage.py script migrate_to_user_libraries --no-input python api/manage.py script migrate_to_user_libraries --no-input
# Delete pre 0.17 federated tracks [manual action suggested]
# https://dev.funkwhale.audio/funkwhale/funkwhale/tags/0.18
python api/manage.py script delete_pre_017_federated_uploads --no-input
) )
#================================================= #=================================================