1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/funkwhale_ynh.git synced 2024-09-03 18:36:24 +02:00

Merge pull request #58 from PierrickBrun/0.18

WIP: Update 0.18
This commit is contained in:
Jean-Baptiste 2019-03-02 06:56:14 +01:00 committed by GitHub
commit b858d7762e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 115 additions and 145 deletions

View file

@ -1,5 +1,5 @@
SOURCE_URL=https://code.eliotberriot.com/funkwhale/funkwhale/-/jobs/artifacts/0.17/download?job=build_front
SOURCE_SUM=3578e1c60da578681c4e60a94dde1e18511f2455814c980b24748c87ffb8b4a2
SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/0.18.2/download?job=build_front
SOURCE_SUM=cec96c574c7de95a94380bde3ab5f26d61b78018821bc012f80ef62caf3b2448
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=false

View file

@ -1,5 +1,5 @@
SOURCE_URL=https://code.eliotberriot.com/funkwhale/funkwhale/-/archive/0.17/funkwhale-0.17.tar.bz2
SOURCE_SUM=100eb3dfa5285eb9886d05dd575251e24cf43525596083b3793e8f80e369db1b
SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/-/archive/0.18.2/funkwhale-0.18.2.tar.bz2
SOURCE_SUM=a4ae89e7f92ed4d047849ce36db86690d9114ec48226225e7b6db35c1cc1f936
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.bz2
SOURCE_IN_SUBDIR=true

View file

@ -40,7 +40,8 @@ FUNKWHALE_API_PORT=__PORT__
# Replace this by the definitive, public domain you will use for
# your instance
FUNKWHALE_URL=https://__DOMAIN__
FUNKWHALE_HOSTNAME=__DOMAIN__
FUNKWHALE_PROTOCOL=https
# Configure email sending using this variale
# By default, funkwhale will output emails sent to stdout
@ -86,11 +87,6 @@ MEDIA_ROOT=__FINALPATH__/media
# (Ensure this directory actually exists)
STATIC_ROOT=__FINALPATH__/code/data/static
# Update it to match the domain that will be used to reach your funkwhale
# instance
# Example: DJANGO_ALLOWED_HOSTS=funkwhale.yourdomain.com
DJANGO_ALLOWED_HOSTS=__DOMAIN__
# which settings module should django use?
# You don't have to touch this unless you really know what you're doing
DJANGO_SETTINGS_MODULE=config.settings.production
@ -119,8 +115,8 @@ RAVEN_DSN=https://44332e9fdd3d42879c7d35bf8562c6a4:0062dc16a22b41679cd5765e5342f
# MUSIC_DIRECTORY_PATH=/srv/funkwhale/data/music
# # MUSIC_DIRECTORY_SERVE_PATH= # stays commented, not needed
MUSIC_DIRECTORY_SERVE_PATH=__FINALPATH__/import
MUSIC_DIRECTORY_PATH=__FINALPATH__/import
MUSIC_DIRECTORY_SERVE_PATH=__FINALPATH__/import
# LDAP settings
# Use the following options to allow authentication on your Funkwhale instance
@ -138,7 +134,8 @@ LDAP_START_TLS=False
LDAP_ROOT_DN=ou=users,dc=yunohost,dc=org
LDAP_USER_ATTR_MAP={"username":"uid"}
FUNKWHALE_FRONTEND_PATH=/srv/funkwhale/front/dist
FUNKWHALE_FRONTEND_PATH=__FINALPATH__/code/front/dist
FUNKWHALE_SPA_HTML_ROOT=__FINALPATH__/code/front/dist/index.html
# Nginx related configuration
NGINX_MAX_BODY_SIZE=30M
NGINX_MAX_BODY_SIZE=100M

View file

@ -12,15 +12,15 @@ EnvironmentFile=__FINALPATH__/code/config/.env
ExecStart=__FINALPATH__/code/virtualenv/bin/celery -A funkwhale_api.taskapp beat \
--loglevel INFO --logfile=/var/log/__APP__/beat.log
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProtectHome=true
ProtectSystem=strict
ProtectControlGroups=yes
ProtectKernelModules=yes
ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/
ReadWritePaths=__FINALPATH__/media __FINALPATH__/import __FINALPATH__/code/api /var/log/__APP__
#NoNewPrivileges=true
#PrivateDevices=true
#PrivateTmp=true
#ProtectHome=true
#ProtectSystem=strict
#ProtectControlGroups=yes
#ProtectKernelModules=yes
#ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/
#ReadWritePaths=__FINALPATH__/media __FINALPATH__/import __FINALPATH__/code/api /var/log/__APP__
StandardOutput=syslog
StandardError=syslog

View file

@ -12,15 +12,15 @@ EnvironmentFile=__FINALPATH__/code/config/.env
ExecStart=__FINALPATH__/code/virtualenv/bin/daphne -b ${FUNKWHALE_API_IP} -p ${FUNKWHALE_API_PORT} config.asgi:application --proxy-headers \
--verbosity 1 --access-log=/var/log/__APP__/server.log
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProtectHome=true
ProtectSystem=strict
ProtectControlGroups=yes
ProtectKernelModules=yes
ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/
ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__
#NoNewPrivileges=true
#PrivateDevices=true
#PrivateTmp=true
#ProtectHome=true
#ProtectSystem=strict
#ProtectControlGroups=yes
#ProtectKernelModules=yes
#ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/
#ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__
StandardOutput=syslog
StandardError=syslog

View file

@ -12,15 +12,15 @@ EnvironmentFile=__FINALPATH__/code/config/.env
ExecStart=__FINALPATH__/code/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO \
--loglevel INFO --logfile=/var/log/__APP__/worker.log
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
ProtectHome=true
ProtectSystem=strict
ProtectControlGroups=yes
ProtectKernelModules=yes
ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/
ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__
#NoNewPrivileges=true
#PrivateDevices=true
#PrivateTmp=true
#ProtectHome=true
#ProtectSystem=strict
#ProtectControlGroups=yes
#ProtectKernelModules=yes
#ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/
#ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__
StandardOutput=syslog
StandardError=syslog

View file

@ -1,22 +1,16 @@
location / {
alias __FINALPATH__/code/front/dist/;
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
try_files $uri $uri/ @rewrites;
}
location @rewrites {
rewrite ^(.+)$ /index.html last;
}
location /api/ {
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
# this is needed if you have file import via upload enabled
client_max_body_size 100M;
proxy_pass http://127.0.0.1:__PORT__/api/;
proxy_pass http://127.0.0.1:__PORT__/;
}
location /front/ {
alias __FINALPATH__/code/front/dist/;
expires 30d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location /federation/ {
@ -24,6 +18,13 @@ location /federation/ {
proxy_pass http://127.0.0.1:__PORT__/federation/;
}
location /rest/ {
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/;
}
location /.well-known/ {
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
proxy_pass http://127.0.0.1:__PORT__/.well-known/;
@ -33,7 +34,7 @@ location /media/ {
alias __FINALPATH__/media/;
}
location __PATH__/_protected/media/ {
location /_protected/media/ {
# this is an internal location that is used to serve
# audio files once correct permission / authentication
# has been checked on API side
@ -41,56 +42,12 @@ location __PATH__/_protected/media/ {
alias __FINALPATH__/media/;
}
# Transcoding logic and caching
# TODO: try to enable this
# https://code.eliotberriot.com/funkwhale/funkwhale/blob/0.8/deploy/nginx.conf#L4
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache
location = /transcode-auth {
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
# needed so we can authenticate transcode requests, but still
# cache the result
location /_protected/music/ {
internal;
set $query '';
# ensure we actually pass the jwt to the underlytin auth url
if ($request_uri ~* "[^\?]+\?(.*)$") {
set $query $1;
alias __FINALPATH__/import/;
}
proxy_pass http://127.0.0.1:__PORT__/api/v1/trackfiles/viewable/?$query;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
}
location /api/v1/trackfiles/transcode/ {
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
# this block deals with authenticating and caching transcoding
# requests. Caching is heavily recommended as transcoding
# is a CPU intensive process.
auth_request /transcode-auth;
if ($args ~ (.*)jwt=[^&]*(.*)) {
set $cleaned_args $1$2;
}
proxy_cache_key "$scheme$request_method$host$uri$is_args$cleaned_args";
proxy_cache __NAME__-transcode;
proxy_cache_valid 200 7d;
proxy_ignore_headers "Set-Cookie";
proxy_hide_header "Set-Cookie";
add_header X-Cache-Status $upstream_cache_status;
proxy_pass http://127.0.0.1:__PORT__;
}
# end of transcoding logic
location /staticfiles/ {
# django static files
alias __FINALPATH__/code/data/static/;
}
location /rest/ {
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/;
}
location /_protected/music {
internal;
alias __FINALPATH__/import;
}

View file

@ -3,12 +3,12 @@
"id": "funkwhale",
"packaging_format": 1,
"requirements": {
"yunohost": ">= 3.2.0"
"yunohost": ">= 3.3.0"
},
"description": {
"en": "A modern, convivial and free music server"
},
"version": "0.17.0~ynh3",
"version": "0.18.2~ynh1",
"url": "https://funkwhale.audio",
"license": "BSD-3-Clause",
"maintainer": {
@ -41,7 +41,7 @@
"name": "admin",
"type": "user",
"ask": {
"en": "Choose an admin user for Funkwhale?"
"en": "Choose an admin user for Funkwhale"
},
"example": "jibec"
}

View file

@ -1,5 +1,40 @@
#!/bin/bash
# funkwhale needs edits to the domain config file
# this function removes funkwhale specifics
funkwhale_nginx_domain_cleaning() {
local line
local tempFile
local nginxConf
nginxConf="/etc/nginx/conf.d/$domain.conf"
tempFile="$nginxConf.temp"
line=$(sed -n '/server /=' "$nginxConf" | head -n 1)
tail -n +"$line" "$nginxConf" > "$tempFile"
mv "$tempFile" "$nginxConf"
}
# funkwhale needs edits to the domain config file
# this function adds funkwhale specifics
funkwhale_nginx_domain_configure() {
local tempFile
local nginxConf
nginxConf="/etc/nginx/conf.d/$domain.conf"
tempFile="$nginxConf.temp"
echo "
# required for websocket support
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
" | cat - "$nginxConf" > "$tempFile"
mv "$tempFile" "$nginxConf"
}
#=================================================
#
# Redis HELPERS

View file

@ -110,17 +110,8 @@ ynh_setup_source "$final_path/code" "app-frontend"
# NGINX CONFIGURATION
#=================================================
# add proxy_cache and connection_upgrade at the beginning of the domain configuration
echo "
proxy_cache_path /tmp/$app-transcode levels=1:2 keys_zone=$app-transcode:10m max_size=1g inactive=7d;
# required for websocket support
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
" | cat - "/etc/nginx/conf.d/$domain.conf" > temp && mv temp "/etc/nginx/conf.d/$domain.conf"
# add funkwhale specifics at the beginning of the domain configuration
funkwhale_nginx_domain_configure
# Create a dedicated nginx config
ynh_add_nginx_config

View file

@ -95,15 +95,11 @@ ynh_secure_remove "/var/log/$app"
#=================================================
# remove domain specific configuration
tail -n +11 "/etc/nginx/conf.d/$domain.conf" > "/etc/nginx/conf.d/$domain.conf.temp"
mv "/etc/nginx/conf.d/$domain.conf.temp" "/etc/nginx/conf.d/$domain.conf"
funkwhale_nginx_domain_cleaning
# Remove the dedicated nginx config
ynh_remove_nginx_config
# remove local nginx cache
ynh_secure_remove "/tmp/$app-transcode"
#=================================================
# CLOSE A PORT
#=================================================

View file

@ -115,18 +115,11 @@ ynh_psql_execute_file_as_root ./db.sql "$db_name"
# Restore permissions on app files
chown -R "$app": "$final_path"
chmod -R 755 "$final_path/code/front/dist/"
mkdir -p "/var/log/$app"
chown -R "$app": "/var/log/$app"
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add "$app-server" --log "/var/log/$app/server.log"
yunohost service add "$app-worker" --log "/var/log/$app/worker.log"
yunohost service add "$app-beat" --log "/var/log/$app/beat.log"
#=================================================
# RESTORE SYSTEMD
#=================================================
@ -141,6 +134,14 @@ systemctl enable "$app-server.service"
systemctl enable "$app-worker.service"
systemctl restart "$app.target"
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add "$app-server" --log "/var/log/$app/server.log"
yunohost service add "$app-worker" --log "/var/log/$app/worker.log"
yunohost service add "$app-beat" --log "/var/log/$app/beat.log"
#=================================================
# GENERIC FINALIZATION
#=================================================

View file

@ -111,22 +111,11 @@ ynh_setup_source "$final_path/code" "app-frontend"
# NGINX CONFIGURATION
#=================================================
# change the global configuration
# remove domain specific configuration
tail -n +11 "/etc/nginx/conf.d/$domain.conf" > "/etc/nginx/conf.d/$domain.conf.temp"
mv "/etc/nginx/conf.d/$domain.conf.temp" "/etc/nginx/conf.d/$domain.conf"
funkwhale_nginx_domain_cleaning
# add proxy_cache and connection_upgrade at the beginning of the domain configuration
echo "
proxy_cache_path /tmp/$app-transcode levels=1:2 keys_zone=$app-transcode:10m max_size=1g inactive=7d;
# required for websocket support
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
" | cat - "/etc/nginx/conf.d/$domain.conf" > temp && mv temp "/etc/nginx/conf.d/$domain.conf"
# add funkwhale specifics at the beginning of the domain configuration
funkwhale_nginx_domain_configure
# Create a dedicated nginx config
ynh_add_nginx_config
@ -226,6 +215,10 @@ ynh_replace_string "__FINALPATH__" "$final_path" "$loadfile"
# https://docs.funkwhale.audio/upgrading/0.17.html#upgrade-instructions
python api/manage.py script migrate_to_user_libraries --no-input
# Delete pre 0.17 federated tracks [manual action suggested]
# https://dev.funkwhale.audio/funkwhale/funkwhale/tags/0.18
python api/manage.py script delete_pre_017_federated_uploads --no-input
)
#=================================================