mirror of
https://github.com/YunoHost-Apps/funkwhale_ynh.git
synced 2024-09-03 18:36:24 +02:00
commit
b858d7762e
13 changed files with 115 additions and 145 deletions
|
@ -1,5 +1,5 @@
|
|||
SOURCE_URL=https://code.eliotberriot.com/funkwhale/funkwhale/-/jobs/artifacts/0.17/download?job=build_front
|
||||
SOURCE_SUM=3578e1c60da578681c4e60a94dde1e18511f2455814c980b24748c87ffb8b4a2
|
||||
SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/0.18.2/download?job=build_front
|
||||
SOURCE_SUM=cec96c574c7de95a94380bde3ab5f26d61b78018821bc012f80ef62caf3b2448
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=zip
|
||||
SOURCE_IN_SUBDIR=false
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
SOURCE_URL=https://code.eliotberriot.com/funkwhale/funkwhale/-/archive/0.17/funkwhale-0.17.tar.bz2
|
||||
SOURCE_SUM=100eb3dfa5285eb9886d05dd575251e24cf43525596083b3793e8f80e369db1b
|
||||
SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/-/archive/0.18.2/funkwhale-0.18.2.tar.bz2
|
||||
SOURCE_SUM=a4ae89e7f92ed4d047849ce36db86690d9114ec48226225e7b6db35c1cc1f936
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.bz2
|
||||
SOURCE_IN_SUBDIR=true
|
||||
|
|
|
@ -40,7 +40,8 @@ FUNKWHALE_API_PORT=__PORT__
|
|||
|
||||
# Replace this by the definitive, public domain you will use for
|
||||
# your instance
|
||||
FUNKWHALE_URL=https://__DOMAIN__
|
||||
FUNKWHALE_HOSTNAME=__DOMAIN__
|
||||
FUNKWHALE_PROTOCOL=https
|
||||
|
||||
# Configure email sending using this variale
|
||||
# By default, funkwhale will output emails sent to stdout
|
||||
|
@ -86,11 +87,6 @@ MEDIA_ROOT=__FINALPATH__/media
|
|||
# (Ensure this directory actually exists)
|
||||
STATIC_ROOT=__FINALPATH__/code/data/static
|
||||
|
||||
# Update it to match the domain that will be used to reach your funkwhale
|
||||
# instance
|
||||
# Example: DJANGO_ALLOWED_HOSTS=funkwhale.yourdomain.com
|
||||
DJANGO_ALLOWED_HOSTS=__DOMAIN__
|
||||
|
||||
# which settings module should django use?
|
||||
# You don't have to touch this unless you really know what you're doing
|
||||
DJANGO_SETTINGS_MODULE=config.settings.production
|
||||
|
@ -119,8 +115,8 @@ RAVEN_DSN=https://44332e9fdd3d42879c7d35bf8562c6a4:0062dc16a22b41679cd5765e5342f
|
|||
# MUSIC_DIRECTORY_PATH=/srv/funkwhale/data/music
|
||||
# # MUSIC_DIRECTORY_SERVE_PATH= # stays commented, not needed
|
||||
|
||||
MUSIC_DIRECTORY_SERVE_PATH=__FINALPATH__/import
|
||||
MUSIC_DIRECTORY_PATH=__FINALPATH__/import
|
||||
MUSIC_DIRECTORY_SERVE_PATH=__FINALPATH__/import
|
||||
|
||||
# LDAP settings
|
||||
# Use the following options to allow authentication on your Funkwhale instance
|
||||
|
@ -138,7 +134,8 @@ LDAP_START_TLS=False
|
|||
LDAP_ROOT_DN=ou=users,dc=yunohost,dc=org
|
||||
LDAP_USER_ATTR_MAP={"username":"uid"}
|
||||
|
||||
FUNKWHALE_FRONTEND_PATH=/srv/funkwhale/front/dist
|
||||
FUNKWHALE_FRONTEND_PATH=__FINALPATH__/code/front/dist
|
||||
FUNKWHALE_SPA_HTML_ROOT=__FINALPATH__/code/front/dist/index.html
|
||||
|
||||
# Nginx related configuration
|
||||
NGINX_MAX_BODY_SIZE=30M
|
||||
NGINX_MAX_BODY_SIZE=100M
|
||||
|
|
|
@ -12,15 +12,15 @@ EnvironmentFile=__FINALPATH__/code/config/.env
|
|||
ExecStart=__FINALPATH__/code/virtualenv/bin/celery -A funkwhale_api.taskapp beat \
|
||||
--loglevel INFO --logfile=/var/log/__APP__/beat.log
|
||||
|
||||
NoNewPrivileges=true
|
||||
PrivateDevices=true
|
||||
PrivateTmp=true
|
||||
ProtectHome=true
|
||||
ProtectSystem=strict
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/
|
||||
ReadWritePaths=__FINALPATH__/media __FINALPATH__/import __FINALPATH__/code/api /var/log/__APP__
|
||||
#NoNewPrivileges=true
|
||||
#PrivateDevices=true
|
||||
#PrivateTmp=true
|
||||
#ProtectHome=true
|
||||
#ProtectSystem=strict
|
||||
#ProtectControlGroups=yes
|
||||
#ProtectKernelModules=yes
|
||||
#ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/
|
||||
#ReadWritePaths=__FINALPATH__/media __FINALPATH__/import __FINALPATH__/code/api /var/log/__APP__
|
||||
|
||||
StandardOutput=syslog
|
||||
StandardError=syslog
|
||||
|
|
|
@ -12,15 +12,15 @@ EnvironmentFile=__FINALPATH__/code/config/.env
|
|||
ExecStart=__FINALPATH__/code/virtualenv/bin/daphne -b ${FUNKWHALE_API_IP} -p ${FUNKWHALE_API_PORT} config.asgi:application --proxy-headers \
|
||||
--verbosity 1 --access-log=/var/log/__APP__/server.log
|
||||
|
||||
NoNewPrivileges=true
|
||||
PrivateDevices=true
|
||||
PrivateTmp=true
|
||||
ProtectHome=true
|
||||
ProtectSystem=strict
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/
|
||||
ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__
|
||||
#NoNewPrivileges=true
|
||||
#PrivateDevices=true
|
||||
#PrivateTmp=true
|
||||
#ProtectHome=true
|
||||
#ProtectSystem=strict
|
||||
#ProtectControlGroups=yes
|
||||
#ProtectKernelModules=yes
|
||||
#ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/
|
||||
#ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__
|
||||
|
||||
StandardOutput=syslog
|
||||
StandardError=syslog
|
||||
|
|
|
@ -12,15 +12,15 @@ EnvironmentFile=__FINALPATH__/code/config/.env
|
|||
ExecStart=__FINALPATH__/code/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO \
|
||||
--loglevel INFO --logfile=/var/log/__APP__/worker.log
|
||||
|
||||
NoNewPrivileges=true
|
||||
PrivateDevices=true
|
||||
PrivateTmp=true
|
||||
ProtectHome=true
|
||||
ProtectSystem=strict
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/
|
||||
ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__
|
||||
#NoNewPrivileges=true
|
||||
#PrivateDevices=true
|
||||
#PrivateTmp=true
|
||||
#ProtectHome=true
|
||||
#ProtectSystem=strict
|
||||
#ProtectControlGroups=yes
|
||||
#ProtectKernelModules=yes
|
||||
#ReadOnlyPaths=__FINALPATH__/code/config/.env __FINALPATH__/code/
|
||||
#ReadWritePaths=__FINALPATH__/media __FINALPATH__/import /var/log/__APP__
|
||||
|
||||
StandardOutput=syslog
|
||||
StandardError=syslog
|
||||
|
|
|
@ -1,22 +1,16 @@
|
|||
|
||||
location / {
|
||||
alias __FINALPATH__/code/front/dist/;
|
||||
|
||||
if ($scheme = http) {
|
||||
rewrite ^ https://$server_name$request_uri? permanent;
|
||||
}
|
||||
|
||||
try_files $uri $uri/ @rewrites;
|
||||
}
|
||||
|
||||
location @rewrites {
|
||||
rewrite ^(.+)$ /index.html last;
|
||||
}
|
||||
|
||||
location /api/ {
|
||||
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
|
||||
# this is needed if you have file import via upload enabled
|
||||
client_max_body_size 100M;
|
||||
proxy_pass http://127.0.0.1:__PORT__/api/;
|
||||
proxy_pass http://127.0.0.1:__PORT__/;
|
||||
}
|
||||
|
||||
location /front/ {
|
||||
alias __FINALPATH__/code/front/dist/;
|
||||
expires 30d;
|
||||
add_header Pragma public;
|
||||
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
|
||||
}
|
||||
|
||||
location /federation/ {
|
||||
|
@ -24,6 +18,13 @@ location /federation/ {
|
|||
proxy_pass http://127.0.0.1:__PORT__/federation/;
|
||||
}
|
||||
|
||||
|
||||
location /rest/ {
|
||||
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
|
||||
proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/;
|
||||
}
|
||||
|
||||
|
||||
location /.well-known/ {
|
||||
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
|
||||
proxy_pass http://127.0.0.1:__PORT__/.well-known/;
|
||||
|
@ -33,7 +34,7 @@ location /media/ {
|
|||
alias __FINALPATH__/media/;
|
||||
}
|
||||
|
||||
location __PATH__/_protected/media/ {
|
||||
location /_protected/media/ {
|
||||
# this is an internal location that is used to serve
|
||||
# audio files once correct permission / authentication
|
||||
# has been checked on API side
|
||||
|
@ -41,56 +42,12 @@ location __PATH__/_protected/media/ {
|
|||
alias __FINALPATH__/media/;
|
||||
}
|
||||
|
||||
# Transcoding logic and caching
|
||||
# TODO: try to enable this
|
||||
# https://code.eliotberriot.com/funkwhale/funkwhale/blob/0.8/deploy/nginx.conf#L4
|
||||
# https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache
|
||||
|
||||
location = /transcode-auth {
|
||||
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
|
||||
# needed so we can authenticate transcode requests, but still
|
||||
# cache the result
|
||||
location /_protected/music/ {
|
||||
internal;
|
||||
set $query '';
|
||||
# ensure we actually pass the jwt to the underlytin auth url
|
||||
if ($request_uri ~* "[^\?]+\?(.*)$") {
|
||||
set $query $1;
|
||||
}
|
||||
proxy_pass http://127.0.0.1:__PORT__/api/v1/trackfiles/viewable/?$query;
|
||||
proxy_pass_request_body off;
|
||||
proxy_set_header Content-Length "";
|
||||
alias __FINALPATH__/import/;
|
||||
}
|
||||
|
||||
location /api/v1/trackfiles/transcode/ {
|
||||
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
|
||||
# this block deals with authenticating and caching transcoding
|
||||
# requests. Caching is heavily recommended as transcoding
|
||||
# is a CPU intensive process.
|
||||
auth_request /transcode-auth;
|
||||
if ($args ~ (.*)jwt=[^&]*(.*)) {
|
||||
set $cleaned_args $1$2;
|
||||
}
|
||||
proxy_cache_key "$scheme$request_method$host$uri$is_args$cleaned_args";
|
||||
proxy_cache __NAME__-transcode;
|
||||
proxy_cache_valid 200 7d;
|
||||
proxy_ignore_headers "Set-Cookie";
|
||||
proxy_hide_header "Set-Cookie";
|
||||
add_header X-Cache-Status $upstream_cache_status;
|
||||
proxy_pass http://127.0.0.1:__PORT__;
|
||||
}
|
||||
# end of transcoding logic
|
||||
|
||||
location /staticfiles/ {
|
||||
# django static files
|
||||
alias __FINALPATH__/code/data/static/;
|
||||
}
|
||||
|
||||
location /rest/ {
|
||||
include __FINALPATH__/code/deploy/funkwhale_proxy.conf;
|
||||
proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/;
|
||||
}
|
||||
|
||||
location /_protected/music {
|
||||
internal;
|
||||
alias __FINALPATH__/import;
|
||||
}
|
|
@ -3,12 +3,12 @@
|
|||
"id": "funkwhale",
|
||||
"packaging_format": 1,
|
||||
"requirements": {
|
||||
"yunohost": ">= 3.2.0"
|
||||
"yunohost": ">= 3.3.0"
|
||||
},
|
||||
"description": {
|
||||
"en": "A modern, convivial and free music server"
|
||||
},
|
||||
"version": "0.17.0~ynh3",
|
||||
"version": "0.18.2~ynh1",
|
||||
"url": "https://funkwhale.audio",
|
||||
"license": "BSD-3-Clause",
|
||||
"maintainer": {
|
||||
|
@ -41,7 +41,7 @@
|
|||
"name": "admin",
|
||||
"type": "user",
|
||||
"ask": {
|
||||
"en": "Choose an admin user for Funkwhale?"
|
||||
"en": "Choose an admin user for Funkwhale"
|
||||
},
|
||||
"example": "jibec"
|
||||
}
|
||||
|
|
|
@ -1,5 +1,40 @@
|
|||
#!/bin/bash
|
||||
|
||||
# funkwhale needs edits to the domain config file
|
||||
# this function removes funkwhale specifics
|
||||
funkwhale_nginx_domain_cleaning() {
|
||||
local line
|
||||
local tempFile
|
||||
local nginxConf
|
||||
|
||||
nginxConf="/etc/nginx/conf.d/$domain.conf"
|
||||
tempFile="$nginxConf.temp"
|
||||
|
||||
line=$(sed -n '/server /=' "$nginxConf" | head -n 1)
|
||||
|
||||
tail -n +"$line" "$nginxConf" > "$tempFile"
|
||||
mv "$tempFile" "$nginxConf"
|
||||
}
|
||||
|
||||
# funkwhale needs edits to the domain config file
|
||||
# this function adds funkwhale specifics
|
||||
funkwhale_nginx_domain_configure() {
|
||||
local tempFile
|
||||
local nginxConf
|
||||
|
||||
nginxConf="/etc/nginx/conf.d/$domain.conf"
|
||||
tempFile="$nginxConf.temp"
|
||||
|
||||
echo "
|
||||
# required for websocket support
|
||||
map \$http_upgrade \$connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
" | cat - "$nginxConf" > "$tempFile"
|
||||
mv "$tempFile" "$nginxConf"
|
||||
}
|
||||
|
||||
#=================================================
|
||||
#
|
||||
# Redis HELPERS
|
||||
|
|
|
@ -110,17 +110,8 @@ ynh_setup_source "$final_path/code" "app-frontend"
|
|||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
# add proxy_cache and connection_upgrade at the beginning of the domain configuration
|
||||
echo "
|
||||
|
||||
proxy_cache_path /tmp/$app-transcode levels=1:2 keys_zone=$app-transcode:10m max_size=1g inactive=7d;
|
||||
|
||||
# required for websocket support
|
||||
map \$http_upgrade \$connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
" | cat - "/etc/nginx/conf.d/$domain.conf" > temp && mv temp "/etc/nginx/conf.d/$domain.conf"
|
||||
# add funkwhale specifics at the beginning of the domain configuration
|
||||
funkwhale_nginx_domain_configure
|
||||
|
||||
# Create a dedicated nginx config
|
||||
ynh_add_nginx_config
|
||||
|
|
|
@ -95,15 +95,11 @@ ynh_secure_remove "/var/log/$app"
|
|||
#=================================================
|
||||
|
||||
# remove domain specific configuration
|
||||
tail -n +11 "/etc/nginx/conf.d/$domain.conf" > "/etc/nginx/conf.d/$domain.conf.temp"
|
||||
mv "/etc/nginx/conf.d/$domain.conf.temp" "/etc/nginx/conf.d/$domain.conf"
|
||||
funkwhale_nginx_domain_cleaning
|
||||
|
||||
# Remove the dedicated nginx config
|
||||
ynh_remove_nginx_config
|
||||
|
||||
# remove local nginx cache
|
||||
ynh_secure_remove "/tmp/$app-transcode"
|
||||
|
||||
#=================================================
|
||||
# CLOSE A PORT
|
||||
#=================================================
|
||||
|
|
|
@ -115,18 +115,11 @@ ynh_psql_execute_file_as_root ./db.sql "$db_name"
|
|||
|
||||
# Restore permissions on app files
|
||||
chown -R "$app": "$final_path"
|
||||
chmod -R 755 "$final_path/code/front/dist/"
|
||||
|
||||
mkdir -p "/var/log/$app"
|
||||
chown -R "$app": "/var/log/$app"
|
||||
|
||||
#=================================================
|
||||
# ADVERTISE SERVICE IN ADMIN PANEL
|
||||
#=================================================
|
||||
|
||||
yunohost service add "$app-server" --log "/var/log/$app/server.log"
|
||||
yunohost service add "$app-worker" --log "/var/log/$app/worker.log"
|
||||
yunohost service add "$app-beat" --log "/var/log/$app/beat.log"
|
||||
|
||||
#=================================================
|
||||
# RESTORE SYSTEMD
|
||||
#=================================================
|
||||
|
@ -141,6 +134,14 @@ systemctl enable "$app-server.service"
|
|||
systemctl enable "$app-worker.service"
|
||||
systemctl restart "$app.target"
|
||||
|
||||
#=================================================
|
||||
# ADVERTISE SERVICE IN ADMIN PANEL
|
||||
#=================================================
|
||||
|
||||
yunohost service add "$app-server" --log "/var/log/$app/server.log"
|
||||
yunohost service add "$app-worker" --log "/var/log/$app/worker.log"
|
||||
yunohost service add "$app-beat" --log "/var/log/$app/beat.log"
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
|
|
|
@ -111,22 +111,11 @@ ynh_setup_source "$final_path/code" "app-frontend"
|
|||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
# change the global configuration
|
||||
# remove domain specific configuration
|
||||
tail -n +11 "/etc/nginx/conf.d/$domain.conf" > "/etc/nginx/conf.d/$domain.conf.temp"
|
||||
mv "/etc/nginx/conf.d/$domain.conf.temp" "/etc/nginx/conf.d/$domain.conf"
|
||||
funkwhale_nginx_domain_cleaning
|
||||
|
||||
# add proxy_cache and connection_upgrade at the beginning of the domain configuration
|
||||
echo "
|
||||
|
||||
proxy_cache_path /tmp/$app-transcode levels=1:2 keys_zone=$app-transcode:10m max_size=1g inactive=7d;
|
||||
|
||||
# required for websocket support
|
||||
map \$http_upgrade \$connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
" | cat - "/etc/nginx/conf.d/$domain.conf" > temp && mv temp "/etc/nginx/conf.d/$domain.conf"
|
||||
# add funkwhale specifics at the beginning of the domain configuration
|
||||
funkwhale_nginx_domain_configure
|
||||
|
||||
# Create a dedicated nginx config
|
||||
ynh_add_nginx_config
|
||||
|
@ -226,6 +215,10 @@ ynh_replace_string "__FINALPATH__" "$final_path" "$loadfile"
|
|||
|
||||
# https://docs.funkwhale.audio/upgrading/0.17.html#upgrade-instructions
|
||||
python api/manage.py script migrate_to_user_libraries --no-input
|
||||
|
||||
# Delete pre 0.17 federated tracks [manual action suggested]
|
||||
# https://dev.funkwhale.audio/funkwhale/funkwhale/tags/0.18
|
||||
python api/manage.py script delete_pre_017_federated_uploads --no-input
|
||||
)
|
||||
|
||||
#=================================================
|
||||
|
|
Loading…
Reference in a new issue