diff --git a/README.md b/README.md
index 0330a74..1c0266d 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
Funkwhale is a community-driven project that lets you listen and share music and audio within a decentralized, open network.
-**Shipped version:** 1.2.10~ynh2
+**Shipped version:** 1.2.10~ynh3
**Demo:** https://demo.funkwhale.audio
@@ -26,20 +26,6 @@ Funkwhale is a community-driven project that lets you listen and share music and
![Screenshot of Funkwhale](./doc/screenshots/screenshot1.png)
-## Disclaimers / important information
-
-* Installation requires a dedicated domain or subdomain. Installing in a subpath is not supported by the upstream project due to dependency requirements.
-
-* Admin
- * The admin uses the login you provided at installation. The password is the same you use for YunoHost.
- * The admin interface is accessible at the address: `your.domain.fr/api/admin`
-
-To add a collection of music files to a library in your YunoHost installation of Funkwhale, create a symlink to your collection titled "music" in `/home/yunohost.app/funkwhale/data`
-```console
-foo@bar:~$sudo ln -s /your/music/collection /home/yunohost.app/funkwhale/data/music
-```
-The files can then be added to your library from the *uploading* tab in a music library under the heading **Import music from your server**.
-
## Documentation and resources
* Official app website:
diff --git a/README_fr.md b/README_fr.md
index 60f2c8f..2c5360c 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -18,7 +18,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
Funkwhale est un projet communautaire qui vous permet d'écouter et de partager de la musique et de l'audio au sein d'un réseau ouvert et décentralisé.
-**Version incluse :** 1.2.10~ynh2
+**Version incluse :** 1.2.10~ynh3
**Démo :** https://demo.funkwhale.audio
@@ -26,18 +26,6 @@ Funkwhale est un projet communautaire qui vous permet d'écouter et de partager
![Capture d’écran de Funkwhale](./doc/screenshots/screenshot1.png)
-## Avertissements / informations importantes
-
-* L'installation nécessite un domaine ou un sous-domaine dédié. L'installation dans un chemin du domaine n'est pas prise en charge par le projet en amont en raison des exigences de dépendance.
-
-* Admin
- * L'administrateur utilise le login que vous avez fourni lors de l'installation. Le mot de passe est le même que celui que vous utilisez pour YunoHost.
- * L'interface d'administration est accessible à l'adresse : votre.domaine.fr/api/admin
-
-Pour ajouter une collection de fichiers musicaux à une bibliothèque dans votre installation YunoHost de Funkwhale, créez un lien symbolique vers votre collection intitulée "music" dans `/home/yunohost.app/funkwhale/data/`.
-`foo@bar:~$sudo ln -s /your/music/collection /home/yunohost.app/funkwhale/data/music`
-Les fichiers peuvent ensuite être ajoutés à votre bibliothèque à partir de l'onglet *Envoi* dans une bibliothèque musicale sous la rubrique **Importer de la musique de votre serveur**.
-
## Documentations et ressources
* Site officiel de l’app :
diff --git a/check_process b/check_process
deleted file mode 100644
index 536630a..0000000
--- a/check_process
+++ /dev/null
@@ -1,40 +0,0 @@
-;; Test complet
- ; Manifest
- domain="domain.tld"
- is_public=1
- admin="john"
- ; Checks
- pkg_linter=1
- setup_sub_dir=0
- setup_root=1
- setup_nourl=0
- setup_private=1
- setup_public=1
- upgrade=1
- # 1.1~ynh1
- upgrade=1 from_commit=8172790fb461d16f09089593fdac380f0d499c83
- # 1.1.1~ynh1
- upgrade=0 from_commit=fa9587f61e4bb4f9db8667b1c6701ede37ac8e91
- # 1.1.2~ynh1
- upgrade=1 from_commit=74255c1c278562eb174fb13ce538d4754f01186c
- # 1.1.4~ynh2
- upgrade=1 from_commit=313335d5aa851a497fa92cd7ac264f989e1052d9
- # 1.2.1~ynh1
- upgrade=0 from_commit=9fc8b84ba24260e28f791aa9c47688c1a1f085c2
- # 1.2.2~ynh2
- upgrade=0 from_commit=192afe93f66bb08cc7d487db02dc4d187e5b29e2
- # 1.2.3~ynh1
- upgrade=0 from_commit=1c1b64b8b04ee917a63580dce21d149182ee319d
- # 1.2.4~ynh1
- upgrade=0 from_commit=5961e7283e52963329e30ca22df4d5505adfc256
- #1.2.5~ynh1
- upgrade=0 from_commit=a070baf105a94ac6fefc280f0335b044db643ec8
- #1.2.7~ynh1
- upgrade=0 from_commit=557386e0c1306f78c43ccf2e5ec7b3b46a07ab56
- backup_restore=1
- multi_instance=1
- port_already_use=0
- change_url=1
-;;; Options
-Email=cda@rootkey.co.uk
-Notification=all
diff --git a/conf/api.src b/conf/api.src
deleted file mode 100644
index f92a438..0000000
--- a/conf/api.src
+++ /dev/null
@@ -1,7 +0,0 @@
-SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.2.10/download?job=build_api
-SOURCE_SUM=fc6f54d37993f74e057d1a59438e21b68a8cff1a7f9438415459ede7cf7f09d0
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FORMAT=zip
-SOURCE_IN_SUBDIR=true
-SOURCE_FILENAME=
-SOURCE_EXTRACT=true
diff --git a/conf/env.prod b/conf/env.prod
index 5b32746..ae37480 100644
--- a/conf/env.prod
+++ b/conf/env.prod
@@ -110,12 +110,12 @@ CACHE_URL=redis://127.0.0.1:6379/__REDIS_DB__
# Where media files (such as album covers or audio tracks) should be stored
# on your system?
# (Ensure this directory actually exists)
-MEDIA_ROOT=__DATADIR__/media
+MEDIA_ROOT=__DATA_DIR__/data/media
# Where static files (such as API css or icons) should be compiled
# on your system?
# (Ensure this directory actually exists)
-STATIC_ROOT=__DATADIR__/static
+STATIC_ROOT=__DATA_DIR__/data/static
# which settings module should django use?
# You don't have to touch this unless you really know what you're doing
@@ -138,8 +138,8 @@ DJANGO_SECRET_KEY=__KEY__
# MUSIC_DIRECTORY_PATH=/srv/funkwhale/data/music
# # MUSIC_DIRECTORY_SERVE_PATH= # stays commented, not needed
-MUSIC_DIRECTORY_PATH=__DATADIR__/music
-#MUSIC_DIRECTORY_SERVE_PATH=__DATADIR__/import
+MUSIC_DIRECTORY_PATH=__DATA_DIR__/data/music
+#MUSIC_DIRECTORY_SERVE_PATH=__DATA_DIR__/data/import
# LDAP settings
# Use the following options to allow authentication on your Funkwhale instance
@@ -157,8 +157,8 @@ LDAP_START_TLS=False
LDAP_ROOT_DN=ou=users,dc=yunohost,dc=org
LDAP_USER_ATTR_MAP=username:uid
-FUNKWHALE_FRONTEND_PATH=__FINALPATH__/front/dist
-FUNKWHALE_SPA_HTML_ROOT=__FINALPATH__/front/dist/index.html
+FUNKWHALE_FRONTEND_PATH=__INSTALL_DIR__/front/dist
+FUNKWHALE_SPA_HTML_ROOT=__INSTALL_DIR__/front/dist/index.html
# Nginx related configuration
NGINX_MAX_BODY_SIZE=100M
diff --git a/conf/front.src b/conf/front.src
deleted file mode 100644
index f5316c7..0000000
--- a/conf/front.src
+++ /dev/null
@@ -1,7 +0,0 @@
-SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/1.2.10/download?job=build_front
-SOURCE_SUM=bcf0ba380295be58dfcfe4d88605cfce357859adf623c8236fb1182095c38bfd
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FORMAT=zip
-SOURCE_IN_SUBDIR=true
-SOURCE_FILENAME=
-SOURCE_EXTRACT=true
diff --git a/conf/funkwhale-beat.service b/conf/funkwhale-beat.service
index 2efd191..7747cb1 100644
--- a/conf/funkwhale-beat.service
+++ b/conf/funkwhale-beat.service
@@ -6,9 +6,43 @@ PartOf=__APP__.target
[Service]
User=__APP__
Group=__APP__
-WorkingDirectory=__FINALPATH__/api
-EnvironmentFile=__FINALPATH__/config/.env
-ExecStart=__FINALPATH__/virtualenv/bin/celery -A funkwhale_api.taskapp beat -l INFO
+WorkingDirectory=__INSTALL_DIR__/api
+EnvironmentFile=__INSTALL_DIR__/config/.env
+ExecStart=__INSTALL_DIR__/virtualenv/bin/celery -A funkwhale_api.taskapp beat -l INFO
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectClock=yes
+ProtectHostname=yes
+ProtectProc=invisible
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallArchitectures=native
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target
diff --git a/conf/funkwhale-server.service b/conf/funkwhale-server.service
index 59d5dd2..ddb56af 100644
--- a/conf/funkwhale-server.service
+++ b/conf/funkwhale-server.service
@@ -6,9 +6,21 @@ PartOf=__APP__.target
[Service]
User=__APP__
Group=__APP__
-WorkingDirectory=__FINALPATH__/api
-EnvironmentFile=__FINALPATH__/config/.env
-ExecStart=__FINALPATH__/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}
+WorkingDirectory=__INSTALL_DIR__/api
+EnvironmentFile=__INSTALL_DIR__/config/.env
+ExecStart=__INSTALL_DIR__/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target
diff --git a/conf/funkwhale-worker.service b/conf/funkwhale-worker.service
index ca8bd26..b82e4e3 100644
--- a/conf/funkwhale-worker.service
+++ b/conf/funkwhale-worker.service
@@ -6,9 +6,43 @@ PartOf=__APP__.target
[Service]
User=__APP__
Group=__APP__
-WorkingDirectory=__FINALPATH__/api
-EnvironmentFile=__FINALPATH__/config/.env
-ExecStart=__FINALPATH__/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=0
+WorkingDirectory=__INSTALL_DIR__/api
+EnvironmentFile=__INSTALL_DIR__/config/.env
+ExecStart=__INSTALL_DIR__/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=0
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectClock=yes
+ProtectHostname=yes
+ProtectProc=invisible
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallArchitectures=native
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 920e2c7..e01ed0f 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,4 +1,4 @@
-root __FINALPATH__/front/dist;
+root __INSTALL_DIR__/front/dist;
location / {
@@ -26,7 +26,7 @@ location /front/ {
more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
more_set_headers "Service-Worker-Allowed: /";
more_set_headers "X-Frame-Options: SAMEORIGIN";
- alias __FINALPATH__/front/dist/;
+ alias __INSTALL_DIR__/front/dist/;
expires 30d;
more_set_headers "Pragma: public";
more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate";
@@ -37,7 +37,7 @@ location /front/embed.html {
more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
more_set_headers "X-Frame-Options: ALLOW";
- alias __FINALPATH__/front/dist/embed.html;
+ alias __INSTALL_DIR__/front/dist/embed.html;
expires 30d;
more_set_headers "Pragma: public";
more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate";
@@ -102,11 +102,11 @@ location /.well-known/ {
}
location /media/__sized__/ {
- alias __DATADIR__/media/__sized__/;
+ alias __DATA_DIR__/data/media/__sized__/;
}
location /media/attachments/ {
- alias __DATADIR__//media/attachments/;
+ alias __DATA_DIR__/data/media/attachments/;
}
location /_protected/media/ {
@@ -114,7 +114,7 @@ location /_protected/media/ {
# audio files once correct permission / authentication
# has been checked on API side
internal;
- alias __DATADIR__/media/;
+ alias __DATA_DIR__/data/media/;
}
# Comment the previous location and uncomment this one if you're storing
@@ -132,10 +132,10 @@ location /_protected/music/ {
# has been checked on API side
# Set this to the same value as your MUSIC_DIRECTORY_PATH setting
internal;
- alias __DATADIR__/music/;
+ alias __DATA_DIR__/data/music/;
}
location /staticfiles/ {
# django static files
- alias __DATADIR__/static/;
+ alias __DATA_DIR__/data/static/;
}
diff --git a/doc/DISCLAIMER.md b/doc/ADMIN.md
similarity index 71%
rename from doc/DISCLAIMER.md
rename to doc/ADMIN.md
index 8e16d23..808552c 100644
--- a/doc/DISCLAIMER.md
+++ b/doc/ADMIN.md
@@ -2,10 +2,10 @@
* Admin
* The admin uses the login you provided at installation. The password is the same you use for YunoHost.
- * The admin interface is accessible at the address: `your.domain.fr/api/admin`
+ * The admin interface is accessible at the address: `__DOMAIN__/api/admin`
-To add a collection of music files to a library in your YunoHost installation of Funkwhale, create a symlink to your collection titled "music" in `/home/yunohost.app/funkwhale/data`
+To add a collection of music files to a library in your YunoHost installation of Funkwhale, create a symlink to your collection titled "music" in `__DATA_DIR__/data`
```console
-foo@bar:~$sudo ln -s /your/music/collection /home/yunohost.app/funkwhale/data/music
+foo@bar:~$sudo ln -s /your/music/collection __DATA_DIR__/data/music
```
The files can then be added to your library from the *uploading* tab in a music library under the heading **Import music from your server**.
diff --git a/doc/DISCLAIMER_fr.md b/doc/ADMIN_fr.md
similarity index 71%
rename from doc/DISCLAIMER_fr.md
rename to doc/ADMIN_fr.md
index 30590da..eb21687 100644
--- a/doc/DISCLAIMER_fr.md
+++ b/doc/ADMIN_fr.md
@@ -2,8 +2,8 @@
* Admin
* L'administrateur utilise le login que vous avez fourni lors de l'installation. Le mot de passe est le même que celui que vous utilisez pour YunoHost.
- * L'interface d'administration est accessible à l'adresse : votre.domaine.fr/api/admin
+ * L'interface d'administration est accessible à l'adresse : __DOMAIN__/api/admin
-Pour ajouter une collection de fichiers musicaux à une bibliothèque dans votre installation YunoHost de Funkwhale, créez un lien symbolique vers votre collection intitulée "music" dans `/home/yunohost.app/funkwhale/data/`.
-`foo@bar:~$sudo ln -s /your/music/collection /home/yunohost.app/funkwhale/data/music`
+Pour ajouter une collection de fichiers musicaux à une bibliothèque dans votre installation YunoHost de Funkwhale, créez un lien symbolique vers votre collection intitulée "music" dans `__DATA_DIR__/data/`.
+`foo@bar:~$sudo ln -s /your/music/collection __DATA_DIR__/data/music`
Les fichiers peuvent ensuite être ajoutés à votre bibliothèque à partir de l'onglet *Envoi* dans une bibliothèque musicale sous la rubrique **Importer de la musique de votre serveur**.
diff --git a/manifest.json b/manifest.json
deleted file mode 100644
index b2bbeb1..0000000
--- a/manifest.json
+++ /dev/null
@@ -1,58 +0,0 @@
-{
- "name": "Funkwhale",
- "id": "funkwhale",
- "packaging_format": 1,
- "description": {
- "en": "Convivial and modern music server",
- "fr": "Serveur de musique moderne et convivial"
- },
- "version": "1.2.10~ynh2",
- "url": "https://funkwhale.audio",
- "upstream": {
- "license": "AGPL-3.0-or-later",
- "website": "https://funkwhale.audio/",
- "demo": "https://demo.funkwhale.audio",
- "admindoc": "https://docs.funkwhale.audio/admin/index.html",
- "userdoc": "https://docs.funkwhale.audio/users/index.html",
- "code": "https://dev.funkwhale.audio/funkwhale/funkwhale"
- },
- "license": "AGPL-3.0-or-later",
- "maintainer": {
- "name": "Ciarán Ainsworth",
- "email": "cda@rootkey.co.uk"
- },
- "previous_maintainers": [
- {
- "name": "Jean-Baptiste Holcroft",
- "email": "jean-baptiste@holcroft.fr"
- }
- ],
- "requirements": {
- "yunohost": ">= 11.0.0"
- },
- "multi_instance": true,
- "services": [
- "nginx"
- ],
- "arguments": {
- "install": [
- {
- "name": "domain",
- "type": "domain"
- },
- {
- "name": "is_public",
- "type": "boolean",
- "help": {
- "en": "If enabled, Funkwhale will be accessible by Funkwhale for Android and by users without a YunoHost account. This can be changed later in the webadmin.",
- "fr": "Si cette case est cochée, Funkwhale sera accessible par Funkwhale for Android et par les utilisateurs n’ayant pas de compte YunoHost. Vous pourrez changer cela dans la webadmin."
- },
- "default": true
- },
- {
- "name": "admin",
- "type": "user"
- }
- ]
- }
-}
diff --git a/manifest.toml b/manifest.toml
new file mode 100644
index 0000000..1e82b33
--- /dev/null
+++ b/manifest.toml
@@ -0,0 +1,76 @@
+packaging_format = 2
+
+id = "funkwhale"
+name = "Funkwhale"
+description.en = "Convivial and modern music server"
+description.fr = "Serveur de musique moderne et convivial"
+
+version = "1.2.10~ynh3"
+
+maintainers = ["Ciarán Ainsworth"]
+
+[upstream]
+license = "AGPL-3.0-or-later"
+website = "https://funkwhale.audio/"
+demo = "https://demo.funkwhale.audio"
+admindoc = "https://docs.funkwhale.audio/admin/index.html"
+userdoc = "https://docs.funkwhale.audio/users/index.html"
+code = "https://dev.funkwhale.audio/funkwhale/funkwhale"
+
+[integration]
+yunohost = ">= 11.1.15"
+architectures = "all"
+multi_instance = true
+ldap = false
+sso = false
+disk = "50M"
+ram.build = "50M"
+ram.runtime = "50M"
+
+[install]
+ [install.domain]
+ type = "domain"
+ full_domain = true
+
+ [install.init_main_permission]
+ help.en = "If enabled, Funkwhale will be accessible by Funkwhale for Android and by users without a YunoHost account. This can be changed later in the webadmin."
+ help.fr = "Si cette case est cochée, Funkwhale sera accessible par Funkwhale for Android et par les utilisateurs n’ayant pas de compte YunoHost. Vous pourrez changer cela dans la webadmin."
+ type = "group"
+ default = "visitors"
+
+ [install.admin]
+ type = "user"
+
+[resources]
+ [resources.sources]
+ [resources.sources.api]
+ url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.2.10/download?job=build_api"
+ sha256 = "fc6f54d37993f74e057d1a59438e21b68a8cff1a7f9438415459ede7cf7f09d0"
+ in_subdir = true
+ extract = true
+ format = "zip"
+
+ [resources.sources.front]
+ url = "https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/1.2.10/download?job=build_front"
+ sha256 = "bcf0ba380295be58dfcfe4d88605cfce357859adf623c8236fb1182095c38bfd"
+ in_subdir = true
+ extract = true
+ format = "zip"
+
+ [resources.ports]
+
+ [resources.system_user]
+
+ [resources.install_dir]
+
+ [resources.data_dir]
+ group = "www-data:rx"
+
+ [resources.permissions]
+ main.url = "/"
+
+ [resources.apt]
+ packages = "postgresql curl python3-pip python3-venv git unzip libldap2-dev libsasl2-dev gettext-base zlib1g-dev libffi-dev libssl-dev build-essential ffmpeg libjpeg-dev libmagic-dev libpq-dev python3-dev make zlib1g-dev libffi-dev libssl-dev"
+
+ [resources.database]
+ type = "postgresql"
diff --git a/scripts/_common.sh b/scripts/_common.sh
index e031277..b2c67eb 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -4,13 +4,6 @@
# COMMON VARIABLES
#=================================================
-# dependencies used by the app (must be on a single line)
-pkg_dependencies="curl python3-pip python3-venv git unzip libldap2-dev libsasl2-dev gettext-base zlib1g-dev libffi-dev libssl-dev \
- build-essential ffmpeg libjpeg-dev libmagic-dev libpq-dev postgresql postgresql-contrib python3-dev make \
- redis-server \
- `# add arm support` \
- zlib1g-dev libffi-dev libssl-dev"
-
#=================================================
# PERSONAL HELPERS
#=================================================
diff --git a/scripts/backup b/scripts/backup
index 52b125d..13fa6d1 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -10,28 +10,6 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
-#=================================================
-# MANAGE SCRIPT FAILURE
-#=================================================
-
-ynh_clean_setup () {
- true
-}
-# Exit if an error occurs during the execution of the script
-ynh_abort_if_errors
-
-#=================================================
-# LOAD SETTINGS
-#=================================================
-ynh_print_info --message="Loading installation settings..."
-
-app=$YNH_APP_INSTANCE_NAME
-
-final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-domain=$(ynh_app_setting_get --app=$app --key=domain)
-db_name=$(ynh_app_setting_get --app=$app --key=db_name)
-datadir=$(ynh_app_setting_get --app=$app --key=datadir)
-
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
@@ -41,13 +19,13 @@ ynh_print_info --message="Declaring files to be backed up..."
# BACKUP THE APP MAIN DIR
#=================================================
-ynh_backup --src_path="$final_path"
+ynh_backup --src_path="$install_dir"
#=================================================
# BACKUP THE DATA DIR
#=================================================
-ynh_backup --src_path="$datadir" --is_big
+ynh_backup --src_path="$data_dir" --is_big
#=================================================
# BACKUP THE NGINX CONFIGURATION
diff --git a/scripts/change_url b/scripts/change_url
index 67769f4..673e8a1 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -9,69 +9,6 @@
source _common.sh
source /usr/share/yunohost/helpers
-#=================================================
-# RETRIEVE ARGUMENTS
-#=================================================
-
-old_domain=$YNH_APP_OLD_DOMAIN
-old_path=$YNH_APP_OLD_PATH
-
-new_domain=$YNH_APP_NEW_DOMAIN
-new_path=$YNH_APP_NEW_PATH
-
-app=$YNH_APP_INSTANCE_NAME
-
-#=================================================
-# LOAD SETTINGS
-#=================================================
-ynh_script_progression --message="Loading installation settings..." --weight=1
-
-# Needed for helper "ynh_add_nginx_config"
-final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-port=$(ynh_app_setting_get --app=$app --key=port)
-key=$(ynh_app_setting_get --app=$app --key=key)
-redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
-port=$(ynh_app_setting_get --app=$app --key=port)
-db_name=$(ynh_app_setting_get --app=$app --key=db_name)
-db_user=$db_name
-db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
-datadir=$(ynh_app_setting_get --app=$app --key=datadir)
-redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
-key=$(ynh_app_setting_get --app=$app --key=key)
-
-#=================================================
-# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
-#=================================================
-ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1
-
-# Backup the current version of the app
-ynh_backup_before_upgrade
-ynh_clean_setup () {
- # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
- ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
-
- # Restore it if the upgrade fails
- ynh_restore_upgradebackup
-}
-# Exit if an error occurs during the execution of the script
-ynh_abort_if_errors
-
-#=================================================
-# CHECK WHICH PARTS SHOULD BE CHANGED
-#=================================================
-
-change_domain=0
-if [ "$old_domain" != "$new_domain" ]
-then
- change_domain=1
-fi
-
-change_path=0
-if [ "$old_path" != "$new_path" ]
-then
- change_path=1
-fi
-
#=================================================
# STANDARD MODIFICATIONS
#=================================================
@@ -88,29 +25,7 @@ ynh_systemd_action --service_name="$app-worker" --action=stop --log_path="/var/l
#=================================================
ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1
-nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
-
-# Change the path in the NGINX config file
-if [ $change_path -eq 1 ]
-then
- # Make a backup of the original NGINX config file if modified
- ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
- # Set global variables for NGINX helper
- domain="$old_domain"
- path_url="$new_path"
- # Create a dedicated NGINX config
- ynh_add_nginx_config
-fi
-
-# Change the domain for NGINX
-if [ $change_domain -eq 1 ]
-then
- # Delete file checksum for the old conf file location
- ynh_delete_file_checksum --file="$nginx_conf_path"
- mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
- # Store file checksum for the new config file location
- ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
-fi
+ynh_change_url_nginx_config
#=================================================
# MODIFY THE CONFIG FILE
@@ -118,14 +33,14 @@ fi
ynh_script_progression --message="Modifying a config file..." --weight=1
domain=$new_domain
-ynh_add_config --template="../conf/env.prod" --destination="$final_path/config/.env"
+ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/.env"
#=================================================
# MODIFY THE FEDERATION
#=================================================
-source $final_path/virtualenv/bin/activate
-ynh_exec_warn_less python3 $final_path/api/manage.py fix_federation_ids https://$old_domain https://$new_domain --no-dry-run --no-input
+source $install_dir/virtualenv/bin/activate
+ynh_exec_warn_less python3 $install_dir/api/manage.py fix_federation_ids https://$old_domain https://$new_domain --no-dry-run --no-input
#=================================================
# START SYSTEMD SERVICE
@@ -136,21 +51,6 @@ ynh_systemd_action --service_name="$app-beat" --action="start" --log_path="/var/
ynh_systemd_action --service_name="$app-server" --action="start" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name="$app-worker" --action="start" --log_path="/var/log/$app/$app.log"
-#=================================================
-# SETUP FAIL2BAN
-#=================================================
-ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
-
-# Create a dedicated Fail2Ban config
-ynh_add_fail2ban_config --logpath="/var/log/nginx/$new_domain-access.log" --failregex=".* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5
-
-#=================================================
-# RELOAD NGINX
-#=================================================
-ynh_script_progression --message="Reloading NGINX web server..." --weight=1
-
-ynh_systemd_action --service_name=nginx --action=reload
-
#=================================================
# END OF SCRIPT
#=================================================
diff --git a/scripts/install b/scripts/install
index 65c38df..b267235 100644
--- a/scripts/install
+++ b/scripts/install
@@ -9,104 +9,26 @@
source _common.sh
source /usr/share/yunohost/helpers
-#=================================================
-# MANAGE SCRIPT FAILURE
-#=================================================
-
-ynh_clean_setup () {
- true
-}
-# Exit if an error occurs during the execution of the script
-ynh_abort_if_errors
-
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
-domain=$YNH_APP_ARG_DOMAIN
-path_url="/"
-is_public=$YNH_APP_ARG_IS_PUBLIC
-admin=$YNH_APP_ARG_ADMIN
-
-app=$YNH_APP_INSTANCE_NAME
-
admin_mail=$(ynh_user_get_info --username="$admin" --key="mail")
-#=================================================
-# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
-#=================================================
-ynh_script_progression --message="Validating installation parameters..." --weight=1
-
-final_path=/var/www/$app
-test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
-
-datadir=/home/yunohost.app/$app/data
-
-# Register (book) web path
-ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
-
-#=================================================
-# STORE SETTINGS FROM MANIFEST
-#=================================================
-ynh_script_progression --message="Storing installation settings..." --weight=1
-
-ynh_app_setting_set --app=$app --key=domain --value=$domain
-ynh_app_setting_set --app=$app --key=path --value=$path_url
-ynh_app_setting_set --app=$app --key=admin --value=$admin
-
-#=================================================
-# STANDARD MODIFICATIONS
-#=================================================
-# FIND AND OPEN A PORT
-#=================================================
-ynh_script_progression --message="Finding an available port..." --weight=1
-
-# Find an available port
-port=$(ynh_find_port --port=8095)
-ynh_app_setting_set --app=$app --key=port --value=$port
-
-#=================================================
-# INSTALL DEPENDENCIES
-#=================================================
-ynh_script_progression --message="Installing dependencies..." --weight=1
-
-ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
-
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Configuring system user..." --weight=1
-
-# Create a system user
-ynh_system_user_create --username=$app --home_dir="$final_path"
-
-#=================================================
-# CREATE A POSTGRESQL DATABASE
-#=================================================
-ynh_script_progression --message="Creating a PostgreSQL database..." --weight=1
-
-ynh_psql_test_if_first_run
-db_name=$(ynh_sanitize_dbid --db_name=$app)
-db_user=$db_name
-ynh_app_setting_set --app=$app --key=db_name --value=$db_name
-ynh_psql_setup_db --db_user=$db_user --db_name=$db_name
-db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
-
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=1
-ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
-ynh_setup_source --dest_dir="$final_path/api" --source_id="api"
-ynh_setup_source --dest_dir="$final_path/front" --source_id="front"
+ynh_setup_source --dest_dir="$install_dir/api" --source_id="api"
+ynh_setup_source --dest_dir="$install_dir/front" --source_id="front"
-mkdir -p $final_path/config
+mkdir -p $install_dir/config
-chmod 750 "$final_path"
-chmod -R o-rwx "$final_path"
-chown -R $app:www-data "$final_path"
+chmod 750 "$install_dir"
+chmod -R o-rwx "$install_dir"
+chown -R $app:www-data "$install_dir"
#=================================================
# NGINX CONFIGURATION
@@ -123,14 +45,12 @@ ynh_add_nginx_config
#=================================================
ynh_script_progression --message="Creating a data directory..." --weight=1
-ynh_app_setting_set --app=$app --key=datadir --value=$datadir
+mkdir -p $data_dir/data
+mkdir -p $data_dir/{static,media,music}
-mkdir -p $datadir
-mkdir -p $datadir/{static,media,music}
-
-chmod 750 "$datadir"
-chmod -R o-rwx "$datadir"
-chown -R $app:www-data "$datadir"
+chmod 750 "$data_dir"
+chmod -R o-rwx "$data_dir/"
+chown -R $app:www-data "$data_dir/"
#=================================================
# ADD A CONFIGURATION
@@ -143,10 +63,10 @@ redis_db=$(ynh_redis_get_free_db)
ynh_app_setting_set --app=$app --key=key --value=$key
ynh_app_setting_set --app=$app --key=redis_db --value=$redis_db
-ynh_add_config --template="../conf/env.prod" --destination="$final_path/config/.env"
+ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/.env"
-chmod 400 "$final_path/config/.env"
-chown $app:$app "$final_path/config/.env"
+chmod 400 "$install_dir/config/.env"
+chown $app:$app "$install_dir/config/.env"
#=================================================
# SETUP SYSTEMD
@@ -165,14 +85,14 @@ ynh_add_systemd_config --service="${app}-beat" --template="funkwhale-beat.serv
#=================================================
ynh_script_progression --message="Installing Python dependencies..." --weight=1
-pushd $final_path
- python3 -m venv $final_path/virtualenv
- source $final_path/virtualenv/bin/activate
+pushd $install_dir
+ python3 -m venv $install_dir/virtualenv
+ source $install_dir/virtualenv/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
- ynh_exec_warn_less pip install wheel
+ ynh_exec_warn_less pip install wheel toml
# Workaround for error AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
- ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$final_path/api/requirements/base.txt"
+ ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$install_dir/api/requirements/base.txt"
ynh_exec_warn_less pip install -r api/requirements.txt
popd
@@ -181,8 +101,8 @@ popd
#=================================================
ynh_script_progression --message="Building funkwhale..." --weight=1
-pushd $final_path
- source $final_path/virtualenv/bin/activate
+pushd $install_dir
+ source $install_dir/virtualenv/bin/activate
# needed for enabling the 'unaccent' extension
ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name"
@@ -192,9 +112,9 @@ pushd $final_path
echo "yes" | ynh_exec_warn_less python api/manage.py collectstatic
popd
-chmod 750 "$final_path"
-chmod -R o-rwx "$final_path"
-chown -R $app:www-data "$final_path"
+chmod 750 "$install_dir"
+chmod -R o-rwx "$install_dir"
+chown -R $app:www-data "$install_dir"
#=================================================
# GENERIC FINALIZATION
@@ -225,26 +145,6 @@ ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-access.log" --failregex=".* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Configuring permissions..." --weight=1
-
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
- # Everyone can access the app.
- # The "main" permission is automatically created before the install script.
- ynh_permission_update --permission="main" --add="visitors"
-fi
-
-#=================================================
-# RELOAD NGINX
-#=================================================
-ynh_script_progression --message="Reloading NGINX web server..." --weight=1
-
-ynh_systemd_action --service_name=nginx --action=reload
-
#=================================================
# END OF SCRIPT
#=================================================
diff --git a/scripts/remove b/scripts/remove
index 1271cb7..cafe155 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -9,21 +9,6 @@
source _common.sh
source /usr/share/yunohost/helpers
-#=================================================
-# LOAD SETTINGS
-#=================================================
-ynh_script_progression --message="Loading installation settings..." --weight=1
-
-app=$YNH_APP_INSTANCE_NAME
-
-domain=$(ynh_app_setting_get --app=$app --key=domain)
-port=$(ynh_app_setting_get --app=$app --key=port)
-db_name=$(ynh_app_setting_get --app=$app --key=db_name)
-db_user=$db_name
-final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-datadir=$(ynh_app_setting_get --app=$app --key=datadir)
-redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
-
#=================================================
# STANDARD REMOVE
#=================================================
@@ -65,33 +50,6 @@ ynh_remove_systemd_config --service="${app}-worker"
ynh_secure_remove --file="/etc/systemd/system/$app.target"
-#=================================================
-# REMOVE THE POSTGRESQL DATABASE
-#=================================================
-ynh_script_progression --message="Removing the PostgreSQL database..." --weight=1
-
-# Remove a database if it exists, along with the associated user
-ynh_psql_remove_db --db_user=$db_user --db_name=$db_name
-
-#=================================================
-# REMOVE APP MAIN DIR
-#=================================================
-ynh_script_progression --message="Removing app main directory..." --weight=1
-
-# Remove the app directory securely
-ynh_secure_remove --file="$final_path"
-
-#=================================================
-# REMOVE DATA DIR
-#=================================================
-
-# Remove the data directory if --purge option is used
-if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
-then
- ynh_script_progression --message="Removing app data directory..." --weight=1
- ynh_secure_remove --file="$datadir"
-fi
-
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
@@ -100,14 +58,6 @@ ynh_script_progression --message="Removing NGINX web server configuration..." --
# Remove the dedicated NGINX config
ynh_remove_nginx_config
-#=================================================
-# REMOVE DEPENDENCIES
-#=================================================
-ynh_script_progression --message="Removing dependencies..." --weight=1
-
-# Remove metapackage and its dependencies
-ynh_remove_app_dependencies
-
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
@@ -126,16 +76,6 @@ ynh_script_progression --message="Removing the Redis database..." --weight=1
# Remove a database if it exists, along with the associated user
ynh_redis_remove_db $redis_db
-#=================================================
-# GENERIC FINALIZATION
-#=================================================
-# REMOVE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Removing the dedicated system user..." --weight=1
-
-# Delete a system user
-ynh_system_user_delete --username=$app
-
#=================================================
# END OF SCRIPT
#=================================================
diff --git a/scripts/restore b/scripts/restore
index 848bdd7..66c9940 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -10,83 +10,29 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
-#=================================================
-# MANAGE SCRIPT FAILURE
-#=================================================
-
-ynh_clean_setup () {
- true
-}
-# Exit if an error occurs during the execution of the script
-ynh_abort_if_errors
-
-#=================================================
-# LOAD SETTINGS
-#=================================================
-ynh_script_progression --message="Loading installation settings..." --weight=1
-
-app=$YNH_APP_INSTANCE_NAME
-
-domain=$(ynh_app_setting_get --app=$app --key=domain)
-path_url=$(ynh_app_setting_get --app=$app --key=path)
-final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-db_name=$(ynh_app_setting_get --app=$app --key=db_name)
-db_user=$db_name
-datadir=$(ynh_app_setting_get --app=$app --key=datadir)
-
-#=================================================
-# CHECK IF THE APP CAN BE RESTORED
-#=================================================
-ynh_script_progression --message="Validating restoration parameters..." --weight=1
-
-test ! -d $final_path \
- || ynh_die --message="There is already a directory: $final_path "
-
-#=================================================
-# STANDARD RESTORATION STEPS
-#=================================================
-# RECREATE THE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
-
-# Create the dedicated user (if not existing)
-ynh_system_user_create --username=$app --home_dir="$final_path"
-
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=1
-ynh_restore_file --origin_path="$final_path"
+ynh_restore_file --origin_path="$install_dir"
-chmod 750 "$final_path"
-chmod -R o-rwx "$final_path"
-chown -R $app:www-data "$final_path"
+chmod -R o-rwx "$install_dir"
+chown -R $app:www-data "$install_dir"
#=================================================
# RESTORE THE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Restoring the data directory..." --weight=1
-ynh_restore_file --origin_path="$datadir" --not_mandatory
+ynh_restore_file --origin_path="$data_dir/" --not_mandatory
-mkdir -p $datadir
+mkdir -p $data_dir/data
+mkdir -p $data_dir/{static,media,music}
-mkdir -p $datadir/{static,media,music}
-
-chmod 750 "$datadir"
-chmod -R o-rwx "$datadir"
-chown -R $app:www-data "$datadir"
-
-#=================================================
-# SPECIFIC RESTORATION
-#=================================================
-# REINSTALL DEPENDENCIES
-#=================================================
-ynh_script_progression --message="Reinstalling dependencies..." --weight=1
-
-# Define and install dependencies
-ynh_install_app_dependencies $pkg_dependencies
+chmod 750 "$data_dir/"
+chmod -R o-rwx "$data_dir/"
+chown -R $app:www-data "$data_dir/"
#=================================================
# RESTORE THE NGINX CONFIGURATION
@@ -100,9 +46,6 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1
-ynh_psql_test_if_first_run
-db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
-ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name
#=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 9763ca9..28b57ca 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -9,45 +9,12 @@
source _common.sh
source /usr/share/yunohost/helpers
-#=================================================
-# LOAD SETTINGS
-#=================================================
-ynh_script_progression --message="Loading installation settings..." --weight=1
-
-app=$YNH_APP_INSTANCE_NAME
-
-domain=$(ynh_app_setting_get --app=$app --key=domain)
-path_url=$(ynh_app_setting_get --app=$app --key=path)
-final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-db_name=$(ynh_app_setting_get --app=$app --key=db_name)
-db_user=$db_name
-db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
-datadir=$(ynh_app_setting_get --app=$app --key=datadir)
-port=$(ynh_app_setting_get --app=$app --key=port)
-redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
-key=$(ynh_app_setting_get --app=$app --key=key)
-
#=================================================
# CHECK VERSION
#=================================================
-ynh_script_progression --message="Checking version..." --weight=1
upgrade_type=$(ynh_check_app_version_changed)
-#=================================================
-# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
-#=================================================
-ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
-
-# Backup the current version of the app
-ynh_backup_before_upgrade
-ynh_clean_setup () {
- # Restore it if the upgrade fails
- ynh_restore_upgradebackup
-}
-# Exit if an error occurs during the execution of the script
-ynh_abort_if_errors
-
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
@@ -59,95 +26,62 @@ ynh_systemd_action --action="stop" --service_name="${app}-beat" --log_path="syst
ynh_systemd_action --action="stop" --service_name="${app}-server" --log_path="systemd" --line_match="Stopped"
ynh_systemd_action --action="stop" --service_name="${app}-worker" --log_path="systemd" --line_match="Stopped"
-#=================================================
-# ENSURE DOWNWARD COMPATIBILITY
-#=================================================
-ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
-
-# If redis_db doesn't exist, create it
-if [ -z "$redis_db" ]; then
- redis_db=$(ynh_redis_get_free_db)
- ynh_app_setting_set --app=$app --key=redis_db --value=$redis_db
-fi
-
-# If db_pwd doesn't exist, create it
-if [ -z "$db_pwd" ]; then
- db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
- ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
-fi
-
-# Cleaning legacy permissions
-if ynh_legacy_permissions_exists; then
- ynh_legacy_permissions_delete_all
-
- ynh_app_setting_delete --app=$app --key=is_public
-fi
-
#=================================================
# MOVE DATAS
#=================================================
-# If datadir doesn't exist, create it
-if [ -z "$datadir" ]; then
+# If data_dir doesn't exist, create it
+if [ -z "$data_dir/" ]; then
# Do a full backup before moving datas
yunohost backup create --apps $app
- datadir="/home/yunohost.app/${app}/data"
- ynh_script_progression --message="Moving datas to $datadir..." --weight=1
+ data_dir="/home/yunohost.app/${app}/data"
+ ynh_script_progression --message="Moving datas to $data_dir..." --weight=1
- mkdir -p $datadir
- mkdir -p $datadir/{static,media,music}
+ mkdir -p $data_dir
+ mkdir -p $data_dir/{static,media,music}
- chmod 750 "$datadir"
- chmod -R o-rwx "$datadir"
- chown -R $app:www-data "$datadir"
+ chmod 750 "$data_dir"
+ chmod -R o-rwx "$data_dir"
+ chown -R $app:www-data "$data_dir"
- ynh_backup_if_checksum_is_different --file="$final_path/code/config/.env"
- mkdir -p $final_path/config
- rsync -a $final_path/code/config/ $final_path/config/
- chmod 400 $final_path/config/.env
- ynh_store_file_checksum --file="$final_path/config/.env"
- ynh_delete_file_checksum --file="$final_path/code/config/.env"
+ ynh_backup_if_checksum_is_different --file="$install_dir/code/config/.env"
+ mkdir -p $install_dir/config
+ rsync -a $install_dir/code/config/ $install_dir/config/
+ chmod 400 $install_dir/config/.env
+ ynh_store_file_checksum --file="$install_dir/config/.env"
+ ynh_delete_file_checksum --file="$install_dir/code/config/.env"
- if [ -d "$final_path/code/data/static/" ]; then
- rsync -a $final_path/code/data/static/ $datadir/static/
+ if [ -d "$install_dir/code/data/static/" ]; then
+ rsync -a $install_dir/code/data/static/ $data_dir/static/
fi
- if [ -d "$final_path/media/" ]; then
- rsync -a $final_path/media/ $datadir/media/
+ if [ -d "$install_dir/media/" ]; then
+ rsync -a $install_dir/media/ $data_dir/media/
fi
- if [ -d "$final_path/code/data/media/" ]; then
- rsync -a $final_path/code/data/media/ $datadir/media/
+ if [ -d "$install_dir/code/data/media/" ]; then
+ rsync -a $install_dir/code/data/media/ $data_dir/media/
fi
- if [ -d "$final_path/import/" ]; then
- rsync -a $final_path/import/ $datadir/music/
+ if [ -d "$install_dir/import/" ]; then
+ rsync -a $install_dir/import/ $data_dir/music/
fi
- if [ -d "$final_path/code/data/music/" ]; then
- rsync -a $final_path/code/data/music/ $datadir/music/
+ if [ -d "$install_dir/code/data/music/" ]; then
+ rsync -a $install_dir/code/data/music/ $data_dir/music/
fi
- ynh_secure_remove --file="$final_path/code"
- ynh_secure_remove --file="$final_path/media"
- ynh_secure_remove --file="$final_path/code/data/media"
- ynh_secure_remove --file="$final_path/import"
- ynh_secure_remove --file="$final_path/code/data/music"
+ ynh_secure_remove --file="$install_dir/code"
+ ynh_secure_remove --file="$install_dir/media"
+ ynh_secure_remove --file="$install_dir/static"
+ ynh_secure_remove --file="$install_dir/code/data/media"
+ ynh_secure_remove --file="$install_dir/import"
+ ynh_secure_remove --file="$install_dir/code/data/music"
- ynh_app_setting_set --app=$app --key=datadir --value=$datadir
-
- chmod 750 "$datadir"
- chmod -R o-rwx "$datadir"
- chown -R $app:www-data "$datadir"
+ chmod 750 "$data_dir/data/"
+ chmod -R o-rwx "$data_dir/data/"
+ chown -R $app:www-data "$data_dir/data/"
upgrade_type="UPGRADE_APP"
fi
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
-
-# Create a dedicated user (if not existing)
-ynh_system_user_create --username=$app --home_dir="$final_path"
-
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@@ -156,23 +90,14 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..." --weight=1
- ynh_secure_remove --file="$final_path/api"
- ynh_secure_remove --file="$final_path/front"
# Download, check integrity, uncompress and patch the source from app.src
- ynh_setup_source --dest_dir="$final_path/api" --source_id="api"
- ynh_setup_source --dest_dir="$final_path/front" --source_id="front"
+ ynh_setup_source --dest_dir="$install_dir/api" --source_id="api"
+ ynh_setup_source --dest_dir="$install_dir/front" --source_id="front"
fi
-chmod 750 "$final_path"
-chmod -R o-rwx "$final_path"
-chown -R $app:www-data "$final_path"
-
-#=================================================
-# UPGRADE DEPENDENCIES
-#=================================================
-ynh_script_progression --message="Upgrading dependencies..." --weight=1
-
-ynh_install_app_dependencies $pkg_dependencies
+chmod 750 "$install_dir"
+chmod -R o-rwx "$install_dir"
+chown -R $app:www-data "$install_dir"
#=================================================
# NGINX CONFIGURATION
@@ -189,15 +114,15 @@ ynh_add_nginx_config
#=================================================
ynh_script_progression --message="Installing Python dependencies..." --weight=1
-pushd $final_path
- ynh_secure_remove --file="$final_path/virtualenv"
- python3 -m venv $final_path/virtualenv
- source $final_path/virtualenv/bin/activate
+pushd $install_dir
+ynh_secure_remove --file="$install_dir/virtualenv"
+ python3 -m venv $install_dir/virtualenv
+ source $install_dir/virtualenv/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
- ynh_exec_warn_less pip install wheel
+ ynh_exec_warn_less pip install wheel toml
# Workaround for error AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
- ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$final_path/api/requirements/base.txt"
+ ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$install_dir/api/requirements/base.txt"
ynh_exec_warn_less pip install -r api/requirements.txt
popd
@@ -206,18 +131,18 @@ popd
#=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1
-ynh_add_config --template="../conf/env.prod" --destination="$final_path/config/.env"
+ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/.env"
-chmod 400 "$final_path/config/.env"
-chown $app:$app "$final_path/config/.env"
+chmod 400 "$install_dir/config/.env"
+chown $app:$app "$install_dir/config/.env"
#=================================================
# UPGRADE FUNKWHALE
#=================================================
ynh_script_progression --message="Upgrading Funkwhale..." --weight=1
-pushd $final_path
- source $final_path/virtualenv/bin/activate
+pushd $install_dir
+ source $install_dir/virtualenv/bin/activate
echo "yes" | ynh_exec_warn_less python api/manage.py collectstatic --clear --noinput
@@ -227,9 +152,9 @@ pushd $final_path
ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name"
popd
-chmod 750 "$final_path"
-chmod -R o-rwx "$final_path"
-chown -R $app:www-data "$final_path"
+chmod 750 "$install_dir"
+chmod -R o-rwx "$install_dir"
+chown -R $app:www-data "$install_dir"
#=================================================
# SETUP SYSTEMD
@@ -272,13 +197,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=1
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-access.log" --failregex=".* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5
-#=================================================
-# RELOAD NGINX
-#=================================================
-ynh_script_progression --message="Reloading NGINX web server..." --weight=1
-
-ynh_systemd_action --service_name=nginx --action=reload
-
#=================================================
# END OF SCRIPT
#=================================================
diff --git a/tests.toml b/tests.toml
new file mode 100644
index 0000000..c60f8ef
--- /dev/null
+++ b/tests.toml
@@ -0,0 +1,8 @@
+test_format = 1.0
+
+[default]
+
+ exclude = ["install.nourl"]
+
+ test_upgrade_from.7a50028.name = "Upgrade from 1.2.9"
+ test_upgrade_from.945e3d4.name = "Upgrade from 1.2.10~ynh1"