1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/funkwhale_ynh.git synced 2024-09-03 18:36:24 +02:00

Merge pull request #211 from YunoHost-Apps/testing

Packaging V2
This commit is contained in:
Thomas 2023-04-03 20:52:41 +02:00 committed by GitHub
commit d04155fe4f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
22 changed files with 287 additions and 689 deletions

View file

@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
Funkwhale is a community-driven project that lets you listen and share music and audio within a decentralized, open network. Funkwhale is a community-driven project that lets you listen and share music and audio within a decentralized, open network.
**Shipped version:** 1.2.10~ynh2 **Shipped version:** 1.2.10~ynh3
**Demo:** https://demo.funkwhale.audio **Demo:** https://demo.funkwhale.audio
@ -26,20 +26,6 @@ Funkwhale is a community-driven project that lets you listen and share music and
![Screenshot of Funkwhale](./doc/screenshots/screenshot1.png) ![Screenshot of Funkwhale](./doc/screenshots/screenshot1.png)
## Disclaimers / important information
* Installation requires a dedicated domain or subdomain. Installing in a subpath is not supported by the upstream project due to dependency requirements.
* Admin
* The admin uses the login you provided at installation. The password is the same you use for YunoHost.
* The admin interface is accessible at the address: `your.domain.fr/api/admin`
To add a collection of music files to a library in your YunoHost installation of Funkwhale, create a symlink to your collection titled "music" in `/home/yunohost.app/funkwhale/data`
```console
foo@bar:~$sudo ln -s /your/music/collection /home/yunohost.app/funkwhale/data/music
```
The files can then be added to your library from the *uploading* tab in a music library under the heading **Import music from your server**.
## Documentation and resources ## Documentation and resources
* Official app website: <https://funkwhale.audio/> * Official app website: <https://funkwhale.audio/>

View file

@ -18,7 +18,7 @@ Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
Funkwhale est un projet communautaire qui vous permet d'écouter et de partager de la musique et de l'audio au sein d'un réseau ouvert et décentralisé. Funkwhale est un projet communautaire qui vous permet d'écouter et de partager de la musique et de l'audio au sein d'un réseau ouvert et décentralisé.
**Version incluse :** 1.2.10~ynh2 **Version incluse :** 1.2.10~ynh3
**Démo :** https://demo.funkwhale.audio **Démo :** https://demo.funkwhale.audio
@ -26,18 +26,6 @@ Funkwhale est un projet communautaire qui vous permet d'écouter et de partager
![Capture décran de Funkwhale](./doc/screenshots/screenshot1.png) ![Capture décran de Funkwhale](./doc/screenshots/screenshot1.png)
## Avertissements / informations importantes
* L'installation nécessite un domaine ou un sous-domaine dédié. L'installation dans un chemin du domaine n'est pas prise en charge par le projet en amont en raison des exigences de dépendance.
* Admin
* L'administrateur utilise le login que vous avez fourni lors de l'installation. Le mot de passe est le même que celui que vous utilisez pour YunoHost.
* L'interface d'administration est accessible à l'adresse : votre.domaine.fr/api/admin
Pour ajouter une collection de fichiers musicaux à une bibliothèque dans votre installation YunoHost de Funkwhale, créez un lien symbolique vers votre collection intitulée "music" dans `/home/yunohost.app/funkwhale/data/`.
`foo@bar:~$sudo ln -s /your/music/collection /home/yunohost.app/funkwhale/data/music`
Les fichiers peuvent ensuite être ajoutés à votre bibliothèque à partir de l'onglet *Envoi* dans une bibliothèque musicale sous la rubrique **Importer de la musique de votre serveur**.
## Documentations et ressources ## Documentations et ressources
* Site officiel de lapp : <https://funkwhale.audio/> * Site officiel de lapp : <https://funkwhale.audio/>

View file

@ -1,40 +0,0 @@
;; Test complet
; Manifest
domain="domain.tld"
is_public=1
admin="john"
; Checks
pkg_linter=1
setup_sub_dir=0
setup_root=1
setup_nourl=0
setup_private=1
setup_public=1
upgrade=1
# 1.1~ynh1
upgrade=1 from_commit=8172790fb461d16f09089593fdac380f0d499c83
# 1.1.1~ynh1
upgrade=0 from_commit=fa9587f61e4bb4f9db8667b1c6701ede37ac8e91
# 1.1.2~ynh1
upgrade=1 from_commit=74255c1c278562eb174fb13ce538d4754f01186c
# 1.1.4~ynh2
upgrade=1 from_commit=313335d5aa851a497fa92cd7ac264f989e1052d9
# 1.2.1~ynh1
upgrade=0 from_commit=9fc8b84ba24260e28f791aa9c47688c1a1f085c2
# 1.2.2~ynh2
upgrade=0 from_commit=192afe93f66bb08cc7d487db02dc4d187e5b29e2
# 1.2.3~ynh1
upgrade=0 from_commit=1c1b64b8b04ee917a63580dce21d149182ee319d
# 1.2.4~ynh1
upgrade=0 from_commit=5961e7283e52963329e30ca22df4d5505adfc256
#1.2.5~ynh1
upgrade=0 from_commit=a070baf105a94ac6fefc280f0335b044db643ec8
#1.2.7~ynh1
upgrade=0 from_commit=557386e0c1306f78c43ccf2e5ec7b3b46a07ab56
backup_restore=1
multi_instance=1
port_already_use=0
change_url=1
;;; Options
Email=cda@rootkey.co.uk
Notification=all

View file

@ -1,7 +0,0 @@
SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.2.10/download?job=build_api
SOURCE_SUM=fc6f54d37993f74e057d1a59438e21b68a8cff1a7f9438415459ede7cf7f09d0
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

View file

@ -110,12 +110,12 @@ CACHE_URL=redis://127.0.0.1:6379/__REDIS_DB__
# Where media files (such as album covers or audio tracks) should be stored # Where media files (such as album covers or audio tracks) should be stored
# on your system? # on your system?
# (Ensure this directory actually exists) # (Ensure this directory actually exists)
MEDIA_ROOT=__DATADIR__/media MEDIA_ROOT=__DATA_DIR__/data/media
# Where static files (such as API css or icons) should be compiled # Where static files (such as API css or icons) should be compiled
# on your system? # on your system?
# (Ensure this directory actually exists) # (Ensure this directory actually exists)
STATIC_ROOT=__DATADIR__/static STATIC_ROOT=__DATA_DIR__/data/static
# which settings module should django use? # which settings module should django use?
# You don't have to touch this unless you really know what you're doing # You don't have to touch this unless you really know what you're doing
@ -138,8 +138,8 @@ DJANGO_SECRET_KEY=__KEY__
# MUSIC_DIRECTORY_PATH=/srv/funkwhale/data/music # MUSIC_DIRECTORY_PATH=/srv/funkwhale/data/music
# # MUSIC_DIRECTORY_SERVE_PATH= # stays commented, not needed # # MUSIC_DIRECTORY_SERVE_PATH= # stays commented, not needed
MUSIC_DIRECTORY_PATH=__DATADIR__/music MUSIC_DIRECTORY_PATH=__DATA_DIR__/data/music
#MUSIC_DIRECTORY_SERVE_PATH=__DATADIR__/import #MUSIC_DIRECTORY_SERVE_PATH=__DATA_DIR__/data/import
# LDAP settings # LDAP settings
# Use the following options to allow authentication on your Funkwhale instance # Use the following options to allow authentication on your Funkwhale instance
@ -157,8 +157,8 @@ LDAP_START_TLS=False
LDAP_ROOT_DN=ou=users,dc=yunohost,dc=org LDAP_ROOT_DN=ou=users,dc=yunohost,dc=org
LDAP_USER_ATTR_MAP=username:uid LDAP_USER_ATTR_MAP=username:uid
FUNKWHALE_FRONTEND_PATH=__FINALPATH__/front/dist FUNKWHALE_FRONTEND_PATH=__INSTALL_DIR__/front/dist
FUNKWHALE_SPA_HTML_ROOT=__FINALPATH__/front/dist/index.html FUNKWHALE_SPA_HTML_ROOT=__INSTALL_DIR__/front/dist/index.html
# Nginx related configuration # Nginx related configuration
NGINX_MAX_BODY_SIZE=100M NGINX_MAX_BODY_SIZE=100M

View file

@ -1,7 +0,0 @@
SOURCE_URL=https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/1.2.10/download?job=build_front
SOURCE_SUM=bcf0ba380295be58dfcfe4d88605cfce357859adf623c8236fb1182095c38bfd
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

View file

@ -6,9 +6,43 @@ PartOf=__APP__.target
[Service] [Service]
User=__APP__ User=__APP__
Group=__APP__ Group=__APP__
WorkingDirectory=__FINALPATH__/api WorkingDirectory=__INSTALL_DIR__/api
EnvironmentFile=__FINALPATH__/config/.env EnvironmentFile=__INSTALL_DIR__/config/.env
ExecStart=__FINALPATH__/virtualenv/bin/celery -A funkwhale_api.taskapp beat -l INFO ExecStart=__INSTALL_DIR__/virtualenv/bin/celery -A funkwhale_api.taskapp beat -l INFO
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectClock=yes
ProtectHostname=yes
ProtectProc=invisible
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -6,9 +6,21 @@ PartOf=__APP__.target
[Service] [Service]
User=__APP__ User=__APP__
Group=__APP__ Group=__APP__
WorkingDirectory=__FINALPATH__/api WorkingDirectory=__INSTALL_DIR__/api
EnvironmentFile=__FINALPATH__/config/.env EnvironmentFile=__INSTALL_DIR__/config/.env
ExecStart=__FINALPATH__/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT} ExecStart=__INSTALL_DIR__/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -6,9 +6,43 @@ PartOf=__APP__.target
[Service] [Service]
User=__APP__ User=__APP__
Group=__APP__ Group=__APP__
WorkingDirectory=__FINALPATH__/api WorkingDirectory=__INSTALL_DIR__/api
EnvironmentFile=__FINALPATH__/config/.env EnvironmentFile=__INSTALL_DIR__/config/.env
ExecStart=__FINALPATH__/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=0 ExecStart=__INSTALL_DIR__/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=0
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectClock=yes
ProtectHostname=yes
ProtectProc=invisible
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -1,4 +1,4 @@
root __FINALPATH__/front/dist; root __INSTALL_DIR__/front/dist;
location / { location / {
@ -26,7 +26,7 @@ location /front/ {
more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
more_set_headers "Service-Worker-Allowed: /"; more_set_headers "Service-Worker-Allowed: /";
more_set_headers "X-Frame-Options: SAMEORIGIN"; more_set_headers "X-Frame-Options: SAMEORIGIN";
alias __FINALPATH__/front/dist/; alias __INSTALL_DIR__/front/dist/;
expires 30d; expires 30d;
more_set_headers "Pragma: public"; more_set_headers "Pragma: public";
more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate"; more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate";
@ -37,7 +37,7 @@ location /front/embed.html {
more_set_headers "Referrer-Policy: strict-origin-when-cross-origin"; more_set_headers "Referrer-Policy: strict-origin-when-cross-origin";
more_set_headers "X-Frame-Options: ALLOW"; more_set_headers "X-Frame-Options: ALLOW";
alias __FINALPATH__/front/dist/embed.html; alias __INSTALL_DIR__/front/dist/embed.html;
expires 30d; expires 30d;
more_set_headers "Pragma: public"; more_set_headers "Pragma: public";
more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate"; more_set_headers "Cache-Control: public, must-revalidate, proxy-revalidate";
@ -102,11 +102,11 @@ location /.well-known/ {
} }
location /media/__sized__/ { location /media/__sized__/ {
alias __DATADIR__/media/__sized__/; alias __DATA_DIR__/data/media/__sized__/;
} }
location /media/attachments/ { location /media/attachments/ {
alias __DATADIR__//media/attachments/; alias __DATA_DIR__/data/media/attachments/;
} }
location /_protected/media/ { location /_protected/media/ {
@ -114,7 +114,7 @@ location /_protected/media/ {
# audio files once correct permission / authentication # audio files once correct permission / authentication
# has been checked on API side # has been checked on API side
internal; internal;
alias __DATADIR__/media/; alias __DATA_DIR__/data/media/;
} }
# Comment the previous location and uncomment this one if you're storing # Comment the previous location and uncomment this one if you're storing
@ -132,10 +132,10 @@ location /_protected/music/ {
# has been checked on API side # has been checked on API side
# Set this to the same value as your MUSIC_DIRECTORY_PATH setting # Set this to the same value as your MUSIC_DIRECTORY_PATH setting
internal; internal;
alias __DATADIR__/music/; alias __DATA_DIR__/data/music/;
} }
location /staticfiles/ { location /staticfiles/ {
# django static files # django static files
alias __DATADIR__/static/; alias __DATA_DIR__/data/static/;
} }

View file

@ -2,10 +2,10 @@
* Admin * Admin
* The admin uses the login you provided at installation. The password is the same you use for YunoHost. * The admin uses the login you provided at installation. The password is the same you use for YunoHost.
* The admin interface is accessible at the address: `your.domain.fr/api/admin` * The admin interface is accessible at the address: `__DOMAIN__/api/admin`
To add a collection of music files to a library in your YunoHost installation of Funkwhale, create a symlink to your collection titled "music" in `/home/yunohost.app/funkwhale/data` To add a collection of music files to a library in your YunoHost installation of Funkwhale, create a symlink to your collection titled "music" in `__DATA_DIR__/data`
```console ```console
foo@bar:~$sudo ln -s /your/music/collection /home/yunohost.app/funkwhale/data/music foo@bar:~$sudo ln -s /your/music/collection __DATA_DIR__/data/music
``` ```
The files can then be added to your library from the *uploading* tab in a music library under the heading **Import music from your server**. The files can then be added to your library from the *uploading* tab in a music library under the heading **Import music from your server**.

View file

@ -2,8 +2,8 @@
* Admin * Admin
* L'administrateur utilise le login que vous avez fourni lors de l'installation. Le mot de passe est le même que celui que vous utilisez pour YunoHost. * L'administrateur utilise le login que vous avez fourni lors de l'installation. Le mot de passe est le même que celui que vous utilisez pour YunoHost.
* L'interface d'administration est accessible à l'adresse : votre.domaine.fr/api/admin * L'interface d'administration est accessible à l'adresse : __DOMAIN__/api/admin
Pour ajouter une collection de fichiers musicaux à une bibliothèque dans votre installation YunoHost de Funkwhale, créez un lien symbolique vers votre collection intitulée "music" dans `/home/yunohost.app/funkwhale/data/`. Pour ajouter une collection de fichiers musicaux à une bibliothèque dans votre installation YunoHost de Funkwhale, créez un lien symbolique vers votre collection intitulée "music" dans `__DATA_DIR__/data/`.
`foo@bar:~$sudo ln -s /your/music/collection /home/yunohost.app/funkwhale/data/music` `foo@bar:~$sudo ln -s /your/music/collection __DATA_DIR__/data/music`
Les fichiers peuvent ensuite être ajoutés à votre bibliothèque à partir de l'onglet *Envoi* dans une bibliothèque musicale sous la rubrique **Importer de la musique de votre serveur**. Les fichiers peuvent ensuite être ajoutés à votre bibliothèque à partir de l'onglet *Envoi* dans une bibliothèque musicale sous la rubrique **Importer de la musique de votre serveur**.

View file

@ -1,58 +0,0 @@
{
"name": "Funkwhale",
"id": "funkwhale",
"packaging_format": 1,
"description": {
"en": "Convivial and modern music server",
"fr": "Serveur de musique moderne et convivial"
},
"version": "1.2.10~ynh2",
"url": "https://funkwhale.audio",
"upstream": {
"license": "AGPL-3.0-or-later",
"website": "https://funkwhale.audio/",
"demo": "https://demo.funkwhale.audio",
"admindoc": "https://docs.funkwhale.audio/admin/index.html",
"userdoc": "https://docs.funkwhale.audio/users/index.html",
"code": "https://dev.funkwhale.audio/funkwhale/funkwhale"
},
"license": "AGPL-3.0-or-later",
"maintainer": {
"name": "Ciarán Ainsworth",
"email": "cda@rootkey.co.uk"
},
"previous_maintainers": [
{
"name": "Jean-Baptiste Holcroft",
"email": "jean-baptiste@holcroft.fr"
}
],
"requirements": {
"yunohost": ">= 11.0.0"
},
"multi_instance": true,
"services": [
"nginx"
],
"arguments": {
"install": [
{
"name": "domain",
"type": "domain"
},
{
"name": "is_public",
"type": "boolean",
"help": {
"en": "If enabled, Funkwhale will be accessible by Funkwhale for Android and by users without a YunoHost account. This can be changed later in the webadmin.",
"fr": "Si cette case est cochée, Funkwhale sera accessible par Funkwhale for Android et par les utilisateurs nayant pas de compte YunoHost. Vous pourrez changer cela dans la webadmin."
},
"default": true
},
{
"name": "admin",
"type": "user"
}
]
}
}

76
manifest.toml Normal file
View file

@ -0,0 +1,76 @@
packaging_format = 2
id = "funkwhale"
name = "Funkwhale"
description.en = "Convivial and modern music server"
description.fr = "Serveur de musique moderne et convivial"
version = "1.2.10~ynh3"
maintainers = ["Ciarán Ainsworth"]
[upstream]
license = "AGPL-3.0-or-later"
website = "https://funkwhale.audio/"
demo = "https://demo.funkwhale.audio"
admindoc = "https://docs.funkwhale.audio/admin/index.html"
userdoc = "https://docs.funkwhale.audio/users/index.html"
code = "https://dev.funkwhale.audio/funkwhale/funkwhale"
[integration]
yunohost = ">= 11.1.15"
architectures = "all"
multi_instance = true
ldap = false
sso = false
disk = "50M"
ram.build = "50M"
ram.runtime = "50M"
[install]
[install.domain]
type = "domain"
full_domain = true
[install.init_main_permission]
help.en = "If enabled, Funkwhale will be accessible by Funkwhale for Android and by users without a YunoHost account. This can be changed later in the webadmin."
help.fr = "Si cette case est cochée, Funkwhale sera accessible par Funkwhale for Android et par les utilisateurs nayant pas de compte YunoHost. Vous pourrez changer cela dans la webadmin."
type = "group"
default = "visitors"
[install.admin]
type = "user"
[resources]
[resources.sources]
[resources.sources.api]
url = "https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/1.2.10/download?job=build_api"
sha256 = "fc6f54d37993f74e057d1a59438e21b68a8cff1a7f9438415459ede7cf7f09d0"
in_subdir = true
extract = true
format = "zip"
[resources.sources.front]
url = "https://dev.funkwhale.audio/funkwhale/funkwhale/builds/artifacts/1.2.10/download?job=build_front"
sha256 = "bcf0ba380295be58dfcfe4d88605cfce357859adf623c8236fb1182095c38bfd"
in_subdir = true
extract = true
format = "zip"
[resources.ports]
[resources.system_user]
[resources.install_dir]
[resources.data_dir]
group = "www-data:rx"
[resources.permissions]
main.url = "/"
[resources.apt]
packages = "postgresql curl python3-pip python3-venv git unzip libldap2-dev libsasl2-dev gettext-base zlib1g-dev libffi-dev libssl-dev build-essential ffmpeg libjpeg-dev libmagic-dev libpq-dev python3-dev make zlib1g-dev libffi-dev libssl-dev"
[resources.database]
type = "postgresql"

View file

@ -4,13 +4,6 @@
# COMMON VARIABLES # COMMON VARIABLES
#================================================= #=================================================
# dependencies used by the app (must be on a single line)
pkg_dependencies="curl python3-pip python3-venv git unzip libldap2-dev libsasl2-dev gettext-base zlib1g-dev libffi-dev libssl-dev \
build-essential ffmpeg libjpeg-dev libmagic-dev libpq-dev postgresql postgresql-contrib python3-dev make \
redis-server \
`# add arm support` \
zlib1g-dev libffi-dev libssl-dev"
#================================================= #=================================================
# PERSONAL HELPERS # PERSONAL HELPERS
#================================================= #=================================================

View file

@ -10,28 +10,6 @@
source ../settings/scripts/_common.sh source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#================================================= #=================================================
# DECLARE DATA AND CONF FILES TO BACKUP # DECLARE DATA AND CONF FILES TO BACKUP
#================================================= #=================================================
@ -41,13 +19,13 @@ ynh_print_info --message="Declaring files to be backed up..."
# BACKUP THE APP MAIN DIR # BACKUP THE APP MAIN DIR
#================================================= #=================================================
ynh_backup --src_path="$final_path" ynh_backup --src_path="$install_dir"
#================================================= #=================================================
# BACKUP THE DATA DIR # BACKUP THE DATA DIR
#================================================= #=================================================
ynh_backup --src_path="$datadir" --is_big ynh_backup --src_path="$data_dir" --is_big
#================================================= #=================================================
# BACKUP THE NGINX CONFIGURATION # BACKUP THE NGINX CONFIGURATION

View file

@ -9,69 +9,6 @@
source _common.sh source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
old_domain=$YNH_APP_OLD_DOMAIN
old_path=$YNH_APP_OLD_PATH
new_domain=$YNH_APP_NEW_DOMAIN
new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
key=$(ynh_app_setting_get --app=$app --key=key)
redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
port=$(ynh_app_setting_get --app=$app --key=port)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
key=$(ynh_app_setting_get --app=$app --key=key)
#=================================================
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK WHICH PARTS SHOULD BE CHANGED
#=================================================
change_domain=0
if [ "$old_domain" != "$new_domain" ]
then
change_domain=1
fi
change_path=0
if [ "$old_path" != "$new_path" ]
then
change_path=1
fi
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS
#================================================= #=================================================
@ -88,29 +25,7 @@ ynh_systemd_action --service_name="$app-worker" --action=stop --log_path="/var/l
#================================================= #=================================================
ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf ynh_change_url_nginx_config
# Change the path in the NGINX config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original NGINX config file if modified
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
# Set global variables for NGINX helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated NGINX config
ynh_add_nginx_config
fi
# Change the domain for NGINX
if [ $change_domain -eq 1 ]
then
# Delete file checksum for the old conf file location
ynh_delete_file_checksum --file="$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
#================================================= #=================================================
# MODIFY THE CONFIG FILE # MODIFY THE CONFIG FILE
@ -118,14 +33,14 @@ fi
ynh_script_progression --message="Modifying a config file..." --weight=1 ynh_script_progression --message="Modifying a config file..." --weight=1
domain=$new_domain domain=$new_domain
ynh_add_config --template="../conf/env.prod" --destination="$final_path/config/.env" ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/.env"
#================================================= #=================================================
# MODIFY THE FEDERATION # MODIFY THE FEDERATION
#================================================= #=================================================
source $final_path/virtualenv/bin/activate source $install_dir/virtualenv/bin/activate
ynh_exec_warn_less python3 $final_path/api/manage.py fix_federation_ids https://$old_domain https://$new_domain --no-dry-run --no-input ynh_exec_warn_less python3 $install_dir/api/manage.py fix_federation_ids https://$old_domain https://$new_domain --no-dry-run --no-input
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
@ -136,21 +51,6 @@ ynh_systemd_action --service_name="$app-beat" --action="start" --log_path="/var/
ynh_systemd_action --service_name="$app-server" --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name="$app-server" --action="start" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name="$app-worker" --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name="$app-worker" --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/$new_domain-access.log" --failregex="<HOST>.* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

View file

@ -9,104 +9,26 @@
source _common.sh source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#================================================= #=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST # RETRIEVE ARGUMENTS FROM THE MANIFEST
#================================================= #=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url="/"
is_public=$YNH_APP_ARG_IS_PUBLIC
admin=$YNH_APP_ARG_ADMIN
app=$YNH_APP_INSTANCE_NAME
admin_mail=$(ynh_user_get_info --username="$admin" --key="mail") admin_mail=$(ynh_user_get_info --username="$admin" --key="mail")
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=1
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
datadir=/home/yunohost.app/$app/data
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding an available port..." --weight=1
# Find an available port
port=$(ynh_find_port --port=8095)
ynh_app_setting_set --app=$app --key=port --value=$port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=1
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Creating a PostgreSQL database..." --weight=1
ynh_psql_test_if_first_run
db_name=$(ynh_sanitize_dbid --db_name=$app)
db_user=$db_name
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
ynh_script_progression --message="Setting up source files..." --weight=1 ynh_script_progression --message="Setting up source files..." --weight=1
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path/api" --source_id="api" ynh_setup_source --dest_dir="$install_dir/api" --source_id="api"
ynh_setup_source --dest_dir="$final_path/front" --source_id="front" ynh_setup_source --dest_dir="$install_dir/front" --source_id="front"
mkdir -p $final_path/config mkdir -p $install_dir/config
chmod 750 "$final_path" chmod 750 "$install_dir"
chmod -R o-rwx "$final_path" chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$final_path" chown -R $app:www-data "$install_dir"
#================================================= #=================================================
# NGINX CONFIGURATION # NGINX CONFIGURATION
@ -123,14 +45,12 @@ ynh_add_nginx_config
#================================================= #=================================================
ynh_script_progression --message="Creating a data directory..." --weight=1 ynh_script_progression --message="Creating a data directory..." --weight=1
ynh_app_setting_set --app=$app --key=datadir --value=$datadir mkdir -p $data_dir/data
mkdir -p $data_dir/{static,media,music}
mkdir -p $datadir chmod 750 "$data_dir"
mkdir -p $datadir/{static,media,music} chmod -R o-rwx "$data_dir/"
chown -R $app:www-data "$data_dir/"
chmod 750 "$datadir"
chmod -R o-rwx "$datadir"
chown -R $app:www-data "$datadir"
#================================================= #=================================================
# ADD A CONFIGURATION # ADD A CONFIGURATION
@ -143,10 +63,10 @@ redis_db=$(ynh_redis_get_free_db)
ynh_app_setting_set --app=$app --key=key --value=$key ynh_app_setting_set --app=$app --key=key --value=$key
ynh_app_setting_set --app=$app --key=redis_db --value=$redis_db ynh_app_setting_set --app=$app --key=redis_db --value=$redis_db
ynh_add_config --template="../conf/env.prod" --destination="$final_path/config/.env" ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/.env"
chmod 400 "$final_path/config/.env" chmod 400 "$install_dir/config/.env"
chown $app:$app "$final_path/config/.env" chown $app:$app "$install_dir/config/.env"
#================================================= #=================================================
# SETUP SYSTEMD # SETUP SYSTEMD
@ -165,14 +85,14 @@ ynh_add_systemd_config --service="${app}-beat" --template="funkwhale-beat.serv
#================================================= #=================================================
ynh_script_progression --message="Installing Python dependencies..." --weight=1 ynh_script_progression --message="Installing Python dependencies..." --weight=1
pushd $final_path pushd $install_dir
python3 -m venv $final_path/virtualenv python3 -m venv $install_dir/virtualenv
source $final_path/virtualenv/bin/activate source $install_dir/virtualenv/bin/activate
pip install --upgrade pip pip install --upgrade pip
pip install --upgrade setuptools pip install --upgrade setuptools
ynh_exec_warn_less pip install wheel ynh_exec_warn_less pip install wheel toml
# Workaround for error AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK' # Workaround for error AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$final_path/api/requirements/base.txt" ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$install_dir/api/requirements/base.txt"
ynh_exec_warn_less pip install -r api/requirements.txt ynh_exec_warn_less pip install -r api/requirements.txt
popd popd
@ -181,8 +101,8 @@ popd
#================================================= #=================================================
ynh_script_progression --message="Building funkwhale..." --weight=1 ynh_script_progression --message="Building funkwhale..." --weight=1
pushd $final_path pushd $install_dir
source $final_path/virtualenv/bin/activate source $install_dir/virtualenv/bin/activate
# needed for enabling the 'unaccent' extension # needed for enabling the 'unaccent' extension
ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name" ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name"
@ -192,9 +112,9 @@ pushd $final_path
echo "yes" | ynh_exec_warn_less python api/manage.py collectstatic echo "yes" | ynh_exec_warn_less python api/manage.py collectstatic
popd popd
chmod 750 "$final_path" chmod 750 "$install_dir"
chmod -R o-rwx "$final_path" chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$final_path" chown -R $app:www-data "$install_dir"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
@ -225,26 +145,6 @@ ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
# Create a dedicated Fail2Ban config # Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-access.log" --failregex="<HOST>.* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5 ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-access.log" --failregex="<HOST>.* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors"
fi
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

View file

@ -9,21 +9,6 @@
source _common.sh source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
port=$(ynh_app_setting_get --app=$app --key=port)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
#================================================= #=================================================
# STANDARD REMOVE # STANDARD REMOVE
#================================================= #=================================================
@ -65,33 +50,6 @@ ynh_remove_systemd_config --service="${app}-worker"
ynh_secure_remove --file="/etc/systemd/system/$app.target" ynh_secure_remove --file="/etc/systemd/system/$app.target"
#=================================================
# REMOVE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Removing the PostgreSQL database..." --weight=1
# Remove a database if it exists, along with the associated user
ynh_psql_remove_db --db_user=$db_user --db_name=$db_name
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..." --weight=1
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE DATA DIR
#=================================================
# Remove the data directory if --purge option is used
if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
then
ynh_script_progression --message="Removing app data directory..." --weight=1
ynh_secure_remove --file="$datadir"
fi
#================================================= #=================================================
# REMOVE NGINX CONFIGURATION # REMOVE NGINX CONFIGURATION
#================================================= #=================================================
@ -100,14 +58,6 @@ ynh_script_progression --message="Removing NGINX web server configuration..." --
# Remove the dedicated NGINX config # Remove the dedicated NGINX config
ynh_remove_nginx_config ynh_remove_nginx_config
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#================================================= #=================================================
# REMOVE FAIL2BAN CONFIGURATION # REMOVE FAIL2BAN CONFIGURATION
#================================================= #=================================================
@ -126,16 +76,6 @@ ynh_script_progression --message="Removing the Redis database..." --weight=1
# Remove a database if it exists, along with the associated user # Remove a database if it exists, along with the associated user
ynh_redis_remove_db $redis_db ynh_redis_remove_db $redis_db
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..." --weight=1
# Delete a system user
ynh_system_user_delete --username=$app
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

View file

@ -10,83 +10,29 @@
source ../settings/scripts/_common.sh source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=1
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#================================================= #=================================================
# RESTORE THE APP MAIN DIR # RESTORE THE APP MAIN DIR
#================================================= #=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=1 ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_restore_file --origin_path="$final_path" ynh_restore_file --origin_path="$install_dir"
chmod 750 "$final_path" chmod -R o-rwx "$install_dir"
chmod -R o-rwx "$final_path" chown -R $app:www-data "$install_dir"
chown -R $app:www-data "$final_path"
#================================================= #=================================================
# RESTORE THE DATA DIRECTORY # RESTORE THE DATA DIRECTORY
#================================================= #=================================================
ynh_script_progression --message="Restoring the data directory..." --weight=1 ynh_script_progression --message="Restoring the data directory..." --weight=1
ynh_restore_file --origin_path="$datadir" --not_mandatory ynh_restore_file --origin_path="$data_dir/" --not_mandatory
mkdir -p $datadir mkdir -p $data_dir/data
mkdir -p $data_dir/{static,media,music}
mkdir -p $datadir/{static,media,music} chmod 750 "$data_dir/"
chmod -R o-rwx "$data_dir/"
chmod 750 "$datadir" chown -R $app:www-data "$data_dir/"
chmod -R o-rwx "$datadir"
chown -R $app:www-data "$datadir"
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=1
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
#================================================= #=================================================
# RESTORE THE NGINX CONFIGURATION # RESTORE THE NGINX CONFIGURATION
@ -100,9 +46,6 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#================================================= #=================================================
ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1 ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1
ynh_psql_test_if_first_run
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name
#================================================= #=================================================

View file

@ -9,45 +9,12 @@
source _common.sh source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
port=$(ynh_app_setting_get --app=$app --key=port)
redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
key=$(ynh_app_setting_get --app=$app --key=key)
#================================================= #=================================================
# CHECK VERSION # CHECK VERSION
#================================================= #=================================================
ynh_script_progression --message="Checking version..." --weight=1
upgrade_type=$(ynh_check_app_version_changed) upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#================================================= #=================================================
# STANDARD UPGRADE STEPS # STANDARD UPGRADE STEPS
#================================================= #=================================================
@ -59,95 +26,62 @@ ynh_systemd_action --action="stop" --service_name="${app}-beat" --log_path="syst
ynh_systemd_action --action="stop" --service_name="${app}-server" --log_path="systemd" --line_match="Stopped" ynh_systemd_action --action="stop" --service_name="${app}-server" --log_path="systemd" --line_match="Stopped"
ynh_systemd_action --action="stop" --service_name="${app}-worker" --log_path="systemd" --line_match="Stopped" ynh_systemd_action --action="stop" --service_name="${app}-worker" --log_path="systemd" --line_match="Stopped"
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
# If redis_db doesn't exist, create it
if [ -z "$redis_db" ]; then
redis_db=$(ynh_redis_get_free_db)
ynh_app_setting_set --app=$app --key=redis_db --value=$redis_db
fi
# If db_pwd doesn't exist, create it
if [ -z "$db_pwd" ]; then
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
fi
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi
#================================================= #=================================================
# MOVE DATAS # MOVE DATAS
#================================================= #=================================================
# If datadir doesn't exist, create it # If data_dir doesn't exist, create it
if [ -z "$datadir" ]; then if [ -z "$data_dir/" ]; then
# Do a full backup before moving datas # Do a full backup before moving datas
yunohost backup create --apps $app yunohost backup create --apps $app
datadir="/home/yunohost.app/${app}/data" data_dir="/home/yunohost.app/${app}/data"
ynh_script_progression --message="Moving datas to $datadir..." --weight=1 ynh_script_progression --message="Moving datas to $data_dir..." --weight=1
mkdir -p $datadir mkdir -p $data_dir
mkdir -p $datadir/{static,media,music} mkdir -p $data_dir/{static,media,music}
chmod 750 "$datadir" chmod 750 "$data_dir"
chmod -R o-rwx "$datadir" chmod -R o-rwx "$data_dir"
chown -R $app:www-data "$datadir" chown -R $app:www-data "$data_dir"
ynh_backup_if_checksum_is_different --file="$final_path/code/config/.env" ynh_backup_if_checksum_is_different --file="$install_dir/code/config/.env"
mkdir -p $final_path/config mkdir -p $install_dir/config
rsync -a $final_path/code/config/ $final_path/config/ rsync -a $install_dir/code/config/ $install_dir/config/
chmod 400 $final_path/config/.env chmod 400 $install_dir/config/.env
ynh_store_file_checksum --file="$final_path/config/.env" ynh_store_file_checksum --file="$install_dir/config/.env"
ynh_delete_file_checksum --file="$final_path/code/config/.env" ynh_delete_file_checksum --file="$install_dir/code/config/.env"
if [ -d "$final_path/code/data/static/" ]; then if [ -d "$install_dir/code/data/static/" ]; then
rsync -a $final_path/code/data/static/ $datadir/static/ rsync -a $install_dir/code/data/static/ $data_dir/static/
fi fi
if [ -d "$final_path/media/" ]; then if [ -d "$install_dir/media/" ]; then
rsync -a $final_path/media/ $datadir/media/ rsync -a $install_dir/media/ $data_dir/media/
fi fi
if [ -d "$final_path/code/data/media/" ]; then if [ -d "$install_dir/code/data/media/" ]; then
rsync -a $final_path/code/data/media/ $datadir/media/ rsync -a $install_dir/code/data/media/ $data_dir/media/
fi fi
if [ -d "$final_path/import/" ]; then if [ -d "$install_dir/import/" ]; then
rsync -a $final_path/import/ $datadir/music/ rsync -a $install_dir/import/ $data_dir/music/
fi fi
if [ -d "$final_path/code/data/music/" ]; then if [ -d "$install_dir/code/data/music/" ]; then
rsync -a $final_path/code/data/music/ $datadir/music/ rsync -a $install_dir/code/data/music/ $data_dir/music/
fi fi
ynh_secure_remove --file="$final_path/code" ynh_secure_remove --file="$install_dir/code"
ynh_secure_remove --file="$final_path/media" ynh_secure_remove --file="$install_dir/media"
ynh_secure_remove --file="$final_path/code/data/media" ynh_secure_remove --file="$install_dir/static"
ynh_secure_remove --file="$final_path/import" ynh_secure_remove --file="$install_dir/code/data/media"
ynh_secure_remove --file="$final_path/code/data/music" ynh_secure_remove --file="$install_dir/import"
ynh_secure_remove --file="$install_dir/code/data/music"
ynh_app_setting_set --app=$app --key=datadir --value=$datadir chmod 750 "$data_dir/data/"
chmod -R o-rwx "$data_dir/data/"
chmod 750 "$datadir" chown -R $app:www-data "$data_dir/data/"
chmod -R o-rwx "$datadir"
chown -R $app:www-data "$datadir"
upgrade_type="UPGRADE_APP" upgrade_type="UPGRADE_APP"
fi fi
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
@ -156,23 +90,14 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
then then
ynh_script_progression --message="Upgrading source files..." --weight=1 ynh_script_progression --message="Upgrading source files..." --weight=1
ynh_secure_remove --file="$final_path/api"
ynh_secure_remove --file="$final_path/front"
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path/api" --source_id="api" ynh_setup_source --dest_dir="$install_dir/api" --source_id="api"
ynh_setup_source --dest_dir="$final_path/front" --source_id="front" ynh_setup_source --dest_dir="$install_dir/front" --source_id="front"
fi fi
chmod 750 "$final_path" chmod 750 "$install_dir"
chmod -R o-rwx "$final_path" chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$final_path" chown -R $app:www-data "$install_dir"
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=1
ynh_install_app_dependencies $pkg_dependencies
#================================================= #=================================================
# NGINX CONFIGURATION # NGINX CONFIGURATION
@ -189,15 +114,15 @@ ynh_add_nginx_config
#================================================= #=================================================
ynh_script_progression --message="Installing Python dependencies..." --weight=1 ynh_script_progression --message="Installing Python dependencies..." --weight=1
pushd $final_path pushd $install_dir
ynh_secure_remove --file="$final_path/virtualenv" ynh_secure_remove --file="$install_dir/virtualenv"
python3 -m venv $final_path/virtualenv python3 -m venv $install_dir/virtualenv
source $final_path/virtualenv/bin/activate source $install_dir/virtualenv/bin/activate
pip install --upgrade pip pip install --upgrade pip
pip install --upgrade setuptools pip install --upgrade setuptools
ynh_exec_warn_less pip install wheel ynh_exec_warn_less pip install wheel toml
# Workaround for error AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK' # Workaround for error AttributeError: module 'lib' has no attribute 'X509_V_FLAG_CB_ISSUER_CHECK'
ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$final_path/api/requirements/base.txt" ynh_replace_string --match_string="pyOpenSSL~=20.0.1" --replace_string="pyOpenSSL~=21.0.0" --target_file="$install_dir/api/requirements/base.txt"
ynh_exec_warn_less pip install -r api/requirements.txt ynh_exec_warn_less pip install -r api/requirements.txt
popd popd
@ -206,18 +131,18 @@ popd
#================================================= #=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1 ynh_script_progression --message="Updating a configuration file..." --weight=1
ynh_add_config --template="../conf/env.prod" --destination="$final_path/config/.env" ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/.env"
chmod 400 "$final_path/config/.env" chmod 400 "$install_dir/config/.env"
chown $app:$app "$final_path/config/.env" chown $app:$app "$install_dir/config/.env"
#================================================= #=================================================
# UPGRADE FUNKWHALE # UPGRADE FUNKWHALE
#================================================= #=================================================
ynh_script_progression --message="Upgrading Funkwhale..." --weight=1 ynh_script_progression --message="Upgrading Funkwhale..." --weight=1
pushd $final_path pushd $install_dir
source $final_path/virtualenv/bin/activate source $install_dir/virtualenv/bin/activate
echo "yes" | ynh_exec_warn_less python api/manage.py collectstatic --clear --noinput echo "yes" | ynh_exec_warn_less python api/manage.py collectstatic --clear --noinput
@ -227,9 +152,9 @@ pushd $final_path
ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name" ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name"
popd popd
chmod 750 "$final_path" chmod 750 "$install_dir"
chmod -R o-rwx "$final_path" chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$final_path" chown -R $app:www-data "$install_dir"
#================================================= #=================================================
# SETUP SYSTEMD # SETUP SYSTEMD
@ -272,13 +197,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=1
# Create a dedicated Fail2Ban config # Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-access.log" --failregex="<HOST>.* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5 ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-access.log" --failregex="<HOST>.* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

8
tests.toml Normal file
View file

@ -0,0 +1,8 @@
test_format = 1.0
[default]
exclude = ["install.nourl"]
test_upgrade_from.7a50028.name = "Upgrade from 1.2.9"
test_upgrade_from.945e3d4.name = "Upgrade from 1.2.10~ynh1"