some cleaning for 1.3.0

conf/env.prod

@@ -36,7 +36,7 @@ FUNKWHALE_API_IP=127.0.0.1
 FUNKWHALE_API_PORT=__PORT__
 # The number of web workers to start in parallel. Higher means you can handle
 # more concurrent requests, but also leads to higher CPU/Memory usage
-FUNKWHALE_WEB_WORKERS=6
+FUNKWHALE_WEB_WORKERS=4
 # Replace this by the definitive, public domain you will use for
 # your instance. It cannot be changed after initial deployment
 # without breaking your instance.
@@ -44,7 +44,7 @@ FUNKWHALE_HOSTNAME=__DOMAIN__
 FUNKWHALE_PROTOCOL=https
 
 # Log level (debug, info, warning, error, critical)
-LOGLEVEL=error
+LOGLEVEL=debug
 
 # Configure e-mail sending using this variale
 # By default, funkwhale will output e-mails sent to stdout
@@ -140,7 +140,7 @@ DJANGO_SECRET_KEY=__KEY__
 #   # MUSIC_DIRECTORY_SERVE_PATH= # stays commented, not needed
 
 MUSIC_DIRECTORY_PATH=__DATA_DIR__/data/music
-#MUSIC_DIRECTORY_SERVE_PATH=__DATA_DIR__/data/import
+MUSIC_DIRECTORY_SERVE_PATH=__DATA_DIR__/data/music
 
 # LDAP settings
 # Use the following options to allow authentication on your Funkwhale instance

conf/funkwhale-beat.service

@@ -8,7 +8,11 @@ User=__APP__
 Group=__APP__
 WorkingDirectory=__INSTALL_DIR__/api
 EnvironmentFile=__INSTALL_DIR__/config/.env
-ExecStart=__INSTALL_DIR__/venv/bin/celery -A funkwhale_api.taskapp beat -l INFO
+
+ExecStart=__INSTALL_DIR__/venv/bin/celery \
+    --app funkwhale_api.taskapp \
+    beat \
+    --loglevel INFO
 
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these

conf/funkwhale-server.service

@@ -8,7 +8,16 @@ User=__APP__
 Group=__APP__
 WorkingDirectory=__INSTALL_DIR__/api
 EnvironmentFile=__INSTALL_DIR__/config/.env
-ExecStart=__INSTALL_DIR__/venv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}
+
+Type=notify
+KillMode=mixed
+ExecStart=__INSTALL_DIR__/venv/bin/gunicorn \
+    config.asgi:application \
+    --workers ${FUNKWHALE_WEB_WORKERS} \
+    --worker-class uvicorn.workers.UvicornWorker \
+    --bind ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}
+ExecReload=/bin/kill -s HUP $MAINPID
+
 
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html

conf/funkwhale-worker.service

@@ -7,8 +7,14 @@ PartOf=__APP__.target
 User=__APP__
 Group=__APP__
 WorkingDirectory=__INSTALL_DIR__/api
+Environment="CELERYD_CONCURRENCY=0"
 EnvironmentFile=__INSTALL_DIR__/config/.env
-ExecStart=__INSTALL_DIR__/venv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=0
+
+ExecStart=__INSTALL_DIR__/venv/bin/celery \
+    --app funkwhale_api.taskapp \
+    worker \
+    --loglevel INFO \
+    --concurrency=${CELERYD_CONCURRENCY}
 
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these

conf/funkwhale.target

@@ -1,3 +1,6 @@
 [Unit]
 Description=Funkwhale (__APP__)
 Wants=__APP__-server.service __APP__-worker.service __APP__-beat.service
+
+[Install]
+WantedBy=multi-user.target

manifest.toml

@@ -19,11 +19,11 @@ code = "https://dev.funkwhale.audio/funkwhale/funkwhale"
 fund = "https://next.funkwhale.audio/donate/"
 
 [integration]
-yunohost = ">= 11.1.19"
+yunohost = ">= 11.1.21"
 architectures = "all"
 multi_instance = true
-ldap = false
+ldap = true
-sso = false
+sso = true
 disk = "50M"
 ram.build = "50M"
 ram.runtime = "50M"

scripts/install

@@ -46,7 +46,7 @@ ynh_add_nginx_config
 ynh_script_progression --message="Creating a data directory..." --weight=1
 
 mkdir -p $data_dir/data
-mkdir -p $data_dir/{static,media,music}
+mkdir -p $data_dir/data/{static,media,music}
 
 chmod 750 "$data_dir"
 chmod -R o-rwx "$data_dir/"

scripts/upgrade

@@ -33,6 +33,10 @@ ynh_systemd_action --action="stop" --service_name="${app}-worker" --log_path="sy
 if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
 	ynh_script_progression --message="Upgrading source files..." --weight=1
+	
+	# Remove the old files
+	ynh_secure_remove --file="$install_dir/api"
+	ynh_secure_remove --file="$install_dir/api"
 
 	# Download, check integrity, uncompress and patch the source from app.src
 	ynh_setup_source --dest_dir="$install_dir/api" --source_id="api"
@@ -51,6 +55,15 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
+#=================================================
+# Assure correct permissions to $data_dir
+#=================================================
+ynh_script_progression --message="Assure correct permissions to $data_dir..." --weight=1
+
+chmod 750 "$data_dir"
+chmod -R o-rwx "$data_dir/"
+chown -R $app:www-data "$data_dir/"
+
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================
@@ -90,6 +103,7 @@ pushd $install_dir
 
 	# needed for enabling the 'unaccent' extension
 	ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name"
+
 	ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage migrate
 	ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name"
 popd