Merge pull request #232 from YunoHost-Apps/cleanup-for-1.3.0

Cleanup for 1.3.0

README.md

@@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 
 Funkwhale is a community-driven project that lets you listen and share music and audio within a decentralized, open network. 
 
-**Shipped version:** 1.3.0~ynh2
+**Shipped version:** 1.3.0~ynh3
 
 **Demo:** https://demo.funkwhale.audio
 

README_fr.md

@@ -18,7 +18,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
 
 Funkwhale est un projet communautaire qui vous permet d'écouter et de partager de la musique et de l'audio au sein d'un réseau ouvert et décentralisé. 
 
-**Version incluse :** 1.3.0~ynh2
+**Version incluse :** 1.3.0~ynh3
 
 **Démo :** https://demo.funkwhale.audio
 

conf/env.prod

@@ -36,7 +36,7 @@ FUNKWHALE_API_IP=127.0.0.1
 FUNKWHALE_API_PORT=__PORT__
 # The number of web workers to start in parallel. Higher means you can handle
 # more concurrent requests, but also leads to higher CPU/Memory usage
-FUNKWHALE_WEB_WORKERS=6
+FUNKWHALE_WEB_WORKERS=4
 # Replace this by the definitive, public domain you will use for
 # your instance. It cannot be changed after initial deployment
 # without breaking your instance.
@@ -140,7 +140,7 @@ DJANGO_SECRET_KEY=__KEY__
 #   # MUSIC_DIRECTORY_SERVE_PATH= # stays commented, not needed
 
 MUSIC_DIRECTORY_PATH=__DATA_DIR__/data/music
-#MUSIC_DIRECTORY_SERVE_PATH=__DATA_DIR__/data/import
+MUSIC_DIRECTORY_SERVE_PATH=__DATA_DIR__/data/music
 
 # LDAP settings
 # Use the following options to allow authentication on your Funkwhale instance

conf/funkwhale-beat.service

@@ -8,7 +8,11 @@ User=__APP__
 Group=__APP__
 WorkingDirectory=__INSTALL_DIR__/api
 EnvironmentFile=__INSTALL_DIR__/config/.env
-ExecStart=__INSTALL_DIR__/venv/bin/celery -A funkwhale_api.taskapp beat -l INFO
+
+ExecStart=__INSTALL_DIR__/venv/bin/celery \
+    --app funkwhale_api.taskapp \
+    beat \
+    --loglevel INFO
 
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these
@@ -45,4 +49,4 @@ CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
 CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target

conf/funkwhale-server.service

@@ -6,9 +6,21 @@ PartOf=__APP__.target
 [Service]
 User=__APP__
 Group=__APP__
+StandardOutput=append:/var/log/__APP__/__APP__.log
 WorkingDirectory=__INSTALL_DIR__/api
 EnvironmentFile=__INSTALL_DIR__/config/.env
-ExecStart=__INSTALL_DIR__/venv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}
+
+Type=notify
+KillMode=mixed
+ExecStart=__INSTALL_DIR__/venv/bin/gunicorn \
+    config.asgi:application \
+    --workers ${FUNKWHALE_WEB_WORKERS} \
+    --worker-class uvicorn.workers.UvicornWorker \
+    --bind ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}
+    --timeout 120
+    --error-logfile /var/log/__APP__/__APP__-worker.log
+ExecReload=/bin/kill -s HUP $MAINPID
+
 
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
@@ -23,4 +35,4 @@ CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
 CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target

conf/funkwhale-worker.service

@@ -7,8 +7,14 @@ PartOf=__APP__.target
 User=__APP__
 Group=__APP__
 WorkingDirectory=__INSTALL_DIR__/api
+Environment="CELERYD_CONCURRENCY=0"
 EnvironmentFile=__INSTALL_DIR__/config/.env
-ExecStart=__INSTALL_DIR__/venv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=0
+
+ExecStart=__INSTALL_DIR__/venv/bin/celery \
+    --app funkwhale_api.taskapp \
+    worker \
+    --loglevel INFO \
+    --concurrency=${CELERYD_CONCURRENCY}
 
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these
@@ -45,4 +51,4 @@ CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
 CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target

conf/funkwhale.target

@@ -1,3 +1,6 @@
 [Unit]
 Description=Funkwhale (__APP__)
 Wants=__APP__-server.service __APP__-worker.service __APP__-beat.service
+
+[Install]
+WantedBy=multi-user.target

conf/nginx.conf

@@ -108,7 +108,7 @@ location /media/attachments/ {
 # has been checked on API side.
 # Comment the "NON-S3" commented lines and uncomment "S3" commented lines
 # if you're storing media files in a S3 bucket.
-location ~ /_protected/media/(.+)/ {
+location /_protected/media/ {
   internal;
   alias  __DATA_DIR__/data/media/$1;                                 # NON-S3
 # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932.

doc/ADMIN.md

@@ -6,6 +6,6 @@
 
 To add a collection of music files to a library in your YunoHost installation of Funkwhale, create a symlink to your collection titled "music" in `__DATA_DIR__/data`
 ```console
-foo@bar:~$sudo ln -s /your/music/collection __DATA_DIR__/data/music
+sudo ln -s /your/music/collection __DATA_DIR__/data/music
 ```
 The files can then be added to your library from the *uploading* tab in a music library under the heading **Import music from your server**.

doc/ADMIN_fr.md

@@ -2,8 +2,10 @@
 
 * Admin
   * L'administrateur utilise le login que vous avez fourni lors de l'installation. Le mot de passe est le même que celui que vous utilisez pour YunoHost.
-  * L'interface d'administration est accessible à l'adresse : __DOMAIN__/api/admin
+  * L'interface d'administration est accessible à l'adresse : `__DOMAIN__/api/admin`
 
 Pour ajouter une collection de fichiers musicaux à une bibliothèque dans votre installation YunoHost de Funkwhale, créez un lien symbolique vers votre collection intitulée "music" dans `__DATA_DIR__/data/`.
-`foo@bar:~$sudo ln -s /your/music/collection __DATA_DIR__/data/music`
+```console
+sudo ln -s /votre/collection/de/musique __DATA_DIR__/data/music
+```
 Les fichiers peuvent ensuite être ajoutés à votre bibliothèque à partir de l'onglet *Envoi* dans une bibliothèque musicale sous la rubrique **Importer de la musique de votre serveur**.

manifest.toml

@@ -5,7 +5,7 @@ name = "Funkwhale"
 description.en = "Convivial and modern music server"
 description.fr = "Serveur de musique moderne et convivial"
 
-version = "1.3.0~ynh2"
+version = "1.3.0~ynh3"
 
 maintainers = ["Thovi98"]
 
@@ -19,11 +19,11 @@ code = "https://dev.funkwhale.audio/funkwhale/funkwhale"
 fund = "https://next.funkwhale.audio/donate/"
 
 [integration]
-yunohost = ">= 11.1.19"
+yunohost = ">= 11.1.21"
 architectures = "all"
 multi_instance = true
-ldap = false
-sso = false
+ldap = true
+sso = true
 disk = "50M"
 ram.build = "50M"
 ram.runtime = "50M"

scripts/change_url

@@ -47,9 +47,9 @@ ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage fix_f
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --weight=1
 
-ynh_systemd_action --service_name="$app-beat" --action="start" --log_path="/var/log/$app/$app.log"
-ynh_systemd_action --service_name="$app-server" --action="start" --log_path="/var/log/$app/$app.log"
-ynh_systemd_action --service_name="$app-worker" --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name="$app-beat" --action="start" --log_path="/var/log/$app/${app}-beat.log"
+ynh_systemd_action --service_name="$app-server" --action="start" --log_path="/var/log/$app/${app}-server.log"
+ynh_systemd_action --service_name="$app-worker" --action="start" --log_path="/var/log/$app/${app}-worker.log"
 
 #=================================================
 # END OF SCRIPT

scripts/install

@@ -26,10 +26,6 @@ ynh_setup_source --dest_dir="$install_dir/front" --source_id="front"
 
 mkdir -p $install_dir/config
 
-chmod 750 "$install_dir"
-chmod -R o-rwx "$install_dir"
-chown -R $app:www-data "$install_dir"
-
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -46,11 +42,11 @@ ynh_add_nginx_config
 ynh_script_progression --message="Creating a data directory..." --weight=1
 
 mkdir -p $data_dir/data
-mkdir -p $data_dir/{static,media,music}
+mkdir -p $data_dir/data/{static,media,music}
 
 chmod 750 "$data_dir"
 chmod -R o-rwx "$data_dir/"
-chown -R $app:www-data "$data_dir/"
+chown -R $app:$app "$data_dir/"
 
 #=================================================
 # ADD A CONFIGURATION
@@ -112,6 +108,18 @@ chmod 750 "$install_dir"
 chmod -R o-rwx "$install_dir"
 chown -R $app:www-data "$install_dir"
 
+#=================================================
+# LOGROTATE
+#=================================================
+ynh_script_progression --message="Configuring logrotate to manage application logfiles" --weight=1
+
+# Use logrotate to manage application logfile(s)
+ynh_use_logrotate --specific_user=$app
+touch /var/log/$app/${app}-server.log
+touch /var/log/$app/${app}-worker.log
+touch /var/log/$app/${app}-beat.log
+chown -R $app:$app /var/log/$app/
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -119,9 +127,9 @@ chown -R $app:www-data "$install_dir"
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
 
-yunohost service add "${app}-beat"
-yunohost service add "${app}-server"
-yunohost service add "${app}-worker"
+yunohost service add "${app}-beat" --description="${app} celery beat process" --log="/var/log/$app/${app}-beat.log"
+yunohost service add "${app}-server" --description="${app} application server" --log="/var/log/$app/${app}-server.log"
+yunohost service add "${app}-worker" --description="${app} celery worker" --log="/var/log/$app/${app}-worker.log"
 
 #=================================================
 # START SYSTEMD SERVICE

scripts/remove

@@ -58,6 +58,17 @@ ynh_script_progression --message="Removing NGINX web server configuration..." --
 # Remove the dedicated NGINX config
 ynh_remove_nginx_config
 
+#=================================================
+# REMOVE LOGS
+#=================================================
+ynh_script_progression --message="Removing logs..."  --weight=5
+
+ynh_remove_logrotate
+
+# Remove the log files
+ynh_secure_remove --file="/var/log/$app"
+
+
 #=================================================
 # REMOVE FAIL2BAN CONFIGURATION
 #=================================================

scripts/restore

@@ -28,11 +28,11 @@ ynh_script_progression --message="Restoring the data directory..." --weight=1
 ynh_restore_file --origin_path="$data_dir/" --not_mandatory
 
 mkdir -p $data_dir/data
-mkdir -p $data_dir/{static,media,music}
+mkdir -p $data_dir/data/{static,media,music}
 
 chmod 750 "$data_dir/"
 chmod -R o-rwx "$data_dir/"
-chown -R $app:www-data "$data_dir/"
+chown -R $app:$app "$data_dir/"
 
 #=================================================
 # RESTORE THE NGINX CONFIGURATION
@@ -48,6 +48,18 @@ ynh_script_progression --message="Restoring the PostgreSQL database..." --weight
 
 ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name
 
+#=================================================
+# LOGROTATE
+#=================================================
+ynh_script_progression --message="Configuring logrotate to manage application logfiles" --weight=1
+
+# Use logrotate to manage application logfile(s)
+ynh_use_logrotate --specific_user=$app
+touch /var/log/$app/${app}-server.log
+touch /var/log/$app/${app}-worker.log
+touch /var/log/$app/${app}-beat.log
+chown -R $app:$app /var/log/$app/
+
 #=================================================
 # RESTORE SYSTEMD
 #=================================================
@@ -67,9 +79,13 @@ systemctl enable "${app}-worker.service" --quiet
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
 
-yunohost service add "${app}-beat"
-yunohost service add "${app}-server"
-yunohost service add "${app}-worker"
+ynh_add_systemd_config --service="${app}-server" --template="funkwhale-server.service"
+ynh_add_systemd_config --service="${app}-worker" --template="funkwhale-worker.service"
+ynh_add_systemd_config --service="${app}-beat"   --template="funkwhale-beat.service"
+
+yunohost service add "${app}-beat" --description="${app} celery beat process" --log="/var/log/$app/${app}-beat.log"
+yunohost service add "${app}-server" --description="${app} application server" --log="/var/log/$app/${app}-server.log"
+yunohost service add "${app}-worker" --description="${app} celery worker" --log="/var/log/$app/${app}-worker.log"
 
 #=================================================
 # START SYSTEMD SERVICE

scripts/upgrade

@@ -33,16 +33,16 @@ ynh_systemd_action --action="stop" --service_name="${app}-worker" --log_path="sy
 if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
 	ynh_script_progression --message="Upgrading source files..." --weight=1
+	
+	# Remove the old files
+	ynh_secure_remove --file="$install_dir/api"
+	ynh_secure_remove --file="$install_dir/front"
 
 	# Download, check integrity, uncompress and patch the source from app.src
 	ynh_setup_source --dest_dir="$install_dir/api" --source_id="api"
 	ynh_setup_source --dest_dir="$install_dir/front" --source_id="front"
 fi
 
-chmod 750 "$install_dir"
-chmod -R o-rwx "$install_dir"
-chown -R $app:www-data "$install_dir"
-
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -51,6 +51,15 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
+#=================================================
+# Assure correct permissions to $data_dir
+#=================================================
+ynh_script_progression --message="Assure correct permissions to $data_dir..." --weight=1
+
+chmod 750 "$data_dir"
+chmod -R o-rwx "$data_dir/"
+chown -R $app:$app "$data_dir/"
+
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================
@@ -90,6 +99,7 @@ pushd $install_dir
 
 	# needed for enabling the 'unaccent' extension
 	ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name"
+
 	ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage migrate
 	ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name"
 popd
@@ -98,6 +108,18 @@ chmod 750 "$install_dir"
 chmod -R o-rwx "$install_dir"
 chown -R $app:www-data "$install_dir"
 
+#=================================================
+# LOGROTATE
+#=================================================
+ynh_script_progression --message="Configuring logrotate to manage application logfiles" --weight=1
+
+# Use logrotate to manage application logfile(s)
+ynh_use_logrotate --specific_user=$app
+touch /var/log/$app/${app}-server.log
+touch /var/log/$app/${app}-worker.log
+touch /var/log/$app/${app}-beat.log
+chown -R $app:$app /var/log/$app/
+
 #=================================================
 # SETUP SYSTEMD
 #=================================================
@@ -117,9 +139,9 @@ ynh_add_systemd_config --service="${app}-beat"   --template="funkwhale-beat.serv
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
 
-yunohost service add "${app}-beat"
-yunohost service add "${app}-server"
-yunohost service add "${app}-worker"
+yunohost service add "${app}-beat" --description="${app} celery beat process" --log="/var/log/$app/${app}-beat.log"
+yunohost service add "${app}-server" --description="${app} application server" --log="/var/log/$app/${app}-server.log"
+yunohost service add "${app}-worker" --description="${app} celery worker" --log="/var/log/$app/${app}-worker.log"
 
 #=================================================
 # START SYSTEMD SERVICE