mirror of
https://github.com/YunoHost-Apps/funkwhale_ynh.git
synced 2024-09-03 18:36:24 +02:00
Stick to official install process
This commit is contained in:
yalh76
parent
1c694b7288
commit
f7977494f3
10 changed files with 134 additions and 206 deletions
|
|
@ -1,5 +1,5 @@
|
|||
[Unit]
|
||||
Description=Funkwhale (__APP__) celery beat process
|
||||
Description=__APP__ celery beat process
|
||||
After=redis.service postgresql.service
|
||||
PartOf=__APP__.target
|
||||
|
||||
|
|
@ -8,21 +8,7 @@ User=__APP__
|
|||
Group=__APP__
|
||||
WorkingDirectory=__FINALPATH__/api
|
||||
EnvironmentFile=__FINALPATH__/config/.env
|
||||
ExecStart=__FINALPATH__/virtualenv/bin/celery -A funkwhale_api.taskapp beat --loglevel INFO --logfile=/var/log/__APP__/beat.log
|
||||
|
||||
#NoNewPrivileges=true
|
||||
#PrivateDevices=true
|
||||
#PrivateTmp=true
|
||||
#ProtectHome=true
|
||||
#ProtectSystem=strict
|
||||
#ProtectControlGroups=yes
|
||||
#ProtectKernelModules=yes
|
||||
#ReadOnlyPaths=__FINALPATH__/config/.env __FINALPATH__/
|
||||
#ReadWritePaths=__DATADIR__/media __DATADIR__/music __FINALPATH__/api /var/log/__APP__
|
||||
|
||||
StandardOutput=syslog
|
||||
StandardError=syslog
|
||||
SyslogIdentifier=__APP__-beat
|
||||
ExecStart=__FINALPATH__/virtualenv/bin/celery -A funkwhale_api.taskapp beat -l INFO
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
[Unit]
|
||||
Description=Funkwhale (__APP__) application server
|
||||
Description=__APP__ application server
|
||||
After=redis.service postgresql.service
|
||||
PartOf=__APP__.target
|
||||
|
||||
|
|
@ -10,19 +10,5 @@ WorkingDirectory=__FINALPATH__/api
|
|||
EnvironmentFile=__FINALPATH__/config/.env
|
||||
ExecStart=__FINALPATH__/virtualenv/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}
|
||||
|
||||
#NoNewPrivileges=true
|
||||
#PrivateDevices=true
|
||||
#PrivateTmp=true
|
||||
#ProtectHome=true
|
||||
#ProtectSystem=strict
|
||||
#ProtectControlGroups=yes
|
||||
#ProtectKernelModules=yes
|
||||
#ReadOnlyPaths=__FINALPATH__/config/.env __FINALPATH__/
|
||||
#ReadWritePaths=__DATADIR__/media __DATADIR__/music /var/log/__APP__
|
||||
|
||||
StandardOutput=syslog
|
||||
StandardError=syslog
|
||||
SyslogIdentifier=__APP__-server
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
[Unit]
|
||||
Description=Funkwhale (__APP__) celery worker
|
||||
Description=__APP__ celery worker
|
||||
After=redis.service postgresql.service
|
||||
PartOf=__APP__.target
|
||||
|
||||
|
|
@ -8,21 +8,7 @@ User=__APP__
|
|||
Group=__APP__
|
||||
WorkingDirectory=__FINALPATH__/api
|
||||
EnvironmentFile=__FINALPATH__/config/.env
|
||||
ExecStart=__FINALPATH__/virtualenv/bin/celery -A funkwhale_api.taskapp worker --loglevel INFO --logfile=/var/log/__APP__/worker.log
|
||||
|
||||
#NoNewPrivileges=true
|
||||
#PrivateDevices=true
|
||||
#PrivateTmp=true
|
||||
#ProtectHome=true
|
||||
#ProtectSystem=strict
|
||||
#ProtectControlGroups=yes
|
||||
#ProtectKernelModules=yes
|
||||
#ReadOnlyPaths=__FINALPATH__/config/.env __FINALPATH__/
|
||||
#ReadWritePaths=__DATADIR__/media __DATADIR__/music /var/log/__APP__
|
||||
|
||||
StandardOutput=syslog
|
||||
StandardError=syslog
|
||||
SyslogIdentifier=__APP__-worker
|
||||
ExecStart=__FINALPATH__/virtualenv/bin/celery -A funkwhale_api.taskapp worker -l INFO --concurrency=0
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
@ -1,3 +1,5 @@
|
|||
root __FINALPATH__/front/dist;
|
||||
|
||||
location / {
|
||||
|
||||
# Force usage of https
|
||||
|
|
@ -50,6 +52,7 @@ location /front/embed.html {
|
|||
}
|
||||
|
||||
location /federation/ {
|
||||
|
||||
# global proxy conf
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
|
@ -63,11 +66,13 @@ location /federation/ {
|
|||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
proxy_pass http://127.0.0.1:__PORT__/federation/;
|
||||
}
|
||||
|
||||
# You can comment this if you do not plan to use the Subsonic API
|
||||
location /rest/ {
|
||||
|
||||
# global proxy conf
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
|
@ -81,10 +86,12 @@ location /rest/ {
|
|||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
proxy_pass http://127.0.0.1:__PORT__/api/subsonic/rest/;
|
||||
}
|
||||
|
||||
location /.well-known/ {
|
||||
|
||||
# global proxy conf
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
|
|
@ -98,6 +105,7 @@ location /.well-known/ {
|
|||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
proxy_pass http://127.0.0.1:__PORT__/.well-known/;
|
||||
}
|
||||
|
||||
|
|
@ -105,12 +113,12 @@ location /media/ {
|
|||
alias __DATADIR__/media/;
|
||||
}
|
||||
|
||||
location /_protected/media/ {
|
||||
location /_protected/media {
|
||||
# this is an internal location that is used to serve
|
||||
# audio files once correct permission / authentication
|
||||
# has been checked on API side
|
||||
internal;
|
||||
alias __DATADIR__/media/;
|
||||
alias __DATADIR__/media;
|
||||
}
|
||||
|
||||
# Comment the previous location and uncomment this one if you're storing
|
||||
|
|
@ -122,13 +130,13 @@ location /_protected/media/ {
|
|||
# proxy_pass $1;
|
||||
# }
|
||||
|
||||
location /_protected/music/ {
|
||||
location /_protected/music {
|
||||
# this is an internal location that is used to serve
|
||||
# audio files once correct permission / authentication
|
||||
# has been checked on API side
|
||||
# Set this to the same value as your MUSIC_DIRECTORY_PATH setting
|
||||
internal;
|
||||
alias __DATADIR__/music/;
|
||||
alias __DATADIR__/music;
|
||||
}
|
||||
|
||||
location /staticfiles/ {
|
||||
|
|
|
|||
|
|
@ -29,32 +29,16 @@
|
|||
{
|
||||
"name": "domain",
|
||||
"type": "domain",
|
||||
"ask": {
|
||||
"en": "Choose a domain for Funkwhale",
|
||||
"fr": "Choisissez un nom de domaine pour Funkwhale"
|
||||
},
|
||||
"example": "example.com"
|
||||
},
|
||||
{
|
||||
"name": "admin",
|
||||
"type": "user",
|
||||
"ask": {
|
||||
"en": "Choose an admin user",
|
||||
"fr": "Choisissez l'administrateur"
|
||||
},
|
||||
"example": "sporiff"
|
||||
"example": "johndoe"
|
||||
},
|
||||
{
|
||||
"name": "is_public",
|
||||
"type": "boolean",
|
||||
"ask": {
|
||||
"en": "Is it a public application?",
|
||||
"fr": "Est-ce une application publique ?"
|
||||
},
|
||||
"help": {
|
||||
"en": "Allows unauthenticated users to access the user interface (mandatory for federation).",
|
||||
"fr": "Permet aux utilisateurs non authentifiés d'accéder à l'interface utilisateur (obligatoire pour la fédération)."
|
||||
},
|
||||
"default": true
|
||||
}
|
||||
]
|
||||
|
|
|
|||
|
|
@ -152,6 +152,7 @@ ynh_app_setting_set --app=$app --key=key --value=$key
|
|||
ynh_app_setting_set --app=$app --key=redis_db --value=$redis_db
|
||||
|
||||
ynh_add_config --template="../conf/env.prod" --destination="$final_path/config/.env"
|
||||
chmod 600 $final_path/config/.env
|
||||
|
||||
#=================================================
|
||||
# BUILDING FUNKWHALE
|
||||
|
|
@ -191,21 +192,16 @@ ynh_script_progression --message="Securing files and directories..."
|
|||
|
||||
# Set permissions to app files
|
||||
chown -R $app: $final_path
|
||||
chmod -R 755 "$final_path/front/dist/"
|
||||
|
||||
chown -R $app: $datadir
|
||||
|
||||
mkdir -p "/var/log/$app"
|
||||
chown -R $app: "/var/log/$app"
|
||||
|
||||
#=================================================
|
||||
# INTEGRATE SERVICE IN YUNOHOST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..."
|
||||
|
||||
yunohost service add "${app}-beat" --log="/var/log/$app/beat.log"
|
||||
yunohost service add "${app}-server" --log="/var/log/$app/server.log"
|
||||
yunohost service add "${app}-worker" --log="/var/log/$app/worker.log"
|
||||
yunohost service add "${app}-beat" --log_type systemd
|
||||
yunohost service add "${app}-server" --log_type systemd
|
||||
yunohost service add "${app}-worker" --log_type systemd
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
|
|
@ -223,7 +219,7 @@ ynh_systemd_action --service_name="${app}-worker" --action="start" --log_path="s
|
|||
ynh_script_progression --message="Configuring Fail2Ban..."
|
||||
|
||||
# Create a dedicated Fail2Ban config
|
||||
ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-access.log" --failregex="<HOST>.* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5
|
||||
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-access.log" --failregex="<HOST>.* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5
|
||||
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
|
|
|
|||
|
|
@ -112,16 +112,6 @@ ynh_script_progression --message="Removing Fail2ban configuration..."
|
|||
# Remove the dedicated Fail2Ban config
|
||||
ynh_remove_fail2ban_config
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC REMOVE
|
||||
#=================================================
|
||||
# REMOVE VARIOUS FILES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing various files..."
|
||||
|
||||
# Remove the log files
|
||||
ynh_secure_remove --file="/var/log/$app"
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
|
|
|
|||
|
|
@ -92,13 +92,8 @@ ynh_script_progression --message="Restoring user rights..."
|
|||
|
||||
# Restore permissions on app files
|
||||
chown -R $app: $final_path
|
||||
chmod -R 755 "$final_path/front/dist/"
|
||||
|
||||
chown -R $app: $datadir
|
||||
|
||||
mkdir -p "/var/log/$app"
|
||||
chown -R $app: "/var/log/$app"
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC RESTORATION
|
||||
#=================================================
|
||||
|
|
@ -137,9 +132,9 @@ systemctl enable "$app-worker.service" --quiet
|
|||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..."
|
||||
|
||||
yunohost service add "${app}-beat" --log="/var/log/$app/beat.log"
|
||||
yunohost service add "${app}-server" --log="/var/log/$app/server.log"
|
||||
yunohost service add "${app}-worker" --log="/var/log/$app/worker.log"
|
||||
yunohost service add "${app}-beat" --log_type systemd
|
||||
yunohost service add "${app}-server" --log_type systemd
|
||||
yunohost service add "${app}-worker" --log_type systemd
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
|
|
|
|||
|
|
@ -88,16 +88,17 @@ if [ -z "$datadir" ]; then
|
|||
ynh_script_progression --message="Moving datas..."
|
||||
datadir="/home/yunohost.app/${app}/data"
|
||||
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
|
||||
mv $finalpath/code/data/static $datadir/static
|
||||
mv $finalpath/media $datadir/media
|
||||
mv $finalpath/import $datadir/music
|
||||
mv $final_path/code/data/static $datadir/static
|
||||
mv $final_path/media $datadir/media
|
||||
mv $final_path/import $datadir/music
|
||||
|
||||
ynh_backup_if_checksum_is_different --file="$finalpath/code/config/.env"
|
||||
mv $finalpath/code/config $finalpath/config
|
||||
ynh_store_file_checksum --file="$finalpath/config/.env"
|
||||
ynh_delete_file_checksum --file="$finalpath/code/config/.env"
|
||||
ynh_backup_if_checksum_is_different --file="$final_path/code/config/.env"
|
||||
mv $final_path/code/config $final_path/config
|
||||
chmod 600 $final_path/config/.env
|
||||
ynh_store_file_checksum --file="$final_path/config/.env"
|
||||
ynh_delete_file_checksum --file="$final_path/code/config/.env"
|
||||
|
||||
ynh_secure_remove --file="$finalpath/code"
|
||||
ynh_secure_remove --file="$final_path/code"
|
||||
configfile="$final_path/code/config/.env"
|
||||
fi
|
||||
|
||||
|
|
@ -163,6 +164,7 @@ popd
|
|||
ynh_script_progression --message="Modifying a config file..."
|
||||
|
||||
ynh_add_config --template="../conf/env.prod" --destination="$final_path/config/.env"
|
||||
chmod 600 $final_path/config/.env
|
||||
|
||||
#=================================================
|
||||
# MIGRATE FUNKWHALE
|
||||
|
|
@ -219,21 +221,16 @@ ynh_script_progression --message="Securing files and directories..."
|
|||
|
||||
# Set permissions on app files
|
||||
chown -R $app: "$final_path"
|
||||
chmod -R 755 "$final_path/front/dist/"
|
||||
|
||||
chown -R $app: $datadir
|
||||
|
||||
mkdir -p "/var/log/$app"
|
||||
chown -R $app: "/var/log/$app"
|
||||
|
||||
#=================================================
|
||||
# INTEGRATE SERVICE IN YUNOHOST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..."
|
||||
|
||||
yunohost service add "${app}-beat" --log="/var/log/$app/beat.log"
|
||||
yunohost service add "${app}-server" --log="/var/log/$app/server.log"
|
||||
yunohost service add "${app}-worker" --log="/var/log/$app/worker.log"
|
||||
yunohost service add "${app}-beat" --log_type systemd
|
||||
yunohost service add "${app}-server" --log_type systemd
|
||||
yunohost service add "${app}-worker" --log_type systemd
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue