1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/galene_ynh.git synced 2024-09-03 18:36:31 +02:00
This commit is contained in:
Éric Gaspar 2024-07-30 14:53:47 +02:00
parent 1572388111
commit 64e8b3c2f1
8 changed files with 102 additions and 0 deletions

49
conf/stt.service Normal file
View file

@ -0,0 +1,49 @@
[Unit]
Description=Galène: Speech-to-text support for Galene
Documentation=https://galene.org
After=network.target
[Service]
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__INSTALL_DIR__/stt/
ExecStart=__INSTALL_DIR__/stt/galene-stt 127.0.0.1:__PORT_STT__:/group/public/stt
LimitNOFILE=65536
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectClock=yes
ProtectHostname=yes
ProtectProc=invisible
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

View file

@ -77,6 +77,17 @@ ram.runtime = "50M"
autoupdate.upstream = "https://github.com/jech/galene-ldap"
autoupdate.strategy = "latest_github_commit"
[resources.sources.whisper]
url = "https://github.com/ggerganov/whisper.cpp/archive/refs/tags/v1.6.2.tar.gz"
sha256 = "da7988072022acc3cfa61b370b3c51baad017f1900c3dc4e68cb276499f66894"
autoupdate.strategy = "latest_github_tag"
[resources.sources.galene-stt]
url = "https://github.com/jech/galene-stt/archive/d2aa2ae4932cf04be33718bb39a08a91fa7777f4.tar.gz"
sha256 = "08bc36b5ff4ddff05c0522cfc5c0eef98da18725880c7ed6e2e22071e226ff3d"
autoupdate.upstream = "https://github.com/jech/galene-stt"
autoupdate.strategy = "latest_github_commit"
[resources.system_user]
[resources.install_dir]
@ -90,6 +101,7 @@ ram.runtime = "50M"
[resources.ports]
main.default = 8095
ldap.default = 8096
stt.default = 8443
turn.default = 1194
turn.exposed = "Both"

View file

@ -35,6 +35,7 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup --src_path="/etc/systemd/system/$app.service"
ynh_backup --src_path="/etc/systemd/system/${app}_ldap.service"
ynh_backup --src_path="/etc/systemd/system/${app}_stt.service"
#=================================================
# END OF SCRIPT

View file

@ -26,6 +26,7 @@ ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
ynh_systemd_action --service_name=${app}_ldap --action="stop" --log_path="systemd"
ynh_systemd_action --service_name=${app}_stt --action="stop" --log_path="systemd"
#=================================================
# MODIFY URL IN NGINX CONF
@ -72,6 +73,7 @@ ynh_script_progression --message="Starting a systemd service..." --weight=3
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
ynh_systemd_action --service_name=${app}_ldap --action="start" --log_path="systemd"
ynh_systemd_action --service_name=${app}_stt --action="start" --log_path="systemd"
#=================================================
# END OF SCRIPT

View file

@ -34,6 +34,8 @@ ynh_script_progression --message="Setting up source files..." --weight=1
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$install_dir/build"
ynh_setup_source --dest_dir="$install_dir/build_ldap" --source_id="ldap"
ynh_setup_source --dest_dir="$install_dir/stt/whisper.cpp/" --source_id="whisper"
ynh_setup_source --dest_dir="$install_dir/build_stt" --source_id="stt"
mkdir -p "$install_dir/live/data"
mkdir -p "$install_dir/live_ldap/data"
@ -44,6 +46,19 @@ ynh_replace_string --match_string="<div class=\"galene-header\">Galène</div>" -
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
#Build and install whisper.cpp:
pushd $install_dir/stt/whisper.cpp/
mkdir build
cd build
cmake ..
make -j
sudo make install
popd
#Download your favourite model:
$install_dir/stt/whisper.cpp/models/download-ggml-model.sh base.en
#=================================================
# SPECIFIC SETUP
#=================================================
@ -66,9 +81,16 @@ pushd $install_dir/build_ldap/
ynh_exec_warn_less ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $install_dir/live_ldap/
popd
pushd $install_dir/build_stt/
ynh_exec_warn_less ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $install_dir/stt/
ln -s $install_dir/stt/whisper.cpp/models .
popd
ynh_remove_go
ynh_secure_remove --file="$install_dir/build/"
ynh_secure_remove --file="$install_dir/build_ldap/"
ynh_secure_remove --file="$install_dir/build_stt/"
ynh_secure_remove --file="$install_dir/.cache/"
ynh_secure_remove --file="$install_dir/go/"
ynh_secure_remove --file="$install_dir/.go-version"
@ -118,9 +140,11 @@ ynh_add_nginx_config
# Create a dedicated systemd config
ynh_add_systemd_config
ynh_add_systemd_config --service=${app}_ldap --template="ldap.service"
ynh_add_systemd_config --service=${app}_stt --template="stt.service"
yunohost service add $app --description="Videoconferencing server" --needs_exposed_ports="$port_turn"
yunohost service add ${app}_ldap --description="LDAP integration for the videoconferencing server"
yunohost service add ${app}_stt --description="Speech-to-text support for Galene"
#=================================================
# START SYSTEMD SERVICE
@ -130,6 +154,7 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
ynh_systemd_action --service_name=${app}_ldap --action="start" --log_path="systemd"
ynh_systemd_action --service_name=${app}_stt --action="start" --log_path="systemd"
#=================================================
# END OF SCRIPT

View file

@ -28,10 +28,17 @@ then
ynh_script_progression --message="Removing ${app}_ldap service integration..." --weight=1
yunohost service remove ${app}_ldap
fi
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status ${app}_stt >/dev/null
then
ynh_script_progression --message="Removing ${app}_stt service integration..." --weight=1
yunohost service remove ${app}_stt
fi
# Remove the dedicated systemd config
ynh_remove_systemd_config
ynh_remove_systemd_config --service=${app}_ldap
ynh_remove_systemd_config --service=${app}_stt
# Remove the dedicated NGINX config
ynh_remove_nginx_config

View file

@ -40,10 +40,12 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
ynh_restore_file --origin_path="/etc/systemd/system/${app}_ldap.service"
ynh_restore_file --origin_path="/etc/systemd/system/${app}_stt.service"
systemctl enable $app.service --quiet
yunohost service add $app --description="Videoconferencing server" --needs_exposed_ports="$port_turn"
yunohost service add ${app}_ldap --description="LDAP integration for the videoconferencing server"
yunohost service add ${app}_stt --description="Speech-to-text support for Galene"
#=================================================
# GENERIC FINALIZATION
@ -54,6 +56,7 @@ ynh_script_progression --message="Reloading NGINX web server and $app's service.
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
ynh_systemd_action --service_name=${app}_ldap --action="start" --log_path="systemd"
ynh_systemd_action --service_name=${app}_stt --action="start" --log_path="systemd"
ynh_systemd_action --service_name=nginx --action=reload

View file

@ -137,9 +137,11 @@ ynh_add_nginx_config
# Create a dedicated systemd config
ynh_add_systemd_config
ynh_add_systemd_config --service=${app}_ldap --template="ldap.service"
ynh_add_systemd_config --service=${app}_stt --template="stt.service"
yunohost service add $app --description="Videoconferencing server" --needs_exposed_ports="$port_turn"
yunohost service add ${app}_ldap --description="LDAP integration for the videoconferencing server"
yunohost service add ${app}_stt --description="Speech-to-text support for Galene"
#=================================================
# START SYSTEMD SERVICE
@ -148,6 +150,7 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
ynh_systemd_action --service_name=${app}_ldap --action="start" --log_path="systemd"
ynh_systemd_action --service_name=${app}_stt --action="start" --log_path="systemd"
#=================================================
# END OF SCRIPT