add STT

2024-09-03 18:36:31 +02:00 · 2024-07-30 14:53:47 +02:00 · 2024-07-30 14:53:47 +02:00 · 64e8b3c2f1
commit 64e8b3c2f1
parent 1572388111
8 changed files with 102 additions and 0 deletions
--- a/conf/stt.service
+++ b/conf/stt.service
@ -0,0 +1,49 @@
+[Unit]
+Description=Galène: Speech-to-text support for Galene
+Documentation=https://galene.org
+After=network.target
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+WorkingDirectory=__INSTALL_DIR__/stt/
+ExecStart=__INSTALL_DIR__/stt/galene-stt 127.0.0.1:__PORT_STT__:/group/public/stt
+LimitNOFILE=65536
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectClock=yes
+ProtectHostname=yes
+ProtectProc=invisible
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallArchitectures=native
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
+
+[Install]
+WantedBy=multi-user.target
--- a/manifest.toml
+++ b/manifest.toml
@ -77,6 +77,17 @@ ram.runtime = "50M"
    autoupdate.upstream = "https://github.com/jech/galene-ldap"
    autoupdate.strategy = "latest_github_commit"

+    [resources.sources.whisper]
+    url = "https://github.com/ggerganov/whisper.cpp/archive/refs/tags/v1.6.2.tar.gz"
+    sha256 = "da7988072022acc3cfa61b370b3c51baad017f1900c3dc4e68cb276499f66894"
+    autoupdate.strategy = "latest_github_tag"
+
+    [resources.sources.galene-stt]
+    url = "https://github.com/jech/galene-stt/archive/d2aa2ae4932cf04be33718bb39a08a91fa7777f4.tar.gz"
+    sha256 = "08bc36b5ff4ddff05c0522cfc5c0eef98da18725880c7ed6e2e22071e226ff3d"
+    autoupdate.upstream = "https://github.com/jech/galene-stt"
+    autoupdate.strategy = "latest_github_commit"
+
    [resources.system_user]

    [resources.install_dir]
@ -90,6 +101,7 @@ ram.runtime = "50M"
    [resources.ports]
    main.default = 8095
    ldap.default = 8096
+    stt.default = 8443
    turn.default = 1194
    turn.exposed = "Both"

--- a/scripts/backup
+++ b/scripts/backup
@ -35,6 +35,7 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"

 ynh_backup --src_path="/etc/systemd/system/$app.service"
 ynh_backup --src_path="/etc/systemd/system/${app}_ldap.service"
+ynh_backup --src_path="/etc/systemd/system/${app}_stt.service"

 #=================================================
 # END OF SCRIPT
--- a/scripts/change_url
+++ b/scripts/change_url
@ -26,6 +26,7 @@ ynh_script_progression --message="Stopping a systemd service..." --weight=1

 ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
 ynh_systemd_action --service_name=${app}_ldap --action="stop" --log_path="systemd"
+ynh_systemd_action --service_name=${app}_stt --action="stop" --log_path="systemd"

 #=================================================
 # MODIFY URL IN NGINX CONF
@ -72,6 +73,7 @@ ynh_script_progression --message="Starting a systemd service..." --weight=3
 # Start a systemd service
 ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
 ynh_systemd_action --service_name=${app}_ldap --action="start" --log_path="systemd"
+ynh_systemd_action --service_name=${app}_stt --action="start" --log_path="systemd"

 #=================================================
 # END OF SCRIPT
--- a/scripts/install
+++ b/scripts/install
@ -34,6 +34,8 @@ ynh_script_progression --message="Setting up source files..." --weight=1
 # Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source --dest_dir="$install_dir/build"
 ynh_setup_source --dest_dir="$install_dir/build_ldap" --source_id="ldap"
+ynh_setup_source --dest_dir="$install_dir/stt/whisper.cpp/" --source_id="whisper"
+ynh_setup_source --dest_dir="$install_dir/build_stt" --source_id="stt"

 mkdir -p "$install_dir/live/data"
 mkdir -p "$install_dir/live_ldap/data"
@ -44,6 +46,19 @@ ynh_replace_string --match_string="<div class=\"galene-header\">Galène</div>" -
 chmod -R o-rwx "$install_dir"
 chown -R $app:www-data "$install_dir"

+
+#Build and install whisper.cpp:
+pushd $install_dir/stt/whisper.cpp/
+	mkdir build
+	cd build
+	cmake ..
+	make -j
+	sudo make install
+popd
+
+#Download your favourite model:
+$install_dir/stt/whisper.cpp/models/download-ggml-model.sh base.en
+
 #=================================================
 # SPECIFIC SETUP
 #=================================================
@ -66,9 +81,16 @@ pushd $install_dir/build_ldap/
 	ynh_exec_warn_less ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $install_dir/live_ldap/
 popd

+pushd $install_dir/build_stt/
+	ynh_exec_warn_less ynh_exec_as $app CGO_ENABLED=0 $ynh_go build -ldflags='-s -w' -o $install_dir/stt/
+	ln -s $install_dir/stt/whisper.cpp/models .
+popd
+
+
 ynh_remove_go
 ynh_secure_remove --file="$install_dir/build/"
 ynh_secure_remove --file="$install_dir/build_ldap/"
+ynh_secure_remove --file="$install_dir/build_stt/"
 ynh_secure_remove --file="$install_dir/.cache/"
 ynh_secure_remove --file="$install_dir/go/"
 ynh_secure_remove --file="$install_dir/.go-version"
@ -118,9 +140,11 @@ ynh_add_nginx_config
 # Create a dedicated systemd config
 ynh_add_systemd_config
 ynh_add_systemd_config --service=${app}_ldap --template="ldap.service"
+ynh_add_systemd_config --service=${app}_stt --template="stt.service"

 yunohost service add $app --description="Videoconferencing server" --needs_exposed_ports="$port_turn"
 yunohost service add ${app}_ldap --description="LDAP integration for the videoconferencing server"
+yunohost service add ${app}_stt --description="Speech-to-text support for Galene"

 #=================================================
 # START SYSTEMD SERVICE
@ -130,6 +154,7 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
 # Start a systemd service
 ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
 ynh_systemd_action --service_name=${app}_ldap --action="start" --log_path="systemd"
+ynh_systemd_action --service_name=${app}_stt --action="start" --log_path="systemd"

 #=================================================
 # END OF SCRIPT
--- a/scripts/remove
+++ b/scripts/remove
@ -28,10 +28,17 @@ then
 	ynh_script_progression --message="Removing ${app}_ldap service integration..." --weight=1
 	yunohost service remove ${app}_ldap
 fi
+# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
+if ynh_exec_warn_less yunohost service status ${app}_stt >/dev/null
+then
+	ynh_script_progression --message="Removing ${app}_stt service integration..." --weight=1
+	yunohost service remove ${app}_stt
+fi

 # Remove the dedicated systemd config
 ynh_remove_systemd_config
 ynh_remove_systemd_config --service=${app}_ldap
+ynh_remove_systemd_config --service=${app}_stt

 # Remove the dedicated NGINX config
 ynh_remove_nginx_config
--- a/scripts/restore
+++ b/scripts/restore
@ -40,10 +40,12 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"

 ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
 ynh_restore_file --origin_path="/etc/systemd/system/${app}_ldap.service"
+ynh_restore_file --origin_path="/etc/systemd/system/${app}_stt.service"
 systemctl enable $app.service --quiet

 yunohost service add $app --description="Videoconferencing server" --needs_exposed_ports="$port_turn"
 yunohost service add ${app}_ldap --description="LDAP integration for the videoconferencing server"
+yunohost service add ${app}_stt --description="Speech-to-text support for Galene"

 #=================================================
 # GENERIC FINALIZATION
@ -54,6 +56,7 @@ ynh_script_progression --message="Reloading NGINX web server and $app's service.

 ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
 ynh_systemd_action --service_name=${app}_ldap --action="start" --log_path="systemd"
+ynh_systemd_action --service_name=${app}_stt --action="start" --log_path="systemd"

 ynh_systemd_action --service_name=nginx --action=reload

--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -137,9 +137,11 @@ ynh_add_nginx_config
 # Create a dedicated systemd config
 ynh_add_systemd_config
 ynh_add_systemd_config --service=${app}_ldap --template="ldap.service"
+ynh_add_systemd_config --service=${app}_stt --template="stt.service"

 yunohost service add $app --description="Videoconferencing server" --needs_exposed_ports="$port_turn"
 yunohost service add ${app}_ldap --description="LDAP integration for the videoconferencing server"
+yunohost service add ${app}_stt --description="Speech-to-text support for Galene"

 #=================================================
 # START SYSTEMD SERVICE
@ -148,6 +150,7 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1

 ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
 ynh_systemd_action --service_name=${app}_ldap --action="start" --log_path="systemd"
+ynh_systemd_action --service_name=${app}_stt --action="start" --log_path="systemd"

 #=================================================
 # END OF SCRIPT