From 85f56d463bea08ff480203b126eeb83f02c36fdf Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Mon, 10 Jan 2022 19:28:30 +0100 Subject: [PATCH 1/9] last changes from example_ynh --- .github/workflows/updater.sh | 136 +++++++++++++++++++++++++++++++ conf/.env.production.sample | 6 ++ conf/glitchsoc-sidekiq.service | 30 +++++++ conf/glitchsoc-streaming.service | 30 +++++++ conf/glitchsoc-web.service | 30 +++++++ scripts/backup | 2 +- scripts/install | 25 +++--- scripts/remove | 28 +++---- scripts/restore | 54 ++++++------ scripts/upgrade | 80 +++++++++--------- 10 files changed, 331 insertions(+), 90 deletions(-) create mode 100644 .github/workflows/updater.sh diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh new file mode 100644 index 0000000..c4d53fc --- /dev/null +++ b/.github/workflows/updater.sh @@ -0,0 +1,136 @@ +#!/bin/bash + +#================================================= +# PACKAGE UPDATING HELPER +#================================================= + +# This script is meant to be run by GitHub Actions +# The YunoHost-Apps organisation offers a template Action to run this script periodically +# Since each app is different, maintainers can adapt its contents so as to perform +# automatic actions when a new upstream release is detected. + +# Remove this exit command when you are ready to run this Action +exit 1 + +#================================================= +# FETCHING LATEST RELEASE AND ITS ASSETS +#================================================= + +# Fetching information +current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') +repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') +# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) +version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) +assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) + +# Later down the script, we assume the version has only digits and dots +# Sometimes the release name starts with a "v", so let's filter it out. +# You may need more tweaks here if the upstream repository has different naming conventions. +if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then + version=${version:1} +fi + +# Setting up the environment variables +echo "Current version: $current_version" +echo "Latest release from upstream: $version" +echo "VERSION=$version" >> $GITHUB_ENV +# For the time being, let's assume the script will fail +echo "PROCEED=false" >> $GITHUB_ENV + +# Proceed only if the retrieved version is greater than the current one +if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then + echo "::warning ::No new version available" + exit 0 +# Proceed only if a PR for this new version does not already exist +elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then + echo "::warning ::A branch already exists for this update" + exit 0 +fi + +# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) +echo "${#assets[@]} available asset(s)" + +#================================================= +# UPDATE SOURCE FILES +#================================================= + +# Here we use the $assets variable to get the resources published in the upstream release. +# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. + +# Let's loop over the array of assets URLs +for asset_url in ${assets[@]}; do + +echo "Handling asset at $asset_url" + +# Assign the asset to a source file in conf/ directory +# Here we base the source file name upon a unique keyword in the assets url (admin vs. update) +# Leave $src empty to ignore the asset +case $asset_url in + *"admin"*) + src="app" + ;; + *"update"*) + src="app-upgrade" + ;; + *) + src="" + ;; +esac + +# If $src is not empty, let's process the asset +if [ ! -z "$src" ]; then + +# Create the temporary directory +tempdir="$(mktemp -d)" + +# Download sources and calculate checksum +filename=${asset_url##*/} +curl --silent -4 -L $asset_url -o "$tempdir/$filename" +checksum=$(sha256sum "$tempdir/$filename" | head -c 64) + +# Delete temporary directory +rm -rf $tempdir + +# Get extension +if [[ $filename == *.tar.gz ]]; then + extension=tar.gz +else + extension=${filename##*.} +fi + +# Rewrite source file +cat < conf/$src.src +SOURCE_URL=$asset_url +SOURCE_SUM=$checksum +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=$extension +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +EOT +echo "... conf/$src.src updated" + +else +echo "... asset ignored" +fi + +done + +#================================================= +# SPECIFIC UPDATE STEPS +#================================================= + +# Any action on the app's source code can be done. +# The GitHub Action workflow takes care of committing all changes after this script ends. + +#================================================= +# GENERIC FINALIZATION +#================================================= + +# Replace new version in manifest +echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json + +# No need to update the README, yunohost-bot takes care of it + +# The Action will proceed only if the PROCEED environment variable is set to true +echo "PROCEED=true" >> $GITHUB_ENV +exit 0 diff --git a/conf/.env.production.sample b/conf/.env.production.sample index 57dcdbf..af1f235 100644 --- a/conf/.env.production.sample +++ b/conf/.env.production.sample @@ -4,6 +4,12 @@ # not demonstrate all available configuration options. Please look at # https://docs.joinmastodon.org/admin/config/ for the full documentation. +# Note that this file accepts slightly different syntax depending on whether +# you are using `docker-compose` or not. In particular, if you use +# `docker-compose`, the value of each declared variable will be taken verbatim, +# including surrounding quotes. +# See: https://github.com/mastodon/mastodon/issues/16895 + # Federation # ---------- # This identifies your server and cannot be changed safely later diff --git a/conf/glitchsoc-sidekiq.service b/conf/glitchsoc-sidekiq.service index 094813f..7fe2cc9 100644 --- a/conf/glitchsoc-sidekiq.service +++ b/conf/glitchsoc-sidekiq.service @@ -14,5 +14,35 @@ TimeoutSec=15 Restart=always StandardError=syslog +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/conf/glitchsoc-streaming.service b/conf/glitchsoc-streaming.service index 673b7ae..19dd472 100644 --- a/conf/glitchsoc-streaming.service +++ b/conf/glitchsoc-streaming.service @@ -15,5 +15,35 @@ TimeoutSec=15 Restart=always StandardError=syslog +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/conf/glitchsoc-web.service b/conf/glitchsoc-web.service index e853df5..3285e76 100644 --- a/conf/glitchsoc-web.service +++ b/conf/glitchsoc-web.service @@ -14,5 +14,35 @@ TimeoutSec=15 Restart=always StandardError=syslog +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/scripts/backup b/scripts/backup index 590ce0f..2a64b32 100644 --- a/scripts/backup +++ b/scripts/backup @@ -59,7 +59,7 @@ ynh_backup --src_path="/etc/systemd/system/$app-sidekiq.service" ynh_backup --src_path="/etc/systemd/system/$app-streaming.service" #================================================= -# BACKUP A CRON FILE +# BACKUP VARIOUS FILES #================================================= ynh_backup --src_path="/etc/cron.d/$app" diff --git a/scripts/install b/scripts/install index b445743..292ca96 100644 --- a/scripts/install +++ b/scripts/install @@ -83,7 +83,7 @@ ynh_exec_warn_less ynh_install_ruby --ruby_version=$RUBY_VERSION ynh_script_progression --message="Configuring system user..." # Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # CREATE A POSTGRESQL DATABASE @@ -96,6 +96,7 @@ db_name=$(ynh_sanitize_dbid --db_name="${app}_production") db_user=$(ynh_sanitize_dbid --db_name=$app) db_pwd=$(ynh_string_random --length=30) ynh_app_setting_set --app=$app --key=db_name --value=$db_name +ynh_app_setting_set --app=$app --key=db_user --value=$db_user ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_execute_as_root --sql="ALTER USER $db_user CREATEDB;" @@ -119,7 +120,7 @@ chown -R $app:www-data "$final_path" ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated NGINX config -ynh_add_nginx_config 'port_web port_stream' +ynh_add_nginx_config #================================================= # SPECIFIC SETUP @@ -153,7 +154,7 @@ popd #================================================= # ADD A CONFIGURATION #================================================= -ynh_script_progression --message="Adding a config file..." +ynh_script_progression --message="Adding a configuration file..." config="$final_path/live/.env.production" @@ -200,17 +201,17 @@ ynh_add_systemd_config --service="$app-streaming" --template="glitchsoc-streamin ynh_script_progression --message="Installing Glitch-Soc..." pushd "$final_path/live" - sudo -u $app $ynh_ruby_load_path bin/bundle config deployment 'true' - sudo -u $app $ynh_ruby_load_path bin/bundle config without 'development test' - sudo -u $app $ynh_ruby_load_path bin/bundle install -j$(getconf _NPROCESSORS_ONLN) + ynh_exec_as $app $ynh_ruby_load_path bin/bundle config deployment 'true' + ynh_exec_as $app $ynh_ruby_load_path bin/bundle config without 'development test' + ynh_exec_as $app $ynh_ruby_load_path bin/bundle install -j$(getconf _NPROCESSORS_ONLN) ynh_use_nodejs - ynh_exec_warn_less sudo -u $app $ynh_node_load_PATH yarn install --pure-lockfile + ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile echo "SAFETY_ASSURED=1">> $config - ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails db:setup --quiet - ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails assets:precompile --quiet - ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt - ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=admin > /dev/null - ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/tootctl accounts modify "$admin" --approve + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails db:setup --quiet + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails assets:precompile --quiet + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=admin > /dev/null + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/tootctl accounts modify "$admin" --approve popd vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$final_path/live/key.txt") diff --git a/scripts/remove b/scripts/remove index 3b279d4..94452af 100644 --- a/scripts/remove +++ b/scripts/remove @@ -18,7 +18,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$(ynh_sanitize_dbid --db_name=$app) +db_user=$(ynh_app_setting_get --app=$app --key=db_user) final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= @@ -64,17 +64,6 @@ ynh_script_progression --message="Removing the PostgreSQL database..." # Remove a database if it exists, along with the associated user ynh_psql_remove_db --db_user=$db_user --db_name=$db_name -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." - -# Remove metapackage and its dependencies -ynh_remove_ruby -ynh_remove_nodejs -ynh_remove_app_dependencies -ynh_remove_extra_repo - #================================================= # REMOVE APP MAIN DIR #================================================= @@ -91,12 +80,23 @@ ynh_script_progression --message="Removing NGINX web server configuration..." # Remove the dedicated NGINX config ynh_remove_nginx_config +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_script_progression --message="Removing dependencies..." + +# Remove metapackage and its dependencies +ynh_remove_ruby +ynh_remove_nodejs +ynh_remove_app_dependencies +ynh_remove_extra_repo + #================================================= # SPECIFIC REMOVE #================================================= -# REMOVE THE CRON FILE +# REMOVE VARIOUS FILES #================================================= -ynh_script_progression --message="Removing the cron file..." +ynh_script_progression --message="Removing various files..." # Remove a cron file ynh_secure_remove --file="/etc/cron.d/$app" diff --git a/scripts/restore b/scripts/restore index c867831..2183806 100644 --- a/scripts/restore +++ b/scripts/restore @@ -31,7 +31,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$(ynh_sanitize_dbid --db_name=$app) +db_user=$(ynh_app_setting_get --app=$app --key=db_user) db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) #================================================= @@ -39,7 +39,8 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) #================================================= ynh_script_progression --message="Validating restoration parameters..." -test ! -d $final_path || ynh_die --message="There is already a directory: $final_path " +test ! -d $final_path \ + || ynh_die --message="There is already a directory: $final_path " #================================================= # STANDARD RESTORATION STEPS @@ -56,7 +57,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_script_progression --message="Recreating the dedicated system user..." # Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # RESTORE THE APP MAIN DIR @@ -71,6 +72,27 @@ chown -R $app:www-data "$final_path" #================================================= # SPECIFIC RESTORATION +#================================================= +# REINSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Reinstalling dependencies..." + +# Define and install dependencies +ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$NODEJS_VERSION +ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" +ynh_install_ruby --ruby_version=$RUBY_VERSION + +#================================================= +# RESTORE THE POSTGRESQL DATABASE +#================================================= +ynh_script_progression --message="Restoring the PostgreSQL database..." + +ynh_psql_test_if_first_run +ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd +ynh_psql_execute_as_root --sql="ALTER USER $db_user CREATEDB;" +ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" + #================================================= # ADD SWAP IF NEEDED #================================================= @@ -87,23 +109,6 @@ fi ynh_script_progression --message="Adding $swap_needed Mo to swap..." ynh_add_swap --size=$swap_needed -#================================================= -# RESTORE THE CRON FILE -#================================================= -ynh_script_progression --message="Restoring the cron file..." - -ynh_restore_file --origin_path="/etc/cron.d/$app" - -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Reinstalling dependencies..." - -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$NODEJS_VERSION -ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" -ynh_exec_warn_less ynh_install_ruby --ruby_version=$RUBY_VERSION - #================================================= # INSTALLING RUBY AND BUNDLER #================================================= @@ -116,14 +121,11 @@ pushd "$final_path/live" popd #================================================= -# RESTORE THE POSTGRESQL DATABASE +# RESTORE VARIOUS FILES #================================================= -ynh_script_progression --message="Restoring the PostgreSQL database..." +ynh_script_progression --message="Restoring various files..." -ynh_psql_test_if_first_run -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd -ynh_psql_execute_as_root --sql="ALTER USER $db_user CREATEDB;" -ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" +ynh_restore_file --origin_path="/etc/cron.d/$app" #================================================= # RESTORE SYSTEMD diff --git a/scripts/upgrade b/scripts/upgrade index c60fb2f..434a140 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -23,7 +23,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) language=$(ynh_app_setting_get --app=$app --key=language) redis_namespace=$(ynh_app_setting_get --app=$app --key=db_name) db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$(ynh_sanitize_dbid --db_name=$app) +db_user=$(ynh_app_setting_get --app=$app --key=db_user) db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) admin_mail=$(ynh_user_get_info --username=$admin --key='mail') port_web=$(ynh_app_setting_get --app=$app --key=port_web) @@ -43,6 +43,32 @@ ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + ynh_clean_check_starting + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." + +ynh_systemd_action --service_name=${app}-web --action="stop" --log_path=systemd --line_match="Stopped" +ynh_systemd_action --service_name=${app}-sidekiq --action="stop" --log_path=systemd --line_match="Stopped" +ynh_systemd_action --service_name=${app}-streaming --action="stop" --log_path=systemd --line_match="Stopped" + #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -72,6 +98,12 @@ if [[ -z "$port_stream" ]]; then ynh_app_setting_set --app=$app --key=port_stream --value=$port_stream fi +# If db_user doesn't exist, create it, needed for old install +if [[ -z "$db_user" ]]; then + db_user=$(ynh_sanitize_dbid --db_name=$app) + ynh_app_setting_set --app=$app --key=db_user --value=$db_user +fi + # If db_pwd doesn't exist, create it, needed for old install if [[ -z "$db_pwd" ]]; then db_pwd=$(ynh_string_random) @@ -119,39 +151,13 @@ fi #Remove previous added repository ynh_remove_extra_repo -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - ynh_clean_check_starting - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# STANDARD UPGRADE STEPS -#================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Stopping a systemd service..." - -ynh_systemd_action --service_name=${app}-web --action="stop" --log_path=systemd --line_match="Stopped" -ynh_systemd_action --service_name=${app}-sidekiq --action="stop" --log_path=systemd --line_match="Stopped" -ynh_systemd_action --service_name=${app}-streaming --action="stop" --log_path=systemd --line_match="Stopped" - #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -193,7 +199,7 @@ chown -R $app:www-data "$final_path" ynh_script_progression --message="Upgrading NGINX web server configuration..." # Create a dedicated NGINX config -ynh_add_nginx_config 'port_web port_stream' +ynh_add_nginx_config #================================================= # UPGRADE DEPENDENCIES @@ -262,15 +268,15 @@ ynh_add_systemd_config --service="$app-streaming" --template="glitchsoc-streamin ynh_script_progression --message="Upgrading Glitch-Soc..." pushd "$final_path/live" - sudo -u $app $ynh_ruby_load_path bin/bundle config deployment 'true' - sudo -u $app $ynh_ruby_load_path bin/bundle config without 'development test' - sudo -u $app $ynh_ruby_load_path bin/bundle install -j$(getconf _NPROCESSORS_ONLN) + ynh_exec_as $app $ynh_ruby_load_path bin/bundle config deployment 'true' + ynh_exec_as $app $ynh_ruby_load_path bin/bundle config without 'development test' + ynh_exec_as $app $ynh_ruby_load_path bin/bundle install -j$(getconf _NPROCESSORS_ONLN) ynh_use_nodejs - sudo -u $app $ynh_node_load_PATH yarn install --pure-lockfile - ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails assets:clean - ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails assets:precompile - ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails db:migrate - ynh_exec_warn_less sudo -u $app RAILS_ENV=production $ynh_ruby_load_path bin/tootctl cache clear + ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails assets:clean + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails assets:precompile + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/bundle exec rails db:migrate + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path bin/tootctl cache clear popd #================================================= From 4f7125bc4f25cf4a9c1c0482a22ee0978a24f683 Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Mon, 10 Jan 2022 20:53:10 +0100 Subject: [PATCH 2/9] updater.sh from main branch --- .github/workflows/updater.sh | 82 ++++++++---------------------------- 1 file changed, 18 insertions(+), 64 deletions(-) diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh index c4d53fc..6957247 100644 --- a/.github/workflows/updater.sh +++ b/.github/workflows/updater.sh @@ -9,8 +9,7 @@ # Since each app is different, maintainers can adapt its contents so as to perform # automatic actions when a new upstream release is detected. -# Remove this exit command when you are ready to run this Action -exit 1 +# Heavily modified script for pulling on main branch instead of releases #================================================= # FETCHING LATEST RELEASE AND ITS ASSETS @@ -18,71 +17,38 @@ exit 1 # Fetching information current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') +current_commit=$(cat conf/app.src | grep 'SOURCE_FILENAME' | cut -d= -f2 | cut -d. -f1) repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') -# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) -version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) - -# Later down the script, we assume the version has only digits and dots -# Sometimes the release name starts with a "v", so let's filter it out. -# You may need more tweaks here if the upstream repository has different naming conventions. -if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} -fi +last=$(curl --silent "https://api.github.com/repos/$repo/branches/main") +last_version=$(echo $last | jq -r '.commit.commit.author.date' | cut -dT -f1 | tr - .) +last_commit=$(echo $last | jq -r '.commit.sha') # Setting up the environment variables -echo "Current version: $current_version" -echo "Latest release from upstream: $version" -echo "VERSION=$version" >> $GITHUB_ENV +echo "Current version: $current_version commit $current_commit" +echo "Latest release from upstream: $last_version commit $last_commit" +echo "VERSION=$last_version" >> $GITHUB_ENV # For the time being, let's assume the script will fail echo "PROCEED=false" >> $GITHUB_ENV # Proceed only if the retrieved version is greater than the current one -if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then +if ! dpkg --compare-versions "$current_version" "lt" "$last_version" ; then echo "::warning ::No new version available" exit 0 # Proceed only if a PR for this new version does not already exist -elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then +elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$last_version ; then echo "::warning ::A branch already exists for this update" exit 0 fi -# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) -echo "${#assets[@]} available asset(s)" - #================================================= # UPDATE SOURCE FILES #================================================= -# Here we use the $assets variable to get the resources published in the upstream release. -# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. - -# Let's loop over the array of assets URLs -for asset_url in ${assets[@]}; do - -echo "Handling asset at $asset_url" - -# Assign the asset to a source file in conf/ directory -# Here we base the source file name upon a unique keyword in the assets url (admin vs. update) -# Leave $src empty to ignore the asset -case $asset_url in - *"admin"*) - src="app" - ;; - *"update"*) - src="app-upgrade" - ;; - *) - src="" - ;; -esac - -# If $src is not empty, let's process the asset -if [ ! -z "$src" ]; then - # Create the temporary directory tempdir="$(mktemp -d)" +asset_url="https://github.com/$repo/archive/$last_commit.tar.gz" + # Download sources and calculate checksum filename=${asset_url##*/} curl --silent -4 -L $asset_url -o "$tempdir/$filename" @@ -91,29 +57,17 @@ checksum=$(sha256sum "$tempdir/$filename" | head -c 64) # Delete temporary directory rm -rf $tempdir -# Get extension -if [[ $filename == *.tar.gz ]]; then - extension=tar.gz -else - extension=${filename##*.} -fi - # Rewrite source file -cat < conf/$src.src +cat < conf/app.src SOURCE_URL=$asset_url SOURCE_SUM=$checksum SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension +SOURCE_FORMAT=.tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= +SOURCE_FILENAME=$filename +SOURCE_EXTRACT=true EOT -echo "... conf/$src.src updated" - -else -echo "... asset ignored" -fi - -done +echo "... conf/app.src updated" #================================================= # SPECIFIC UPDATE STEPS @@ -127,7 +81,7 @@ done #================================================= # Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json +echo "$(jq -s --indent 4 ".[] | .version = \"$last_version~ynh1\"" manifest.json)" > manifest.json # No need to update the README, yunohost-bot takes care of it From 7306024a1189c81876e93d6a4b57586d3c3fddfd Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Mon, 10 Jan 2022 21:00:12 +0100 Subject: [PATCH 3/9] Create updater.yml --- .github/workflows/updater.yml | 49 +++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/workflows/updater.yml diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml new file mode 100644 index 0000000..fb72ba0 --- /dev/null +++ b/.github/workflows/updater.yml @@ -0,0 +1,49 @@ +# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. +# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. +# This file should be enough by itself, but feel free to tune it to your needs. +# It calls updater.sh, which is where you should put the app-specific update steps. +name: Check for new upstream releases +on: + # Allow to manually trigger the workflow + workflow_dispatch: + # Run it every day at 6:00 UTC + schedule: + - cron: '0 6 * * *' +jobs: + updater: + runs-on: ubuntu-latest + steps: + - name: Fetch the source code + uses: actions/checkout@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run the updater script + id: run_updater + run: | + # Setting up Git user + git config --global user.name 'yunohost-bot' + git config --global user.email 'yunohost-bot@users.noreply.github.com' + # Run the updater script + /bin/bash .github/workflows/updater.sh + - name: Commit changes + id: commit + if: ${{ env.PROCEED == 'true' }} + run: | + git commit -am "Upgrade to v$VERSION" + - name: Create Pull Request + id: cpr + if: ${{ env.PROCEED == 'true' }} + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Update to version ${{ env.VERSION }} + committer: 'yunohost-bot ' + author: 'yunohost-bot ' + signoff: false + base: testing + branch: ci-auto-update-v${{ env.VERSION }} + delete-branch: true + title: 'Upgrade to version ${{ env.VERSION }}' + body: | + Upgrade to v${{ env.VERSION }} + draft: false From f417de50406ee9dd63df6acb42d2eb9f5745cceb Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Mon, 10 Jan 2022 20:00:51 +0000 Subject: [PATCH 4/9] Upgrade to v2022.01.10 --- conf/app.src | 8 ++++---- manifest.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/conf/app.src b/conf/app.src index 2e87eb3..7182f14 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,7 +1,7 @@ -SOURCE_URL=https://github.com/glitch-soc/mastodon/archive/e2933854ac598c5ee7428a654a72cf4f4bd9afea.tar.gz -SOURCE_SUM=120f010e0d9ceeb1f86d97e39bd482197dace3d87d5753be886133fc94ad987f +SOURCE_URL=https://github.com/glitch-soc/mastodon/archive/07cb948f39464b11959fc506b673a90d9524e519.tar.gz +SOURCE_SUM=5808362e249689029726b79b799aab7382fc6626a142e54638633b08dee13c76 SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz +SOURCE_FORMAT=.tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME=e2933854ac598c5ee7428a654a72cf4f4bd9afea.tar.gz +SOURCE_FILENAME=07cb948f39464b11959fc506b673a90d9524e519.tar.gz SOURCE_EXTRACT=true diff --git a/manifest.json b/manifest.json index 60fefb5..b3fd4c3 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Libre and federated social network, fork of Mastodon", "fr": "Réseau social libre et fédéré, scission de Mastodon" }, - "version": "2021.12.27~ynh2", + "version": "2022.01.10~ynh1", "url": "https://github.com/glitch-soc/mastodon", "upstream": { "license": "free", From b66272a92c5a870e14c0002d8963b4515970381d Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Mon, 10 Jan 2022 20:00:55 +0000 Subject: [PATCH 5/9] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 34930b7..4da71ec 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Libre and federated social network, fork of Mastodon -**Shipped version:** 2021.12.27~ynh2 +**Shipped version:** 2022.01.10~ynh1 diff --git a/README_fr.md b/README_fr.md index 4eb909a..b26e456 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Réseau social libre et fédéré, scission de Mastodon -**Version incluse :** 2021.12.27~ynh2 +**Version incluse :** 2022.01.10~ynh1 From a0868d0c52252aacad25b9311945e8e7233aed2d Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Mon, 10 Jan 2022 21:32:26 +0100 Subject: [PATCH 6/9] oops --- .github/workflows/updater.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh index 6957247..213d79f 100644 --- a/.github/workflows/updater.sh +++ b/.github/workflows/updater.sh @@ -62,7 +62,7 @@ cat < conf/app.src SOURCE_URL=$asset_url SOURCE_SUM=$checksum SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=.tar.gz +SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true SOURCE_FILENAME=$filename SOURCE_EXTRACT=true From 2e0a8edc19befb96b8a6ea5bec1d50c4a5fd436d Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Mon, 10 Jan 2022 21:35:13 +0100 Subject: [PATCH 7/9] oops --- conf/app.src | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/app.src b/conf/app.src index 7182f14..a02e340 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,7 +1,7 @@ SOURCE_URL=https://github.com/glitch-soc/mastodon/archive/07cb948f39464b11959fc506b673a90d9524e519.tar.gz SOURCE_SUM=5808362e249689029726b79b799aab7382fc6626a142e54638633b08dee13c76 SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=.tar.gz +SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true SOURCE_FILENAME=07cb948f39464b11959fc506b673a90d9524e519.tar.gz SOURCE_EXTRACT=true From 057bd4b4216595d8315630c980505fd898a587fc Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Mon, 10 Jan 2022 23:02:13 +0100 Subject: [PATCH 8/9] Add config_panel.toml --- conf/.env.production.sample | 4 +- config_panel.toml | 74 +++++++++++++++++++++++++++++++++++++ 2 files changed, 76 insertions(+), 2 deletions(-) create mode 100644 config_panel.toml diff --git a/conf/.env.production.sample b/conf/.env.production.sample index af1f235..d15d443 100644 --- a/conf/.env.production.sample +++ b/conf/.env.production.sample @@ -277,8 +277,8 @@ MAX_POLL_OPTION_CHARS=100 # Maximum image and video/audio upload sizes # Units are in bytes # 1048576 bytes equals 1 megabyte -# MAX_IMAGE_SIZE=8388608 -# MAX_VIDEO_SIZE=41943040 +MAX_IMAGE_SIZE=8388608 +MAX_VIDEO_SIZE=41943040 # Maximum search results to display # Only relevant when elasticsearch is installed diff --git a/config_panel.toml b/config_panel.toml new file mode 100644 index 0000000..679658f --- /dev/null +++ b/config_panel.toml @@ -0,0 +1,74 @@ +version = "1.0" + +[main] +name.en = "Main configuration" +services = ["__APP__-web", "__APP__-sidekiq", "__APP__-streaming"] + + [main.customization] + name.en = "Customization" + + [main.customization.max_toot_chars] + ask.en = "Maximum allowed character count in a toot" + type = "number" + bind = ":/var/www/__APP__/.env.production" + example = 500 + + [main.customization.max_pinned_toots] + ask = "Maximum number of pinned posts" + type = "number" + example = "5" + bind = ":/var/www/__APP__/.env.production" + + [main.customization.max_bio_chars] + ask = "Maximum allowed bio characters" + type = "number" + accept = "500" + bind = ":/var/www/__APP__/.env.production" + + [main.customization.max_profile_fields] + ask = "Maximim number of profile fields allowed" + type = "number" + accept = "4" + bind = ":/var/www/__APP__/.env.production" + + [main.customization.max_display_name_chars] + ask = "Maximum allowed bio characters" + type = "number" + accept = "30" + bind = ":/var/www/__APP__/.env.production" + + [main.customization.max_poll_options] + ask = "Maximum allowed poll options" + type = "number" + accept = "5" + bind = ":/var/www/__APP__/.env.production" + + [main.customization.max_poll_option_chars] + ask = "Maximum allowed poll option characters" + type = "number" + accept = "100" + bind = ":/var/www/__APP__/.env.production" + + [main.customization.max_image_size] + ask = "Maximum image upload size, in bytes" + type = "number" + accept = "8388608" + bind = ":/var/www/__APP__/.env.production" + + [main.customization.max_video_size] + ask = "Maximum video and audio upload sizes, in bytes" + type = "number" + accept = "41943040" + bind = ":/var/www/__APP__/.env.production" + + [main.customization.max_emoji_size] + ask = "Maximum custom emoji file sizes" + type = "number" + accept = "51200" + bind = ":/var/www/__APP__/.env.production" + + [main.customization.max_remote_emoji_size] + ask = "Maximum remote custom emoji file sizes" + type = "number" + accept = "204800" + bind = ":/var/www/__APP__/.env.production" From c8220cb0ec92337157a99d7b8b2ff1e6f440ad29 Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Mon, 10 Jan 2022 23:44:34 +0100 Subject: [PATCH 9/9] oops --- config_panel.toml | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/config_panel.toml b/config_panel.toml index 679658f..2e570ef 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -1,74 +1,74 @@ version = "1.0" [main] -name.en = "Main configuration" +name = "Main configuration" services = ["__APP__-web", "__APP__-sidekiq", "__APP__-streaming"] [main.customization] - name.en = "Customization" + name = "Customization" [main.customization.max_toot_chars] - ask.en = "Maximum allowed character count in a toot" + ask = "Maximum allowed character count in a toot" type = "number" - bind = ":/var/www/__APP__/.env.production" + bind = ":/var/www/__APP__/live/live/.env.production" example = 500 [main.customization.max_pinned_toots] ask = "Maximum number of pinned posts" type = "number" example = "5" - bind = ":/var/www/__APP__/.env.production" + bind = ":/var/www/__APP__/live/.env.production" [main.customization.max_bio_chars] ask = "Maximum allowed bio characters" type = "number" accept = "500" - bind = ":/var/www/__APP__/.env.production" + bind = ":/var/www/__APP__/live/.env.production" [main.customization.max_profile_fields] ask = "Maximim number of profile fields allowed" type = "number" accept = "4" - bind = ":/var/www/__APP__/.env.production" + bind = ":/var/www/__APP__/live/.env.production" [main.customization.max_display_name_chars] ask = "Maximum allowed bio characters" type = "number" accept = "30" - bind = ":/var/www/__APP__/.env.production" + bind = ":/var/www/__APP__/live/.env.production" [main.customization.max_poll_options] ask = "Maximum allowed poll options" type = "number" accept = "5" - bind = ":/var/www/__APP__/.env.production" + bind = ":/var/www/__APP__/live/.env.production" [main.customization.max_poll_option_chars] ask = "Maximum allowed poll option characters" type = "number" accept = "100" - bind = ":/var/www/__APP__/.env.production" + bind = ":/var/www/__APP__/live/.env.production" [main.customization.max_image_size] ask = "Maximum image upload size, in bytes" type = "number" accept = "8388608" - bind = ":/var/www/__APP__/.env.production" + bind = ":/var/www/__APP__/live/.env.production" [main.customization.max_video_size] ask = "Maximum video and audio upload sizes, in bytes" type = "number" accept = "41943040" - bind = ":/var/www/__APP__/.env.production" + bind = ":/var/www/__APP__/live/.env.production" [main.customization.max_emoji_size] ask = "Maximum custom emoji file sizes" type = "number" accept = "51200" - bind = ":/var/www/__APP__/.env.production" + bind = ":/var/www/__APP__/live/.env.production" [main.customization.max_remote_emoji_size] ask = "Maximum remote custom emoji file sizes" type = "number" accept = "204800" - bind = ":/var/www/__APP__/.env.production" + bind = ":/var/www/__APP__/live/.env.production"