diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh deleted file mode 100755 index 218e48e..0000000 --- a/.github/workflows/updater.sh +++ /dev/null @@ -1,154 +0,0 @@ -#!/bin/bash - -#================================================= -# PACKAGE UPDATING HELPER -#================================================= - -# This script is meant to be run by GitHub Actions -# The YunoHost-Apps organisation offers a template Action to run this script periodically -# Since each app is different, maintainers can adapt its contents so as to perform -# automatic actions when a new upstream release is detected. - -# Remove this exit command when you are ready to run this Action -# exit 1 - -#================================================= -# FETCHING LATEST RELEASE AND ITS ASSETS -#================================================= - -# Fetching information -current_version=$(jq -j '.version|split("~")[0]' manifest.json) -repo=$(jq -j '.upstream.code|split("https://github.com/")[1]' manifest.json) -# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) -version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'"$version"'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) - -# Later down the script, we assume the version has only digits and dots -# Sometimes the release name starts with a "v", so let's filter it out. -# You may need more tweaks here if the upstream repository has different naming conventions. -if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} -fi - -# Setting up the environment variables -echo "Current version: $current_version" -echo "Latest release from upstream: $version" -{ echo "VERSION=$version"; echo "REPO=$repo"; } >> "$GITHUB_ENV" -# For the time being, let's assume the script will fail -echo "PROCEED=false" >> "$GITHUB_ENV" - -# Proceed only if the retrieved version is greater than the current one -if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "::warning ::No new version available" - exit 0 -# Proceed only if the retrieved version is not a release candidate -elif [[ "$version" == *"rc"* ]] ; then - echo "::warning ::No new version available" - exit 0 -# Proceed only if a PR for this new version does not already exist -elif git ls-remote -q --exit-code --heads https://github.com/"$GITHUB_REPOSITORY".git ci-auto-update-v"$version" ; then - echo "::warning ::A branch already exists for this update" - exit 0 -fi - -# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) -echo "${#assets[@]} available asset(s)" - -#================================================= -# UPDATE SOURCE FILES -#================================================= - -# Here we use the $assets variable to get the resources published in the upstream release. -# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. - -# Create the temporary directory -tempdir="$(mktemp -d)" - -# Download checksums.txt -checksum_file=https://github.com/"$repo"/releases/download/v"$version"/checksums.txt -echo "Downloading checksums file at" "$checksum_file" -curl --silent -4 -L "$checksum_file" -o "$tempdir/checksums.txt" - -# Let's loop over the array of assets URLs -for asset_url in "${assets[@]}"; do - -echo "Handling asset at $asset_url" - -# Assign the asset to a source file in conf/ directory -# Here we base the source file name upon a unique keyword in the assets url (admin vs. update) -# Leave $src empty to ignore the asset -case $asset_url in - *"linux_386"*) - src="i386" - ;; - *"linux_amd64"*) - src="x86-64" - ;; - *"linux_arm64"*) - src="arm64" - ;; - *"linux_armv6"*) - src="armv6" - ;; - *"linux_armv7"*) - src="armv7" - ;; - *) - src="" - ;; -esac - -# If $src is not empty, let's process the asset -if [ -n "$src" ]; then - -# Get checksum -filename=${asset_url##*/} -checksum=$(grep "$filename" "$tempdir/checksums.txt" | awk '{print $1;}') - -# Get extension -if [[ $filename == *.tar.gz ]]; then - extension=tar.gz -else - extension=${filename##*.} -fi - -# Rewrite source file -cat < "conf/$src.src" -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension -SOURCE_EXTRACT=true -SOURCE_IN_SUBDIR=false -SOURCE_FILENAME=$filename -EOT -echo "... conf/$src.src updated" - -else -echo "... asset ignored" -fi - -done - -# Delete temporary directory -rm -rf "$tempdir" - -#================================================= -# SPECIFIC UPDATE STEPS -#================================================= - -# Any action on the app's source code can be done. -# The GitHub Action workflow takes care of committing all changes after this script ends. - -#================================================= -# GENERIC FINALIZATION -#================================================= - -# Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json - -# No need to update the README, yunohost-bot takes care of it - -# The Action will proceed only if the PROCEED environment variable is set to true -echo "PROCEED=true" >> "$GITHUB_ENV" -exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml deleted file mode 100644 index 7d50139..0000000 --- a/.github/workflows/updater.yml +++ /dev/null @@ -1,51 +0,0 @@ -# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. -# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. -# This file should be enough by itself, but feel free to tune it to your needs. -# It calls updater.sh, which is where you should put the app-specific update steps. -name: Check for new upstream releases -on: - # Allow to manually trigger the workflow - workflow_dispatch: - # Run it every day at 0:00, 12:00 and 18:00 UTC - schedule: - - cron: '0 0,12,18 * * *' -jobs: - updater: - runs-on: ubuntu-latest - steps: - - name: Fetch the source code - uses: actions/checkout@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - ref: 'testing' - - name: Run the updater script - id: run_updater - run: | - # Setting up Git user - git config --global user.name 'yunohost-bot' - git config --global user.email 'yunohost-bot@users.noreply.github.com' - # Run the updater script - /bin/bash .github/workflows/updater.sh - - name: Commit changes - id: commit - if: ${{ env.PROCEED == 'true' }} - run: | - git commit -am "Upgrade to v$VERSION" - - name: Create Pull Request - id: cpr - if: ${{ env.PROCEED == 'true' }} - uses: peter-evans/create-pull-request@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: Update to version ${{ env.VERSION }} - committer: 'yunohost-bot ' - author: 'yunohost-bot ' - signoff: false - base: testing - branch: ci-auto-update-v${{ env.VERSION }} - delete-branch: true - title: 'Upgrade to version ${{ env.VERSION }}' - body: | - Upgrade to v${{ env.VERSION }} - Changelog: https://github.com/${{ env.REPO }}/releases/tag/v${{ env.VERSION }} - draft: false diff --git a/README.md b/README.md index c839fd4..a7ebcf1 100644 --- a/README.md +++ b/README.md @@ -30,20 +30,6 @@ The documentation for this YunoHost package [can be read here](./doc/DOCS.md) an ![Screenshot of GoToSocial](./doc/screenshots/screenshot.png) -## Disclaimers / important information - -GoToSocial is still in alpha and **may be unstable**. The beta is planned for 2024. -You can read [the roadmap](https://github.com/superseriousbusiness/gotosocial/blob/main/ROADMAP.md) to check the progress of GoToSocial's features. - -GoToSocial require a **dedicated domain (or subdomain) name**, for example: gotosocial.example.com - -This package is not-working with the SSO (single-sign on) or LDAP integration. -However, it can be configured to use the OpenID Connect protocol and Dex (a program that links LDAP and OpenID Connect) to enable connection with your YunoHost users, see [the relevant part of the doc](./doc/DOCS.md#openid-connect). -You will have a **separate account from the rest of your Yunohost server**, potentially with a different username and password. - -GoToSocial **does not provide a user interface**. -You will need to use a Mastodon-compatible client such as [Tusky](https://tusky.app/) on Android, [Feditext](https://fedi.software/@Feditext) for iOS or an instance of [Semaphore](https://semaphore.social/) on the Web. - ## :red_circle: Antifeatures - **Alpha software**: Early development stage. May contain changing or unstable features, bugs, and security vulnerability. diff --git a/README_fr.md b/README_fr.md index 5c8896c..2b9f25c 100644 --- a/README_fr.md +++ b/README_fr.md @@ -30,20 +30,6 @@ La documentation de ce paquet YunoHost [est lisible ici](./doc/DOCS_fr.md) et l' ![Capture d’écran de GoToSocial](./doc/screenshots/screenshot.png) -## Avertissements / informations importantes - -GoToSocial est encore en alpha et **peut etre instable**. La beta est prévue pour 2024. -Vous pouvez consulter [la roadmap](https://github.com/superseriousbusiness/gotosocial/blob/main/ROADMAP.md) pour vérifier l'avancée des fonctionnalités de GoToSocial. - -GoToSocial nécessite un **nom de domaine (ou sous domaine) dédié**, par exemple : gotosocial.example.com - -Ce paquet ne fonctionne pas avec l'authentification unique (SSO) ou l'intégration LDAP. -Cependant, il peut être configuré pour utiliser le protocole OpenID Connect et Dex (un programme qui fait la liaison LDAP et OpenID Connect) pour permettra la connection avec vos utilisateurs YunoHost, pour cela, voir [la partie de la doc idoine](./doc/DOCS_fr.md#openid-connect). -Vous aurez un **compte séparé du reste de votre serveur Yunohost**, avec potentiellement un nom d'utilisateur et un mot de passe différent. - -GoToSocial **ne dispose pas d'une interface utilisateur-ice**. -Vous devrez utiliser un client compatible avec Mastodon comme [Tusky](https://tusky.app/) sur Android, [Feditext](https://fedi.software/@Feditext) sur iOS ou une instance de [Semaphore](https://semaphore.social/) en Web. - ## :red_circle: Fonctions indésirables - **Alpha software**: Early development stage. May contain changing or unstable features, bugs, and security vulnerability. diff --git a/check_process b/check_process deleted file mode 100644 index 40045f7..0000000 --- a/check_process +++ /dev/null @@ -1,33 +0,0 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - -;; Test complet - ; Manifest - admin="xana" - email="user@example.com" - password="1Strong-Password" - port="8095" - ; Checks - pkg_linter=1 - setup_sub_dir=0 - setup_root=1 - setup_nourl=0 - setup_private=0 - setup_public=1 - upgrade=1 - upgrade=1 from_commit=9a6d018337c7d83193282830ff9d9e9b0ae3a733 - upgrade=1 from_commit=2750ec2d59df9c988b7a8624104063fcf7f1c198 - backup_restore=1 - multi_instance=1 - port_already_use=1 - change_url=0 -;;; Options -Email= -Notification=none -;;; Upgrade options - ; commit=9a6d018337c7d83193282830ff9d9e9b0ae3a733 - name=0.6.0~ynh1 - ; commit=2750ec2d59df9c988b7a8624104063fcf7f1c198 - name=0.11.0~ynh1 diff --git a/conf/arm64.src b/conf/arm64.src deleted file mode 100644 index 3fe011b..0000000 --- a/conf/arm64.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/superseriousbusiness/gotosocial/releases/download/v0.13.1/gotosocial_0.13.1_linux_arm64.tar.gz -SOURCE_SUM=be8f9caa2f86d5a11f6d20f52fe6567b045135b45688c25cadf1ee7db8828871 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_EXTRACT=true -SOURCE_IN_SUBDIR=false -SOURCE_FILENAME=gotosocial_0.13.1_linux_arm64.tar.gz diff --git a/conf/armv6.src b/conf/armv6.src deleted file mode 100644 index 5e6dfb8..0000000 --- a/conf/armv6.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/superseriousbusiness/gotosocial/releases/download/v0.13.1/gotosocial_0.13.1_linux_armv6.tar.gz -SOURCE_SUM=3e3bd922458b91cf429557fa912976a00a62082b0c6f045e2f33a66e48eba801 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_EXTRACT=true -SOURCE_IN_SUBDIR=false -SOURCE_FILENAME=gotosocial_0.13.1_linux_armv6.tar.gz diff --git a/conf/armv7.src b/conf/armv7.src deleted file mode 100644 index 1079953..0000000 --- a/conf/armv7.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/superseriousbusiness/gotosocial/releases/download/v0.13.1/gotosocial_0.13.1_linux_armv7.tar.gz -SOURCE_SUM=0ceb2331af54e8bdc16edc1e2cce4b58b32152112d8b77c001630e12e6891b8e -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_EXTRACT=true -SOURCE_IN_SUBDIR=false -SOURCE_FILENAME=gotosocial_0.13.1_linux_armv7.tar.gz diff --git a/conf/config.yaml b/conf/config.yaml index a926a20..f9bf538 100644 --- a/conf/config.yaml +++ b/conf/config.yaml @@ -113,7 +113,7 @@ protocol: "https" # so that the proxy can't be bypassed. # Examples: ["0.0.0.0", "172.128.0.16", "localhost", "[::]", "[2001:db8::fed1]"] # Default: "0.0.0.0" -bind-address: "0.0.0.0" +bind-address: "127.0.0.1" # Int. Listen port for the GoToSocial webserver + API. If you're running behind a reverse proxy and/or in a docker, # container, just set this to whatever you like (or leave the default), and make sure it's forwarded properly. @@ -504,7 +504,7 @@ storage-backend: "__STORAGE_BACKEND__" # Only required when running with the local storage backend. # Examples: ["/home/gotosocial/storage", "/opt/gotosocial/datastorage"] # Default: "/gotosocial/storage" -storage-local-base-path: "__DATADIR__" +storage-local-base-path: "__DATA_DIR__" # String. API endpoint of the S3 compatible service. # Only required when running with the s3 storage backend. @@ -729,18 +729,18 @@ smtp-port: __SMTP_PORT__ # This is often, but not always, an email address. # Examples: ["maillord@example.org"] # Default: "" -smtp-username: "__SMTP_USERNAME__" +smtp-username: "__APP__" # String. Password to use when authenticating with the smtp server. # This should have been provided to you by your smtp host. # Examples: ["1234", "password"] # Default: "" -smtp-password: "__SMTP_PASSWORD__" +smtp-password: "__MAIL_PWD__" # String. 'From' address for sent emails. # Examples: ["mail@example.org"] # Default: "" -smtp-from: "__SMTP_FROM__" +smtp-from: "__APP__@__DOMAIN__" # Bool. If true, when an email is sent that has multiple recipients, each recipient # will be included in the To field, so that each recipient can see who else got the diff --git a/conf/i386.src b/conf/i386.src deleted file mode 100644 index 122679e..0000000 --- a/conf/i386.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/superseriousbusiness/gotosocial/releases/download/v0.13.1/gotosocial_0.13.1_linux_386.tar.gz -SOURCE_SUM=5c5faaeffd06508ef0ce4c4a726b71b7b4d434dbb00c7a932a40207c28345710 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_EXTRACT=true -SOURCE_IN_SUBDIR=false -SOURCE_FILENAME=gotosocial_0.13.1_linux_386.tar.gz diff --git a/conf/nginx.conf b/conf/nginx.conf index d1d550c..f751f6d 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -24,7 +24,7 @@ location __PATH__/ { # media caching stuff # https://docs.gotosocial.org/en/latest/advanced/caching/assets-media/#nginx location /assets/ { - alias __FINAL_PATH__/web/assets/; + alias __INSTALL_DIR__/web/assets/; autoindex off; # 300 = 5 minutes more_set_headers "Cache-control: public, max-age=300"; diff --git a/conf/systemd.service b/conf/systemd.service index 0c5bc1f..efc257a 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -8,8 +8,8 @@ Restart=on-failure User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/ -ExecStart=__FINALPATH__/gotosocial --config-path config.yaml server start +WorkingDirectory=__INSTALL_DIR__/ +ExecStart=__INSTALL_DIR__/gotosocial --config-path config.yaml server start StandardOutput=append:/var/log/__APP__/__APP__.log StandardError=inherit diff --git a/conf/x86-64.src b/conf/x86-64.src deleted file mode 100644 index 8289cd3..0000000 --- a/conf/x86-64.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/superseriousbusiness/gotosocial/releases/download/v0.13.1/gotosocial_0.13.1_linux_amd64.tar.gz -SOURCE_SUM=d62926e379dd210e4579e609b97bcd534eece20c738a72f958eebf2a3737f83e -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_EXTRACT=true -SOURCE_IN_SUBDIR=false -SOURCE_FILENAME=gotosocial_0.13.1_linux_amd64.tar.gz diff --git a/config_panel.toml b/config_panel.toml index 8868e76..d3cee83 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -22,7 +22,7 @@ help = "Config pertaining to creation and maintenance of accounts on the server, [main.accounts.accounts_registration_open] ask.en = "Open registrations?" ask.fr = "Inscriptions ouvertes ?" -bind = "accounts-registration-open:__FINALPATH__/config.yaml" +bind = "accounts-registration-open:__INSTALL_DIR__/config.yaml" choices = ["true", "false"] default = "false" help.en = "Do we want people to be able to just submit sign up requests, or do we want invite only?" @@ -32,7 +32,7 @@ type = "select" [main.accounts.accounts_approval_required] ask.en = "Approval required?" ask.fr = "Validation requise ?" -bind = "accounts-approval-required:__FINALPATH__/config.yaml" +bind = "accounts-approval-required:__INSTALL_DIR__/config.yaml" choices = ["true", "false"] default = "true" help.en = "Do sign up requests require approval from an admin/moderator before an account can sign in/use the server?" @@ -42,7 +42,7 @@ type = "select" [main.accounts.accounts_reason_required] ask.en = "Reason required?" ask.fr = "Motif requis ?" -bind = "accounts-reason-required:__FINALPATH__/config.yaml" +bind = "accounts-reason-required:__INSTALL_DIR__/config.yaml" choices = ["true", "false"] default = "true" help.en = "Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)?" @@ -52,7 +52,7 @@ type = "select" [main.accounts.accounts_allow_custom_css] ask.en = "Allow user custom CSS?" ask.fr = "Autoriser le CSS personnalisé des utilisateurices ?" -bind = "accounts-allow-custom-css:__FINALPATH__/config.yaml" +bind = "accounts-allow-custom-css:__INSTALL_DIR__/config.yaml" choices = ["true", "false"] default = "false" help.en = """Allow accounts on this instance to set custom CSS for their profile pages and statuses.\ @@ -68,7 +68,7 @@ type = "select" [main.accounts.accounts_custom_css_length] ask.en = "Custom CSS max length?" ask.fr = "Longueur max du CSS personnalisé ?" -bind = "accounts-custom-css-length:__FINALPATH__/config.yaml" +bind = "accounts-custom-css-length:__INSTALL_DIR__/config.yaml" default = "10000" help.en = "If accounts-allow-custom-css is 'true', this is the permitted length in characters for CSS uploaded by accounts on this instance. No effect if accounts-allow-custom-css is 'false'. Default: 10000" help.fr = "Si accounts-allow-custom-css est 'true', il s'agit de la longueur autorisée en caractères pour les feuilles de style CSS qui sont fournies par les comptes sur cette instance. Aucun effet si accounts-allow-custom-css est 'false'. Valeur par défaut : 10000" @@ -86,7 +86,7 @@ help = "Config pertaining to user media uploads (videos, image, image descriptio [main.media.media_image_max_size] ask.en = "Maximum allowed image upload size in bytes." ask.fr = "Taille maximale autorisée pour le téléchargement d'images, en octets." -bind = "media-image-max-size:__FINALPATH__/config.yaml" +bind = "media-image-max-size:__INSTALL_DIR__/config.yaml" default = "2097152" help.en = "Default: 2097152 -- aka 2MB" help.fr = "Valeur par défaut : 2097152 (soit 2 Mo)" @@ -95,7 +95,7 @@ type = "number" [main.media.media_video_max_size] ask.en = "Maximum allowed video upload size in bytes." ask.fr = "Taille maximale autorisée pour le téléchargement de vidéos, en octets." -bind = "media-video-max-size:__FINALPATH__/config.yaml" +bind = "media-video-max-size:__INSTALL_DIR__/config.yaml" default = "10485760" help.en = "Default: 10485760 -- aka 10MB" help.fr = "Valeur par défaut : 10485760 (soit 10 Mo)" @@ -104,7 +104,7 @@ type = "number" [main.media.media_description_min_chars] ask.en = "Minimum amount of characters required as an image or video description." ask.fr = "Nombre minimum de caractères requis pour la description d'une image ou d'une vidéo." -bind = "media-description-min-chars:__FINALPATH__/config.yaml" +bind = "media-description-min-chars:__INSTALL_DIR__/config.yaml" default = "0" help.en = "Default: 0 (not required)" help.fr = "Valeur par défaut : 0 (non obligatoire)" @@ -113,7 +113,7 @@ type = "number" [main.media.media_description_max_chars] ask.en = "Maximum amount of characters permitted in an image or video description." ask.fr = "Nombre maximum de caractères requis pour la description d'une image ou d'une vidéo." -bind = "media-description-max-chars:__FINALPATH__/config.yaml" +bind = "media-description-max-chars:__INSTALL_DIR__/config.yaml" default = "500" help.en = "Default: 500" help.fr = "Valeur par défaut : 500" @@ -122,7 +122,7 @@ type = "number" [main.media.media_remote_cache_days] ask.en = "Number of days to cache media from remote instances before they are removed from the cache." ask.fr = "Nombre de jours de mise en cache des médias des instances distantes avant qu'ils ne soient retirés du cache." -bind = "media-remote-cache-days:__FINALPATH__/config.yaml" +bind = "media-remote-cache-days:__INSTALL_DIR__/config.yaml" default = "30" help.en = """Default: 30\ A job will run every day at midnight to clean up any remote media older than the given amount of days. \ @@ -139,7 +139,7 @@ type = "number" [main.media.media_emoji_local_max_size] ask.en = "Max size in bytes of emojis uploaded to this instance via the admin API." ask.fr = "Taille maximale en octets des emojis téléchargés vers cette instance via l'API d'administration." -bind = "media-emoji-local-max-size:__FINALPATH__/config.yaml" +bind = "media-emoji-local-max-size:__INSTALL_DIR__/config.yaml" default = "51200" help.en = """Default: 51200\ The default is the same as the Mastodon size limit for emojis (50kb), which allows for good interoperability.\ @@ -152,7 +152,7 @@ type = "number" [main.media.media_emoji_remote_max_size] ask.en = "Max size in bytes of emojis to download from other instances." ask.fr = "Taille maximale en octets des emojis téléchargeables à partir d'autres instances." -bind = "media-emoji-remote-max-size:__FINALPATH__/config.yaml" +bind = "media-emoji-remote-max-size:__INSTALL_DIR__/config.yaml" default = "102400" help.en = """Default: 102400\ By default this is 100kb, or twice the size of the default for media-emoji-local-max-size.\ @@ -174,7 +174,7 @@ help = "Config pertaining to the creation of statuses/posts, and permitted limit [main.statuses.statuses_max_chars] ask.en = "Maximum amount of characters permitted for a new status." ask.fr = "Nombre maximal de caractères autorisés pour un nouveau statut." -bind = "statuses-max-chars:__FINALPATH__/config.yaml" +bind = "statuses-max-chars:__INSTALL_DIR__/config.yaml" default = "5000" help.en = "Default: 5000. Note that going way higher than the default might break federation." help.fr = "Valeur par défaut : 5000. Notez que si vous dépassez la valeur par défaut, vous risquez de compromettre la fédération." @@ -183,7 +183,7 @@ type = "number" [main.statuses.statuses_cw_max_chars] ask.en = "Maximum amount of characters allowed in the CW/subject header of a status." ask.fr = "Nombre maximum de caractères autorisés dans l'en-tête CW/sujet d'un statut." -bind = "statuses-cw-max-chars:__FINALPATH__/config.yaml" +bind = "statuses-cw-max-chars:__INSTALL_DIR__/config.yaml" default = "100" help.en = "Default: 100. Note that going way higher than the default might break federation." help.fr = "Valeur par défaut : 100. Notez que si vous dépassez la valeur par défaut, vous risquez de compromettre la fédération." @@ -192,7 +192,7 @@ type = "number" [main.statuses.statuses_poll_max_options] ask.en = "Maximum amount of options to permit when creating a new poll." ask.fr = "Nombre maximum d'options autorisées lors de la création d'un nouveau sondage." -bind = "statuses-poll-max-options:__FINALPATH__/config.yaml" +bind = "statuses-poll-max-options:__INSTALL_DIR__/config.yaml" default = "6" help.en = "Default: 6. Note that going way higher than the default might break federation." help.fr = "Valeur par défaut : 6. Notez que si vous dépassez la valeur par défaut, vous risquez de compromettre la fédération." @@ -201,7 +201,7 @@ type = "number" [main.statuses.statuses_poll_option_max_chars] ask.en = "Maximum amount of characters to permit per poll option when creating a new poll." ask.fr = "Nombre maximal de caractères autorisés par option de sondage lors de la création d'un nouveau sondage." -bind = "statuses-poll-option-max-chars:__FINALPATH__/config.yaml" +bind = "statuses-poll-option-max-chars:__INSTALL_DIR__/config.yaml" default = "50" help.en = "Default: 50. Note that going way higher than the default might break federation." help.fr = "Valeur par défaut : 50. Notez que si vous dépassez la valeur par défaut, vous risquez de compromettre la fédération." @@ -210,7 +210,7 @@ type = "number" [main.statuses.statuses_media_max_files] ask.en = "Maximum amount of media files that can be attached to a new status." ask.fr = "Quantité maximale de fichiers multimédias qui peuvent être joints à un nouveau statut." -bind = "statuses-media-max-files:__FINALPATH__/config.yaml" +bind = "statuses-media-max-files:__INSTALL_DIR__/config.yaml" default = "6" help.en = "Default: 6. Note that going way higher than the default might break federation." help.fr = "Valeur par défaut : 6. Notez que si vous dépassez la valeur par défaut, vous risquez de compromettre la fédération." @@ -229,7 +229,7 @@ help = "Config pertaining to instance federation settings, pages to hide/expose, [main.instance.instance_federation_mode] ask.en = "Federation mode to use for this instance" ask.fr = "Le mode de fédération à utiliser pour cette instance" -bind = "instance-federation-mode:__FINALPATH__/config.yaml" +bind = "instance-federation-mode:__INSTALL_DIR__/config.yaml" choices = ["blocklist", "allowlist"] default = "blocklist" help.en = """blocklist: open federation by default. Only instances that are explicitly blocked will be denied (unless they are also explicitly allowed).\ @@ -241,7 +241,7 @@ type = "select" [main.instance.landing_page_user] ask.en = "Landing page user" ask.fr = "Utilisateurice en tant que page d'accueil" -bind = "landing-page-user:__FINALPATH__/config.yaml" +bind = "landing-page-user:__INSTALL_DIR__/config.yaml" help.en = "The user that will be shown instead of the landing page. if no user is set, the landing page will be shown." help.fr = "L'utilisateurice qui sera affiché-e à la place de la page d'accueil. Si le champ est laissé vide, la page d'accueil normale sera affichée." type = "string" @@ -249,7 +249,7 @@ type = "string" [main.instance.instance_expose_peers] ask.en = "API: Expose peers?" ask.fr = "API : Exposer les pairs ?" -bind = "instance-expose-peers:__FINALPATH__/config.yaml" +bind = "instance-expose-peers:__INSTALL_DIR__/config.yaml" choices = ["true", "false"] default = "false" help.en = "Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=open in order to see a list of instances that this instance 'peers' with. Even if set to 'false', then authenticated users (members of the instance) will still be able to query the endpoint." @@ -259,7 +259,7 @@ type = "select" [main.instance.instance_expose_suspended] ask.en = "API: Expose suspended?" ask.fr = "API : Exposer les instances bloquées ?" -bind = "instance-expose-suspended:__FINALPATH__/config.yaml" +bind = "instance-expose-suspended:__INSTALL_DIR__/config.yaml" choices = ["true", "false"] default = "false" help.en = "Allow unauthenticated users to make queries to /api/v1/instance/peers?filter=suspended in order to see a list of instances that this instance blocks/suspends. This will also allow unauthenticated users to see the list through the web UI. Even if set to 'false', then authenticated users (members of the instance) will still be able to query the endpoint." @@ -269,7 +269,7 @@ type = "select" [main.instance.instance_expose_suspended_web] ask.en = "API: Expose suspended on Web (/about/suspended)?" ask.fr = "API : Exposer les instances bloquées sur le Web (/about/suspended) ?" -bind = "instance-expose-suspended-web:__FINALPATH__/config.yaml" +bind = "instance-expose-suspended-web:__INSTALL_DIR__/config.yaml" choices = ["true", "false"] default = "false" help.en = "Allow unauthenticated users to view /about/suspended, showing the HTML rendered list of instances that this instance blocks/suspends." @@ -279,7 +279,7 @@ type = "select" [main.instance.instance_expose_public_timeline] ask.en = "API: Expose public timeline?" ask.fr = "API : Exposer la timeline publique ?" -bind = "instance-expose-public-timeline:__FINALPATH__/config.yaml" +bind = "instance-expose-public-timeline:__INSTALL_DIR__/config.yaml" choices = ["true", "false"] default = "false" help.en = "Allow unauthenticated users to make queries to /api/v1/timelines/public in order to see a list of public posts on this server. Even if set to 'false', then authenticated users (members of the instance) will still be able to query the endpoint." @@ -289,7 +289,7 @@ type = "select" [main.instance.instance_deliver_to_shared_inboxes] ask.en = "Deliver to shared inboxes?" ask.fr = "Envoi en boites partagées ?" -bind = "instance-deliver-to-shared-inboxes:__FINALPATH__/config.yaml" +bind = "instance-deliver-to-shared-inboxes:__INSTALL_DIR__/config.yaml" choices = ["true", "false"] default = "true" help.en = """This flag tweaks whether GoToSocial will deliver ActivityPub messages to the shared inbox of a recipient, if one is available, instead of delivering each message to each actor who should receive a message individually.\ @@ -303,7 +303,7 @@ type = "select" [main.instance.instance_inject_mastodon_version] ask.en = "Inject Mastodon version?" ask.fr = "Injecter une version Mastodon ?" -bind = "instance-inject-mastodon-version:__FINALPATH__/config.yaml" +bind = "instance-inject-mastodon-version:__INSTALL_DIR__/config.yaml" choices = ["true", "false"] default = "false" help.en = """This flag will inject a Mastodon version into the version field that is included in /api/v1/instance.\ @@ -329,7 +329,7 @@ help = "Config for sending emails via an smtp server." [main.smtp.smtp_host] ask.en = "SMTP Server Hostname" ask.fr = "Nom d'hôte du serveur SMTP" -bind = "smtp-host:__FINALPATH__/config.yaml" +bind = "smtp-host:__INSTALL_DIR__/config.yaml" default = "localhost" help.en = "The hostname of the SMTP server you want to use. Examples: mail.example.org, localhost" help.fr = "Le nom d'hôte du serveur SMTP que vous souhaitez utiliser. Exemples: mail.example.org, localhost" @@ -338,7 +338,7 @@ type = "string" [main.smtp.smtp_port] ask.en = "SMTP Port" ask.fr = "Port SMTP" -bind = "smtp-port:__FINALPATH__/config.yaml" +bind = "smtp-port:__INSTALL_DIR__/config.yaml" default = "25" help.en = "Port to use to connect to the SMTP server" help.fr = "Port à utiliser pour se connecter au serveur SMTP" @@ -347,7 +347,7 @@ type = "number" [main.smtp.smtp_username] ask.en = "SMTP Username" ask.fr = "Nom d'utilisateur SMTP" -bind = "smtp-username:__FINALPATH__/config.yaml" +bind = "smtp-username:__INSTALL_DIR__/config.yaml" default = "" help.en = "Username to use when authenticating with the SMTP server" help.fr = "Nom d'utilisateur à utiliser lors de l'authentification avec le serveur SMTP" @@ -356,7 +356,7 @@ type = "string" [main.smtp.smtp_password] ask.en = "SMTP Password" ask.fr = "Mot de passe SMTP" -bind = "smtp-password:__FINALPATH__/config.yaml" +bind = "smtp-password:__INSTALL_DIR__/config.yaml" default = "" help.en = "Password to use when authenticating with the SMTP server" help.fr = "Mot de passe à utiliser lors de l'authentification avec le serveur SMTP" @@ -365,7 +365,7 @@ type = "password" [main.smtp.smtp_from] ask.en = "SMTP From Address" ask.fr = "Adresse d'expédition SMTP" -bind = "smtp-from:__FINALPATH__/config.yaml" +bind = "smtp-from:__INSTALL_DIR__/config.yaml" default = "GoToSocial@__DOMAIN__" help.en = "From address for sent emails" help.fr = "L'adresse utilisée pour les e-mails envoyés" @@ -374,7 +374,7 @@ type = "email" [main.smtp.smtp_disclose_recipients] ask.en = "SMTP Disclose Recipients" ask.fr = "SMTP Divulguer les destinataires" -bind = "smtp-disclose-recipients:__FINALPATH__/config.yaml" +bind = "smtp-disclose-recipients:__INSTALL_DIR__/config.yaml" choices = ["true", "false"] default = "false" help.en = """true: Disclose all recipients in the To field\ @@ -396,7 +396,7 @@ help = "Settings pertaining to... the cache" [main.cache.cache_memory_target] ask.en = "Value of the cache target" ask.fr = "Valeur du niveau de cache" -bind = "memory-target:__FINALPATH__/config.yaml" +bind = "memory-target:__INSTALL_DIR__/config.yaml" default = "100MiB" help.en = """Sets a target limit that the application will try to keep it's caches within.\ This is based on estimated sizes of in-memory objects, and so NOT AT ALL EXACT. @@ -419,7 +419,7 @@ help = "Settings pertaining to... OpenID Connect" [main.oidc.oidc_enabled] ask.en = "Activate OpenID Connect?" ask.fr = "Activer OpenID Connect ?" -bind = "oidc-enabled:__FINALPATH__/config.yaml" +bind = "oidc-enabled:__INSTALL_DIR__/config.yaml" choices = ["true", "false"] default = "false" help.en = "Enable authentication with external OIDC provider." @@ -429,7 +429,7 @@ type = "select" [main.oidc.oidc_idp_name] ask.en = "Name of the OIDC IDP (identity provider)" ask.fr = "Nom de l'OIDC IDP (identity provider)" -bind = "oidc-idp-name:__FINALPATH__/config.yaml" +bind = "oidc-idp-name:__INSTALL_DIR__/config.yaml" default = "" help.en = "This will be shown to users when they log in. Examples: \"Dex\" or \"YunoHost\"" help.fr = "Sera affiché aux utilisateurices lros de leur connexion. Exemples: \"Dex\" ou \"YunoHost\"" @@ -438,7 +438,7 @@ type = "string" [main.oidc.oidc_skip_verification] ask.en = "Skip the normal verification flow of tokens returned from the OIDC provider" ask.fr = "Passer la vérification du flux des jetons renvoyés par le fournisseur OIDC" -bind = "oidc-skip-verification:__FINALPATH__/config.yaml" +bind = "oidc-skip-verification:__INSTALL_DIR__/config.yaml" choices = ["true", "false"] default = "false" help.en = "ie. don't check the expiry or signature. This should only be used in debugging or testing, never ever in a production environment as it's extremely unsafe!" @@ -448,7 +448,7 @@ type = "select" [main.oidc.oidc_issuer] ask.en = "The OIDC issuer URI." ask.fr = "URI du fournisseur OIDC" -bind = "oidc-issuer:__FINALPATH__/config.yaml" +bind = "oidc-issuer:__INSTALL_DIR__/config.yaml" default = "" help.en = "This is where GtS will redirect users to for login. Typically this will look like a standard web URL. Examples: \"https://auth.example.org\", \"https://example.org/auth\"" help.fr = "C'est l'endroit où GtS redirigera les utilisateurs pour qu'ils se connectent. En règle générale, il s'agit d'une URL web standard. Exemples : \"https://auth.example.org\", \"https://example.org/auth\"" @@ -457,7 +457,7 @@ type = "string" [main.oidc.oidc_client_id] ask.en = "OIDC client ID" ask.fr = "Client ID du fournisseur OIDC" -bind = "oidc-client-id:__FINALPATH__/config.yaml" +bind = "oidc-client-id:__INSTALL_DIR__/config.yaml" default = "" help.en = "The ID for this client as registered with the OIDC provider." help.fr = "L'identifiant pour ce client tel qu'enregistré auprès du fournisseur OIDC" @@ -466,7 +466,7 @@ type = "string" [main.oidc.oidc_client_secret] ask.en = "OIDC client secret (password)" ask.fr = "Client secret (mot de passe) du fournisseur OIDC" -bind = "oidc-client-secret:__FINALPATH__/config.yaml" +bind = "oidc-client-secret:__INSTALL_DIR__/config.yaml" default = "" help.en = "The secret for this client as registered with the OIDC provider." help.fr = "Le secret pour ce client tel qu'enregistré auprès du fournisseur OIDC" @@ -475,7 +475,7 @@ type = "string" [main.oidc.oidc_link_existing] ask.en = "Link OIDC users to existings ones (email based)?" ask.fr = "Lier les utilisateurices OIDC à ceux existants (basé sur leur email) ?" -bind = "oidc-link-existing:__FINALPATH__/config.yaml" +bind = "oidc-link-existing:__INSTALL_DIR__/config.yaml" choices = ["true", "false"] default = "false" help.en = "Link OIDC authenticated users to existing ones based on their email address. This is mostly intended for migration purposes if you were running previous versions of GTS which only correlated users with their email address. Should be set to false for most usecases." @@ -495,7 +495,7 @@ help = "Settings pertaining to http timeouts, security, cookies, and more. ⚠ [main.advanced.advanced_cookies_samesite] ask.en = "Value of the SameSite attribute of cookies set by GoToSocial." ask.fr = "Valeur de l'attribut SameSite des cookies définis par GoToSocial." -bind = "advanced-cookies-samesite:__FINALPATH__/config.yaml" +bind = "advanced-cookies-samesite:__INSTALL_DIR__/config.yaml" choices = ["lax", "strict"] default = "lax" help.en = """Defaults to 'lax' to ensure that the OIDC flow does not break, which is fine in most cases.\ @@ -508,7 +508,7 @@ type = "select" [main.advanced.advanced_rate_limit_requests] ask.en = "Amount of requests to permit from a single IP address within a span of 5 minutes." ask.fr = "Nombre de requêtes autorisées à partir d'une seule adresse IP dans un délai de 5 minutes." -bind = "advanced-rate-limit-requests:__FINALPATH__/config.yaml" +bind = "advanced-rate-limit-requests:__INSTALL_DIR__/config.yaml" default = "300" help.en = """Default: 300\ If this amount is exceeded, a 429 HTTP error code will be returned.\ diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md deleted file mode 100644 index 4634159..0000000 --- a/doc/DISCLAIMER.md +++ /dev/null @@ -1,11 +0,0 @@ -GoToSocial is still in alpha and **may be unstable**. The beta is planned for 2024. -You can read [the roadmap](https://github.com/superseriousbusiness/gotosocial/blob/main/ROADMAP.md) to check the progress of GoToSocial's features. - -GoToSocial require a **dedicated domain (or subdomain) name**, for example: gotosocial.example.com - -This package is not-working with the SSO (single-sign on) or LDAP integration. -However, it can be configured to use the OpenID Connect protocol and Dex (a program that links LDAP and OpenID Connect) to enable connection with your YunoHost users, see [the relevant part of the doc](./doc/DOCS.md#openid-connect). -You will have a **separate account from the rest of your Yunohost server**, potentially with a different username and password. - -GoToSocial **does not provide a user interface**. -You will need to use a Mastodon-compatible client such as [Tusky](https://tusky.app/) on Android, [Feditext](https://fedi.software/@Feditext) for iOS or an instance of [Semaphore](https://semaphore.social/) on the Web. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md deleted file mode 100644 index 2859fa5..0000000 --- a/doc/DISCLAIMER_fr.md +++ /dev/null @@ -1,11 +0,0 @@ -GoToSocial est encore en alpha et **peut etre instable**. La beta est prévue pour 2024. -Vous pouvez consulter [la roadmap](https://github.com/superseriousbusiness/gotosocial/blob/main/ROADMAP.md) pour vérifier l'avancée des fonctionnalités de GoToSocial. - -GoToSocial nécessite un **nom de domaine (ou sous domaine) dédié**, par exemple : gotosocial.example.com - -Ce paquet ne fonctionne pas avec l'authentification unique (SSO) ou l'intégration LDAP. -Cependant, il peut être configuré pour utiliser le protocole OpenID Connect et Dex (un programme qui fait la liaison LDAP et OpenID Connect) pour permettra la connection avec vos utilisateurs YunoHost, pour cela, voir [la partie de la doc idoine](./doc/DOCS_fr.md#openid-connect). -Vous aurez un **compte séparé du reste de votre serveur Yunohost**, avec potentiellement un nom d'utilisateur et un mot de passe différent. - -GoToSocial **ne dispose pas d'une interface utilisateur-ice**. -Vous devrez utiliser un client compatible avec Mastodon comme [Tusky](https://tusky.app/) sur Android, [Feditext](https://fedi.software/@Feditext) sur iOS ou une instance de [Semaphore](https://semaphore.social/) en Web. diff --git a/doc/DOCS.md b/doc/DOCS.md index bf2f997..25a6035 100644 --- a/doc/DOCS.md +++ b/doc/DOCS.md @@ -76,6 +76,11 @@ And to promote them as an administrator of your instance: ## OpenID Connect +This package is not-working with the SSO (single-sign on) or LDAP integration. +However, it can be configured to use the OpenID Connect protocol and Dex (a program that links LDAP and OpenID Connect) to enable connection with your YunoHost users. + +You will have a **separate account from the rest of your Yunohost server**, potentially with a different username and password. + You can read the [official GoToSocial documentation about OpenID Connect](https://docs.gotosocial.org/en/latest/configuration/oidc/) in support if you want. To use OpenID Connect, the YunoHost admin must: diff --git a/doc/DOCS_fr.md b/doc/DOCS_fr.md index bc87f2e..defe223 100644 --- a/doc/DOCS_fr.md +++ b/doc/DOCS_fr.md @@ -76,6 +76,11 @@ Et pour promouvoir un compte en tant qu'administrateur de votre instance : ## OpenID Connect +Ce paquet ne fonctionne pas avec l'authentification unique (SSO) ou l'intégration LDAP. +Cependant, il peut être configuré pour utiliser le protocole OpenID Connect et Dex (un programme qui fait la liaison LDAP et OpenID Connect) pour permettra la connection avec vos utilisateurs YunoHost. + +Vous aurez un **compte séparé du reste de votre serveur Yunohost**, avec potentiellement un nom d'utilisateur et un mot de passe différent. + Vous pouvez regarder la [documentation officielle de GoToSocial au sujet de OpenID Connect](https://docs.gotosocial.org/en/latest/configuration/oidc/) en support si vous le souhaitez. Pour utiliser OpenID Connect, l'admin YunoHost doit: diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md new file mode 100644 index 0000000..6a5c546 --- /dev/null +++ b/doc/PRE_INSTALL.md @@ -0,0 +1,9 @@ +GoToSocial require a **dedicated domain (or subdomain) name**, for example: gotosocial.example.com + +Please note the following points: + +- You will no longer be able to change this domain name once it has been set up GoToSocial. +- If you uninstall GoToSocial, you will no longer be able to use this domain name with another federated software installation, as it will be impossible to reuse the keys used to secure the federation. +- GoToSocial **does not provide a user interface**. + +You will need to use a Mastodon-compatible client such as [Tusky](https://tusky.app/) on Android, [Feditext](https://fedi.software/@Feditext) for iOS or an instance of [Semaphore](https://semaphore.social/) on the Web. diff --git a/doc/PRE_INSTALL_fr.md b/doc/PRE_INSTALL_fr.md new file mode 100644 index 0000000..ed2af3f --- /dev/null +++ b/doc/PRE_INSTALL_fr.md @@ -0,0 +1,9 @@ +GoToSocial nécessite un **nom de domaine (ou sous domaine) dédié**, par exemple : gotosocial.example.com + +Veuillez noter les points suivant : + +- Vous ne pourrez plus changer ce nom de domaine une fois défini et GoToSocial installé. +- Vous ne pourrez plus utiliser ce nom de domaine avec une autre installation d'un logiciel de fédivers si vous désinstallez GoToSocial, en raison de l'impossibilité de réutiliser les clés servant à sécuriser la fédération. +- GoToSocial **ne dispose pas d'une interface utilisateur-ice**. + +Vous devrez utiliser un client compatible avec Mastodon comme [Tusky](https://tusky.app/) sur Android, [Feditext](https://fedi.software/@Feditext) sur iOS ou une instance de [Semaphore](https://semaphore.social/) en Web. diff --git a/manifest.json b/manifest.json deleted file mode 100644 index d602baf..0000000 --- a/manifest.json +++ /dev/null @@ -1,109 +0,0 @@ -{ - "name": "GoToSocial", - "id": "gotosocial", - "packaging_format": 1, - "description": { - "en": "Fast ActivityPub social network server written in Go", - "fr": "Serveur de réseau social véloce basé sur ActivityPub écrit en Go" - }, - "version": "0.13.1~ynh1", - "url": "https://github.com/superseriousbusiness/gotosocial", - "upstream": { - "license": "AGPL-3.0-only", - "website": "https://gotosocial.org/", - "demo": "", - "admindoc": "https://docs.gotosocial.org/en/latest/", - "userdoc": "https://docs.gotosocial.org/en/latest/", - "code": "https://github.com/superseriousbusiness/gotosocial" - }, - "license": "AGPL-3.0-only", - "maintainer": { - "name": "OniriCorpe", - "email": "" - }, - "requirements": { - "yunohost": ">= 11.2.6" - }, - "multi_instance": true, - "services": [ - "nginx", - "postgresql" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "admin", - "type": "string", - "ask": { - "en": "The username of your admin account.", - "fr": "Le nom d'utilisateur de votre compte admin." - }, - "help": { - "en": "Must be in lower case and without special characters.", - "fr": "Doit être en minuscule et sans caractère special." - }, - "example": "johndoe" - }, - { - "name": "email", - "type": "string", - "ask": { - "en": "The email adress of your admin account.", - "fr": "L'adresse e-mail de votre compte admin." - }, - "example": "johndoe@example.com" - }, - { - "name": "password", - "type": "password", - "help": { - "en": "Must contain: upper case, lower case, number and special character.", - "fr": "Il doit contenir : majuscule, minuscule, chiffre et caractère spécial." - } - }, - { - "name": "accounts_registration_open", - "type": "boolean", - "ask": { - "en": "Open registration?", - "fr": "Inscriptions ouvertes ?" - }, - "help": { - "en": "Do you want people to be able to just submit sign up requests (true), or do you want invite only (false)?", - "fr": "Voulez-vous que les gens puissent envoyer des demandes d'inscription (true) ou voulez-vous que les inscriptions soient uniquement sur invitation (false) ?" - }, - "default": false - }, - { - "name": "accounts_approval_required", - "type": "boolean", - "ask": { - "en": "Registration approval?", - "fr": "Vérification manuelle des inscriptions ?" - }, - "help": { - "en": "Do sign up requests require approval from an admin/moderator before an account can sign in/use the server?", - "fr": "Les demandes d'inscription doivent-elles être approuvées par un-e administrateur-ice/modérateur-ice avant qu'un compte puisse se connecter et utiliser le serveur ?" - }, - "default": true - }, - { - "name": "accounts_reason_required", - "type": "boolean", - "ask": { - "en": "Request registration reason?", - "fr": "Demande de motif pour les inscriptions ?" - }, - "help": { - "en": "Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)?", - "fr": "Les demandes d'inscription doivent-elles être accompagnée d'un motif (par exemple, une explication de la raison pour laquelle la personne veut rejoindre l'instance) ?" - }, - "default": true - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..9cd40a0 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,118 @@ +#:schema https://raw.githubusercontent.com/YunoHost/apps/master/schemas/manifest.v2.schema.json + +packaging_format = 2 + +id = "gotosocial" +name = "GoToSocial" +description.en = "Fast ActivityPub social network server written in Go" +description.fr = "Serveur de réseau social véloce basé sur ActivityPub écrit en Go" + +version = "0.13.1~ynh1" + +maintainers = ["OniriCorpe"] + +[upstream] +license = "AGPL-3.0-only" +website = "https://gotosocial.org/" +admindoc = "https://docs.gotosocial.org/en/latest/" +userdoc = "https://docs.gotosocial.org/en/latest/" +code = "https://github.com/superseriousbusiness/gotosocial" + +[integration] +yunohost = ">= 11.2.6" +architectures = "all" +multi_instance = true +ldap = false +sso = false +disk = "50M" +ram.build = "100M" +ram.runtime = "100M" + +[install] +[install.domain] +type = "domain" + +[install.admin] +ask.en = "Name your admin user for GoToSocial" +ask.fr = "Nommez votre compte administrateur pour GoToSocial" +help.en = "Must be in lower case and without special characters." +help.fr = "Doit être en minuscule et sans caractère special." +type = "string" +example = "johndoe" + +[install.email] +ask.en = "The email adress of your admin account." +ask.fr = "L'adresse e-mail de votre compte admin." +type = "string" +example = "johndoe@example.com" + +[install.password] +help.en = "Must contain: upper case, lower case, number and special character." +help.fr = "Il doit contenir : majuscule, minuscule, chiffre et caractère spécial." +type = "password" + +[install.accounts_registration_open] +ask.en = "Open registration?" +ask.fr = "Inscriptions ouvertes ?" +help.en = "Do you want people to be able to just submit sign up requests (true), or do you want invite only (false)?" +help.fr = "Voulez-vous que les gens puissent envoyer des demandes d'inscription (true) ou voulez-vous que les inscriptions soient uniquement sur invitation (false) ?" +type = "boolean" +default = false + +[install.accounts_approval_required] +ask.en = "Registration approval?" +ask.fr = "Vérification manuelle des inscriptions ?" +help.en = "Do sign up requests require approval from an admin/moderator before an account can sign in/use the server?" +help.fr = "Les demandes d'inscription doivent-elles être approuvées par un-e administrateur-ice/modérateur-ice avant qu'un compte puisse se connecter et utiliser le serveur ?" +type = "boolean" +default = true + +[install.accounts_reason_required] +ask.en = "Request registration reason?" +ask.fr = "Demande de motif pour les inscriptions ?" +help.en = "Are sign up requests required to submit a reason for the request (eg., an explanation of why they want to join the instance)?" +help.fr = "Les demandes d'inscription doivent-elles être accompagnée d'un motif (par exemple, une explication de la raison pour laquelle la personne veut rejoindre l'instance) ?" +type = "boolean" +default = true + +[resources] +[resources.sources.main] +in_subdir = false +i386.url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v0.13.1/gotosocial_0.13.1_linux_386.tar.gz" +i386.sha256 = "5c5faaeffd06508ef0ce4c4a726b71b7b4d434dbb00c7a932a40207c28345710" +amd64.url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v0.13.1/gotosocial_0.13.1_linux_amd64.tar.gz" +amd64.sha256 = "d62926e379dd210e4579e609b97bcd534eece20c738a72f958eebf2a3737f83e" +armv6.url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v0.13.1/gotosocial_0.13.1_linux_armv6.tar.gz" +armv6.sha256 = "3e3bd922458b91cf429557fa912976a00a62082b0c6f045e2f33a66e48eba801" +armv7.url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v0.13.1/gotosocial_0.13.1_linux_armv7.tar.gz" +armv7.sha256 = "0ceb2331af54e8bdc16edc1e2cce4b58b32152112d8b77c001630e12e6891b8e" +arm64.url = "https://github.com/superseriousbusiness/gotosocial/releases/download/v0.13.1/gotosocial_0.13.1_linux_arm64.tar.gz" +arm64.sha256 = "be8f9caa2f86d5a11f6d20f52fe6567b045135b45688c25cadf1ee7db8828871" + +autoupdate.asset.i386 = "linux_386.tar.gz" +autoupdate.asset.amd64 = "linux_amd64.tar.gz" +autoupdate.asset.armv6 = "linux_armv6.tar.gz" +autoupdate.asset.armv7 = "linux_armv7.tar.gz" +autoupdate.asset.arm64 = "linux_arm64.tar.gz" +autoupdate.strategy = "latest_github_release" + +[resources.system_user] +allow_email = true + +[resources.install_dir] + +[resources.data_dir] + +[resources.permissions] +main.url = "/" +main.allowed = "visitors" +main.protected = true +main.show_tile = false + +[resources.ports] + +[resources.apt] +packages = "postgresql, postgresql-contrib" + +[resources.database] +type = "postgresql" diff --git a/scripts/_common.sh b/scripts/_common.sh index 528d5fd..a8bdbb9 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,9 +4,6 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app -pkg_dependencies="postgresql postgresql-contrib" - #================================================= # PERSONAL HELPERS #================================================= @@ -18,7 +15,7 @@ detect_arch(){ if uname -m | grep -q -E "arm64|aarch64" ; then architecture="arm64" elif uname -m | grep -q "64" ; then - architecture="x86-64" + architecture="amd64" elif uname -m | grep -q "86" ; then architecture="i386" elif uname -m | grep -q "armv6" ; then @@ -26,7 +23,7 @@ detect_arch(){ elif uname -m | grep -q "armv7" ; then architecture="armv7" else - architecture="unknown" + ynh_die --message="The script can't identify a valid architecture. Please report this error." fi echo $architecture } diff --git a/scripts/backup b/scripts/backup index 14f4599..0db8849 100755 --- a/scripts/backup +++ b/scripts/backup @@ -10,53 +10,22 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app="$YNH_APP_INSTANCE_NAME" - -domain=$(ynh_app_setting_get --app="$app" --key=domain) - -db_name=$(ynh_app_setting_get --app="$app" --key=db_name) - -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) - -datadir=$(ynh_app_setting_get --app="$app" --key=datadir) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= ynh_print_info --message="Declaring files to be backed up..." -### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs -### to be backuped and not an actual copy of any file. The actual backup that -### creates and fill the archive with the files happens in the core after this -### script is called. Hence ynh_backups calls takes basically 0 seconds to run. - #================================================= # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE DATA DIR #================================================= -ynh_backup --src_path="$datadir" --is_big +ynh_backup --src_path="$data_dir" --is_big #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/install b/scripts/install index 5ad594b..4cf31fd 100755 --- a/scripts/install +++ b/scripts/install @@ -9,34 +9,17 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -app="$YNH_APP_INSTANCE_NAME" - landing_page_user="" domain="$YNH_APP_ARG_DOMAIN" -path_url="/" +path="/" client_max_body_size="100M" -admin="$YNH_APP_ARG_ADMIN" -email="$YNH_APP_ARG_EMAIL" -password="$YNH_APP_ARG_PASSWORD" - # Config stuff: cache_memory_target="100MiB" @@ -84,38 +67,27 @@ oidc_client_id="" oidc_client_secret="" oidc_link_existing="false" -smtp_host="localhost" +smtp_host="127.0.0.1" smtp_port="25" -smtp_username="" -smtp_password="" -smtp_from="noreply@$domain" +smtp_username="$app" +smtp_password="$mail_pwd" +smtp_from="$app@$domain" smtp_disclose_recipients="false" advanced_cookies_samesite="lax" advanced_rate_limit_requests="300" -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= - -ynh_script_progression --message="Validating installation parameters..." --weight=1 - -final_path="/var/www/$app" -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -ynh_webpath_register --app="$app" --domain="$domain" --path_url="$path_url" - #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." --weight=1 -ynh_app_setting_set --app="$app" --key=final_path --value="$final_path" +ynh_app_setting_set --app="$app" --key=install_dir --value="$install_dir" ynh_app_setting_set --app="$app" --key=landing_page_user --value="$landing_page_user" ynh_app_setting_set --app="$app" --key=domain --value="$domain" -ynh_app_setting_set --app="$app" --key=path_url --value="$path_url" +ynh_app_setting_set --app="$app" --key=path --value="$path" ynh_app_setting_set --app="$app" --key=client_max_body_size --value="$client_max_body_size" @@ -166,7 +138,7 @@ ynh_app_setting_set --app="$app" --key=oidc_skip_verification --value="$oidc_ski ynh_app_setting_set --app="$app" --key=oidc_issuer --value="$oidc_issuer" ynh_app_setting_set --app="$app" --key=oidc_client_id --value="$oidc_client_id" ynh_app_setting_set --app="$app" --key=oidc_client_secret --value="$oidc_client_secret" -ynh_app_setting_set --app="$app" --key=oidc_client_secret --value="$oidc_link_existing" +ynh_app_setting_set --app="$app" --key=oidc_link_existing --value="$oidc_link_existing" ynh_app_setting_set --app="$app" --key=smtp_host --value="$smtp_host" ynh_app_setting_set --app="$app" --key=smtp_port --value="$smtp_port" @@ -178,46 +150,6 @@ ynh_app_setting_set --app="$app" --key=smtp_disclose_recipients --value="$smtp_d ynh_app_setting_set --app="$app" --key=advanced_cookies_samesite --value="$advanced_cookies_samesite" ynh_app_setting_set --app="$app" --key=advanced_rate_limit_requests --value="$advanced_rate_limit_requests" -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." --weight=1 - -# Find an available port -port=$(ynh_find_port --port=8095) -ynh_app_setting_set --app="$app" --key=port --value="$port" - -#================================================= -# INSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Installing dependencies..." --weight=5 - -ynh_exec_warn_less ynh_install_app_dependencies "$pkg_dependencies" - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username="$app" --home_dir="$final_path" - -#================================================= -# CREATE A POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Creating a PostgreSQL database..." --weight=5 - -db_name=$(ynh_sanitize_dbid --db_name="$app") -db_user="$db_name" -db_pwd=$(ynh_string_random --length=30) -ynh_app_setting_set --app="$app" --key=db_name --value="$db_name" -ynh_app_setting_set --app="$app" --key=db_user --value="$db_user" -ynh_app_setting_set --app="$app" --key=db_pwd --value="$db_pwd" -ynh_psql_test_if_first_run -ynh_psql_setup_db --db_user="$db_user" --db_name="$db_name" --db_pwd="$db_pwd" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -231,7 +163,7 @@ ynh_script_progression --message="Setting up source files..." --weight=1 architecture=$(detect_arch) # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" --source_id="$architecture" +ynh_setup_source --dest_dir="$install_dir" # FIXME: this should be managed by the core in the future # Here, as a packager, you may have to tweak the ownerhsip/permissions @@ -239,9 +171,9 @@ ynh_setup_source --dest_dir="$final_path" --source_id="$architecture" # files in some cases. # But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder _ # this will be treated as a security issue. -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R "$app:www-data" "$final_path" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R "$app:www-data" "$install_dir" #================================================= # NGINX CONFIGURATION @@ -251,38 +183,18 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config for the main domain ynh_add_nginx_config -#================================================= -# CREATE DATA DIRECTORY -#================================================= -ynh_script_progression --message="Creating a data directory..." --weight=1 - -datadir=/home/yunohost.app/$app -ynh_app_setting_set --app="$app" --key=datadir --value="$datadir" - -mkdir -p "$datadir" - -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. -chmod 750 "$datadir" -chmod -R o-rwx "$datadir" -chown -R "$app:www-data" "$datadir" - #================================================= # ADD A CONFIGURATION #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml" +ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" # FIXME: this should be handled by the core in the future # You may need to use chmod 600 instead of 400, # for example if the app is expected to be able to modify its own config -chmod 400 "$final_path/config.yaml" -chown "$app:$app" "$final_path/config.yaml" +chmod 400 "$install_dir/config.yaml" +chown "$app:$app" "$install_dir/config.yaml" #================================================= # SETUP SYSTEMD @@ -322,12 +234,12 @@ yunohost service add "$app" --description="Gotosocial server" --log="/var/log/$a #================================================= ynh_script_progression --message="Creating gotosocial admin user..." --weight=1 -# using "/var/www/$app" instead of "$final_path" as a temporary workaround for this bug: +# using "/var/www/$app" instead of "$install_dir" as a temporary workaround for this bug: # bad_ynh_exec_syntax() false positive: https://github.com/YunoHost/package_linter/issues/123 -ynh_exec_warn_less /var/www/"$app"/gotosocial --config-path "$final_path/config.yaml" admin account create --username "$admin" --email "$email" --password "$password" +ynh_exec_warn_less /var/www/"$app"/gotosocial --config-path "$install_dir/config.yaml" admin account create --username "$admin" --email "$email" --password "$password" -ynh_exec_warn_less /var/www/"$app"/gotosocial --config-path "$final_path/config.yaml" admin account promote --username "$admin" +ynh_exec_warn_less /var/www/"$app"/gotosocial --config-path "$install_dir/config.yaml" admin account promote --username "$admin" #================================================= # START SYSTEMD SERVICE @@ -337,21 +249,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 - -# Everyone can access the app. -ynh_permission_update --permission="main" --add="visitors" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index 0298c20..4dc7628 100755 --- a/scripts/remove +++ b/scripts/remove @@ -9,20 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app="$YNH_APP_INSTANCE_NAME" - -domain=$(ynh_app_setting_get --app="$app" --key=domain) -port=$(ynh_app_setting_get --app="$app" --key=port) -db_name=$(ynh_app_setting_get --app="$app" --key=db_name) -db_user=$(ynh_app_setting_get --app="$app" --key=db_user) -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) -datadir=$(ynh_app_setting_get --app="$app" --key=datadir) - #================================================= # STANDARD REMOVE #================================================= @@ -44,38 +30,6 @@ ynh_script_progression --message="Stopping and removing the systemd service..." # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE THE POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Removing the PostgreSQL database..." --weight=5 - -# Remove a database if it exists, along with the associated user -ynh_psql_remove_db --db_user="$db_user" --db_name="$db_name" - -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=5 - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." --weight=1 - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - -#================================================= -# REMOVE APP DATA DIR -#================================================= -ynh_script_progression --message="Removing app data directory..." --weight=1 - -# Remove the app directory securely -ynh_secure_remove --file="$datadir" - #================================================= # REMOVE NGINX CONFIGURATION #================================================= @@ -100,16 +54,6 @@ ynh_script_progression --message="Removing fail2ban configuration..." --weight=1 ynh_remove_fail2ban_config -#================================================= -# CLOSE A PORT -#================================================= - -if yunohost firewall list | grep -q "\- $port$" -then - ynh_script_progression --message="Closing port $port..." --weight=1 - ynh_exec_warn_less yunohost firewall disallow TCP "$port" -fi - #================================================= # SPECIFIC REMOVE #================================================= @@ -120,16 +64,6 @@ ynh_script_progression --message="Removing various files..." --weight=1 # Remove the log files ynh_secure_remove --file="/var/log/$app" -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." --weight=1 - -# Delete a system user -ynh_system_user_delete --username="$app" - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index a22d13f..cd47ece 100755 --- a/scripts/restore +++ b/scripts/restore @@ -10,103 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - #### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app="$YNH_APP_INSTANCE_NAME" - -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) - -landing_page_user=$(ynh_app_setting_get --app="$app" --key=landing_page_user) - -domain=$(ynh_app_setting_get --app="$app" --key=domain) -port=$(ynh_app_setting_get --app="$app" --key=port) -path_url=$(ynh_app_setting_get --app="$app" --key=path_url) - -client_max_body_size=$(ynh_app_setting_get --app="$app" --key=client_max_body_size) - -db_name=$(ynh_app_setting_get --app="$app" --key=db_name) -db_user=$(ynh_app_setting_get --app="$app" --key=db_user) -db_pwd=$(ynh_app_setting_get --app="$app" --key=db_pwd) - -datadir=$(ynh_app_setting_get --app="$app" --key=datadir) - -cache_memory_target=$(ynh_app_setting_get --app="$app" --key=cache_memory_target) - -instance_federation_mode=$(ynh_app_setting_get --app="$app" --key=instance_federation_mode) -instance_expose_peers=$(ynh_app_setting_get --app="$app" --key=instance_expose_peers) -instance_expose_suspended=$(ynh_app_setting_get --app="$app" --key=instance_expose_suspended) -instance_expose_suspended_web=$(ynh_app_setting_get --app="$app" --key=instance_expose_suspended_web) -instance_expose_public_timeline=$(ynh_app_setting_get --app="$app" --key=instance_expose_public_timeline) -instance_deliver_to_shared_inboxes=$(ynh_app_setting_get --app="$app" --key=instance_deliver_to_shared_inboxes) -instance_inject_mastodon_version=$(ynh_app_setting_get --app="$app" --key=instance_inject_mastodon_version) - -accounts_registration_open=$(ynh_app_setting_get --app="$app" --key=accounts_registration_open) -accounts_approval_required=$(ynh_app_setting_get --app="$app" --key=accounts_approval_required) -accounts_reason_required=$(ynh_app_setting_get --app="$app" --key=accounts_reason_required) -accounts_allow_custom_css=$(ynh_app_setting_get --app="$app" --key=accounts_allow_custom_css) -accounts_custom_css_length=$(ynh_app_setting_get --app="$app" --key=accounts_custom_css_length) - -media_image_max_size=$(ynh_app_setting_get --app="$app" --key=media_image_max_size) -media_video_max_size=$(ynh_app_setting_get --app="$app" --key=media_video_max_size) -media_description_min_chars=$(ynh_app_setting_get --app="$app" --key=media_description_min_chars) -media_description_max_chars=$(ynh_app_setting_get --app="$app" --key=media_description_max_chars) -media_remote_cache_days=$(ynh_app_setting_get --app="$app" --key=media_remote_cache_days) -media_emoji_local_max_size=$(ynh_app_setting_get --app="$app" --key=media_emoji_local_max_size) -media_emoji_remote_max_size=$(ynh_app_setting_get --app="$app" --key=media_emoji_remote_max_size) - -storage_backend=$(ynh_app_setting_get --app="$app" --key=storage_backend) -storage_s3_endpoint=$(ynh_app_setting_get --app="$app" --key=storage_s3_endpoint) -storage_s3_proxy=$(ynh_app_setting_get --app="$app" --key=storage_s3_proxy) -storage_s3_access_key=$(ynh_app_setting_get --app="$app" --key=storage_s3_access_key) -storage_s3_secret_key=$(ynh_app_setting_get --app="$app" --key=storage_s3_secret_key) -storage_s3_bucket=$(ynh_app_setting_get --app="$app" --key=storage_s3_bucket) - -statuses_max_chars=$(ynh_app_setting_get --app="$app" --key=statuses_max_chars) -statuses_cw_max_chars=$(ynh_app_setting_get --app="$app" --key=statuses_cw_max_chars) -statuses_poll_max_options=$(ynh_app_setting_get --app="$app" --key=statuses_poll_max_options) -statuses_poll_option_max_chars=$(ynh_app_setting_get --app="$app" --key=statuses_poll_option_max_chars) -statuses_media_max_files=$(ynh_app_setting_get --app="$app" --key=statuses_media_max_files) - -oidc_enabled=$(ynh_app_setting_get --app="$app" --key=oidc_enabled) -oidc_idp_name=$(ynh_app_setting_get --app="$app" --key=oidc_idp_name) -oidc_skip_verification=$(ynh_app_setting_get --app="$app" --key=oidc_skip_verification) -oidc_issuer=$(ynh_app_setting_get --app="$app" --key=oidc_issuer) -oidc_client_id=$(ynh_app_setting_get --app="$app" --key=oidc_client_id) -oidc_client_secret=$(ynh_app_setting_get --app="$app" --key=oidc_client_secret) -oidc_link_existing=$(ynh_app_setting_get --app="$app" --key=oidc_link_existing) - -smtp_host=$(ynh_app_setting_get --app="$app" --key=smtp_host) -smtp_port=$(ynh_app_setting_get --app="$app" --key=smtp_port) -smtp_username=$(ynh_app_setting_get --app="$app" --key=smtp_username) -smtp_password=$(ynh_app_setting_get --app="$app" --key=smtp_password) -smtp_from=$(ynh_app_setting_get --app="$app" --key=smtp_from) -smtp_disclose_recipients=$(ynh_app_setting_get --app="$app" --key=smtp_disclose_recipients) - -advanced_cookies_samesite=$(ynh_app_setting_get --app="$app" --key=advanced_cookies_samesite) -advanced_rate_limit_requests=$(ynh_app_setting_get --app="$app" --key=advanced_rate_limit_requests) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=1 - -test ! -d "$final_path" \ - || ynh_die --message="There is already a directory: $final_path " - #================================================= # STANDARD RESTORATION STEPS #================================================= @@ -116,20 +19,12 @@ ynh_script_progression --message="Restoring the NGINX configuration..." --weight ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username="$app" --home_dir="$final_path" - #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" # FIXME: this should be managed by the core in the future # Here, as a packager, you may have to tweak the ownerhsip/permissions @@ -137,18 +32,18 @@ ynh_restore_file --origin_path="$final_path" # files in some cases. # But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - # this will be treated as a security issue. -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R "$app:www-data" "$final_path" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R "$app:www-data" "$install_dir" #================================================= # RESTORE THE DATA DIRECTORY #================================================= ynh_script_progression --message="Restoring the data directory..." --weight=5 -ynh_restore_file --origin_path="$datadir" --not_mandatory +ynh_restore_file --origin_path="$data_dir" --not_mandatory -mkdir -p "$datadir" +mkdir -p "$data_dir" # FIXME: this should be managed by the core in the future # Here, as a packager, you may have to tweak the ownerhsip/permissions @@ -156,53 +51,26 @@ mkdir -p "$datadir" # files in some cases. # But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - # this will be treated as a security issue. -chmod 750 "$datadir" -chmod -R o-rwx "$datadir" -chown -R "$app:www-data" "$datadir" - -#================================================= -# SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Reinstalling dependencies..." --weight=5 - -# Define and install dependencies -ynh_exec_warn_less ynh_install_app_dependencies "$pkg_dependencies" - -#================================================= -# RESTORE THE POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=5 - -ynh_psql_test_if_first_run -ynh_psql_setup_db --db_user="$db_user" --db_name="$db_name" --db_pwd="$db_pwd" -ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS unaccent;" --database="$db_name" -ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pg_trgm;" --database="$db_name" -ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS citext;" --database="$db_name" -ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS \"uuid-ossp\";" --database="$db_name" -ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" +chmod 750 "$data_dir" +chmod -R o-rwx "$data_dir" +chown -R "$app:www-data" "$data_dir" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 -### `ynh_setup_source` is used to install an app from a zip or tar.gz file, -### downloaded from an upstream source, like a git repository. -### `ynh_setup_source` use the file conf/app.src - # detect_arch comes from _common.sh / personnal helpers architecture="$(detect_arch)" # compare if the system arch is different from the binary arch # if so, download the correct binary -if [ "$architecture" != "$(file "$final_path"/gotosocial | cut -d ',' -f 2 | tr -d ' ')" ] +if [ "$architecture" != "$(file "$install_dir"/gotosocial | cut -d ',' -f 2 | tr -d ' ')" ] then ynh_script_progression --message="Migrating binary architecture..." # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" --source_id="$architecture" --keep="config.yaml" + ynh_setup_source --dest_dir="$install_dir" --keep="config.yaml" fi # FIXME: this should be managed by the core in the future @@ -211,9 +79,9 @@ fi # files in some cases. # But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder _ # this will be treated as a security issue. -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R "$app:www-data" "$final_path" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R "$app:www-data" "$install_dir" #================================================= # RESTORE VARIOUS FILES diff --git a/scripts/upgrade b/scripts/upgrade index bb1e85f..4ffca38 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,110 +9,12 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app="$YNH_APP_INSTANCE_NAME" - -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) - -landing_page_user=$(ynh_app_setting_get --app="$app" --key=landing_page_user) - -domain=$(ynh_app_setting_get --app="$app" --key=domain) -port=$(ynh_app_setting_get --app="$app" --key=port) -path_url=$(ynh_app_setting_get --app="$app" --key=path_url) - -client_max_body_size=$(ynh_app_setting_get --app="$app" --key=client_max_body_size) - -db_name=$(ynh_app_setting_get --app="$app" --key=db_name) -db_user=$(ynh_app_setting_get --app="$app" --key=db_user) -db_pwd=$(ynh_app_setting_get --app="$app" --key=db_pwd) - -datadir=$(ynh_app_setting_get --app="$app" --key=datadir) - -cache_memory_target=$(ynh_app_setting_get --app="$app" --key=cache_memory_target) - -instance_federation_mode=$(ynh_app_setting_get --app="$app" --key=instance_federation_mode) -instance_expose_peers=$(ynh_app_setting_get --app="$app" --key=instance_expose_peers) -instance_expose_suspended=$(ynh_app_setting_get --app="$app" --key=instance_expose_suspended) -instance_expose_suspended_web=$(ynh_app_setting_get --app="$app" --key=instance_expose_suspended_web) -instance_expose_public_timeline=$(ynh_app_setting_get --app="$app" --key=instance_expose_public_timeline) -instance_deliver_to_shared_inboxes=$(ynh_app_setting_get --app="$app" --key=instance_deliver_to_shared_inboxes) -instance_inject_mastodon_version=$(ynh_app_setting_get --app="$app" --key=instance_inject_mastodon_version) - -accounts_registration_open=$(ynh_app_setting_get --app="$app" --key=accounts_registration_open) -accounts_approval_required=$(ynh_app_setting_get --app="$app" --key=accounts_approval_required) -accounts_reason_required=$(ynh_app_setting_get --app="$app" --key=accounts_reason_required) -accounts_allow_custom_css=$(ynh_app_setting_get --app="$app" --key=accounts_allow_custom_css) -accounts_custom_css_length=$(ynh_app_setting_get --app="$app" --key=accounts_custom_css_length) - -media_image_max_size=$(ynh_app_setting_get --app="$app" --key=media_image_max_size) -media_video_max_size=$(ynh_app_setting_get --app="$app" --key=media_video_max_size) -media_description_min_chars=$(ynh_app_setting_get --app="$app" --key=media_description_min_chars) -media_description_max_chars=$(ynh_app_setting_get --app="$app" --key=media_description_max_chars) -media_remote_cache_days=$(ynh_app_setting_get --app="$app" --key=media_remote_cache_days) -media_emoji_local_max_size=$(ynh_app_setting_get --app="$app" --key=media_emoji_local_max_size) -media_emoji_remote_max_size=$(ynh_app_setting_get --app="$app" --key=media_emoji_remote_max_size) - -storage_backend=$(ynh_app_setting_get --app="$app" --key=storage_backend) -storage_s3_endpoint=$(ynh_app_setting_get --app="$app" --key=storage_s3_endpoint) -storage_s3_proxy=$(ynh_app_setting_get --app="$app" --key=storage_s3_proxy) -storage_s3_access_key=$(ynh_app_setting_get --app="$app" --key=storage_s3_access_key) -storage_s3_secret_key=$(ynh_app_setting_get --app="$app" --key=storage_s3_secret_key) -storage_s3_bucket=$(ynh_app_setting_get --app="$app" --key=storage_s3_bucket) - -statuses_max_chars=$(ynh_app_setting_get --app="$app" --key=statuses_max_chars) -statuses_cw_max_chars=$(ynh_app_setting_get --app="$app" --key=statuses_cw_max_chars) -statuses_poll_max_options=$(ynh_app_setting_get --app="$app" --key=statuses_poll_max_options) -statuses_poll_option_max_chars=$(ynh_app_setting_get --app="$app" --key=statuses_poll_option_max_chars) -statuses_media_max_files=$(ynh_app_setting_get --app="$app" --key=statuses_media_max_files) - -oidc_enabled=$(ynh_app_setting_get --app="$app" --key=oidc_enabled) -oidc_idp_name=$(ynh_app_setting_get --app="$app" --key=oidc_idp_name) -oidc_skip_verification=$(ynh_app_setting_get --app="$app" --key=oidc_skip_verification) -oidc_issuer=$(ynh_app_setting_get --app="$app" --key=oidc_issuer) -oidc_client_id=$(ynh_app_setting_get --app="$app" --key=oidc_client_id) -oidc_client_secret=$(ynh_app_setting_get --app="$app" --key=oidc_client_secret) -oidc_link_existing=$(ynh_app_setting_get --app="$app" --key=oidc_link_existing) - -smtp_host=$(ynh_app_setting_get --app="$app" --key=smtp_host) -smtp_port=$(ynh_app_setting_get --app="$app" --key=smtp_port) -smtp_username=$(ynh_app_setting_get --app="$app" --key=smtp_username) -smtp_password=$(ynh_app_setting_get --app="$app" --key=smtp_password) -smtp_from=$(ynh_app_setting_get --app="$app" --key=smtp_from) -smtp_disclose_recipients=$(ynh_app_setting_get --app="$app" --key=smtp_disclose_recipients) - -advanced_cookies_samesite=$(ynh_app_setting_get --app="$app" --key=advanced_cookies_samesite) -advanced_rate_limit_requests=$(ynh_app_setting_get --app="$app" --key=advanced_rate_limit_requests) - #================================================= # CHECK VERSION #================================================= -### This helper will compare the version of the currently installed app and the version of the upstream package. -### $upgrade_type can have 2 different values -### - UPGRADE_APP if the upstream app version has changed -### - UPGRADE_PACKAGE if only the YunoHost package has changed -### ynh_check_app_version_changed will stop the upgrade if the app is up to date. -### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -128,7 +30,7 @@ ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$a ynh_script_progression --message="Ensuring downward compatibility..." # Upgrade from <0.2.1~ynh4: -if ynh_compare_current_package_version --comparison lt --version 0.2.1~ynh4 || [ -z "$db_user" ] +if ynh_compare_current_package_version --comparison lt --version 0.2.1~ynh4 || [ -z "${db_user:-}" ] then # import old parameters registration_open=$(ynh_app_setting_get --app="$app" --key=registration_open) @@ -152,7 +54,7 @@ then registration_reason=$(convert_bool "$registration_reason") # fix db_user existence db_user=$db_name - ynh_app_setting_set --app="$app" --key=db_user --value="$db_user" +#REMOVEME? ynh_app_setting_set --app="$app" --key=db_user --value="$db_user" # registration of new parameters ynh_app_setting_set --app="$app" --key=client_max_body_size --value="$client_max_body_size" ynh_app_setting_set --app="$app" --key=media_image_max_size --value="$media_image_max_size" @@ -172,7 +74,7 @@ then fi # Upgrade from <0.3.7~ynh1: -if ynh_compare_current_package_version --comparison lt --version 0.3.7~ynh1 || [ -z "$instance_expose_peers" ] +if ynh_compare_current_package_version --comparison lt --version 0.3.7~ynh1 || [ -z "${instance_expose_peers:-}" ] then # import old parameters registration_open=$(ynh_app_setting_get --app="$app" --key=registration_open) @@ -205,7 +107,7 @@ then fi # Upgrade from <0.5.0~ynh1: -if ynh_compare_current_package_version --comparison lt --version 0.5.0~ynh1 || [ -z "$accounts_allow_custom_css" ] +if ynh_compare_current_package_version --comparison lt --version 0.5.0~ynh1 || [ -z "${accounts_allow_custom_css:-}" ] then # declaration of new parameters accounts_allow_custom_css="false" @@ -220,7 +122,7 @@ then fi # Upgrade from <0.6.0~ynh1: -if ynh_compare_current_package_version --comparison lt --version 0.6.0~ynh1 || [ -z "$instance_expose_public_timeline" ] +if ynh_compare_current_package_version --comparison lt --version 0.6.0~ynh1 || [ -z "${instance_expose_public_timeline:-}" ] then # declaration of new parameters landing_page_user="" @@ -247,7 +149,7 @@ then fi # Upgrade from <0.7.1~ynh1: -if ynh_compare_current_package_version --comparison lt --version 0.7.1~ynh1 || [ -z "$instance_expose_suspended_web" ] +if ynh_compare_current_package_version --comparison lt --version 0.7.1~ynh1 || [ -z "${instance_expose_suspended_web:-}" ] then # updating parameters advanced_rate_limit_requests="300" @@ -258,21 +160,21 @@ then ynh_app_setting_set --app="$app" --key=instance_expose_suspended_web --value="$instance_expose_suspended_web" fi -# Upgrade from <0.8.0~ynh2: -if ynh_compare_current_package_version --comparison lt --version 0.8.0~ynh2 || [ -z "$smtp_host" ] +# Upgrade from <0.8.0~ynh2: (also upgrade from packaging v1) +if ynh_compare_current_package_version --comparison lt --version 0.8.0~ynh2 || [ -z "${smtp_host:-}" ] || [ -z "${smtp_username:-}" ] then # declaration of new parameter - smtp_host="localhost" + smtp_host="127.0.0.1" smtp_port="25" - smtp_username="" - smtp_password="" - smtp_from="noreply@$domain" + smtp_username="$app" + smtp_password="$mail_pwd" + smtp_from="noreply-$app@$domain" smtp_disclose_recipients="false" # registration of parameters ynh_app_setting_set --app="$app" --key=smtp_host --value="$smtp_host" - ynh_app_setting_set --app="$app" --key=smtp_port --value="$smtp_port" +#REMOVEME? ynh_app_setting_set --app="$app" --key=smtp_port --value="$smtp_port" ynh_app_setting_set --app="$app" --key=smtp_username --value="$smtp_username" - ynh_app_setting_set --app="$app" --key=smtp_password --value="$smtp_password" +#REMOVEME? ynh_app_setting_set --app="$app" --key=smtp_password --value="$smtp_password" ynh_app_setting_set --app="$app" --key=smtp_from --value="$smtp_from" ynh_app_setting_set --app="$app" --key=smtp_disclose_recipients --value="$smtp_disclose_recipients" fi @@ -309,7 +211,7 @@ then fi # Upgrade from <0.10.0~ynh1: -if ynh_compare_current_package_version --comparison lt --version 0.10.0~ynh1 || [ -z "$accounts_custom_css_length" ] +if ynh_compare_current_package_version --comparison lt --version 0.10.0~ynh1 || [ -z "${accounts_custom_css_length:-}" ] then # declaration of new parameter accounts_custom_css_length="10000" @@ -336,7 +238,7 @@ then fi # Upgrade from <0.12.0~ynh1: -if ynh_compare_current_package_version --comparison lt --version 0.12.0~ynh1 || [ -z "$instance_federation_mode" ] +if ynh_compare_current_package_version --comparison lt --version 0.12.0~ynh1 || [ -z "${instance_federation_mode:-}" ] then # declaration of new parameter instance_federation_mode="blocklist" @@ -345,7 +247,7 @@ then fi # Upgrade from <0.12.1~ynh2: -if ynh_compare_current_package_version --comparison lt --version 0.12.1~ynh2 || [ -z "$oidc_enabled" ] +if ynh_compare_current_package_version --comparison lt --version 0.12.1~ynh2 || [ -z "${oidc_enabled:-}" ] then # declaration of new parameter oidc_enabled="false" @@ -365,13 +267,11 @@ then ynh_app_setting_set --app="$app" --key=oidc_client_secret --value="$oidc_link_existing" fi -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username="$app" --home_dir="$final_path" +# fix a dumb "i set the setting to the wrong key in the past so i need to fix this shit" +if [ -z "${oidc_link_existing:-}" ]; then + oidc_link_existing="false" + ynh_app_setting_set --app="$app" --key=oidc_client_secret --value="$oidc_link_existing" +fi #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -385,7 +285,7 @@ then architecture=$(detect_arch) # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" --source_id="$architecture" --keep="config.yaml" + ynh_setup_source --dest_dir="$install_dir" --keep="config.yaml" fi # FIXME: this should be managed by the core in the future @@ -394,9 +294,9 @@ fi # files in some cases. # But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - # this will be treated as a security issue. -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R "$app:www-data" "$final_path" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R "$app:www-data" "$install_dir" #================================================= # NGINX CONFIGURATION @@ -406,30 +306,18 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." # Create a dedicated NGINX config for the main domain ynh_add_nginx_config -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." - -ynh_exec_warn_less ynh_install_app_dependencies "$pkg_dependencies" - #================================================= # UPDATE A CONFIG FILE #================================================= ynh_script_progression --message="Updating a configuration file..." -### Same as during install -### -### The file will automatically be backed-up if it's found to be manually modified (because -### ynh_add_config keeps track of the file's checksum) - -ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml" +ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" # FIXME: this should be handled by the core in the future # You may need to use chmod 600 instead of 400, # for example if the app is expected to be able to modify its own config -chmod 400 "$final_path/config.yaml" -chown "$app:$app" "$final_path/config.yaml" +chmod 400 "$install_dir/config.yaml" +chown "$app:$app" "$install_dir/config.yaml" #================================================= # SETUP SYSTEMD @@ -471,13 +359,6 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..9c5745d --- /dev/null +++ b/tests.toml @@ -0,0 +1,31 @@ +test_format = 1.0 + +[default] + +# GTS don't support it +exclude = "change_url" + +# ------------------------------- +# Default args to use for install +# ------------------------------- + +args.admin = "xana" +args.email = "ci-test@example.com" +args.password = "vYh8io7r*@P&zyo!6ZhBqQQ%8M5D4M" +# false by default +args.accounts_registration_open = 1 +# true by default +args.accounts_approval_required = 0 +args.accounts_reason_required = 0 + +# ------------------------------- +# Commits to test upgrade from +# ------------------------------- + +test_upgrade_from.9a6d0183.name = "Upgrade from 0.6.0~ynh1" +test_upgrade_from.2750ec2d.name = "Upgrade from 0.11.0~ynh1" +test_upgrade_from.4bc2d54d.name = "Upgrade from 0.13.1~ynh1 (latest packaging v1)" + +# ------------------------------- +# additional tests suite +# -------------------------------