diff --git a/.DS_Store b/.DS_Store
new file mode 100644
index 0000000..1bb1d1e
Binary files /dev/null and b/.DS_Store differ
diff --git a/LICENSE b/LICENSE
index 7d1e40b..4650540 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,4 +1,21 @@
-File containing the license of your package.
+MIT License
-More information here:
-https://yunohost.org/packaging_apps_guidelines#yep-1-3
+Copyright (c) 2022 Hau Tran
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
\ No newline at end of file
diff --git a/conf/.env b/conf/.env
new file mode 100644
index 0000000..9257287
--- /dev/null
+++ b/conf/.env
@@ -0,0 +1,66 @@
+###################################################################################
+# Database
+###################################################################################
+
+DB_HOSTNAME=localhost
+DB_USERNAME=__DB_NAME__
+DB_PASSWORD=__DB_PWD__
+DB_DATABASE_NAME=__DB_NAME__
+
+# Optional Database settings:
+# DB_PORT=5532
+
+
+
+
+###################################################################################
+# Redis
+###################################################################################
+
+REDIS_HOSTNAME=localhost
+
+# Optional Redis settings:
+REDIS_PORT=6379
+# REDIS_DBINDEX=0
+# REDIS_PASSWORD=
+# REDIS_SOCKET=
+
+
+
+
+
+###################################################################################
+# Upload File Config
+###################################################################################
+
+UPLOAD_LOCATION=/home/yunohost.app/__APP__/
+
+
+
+
+###################################################################################
+# JWT SECRET
+###################################################################################
+
+JWT_SECRET=__JWT__
+
+
+
+
+###################################################################################
+# MAPBOX
+####################################################################################
+
+# ENABLE_MAPBOX is either true of false -> if true, you have to provide MAPBOX_KEY
+ENABLE_MAPBOX=false
+MAPBOX_KEY=
+
+
+####################################################################################
+# WEB - Optional
+####################################################################################
+
+# Custom message on the login page, should be written in HTML form.
+# For example VITE_LOGIN_PAGE_MESSAGE="This is a demo instance of Immich.
Email: demo@demo.de
Password: demo"
+
+VITE_LOGIN_PAGE_MESSAGE=
\ No newline at end of file
diff --git a/conf/app.src b/conf/app.src
deleted file mode 100644
index 17489bf..0000000
--- a/conf/app.src
+++ /dev/null
@@ -1,7 +0,0 @@
-SOURCE_URL=url of app's source
-SOURCE_SUM=sha256 checksum
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FORMAT=tar.gz
-SOURCE_IN_SUBDIR=true
-SOURCE_FILENAME=
-SOURCE_EXTRACT=true
diff --git a/conf/docker-image-extract.src b/conf/docker-image-extract.src
new file mode 100644
index 0000000..64fe1a1
--- /dev/null
+++ b/conf/docker-image-extract.src
@@ -0,0 +1,7 @@
+SOURCE_URL=https://codeload.github.com/jjlin/docker-image-extract/tar.gz/a9e455e44bbbfba897bf3342d9661b182cee67a9
+SOURCE_SUM=9eb0c734e83a3fd7102fc7209af4977024ec467fbc819782491af47295675f67
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FORMAT=tar.gz
+SOURCE_IN_SUBDIR=true
+SOURCE_FILENAME=
+SOURCE_EXTRACT=true
diff --git a/conf/microservices.service b/conf/microservices.service
new file mode 100644
index 0000000..195a28c
--- /dev/null
+++ b/conf/microservices.service
@@ -0,0 +1,48 @@
+[Unit]
+Description=Small description of the service
+After=network.target
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+WorkingDirectory=__FINALPATH__/
+Environment="NODE_ENV=production"
+Environment="__YNH_NODE_LOAD_PATH__"
+EnvironmentFile=__FINALPATH__/.env
+ExecStart=__YNH_NODE__ server/dist/apps/microservices/apps/microservices/src/main
+StandardOutput=append:/var/log/__APP__/__APP__-microservices.log
+StandardError=inherit
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
+
+[Install]
+WantedBy=multi-user.target
diff --git a/conf/systemd.service b/conf/ml.service
similarity index 88%
rename from conf/systemd.service
rename to conf/ml.service
index 7bb448e..63d6830 100644
--- a/conf/systemd.service
+++ b/conf/ml.service
@@ -7,8 +7,11 @@ Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__/
-ExecStart=__FINALPATH__/script
-StandardOutput=append:/var/log/__APP__/__APP__.log
+Environment="NODE_ENV=production"
+Environment="__YNH_NODE_LOAD_PATH__"
+EnvironmentFile=__FINALPATH__/.env
+ExecStart=__YNH_NODE__ ml/dist/main.js
+StandardOutput=append:/var/log/__APP__/__APP__-ml.log
StandardError=inherit
# Sandboxing options to harden security
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 6b738ce..3445c5a 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,28 +1,30 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
-location __PATH__/ {
- # Path to source
- alias __FINALPATH__/;
-
-### Example PHP configuration (remove it if not used)
- index index.php;
-
- # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
- #client_max_body_size 50M;
-
- try_files $uri $uri/ index.php;
- location ~ [^/]\.php(/|$) {
- fastcgi_split_path_info ^(.+?\.php)(/.*)$;
- fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
-
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param REMOTE_USER $remote_user;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param SCRIPT_FILENAME $request_filename;
- }
-### End of PHP configuration part
-
- # Include SSOWAT user panel.
- include conf.d/yunohost_panel.conf.inc;
+location __PATH__/api {
+ proxy_pass http://127.0.0.1:3001;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $server_name;
+ client_max_body_size 500M;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+ rewrite /api/(.*) /$1 break;
+}
+
+location __PATH__/ {
+ proxy_pass http://127.0.0.1:3000;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-Proto $scheme;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Forwarded-Host $server_name;
+ client_max_body_size 500M;
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
}
diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf
deleted file mode 100644
index ab1a471..0000000
--- a/conf/php-fpm.conf
+++ /dev/null
@@ -1,430 +0,0 @@
-; Start a new pool named 'www'.
-; the variable $pool can be used in any directive and will be replaced by the
-; pool name ('www' here)
-[__NAMETOCHANGE__]
-
-; Per pool prefix
-; It only applies on the following directives:
-; - 'access.log'
-; - 'slowlog'
-; - 'listen' (unixsocket)
-; - 'chroot'
-; - 'chdir'
-; - 'php_values'
-; - 'php_admin_values'
-; When not set, the global prefix (or /usr) applies instead.
-; Note: This directive can also be relative to the global prefix.
-; Default Value: none
-;prefix = /path/to/pools/$pool
-
-; Unix user/group of processes
-; Note: The user is mandatory. If the group is not set, the default user's group
-; will be used.
-user = __USER__
-group = __USER__
-
-; The address on which to accept FastCGI requests.
-; Valid syntaxes are:
-; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
-; a specific port;
-; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
-; a specific port;
-; 'port' - to listen on a TCP socket to all addresses
-; (IPv6 and IPv4-mapped) on a specific port;
-; '/path/to/unix/socket' - to listen on a unix socket.
-; Note: This value is mandatory.
-listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock
-
-; Set listen(2) backlog.
-; Default Value: 511 (-1 on FreeBSD and OpenBSD)
-;listen.backlog = 511
-
-; Set permissions for unix socket, if one is used. In Linux, read/write
-; permissions must be set in order to allow connections from a web server. Many
-; BSD-derived systems allow connections regardless of permissions.
-; Default Values: user and group are set as the running user
-; mode is set to 0660
-listen.owner = www-data
-listen.group = www-data
-;listen.mode = 0660
-; When POSIX Access Control Lists are supported you can set them using
-; these options, value is a comma separated list of user/group names.
-; When set, listen.owner and listen.group are ignored
-;listen.acl_users =
-;listen.acl_groups =
-
-; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
-; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
-; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
-; must be separated by a comma. If this value is left blank, connections will be
-; accepted from any ip address.
-; Default Value: any
-;listen.allowed_clients = 127.0.0.1
-
-; Specify the nice(2) priority to apply to the pool processes (only if set)
-; The value can vary from -19 (highest priority) to 20 (lower priority)
-; Note: - It will only work if the FPM master process is launched as root
-; - The pool processes will inherit the master process priority
-; unless it specified otherwise
-; Default Value: no set
-; process.priority = -19
-
-; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
-; or group is differrent than the master process user. It allows to create process
-; core dump and ptrace the process for the pool user.
-; Default Value: no
-; process.dumpable = yes
-
-; Choose how the process manager will control the number of child processes.
-; Possible Values:
-; static - a fixed number (pm.max_children) of child processes;
-; dynamic - the number of child processes are set dynamically based on the
-; following directives. With this process management, there will be
-; always at least 1 children.
-; pm.max_children - the maximum number of children that can
-; be alive at the same time.
-; pm.start_servers - the number of children created on startup.
-; pm.min_spare_servers - the minimum number of children in 'idle'
-; state (waiting to process). If the number
-; of 'idle' processes is less than this
-; number then some children will be created.
-; pm.max_spare_servers - the maximum number of children in 'idle'
-; state (waiting to process). If the number
-; of 'idle' processes is greater than this
-; number then some children will be killed.
-; ondemand - no children are created at startup. Children will be forked when
-; new requests will connect. The following parameter are used:
-; pm.max_children - the maximum number of children that
-; can be alive at the same time.
-; pm.process_idle_timeout - The number of seconds after which
-; an idle process will be killed.
-; Note: This value is mandatory.
-pm = dynamic
-
-; The number of child processes to be created when pm is set to 'static' and the
-; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
-; This value sets the limit on the number of simultaneous requests that will be
-; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
-; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
-; CGI. The below defaults are based on a server without much resources. Don't
-; forget to tweak pm.* to fit your needs.
-; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
-; Note: This value is mandatory.
-pm.max_children = 5
-
-; The number of child processes created on startup.
-; Note: Used only when pm is set to 'dynamic'
-; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
-pm.start_servers = 2
-
-; The desired minimum number of idle server processes.
-; Note: Used only when pm is set to 'dynamic'
-; Note: Mandatory when pm is set to 'dynamic'
-pm.min_spare_servers = 1
-
-; The desired maximum number of idle server processes.
-; Note: Used only when pm is set to 'dynamic'
-; Note: Mandatory when pm is set to 'dynamic'
-pm.max_spare_servers = 3
-
-; The number of seconds after which an idle process will be killed.
-; Note: Used only when pm is set to 'ondemand'
-; Default Value: 10s
-;pm.process_idle_timeout = 10s;
-
-; The number of requests each child process should execute before respawning.
-; This can be useful to work around memory leaks in 3rd party libraries. For
-; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
-; Default Value: 0
-;pm.max_requests = 500
-
-; The URI to view the FPM status page. If this value is not set, no URI will be
-; recognized as a status page. It shows the following informations:
-; pool - the name of the pool;
-; process manager - static, dynamic or ondemand;
-; start time - the date and time FPM has started;
-; start since - number of seconds since FPM has started;
-; accepted conn - the number of request accepted by the pool;
-; listen queue - the number of request in the queue of pending
-; connections (see backlog in listen(2));
-; max listen queue - the maximum number of requests in the queue
-; of pending connections since FPM has started;
-; listen queue len - the size of the socket queue of pending connections;
-; idle processes - the number of idle processes;
-; active processes - the number of active processes;
-; total processes - the number of idle + active processes;
-; max active processes - the maximum number of active processes since FPM
-; has started;
-; max children reached - number of times, the process limit has been reached,
-; when pm tries to start more children (works only for
-; pm 'dynamic' and 'ondemand');
-; Value are updated in real time.
-; Example output:
-; pool: www
-; process manager: static
-; start time: 01/Jul/2011:17:53:49 +0200
-; start since: 62636
-; accepted conn: 190460
-; listen queue: 0
-; max listen queue: 1
-; listen queue len: 42
-; idle processes: 4
-; active processes: 11
-; total processes: 15
-; max active processes: 12
-; max children reached: 0
-;
-; By default the status page output is formatted as text/plain. Passing either
-; 'html', 'xml' or 'json' in the query string will return the corresponding
-; output syntax. Example:
-; http://www.foo.bar/status
-; http://www.foo.bar/status?json
-; http://www.foo.bar/status?html
-; http://www.foo.bar/status?xml
-;
-; By default the status page only outputs short status. Passing 'full' in the
-; query string will also return status for each pool process.
-; Example:
-; http://www.foo.bar/status?full
-; http://www.foo.bar/status?json&full
-; http://www.foo.bar/status?html&full
-; http://www.foo.bar/status?xml&full
-; The Full status returns for each process:
-; pid - the PID of the process;
-; state - the state of the process (Idle, Running, ...);
-; start time - the date and time the process has started;
-; start since - the number of seconds since the process has started;
-; requests - the number of requests the process has served;
-; request duration - the duration in µs of the requests;
-; request method - the request method (GET, POST, ...);
-; request URI - the request URI with the query string;
-; content length - the content length of the request (only with POST);
-; user - the user (PHP_AUTH_USER) (or '-' if not set);
-; script - the main script called (or '-' if not set);
-; last request cpu - the %cpu the last request consumed
-; it's always 0 if the process is not in Idle state
-; because CPU calculation is done when the request
-; processing has terminated;
-; last request memory - the max amount of memory the last request consumed
-; it's always 0 if the process is not in Idle state
-; because memory calculation is done when the request
-; processing has terminated;
-; If the process is in Idle state, then informations are related to the
-; last request the process has served. Otherwise informations are related to
-; the current request being served.
-; Example output:
-; ************************
-; pid: 31330
-; state: Running
-; start time: 01/Jul/2011:17:53:49 +0200
-; start since: 63087
-; requests: 12808
-; request duration: 1250261
-; request method: GET
-; request URI: /test_mem.php?N=10000
-; content length: 0
-; user: -
-; script: /home/fat/web/docs/php/test_mem.php
-; last request cpu: 0.00
-; last request memory: 0
-;
-; Note: There is a real-time FPM status monitoring sample web page available
-; It's available in: /usr/share/php/7.0/fpm/status.html
-;
-; Note: The value must start with a leading slash (/). The value can be
-; anything, but it may not be a good idea to use the .php extension or it
-; may conflict with a real PHP file.
-; Default Value: not set
-;pm.status_path = /status
-
-; The ping URI to call the monitoring page of FPM. If this value is not set, no
-; URI will be recognized as a ping page. This could be used to test from outside
-; that FPM is alive and responding, or to
-; - create a graph of FPM availability (rrd or such);
-; - remove a server from a group if it is not responding (load balancing);
-; - trigger alerts for the operating team (24/7).
-; Note: The value must start with a leading slash (/). The value can be
-; anything, but it may not be a good idea to use the .php extension or it
-; may conflict with a real PHP file.
-; Default Value: not set
-;ping.path = /ping
-
-; This directive may be used to customize the response of a ping request. The
-; response is formatted as text/plain with a 200 response code.
-; Default Value: pong
-;ping.response = pong
-
-; The access log file
-; Default: not set
-;access.log = log/$pool.access.log
-
-; The access log format.
-; The following syntax is allowed
-; %%: the '%' character
-; %C: %CPU used by the request
-; it can accept the following format:
-; - %{user}C for user CPU only
-; - %{system}C for system CPU only
-; - %{total}C for user + system CPU (default)
-; %d: time taken to serve the request
-; it can accept the following format:
-; - %{seconds}d (default)
-; - %{miliseconds}d
-; - %{mili}d
-; - %{microseconds}d
-; - %{micro}d
-; %e: an environment variable (same as $_ENV or $_SERVER)
-; it must be associated with embraces to specify the name of the env
-; variable. Some exemples:
-; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
-; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
-; %f: script filename
-; %l: content-length of the request (for POST request only)
-; %m: request method
-; %M: peak of memory allocated by PHP
-; it can accept the following format:
-; - %{bytes}M (default)
-; - %{kilobytes}M
-; - %{kilo}M
-; - %{megabytes}M
-; - %{mega}M
-; %n: pool name
-; %o: output header
-; it must be associated with embraces to specify the name of the header:
-; - %{Content-Type}o
-; - %{X-Powered-By}o
-; - %{Transfert-Encoding}o
-; - ....
-; %p: PID of the child that serviced the request
-; %P: PID of the parent of the child that serviced the request
-; %q: the query string
-; %Q: the '?' character if query string exists
-; %r: the request URI (without the query string, see %q and %Q)
-; %R: remote IP address
-; %s: status (response code)
-; %t: server time the request was received
-; it can accept a strftime(3) format:
-; %d/%b/%Y:%H:%M:%S %z (default)
-; The strftime(3) format must be encapsuled in a %{}t tag
-; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
-; %T: time the log has been written (the request has finished)
-; it can accept a strftime(3) format:
-; %d/%b/%Y:%H:%M:%S %z (default)
-; The strftime(3) format must be encapsuled in a %{}t tag
-; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
-; %u: remote user
-;
-; Default: "%R - %u %t \"%m %r\" %s"
-;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
-
-; The log file for slow requests
-; Default Value: not set
-; Note: slowlog is mandatory if request_slowlog_timeout is set
-;slowlog = log/$pool.log.slow
-
-; The timeout for serving a single request after which a PHP backtrace will be
-; dumped to the 'slowlog' file. A value of '0s' means 'off'.
-; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
-; Default Value: 0
-;request_slowlog_timeout = 0
-
-; The timeout for serving a single request after which the worker process will
-; be killed. This option should be used when the 'max_execution_time' ini option
-; does not stop script execution for some reason. A value of '0' means 'off'.
-; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
-; Default Value: 0
-request_terminate_timeout = 1d
-
-; Set open file descriptor rlimit.
-; Default Value: system defined value
-;rlimit_files = 1024
-
-; Set max core size rlimit.
-; Possible Values: 'unlimited' or an integer greater or equal to 0
-; Default Value: system defined value
-;rlimit_core = 0
-
-; Chroot to this directory at the start. This value must be defined as an
-; absolute path. When this value is not set, chroot is not used.
-; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
-; of its subdirectories. If the pool prefix is not set, the global prefix
-; will be used instead.
-; Note: chrooting is a great security feature and should be used whenever
-; possible. However, all PHP paths will be relative to the chroot
-; (error_log, sessions.save_path, ...).
-; Default Value: not set
-;chroot =
-
-; Chdir to this directory at the start.
-; Note: relative path can be used.
-; Default Value: current directory or / when chroot
-chdir = __FINALPATH__
-
-; Redirect worker stdout and stderr into main error log. If not set, stdout and
-; stderr will be redirected to /dev/null according to FastCGI specs.
-; Note: on highloaded environement, this can cause some delay in the page
-; process time (several ms).
-; Default Value: no
-;catch_workers_output = yes
-
-; Clear environment in FPM workers
-; Prevents arbitrary environment variables from reaching FPM worker processes
-; by clearing the environment in workers before env vars specified in this
-; pool configuration are added.
-; Setting to "no" will make all environment variables available to PHP code
-; via getenv(), $_ENV and $_SERVER.
-; Default Value: yes
-;clear_env = no
-
-; Limits the extensions of the main script FPM will allow to parse. This can
-; prevent configuration mistakes on the web server side. You should only limit
-; FPM to .php extensions to prevent malicious users to use other extensions to
-; execute php code.
-; Note: set an empty value to allow all extensions.
-; Default Value: .php
-;security.limit_extensions = .php .php3 .php4 .php5 .php7
-
-; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
-; the current environment.
-; Default Value: clean env
-;env[HOSTNAME] = $HOSTNAME
-;env[PATH] = /usr/local/bin:/usr/bin:/bin
-;env[TMP] = /tmp
-;env[TMPDIR] = /tmp
-;env[TEMP] = /tmp
-
-; Additional php.ini defines, specific to this pool of workers. These settings
-; overwrite the values previously defined in the php.ini. The directives are the
-; same as the PHP SAPI:
-; php_value/php_flag - you can set classic ini defines which can
-; be overwritten from PHP call 'ini_set'.
-; php_admin_value/php_admin_flag - these directives won't be overwritten by
-; PHP call 'ini_set'
-; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
-
-; Defining 'extension' will load the corresponding shared extension from
-; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
-; overwrite previously defined php.ini values, but will append the new value
-; instead.
-
-; Note: path INI options can be relative and will be expanded with the prefix
-; (pool, global or /usr)
-
-; Default Value: nothing is defined by default except the values in php.ini and
-; specified at startup with the -d argument
-;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
-;php_flag[display_errors] = off
-;php_admin_value[error_log] = /var/log/fpm-php.www.log
-;php_admin_flag[log_errors] = on
-;php_admin_value[memory_limit] = 32M
-
-; Common values to change to increase file upload limit
-; php_admin_value[upload_max_filesize] = 50M
-; php_admin_value[post_max_size] = 50M
-; php_admin_flag[mail.add_x_header] = Off
-
-; Other common parameters
-; php_admin_value[max_execution_time] = 600
-; php_admin_value[max_input_time] = 300
-; php_admin_value[memory_limit] = 256M
-; php_admin_flag[short_open_tag] = On
diff --git a/conf/server.service b/conf/server.service
new file mode 100644
index 0000000..491d376
--- /dev/null
+++ b/conf/server.service
@@ -0,0 +1,48 @@
+[Unit]
+Description=Small description of the service
+After=network.target
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+WorkingDirectory=__FINALPATH__/
+Environment="NODE_ENV=production"
+Environment="__YNH_NODE_LOAD_PATH__"
+EnvironmentFile=__FINALPATH__/.env
+ExecStart=__YNH_NODE__ server/dist/apps/immich/apps/immich/src/main
+StandardOutput=append:/var/log/__APP__/__APP__-server.log
+StandardError=inherit
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
+
+[Install]
+WantedBy=multi-user.target
diff --git a/conf/web.service b/conf/web.service
new file mode 100644
index 0000000..8897642
--- /dev/null
+++ b/conf/web.service
@@ -0,0 +1,48 @@
+[Unit]
+Description=Small description of the service
+After=network.target
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+WorkingDirectory=__FINALPATH__/
+Environment="NODE_ENV=production"
+Environment="__YNH_NODE_LOAD_PATH__"
+EnvironmentFile=__FINALPATH__/.env
+ExecStart=__YNH_NODE__ web/build/index.js
+StandardOutput=append:/var/log/__APP__/__APP__-web.log
+StandardError=inherit
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
+
+[Install]
+WantedBy=multi-user.target
diff --git a/config_panel.toml.example b/config_panel.toml.example
deleted file mode 100644
index c6bccd8..0000000
--- a/config_panel.toml.example
+++ /dev/null
@@ -1,295 +0,0 @@
-
-## Config panel are available from webadmin > Apps > YOUR_APP > Config Panel Button
-## Those panels let user configure some params on their apps using a friendly interface,
-## and remove the need to manually edit files from the command line.
-
-## From a packager perspective, this .toml is coupled to the scripts/config script,
-## which may be used to define custom getters/setters. However, most use cases
-## should be covered automagically by the core, thus it may not be necessary
-## to define a scripts/config at all!
-
-## -----------------------------------------------------------------------------
-## IMPORTANT: In accordance with YunoHost's spirit, please keep things simple and
-## do not overwhelm the admin with tons of misunderstandable or advanced settings.
-## -----------------------------------------------------------------------------
-
-## The top level describe the entire config panels screen.
-
-## The version is a required property.
-## Here a small reminder to associate config panel version with YunoHost version
-## | Config | YNH | Config panel small change log |
-## | ------ | --- | ------------------------------------------------------- |
-## | 0.1 | 3.x | 0.1 config script not compatible with YNH >= 4.3 |
-## | 1.0 | 4.3.x | The new config panel system with 'bind' property |
-version = "1.0"
-
-## (optional) i18n property let you internationalize questions, however this feature
-## is only available in core configuration panel (like yunohost domain config).
-## So in app config panel this key is ignored for now, but you can internationalize
-## by using a lang dictionary (see property name bellow)
-# i18n = "prefix_translation_key"
-
-################################################################################
-#### ABOUT PANELS
-################################################################################
-
-## The next level describes web admin panels
-## You have to choose an ID for each panel, in this example the ID is "main"
-## Keep in mind this ID will be used in CLI to refer to your question, so choose
-## something short and meaningfull.
-## In the webadmin, each panel corresponds to a distinct tab / form
-[main]
-
-## Define the label for your panel
-## Internationalization works similarly to the 'description' and 'ask' questions in the manifest
-# name.en = "Main configuration"
-# name.fr = "Configuration principale"
-
-## (optional) If you need to trigger a service reload-or-restart after the user
-## change a question in this panel, you can add your service in the list.
-services = ["__APP__"]
-# or services = ["nginx", "__APP__"] to also reload-or-restart nginx
-
-## (optional) This help properties is a short help displayed on the same line
-## than the panel title but not displayed in the tab.
-# help = ""
-
- ############################################################################
- #### ABOUT SECTIONS
- ############################################################################
-
- ## A panel is composed of one or several sections.
- ##
- ## Sections are meant to group questions together when they correspond to
- ## a same subtopic. This impacts the rendering in terms of CLI prompts
- ## and HTML forms
- ##
- ## You should choose an ID for your section, and prefix it with the panel ID
- ## (Be sure to not make a typo in the panel ID, which would implicitly create
- ## an other entire panel)
- ##
- ## We use the context of pepettes_ynh as an example,
- ## which is a simple donation form app written in python,
- ## and for which the admin will want to edit the configuration
- [main.customization]
-
- ## (optional) Defining a proper title for sections is not mandatory
- ## and depends on the exact rendering you're aiming for the CLI / webadmin
- name = ""
-
- ## (optional) This help properties is a short help displayed on the same line
- ## than the section title, meant to provide additional details
- # help = ""
-
- ## (optional) As for panel, you can specify to trigger a service
- ## reload-or-restart after the user change a question in this section.
- ## This property is added to the panel property, it doesn't deactivate it.
- ## So no need to replicate, the service list from panel services property.
- # services = []
-
- ## (optional) By default all questions are optionals, but you can specify a
- ## default behaviour for question in the section
- optional = false
-
- ## (optional) It's also possible with the 'visible' property to only
- ## display the section depending on the user's answers to previous questions.
- ##
- ## Be careful that the 'visible' property should only refer to **previous** questions
- ## Hence, it should not make sense to have a "visible" property on the very first section.
- ##
- ## Also, keep in mind that this feature only works in the webadmin and not in CLI
- ## (therefore a user could be prompted in CLI for a question that may not be relevant)
- # visible = true
-
- ########################################################################
- #### ABOUT QUESTIONS
- ########################################################################
-
- ## A section is compound of one or several questions.
-
- ## ---------------------------------------------------------------------
- ## IMPORTANT: as for panel and section you have to choose an ID, but this
- ## one should be unique in all this document, even if the question is in
- ## an other panel.
- ## ---------------------------------------------------------------------
-
- ## You can use same questions types and properties than in manifest.yml
- ## install part. However, in YNH 4.3, a lot of change has been made to
- ## extend availables questions types list.
- ## See: TODO DOC LINK
-
- [main.customization.project_name]
-
- ## (required) The ask property is equivalent to the ask property in
- ## the manifest. However, in config panels, questions are displayed on the
- ## left side and therefore have less space to be rendered. Therefore,
- ## it is better to use a short question, and use the "help" property to
- ## provide additional details if necessary.
- ask.en = "Name of the project"
-
- ## (required) The type property indicates how the question should be
- ## displayed, validated and managed. Some types have specific properties.
- ##
- ## Types available: string, boolean, number, range, text, password, path
- ## email, url, date, time, color, select, domain, user, tags, file.
- ##
- ## For a complete list with specific properties, see: TODO DOC LINK
- type = "string"
-
- ########################################################################
- #### ABOUT THE BIND PROPERTY
- ########################################################################
-
- ## (recommended) 'bind' property is a powerful feature that let you
- ## configure how and where the data will be read, validated and written.
-
- ## By default, 'bind property is in "settings" mode, it means it will
- ## **only** read and write the value in application settings file.
- ## bind = "settings"
-
- ## However, settings usually correspond to key/values in actual app configurations
- ## Hence, a more useful mode is to have bind = ":FILENAME". In that case, YunoHost
- ## will automagically find a line with "KEY=VALUE" in FILENAME
- ## (with the adequate separator between KEY and VALUE)
- ##
- ## YunoHost will then use this value for the read/get operation.
- ## During write/set operations, YunoHost will overwrite the value
- ## in **both** FILENAME and in the app's settings.yml
-
- ## Configuration file format supported: yaml, toml, json, ini, env, php,
- ## python. The feature probably works with others formats, but should be tested carefully.
-
- ## Note that this feature only works with relatively simple cases
- ## such as `KEY: VALUE`, but won't properly work with
- ## complex data structures like multilin array/lists or dictionnaries.
- ## It also doesn't work with XML format, custom config function call, php define(), ...
-
- ## More info on TODO
- # bind = ":/var/www/__APP__/settings.py"
-
-
- ## By default, bind = ":FILENAME" will use the question ID as KEY
- ## ... but the question ID may sometime not be the exact KEY name in the configuration file.
- ##
- ## In particular, in pepettes, the python variable is 'name' and not 'project_name'
- ## (c.f. https://github.com/YunoHost-Apps/pepettes_ynh/blob/5cc2d3ffd6529cc7356ff93af92dbb6785c3ab9a/conf/settings.py##L11 )
- ##
- ## In that case, the key name can be specified before the column ':'
-
- bind = "name:/var/www/__APP__/settings.py"
-
- ## ---------------------------------------------------------------------
- ## IMPORTANT: other 'bind' mode exists:
- ##
- ## bind = "FILENAME" (with no column character before FILENAME)
- ## may be used to bind to the **entire file content** (instead of a single KEY/VALUE)
- ## This could be used to expose an entire configuration file, or binary files such as images
- ## For example:
- ## bind = "/var/www/__APP__/img/logo.png"
- ##
- ## bind = "null" can be used to disable reading / writing in settings.
- ## This creates sort of a "virtual" or "ephemeral" question which is not related to any actual setting
- ## In this mode, you are expected to define custom getter/setters/validators in scripts/config:
- ##
- ## getter: get__QUESTIONID()
- ## setter: set__QUESTIONID()
- ## validator: validate__QUESTIONID()
- ##
- ## You can also specify a common getter / setter / validator, with the
- ## function 'bind' mode, for example here it will try to run
- ## get__array_settings() first.
- # bind = "array_settings()"
- ## ---------------------------------------------------------------------
-
- ## ---------------------------------------------------------------------
- ## IMPORTANT: with the exception of bind=null questions,
- ## question IDs should almost **always** correspond to an app setting
- ## initialized / reused during install/upgrade.
- ## Not doing so may result in inconsistencies between the config panel mechanism
- ## and the use of ynh_add_config
- ## ---------------------------------------------------------------------
-
- ########################################################################
- #### OTHER GENERIC PROPERTY FOR QUESTIONS
- ########################################################################
-
- ## (optional) An help text for the question
- help = "Fill the name of the project which will received donation"
-
- ## (optional) An example display as placeholder in web form
- # example = "YunoHost"
-
- ## (optional) set to true in order to redact the value in operation logs
- # redact = false
-
- ## (optional) A validation pattern
- ## ---------------------------------------------------------------------
- ## IMPORTANT: your pattern should be between simple quote, not double.
- ## ---------------------------------------------------------------------
- pattern.regexp = '^\w{3,30}$'
- pattern.error = "The name should be at least 3 chars and less than 30 chars. Alphanumeric chars are accepted"
-
- ## Note: visible and optional properties are also available for questions
-
-
- [main.customization.contact_url]
- ask = "Contact url"
- type = "url"
- example = "mailto: contact@example.org"
- help = "mailto: accepted"
- pattern.regexp = '^mailto:[^@]+@[^@]+|https://$'
- pattern.error = "Should be https or mailto:"
- bind = ":/var/www/__APP__/settings.py"
-
- [main.customization.logo]
- ask = "Logo"
- type = "file"
- accept = ".png"
- help = "Fill with an already resized logo"
- bind = "__FINALPATH__/img/logo.png"
-
- [main.customization.favicon]
- ask = "Favicon"
- type = "file"
- accept = ".png"
- help = "Fill with an already sized favicon"
- bind = "__FINALPATH__/img/favicon.png"
-
-
- [main.stripe]
- name = "Stripe general info"
- optional = false
-
- # The next alert is overwrited with a getter from the config script
- [main.stripe.amount]
- ask = "Donation in the month : XX €
- type = "alert"
- style = "success"
-
- [main.stripe.publishable_key]
- ask = "Publishable key"
- type = "string"
- redact = true
- help = "Indicate here the stripe publishable key"
- bind = ":/var/www/__APP__/settings.py"
-
- [main.stripe.secret_key]
- ask = "Secret key"
- type = "string"
- redact = true
- help = "Indicate here the stripe secret key"
- bind = ":/var/www/__APP__/settings.py"
-
- [main.stripe.prices]
- ask = "Prices ID"
- type = "tags"
- help = """\
- Indicates here the prices ID of donation products you created in stripe interfaces. \
- Go on [Stripe products](https://dashboard.stripe.com/products) to create those donation products. \
- Fill it tag with 'FREQUENCY/CURRENCY/PRICE_ID' \
- FREQUENCY: 'one_time' or 'recuring' \
- CURRENCY: 'EUR' or 'USD' \
- PRICE_ID: ID from stripe interfaces starting with 'price_' \
- """
- pattern.regexp = '^(one_time|recuring)/(EUR|USD)/price_.*$'
- pattern.error = "Please respect the format describe in help text for each price ID"
diff --git a/manifest.json b/manifest.json
index 1272ce4..3514cca 100644
--- a/manifest.json
+++ b/manifest.json
@@ -1,34 +1,30 @@
{
- "name": "Example app",
- "id": "example",
+ "name": "Immich",
+ "id": "immich",
"packaging_format": 1,
"description": {
- "en": "Explain in *a few (10~15) words* the purpose of the app or what it actually does (it is meant to give a rough idea to users browsing a catalog of 100+ apps)",
- "fr": "Expliquez en *quelques* (10~15) mots l'utilité de l'app ou ce qu'elle fait (l'objectif est de donner une idée grossière pour des utilisateurs qui naviguent dans un catalogue de 100+ apps)"
+ "en": "Self-hosted photo and video backup solution directly from your mobile phone.",
+ "fr": "Solution auto-hébergée pour la sauvegarde de photos et de vidéos directement depuis votre mobile."
},
- "version": "1.0~ynh1",
- "url": "https://example.com",
+ "version": "1.26.0~ynh1",
+ "url": "https://www.immich.app",
"upstream": {
- "license": "free",
- "website": "https://example.com",
- "demo": "https://demo.example.com",
- "admindoc": "https://yunohost.org/packaging_apps",
- "userdoc": "https://yunohost.org/apps",
- "code": "https://some.forge.com/example/example"
+ "license": "mit",
+ "website": "https://www.immich.app",
+ "admindoc": "https://github.com/immich-app/immich#getting-started",
+ "userdoc": "https://github.com/immich-app/immich#getting-started",
+ "code": "https://github.com/immich-app/immich"
},
- "license": "free",
+ "license": "mit",
"maintainer": {
- "name": "John doe",
- "email": "john.doe@example.com"
+ "name": "limezy"
},
"requirements": {
"yunohost": ">= 11.0.0"
},
- "multi_instance": true,
+ "multi_instance": false,
"services": [
- "nginx",
- "php7.4-fpm",
- "mysql"
+ "nginx"
],
"arguments": {
"install": [
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 04b61bb..4d1345c 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -3,30 +3,43 @@
#=================================================
# COMMON VARIABLES
#=================================================
-# PHP APP SPECIFIC
-#=================================================
-# Depending on its version, YunoHost uses different default PHP version:
-## YunoHost version "11.X" => PHP 7.4
-## YunoHost version "4.X" => PHP 7.3
-#
-# This behaviour can be overridden by setting the YNH_PHP_VERSION variable
-#YNH_PHP_VERSION=7.3
-#YNH_PHP_VERSION=7.4
-#YNH_PHP_VERSION=8.0
-# For more information, see the PHP application helper: https://github.com/YunoHost/yunohost/blob/dev/helpers/php#L3-L6
-# Or this app package depending on PHP: https://github.com/YunoHost-Apps/grav_ynh/blob/master/scripts/_common.sh
-# PHP dependencies used by the app (must be on a single line)
-#php_dependencies="php$YNH_PHP_VERSION-deb1 php$YNH_PHP_VERSION-deb2"
-# or, if you do not need a custom YNH_PHP_VERSION:
-php_dependencies="php$YNH_DEFAULT_PHP_VERSION-deb1 php$YNH_DEFAULT_PHP_VERSION-deb2"
-# dependencies used by the app (must be on a single line)
-pkg_dependencies="deb1 deb2 $php_dependencies"
+function detect_arch() {
+ case "$YNH_ARCH" in
+ "amd64")
+ IMMICH_SERVER_VERSION="sha256:cefb3cf0755ab2db3ab44a2ff7c0d22ba71e4cafb3fa920bcdc8b815b6e23b3b"
+ IMMICH_WEB_VERSION="sha256:21e67f7f959c7cf4095c885236f31566c2020e58aaa6bf0f96313569ee08b746"
+ IMMICH_ML_VERSION="sha256:3b8200c85c9615c27ea87f97b90c1249fb640e65565e68e423f351d759adef0e"
+ ;;
+
+ "arm64")
+ IMMICH_SERVER_VERSION="sha256:531144d66ca7ca98f457cc914b5ca674ba11a51a99d99473196745b709cb117a"
+ IMMICH_WEB_VERSION="sha256:0b135a67bee3e95ac725a602c00af54bb5a20418cb61272fd489c1916fb9ce7c"
+ IMMICH_ML_VERSION="sha256:85dfb39545a992845b18e99948b83b5f535e19251b570c87ca3e015e5668c793"
+ ;;
+
+ *)
+ ynh_die --message="Your server architecture ($YNH_ARCH) is not supported."
+ ;;
+ esac
+}
+
+NODEJS_VERSION=16
+
+# dependencies used by the app
+pkg_dependencies="npm musl-dev libvips postgresql ffmpeg"
+
+# libheif vips
#=================================================
# PERSONAL HELPERS
#=================================================
+# apt-get install musl-dev
+# ln -s /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1
+
+
+
#=================================================
# EXPERIMENTAL HELPERS
#=================================================
diff --git a/scripts/backup b/scripts/backup
index f99225d..f7cbfd7 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -33,6 +33,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+jwt=$(ynh_app_setting_get --app=$app --key=jwt)
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
@@ -62,12 +63,6 @@ ynh_backup --src_path="$datadir" --is_big
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
-#=================================================
-# BACKUP THE PHP-FPM CONFIGURATION
-#=================================================
-
-ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
-
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
diff --git a/scripts/install b/scripts/install
index 1fc28de..4636a0c 100755
--- a/scripts/install
+++ b/scripts/install
@@ -31,33 +31,15 @@ language=$YNH_APP_ARG_LANGUAGE
admin=$YNH_APP_ARG_ADMIN
password=$YNH_APP_ARG_PASSWORD
-### If it's a multi-instance app, meaning it can be installed several times independently
-### The id of the app as stated in the manifest is available as $YNH_APP_ID
-### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...)
-### The app instance name is available as $YNH_APP_INSTANCE_NAME
-### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
-### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
-### - ynhexample__{N} for the subsequent installations, with N=3,4...
-### The app instance name is probably what interests you most, since this is
-### guaranteed to be unique. This is a good unique identifier to define installation path,
-### db names...
app=$YNH_APP_INSTANCE_NAME
+jwt=$(ynh_string_random)
+
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
-### About --weight and --time
-### ynh_script_progression will show to your final users the progression of each scripts.
-### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script.
-### --time is a packager option, it will show you the execution time since the previous call.
-### This option is implied when running in CI_package_check, you can manually add it if you are manually testing the app.
-### Use the execution time displayed in the CI report or by adding --time to the command, to estimate the weight of a step.
-### A common way to do it is to set a weight equal to the execution time in second +1.
-### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call.
ynh_script_progression --message="Validating installation parameters..." --weight=1
-### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
-### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app"
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
@@ -73,6 +55,7 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=language --value=$language
ynh_app_setting_set --app=$app --key=admin --value=$admin
+ynh_app_setting_set --app=$app --key=jwt --value=$jwt
#=================================================
# STANDARD MODIFICATIONS
@@ -81,37 +64,20 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
#=================================================
ynh_script_progression --message="Finding an available port..." --weight=1
-### Use these lines if you have to open a port for the application
-### `ynh_find_port` will find the first available port starting from the given port.
-### If you're not using these lines:
-### - Remove the section "CLOSE A PORT" in the remove script
-
# Find an available port
-port=$(ynh_find_port --port=8095)
+port=$(ynh_find_port --port=3000)
ynh_app_setting_set --app=$app --key=port --value=$port
-# Optional: Expose this port publicly
-# (N.B.: you only need to do this if the app actually needs to expose the port publicly.
-# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !)
-
-# Open the port
-# ynh_script_progression --message="Configuring firewall..." --weight=1
-# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
-
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=1
-### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package.
-### Those deb packages will be installed as dependencies of this package.
-### If you're not using this helper:
-### - Remove the section "REMOVE DEPENDENCIES" in the remove script
-### - Remove the variable "pkg_dependencies" in _common.sh
-### - As well as the section "REINSTALL DEPENDENCIES" in the restore script
-### - And the section "UPGRADE DEPENDENCIES" in the upgrade script
+# Install nodejs
+ynh_install_nodejs --nodejs_version=$NODEJS_VERSION 2>&1
ynh_install_app_dependencies $pkg_dependencies
+# sudo ln -s /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1
#=================================================
# CREATE DEDICATED USER
@@ -122,65 +88,32 @@ ynh_script_progression --message="Configuring system user..." --weight=1
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
-# CREATE A MYSQL DATABASE
+# CREATE A POSTGRESQL DATABASE
#=================================================
-ynh_script_progression --message="Creating a MySQL database..." --weight=1
-
-### Use these lines if you need a database for the application.
-### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password.
-### The password will be stored as 'mysqlpwd' into the app settings,
-### and will be available as $db_pwd
-### If you're not using these lines:
-### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script
-### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script
-### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script
+ynh_script_progression --message="Creating a PostgreSQL database..." --weight=1
db_name=$(ynh_sanitize_dbid --db_name=$app)
-db_user=$db_name
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
-ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
+ynh_psql_test_if_first_run
+ynh_psql_setup_db --db_user=$db_name --db_name=$db_name
+
+ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS unaccent;" --database=$db_name
+ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pg_trgm;" --database=$db_name
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
-ynh_script_progression --message="Setting up source files..." --weight=1
-
-### `ynh_setup_source` is used to install an app from a zip or tar.gz file,
-### downloaded from an upstream source, like a git repository.
-### `ynh_setup_source` use the file conf/app.src
+ynh_script_progression --message="Setting up source files..."
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
-ynh_setup_source --dest_dir="$final_path"
+ynh_setup_source --dest_dir="$final_path/build/" --source_id="docker-image-extract"
-# FIXME: this should be managed by the core in the future
-# Here, as a packager, you may have to tweak the ownerhsip/permissions
-# such that the appropriate users (e.g. maybe www-data) can access
-# files in some cases.
-# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
-# this will be treated as a security issue.
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
-#=================================================
-# PHP-FPM CONFIGURATION
-#=================================================
-ynh_script_progression --message="Configuring PHP-FPM..." --weight=1
-### `ynh_add_fpm_config` is used to set up a PHP config.
-### You can remove it if your app doesn't use PHP.
-### `ynh_add_fpm_config` will use the files conf/php-fpm.conf
-### If you're not using these lines:
-### - You can remove these files in conf/.
-### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script
-### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script
-### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script
-### with the reload at the end of the script.
-### - And the section "PHP-FPM CONFIGURATION" in the upgrade script
-
-# Create a dedicated PHP-FPM config
-ynh_add_fpm_config
#=================================================
# NGINX CONFIGURATION
@@ -195,33 +128,68 @@ ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
#=================================================
-# ...
+# MAKE INSTALL
#=================================================
+ynh_script_progression --message="Making install..." --weight=5
+
+# Install immich server
+pushd $final_path/build
+ detect_arch
+ ./docker-image-extract altran1502/immich-server:$IMMICH_SERVER_VERSION 2>&1
+popd
+mkdir -p "$final_path/server/dist/"
+mkdir -p "$final_path/server/node_modules/"
+rsync -a "$final_path/build/output/usr/src/app/dist/" "$final_path/server/dist/"
+rsync -a "$final_path/build/output/usr/src/app/node_modules/" "$final_path/server/node_modules/"
+ynh_secure_remove --file="$final_path/build/output"
+
+# Install immich machine learning
+pushd $final_path/build
+ detect_arch
+ ./docker-image-extract altran1502/immich-machine-learning:$IMMICH_ML_VERSION 2>&1
+popd
+mkdir -p "$final_path/ml/dist/"
+mkdir -p "$final_path/ml/node_modules/"
+rsync -a "$final_path/build/output/usr/src/app/dist/" "$final_path/ml/dist/"
+rsync -a "$final_path/build/output/usr/src/app/node_modules/" "$final_path/ml/node_modules/"
+ynh_secure_remove --file="$final_path/build/output"
+
+# Install immich web
+pushd $final_path/build
+ detect_arch
+ ./docker-image-extract altran1502/immich-web:$IMMICH_WEB_VERSION
+popd
+mkdir -p "$final_path/web/"
+chown -R $app:$app $final_path/build/output/usr/src/app
+pushd $final_path/build/output/usr/src/app
+ # rm vite.config.js
+ # ynh_add_config --template="../conf/vite.config.js" --destination="$final_path/build/output/usr/src/app/vite.config.js"
+ ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH npm ci
+ ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH npm run build
+popd
+rsync -a "$final_path/build/output/usr/src/app/" "$final_path/web/"
+
+#ynh_secure_remove --file="$final_path/build"
+# To be put back when everything stabilized
+
+# Shouldn't be needed, but for some reasons the server doesn't use the .env
+#/home/yunohost.app/__APP__/ value and expects a ./upload directory at the root
+mkdir -p "$final_path/upload"
+
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:$app "$final_path"
#=================================================
# CREATE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Creating a data directory..." --weight=1
-### Use these lines if you need to create a directory to store "persistent files" for the application.
-### Usually this directory is used to store uploaded files or any file that won't be updated during
-### an upgrade and that won't be deleted during app removal unless "--purge" option is used.
-### If you're not using these lines:
-### - Remove the section "BACKUP THE DATA DIR" in the backup script
-### - Remove the section "RESTORE THE DATA DIRECTORY" in the restore script
-### - As well as the section "REMOVE DATA DIR" in the remove script
-
datadir=/home/yunohost.app/$app
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
mkdir -p $datadir
-# FIXME: this should be managed by the core in the future
-# Here, as a packager, you may have to tweak the ownerhsip/permissions
-# such that the appropriate users (e.g. maybe www-data) can access
-# files in some cases.
-# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
-# this will be treated as a security issue.
chmod 750 "$datadir"
chmod -R o-rwx "$datadir"
chown -R $app:www-data "$datadir"
@@ -229,89 +197,31 @@ chown -R $app:www-data "$datadir"
#=================================================
# ADD A CONFIGURATION
#=================================================
-ynh_script_progression --message="Adding a configuration file..." --weight=1
-### You can add specific configuration files.
-###
-### Typically, put your template conf file in ../conf/your_config_file
-### The template may contain strings such as __FOO__ or __FOO_BAR__,
-### which will automatically be replaced by the values of $foo and $foo_bar
-###
-### ynh_add_config will also keep track of the config file's checksum,
-### which later during upgrade may allow to automatically backup the config file
-### if it's found that the file was manually modified
-###
-### Check the documentation of `ynh_add_config` for more info.
+ynh_script_progression --message="Adding a configuration file..."
-ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file"
+ynh_add_config --template="../conf/.env" --destination="$final_path/.env"
-# FIXME: this should be handled by the core in the future
-# You may need to use chmod 600 instead of 400,
-# for example if the app is expected to be able to modify its own config
-chmod 400 "$final_path/some_config_file"
-chown $app:$app "$final_path/some_config_file"
-
-### For more complex cases where you want to replace stuff using regexes,
-### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
-### When doing so, you also need to manually call ynh_store_file_checksum
-###
-### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file"
-### ynh_store_file_checksum --file="$final_path/some_config_file"
+chmod 600 "$final_path/.env"
+chown $app:$app "$final_path/.env"
#=================================================
# SETUP SYSTEMD
#=================================================
-ynh_script_progression --message="Configuring a systemd service..." --weight=1
-
-### `ynh_systemd_config` is used to configure a systemd script for an app.
-### It can be used for apps that use sysvinit (with adaptation) or systemd.
-### Have a look at the app to be sure this app needs a systemd script.
-### `ynh_systemd_config` will use the file conf/systemd.service
-### If you're not using these lines:
-### - You can remove those files in conf/.
-### - Remove the section "BACKUP SYSTEMD" in the backup script
-### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script
-### - As well as the section "RESTORE SYSTEMD" in the restore script
-### - And the section "SETUP SYSTEMD" in the upgrade script
+ynh_script_progression --message="Configuring all systemd services..."
# Create a dedicated systemd config
-ynh_add_systemd_config
-
-#=================================================
-# SETUP APPLICATION WITH CURL
-#=================================================
-
-### Use these lines only if the app installation needs to be finalized through
-### web forms. We generally don't want to ask the final user,
-### so we're going to use curl to automatically fill the fields and submit the
-### forms.
-
-# Set the app as temporarily public for curl call
-ynh_script_progression --message="Configuring SSOwat..." --weight=1
-# Making the app public for curl
-ynh_permission_update --permission="main" --add="visitors"
-
-# Installation with curl
-ynh_script_progression --message="Finalizing installation..." --weight=1
-ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
-
-# Remove the public access
-ynh_permission_update --permission="main" --remove="visitors"
+ynh_add_systemd_config --service=$app-server --template=server.service
+ynh_add_systemd_config --service=$app-microservices --template=microservices.service
+ynh_add_systemd_config --service=$app-ml --template=ml.service
+ynh_add_systemd_config --service=$app-web --template=web.service
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
-ynh_script_progression --message="Configuring log rotation..." --weight=1
-
-### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
-### Use this helper only if there is effectively a log file for this app.
-### If you're not using this helper:
-### - Remove the section "BACKUP LOGROTATE" in the backup script
-### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
-### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
-### - And the section "SETUP LOGROTATE" in the upgrade script
+ynh_script_progression --message="Configuring log rotation..."
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
@@ -319,63 +229,28 @@ ynh_use_logrotate
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
-ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
+ynh_script_progression --message="Integrating service in YunoHost..."
-### `yunohost service add` integrates a service in YunoHost. It then gets
-### displayed in the admin interface and through the others `yunohost service` commands.
-### (N.B.: this line only makes sense if the app adds a service to the system!)
-### If you're not using these lines:
-### - You can remove these files in conf/.
-### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script
-### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script
-### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script
-
-yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
-
-### Additional options starting with 3.8:
-###
-### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed
-### which will then be checked by YunoHost's diagnosis system
-### (N.B. DO NOT USE THIS is the port is only internal!!!)
-###
-### --test_status "some command" a custom command to check the status of the service
-### (only relevant if 'systemctl status' doesn't do a good job)
-###
-### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service
-###
-### Re-calling 'yunohost service add' during the upgrade script is the right way
-### to proceed if you later realize that you need to enable some flags that
-### weren't enabled on old installs (be careful it'll override the existing
-### service though so you should re-provide all relevant flags when doing so)
+yunohost service add $app-server --description="Immich Server" --log="/var/log/$app/$app-server.log"
+yunohost service add $app-microservices --description="Immich Microservices" --log="/var/log/$app/$app-microservices.log"
+yunohost service add $app-ml --description="Immich Machine Learning" --log="/var/log/$app/$app-ml.log"
+yunohost service add $app-web --description="Immich Web" --log="/var/log/$app/$app-web.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
-ynh_script_progression --message="Starting a systemd service..." --weight=1
-
-### `ynh_systemd_action` is used to start a systemd service for an app.
-### Only needed if you have configure a systemd service
-### If you're not using these lines:
-### - Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script
-### - As well as the section "START SYSTEMD SERVICE" in the restore script
-### - As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script
-### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script
+ynh_script_progression --message="Starting a systemd service..."
# Start a systemd service
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
-
-#=================================================
-# SETUP FAIL2BAN
-#=================================================
-ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
-
-# Create a dedicated Fail2Ban config
-ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
+ynh_systemd_action --service_name=$app-server --action="start" --log_path="/var/log/$app/$app-server.log"
+ynh_systemd_action --service_name=$app-microservices --action="start" --log_path="/var/log/$app/$app-microservices.log"
+ynh_systemd_action --service_name=$app-ml --action="start" --log_path="/var/log/$app/$app-ml.log"
+ynh_systemd_action --service_name=$app-web --action="start" --log_path="/var/log/$app/$app-web.log"
#=================================================
# SETUP SSOWAT
#=================================================
-ynh_script_progression --message="Configuring permissions..." --weight=1
+ynh_script_progression --message="Configuring permissions..."
# Make app public if necessary
if [ $is_public -eq 1 ]
diff --git a/scripts/remove b/scripts/remove
index ca31e5a..6dbc0b3 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -22,6 +22,7 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+jwt=$(ynh_app_setting_get --app=$app --key=jwt)
#=================================================
# STANDARD REMOVE
@@ -42,7 +43,10 @@ fi
ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
# Remove the dedicated systemd config
-ynh_remove_systemd_config
+ynh_remove_systemd_config --service=immich-server
+ynh_remove_systemd_config --service=immich-microservicies
+ynh_remove_systemd_config --service=immich-ml
+ynh_remove_systemd_config --service=immich-web
#=================================================
# REMOVE LOGROTATE CONFIGURATION
@@ -53,12 +57,12 @@ ynh_script_progression --message="Removing logrotate configuration..." --weight=
ynh_remove_logrotate
#=================================================
-# REMOVE THE MYSQL DATABASE
+# REMOVE THE POSTGRESQL DATABASE
#=================================================
-ynh_script_progression --message="Removing the MySQL database..." --weight=1
+ynh_script_progression --message="Removing the PostgreSQL database..."
# Remove a database if it exists, along with the associated user
-ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name
+ynh_psql_remove_db --db_user=$db_name --db_name=$db_name
#=================================================
# REMOVE APP MAIN DIR
@@ -87,14 +91,6 @@ ynh_script_progression --message="Removing NGINX web server configuration..." --
# Remove the dedicated NGINX config
ynh_remove_nginx_config
-#=================================================
-# REMOVE PHP-FPM CONFIGURATION
-#=================================================
-ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=1
-
-# Remove the dedicated PHP-FPM config
-ynh_remove_fpm_config
-
#=================================================
# REMOVE DEPENDENCIES
#=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index f38c139..06074b3 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -22,6 +22,7 @@ language=$(ynh_app_setting_get --app=$app --key=language)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+jwt=$(ynh_app_setting_get --app=$app --key=jwt)
#=================================================
# CHECK VERSION