diff --git a/README.md b/README.md index 9f016b7..c7ade38 100644 --- a/README.md +++ b/README.md @@ -15,9 +15,10 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview -A link aggregator / Reddit clone for the fediverse. +[Lemmy](https://github.com/LemmyNet/lemmy) is similar to sites like [Reddit](https://reddit.com), [Lobste.rs](https://lobste.rs), or [Hacker News](https://news.ycombinator.com/): you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the [Fediverse](https://en.wikipedia.org/wiki/Fediverse). -**Shipped version:** 0.11.3~ynh1 + +**Shipped version:** 0.15.2~ynh1 **Demo:** https://lemmy.ml/ @@ -27,9 +28,8 @@ A link aggregator / Reddit clone for the fediverse. ## Disclaimers / important information -* Any known limitations, constrains or stuff not working, such as (but not limited to): - * Lemmy require full domain path to be installed. Eg. lemmy.domain.tld - * The admin username and password will be sent to the admin of the YunoHost through mail. +* Lemmy require full domain path to be installed. Eg. lemmy.domain.tld +* The admin username and password will be sent to the admin of the YunoHost through mail. ## Documentation and resources * Official app website: https://join-lemmy.org/ diff --git a/README_fr.md b/README_fr.md index 7fad1a8..f679447 100644 --- a/README_fr.md +++ b/README_fr.md @@ -11,9 +11,10 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour ## Vue d'ensemble +[Lemmy](https://github.com/LemmyNet/lemmy) is similar to sites like [Reddit](https://reddit.com), [Lobste.rs](https://lobste.rs), or [Hacker News](https://news.ycombinator.com/): you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the [Fediverse](https://en.wikipedia.org/wiki/Fediverse). -**Version incluse :** 0.11.3~ynh1 +**Version incluse :** 0.15.2~ynh1 **Démo :** https://lemmy.ml/ @@ -23,9 +24,8 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour ## Avertissements / informations importantes -* Any known limitations, constrains or stuff not working, such as (but not limited to): - * Lemmy require full domain path to be installed. Eg. lemmy.domain.tld - * The admin username and password will be sent to the admin of the YunoHost through mail. +* Lemmy require full domain path to be installed. Eg. lemmy.domain.tld +* The admin username and password will be sent to the admin of the YunoHost through mail. ## Documentations et ressources * Site officiel de l'app : https://join-lemmy.org/ diff --git a/check_process b/check_process index 6506486..d17b06e 100644 --- a/check_process +++ b/check_process @@ -12,7 +12,8 @@ setup_private=0 setup_public=1 upgrade=1 - #upgrade=1 from_commit=CommitHash + # 0.11.3~ynh1 + upgrade=1 from_commit=1681bfab08bdc5e943d5fdaf5b5069066f84d35d backup_restore=1 multi_instance=0 port_already_use=0 @@ -22,5 +23,4 @@ Email= Notification=none ;;; Upgrade options ; commit=CommitHash - name=Name and date of the commit. - manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666& + name=0.11.3~ynh1 diff --git a/conf/iframely.config.local.js b/conf/iframely.config.local.js deleted file mode 100644 index 1381fb0..0000000 --- a/conf/iframely.config.local.js +++ /dev/null @@ -1,283 +0,0 @@ -(function() { - var config = { - - // Specify a path for custom plugins. Custom plugins will override core plugins. - // CUSTOM_PLUGINS_PATH: __dirname + '/yourcustom-plugin-folder', - - DEBUG: false, - RICH_LOG_ENABLED: false, - - // For embeds that require render, baseAppUrl will be used as the host. - baseAppUrl: "http://__DOMAIN__", - relativeStaticUrl: "/r", - - // Or just skip built-in renders altogether - SKIP_IFRAMELY_RENDERS: true, - - // For legacy reasons the response format of Iframely open-source is - // different by default as it does not group the links array by rel. - // In order to get the same grouped response as in Cloud API, - // add `&group=true` to your request to change response per request - // or set `GROUP_LINKS` in your config to `true` for a global change. - GROUP_LINKS: true, - - // Number of maximum redirects to follow before aborting the page - // request with `redirect loop` error. - MAX_REDIRECTS: 4, - - SKIP_OEMBED_RE_LIST: [ - // /^https?:\/\/yourdomain\.com\//, - ], - - /* - // Used to pass parameters to the generate functions when creating HTML elements - // disableSizeWrapper: Don't wrap element (iframe, video, etc) in a positioned div - GENERATE_LINK_PARAMS: { - disableSizeWrapper: true - }, - */ - - port: __PORT_IFRAMELY__, //can be overridden by PORT env var - host: '0.0.0.0', // Dockers beware. See https://github.com/itteco/iframely/issues/132#issuecomment-242991246 - //can be overridden by HOST env var - - // Optional SSL cert, if you serve under HTTPS. - /* - ssl: { - key: require('fs').readFileSync(__dirname + '/key.pem'), - cert: require('fs').readFileSync(__dirname + '/cert.pem'), - port: 443 - }, - */ - - /* - Supported cache engines: - - no-cache - no caching will be used. - - node-cache - good for debug, node memory will be used (https://github.com/tcs-de/nodecache). - - redis - https://github.com/mranney/node_redis. - - memcached - https://github.com/3rd-Eden/node-memcached - */ - CACHE_ENGINE: 'node-cache', - CACHE_TTL: 0, // In seconds. - // 0 = 'never expire' for memcached & node-cache to let cache engine decide itself when to evict the record - // 0 = 'no cache' for redis. Use high enough (e.g. 365*24*60*60*1000) ttl for similar 'never expire' approach instead - - /* - // Redis cache options. - REDIS_OPTIONS: { - host: '127.0.0.1', - port: 6379 - }, - */ - - /* - // Memcached options. See https://github.com/3rd-Eden/node-memcached#server-locations - MEMCACHED_OPTIONS: { - locations: "127.0.0.1:11211" - } - */ - - /* - // Access-Control-Allow-Origin list. - allowedOrigins: [ - "*", - "http://another_domain.com" - ], - */ - - /* - // Uncomment to enable plugin testing framework. - tests: { - mongodb: 'mongodb://localhost:27017/iframely-tests', - single_test_timeout: 10 * 1000, - plugin_test_period: 2 * 60 * 60 * 1000, - relaunch_script_period: 5 * 60 * 1000 - }, - */ - - // If there's no response from remote server, the timeout will occur after - RESPONSE_TIMEOUT: 5 * 1000, //ms - - /* From v1.4.0, Iframely supports HTTP/2 by default. Disable it, if you'd rather not. - Alternatively, you can also disable per origin. See `proxy` option below. - */ - // DISABLE_HTTP2: true, - - // Customize API calls to oembed endpoints. - ADD_OEMBED_PARAMS: [{ - // Endpoint url regexp array. - re: [/^http:\/\/api\.instagram\.com\/oembed/], - // Custom get params object. - params: { - hidecaption: true - } - }, { - re: [/^https:\/\/www\.facebook\.com\/plugins\/page\/oembed\.json/i], - params: { - show_posts: 0, - show_facepile: 0, - maxwidth: 600 - } - }, { - // match i=user or i=moment or i=timeline to configure these types invidually - // see params spec at https://dev.twitter.com/web/embedded-timelines/oembed - re: [/^https?:\/\/publish\.twitter\.com\/oembed\?i=user/i], - params: { - limit: 1, - maxwidth: 600 - } - /* - }, { - // Facebook https://developers.facebook.com/docs/plugins/oembed-endpoints - re: [/^https:\/\/www\.facebook\.com\/plugins\/\w+\/oembed\.json/i], - params: { - // Skip script tag and fb-root div. - omitscript: true - } - */ - }], - - /* - // Configure use of HTTP proxies as needed. - // You don't have to specify all options per regex - just what you need to override - PROXY: [{ - re: [/^https?:\/\/www\.domain\.com/], - proxy_server: 'http://1.2.3.4:8080', - user_agent: 'CHANGE YOUR AGENT', - headers: { - // HTTP headers - // Overrides previous params if overlapped. - }, - request_options: { - // Refer to: https://github.com/request/request - // Overrides previous params if overlapped. - }, - disable_http2: true - }], - */ - - // Customize API calls to 3rd parties. At the very least - configure required keys. - providerOptions: { - locale: "en_US", // ISO 639-1 two-letter language code, e.g. en_CA or fr_CH. - // Will be added as highest priotity in accept-language header with each request. - // Plus is used in FB, YouTube and perhaps other plugins - "twitter": { - "max-width": 550, - "min-width": 250, - hide_media: false, - hide_thread: false, - omit_script: false, - center: false, - // dnt: true, - cache_ttl: 100 * 365 * 24 * 3600 // 100 Years. - }, - readability: { - enabled: false - // allowPTagDescription: true // to enable description fallback to first paragraph - }, - images: { - loadSize: false, // if true, will try an load first bytes of all images to get/confirm the sizes - checkFavicon: false // if true, will verify all favicons - }, - tumblr: { - consumer_key: "INSERT YOUR VALUE" - // media_only: true // disables status embeds for images and videos - will return plain media - }, - google: { - // https://developers.google.com/maps/documentation/embed/guide#api_key - maps_key: "INSERT YOUR VALUE" - }, - - /* - // Optional Camo Proxy to wrap all images: https://github.com/atmos/camo - camoProxy: { - camo_proxy_key: "INSERT YOUR VALUE", - camo_proxy_host: "INSERT YOUR VALUE" - // ssl_only: true // will only proxy non-ssl images - }, - */ - - // List of query parameters to add to YouTube and Vimeo frames - // Start it with leading "?". Or omit alltogether for default values - // API key is optional, youtube will work without it too. - // It is probably the same API key you use for Google Maps. - youtube: { - // api_key: "INSERT YOUR VALUE", - get_params: "?rel=0&showinfo=1" // https://developers.google.com/youtube/player_parameters - }, - vimeo: { - get_params: "?byline=0&badge=0" // https://developer.vimeo.com/player/embedding - }, - - /* - soundcloud: { - old_player: true // enables classic player - }, - giphy: { - media_only: true // disables branded player for gifs and returns just the image - } - */ - /* - bandcamp: { - get_params: '/size=large/bgcol=333333/linkcol=ffffff/artwork=small/transparent=true/', - media: { - album: { - height: 472, - 'max-width': 700 - }, - track: { - height: 120, - 'max-width': 700 - } - } - } - */ - }, - - // WHITELIST_WILDCARD, if present, will be added to whitelist as record for top level domain: "*" - // with it, you can define what parsers do when they run accross unknown publisher. - // If absent or empty, all generic media parsers will be disabled except for known domains - // More about format: https://iframely.com/docs/qa-format - - /* - WHITELIST_WILDCARD: { - "twitter": { - "player": "allow", - "photo": "deny" - }, - "oembed": { - "video": "allow", - "photo": "allow", - "rich": "deny", - "link": "deny" - }, - "og": { - "video": ["allow", "ssl", "responsive"] - }, - "iframely": { - "survey": "allow", - "reader": "allow", - "player": "allow", - "image": "allow" - }, - "html-meta": { - "video": ["allow", "responsive"], - "promo": "allow" - } - } - */ - - // Black-list any of the inappropriate domains. Iframely will return 417 - // At minimum, keep your localhosts blacklisted to avoid SSRF - BLACKLIST_DOMAINS_RE: [ - /^https?:\/\/127\.0\.0\.1/i, - /^https?:\/\/localhost/i, - - // And this is AWS metadata service - // https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html - /^https?:\/\/169\.254\.169\.254/ - ] - }; - - module.exports = config; -})(); diff --git a/conf/iframely.service b/conf/iframely.service deleted file mode 100644 index 4203218..0000000 --- a/conf/iframely.service +++ /dev/null @@ -1,45 +0,0 @@ -[Unit] -Description=__APP__ Iframely Daemon -After=network.target - -[Service] -Type=simple -User=__APP__ -Group=__APP__ -WorkingDirectory=__FINALPATH__/iframely/ -ExecStart=__YNH_NODE__ -- server -StandardOutput=append:/var/log/__APP__/__APP__-iframely.log -StandardError=inherit - -# Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline -# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html -NoNewPrivileges=yes -PrivateTmp=yes -PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 -RestrictNamespaces=yes -RestrictRealtime=yes -DevicePolicy=closed -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -LockPersonality=yes -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap - -# Denying access to capabilities that should not be relevant for webapps -# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html -CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD -CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE -CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT -CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK -CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM -CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG -CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE -CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG - -[Install] -WantedBy=multi-user.target diff --git a/conf/imagemagick.src b/conf/imagemagick.src index 82b963e..16c0fed 100644 --- a/conf/imagemagick.src +++ b/conf/imagemagick.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.0.10-62.tar.gz -SOURCE_SUM=84442158aea070095efa832cfe868fd99d6befdf609444f0c9e9f1b4f25480cd +SOURCE_URL=https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.1.0-22.tar.gz +SOURCE_SUM=9cf8407c59ddb596f3ef39a1d50a113bb7d0a723a4693efc066ff8c6b789c5f6 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/lemmy-translations.src b/conf/lemmy-translations.src index cb2e5dd..87b40c6 100644 --- a/conf/lemmy-translations.src +++ b/conf/lemmy-translations.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://codeload.github.com/LemmyNet/lemmy-translations/tar.gz/9e3dfebe14693553f1002ef06f02201ca1d52863 -SOURCE_SUM=1693789ac4d6a3905530b2cf76ad50151082f5e96d1639dc06e30219649a6c87 +SOURCE_URL=https://codeload.github.com/LemmyNet/lemmy-translations/tar.gz/00e4efbef6c3ac34cd2f5f444a95eddce9ec12d7 +SOURCE_SUM=0587c1867c785e6d229d1519a37fc9a280e78f356d919f868f21a896abddff71 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/lemmy.hjson b/conf/lemmy.hjson index 38d0c5e..c4a3df5 100644 --- a/conf/lemmy.hjson +++ b/conf/lemmy.hjson @@ -1,72 +1,49 @@ { - # for more info about the config, check out the documentation - # https://join.lemmy.ml/docs/en/administration/configuration.html - - setup: { - # username for the admin user - admin_username: "__ADMIN__" - # password for the admin user - admin_password: "__PASSWORD__" - # optional: email for the admin user (can be omitted and set later through the website) - admin_email: "__ADMIN_EMAIL__" - # name of the site (can be changed later) - site_name: "__SITENAME__" - } # settings related to the postgresql database database: { - # username to connect to postgres + # Username to connect to postgres user: "__DB_USER__" - # password to connect to postgres + # Password to connect to postgres password: "__DB_PWD__" - # host where postgres is running + # Host where postgres is running host: "localhost" - # port where postgres can be accessed + # Port where postgres can be accessed port: 5432 - # name of the postgres database for lemmy + # Name of the postgres database for lemmy database: "__DB_NAME__" - # maximum number of active sql connections + # Maximum number of active sql connections pool_size: 5 } - # the domain name of your instance (eg "lemmy.ml") - hostname: "__DOMAIN__" - # address where lemmy should listen for incoming requests - bind: "0.0.0.0" - # port where lemmy should listen for incoming requests - port: __PORT_LEMMY__ - # whether tls is required for activitypub. only disable this for debugging, never for producion. - tls_enabled: true - # json web token for authorization between server and client - jwt_secret: "__RANDOM__" - # address where pictrs is available - pictrs_url: "http://127.0.0.1:__PORT_PICTRS__" - # address where iframely is available - iframely_url: "http://127.0.0.1:__PORT_IFRAMELY__" # rate limits for various user actions, by user ip rate_limit: { - # maximum number of messages created in interval + # Maximum number of messages created in interval message: 180 - # interval length for message limit + # Interval length for message limit, in seconds message_per_second: 60 - # maximum number of posts created in interval + # Maximum number of posts created in interval post: 6 - # interval length for post limit + # Interval length for post limit, in seconds post_per_second: 600 - # maximum number of registrations in interval + # Maximum number of registrations in interval register: 3 - # interval length for registration limit + # Interval length for registration limit, in seconds register_per_second: 3600 - # maximum number of image uploads in interval + # Maximum number of image uploads in interval image: 6 - # interval length for image uploads + # Interval length for image uploads, in seconds image_per_second: 3600 + # Maximum number of comments created in interval + comment: 6 + # Interval length for comment limit, in seconds + comment_per_second: 600 } - # settings related to activitypub federation + # Settings related to activitypub federation federation: { - # whether to enable activitypub federation. + # Whether to enable activitypub federation. enabled: true # Allows and blocks are described here: - # https://join-lemmy.org/docs/en/federation/administration.html#instance-allowlist-and-blocklist - # + # https://join-lemmy.org/docs/en/federation/administration.html///instance-allowlist-and-blocklist + # # list of instances with which federation is allowed # allowed_instances: ["instance1.tld","instance2.tld"] # instances which we never federate anything with (but previously federated objects are unaffected) @@ -76,20 +53,60 @@ # strict_allowlist: true } captcha: { - enabled: true - difficulty: medium # Can be easy, medium, or hard + # Whether captcha is required for signup + enabled: false + # Can be easy, medium, or hard + difficulty: "medium" } - # email sending configuration + # Email sending configuration. All options except login/password are mandatory email: { - # hostname and port of the smtp server + # Hostname and port of the smtp server smtp_server: "127.0.0.1:25" - # login name for smtp server + # Login name for smtp server smtp_login: "" - # password to login to the smtp server + # Password to login to the smtp server smtp_password: "" - # address to send emails from, eg "noreply@your-instance.com" + # Address to send emails from, eg noreply@your-instance.com smtp_from_address: "lemmy@__DOMAIN__" - # whether or not smtp connections should use tls + # Whether or not smtp connections should use tls use_tls: true } + # Parameters for automatic configuration of new instance (only used at first start) + setup: { + # Username for the admin user + admin_username: "__ADMIN__" + # Password for the admin user. It must be at least 10 characters. + admin_password: "__PASSWORD__" + # Name of the site (can be changed later) + site_name: "__SITENAME__" + # Email for the admin user (optional, can be omitted and set later through the website) + admin_email: "__ADMIN_EMAIL__" + sidebar: "string" + description: "string" + icon: "string" + banner: "string" + enable_downvotes: true + open_registration: true + enable_nsfw: true + community_creation_admin_only: true + require_email_verification: true + require_application: true + application_question: "string" + private_instance: false + } + # the domain name of your instance (mandatory) + hostname: "__DOMAIN__" + # Address where lemmy should listen for incoming requests + bind: "0.0.0.0" + # Port where lemmy should listen for incoming requests + port: __PORT_LEMMY__ + # Whether the site is available over TLS. Needs to be true for federation to work. + tls_enabled: true + # Address where pictrs is available (for image hosting) + pictrs_url: "http://127.0.0.1:__PORT_PICTRS__" + slur_filter: "(\bThis\b)|(\bis\b)|(\bsample\b)" + # Maximum length of local community and user names + actor_name_max_length: 20 + # Maximum number of HTTP requests allowed to handle a single incoming activity (or a single object fetch through the search). + http_fetch_retry_limit: 25 } diff --git a/conf/nginx.conf b/conf/nginx.conf index 39e8392..ba8e517 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,20 +1,26 @@ #limit_req_zone $binary_remote_addr zone=lemmy_ratelimit:10m rate=1r/s; + + + # Only connect to this site via HTTPS for the two years + more_set_headers "Strict-Transport-Security: max-age=63072000"; + + # Various content security headers + more_set_headers "Referrer-Policy: same-origin"; + more_set_headers "X-Content-Type-Options: nosniff"; + more_set_headers "X-Frame-Options: DENY"; + more_set_headers "X-XSS-Protection: 1; mode=block"; + + # Upload limit for pictrs + client_max_body_size 20M; + # frontend location / { # The default ports: # lemmy_ui_port: 1235 # lemmy_port: 8536 - # Force usage of https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - set $proxpass "http://127.0.0.1:__PORT_UI__"; - if ($http_accept = "application/activity+json") { - set $proxpass "http://127.0.0.1:__PORT_LEMMY__"; - } - if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") { + if ($http_accept ~ "^application/.*$") { set $proxpass "http://127.0.0.1:__PORT_LEMMY__"; } if ($request_method = POST) { @@ -52,13 +58,6 @@ return 301 /pictrs/image/$1; } - location /iframely/ { - proxy_pass http://127.0.0.1:__PORT_IFRAMELY__/; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - # Anonymize IP addresses # https://www.supertechcrew.com/anonymizing-logs-nginx-apache/ diff --git a/conf/pict-rs.src b/conf/pict-rs.src index 50edba3..b7d8ce6 100644 --- a/conf/pict-rs.src +++ b/conf/pict-rs.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://git.asonix.dog/asonix/pict-rs/archive/v0.2.6-r2.tar.gz -SOURCE_SUM=c8542ff79fc2f0699b33994d6718a9f8f4bfc94e6c7c7e1e5dc13911afd40d10 +SOURCE_URL=https://git.asonix.dog/asonix/pict-rs/archive/v0.3.0-beta.19.tar.gz +SOURCE_SUM=0c53ba162c999375e9688024ffc77b783a0cc07c4928d44d753b052c09995bba SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..0fe3cc8 --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1 @@ +[Lemmy](https://github.com/LemmyNet/lemmy) is similar to sites like [Reddit](https://reddit.com), [Lobste.rs](https://lobste.rs), or [Hacker News](https://news.ycombinator.com/): you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the [Fediverse](https://en.wikipedia.org/wiki/Fediverse). diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index bbabfe8..995fdf6 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -1,3 +1,2 @@ -* Any known limitations, constrains or stuff not working, such as (but not limited to): - * Lemmy require full domain path to be installed. Eg. lemmy.domain.tld - * The admin username and password will be sent to the admin of the YunoHost through mail. \ No newline at end of file +* Lemmy require full domain path to be installed. Eg. lemmy.domain.tld +* The admin username and password will be sent to the admin of the YunoHost through mail. \ No newline at end of file diff --git a/manifest.json b/manifest.json index d832d61..0873e5f 100644 --- a/manifest.json +++ b/manifest.json @@ -5,7 +5,7 @@ "description": { "en": "A link aggregator / Reddit clone for the fediverse." }, - "version": "0.11.3~ynh1", + "version": "0.15.2~ynh1", "url": "https://join.lemmy.ml/", "upstream": { "license": "GPL-3.0", diff --git a/scripts/_common.sh b/scripts/_common.sh index 7d9e542..5f1b48e 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -11,20 +11,17 @@ imagemagick_build_dependencies="libltdl-dev libjpeg-dev libpng-dev libwebp-dev l imagemagick_dependencies="" pictrs_build_dependencies="pkg-config build-essential libgexiv2-dev libxml2 libltdl7 libavcodec-dev libavfilter-dev libavdevice-dev libavformat-dev libavresample-dev libavutil-dev libswscale-dev libswresample-dev llvm-dev libclang-dev clang" pictrs_dependencies="libgexiv2-2 libpng16-16 libjpeg62-turbo libwebp6 libwebpdemux2 libwebpmux3 libltdl7 libgomp1 libxml2 libavcodec58 libavfilter7 libavdevice58 libavformat58 libavresample4 libavutil56 libswscale5 libswresample3 tini" -iframely_dependencies="musl-dev" -pkg_dependencies="$lemmy_dependencies $lemmyui_dependencies $imagemagick_dependencies $pictrs_dependencies $iframely_dependencies" +pkg_dependencies="$lemmy_dependencies $lemmyui_dependencies $imagemagick_dependencies $pictrs_dependencies" pkg_build_dependencies="$imagemagick_build_dependencies $pictrs_build_dependencies" NODEJS_VERSION=12 -LEMMY_VERSION=0.11.3 +LEMMY_VERSION=0.15.2 -LEMMYUI_VERSION=0.11.3 +LEMMYUI_VERSION=0.15.2 -PICTRS_VERSION=v0.2.6-r2 - -IFRAMELY_VERSION=latest +PICTRS_VERSION=0.3.0-beta.12-r1 #================================================= # PERSONAL HELPERS diff --git a/scripts/backup b/scripts/backup index e46f567..e2dfb50 100755 --- a/scripts/backup +++ b/scripts/backup @@ -69,7 +69,6 @@ ynh_backup --src_path="/etc/logrotate.d/$app" ynh_backup --src_path="/etc/systemd/system/$app.service" ynh_backup --src_path="/etc/systemd/system/$app-ui.service" -ynh_backup --src_path="/etc/systemd/system/$app-iframely.service" ynh_backup --src_path="/etc/systemd/system/$app-pict-rs.service" #================================================= diff --git a/scripts/install b/scripts/install index 090d481..2ee880d 100755 --- a/scripts/install +++ b/scripts/install @@ -28,7 +28,6 @@ path_url="/" admin=$YNH_APP_ARG_ADMIN password=$(ynh_string_random --length=12) sitename=$YNH_APP_ARG_SITENAME -random=$(ynh_string_random --length=10) admin_email=$(ynh_user_get_info --username=$admin --key="mail") app=$YNH_APP_INSTANCE_NAME @@ -54,7 +53,6 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=password --value=$password ynh_app_setting_set --app=$app --key=sitename --value=$sitename -ynh_app_setting_set --app=$app --key=random --value=$random #================================================= # STANDARD MODIFICATIONS @@ -70,8 +68,6 @@ port_ui=$(ynh_find_port --port=1235) ynh_app_setting_set --app=$app --key=port_ui --value=$port_ui port_pictrs=$(ynh_find_port --port=8537) ynh_app_setting_set --app=$app --key=port_pictrs --value=$port_pictrs -port_iframely=$(ynh_find_port --port=8061) -ynh_app_setting_set --app=$app --key=port_iframely --value=$port_iframely #================================================= # INSTALL DEPENDENCIES @@ -103,6 +99,7 @@ db_pwd=$(ynh_string_random --length=30) ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd +ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pgcrypto;" --database="$db_name" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -116,7 +113,6 @@ ynh_setup_source --dest_dir="$final_path/build-lemmy-ui/" --source_id="docker-im ynh_setup_source --dest_dir="$final_path/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations" ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick" ynh_setup_source --dest_dir="$final_path/build-pict-rs/" --source_id="pict-rs" -ynh_setup_source --dest_dir="$final_path/build-iframely/" --source_id="docker-image-extract" chmod 750 "$final_path" chmod -R o-rwx "$final_path" @@ -151,31 +147,6 @@ chown -R $app:$app "$datadir" #================================================= ynh_script_progression --message="Making install..." -# Install lemmy -pushd $final_path/build-lemmy - ./docker-image-extract dessalines/lemmy:$LEMMY_VERSION -popd -mkdir -p "$final_path/lemmy/" -mv -f "$final_path/build-lemmy/output/app/lemmy" "$final_path/lemmy/lemmy" -ynh_secure_remove --file="$final_path/build-lemmy" - -# Install lemmy-ui -pushd $final_path/build-lemmy-ui - ./docker-image-extract dessalines/lemmy-ui:$LEMMYUI_VERSION -popd -mkdir -p "$final_path/lemmy-ui/" -rsync -a "$final_path/build-lemmy-ui/output/app/" "$final_path/lemmy-ui/" -ynh_secure_remove --file="$final_path/build-lemmy-ui" - -# Install ImageMagick -pushd "$final_path/build-imagemagick/" - ynh_exec_warn_less ./configure --with-modules - ynh_exec_warn_less make - ynh_exec_warn_less make install - ynh_exec_warn_less ldconfig /usr/local/lib -popd -ynh_secure_remove --file="$final_path/build-imagemagick" - # Install rustup with the toolchain needed by pict-rs pushd "$final_path" sudo -u "$app" RUSTUP_HOME="$final_path/.rustup" CARGO_HOME="$final_path/.cargo" bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly' @@ -195,15 +166,35 @@ ynh_secure_remove --file="$final_path/build-pict-rs" ynh_secure_remove --file="$final_path/.cargo" ynh_secure_remove --file="$final_path/.rustup" -# Install iframely -pushd $final_path/build-iframely - ./docker-image-extract dogbin/iframely:$IFRAMELY_VERSION +# Install lemmy-ui +pushd $final_path/build-lemmy-ui + ./docker-image-extract dessalines/lemmy-ui:$LEMMYUI_VERSION popd -mkdir -p "$final_path/iframely/" -rsync -a "$final_path/build-iframely/output/iframely/" "$final_path/iframely/" -ynh_secure_remove --file="$final_path/build-iframely" +mkdir -p "$final_path/lemmy-ui/" +rsync -a "$final_path/build-lemmy-ui/output/app/" "$final_path/lemmy-ui/" +ynh_secure_remove --file="$final_path/build-lemmy-ui" +# Install lemmy +pushd $final_path/build-lemmy + ./docker-image-extract dessalines/lemmy:$LEMMY_VERSION +popd +mkdir -p "$final_path/lemmy/" +mv -f "$final_path/build-lemmy/output/app/lemmy" "$final_path/lemmy/lemmy" +ynh_secure_remove --file="$final_path/build-lemmy" + +# Install ImageMagick +pushd "$final_path/build-imagemagick/" + ynh_exec_warn_less ./configure --with-modules + ynh_exec_warn_less make + ynh_exec_warn_less make install + ynh_exec_warn_less ldconfig /usr/local/lib +popd +ynh_secure_remove --file="$final_path/build-imagemagick" + +# Remove build stuff ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies +ynh_package_autoremove + chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:$app "$final_path" @@ -219,11 +210,6 @@ ynh_add_config --template="../conf/lemmy.hjson" --destination="$final_path/confi chmod 400 "$final_path/config/config.hjson" chown $app:$app "$final_path/config/config.hjson" -ynh_add_config --template="../conf/iframely.config.local.js" --destination="$final_path/iframely/iframely.config.local.js" - -chmod 400 "$final_path/iframely/iframely.config.local.js" -chown $app:$app "$final_path/iframely/iframely.config.local.js" - #================================================= # SETUP SYSTEMD #================================================= @@ -232,7 +218,6 @@ ynh_script_progression --message="Configuring a systemd service..." # Create a dedicated systemd config ynh_add_systemd_config --service="$app" --template="lemmy.service" ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service" -ynh_add_systemd_config --service="$app-iframely" --template="iframely.service" ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service" #================================================= @@ -258,7 +243,6 @@ ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log" yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log" -yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log" #================================================= # START SYSTEMD SERVICE @@ -269,7 +253,6 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd -ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd #================================================= # SETUP SSOWAT diff --git a/scripts/remove b/scripts/remove index fb4a03e..366f7bc 100755 --- a/scripts/remove +++ b/scripts/remove @@ -33,17 +33,12 @@ then ynh_script_progression --message="Removing $app service integration..." yunohost service remove $app fi -if ynh_exec_warn_less yunohost service status $app >/dev/null +if ynh_exec_warn_less yunohost service status $app-ui >/dev/null then ynh_script_progression --message="Removing $app-ui service integration..." yunohost service remove $app-ui fi -if ynh_exec_warn_less yunohost service status $app >/dev/null -then - ynh_script_progression --message="Removing $app-iframely service integration..." - yunohost service remove $app-iframely -fi -if ynh_exec_warn_less yunohost service status $app >/dev/null +if ynh_exec_warn_less yunohost service status $app-pict-rs >/dev/null then ynh_script_progression --message="Removing $app-pict-rs service integration..." yunohost service remove $app-pict-rs @@ -57,7 +52,6 @@ ynh_script_progression --message="Stopping and removing the systemd service..." # Remove the dedicated systemd config ynh_remove_systemd_config ynh_remove_systemd_config --service=$app-ui -ynh_remove_systemd_config --service=$app-iframely ynh_remove_systemd_config --service=$app-pict-rs #================================================= @@ -91,16 +85,6 @@ popd ynh_secure_remove --file="$final_path/build-imagemagick" -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." - -# Remove metapackage and its dependencies -ynh_remove_nodejs -ynh_remove_app_dependencies -ynh_secure_remove --file="/lib/libc.musl-x86_64.so.1" - #================================================= # REMOVE APP MAIN DIR #================================================= @@ -117,6 +101,16 @@ ynh_script_progression --message="Removing NGINX web server configuration..." # Remove the dedicated NGINX config ynh_remove_nginx_config +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_script_progression --message="Removing dependencies..." + +# Remove metapackage and its dependencies +ynh_remove_nodejs +ynh_remove_app_dependencies +ynh_secure_remove --file="/lib/libc.musl-x86_64.so.1" + #================================================= # SPECIFIC REMOVE #================================================= diff --git a/scripts/restore b/scripts/restore index 268c6bb..9c9c432 100755 --- a/scripts/restore +++ b/scripts/restore @@ -40,8 +40,6 @@ datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= ynh_script_progression --message="Validating restoration parameters..." -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " @@ -118,6 +116,7 @@ popd ynh_secure_remove --file="$final_path/build-imagemagick" ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies +ynh_package_autoremove #================================================= # RESTORE THE POSTGRESQL DATABASE @@ -127,6 +126,7 @@ ynh_script_progression --message="Restoring the PostgreSQL database..." ynh_psql_test_if_first_run ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" +ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pgcrypto;" --database="$db_name" #================================================= # RESTORE SYSTEMD @@ -137,8 +137,6 @@ ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet ynh_restore_file --origin_path="/etc/systemd/system/$app-ui.service" systemctl enable $app-ui.service --quiet -ynh_restore_file --origin_path="/etc/systemd/system/$app-iframely.service" -systemctl enable $app-iframely.service --quiet ynh_restore_file --origin_path="/etc/systemd/system/$app-pict-rs.service" systemctl enable $app-pict-rs.service --quiet @@ -161,7 +159,6 @@ ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log" -yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log" yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log" #================================================= @@ -171,7 +168,6 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd -ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 99187ed..f268612 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -26,11 +26,9 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) datadir=$(ynh_app_setting_get --app=$app --key=datadir) password=$(ynh_app_setting_get --app=$app --key=password) sitename=$(ynh_app_setting_get --app=$app --key=sitename) -random=$(ynh_app_setting_get --app=$app --key=random) port_lemmy=$(ynh_app_setting_get --app=$app --key=port_lemmy) port_ui=$(ynh_app_setting_get --app=$app --key=port_ui) port_pictrs=$(ynh_app_setting_get --app=$app --key=port_pictrs) -port_iframely=$(ynh_app_setting_get --app=$app --key=port_iframely) admin_email=$(ynh_user_get_info --username=$admin --key="mail") #================================================= @@ -65,7 +63,6 @@ ynh_script_progression --message="Stopping a systemd service..." ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped" --log_path=systemd ynh_systemd_action --service_name=$app-ui --action="stop" --line_match="Stopped" --log_path=systemd ynh_systemd_action --service_name=$app-pict-rs --action="stop" --line_match="Stopped" --log_path=systemd -ynh_systemd_action --service_name=$app-iframely --action="stop" --line_match="Stopped" --log_path=systemd #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -79,6 +76,17 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi + +# Removing previously installed iframely +if ynh_exec_warn_less yunohost service status $app-iframely >/dev/null +then + ynh_script_progression --message="Removing $app-iframely service integration..." + yunohost service remove $app-iframely + ynh_app_setting_delete --app=$app --key=random + ynh_app_setting_delete --app=$app --key=port_iframely + ynh_remove_systemd_config --service=$app-iframely +fi + #================================================= # CREATE DEDICATED USER #================================================= @@ -101,7 +109,6 @@ then ynh_setup_source --dest_dir="$final_path/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations" ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick" ynh_setup_source --dest_dir="$final_path/build-pict-rs/" --source_id="pict-rs" - ynh_setup_source --dest_dir="$final_path/build-iframely/" --source_id="docker-image-extract" fi chmod 750 "$final_path" @@ -137,31 +144,6 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $pkg_build_dependencies - # Install lemmy - pushd $final_path/build-lemmy - ./docker-image-extract dessalines/lemmy:$LEMMY_VERSION - popd - mkdir -p "$final_path/lemmy/" - mv -f "$final_path/build-lemmy/output/app/lemmy" "$final_path/lemmy/lemmy" - ynh_secure_remove --file="$final_path/build-lemmy" - - # Install lemmy-ui - pushd $final_path/build-lemmy-ui - ./docker-image-extract dessalines/lemmy-ui:$LEMMYUI_VERSION - popd - mkdir -p "$final_path/lemmy-ui/" - rsync -a "$final_path/build-lemmy-ui/output/app/" "$final_path/lemmy-ui/" - ynh_secure_remove --file="$final_path/build-lemmy-ui" - - # Install ImageMagick - pushd "$final_path/build-imagemagick/" - ynh_exec_warn_less ./configure --with-modules - ynh_exec_warn_less make - ynh_exec_warn_less make install - ynh_exec_warn_less ldconfig /usr/local/lib - popd - ynh_secure_remove --file="$final_path/build-imagemagick" - # Install rustup with the toolchain needed by pict-rs pushd "$final_path" sudo -u "$app" RUSTUP_HOME="$final_path/.rustup" CARGO_HOME="$final_path/.cargo" bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly' @@ -181,15 +163,34 @@ then ynh_secure_remove --file="$final_path/.cargo" ynh_secure_remove --file="$final_path/.rustup" - # Install iframely - pushd $final_path/build-iframely - ./docker-image-extract dogbin/iframely:latest + # Install lemmy-ui + pushd $final_path/build-lemmy-ui + ./docker-image-extract dessalines/lemmy-ui:$LEMMYUI_VERSION popd - mkdir -p "$final_path/iframely/" - rsync -a "$final_path/build-iframely/output/iframely/" "$final_path/iframely/" - ynh_secure_remove --file="$final_path/build-iframely" + mkdir -p "$final_path/lemmy-ui/" + rsync -a "$final_path/build-lemmy-ui/output/app/" "$final_path/lemmy-ui/" + ynh_secure_remove --file="$final_path/build-lemmy-ui" + # Install lemmy + pushd $final_path/build-lemmy + ./docker-image-extract dessalines/lemmy:$LEMMY_VERSION + popd + mkdir -p "$final_path/lemmy/" + mv -f "$final_path/build-lemmy/output/app/lemmy" "$final_path/lemmy/lemmy" + ynh_secure_remove --file="$final_path/build-lemmy" + + # Install ImageMagick + pushd "$final_path/build-imagemagick/" + ynh_exec_warn_less ./configure --with-modules + ynh_exec_warn_less make + ynh_exec_warn_less make install + ynh_exec_warn_less ldconfig /usr/local/lib + popd + ynh_secure_remove --file="$final_path/build-imagemagick" + + # Remove build stuff ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies + ynh_package_autoremove fi chmod 750 "$final_path" @@ -207,11 +208,6 @@ ynh_add_config --template="../conf/lemmy.hjson" --destination="$final_path/confi chmod 400 "$final_path/config/config.hjson" chown $app:$app "$final_path/config/config.hjson" -ynh_add_config --template="../conf/iframely.config.local.js" --destination="$final_path/iframely/iframely.config.local.js" - -chmod 400 "$final_path/iframely/iframely.config.local.js" -chown $app:$app "$final_path/iframely/iframely.config.local.js" - #================================================= # SETUP SYSTEMD #================================================= @@ -220,7 +216,6 @@ ynh_script_progression --message="Upgrading systemd configuration..." # Create a dedicated systemd config ynh_add_systemd_config --service="$app" --template="lemmy.service" ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service" -ynh_add_systemd_config --service="$app-iframely" --template="iframely.service" ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service" #================================================= @@ -246,7 +241,6 @@ ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log" yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log" -yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log" #================================================= # START SYSTEMD SERVICE @@ -256,7 +250,6 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd -ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd #================================================= # RELOAD NGINX