YunoHost-Apps/lemmy_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/lemmy_ynh.git synced 2024-09-03 19:36:09 +02:00
Code Issues Activity Actions

Merge pull request #69 from YunoHost-Apps/testing

Browse source 
Update manifest.toml
This commit is contained in:
eric_G 2023-12-26 13:02:41 +01:00 committed by GitHub
commit 6a561fdab4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 762 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
conf/lemmy-ui.service
View file

@ -14,6 +14,7 @@ WorkingDirectory=__INSTALL_DIR__/lemmy-ui/
ExecStart=__YNH_NODE__ dist/js/server.js
StandardOutput=append:/var/log/__APP__/__APP__-ui.log
StandardError=inherit
Restart=always
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these

21
conf/lemmy.hjson
View file

@ -66,18 +66,26 @@
# Can be easy, medium, or hard
difficulty: "medium"
}
# Settings related to activitypub federation
# Pictrs image server configuration.
pictrs: {
# Address where pictrs is available (for image hosting)
url: "http://127.0.0.1:__PORT_PICTRS__/"
# Set a custom pictrs API key. ( Required for deleting images )
#api_key: "string"
}
# Email sending configuration. All options except login/password are mandatory
email: {
# Hostname and port of the smtp server
smtp_server: "127.0.0.1:25"
smtp_server: "__MAIN_DOMAIN__:587"
# Login name for smtp server
smtp_login: ""
smtp_login: "__APP__"
# Password to login to the smtp server
smtp_password: ""
smtp_password: "__MAIL_PWD__"
# Address to send emails from, eg noreply@your-instance.com
smtp_from_address: "lemmy@__DOMAIN__"
smtp_from_address: "__APP__@__DOMAIN__"
# Whether or not smtp connections should use tls. Can be none, tls, or starttls
tls_type: "none"
tls_type: "starttls"
}
# the domain name of your instance (mandatory)
hostname: "__DOMAIN__"
@ -87,9 +95,6 @@
port: __PORT__
# Whether the site is available over TLS. Needs to be true for federation to work.
tls_enabled: true
# Address where pictrs is available (for image hosting)
###pictrs_url: "http://127.0.0.1:"
slur_filter: "(\bThis\b)|(\bis\b)|(\bsample\b)"
# Maximum length of local community and user names
actor_name_max_length: 20
# Maximum number of HTTP requests allowed to handle a single incoming activity (or a single object fetch through the search).

1
conf/lemmy.service
View file

@ -11,6 +11,7 @@ WorkingDirectory=__INSTALL_DIR__/lemmy/
ExecStart=__INSTALL_DIR__/lemmy/lemmy
StandardOutput=append:/var/log/__APP__/__APP__.log
StandardError=inherit
Restart=always
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these

46
conf/pict-rs.service Normal file
View file

@ -0,0 +1,46 @@
[Unit]
Description=Pict-RS: A simple image hosting service for __APP__
After=network.target
[Service]
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__INSTALL_DIR__/pict-rs/
Environment=PATH=__PICTRS_PATH__
ExecStart=__INSTALL_DIR__/pict-rs/pict-rs -c __INSTALL_DIR__/pict-rs/pict-rs.toml run
StandardOutput=append:/var/log/__APP__/__APP__-pict-rs.log
StandardError=inherit
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

516
conf/pict-rs.toml Normal file
View file

@ -0,0 +1,516 @@
## Server configuration
[server]
## Optional: pict-rs binding address
# default: 0.0.0.0:8080
address = '127.0.0.1:__PORT_PICTRS__'
## Optional: pict-rs worker id
# default: pict-rs-1
#
# This is used for the internal job queue. It will have more meaning once a shared metadata
# repository (like postgres) can be defined.
worker_id = 'pict-rs-1'
## Optional: shared secret for internal endpoints
# default: empty
#
# Not specifying api_key disables internal endpoints
api_key = ''
## Optional: How many files are allowed to be uploaded per request
# default: 1
max_file_count = 1
## Client configuration
[client]
## Optional: connection pool size for internal http client
# default: 100
#
# This number is multiplied the number of cores available to pict-rs. Running on a 2 core machine
# with the default value will result in 200 pooled connections. Running on a 32 core machine with
# the default value will result in 3200 pooled connections.
#
# This number can be lowered to keep pict-rs within ulimit bounds if you encounter errors related to
# "Too many open files". Alternatively, increasing the ulimit of your system can solve this problem
# as well.
pool_size = 100
## Optional: time (in seconds) the client will wait for a response before giving up
# default: 30
#
# This is used for the `/image/download` endpoint when fetching media from another server. It is
# distinct from the object storage client timeout, which can be configured separately
timeout = 30
## Logging configuration
[tracing.logging]
## Optional: log format
# default: normal
#
# available options: compact, json, normal, pretty
format = 'normal'
## Optional: log targets
# default: warn,tracing_actix_web=info,actix_server=info,actix_web=info
#
# Dictates which traces should print to stdout
targets = 'warn,tracing_actix_web=info,actix_server=info,actix_web=info'
## Console configuration
#[tracing.console]
## Optional: console address
# default: empty
#
# Dictates whether console should be enabled, and what address it should be exposed on.
#
# When set, tokio-console can connect to the pict-rs service
#
# Configure your container to expose the console port
# ```
# # docker-compose.yml
# version: '3.3'
#
# services:
# pictrs:
# image: asonix/pictrs:0.4.1
# ports:
# - "127.0.0.1:8080:8080"
# - "127.0.0.1:6669:6669" # this is the line that exposes console
# restart: always
# volumes:
# - ./volumes/pictrs:/mnt
# ```
#
# Connect from console
# ```
# $ tokio-console http://localhost:6669
# ```
#address = '0.0.0.0:6669'
## Optional: console buffer capacity
# default: 102400
#
# This is the number of _events_ to buffer, not the number of bytes. In reality, the amount of
# RAM used will be significatnly larger (in bytes) than the buffer capacity (in events)
#buffer_capacity = 102400
## OpenTelemetry configuration
#[tracing.opentelemetry]
## Optional: url for exporting otlp traces
# default: empty
#
# Not specifying opentelemetry_url means no traces will be exported
# When set, pict-rs will export OpenTelemetry traces to the provided URL. If the URL is
# inaccessible, this can cause performance degredation in pict-rs, so it is best left unset unless
# you have an OpenTelemetry collector
#url = 'http://localhost:4317/'
## Optional: name to relate OpenTelemetry traces
# default: pict-rs
#service_name = 'pict-rs'
## Optional: trace level to export
# default: info
#
# Follows the same format as RUST_LOG
#targets = 'info'
## Configuration for migrating from pict-rs 0.2
#[old_db]
## Optional: path to old pict-rs directory
# default: /mnt
#path = '/mnt'
## Media Processing Configuration
[media]
## Optional: max file size (in Megabytes)
# default: 40
max_file_size = 40
## Optional: preprocessing steps for uploaded images
# default: empty
#
# This configuration is the same format as the process endpoint's query arguments
preprocess_steps = 'crop=16x9&resize=1200&blur=0.2'
## Optional: set allowed filters for image processing
# default: ['blur', 'crop', 'identity', 'resize', 'thumbnail']
filters = ['blur', 'crop', 'identity', 'resize', 'thumbnail']
[media.image]
## Optional: max media width (in pixels)
# default: 10,000
max_width = 10000
## Optional: max media height (in pixels)
# default: 10,000
max_height = 10000
## Optional: max media area (in pixels)
# default: 40,000,000
max_area = 40000000
## Optional: max file size (in Megabytes)
# default: 40
max_file_size = 40
## Optional: set file type for all images
# default: empty
#
# available options: avif, png, jpeg, jxl, webp
# When set, all uploaded still images will be converted to this file type. For balancing quality vs
# file size vs browser support, 'avif', 'jxl', and 'webp' should be considered. By default, images
# are stored in their original file type.
format = "webp"
[media.image.quality]
## Optional: set quality for AVIF images
# default: empty
#
# availabe range: 0-100
# 100 means best quality and 0 means worst quality. Playing with numbers between 40 and 100 makes
# the most sense.
avif = 100
## Optional: set compression for PNG images
# default: empty
#
# availabe range: 0-100
# 100 means best compression and 0 means worst compression. Since PNG is a lossless format, changing
# this value will not change how the images look.
png = 100
## Optional: set quality for JPEG images
# default: empty
#
# availabe range: 0-100
# 100 means best quality and 0 means worst quality. Playing with numbers between 60 and 100 makes
# the most sense.
jpeg = 100
## Optional: set quality for JXL images
# default: empty
#
# availabe range: 0-100
# 100 means best quality and 0 means worst quality. Playing with numbers between 40 and 100 makes
# the most sense.
jxl = 100
## Optional: set quality for WEBP images
# default: empty
#
# availabe range: 0-100
# 100 means best quality and 0 means worst quality. Playing with numbers between 50 and 100 makes
# the most sense.
webp = 100
[media.animation]
## Optional: max animation width (in pixels)
# default: 256
#
# If an animation exceeds this value, it may be converted to a silent video
max_width = 256
## Optional: max animation height (in pixels)
# default: 256
#
# If an animation exceeds this value, it may be converted to a silent video
max_height = 256
## Optional: max animation area (in pixels)
# default: 65,526
#
# If an animation exceeds this value, it may be converted to a silent video
max_area = 65536
## Optional: max animation size (in Megabytes)
# default: 40
#
# If an animation exceeds this value, it may be converted to a silent video
max_file_size = 40
## Optional: max frame count
# default: 100
#
# If an animation exceeds this value, it may be converted to a silent video
max_frame_count = 100
## Optional: set file type for all animations
# default: empty
#
# available options: apng, avif, gif, webp
# When set, all uploaded still images will be converted to this file type. For balancing quality vs
# file size vs browser support, 'avif', 'jxl', and 'webp' should be considered. By default, images
# are stored in their original file type.
format = "webp"
[media.animation.quality]
## Optional: set compression for APNG animations
# default: empty
#
# availabe range: 0-100
# 100 means best compression and 0 means worst compression. Since APNG is a lossless format,
# changing this value will not change how the animations look.
apng = 100
## Optional: set quality for AVIF animations
# default: empty
#
# availabe range: 0-100
# 100 means best quality and 0 means worst quality. Playing with numbers between 40 and 100 makes
# the most sense.
avif = 100
## Optional: set quality for WEBP animations
# default: empty
#
# availabe range: 0-100
# 100 means best quality and 0 means worst quality. Playing with numbers between 50 and 100 makes
# the most sense.
webp = 100
[media.video]
## Optional: enable MP4 and WEBM uploads (without sound)
# default: true
#
# Set this to false to serve static images only
enable = true
## Optional: enable Sound for MP4 and WEBM uploads
# default: false
#
# this setting does nothing if video is not enabled
allow_audio = false
## Optional: max video width (in pixels)
# default: 3,840
#
# this setting does nothing if video is not enabled
max_width = 3840
## Optional: max video height (in pixels)
# default: 3,840
#
# this setting does nothing if video is not enabled
max_height = 3840
## Optional: max video area (in pixels)
# default: 8,294,400
#
# this setting does nothing if video is not enabled
max_area = 8294400
## Optional: max video size (in Megabytes)
# default: 40
#
# this setting does nothing if video is not enabled
max_file_size = 40
## Optional: max frame count
# default: 900
#
# this setting does nothing if video is not enabled
max_frame_count = 900
## Optional: set the default video codec
# default: vp9
#
# available options: av1, h264, h265, vp8, vp9
# this setting does nothing if video is not enabled
video_codec = "vp9"
## Optional: set the default audio codec
# default: empty
#
# available options: aac, opus, vorbis
# The audio codec is automatically selected based on video codec, but can be overriden to `vorbis`
# for webm uploads
# automatic mappings:
# - av1, vp8, and vp9 map to opus
# - h264 and h265 map to aac
# - vorbis is not default for any codec
# this setting does nothing if full video is not enabled
audio_codec = "opus"
[media.video.quality]
## Optional: set maximum quality for all videos
# default: 32
#
# This value means different things for different video codecs:
# - it ranges from 0 to 63 for AV1
# - it ranges from 4 to 63 for VP8
# - it ranges from 0 to 63 for VP9
# - it ranges from 0 to 51 for H265
# - it ranges from 0 to 51 for 8bit H264
# - it ranges from 0 to 63 for 10bit H264
#
# A lower value (closer to 0) is higher quality, while a higher value (closer to 63) is lower
# quality. Generally acceptable ranges are 15-38, where lower values are preferred for larger
# videos
#
# This value may be overridden for some videos depending on whether other crf configurations are set
# For example, if crf_max is set to 32 and crf_720 is set to 34, then all videos smaller than or
# equal to 720p video will be encoded with a `crf` of 34, while all videos larger than 720p will be
# encoded with a `crf` of 32
#
# The example values here are taken from a google document about reasonable CRF values for VP9
# video. More information about `crf` can be found on ffmpeg's wiki
#
# - AV1: https://trac.ffmpeg.org/wiki/Encode/AV1#ConstantQuality
# - H264: https://trac.ffmpeg.org/wiki/Encode/H.264#crf
# - H265: https://trac.ffmpeg.org/wiki/Encode/H.265#ConstantRateFactorCRF
# - VP8: https://trac.ffmpeg.org/wiki/Encode/H.265#ConstantRateFactorCRF
# - VP9: https://trac.ffmpeg.org/wiki/Encode/VP9#constantq
crf_max = 12
## Optional: set quality for videos up to 240p
# default: empty
#
# This value overrides `crf_max` for videos with a smaller dimension of at most 240px (240p)
crf_240 = 37
## Optional: set quality for videos up to 360p
# default: empty
#
# This value overrides `crf_max` for videos with a smaller dimension of at most 360px (260p)
crf_360 = 36
## Optional: set quality for videos up to 480p
# default: empty
#
# This value overrides `crf_max` for videos with a smaller dimension of at most 480px (480p)
crf_480 = 33
## Optional: set quality for videos up to 720p
# default: empty
#
# This value overrides `crf_max` for videos with a smaller dimension of at most 720px (720p)
crf_720 = 32
## Optional: set quality for videos up to 1080p
# default: empty
#
# This value overrides `crf_max` for videos with a smaller dimension of at most 1080px (1080p)
crf_1080 = 31
## Optional: set quality for videos up to 1440p
# default: empty
#
# This value overrides `crf_max` for videos with a smaller dimension of at most 1440px (1440p)
crf_1440 = 24
## Optional: set quality for videos up to 4K
# default: empty
#
# This value overrides `crf_max` for videos with a smaller dimension of at most 2160px (4K)
crf_2160 = 15
## Database configuration
[repo]
## Optional: database backend to use
# default: sled
#
# available options: sled
type = 'sled'
## Optional: path to sled repository
# default: /mnt/sled-repo
path = '__DATA_DIR__/sled'
## Optional: in-memory cache capacity for sled data (in bytes)
# default: 67,108,864 (1024 * 1024 * 64, or 64MB)
cache_capacity = 67108864
## Optional: path for storing database exports
# default: /mnt/exports
#
# Used in combination with the /internal/export endpoint to dump the current sled database into a
# new file. This can be helpful for backing up a running pict-rs server.
export_path = "__DATA_DIR__/exports"
## Media storage configuration
#[store]
## Optional: type of media storage to use
# default: filesystem
#
# available options: filesystem, object_storage
#type = 'filesystem'
## Required: endpoint at which the object storage exists
# default: empty
#
# examples:
# - `http://localhost:9000` # minio
# - `https://s3.dualstack.eu-west-1.amazonaws.com` # s3
#endpoint = 'http://minio:9000'
## Optional: How to format object storage requests
# default: false
#
# When this is true, objects will be fetched from http{s}://{endpoint}:{port}/{bucket_name}/{object}
# When false, objects will be fetched from http{s}://{bucket_name}.{endpoint}:{port}/{object}
#
# Set to true when using minio
#use_path_style = false
## Required: object storage bucket name
# default: empty
#bucket_name = 'pict-rs'
## Required: object storage region
# default: empty
#
# When using minio, this can be set to `minio`
#region = ''
## Required: object storage access key
# default: empty
#access_key = ''
## Required: object storage secret key
# default: empty
#secret_key = ''
## Optional: object storage session token
# default: empty
#session_token = ''
## Optional: set how long object storage signatures are valid for (in seconds)
# default: 15
#
# This can be useful if your object storage might take a while to process requests. It should not be
# increased more than needed to prevent replay attacks.
#signature_expiration = 15
## Optional: set how long pict-rs will wait (in seconds) for a response from object storage
# default: 30
#
# This value is the total wait time, and not additional wait time on top of the
# signature_expiration.
#client_timeout = 30
## Filesystem media storage example
# ## Media storage configuration
[store]
# ## Optional: type of media storage to use
# # default: filesystem
# #
# # available options: filesystem, object_storage
type = 'filesystem'
#
# ## Optional: path to uploaded media
# # default: /mnt/files
path = '__DATA_DIR__/pictrs-data'

26
conf/policy.xml Normal file
View file

@ -0,0 +1,26 @@
<policymap>
<!-- temporary path must be a preexisting writable directory -->
<policy domain="resource" name="temporary-path" value="__DATA_DIR__/magick"/>
<policy domain="resource" name="memory" value="256MiB"/>
<policy domain="resource" name="list-length" value="32"/>
<policy domain="resource" name="width" value="8KP"/>
<policy domain="resource" name="height" value="8KP"/>
<policy domain="resource" name="map" value="512MiB"/>
<policy domain="resource" name="area" value="16KP"/>
<policy domain="resource" name="disk" value="1GiB"/>
<policy domain="resource" name="file" value="768"/>
<policy domain="resource" name="thread" value="2"/>
<policy domain="resource" name="time" value="120"/>
<policy domain="module" rights="none" pattern="URL" />
<policy domain="coder" rights="write" pattern="{MSVG,MVG,PS,PDF,RSVG,SVG,XPS}" />
<policy domain="filter" rights="none" pattern="*" />
<!--Seems needed to send the pictures to Pict-RS server
<policy domain="path" rights="none" pattern="-"/> <!-- don't read/write from/to stdin/stdout -->
<policy domain="path" rights="none" pattern="/etc/*"/> <!-- don't read sensitive paths -->
<policy domain="path" rights="none" pattern="@*"/> <!-- indirect reads not permitted -->
<policy domain="cache" name="memory-map" value="anonymous"/>
<policy domain="cache" name="synchronize" value="true"/>
<!-- Only needed in case of distributed pixel cache
<policy domain="cache" name="shared-secret" value="IMAGEMAGICK_CACHE_SECRET" stealth="True"/> -->
<policy domain="system" name="shred" value="1"/>
</policymap>

19
manifest.toml
View file

@ -5,7 +5,7 @@ name = "Lemmy"
description.en = "Link aggregator/Reddit clone for the fediverse"
description.fr = "Agrégateur de liens/clone Reddit pour le fedivers"
version = "0.18.2~ynh1"
version = "0.18.2~ynh2"
maintainers = []
@ -17,18 +17,20 @@ admindoc = "https://join-lemmy.org/docs/en/"
code = "https://github.com/LemmyNet/lemmy"
[integration]
yunohost = ">= 11.1.21"
yunohost = ">= 11.2"
architectures = ["amd64"]
multi_instance = false
ldap = false
sso = false
disk = "50M"
ram.build = "500M"
ram.runtime = "50M"
[install.domain]
type = "domain"
full_domain = true
[install.init_main_permission]
type = "group"
@ -51,17 +53,24 @@ ram.runtime = "50M"
[resources.ports]
main.default = 8536
pictrs.default = 8080
ui.default = 1235
[resources.system_user]
allow_email = true
[resources.install_dir]
[resources.data_dir]
subdirs = ["pictrs-data"]
subdirs = ["pictrs-data", "sled", "exports", "magick"]
[resources.permissions]
main.url = "/"
pictrs.url = "/pictrs"
pictrs.allowed = "visitors"
pictrs.show_tile = false
pictrs.protected = true
api.url = "/api"
api.allowed = "visitors"
@ -76,7 +85,7 @@ ram.runtime = "50M"
inbox.protected = true
[resources.apt]
packages = "postgresql espeak"
packages = "postgresql, espeak, rsync, libfuse2, libimage-exiftool-perl, ffmpeg"
extras.yarn.repo = "deb https://dl.yarnpkg.com/debian/ stable main"
extras.yarn.key = "https://dl.yarnpkg.com/debian/pubkey.gpg"
extras.yarn.packages = "yarn"

34
scripts/_common.sh
View file

@ -4,8 +4,12 @@
# COMMON VARIABLES
#=================================================
PICTRS_VERSION=0.4.1-rc.0
NODEJS_VERSION=20
main_domain=$(cat /etc/yunohost/current_host)
#=================================================
# PERSONAL HELPERS
#=================================================
@ -14,6 +18,36 @@ NODEJS_VERSION=20
# EXPERIMENTAL HELPERS
#=================================================
# Downloads an AppImage from an url, unpacks and extracts it in a destination directory, and creates a symlink to its executable
download_and_install_appimage() {
# Declare an array to define the options of this helper.
local legacy_args=nud
local -A args_array=([n]=name= [u]=url= [d]=directory= [s]=symlink=)
local url
local directory
local name
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
# Cleanup
ynh_secure_remove --file="$install_dir/pict-rs/$name"
ynh_secure_remove --file="$install_dir/pict-rs/$name.appimage"
ynh_secure_remove --file="$install_dir/pict-rs/$name.appimageextract"
# Download and make executable
curl -f "$url" -o "$directory/$name.appimage" -s
[ ! -f "$directory/$name.appimage" ] && ynh_print_err --message="AppImage could not be downloaded"
chmod +x "$directory/$name.appimage"
# Extract and create link
pushd "$directory"
"$directory/$name.appimage" --appimage-extract
mv "$directory/squashfs-root" "$directory/$name.appimageextract"
ln -s "$directory/$name.appimageextract/AppRun" "$directory/$name"
popd
}
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================

1
scripts/backup
View file

@ -47,6 +47,7 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
ynh_backup --src_path="/etc/systemd/system/$app.service"
ynh_backup --src_path="/etc/systemd/system/$app-ui.service"
ynh_backup --src_path="/etc/systemd/system/$app-pict-rs.service"
#=================================================
# BACKUP THE POSTGRESQL DATABASE

10
scripts/change_url
View file

@ -16,8 +16,9 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped" --log_path=systemd
ynh_systemd_action --service_name=$app-ui --action="stop" --line_match="Stopped" --log_path=systemd
ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped" "/var/log/$app/$app.log"
ynh_systemd_action --service_name=$app-ui --action="stop" --line_match="Stopped" --log_path="/var/log/$app/$app-ui.log"
ynh_systemd_action --service_name=$app-pict-rs --action="stop" --line_match="Stopped" --log_path="/var/log/$app/$app-pict-rs.log"
#=================================================
# MODIFY URL IN NGINX CONF
@ -44,8 +45,9 @@ chown $app:$app "$install_dir/config/config.hjson"
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --line_match="Starting http server at" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="http://0.0.0.0" --log_path="/var/log/$app/$app-ui.log"
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Starting http server at"
ynh_systemd_action --service_name=$app-ui --action="start" --log_path="/var/log/$app/$app-ui.log" --line_match="http://0.0.0.0"
ynh_systemd_action --service_name=$app-pict-rs --action="start" --log_path="/var/log/$app/$app-pict-rs.log" --line_match="starting in Actix runtime"
#=================================================
# END OF SCRIPT

44
scripts/install
View file

@ -34,6 +34,7 @@ ynh_script_progression --message="Setting up source files..." --weight=1
ynh_setup_source --dest_dir="$install_dir/build-lemmy/"
ynh_setup_source --dest_dir="$install_dir/build-lemmy-ui/"
ynh_setup_source --dest_dir="$install_dir/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
ynh_setup_source --dest_dir="$install_dir/build-pict-rs/"
chmod -R o-rwx "$install_dir"
chown -R $app:$app "$install_dir"
@ -76,29 +77,57 @@ mkdir -p "$install_dir/lemmy/"
mv -f "$install_dir/build-lemmy/output/app/lemmy" "$install_dir/lemmy/lemmy"
ynh_secure_remove --file="$install_dir/build-lemmy"
# Install pict-rs
pushd $install_dir/build-pict-rs
./docker-image-extract asonix/pictrs:$PICTRS_VERSION
popd
mkdir -p "$install_dir/pict-rs/"
mv -f "$install_dir/build-pict-rs/output/usr/local/bin/pict-rs" "$install_dir/pict-rs/pict-rs"
ynh_secure_remove --file="$install_dir/build-pict-rs"
chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app:$app "$install_dir"
# (Dirty) Install ImageMagick
# Requires 'libfuse2' and 'libimage-exiftool-perl' apt dependencies
ynh_script_progression --message="Downloading and installing ImageMagick..." --weight=1
download_and_install_appimage --name="magick" --url="https://imagemagick.org/archive/binaries/magick" --directory="$install_dir/pict-rs" --symlink="$install_dir/pict-rs/magick"
#=================================================
# ADD A CONFIGURATION
#=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
# Lemmy configuration
mkdir -p "$install_dir/config/"
ynh_add_config --template="../conf/lemmy.hjson" --destination="$install_dir/config/config.hjson"
chmod 400 "$install_dir/config/config.hjson"
chown $app:$app "$install_dir/config/config.hjson"
# Pict-RS configuration
ynh_add_config --template="../conf/pict-rs.toml" --destination="$install_dir/pict-rs/pict-rs.toml"
chmod 400 "$install_dir/pict-rs/pict-rs.toml"
chown $app:$app "$install_dir/pict-rs/pict-rs.toml"
# ImageMagick configuration
mkdir -p "$install_dir/.config/ImageMagick"
ynh_add_config --template="../conf/policy.xml" --destination="$install_dir/.config/ImageMagick/policy.xml"
chmod 400 "$install_dir/.config/ImageMagick/policy.xml"
chown -R $app:$app "$install_dir/.config"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Configuring a systemd service..." --weight=1
# Prep local path for Pict-RS
pictrs_path="$install_dir/pict-rs:$PATH"
# Create a dedicated systemd config
ynh_add_systemd_config --service="$app" --template="lemmy.service"
ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service"
#=================================================
# GENERIC FINALIZATION
@ -120,17 +149,26 @@ ynh_use_logrotate
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add $app --log="/var/log/$app/$app.log"
yunohost service add $app-ui --log="/var/log/$app/$app-ui.log"
yunohost service add $app --description="Link aggregator/Reddit clone" --log="/var/log/$app/$app.log"
yunohost service add $app-ui --description="Link aggregator/Reddit clone" --log="/var/log/$app/$app-ui.log"
yunohost service add $app-pict-rs --description="Simple image hosting service for Lemmy" --log="/var/log/$app/$app-pict-rs.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
# TMP rebuild sharp
pushd $install_dir/lemmy-ui
ynh_use_nodejs
ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH npm rebuild sharp
popd
ynh_script_progression --message="Starting a systemd service..." --weight=1
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Starting http server at"
ynh_systemd_action --service_name=$app-ui --action="start" --log_path="/var/log/$app/$app-ui.log" --line_match="http://0.0.0.0"
ynh_systemd_action --service_name=$app-pict-rs --action="start" --log_path="/var/log/$app/$app-pict-rs.log" --line_match="starting in Actix runtime"
#=================================================
# END OF SCRIPT

38
scripts/remove
View file

@ -14,6 +14,7 @@ source /usr/share/yunohost/helpers
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
#=================================================
ynh_script_progression --message="Removing system configurations related to $app..." --weight=10
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
@ -23,50 +24,29 @@ then
fi
if ynh_exec_warn_less yunohost service status $app-ui >/dev/null
then
ynh_script_progression --message="Removing $app-ui service integration..."
ynh_script_progression --message="Removing $app-ui service integration..." --weight=1
yunohost service remove $app-ui
fi
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
if ynh_exec_warn_less yunohost service status $app-pict-rs >/dev/null
then
ynh_script_progression --message="Removing $app-pict-rs service integration..." --weight=1
yunohost service remove $app-pict-rs
fi
# Remove the dedicated systemd config
ynh_remove_systemd_config
ynh_remove_systemd_config --service=$app-ui
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..." --weight=1
ynh_remove_systemd_config --service=$app-pict-rs
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies
ynh_remove_nodejs
ynh_secure_remove --file="/lib/libc.musl-x86_64.so.1"
#=================================================
# SPECIFIC REMOVE
#=================================================
# REMOVE VARIOUS FILES
#=================================================
ynh_script_progression --message="Removing various files..." --weight=1
#ynh_secure_remove --file="/lib/libc.musl-x86_64.so.1"
# Remove the log files
ynh_secure_remove --file="/var/log/$app"

12
scripts/restore
View file

@ -65,6 +65,8 @@ ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet
ynh_restore_file --origin_path="/etc/systemd/system/$app-ui.service"
systemctl enable $app-ui.service --quiet
ynh_restore_file --origin_path="/etc/systemd/system/$app-pict-rs.service"
systemctl enable $app-pict-rs.service --quiet
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
@ -83,16 +85,18 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add $app --log="/var/log/$app/$app.log"
yunohost service add $app-ui --log="/var/log/$app/$app-ui.log"
yunohost service add $app --description="Link aggregator/Reddit clone" --log="/var/log/$app/$app.log"
yunohost service add $app-ui --description="Link aggregator/Reddit clone" --log="/var/log/$app/$app-ui.log"
yunohost service add $app-pict-rs --description="Simple image hosting service for Lemmy" --log="/var/log/$app/$app-pict-rs.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --line_match="Starting http server at" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="http://0.0.0.0" --log_path="/var/log/$app/$app-ui.log"
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Starting http server at"
ynh_systemd_action --service_name=$app-ui --action="start" --log_path="/var/log/$app/$app-ui.log" --line_match="http://0.0.0.0"
ynh_systemd_action --service_name=$app-pict-rs --action="start" --log_path="/var/log/$app/$app-pict-rs.log" --line_match="starting in Actix runtime"
#=================================================
# GENERIC FINALIZATION

64
scripts/upgrade
View file

@ -22,8 +22,9 @@ upgrade_type=$(ynh_check_app_version_changed)
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped" --log_path=systemd
ynh_systemd_action --service_name=$app-ui --action="stop" --line_match="Stopped" --log_path=systemd
ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=$app-ui --action="stop" --line_match="Stopped" --log_path="/var/log/$app/$app-ui.log"
ynh_systemd_action --service_name=$app-pict-rs --action="stop" --line_match="Stopped" --log_path="/var/log/$app/$app-pict-rs.log"
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
@ -40,16 +41,6 @@ then
ynh_remove_systemd_config --service=$app-iframely
fi
# Removing previously installed pict-rs
if ynh_exec_warn_less yunohost service status $app-pict-rs >/dev/null
then
ynh_script_progression --message="Removing $app-pict-rs service integration..."
yunohost service remove $app-pict-rs
fi
ynh_remove_systemd_config --service=$app-pict-rs
ynh_secure_remove --file="$install_dir/pict-rs"
ynh_app_setting_delete --app=$app --key=port_pictrs
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -62,9 +53,9 @@ then
ynh_setup_source --dest_dir="$install_dir/build-lemmy/"
ynh_setup_source --dest_dir="$install_dir/build-lemmy-ui/"
ynh_setup_source --dest_dir="$install_dir/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
ynh_setup_source --dest_dir="$install_dir/build-pict-rs/"
fi
chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app:$app "$install_dir"
@ -118,6 +109,19 @@ then
mkdir -p "$install_dir/lemmy/"
mv -f "$install_dir/build-lemmy/output/app/lemmy" "$install_dir/lemmy/lemmy"
ynh_secure_remove --file="$install_dir/build-lemmy"
# Install pict-rs
pushd $install_dir/build-pict-rs
./docker-image-extract asonix/pictrs:$PICTRS_VERSION
popd
mkdir -p "$install_dir/pict-rs/"
mv -f "$install_dir/build-pict-rs/output/usr/local/bin/pict-rs" "$install_dir/pict-rs/pict-rs"
ynh_secure_remove --file="$install_dir/build-pict-rs"
# (Dirty) Install ImageMagick
# Requires 'libfuse2' and 'libimage-exiftool-perl' apt dependencies
ynh_script_progression --message="Downloading and installing ImageMagick..." --weight=1
download_and_install_appimage --name="magick" --url="https://imagemagick.org/archive/binaries/magick" --directory="$install_dir/pict-rs" --symlink="$install_dir/pict-rs/magick"
fi
chmod 750 "$install_dir"
@ -129,12 +133,23 @@ chown -R $app:$app "$install_dir"
#=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1
# Lemmy configuration
mkdir -p "$install_dir/lemmy/"
ynh_add_config --template="../conf/lemmy.hjson" --destination="$install_dir/config/config.hjson"
chmod 400 "$install_dir/config/config.hjson"
chown $app:$app "$install_dir/config/config.hjson"
# Pict-RS configuration
ynh_add_config --template="../conf/pict-rs.toml" --destination="$install_dir/pict-rs/pict-rs.toml"
chmod 400 "$install_dir/pict-rs/pict-rs.toml"
chown $app:$app "$install_dir/pict-rs/pict-rs.toml"
# ImageMagick configuration
mkdir -p "$install_dir/.config/ImageMagick"
ynh_add_config --template="../conf/policy.xml" --destination="$install_dir/.config/ImageMagick/policy.xml"
chmod 400 "$install_dir/.config/ImageMagick/policy.xml"
chown -R $app:$app "$install_dir/.config"
#=================================================
# CREATE EXTENSION IF NOT EXISTS pgcrypto
#=================================================
@ -147,9 +162,13 @@ ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pgcrypto;" --data
#=================================================
ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
# Prep local path for Pict-RS
pictrs_path="$install_dir/pict-rs:$PATH"
# Create a dedicated systemd config
ynh_add_systemd_config --service="$app" --template="lemmy.service"
ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service"
#=================================================
# GENERIC FINALIZATION
@ -171,16 +190,25 @@ ynh_use_logrotate --non-append
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add $app --log="/var/log/$app/$app.log"
yunohost service add $app-ui --log="/var/log/$app/$app-ui.log"
yunohost service add $app --description="Link aggregator/Reddit clone" --log="/var/log/$app/$app.log"
yunohost service add $app-ui --description="Link aggregator/Reddit clone" --log="/var/log/$app/$app-ui.log"
yunohost service add $app-pict-rs --description="Simple image hosting service for Lemmy" --log="/var/log/$app/$app-pict-rs.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
# TMP rebuild sharp
pushd $install_dir/lemmy-ui
ynh_use_nodejs
ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH npm rebuild sharp
popd
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --line_match="Starting http server at" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="http://0.0.0.0" --log_path="/var/log/$app/$app-ui.log"
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Starting http server at"
ynh_systemd_action --service_name=$app-ui --action="start" --log_path="/var/log/$app/$app-ui.log" --line_match="http://0.0.0.0"
ynh_systemd_action --service_name=$app-pict-rs --action="start" --log_path="/var/log/$app/$app-pict-rs.log" --line_match="starting in Actix runtime"
#=================================================
# END OF SCRIPT