mirror of
https://github.com/YunoHost-Apps/lemmy_ynh.git
synced 2024-09-03 19:36:09 +02:00
commit
6a561fdab4
14 changed files with 762 additions and 71 deletions
|
@ -14,6 +14,7 @@ WorkingDirectory=__INSTALL_DIR__/lemmy-ui/
|
||||||
ExecStart=__YNH_NODE__ dist/js/server.js
|
ExecStart=__YNH_NODE__ dist/js/server.js
|
||||||
StandardOutput=append:/var/log/__APP__/__APP__-ui.log
|
StandardOutput=append:/var/log/__APP__/__APP__-ui.log
|
||||||
StandardError=inherit
|
StandardError=inherit
|
||||||
|
Restart=always
|
||||||
|
|
||||||
# Sandboxing options to harden security
|
# Sandboxing options to harden security
|
||||||
# Depending on specificities of your service/app, you may need to tweak these
|
# Depending on specificities of your service/app, you may need to tweak these
|
||||||
|
|
|
@ -66,18 +66,26 @@
|
||||||
# Can be easy, medium, or hard
|
# Can be easy, medium, or hard
|
||||||
difficulty: "medium"
|
difficulty: "medium"
|
||||||
}
|
}
|
||||||
|
# Settings related to activitypub federation
|
||||||
|
# Pictrs image server configuration.
|
||||||
|
pictrs: {
|
||||||
|
# Address where pictrs is available (for image hosting)
|
||||||
|
url: "http://127.0.0.1:__PORT_PICTRS__/"
|
||||||
|
# Set a custom pictrs API key. ( Required for deleting images )
|
||||||
|
#api_key: "string"
|
||||||
|
}
|
||||||
# Email sending configuration. All options except login/password are mandatory
|
# Email sending configuration. All options except login/password are mandatory
|
||||||
email: {
|
email: {
|
||||||
# Hostname and port of the smtp server
|
# Hostname and port of the smtp server
|
||||||
smtp_server: "127.0.0.1:25"
|
smtp_server: "__MAIN_DOMAIN__:587"
|
||||||
# Login name for smtp server
|
# Login name for smtp server
|
||||||
smtp_login: ""
|
smtp_login: "__APP__"
|
||||||
# Password to login to the smtp server
|
# Password to login to the smtp server
|
||||||
smtp_password: ""
|
smtp_password: "__MAIL_PWD__"
|
||||||
# Address to send emails from, eg noreply@your-instance.com
|
# Address to send emails from, eg noreply@your-instance.com
|
||||||
smtp_from_address: "lemmy@__DOMAIN__"
|
smtp_from_address: "__APP__@__DOMAIN__"
|
||||||
# Whether or not smtp connections should use tls. Can be none, tls, or starttls
|
# Whether or not smtp connections should use tls. Can be none, tls, or starttls
|
||||||
tls_type: "none"
|
tls_type: "starttls"
|
||||||
}
|
}
|
||||||
# the domain name of your instance (mandatory)
|
# the domain name of your instance (mandatory)
|
||||||
hostname: "__DOMAIN__"
|
hostname: "__DOMAIN__"
|
||||||
|
@ -87,9 +95,6 @@
|
||||||
port: __PORT__
|
port: __PORT__
|
||||||
# Whether the site is available over TLS. Needs to be true for federation to work.
|
# Whether the site is available over TLS. Needs to be true for federation to work.
|
||||||
tls_enabled: true
|
tls_enabled: true
|
||||||
# Address where pictrs is available (for image hosting)
|
|
||||||
###pictrs_url: "http://127.0.0.1:"
|
|
||||||
slur_filter: "(\bThis\b)|(\bis\b)|(\bsample\b)"
|
|
||||||
# Maximum length of local community and user names
|
# Maximum length of local community and user names
|
||||||
actor_name_max_length: 20
|
actor_name_max_length: 20
|
||||||
# Maximum number of HTTP requests allowed to handle a single incoming activity (or a single object fetch through the search).
|
# Maximum number of HTTP requests allowed to handle a single incoming activity (or a single object fetch through the search).
|
||||||
|
|
|
@ -11,6 +11,7 @@ WorkingDirectory=__INSTALL_DIR__/lemmy/
|
||||||
ExecStart=__INSTALL_DIR__/lemmy/lemmy
|
ExecStart=__INSTALL_DIR__/lemmy/lemmy
|
||||||
StandardOutput=append:/var/log/__APP__/__APP__.log
|
StandardOutput=append:/var/log/__APP__/__APP__.log
|
||||||
StandardError=inherit
|
StandardError=inherit
|
||||||
|
Restart=always
|
||||||
|
|
||||||
# Sandboxing options to harden security
|
# Sandboxing options to harden security
|
||||||
# Depending on specificities of your service/app, you may need to tweak these
|
# Depending on specificities of your service/app, you may need to tweak these
|
||||||
|
|
46
conf/pict-rs.service
Normal file
46
conf/pict-rs.service
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Pict-RS: A simple image hosting service for __APP__
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User=__APP__
|
||||||
|
Group=__APP__
|
||||||
|
WorkingDirectory=__INSTALL_DIR__/pict-rs/
|
||||||
|
Environment=PATH=__PICTRS_PATH__
|
||||||
|
ExecStart=__INSTALL_DIR__/pict-rs/pict-rs -c __INSTALL_DIR__/pict-rs/pict-rs.toml run
|
||||||
|
StandardOutput=append:/var/log/__APP__/__APP__-pict-rs.log
|
||||||
|
StandardError=inherit
|
||||||
|
|
||||||
|
# Sandboxing options to harden security
|
||||||
|
# Depending on specificities of your service/app, you may need to tweak these
|
||||||
|
# .. but this should be a good baseline
|
||||||
|
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||||
|
NoNewPrivileges=yes
|
||||||
|
PrivateTmp=yes
|
||||||
|
PrivateDevices=yes
|
||||||
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||||
|
RestrictNamespaces=yes
|
||||||
|
RestrictRealtime=yes
|
||||||
|
DevicePolicy=closed
|
||||||
|
ProtectSystem=full
|
||||||
|
ProtectControlGroups=yes
|
||||||
|
ProtectKernelModules=yes
|
||||||
|
ProtectKernelTunables=yes
|
||||||
|
LockPersonality=yes
|
||||||
|
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
|
||||||
|
|
||||||
|
# Denying access to capabilities that should not be relevant for webapps
|
||||||
|
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||||
|
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||||
|
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||||
|
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||||
|
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||||
|
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||||
|
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
516
conf/pict-rs.toml
Normal file
516
conf/pict-rs.toml
Normal file
|
@ -0,0 +1,516 @@
|
||||||
|
## Server configuration
|
||||||
|
[server]
|
||||||
|
## Optional: pict-rs binding address
|
||||||
|
# default: 0.0.0.0:8080
|
||||||
|
address = '127.0.0.1:__PORT_PICTRS__'
|
||||||
|
|
||||||
|
## Optional: pict-rs worker id
|
||||||
|
# default: pict-rs-1
|
||||||
|
#
|
||||||
|
# This is used for the internal job queue. It will have more meaning once a shared metadata
|
||||||
|
# repository (like postgres) can be defined.
|
||||||
|
worker_id = 'pict-rs-1'
|
||||||
|
|
||||||
|
## Optional: shared secret for internal endpoints
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# Not specifying api_key disables internal endpoints
|
||||||
|
api_key = ''
|
||||||
|
|
||||||
|
## Optional: How many files are allowed to be uploaded per request
|
||||||
|
# default: 1
|
||||||
|
max_file_count = 1
|
||||||
|
|
||||||
|
## Client configuration
|
||||||
|
[client]
|
||||||
|
## Optional: connection pool size for internal http client
|
||||||
|
# default: 100
|
||||||
|
#
|
||||||
|
# This number is multiplied the number of cores available to pict-rs. Running on a 2 core machine
|
||||||
|
# with the default value will result in 200 pooled connections. Running on a 32 core machine with
|
||||||
|
# the default value will result in 3200 pooled connections.
|
||||||
|
#
|
||||||
|
# This number can be lowered to keep pict-rs within ulimit bounds if you encounter errors related to
|
||||||
|
# "Too many open files". Alternatively, increasing the ulimit of your system can solve this problem
|
||||||
|
# as well.
|
||||||
|
pool_size = 100
|
||||||
|
|
||||||
|
## Optional: time (in seconds) the client will wait for a response before giving up
|
||||||
|
# default: 30
|
||||||
|
#
|
||||||
|
# This is used for the `/image/download` endpoint when fetching media from another server. It is
|
||||||
|
# distinct from the object storage client timeout, which can be configured separately
|
||||||
|
timeout = 30
|
||||||
|
|
||||||
|
|
||||||
|
## Logging configuration
|
||||||
|
[tracing.logging]
|
||||||
|
## Optional: log format
|
||||||
|
# default: normal
|
||||||
|
#
|
||||||
|
# available options: compact, json, normal, pretty
|
||||||
|
format = 'normal'
|
||||||
|
|
||||||
|
## Optional: log targets
|
||||||
|
# default: warn,tracing_actix_web=info,actix_server=info,actix_web=info
|
||||||
|
#
|
||||||
|
# Dictates which traces should print to stdout
|
||||||
|
targets = 'warn,tracing_actix_web=info,actix_server=info,actix_web=info'
|
||||||
|
|
||||||
|
|
||||||
|
## Console configuration
|
||||||
|
#[tracing.console]
|
||||||
|
## Optional: console address
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# Dictates whether console should be enabled, and what address it should be exposed on.
|
||||||
|
#
|
||||||
|
# When set, tokio-console can connect to the pict-rs service
|
||||||
|
#
|
||||||
|
# Configure your container to expose the console port
|
||||||
|
# ```
|
||||||
|
# # docker-compose.yml
|
||||||
|
# version: '3.3'
|
||||||
|
#
|
||||||
|
# services:
|
||||||
|
# pictrs:
|
||||||
|
# image: asonix/pictrs:0.4.1
|
||||||
|
# ports:
|
||||||
|
# - "127.0.0.1:8080:8080"
|
||||||
|
# - "127.0.0.1:6669:6669" # this is the line that exposes console
|
||||||
|
# restart: always
|
||||||
|
# volumes:
|
||||||
|
# - ./volumes/pictrs:/mnt
|
||||||
|
# ```
|
||||||
|
#
|
||||||
|
# Connect from console
|
||||||
|
# ```
|
||||||
|
# $ tokio-console http://localhost:6669
|
||||||
|
# ```
|
||||||
|
#address = '0.0.0.0:6669'
|
||||||
|
|
||||||
|
## Optional: console buffer capacity
|
||||||
|
# default: 102400
|
||||||
|
#
|
||||||
|
# This is the number of _events_ to buffer, not the number of bytes. In reality, the amount of
|
||||||
|
# RAM used will be significatnly larger (in bytes) than the buffer capacity (in events)
|
||||||
|
#buffer_capacity = 102400
|
||||||
|
|
||||||
|
|
||||||
|
## OpenTelemetry configuration
|
||||||
|
#[tracing.opentelemetry]
|
||||||
|
## Optional: url for exporting otlp traces
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# Not specifying opentelemetry_url means no traces will be exported
|
||||||
|
# When set, pict-rs will export OpenTelemetry traces to the provided URL. If the URL is
|
||||||
|
# inaccessible, this can cause performance degredation in pict-rs, so it is best left unset unless
|
||||||
|
# you have an OpenTelemetry collector
|
||||||
|
#url = 'http://localhost:4317/'
|
||||||
|
|
||||||
|
## Optional: name to relate OpenTelemetry traces
|
||||||
|
# default: pict-rs
|
||||||
|
#service_name = 'pict-rs'
|
||||||
|
|
||||||
|
## Optional: trace level to export
|
||||||
|
# default: info
|
||||||
|
#
|
||||||
|
# Follows the same format as RUST_LOG
|
||||||
|
#targets = 'info'
|
||||||
|
|
||||||
|
|
||||||
|
## Configuration for migrating from pict-rs 0.2
|
||||||
|
#[old_db]
|
||||||
|
## Optional: path to old pict-rs directory
|
||||||
|
# default: /mnt
|
||||||
|
#path = '/mnt'
|
||||||
|
|
||||||
|
|
||||||
|
## Media Processing Configuration
|
||||||
|
[media]
|
||||||
|
## Optional: max file size (in Megabytes)
|
||||||
|
# default: 40
|
||||||
|
max_file_size = 40
|
||||||
|
|
||||||
|
## Optional: preprocessing steps for uploaded images
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# This configuration is the same format as the process endpoint's query arguments
|
||||||
|
preprocess_steps = 'crop=16x9&resize=1200&blur=0.2'
|
||||||
|
|
||||||
|
## Optional: set allowed filters for image processing
|
||||||
|
# default: ['blur', 'crop', 'identity', 'resize', 'thumbnail']
|
||||||
|
filters = ['blur', 'crop', 'identity', 'resize', 'thumbnail']
|
||||||
|
|
||||||
|
|
||||||
|
[media.image]
|
||||||
|
## Optional: max media width (in pixels)
|
||||||
|
# default: 10,000
|
||||||
|
max_width = 10000
|
||||||
|
|
||||||
|
## Optional: max media height (in pixels)
|
||||||
|
# default: 10,000
|
||||||
|
max_height = 10000
|
||||||
|
|
||||||
|
## Optional: max media area (in pixels)
|
||||||
|
# default: 40,000,000
|
||||||
|
max_area = 40000000
|
||||||
|
|
||||||
|
## Optional: max file size (in Megabytes)
|
||||||
|
# default: 40
|
||||||
|
max_file_size = 40
|
||||||
|
|
||||||
|
## Optional: set file type for all images
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# available options: avif, png, jpeg, jxl, webp
|
||||||
|
# When set, all uploaded still images will be converted to this file type. For balancing quality vs
|
||||||
|
# file size vs browser support, 'avif', 'jxl', and 'webp' should be considered. By default, images
|
||||||
|
# are stored in their original file type.
|
||||||
|
format = "webp"
|
||||||
|
|
||||||
|
|
||||||
|
[media.image.quality]
|
||||||
|
## Optional: set quality for AVIF images
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# availabe range: 0-100
|
||||||
|
# 100 means best quality and 0 means worst quality. Playing with numbers between 40 and 100 makes
|
||||||
|
# the most sense.
|
||||||
|
avif = 100
|
||||||
|
|
||||||
|
## Optional: set compression for PNG images
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# availabe range: 0-100
|
||||||
|
# 100 means best compression and 0 means worst compression. Since PNG is a lossless format, changing
|
||||||
|
# this value will not change how the images look.
|
||||||
|
png = 100
|
||||||
|
|
||||||
|
## Optional: set quality for JPEG images
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# availabe range: 0-100
|
||||||
|
# 100 means best quality and 0 means worst quality. Playing with numbers between 60 and 100 makes
|
||||||
|
# the most sense.
|
||||||
|
jpeg = 100
|
||||||
|
|
||||||
|
## Optional: set quality for JXL images
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# availabe range: 0-100
|
||||||
|
# 100 means best quality and 0 means worst quality. Playing with numbers between 40 and 100 makes
|
||||||
|
# the most sense.
|
||||||
|
jxl = 100
|
||||||
|
|
||||||
|
## Optional: set quality for WEBP images
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# availabe range: 0-100
|
||||||
|
# 100 means best quality and 0 means worst quality. Playing with numbers between 50 and 100 makes
|
||||||
|
# the most sense.
|
||||||
|
webp = 100
|
||||||
|
|
||||||
|
|
||||||
|
[media.animation]
|
||||||
|
## Optional: max animation width (in pixels)
|
||||||
|
# default: 256
|
||||||
|
#
|
||||||
|
# If an animation exceeds this value, it may be converted to a silent video
|
||||||
|
max_width = 256
|
||||||
|
|
||||||
|
## Optional: max animation height (in pixels)
|
||||||
|
# default: 256
|
||||||
|
#
|
||||||
|
# If an animation exceeds this value, it may be converted to a silent video
|
||||||
|
max_height = 256
|
||||||
|
|
||||||
|
## Optional: max animation area (in pixels)
|
||||||
|
# default: 65,526
|
||||||
|
#
|
||||||
|
# If an animation exceeds this value, it may be converted to a silent video
|
||||||
|
max_area = 65536
|
||||||
|
|
||||||
|
## Optional: max animation size (in Megabytes)
|
||||||
|
# default: 40
|
||||||
|
#
|
||||||
|
# If an animation exceeds this value, it may be converted to a silent video
|
||||||
|
max_file_size = 40
|
||||||
|
|
||||||
|
## Optional: max frame count
|
||||||
|
# default: 100
|
||||||
|
#
|
||||||
|
# If an animation exceeds this value, it may be converted to a silent video
|
||||||
|
max_frame_count = 100
|
||||||
|
|
||||||
|
## Optional: set file type for all animations
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# available options: apng, avif, gif, webp
|
||||||
|
# When set, all uploaded still images will be converted to this file type. For balancing quality vs
|
||||||
|
# file size vs browser support, 'avif', 'jxl', and 'webp' should be considered. By default, images
|
||||||
|
# are stored in their original file type.
|
||||||
|
format = "webp"
|
||||||
|
|
||||||
|
|
||||||
|
[media.animation.quality]
|
||||||
|
## Optional: set compression for APNG animations
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# availabe range: 0-100
|
||||||
|
# 100 means best compression and 0 means worst compression. Since APNG is a lossless format,
|
||||||
|
# changing this value will not change how the animations look.
|
||||||
|
apng = 100
|
||||||
|
|
||||||
|
## Optional: set quality for AVIF animations
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# availabe range: 0-100
|
||||||
|
# 100 means best quality and 0 means worst quality. Playing with numbers between 40 and 100 makes
|
||||||
|
# the most sense.
|
||||||
|
avif = 100
|
||||||
|
|
||||||
|
## Optional: set quality for WEBP animations
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# availabe range: 0-100
|
||||||
|
# 100 means best quality and 0 means worst quality. Playing with numbers between 50 and 100 makes
|
||||||
|
# the most sense.
|
||||||
|
webp = 100
|
||||||
|
|
||||||
|
|
||||||
|
[media.video]
|
||||||
|
## Optional: enable MP4 and WEBM uploads (without sound)
|
||||||
|
# default: true
|
||||||
|
#
|
||||||
|
# Set this to false to serve static images only
|
||||||
|
enable = true
|
||||||
|
|
||||||
|
## Optional: enable Sound for MP4 and WEBM uploads
|
||||||
|
# default: false
|
||||||
|
#
|
||||||
|
# this setting does nothing if video is not enabled
|
||||||
|
allow_audio = false
|
||||||
|
|
||||||
|
## Optional: max video width (in pixels)
|
||||||
|
# default: 3,840
|
||||||
|
#
|
||||||
|
# this setting does nothing if video is not enabled
|
||||||
|
max_width = 3840
|
||||||
|
|
||||||
|
## Optional: max video height (in pixels)
|
||||||
|
# default: 3,840
|
||||||
|
#
|
||||||
|
# this setting does nothing if video is not enabled
|
||||||
|
max_height = 3840
|
||||||
|
|
||||||
|
## Optional: max video area (in pixels)
|
||||||
|
# default: 8,294,400
|
||||||
|
#
|
||||||
|
# this setting does nothing if video is not enabled
|
||||||
|
max_area = 8294400
|
||||||
|
|
||||||
|
## Optional: max video size (in Megabytes)
|
||||||
|
# default: 40
|
||||||
|
#
|
||||||
|
# this setting does nothing if video is not enabled
|
||||||
|
max_file_size = 40
|
||||||
|
|
||||||
|
## Optional: max frame count
|
||||||
|
# default: 900
|
||||||
|
#
|
||||||
|
# this setting does nothing if video is not enabled
|
||||||
|
max_frame_count = 900
|
||||||
|
|
||||||
|
## Optional: set the default video codec
|
||||||
|
# default: vp9
|
||||||
|
#
|
||||||
|
# available options: av1, h264, h265, vp8, vp9
|
||||||
|
# this setting does nothing if video is not enabled
|
||||||
|
video_codec = "vp9"
|
||||||
|
|
||||||
|
## Optional: set the default audio codec
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# available options: aac, opus, vorbis
|
||||||
|
# The audio codec is automatically selected based on video codec, but can be overriden to `vorbis`
|
||||||
|
# for webm uploads
|
||||||
|
# automatic mappings:
|
||||||
|
# - av1, vp8, and vp9 map to opus
|
||||||
|
# - h264 and h265 map to aac
|
||||||
|
# - vorbis is not default for any codec
|
||||||
|
# this setting does nothing if full video is not enabled
|
||||||
|
audio_codec = "opus"
|
||||||
|
|
||||||
|
|
||||||
|
[media.video.quality]
|
||||||
|
## Optional: set maximum quality for all videos
|
||||||
|
# default: 32
|
||||||
|
#
|
||||||
|
# This value means different things for different video codecs:
|
||||||
|
# - it ranges from 0 to 63 for AV1
|
||||||
|
# - it ranges from 4 to 63 for VP8
|
||||||
|
# - it ranges from 0 to 63 for VP9
|
||||||
|
# - it ranges from 0 to 51 for H265
|
||||||
|
# - it ranges from 0 to 51 for 8bit H264
|
||||||
|
# - it ranges from 0 to 63 for 10bit H264
|
||||||
|
#
|
||||||
|
# A lower value (closer to 0) is higher quality, while a higher value (closer to 63) is lower
|
||||||
|
# quality. Generally acceptable ranges are 15-38, where lower values are preferred for larger
|
||||||
|
# videos
|
||||||
|
#
|
||||||
|
# This value may be overridden for some videos depending on whether other crf configurations are set
|
||||||
|
# For example, if crf_max is set to 32 and crf_720 is set to 34, then all videos smaller than or
|
||||||
|
# equal to 720p video will be encoded with a `crf` of 34, while all videos larger than 720p will be
|
||||||
|
# encoded with a `crf` of 32
|
||||||
|
#
|
||||||
|
# The example values here are taken from a google document about reasonable CRF values for VP9
|
||||||
|
# video. More information about `crf` can be found on ffmpeg's wiki
|
||||||
|
#
|
||||||
|
# - AV1: https://trac.ffmpeg.org/wiki/Encode/AV1#ConstantQuality
|
||||||
|
# - H264: https://trac.ffmpeg.org/wiki/Encode/H.264#crf
|
||||||
|
# - H265: https://trac.ffmpeg.org/wiki/Encode/H.265#ConstantRateFactorCRF
|
||||||
|
# - VP8: https://trac.ffmpeg.org/wiki/Encode/H.265#ConstantRateFactorCRF
|
||||||
|
# - VP9: https://trac.ffmpeg.org/wiki/Encode/VP9#constantq
|
||||||
|
crf_max = 12
|
||||||
|
|
||||||
|
## Optional: set quality for videos up to 240p
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# This value overrides `crf_max` for videos with a smaller dimension of at most 240px (240p)
|
||||||
|
crf_240 = 37
|
||||||
|
|
||||||
|
## Optional: set quality for videos up to 360p
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# This value overrides `crf_max` for videos with a smaller dimension of at most 360px (260p)
|
||||||
|
crf_360 = 36
|
||||||
|
|
||||||
|
## Optional: set quality for videos up to 480p
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# This value overrides `crf_max` for videos with a smaller dimension of at most 480px (480p)
|
||||||
|
crf_480 = 33
|
||||||
|
|
||||||
|
## Optional: set quality for videos up to 720p
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# This value overrides `crf_max` for videos with a smaller dimension of at most 720px (720p)
|
||||||
|
crf_720 = 32
|
||||||
|
|
||||||
|
## Optional: set quality for videos up to 1080p
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# This value overrides `crf_max` for videos with a smaller dimension of at most 1080px (1080p)
|
||||||
|
crf_1080 = 31
|
||||||
|
|
||||||
|
## Optional: set quality for videos up to 1440p
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# This value overrides `crf_max` for videos with a smaller dimension of at most 1440px (1440p)
|
||||||
|
crf_1440 = 24
|
||||||
|
|
||||||
|
## Optional: set quality for videos up to 4K
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# This value overrides `crf_max` for videos with a smaller dimension of at most 2160px (4K)
|
||||||
|
crf_2160 = 15
|
||||||
|
|
||||||
|
|
||||||
|
## Database configuration
|
||||||
|
[repo]
|
||||||
|
## Optional: database backend to use
|
||||||
|
# default: sled
|
||||||
|
#
|
||||||
|
# available options: sled
|
||||||
|
type = 'sled'
|
||||||
|
|
||||||
|
## Optional: path to sled repository
|
||||||
|
# default: /mnt/sled-repo
|
||||||
|
path = '__DATA_DIR__/sled'
|
||||||
|
|
||||||
|
## Optional: in-memory cache capacity for sled data (in bytes)
|
||||||
|
# default: 67,108,864 (1024 * 1024 * 64, or 64MB)
|
||||||
|
cache_capacity = 67108864
|
||||||
|
|
||||||
|
## Optional: path for storing database exports
|
||||||
|
# default: /mnt/exports
|
||||||
|
#
|
||||||
|
# Used in combination with the /internal/export endpoint to dump the current sled database into a
|
||||||
|
# new file. This can be helpful for backing up a running pict-rs server.
|
||||||
|
export_path = "__DATA_DIR__/exports"
|
||||||
|
|
||||||
|
|
||||||
|
## Media storage configuration
|
||||||
|
#[store]
|
||||||
|
## Optional: type of media storage to use
|
||||||
|
# default: filesystem
|
||||||
|
#
|
||||||
|
# available options: filesystem, object_storage
|
||||||
|
#type = 'filesystem'
|
||||||
|
|
||||||
|
## Required: endpoint at which the object storage exists
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# examples:
|
||||||
|
# - `http://localhost:9000` # minio
|
||||||
|
# - `https://s3.dualstack.eu-west-1.amazonaws.com` # s3
|
||||||
|
#endpoint = 'http://minio:9000'
|
||||||
|
|
||||||
|
## Optional: How to format object storage requests
|
||||||
|
# default: false
|
||||||
|
#
|
||||||
|
# When this is true, objects will be fetched from http{s}://{endpoint}:{port}/{bucket_name}/{object}
|
||||||
|
# When false, objects will be fetched from http{s}://{bucket_name}.{endpoint}:{port}/{object}
|
||||||
|
#
|
||||||
|
# Set to true when using minio
|
||||||
|
#use_path_style = false
|
||||||
|
|
||||||
|
## Required: object storage bucket name
|
||||||
|
# default: empty
|
||||||
|
#bucket_name = 'pict-rs'
|
||||||
|
|
||||||
|
## Required: object storage region
|
||||||
|
# default: empty
|
||||||
|
#
|
||||||
|
# When using minio, this can be set to `minio`
|
||||||
|
#region = ''
|
||||||
|
|
||||||
|
## Required: object storage access key
|
||||||
|
# default: empty
|
||||||
|
#access_key = ''
|
||||||
|
|
||||||
|
## Required: object storage secret key
|
||||||
|
# default: empty
|
||||||
|
#secret_key = ''
|
||||||
|
|
||||||
|
## Optional: object storage session token
|
||||||
|
# default: empty
|
||||||
|
#session_token = ''
|
||||||
|
|
||||||
|
## Optional: set how long object storage signatures are valid for (in seconds)
|
||||||
|
# default: 15
|
||||||
|
#
|
||||||
|
# This can be useful if your object storage might take a while to process requests. It should not be
|
||||||
|
# increased more than needed to prevent replay attacks.
|
||||||
|
#signature_expiration = 15
|
||||||
|
|
||||||
|
## Optional: set how long pict-rs will wait (in seconds) for a response from object storage
|
||||||
|
# default: 30
|
||||||
|
#
|
||||||
|
# This value is the total wait time, and not additional wait time on top of the
|
||||||
|
# signature_expiration.
|
||||||
|
#client_timeout = 30
|
||||||
|
|
||||||
|
## Filesystem media storage example
|
||||||
|
# ## Media storage configuration
|
||||||
|
[store]
|
||||||
|
# ## Optional: type of media storage to use
|
||||||
|
# # default: filesystem
|
||||||
|
# #
|
||||||
|
# # available options: filesystem, object_storage
|
||||||
|
type = 'filesystem'
|
||||||
|
#
|
||||||
|
# ## Optional: path to uploaded media
|
||||||
|
# # default: /mnt/files
|
||||||
|
path = '__DATA_DIR__/pictrs-data'
|
26
conf/policy.xml
Normal file
26
conf/policy.xml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
<policymap>
|
||||||
|
<!-- temporary path must be a preexisting writable directory -->
|
||||||
|
<policy domain="resource" name="temporary-path" value="__DATA_DIR__/magick"/>
|
||||||
|
<policy domain="resource" name="memory" value="256MiB"/>
|
||||||
|
<policy domain="resource" name="list-length" value="32"/>
|
||||||
|
<policy domain="resource" name="width" value="8KP"/>
|
||||||
|
<policy domain="resource" name="height" value="8KP"/>
|
||||||
|
<policy domain="resource" name="map" value="512MiB"/>
|
||||||
|
<policy domain="resource" name="area" value="16KP"/>
|
||||||
|
<policy domain="resource" name="disk" value="1GiB"/>
|
||||||
|
<policy domain="resource" name="file" value="768"/>
|
||||||
|
<policy domain="resource" name="thread" value="2"/>
|
||||||
|
<policy domain="resource" name="time" value="120"/>
|
||||||
|
<policy domain="module" rights="none" pattern="URL" />
|
||||||
|
<policy domain="coder" rights="write" pattern="{MSVG,MVG,PS,PDF,RSVG,SVG,XPS}" />
|
||||||
|
<policy domain="filter" rights="none" pattern="*" />
|
||||||
|
<!--Seems needed to send the pictures to Pict-RS server
|
||||||
|
<policy domain="path" rights="none" pattern="-"/> <!-- don't read/write from/to stdin/stdout -->
|
||||||
|
<policy domain="path" rights="none" pattern="/etc/*"/> <!-- don't read sensitive paths -->
|
||||||
|
<policy domain="path" rights="none" pattern="@*"/> <!-- indirect reads not permitted -->
|
||||||
|
<policy domain="cache" name="memory-map" value="anonymous"/>
|
||||||
|
<policy domain="cache" name="synchronize" value="true"/>
|
||||||
|
<!-- Only needed in case of distributed pixel cache
|
||||||
|
<policy domain="cache" name="shared-secret" value="IMAGEMAGICK_CACHE_SECRET" stealth="True"/> -->
|
||||||
|
<policy domain="system" name="shred" value="1"/>
|
||||||
|
</policymap>
|
|
@ -5,7 +5,7 @@ name = "Lemmy"
|
||||||
description.en = "Link aggregator/Reddit clone for the fediverse"
|
description.en = "Link aggregator/Reddit clone for the fediverse"
|
||||||
description.fr = "Agrégateur de liens/clone Reddit pour le fedivers"
|
description.fr = "Agrégateur de liens/clone Reddit pour le fedivers"
|
||||||
|
|
||||||
version = "0.18.2~ynh1"
|
version = "0.18.2~ynh2"
|
||||||
|
|
||||||
maintainers = []
|
maintainers = []
|
||||||
|
|
||||||
|
@ -17,18 +17,20 @@ admindoc = "https://join-lemmy.org/docs/en/"
|
||||||
code = "https://github.com/LemmyNet/lemmy"
|
code = "https://github.com/LemmyNet/lemmy"
|
||||||
|
|
||||||
[integration]
|
[integration]
|
||||||
yunohost = ">= 11.1.21"
|
yunohost = ">= 11.2"
|
||||||
architectures = ["amd64"]
|
architectures = ["amd64"]
|
||||||
multi_instance = false
|
multi_instance = false
|
||||||
|
|
||||||
ldap = false
|
ldap = false
|
||||||
|
|
||||||
sso = false
|
sso = false
|
||||||
|
|
||||||
disk = "50M"
|
disk = "50M"
|
||||||
ram.build = "500M"
|
ram.build = "500M"
|
||||||
ram.runtime = "50M"
|
ram.runtime = "50M"
|
||||||
|
|
||||||
[install.domain]
|
[install.domain]
|
||||||
type = "domain"
|
type = "domain"
|
||||||
full_domain = true
|
|
||||||
|
|
||||||
[install.init_main_permission]
|
[install.init_main_permission]
|
||||||
type = "group"
|
type = "group"
|
||||||
|
@ -51,17 +53,24 @@ ram.runtime = "50M"
|
||||||
|
|
||||||
[resources.ports]
|
[resources.ports]
|
||||||
main.default = 8536
|
main.default = 8536
|
||||||
|
pictrs.default = 8080
|
||||||
ui.default = 1235
|
ui.default = 1235
|
||||||
|
|
||||||
[resources.system_user]
|
[resources.system_user]
|
||||||
|
allow_email = true
|
||||||
|
|
||||||
[resources.install_dir]
|
[resources.install_dir]
|
||||||
|
|
||||||
[resources.data_dir]
|
[resources.data_dir]
|
||||||
subdirs = ["pictrs-data"]
|
subdirs = ["pictrs-data", "sled", "exports", "magick"]
|
||||||
|
|
||||||
[resources.permissions]
|
[resources.permissions]
|
||||||
main.url = "/"
|
main.url = "/"
|
||||||
|
|
||||||
|
pictrs.url = "/pictrs"
|
||||||
|
pictrs.allowed = "visitors"
|
||||||
|
pictrs.show_tile = false
|
||||||
|
pictrs.protected = true
|
||||||
|
|
||||||
api.url = "/api"
|
api.url = "/api"
|
||||||
api.allowed = "visitors"
|
api.allowed = "visitors"
|
||||||
|
@ -76,7 +85,7 @@ ram.runtime = "50M"
|
||||||
inbox.protected = true
|
inbox.protected = true
|
||||||
|
|
||||||
[resources.apt]
|
[resources.apt]
|
||||||
packages = "postgresql espeak"
|
packages = "postgresql, espeak, rsync, libfuse2, libimage-exiftool-perl, ffmpeg"
|
||||||
extras.yarn.repo = "deb https://dl.yarnpkg.com/debian/ stable main"
|
extras.yarn.repo = "deb https://dl.yarnpkg.com/debian/ stable main"
|
||||||
extras.yarn.key = "https://dl.yarnpkg.com/debian/pubkey.gpg"
|
extras.yarn.key = "https://dl.yarnpkg.com/debian/pubkey.gpg"
|
||||||
extras.yarn.packages = "yarn"
|
extras.yarn.packages = "yarn"
|
||||||
|
|
|
@ -4,8 +4,12 @@
|
||||||
# COMMON VARIABLES
|
# COMMON VARIABLES
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
|
PICTRS_VERSION=0.4.1-rc.0
|
||||||
|
|
||||||
NODEJS_VERSION=20
|
NODEJS_VERSION=20
|
||||||
|
|
||||||
|
main_domain=$(cat /etc/yunohost/current_host)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# PERSONAL HELPERS
|
# PERSONAL HELPERS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -14,6 +18,36 @@ NODEJS_VERSION=20
|
||||||
# EXPERIMENTAL HELPERS
|
# EXPERIMENTAL HELPERS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
|
# Downloads an AppImage from an url, unpacks and extracts it in a destination directory, and creates a symlink to its executable
|
||||||
|
download_and_install_appimage() {
|
||||||
|
|
||||||
|
# Declare an array to define the options of this helper.
|
||||||
|
local legacy_args=nud
|
||||||
|
local -A args_array=([n]=name= [u]=url= [d]=directory= [s]=symlink=)
|
||||||
|
local url
|
||||||
|
local directory
|
||||||
|
local name
|
||||||
|
# Manage arguments with getopts
|
||||||
|
ynh_handle_getopts_args "$@"
|
||||||
|
|
||||||
|
# Cleanup
|
||||||
|
ynh_secure_remove --file="$install_dir/pict-rs/$name"
|
||||||
|
ynh_secure_remove --file="$install_dir/pict-rs/$name.appimage"
|
||||||
|
ynh_secure_remove --file="$install_dir/pict-rs/$name.appimageextract"
|
||||||
|
|
||||||
|
# Download and make executable
|
||||||
|
curl -f "$url" -o "$directory/$name.appimage" -s
|
||||||
|
[ ! -f "$directory/$name.appimage" ] && ynh_print_err --message="AppImage could not be downloaded"
|
||||||
|
chmod +x "$directory/$name.appimage"
|
||||||
|
|
||||||
|
# Extract and create link
|
||||||
|
pushd "$directory"
|
||||||
|
"$directory/$name.appimage" --appimage-extract
|
||||||
|
mv "$directory/squashfs-root" "$directory/$name.appimageextract"
|
||||||
|
ln -s "$directory/$name.appimageextract/AppRun" "$directory/$name"
|
||||||
|
popd
|
||||||
|
}
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# FUTURE OFFICIAL HELPERS
|
# FUTURE OFFICIAL HELPERS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
@ -47,6 +47,7 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
|
||||||
|
|
||||||
ynh_backup --src_path="/etc/systemd/system/$app.service"
|
ynh_backup --src_path="/etc/systemd/system/$app.service"
|
||||||
ynh_backup --src_path="/etc/systemd/system/$app-ui.service"
|
ynh_backup --src_path="/etc/systemd/system/$app-ui.service"
|
||||||
|
ynh_backup --src_path="/etc/systemd/system/$app-pict-rs.service"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# BACKUP THE POSTGRESQL DATABASE
|
# BACKUP THE POSTGRESQL DATABASE
|
||||||
|
|
|
@ -16,8 +16,9 @@ source /usr/share/yunohost/helpers
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Stopping a systemd service..." --weight=1
|
ynh_script_progression --message="Stopping a systemd service..." --weight=1
|
||||||
|
|
||||||
ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped" --log_path=systemd
|
ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped" "/var/log/$app/$app.log"
|
||||||
ynh_systemd_action --service_name=$app-ui --action="stop" --line_match="Stopped" --log_path=systemd
|
ynh_systemd_action --service_name=$app-ui --action="stop" --line_match="Stopped" --log_path="/var/log/$app/$app-ui.log"
|
||||||
|
ynh_systemd_action --service_name=$app-pict-rs --action="stop" --line_match="Stopped" --log_path="/var/log/$app/$app-pict-rs.log"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# MODIFY URL IN NGINX CONF
|
# MODIFY URL IN NGINX CONF
|
||||||
|
@ -44,8 +45,9 @@ chown $app:$app "$install_dir/config/config.hjson"
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||||
|
|
||||||
ynh_systemd_action --service_name=$app --action="start" --line_match="Starting http server at" --log_path="/var/log/$app/$app.log"
|
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Starting http server at"
|
||||||
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="http://0.0.0.0" --log_path="/var/log/$app/$app-ui.log"
|
ynh_systemd_action --service_name=$app-ui --action="start" --log_path="/var/log/$app/$app-ui.log" --line_match="http://0.0.0.0"
|
||||||
|
ynh_systemd_action --service_name=$app-pict-rs --action="start" --log_path="/var/log/$app/$app-pict-rs.log" --line_match="starting in Actix runtime"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# END OF SCRIPT
|
# END OF SCRIPT
|
||||||
|
|
|
@ -34,6 +34,7 @@ ynh_script_progression --message="Setting up source files..." --weight=1
|
||||||
ynh_setup_source --dest_dir="$install_dir/build-lemmy/"
|
ynh_setup_source --dest_dir="$install_dir/build-lemmy/"
|
||||||
ynh_setup_source --dest_dir="$install_dir/build-lemmy-ui/"
|
ynh_setup_source --dest_dir="$install_dir/build-lemmy-ui/"
|
||||||
ynh_setup_source --dest_dir="$install_dir/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
|
ynh_setup_source --dest_dir="$install_dir/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
|
||||||
|
ynh_setup_source --dest_dir="$install_dir/build-pict-rs/"
|
||||||
|
|
||||||
chmod -R o-rwx "$install_dir"
|
chmod -R o-rwx "$install_dir"
|
||||||
chown -R $app:$app "$install_dir"
|
chown -R $app:$app "$install_dir"
|
||||||
|
@ -76,29 +77,57 @@ mkdir -p "$install_dir/lemmy/"
|
||||||
mv -f "$install_dir/build-lemmy/output/app/lemmy" "$install_dir/lemmy/lemmy"
|
mv -f "$install_dir/build-lemmy/output/app/lemmy" "$install_dir/lemmy/lemmy"
|
||||||
ynh_secure_remove --file="$install_dir/build-lemmy"
|
ynh_secure_remove --file="$install_dir/build-lemmy"
|
||||||
|
|
||||||
|
# Install pict-rs
|
||||||
|
pushd $install_dir/build-pict-rs
|
||||||
|
./docker-image-extract asonix/pictrs:$PICTRS_VERSION
|
||||||
|
popd
|
||||||
|
mkdir -p "$install_dir/pict-rs/"
|
||||||
|
mv -f "$install_dir/build-pict-rs/output/usr/local/bin/pict-rs" "$install_dir/pict-rs/pict-rs"
|
||||||
|
ynh_secure_remove --file="$install_dir/build-pict-rs"
|
||||||
|
|
||||||
chmod 750 "$install_dir"
|
chmod 750 "$install_dir"
|
||||||
chmod -R o-rwx "$install_dir"
|
chmod -R o-rwx "$install_dir"
|
||||||
chown -R $app:$app "$install_dir"
|
chown -R $app:$app "$install_dir"
|
||||||
|
|
||||||
|
# (Dirty) Install ImageMagick
|
||||||
|
# Requires 'libfuse2' and 'libimage-exiftool-perl' apt dependencies
|
||||||
|
ynh_script_progression --message="Downloading and installing ImageMagick..." --weight=1
|
||||||
|
download_and_install_appimage --name="magick" --url="https://imagemagick.org/archive/binaries/magick" --directory="$install_dir/pict-rs" --symlink="$install_dir/pict-rs/magick"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# ADD A CONFIGURATION
|
# ADD A CONFIGURATION
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Adding a configuration file..." --weight=1
|
ynh_script_progression --message="Adding a configuration file..." --weight=1
|
||||||
|
|
||||||
|
# Lemmy configuration
|
||||||
mkdir -p "$install_dir/config/"
|
mkdir -p "$install_dir/config/"
|
||||||
ynh_add_config --template="../conf/lemmy.hjson" --destination="$install_dir/config/config.hjson"
|
ynh_add_config --template="../conf/lemmy.hjson" --destination="$install_dir/config/config.hjson"
|
||||||
|
|
||||||
chmod 400 "$install_dir/config/config.hjson"
|
chmod 400 "$install_dir/config/config.hjson"
|
||||||
chown $app:$app "$install_dir/config/config.hjson"
|
chown $app:$app "$install_dir/config/config.hjson"
|
||||||
|
|
||||||
|
# Pict-RS configuration
|
||||||
|
ynh_add_config --template="../conf/pict-rs.toml" --destination="$install_dir/pict-rs/pict-rs.toml"
|
||||||
|
chmod 400 "$install_dir/pict-rs/pict-rs.toml"
|
||||||
|
chown $app:$app "$install_dir/pict-rs/pict-rs.toml"
|
||||||
|
|
||||||
|
# ImageMagick configuration
|
||||||
|
mkdir -p "$install_dir/.config/ImageMagick"
|
||||||
|
ynh_add_config --template="../conf/policy.xml" --destination="$install_dir/.config/ImageMagick/policy.xml"
|
||||||
|
chmod 400 "$install_dir/.config/ImageMagick/policy.xml"
|
||||||
|
chown -R $app:$app "$install_dir/.config"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP SYSTEMD
|
# SETUP SYSTEMD
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Configuring a systemd service..." --weight=1
|
ynh_script_progression --message="Configuring a systemd service..." --weight=1
|
||||||
|
|
||||||
|
# Prep local path for Pict-RS
|
||||||
|
pictrs_path="$install_dir/pict-rs:$PATH"
|
||||||
|
|
||||||
# Create a dedicated systemd config
|
# Create a dedicated systemd config
|
||||||
ynh_add_systemd_config --service="$app" --template="lemmy.service"
|
ynh_add_systemd_config --service="$app" --template="lemmy.service"
|
||||||
ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
|
ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
|
||||||
|
ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# GENERIC FINALIZATION
|
# GENERIC FINALIZATION
|
||||||
|
@ -120,17 +149,26 @@ ynh_use_logrotate
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
||||||
|
|
||||||
yunohost service add $app --log="/var/log/$app/$app.log"
|
yunohost service add $app --description="Link aggregator/Reddit clone" --log="/var/log/$app/$app.log"
|
||||||
yunohost service add $app-ui --log="/var/log/$app/$app-ui.log"
|
yunohost service add $app-ui --description="Link aggregator/Reddit clone" --log="/var/log/$app/$app-ui.log"
|
||||||
|
yunohost service add $app-pict-rs --description="Simple image hosting service for Lemmy" --log="/var/log/$app/$app-pict-rs.log"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# START SYSTEMD SERVICE
|
# START SYSTEMD SERVICE
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
|
# TMP rebuild sharp
|
||||||
|
pushd $install_dir/lemmy-ui
|
||||||
|
ynh_use_nodejs
|
||||||
|
ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH npm rebuild sharp
|
||||||
|
popd
|
||||||
|
|
||||||
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||||
|
|
||||||
# Start a systemd service
|
# Start a systemd service
|
||||||
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Starting http server at"
|
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Starting http server at"
|
||||||
ynh_systemd_action --service_name=$app-ui --action="start" --log_path="/var/log/$app/$app-ui.log" --line_match="http://0.0.0.0"
|
ynh_systemd_action --service_name=$app-ui --action="start" --log_path="/var/log/$app/$app-ui.log" --line_match="http://0.0.0.0"
|
||||||
|
ynh_systemd_action --service_name=$app-pict-rs --action="start" --log_path="/var/log/$app/$app-pict-rs.log" --line_match="starting in Actix runtime"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# END OF SCRIPT
|
# END OF SCRIPT
|
||||||
|
|
|
@ -14,6 +14,7 @@ source /usr/share/yunohost/helpers
|
||||||
#=================================================
|
#=================================================
|
||||||
# REMOVE SERVICE INTEGRATION IN YUNOHOST
|
# REMOVE SERVICE INTEGRATION IN YUNOHOST
|
||||||
#=================================================
|
#=================================================
|
||||||
|
ynh_script_progression --message="Removing system configurations related to $app..." --weight=10
|
||||||
|
|
||||||
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
|
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
|
||||||
if ynh_exec_warn_less yunohost service status $app >/dev/null
|
if ynh_exec_warn_less yunohost service status $app >/dev/null
|
||||||
|
@ -23,50 +24,29 @@ then
|
||||||
fi
|
fi
|
||||||
if ynh_exec_warn_less yunohost service status $app-ui >/dev/null
|
if ynh_exec_warn_less yunohost service status $app-ui >/dev/null
|
||||||
then
|
then
|
||||||
ynh_script_progression --message="Removing $app-ui service integration..."
|
ynh_script_progression --message="Removing $app-ui service integration..." --weight=1
|
||||||
yunohost service remove $app-ui
|
yunohost service remove $app-ui
|
||||||
fi
|
fi
|
||||||
|
if ynh_exec_warn_less yunohost service status $app-pict-rs >/dev/null
|
||||||
#=================================================
|
then
|
||||||
# STOP AND REMOVE SERVICE
|
ynh_script_progression --message="Removing $app-pict-rs service integration..." --weight=1
|
||||||
#=================================================
|
yunohost service remove $app-pict-rs
|
||||||
ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
|
fi
|
||||||
|
|
||||||
# Remove the dedicated systemd config
|
# Remove the dedicated systemd config
|
||||||
ynh_remove_systemd_config
|
ynh_remove_systemd_config
|
||||||
ynh_remove_systemd_config --service=$app-ui
|
ynh_remove_systemd_config --service=$app-ui
|
||||||
|
ynh_remove_systemd_config --service=$app-pict-rs
|
||||||
#=================================================
|
|
||||||
# REMOVE LOGROTATE CONFIGURATION
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing logrotate configuration..." --weight=1
|
|
||||||
|
|
||||||
# Remove the app-specific logrotate config
|
# Remove the app-specific logrotate config
|
||||||
ynh_remove_logrotate
|
ynh_remove_logrotate
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REMOVE NGINX CONFIGURATION
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
|
|
||||||
|
|
||||||
# Remove the dedicated NGINX config
|
# Remove the dedicated NGINX config
|
||||||
ynh_remove_nginx_config
|
ynh_remove_nginx_config
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REMOVE DEPENDENCIES
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing dependencies..." --weight=1
|
|
||||||
|
|
||||||
# Remove metapackage and its dependencies
|
# Remove metapackage and its dependencies
|
||||||
ynh_remove_nodejs
|
ynh_remove_nodejs
|
||||||
ynh_secure_remove --file="/lib/libc.musl-x86_64.so.1"
|
#ynh_secure_remove --file="/lib/libc.musl-x86_64.so.1"
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SPECIFIC REMOVE
|
|
||||||
#=================================================
|
|
||||||
# REMOVE VARIOUS FILES
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing various files..." --weight=1
|
|
||||||
|
|
||||||
# Remove the log files
|
# Remove the log files
|
||||||
ynh_secure_remove --file="/var/log/$app"
|
ynh_secure_remove --file="/var/log/$app"
|
||||||
|
|
|
@ -65,6 +65,8 @@ ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
|
||||||
systemctl enable $app.service --quiet
|
systemctl enable $app.service --quiet
|
||||||
ynh_restore_file --origin_path="/etc/systemd/system/$app-ui.service"
|
ynh_restore_file --origin_path="/etc/systemd/system/$app-ui.service"
|
||||||
systemctl enable $app-ui.service --quiet
|
systemctl enable $app-ui.service --quiet
|
||||||
|
ynh_restore_file --origin_path="/etc/systemd/system/$app-pict-rs.service"
|
||||||
|
systemctl enable $app-pict-rs.service --quiet
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RESTORE THE LOGROTATE CONFIGURATION
|
# RESTORE THE LOGROTATE CONFIGURATION
|
||||||
|
@ -83,16 +85,18 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app"
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
||||||
|
|
||||||
yunohost service add $app --log="/var/log/$app/$app.log"
|
yunohost service add $app --description="Link aggregator/Reddit clone" --log="/var/log/$app/$app.log"
|
||||||
yunohost service add $app-ui --log="/var/log/$app/$app-ui.log"
|
yunohost service add $app-ui --description="Link aggregator/Reddit clone" --log="/var/log/$app/$app-ui.log"
|
||||||
|
yunohost service add $app-pict-rs --description="Simple image hosting service for Lemmy" --log="/var/log/$app/$app-pict-rs.log"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# START SYSTEMD SERVICE
|
# START SYSTEMD SERVICE
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||||
|
|
||||||
ynh_systemd_action --service_name=$app --action="start" --line_match="Starting http server at" --log_path="/var/log/$app/$app.log"
|
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Starting http server at"
|
||||||
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="http://0.0.0.0" --log_path="/var/log/$app/$app-ui.log"
|
ynh_systemd_action --service_name=$app-ui --action="start" --log_path="/var/log/$app/$app-ui.log" --line_match="http://0.0.0.0"
|
||||||
|
ynh_systemd_action --service_name=$app-pict-rs --action="start" --log_path="/var/log/$app/$app-pict-rs.log" --line_match="starting in Actix runtime"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# GENERIC FINALIZATION
|
# GENERIC FINALIZATION
|
||||||
|
|
|
@ -22,8 +22,9 @@ upgrade_type=$(ynh_check_app_version_changed)
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Stopping a systemd service..." --weight=1
|
ynh_script_progression --message="Stopping a systemd service..." --weight=1
|
||||||
|
|
||||||
ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped" --log_path=systemd
|
ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped" --log_path="/var/log/$app/$app.log"
|
||||||
ynh_systemd_action --service_name=$app-ui --action="stop" --line_match="Stopped" --log_path=systemd
|
ynh_systemd_action --service_name=$app-ui --action="stop" --line_match="Stopped" --log_path="/var/log/$app/$app-ui.log"
|
||||||
|
ynh_systemd_action --service_name=$app-pict-rs --action="stop" --line_match="Stopped" --log_path="/var/log/$app/$app-pict-rs.log"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# ENSURE DOWNWARD COMPATIBILITY
|
# ENSURE DOWNWARD COMPATIBILITY
|
||||||
|
@ -40,16 +41,6 @@ then
|
||||||
ynh_remove_systemd_config --service=$app-iframely
|
ynh_remove_systemd_config --service=$app-iframely
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Removing previously installed pict-rs
|
|
||||||
if ynh_exec_warn_less yunohost service status $app-pict-rs >/dev/null
|
|
||||||
then
|
|
||||||
ynh_script_progression --message="Removing $app-pict-rs service integration..."
|
|
||||||
yunohost service remove $app-pict-rs
|
|
||||||
fi
|
|
||||||
ynh_remove_systemd_config --service=$app-pict-rs
|
|
||||||
ynh_secure_remove --file="$install_dir/pict-rs"
|
|
||||||
ynh_app_setting_delete --app=$app --key=port_pictrs
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -62,9 +53,9 @@ then
|
||||||
ynh_setup_source --dest_dir="$install_dir/build-lemmy/"
|
ynh_setup_source --dest_dir="$install_dir/build-lemmy/"
|
||||||
ynh_setup_source --dest_dir="$install_dir/build-lemmy-ui/"
|
ynh_setup_source --dest_dir="$install_dir/build-lemmy-ui/"
|
||||||
ynh_setup_source --dest_dir="$install_dir/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
|
ynh_setup_source --dest_dir="$install_dir/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
|
||||||
|
ynh_setup_source --dest_dir="$install_dir/build-pict-rs/"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
chmod 750 "$install_dir"
|
|
||||||
chmod -R o-rwx "$install_dir"
|
chmod -R o-rwx "$install_dir"
|
||||||
chown -R $app:$app "$install_dir"
|
chown -R $app:$app "$install_dir"
|
||||||
|
|
||||||
|
@ -118,6 +109,19 @@ then
|
||||||
mkdir -p "$install_dir/lemmy/"
|
mkdir -p "$install_dir/lemmy/"
|
||||||
mv -f "$install_dir/build-lemmy/output/app/lemmy" "$install_dir/lemmy/lemmy"
|
mv -f "$install_dir/build-lemmy/output/app/lemmy" "$install_dir/lemmy/lemmy"
|
||||||
ynh_secure_remove --file="$install_dir/build-lemmy"
|
ynh_secure_remove --file="$install_dir/build-lemmy"
|
||||||
|
|
||||||
|
# Install pict-rs
|
||||||
|
pushd $install_dir/build-pict-rs
|
||||||
|
./docker-image-extract asonix/pictrs:$PICTRS_VERSION
|
||||||
|
popd
|
||||||
|
mkdir -p "$install_dir/pict-rs/"
|
||||||
|
mv -f "$install_dir/build-pict-rs/output/usr/local/bin/pict-rs" "$install_dir/pict-rs/pict-rs"
|
||||||
|
ynh_secure_remove --file="$install_dir/build-pict-rs"
|
||||||
|
|
||||||
|
# (Dirty) Install ImageMagick
|
||||||
|
# Requires 'libfuse2' and 'libimage-exiftool-perl' apt dependencies
|
||||||
|
ynh_script_progression --message="Downloading and installing ImageMagick..." --weight=1
|
||||||
|
download_and_install_appimage --name="magick" --url="https://imagemagick.org/archive/binaries/magick" --directory="$install_dir/pict-rs" --symlink="$install_dir/pict-rs/magick"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
chmod 750 "$install_dir"
|
chmod 750 "$install_dir"
|
||||||
|
@ -129,12 +133,23 @@ chown -R $app:$app "$install_dir"
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Updating a configuration file..." --weight=1
|
ynh_script_progression --message="Updating a configuration file..." --weight=1
|
||||||
|
|
||||||
|
# Lemmy configuration
|
||||||
mkdir -p "$install_dir/lemmy/"
|
mkdir -p "$install_dir/lemmy/"
|
||||||
ynh_add_config --template="../conf/lemmy.hjson" --destination="$install_dir/config/config.hjson"
|
ynh_add_config --template="../conf/lemmy.hjson" --destination="$install_dir/config/config.hjson"
|
||||||
|
|
||||||
chmod 400 "$install_dir/config/config.hjson"
|
chmod 400 "$install_dir/config/config.hjson"
|
||||||
chown $app:$app "$install_dir/config/config.hjson"
|
chown $app:$app "$install_dir/config/config.hjson"
|
||||||
|
|
||||||
|
# Pict-RS configuration
|
||||||
|
ynh_add_config --template="../conf/pict-rs.toml" --destination="$install_dir/pict-rs/pict-rs.toml"
|
||||||
|
chmod 400 "$install_dir/pict-rs/pict-rs.toml"
|
||||||
|
chown $app:$app "$install_dir/pict-rs/pict-rs.toml"
|
||||||
|
|
||||||
|
# ImageMagick configuration
|
||||||
|
mkdir -p "$install_dir/.config/ImageMagick"
|
||||||
|
ynh_add_config --template="../conf/policy.xml" --destination="$install_dir/.config/ImageMagick/policy.xml"
|
||||||
|
chmod 400 "$install_dir/.config/ImageMagick/policy.xml"
|
||||||
|
chown -R $app:$app "$install_dir/.config"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CREATE EXTENSION IF NOT EXISTS pgcrypto
|
# CREATE EXTENSION IF NOT EXISTS pgcrypto
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -147,9 +162,13 @@ ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pgcrypto;" --data
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
|
ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
|
||||||
|
|
||||||
|
# Prep local path for Pict-RS
|
||||||
|
pictrs_path="$install_dir/pict-rs:$PATH"
|
||||||
|
|
||||||
# Create a dedicated systemd config
|
# Create a dedicated systemd config
|
||||||
ynh_add_systemd_config --service="$app" --template="lemmy.service"
|
ynh_add_systemd_config --service="$app" --template="lemmy.service"
|
||||||
ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
|
ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
|
||||||
|
ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# GENERIC FINALIZATION
|
# GENERIC FINALIZATION
|
||||||
|
@ -171,16 +190,25 @@ ynh_use_logrotate --non-append
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
||||||
|
|
||||||
yunohost service add $app --log="/var/log/$app/$app.log"
|
yunohost service add $app --description="Link aggregator/Reddit clone" --log="/var/log/$app/$app.log"
|
||||||
yunohost service add $app-ui --log="/var/log/$app/$app-ui.log"
|
yunohost service add $app-ui --description="Link aggregator/Reddit clone" --log="/var/log/$app/$app-ui.log"
|
||||||
|
yunohost service add $app-pict-rs --description="Simple image hosting service for Lemmy" --log="/var/log/$app/$app-pict-rs.log"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# START SYSTEMD SERVICE
|
# START SYSTEMD SERVICE
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
|
# TMP rebuild sharp
|
||||||
|
pushd $install_dir/lemmy-ui
|
||||||
|
ynh_use_nodejs
|
||||||
|
ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH npm rebuild sharp
|
||||||
|
popd
|
||||||
|
|
||||||
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||||
|
|
||||||
ynh_systemd_action --service_name=$app --action="start" --line_match="Starting http server at" --log_path="/var/log/$app/$app.log"
|
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Starting http server at"
|
||||||
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="http://0.0.0.0" --log_path="/var/log/$app/$app-ui.log"
|
ynh_systemd_action --service_name=$app-ui --action="start" --log_path="/var/log/$app/$app-ui.log" --line_match="http://0.0.0.0"
|
||||||
|
ynh_systemd_action --service_name=$app-pict-rs --action="start" --log_path="/var/log/$app/$app-pict-rs.log" --line_match="starting in Actix runtime"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# END OF SCRIPT
|
# END OF SCRIPT
|
||||||
|
|
Loading…
Reference in a new issue