YunoHost-Apps/lemmy_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/lemmy_ynh.git synced 2024-09-03 19:36:09 +02:00
Code Issues Activity Actions

Remove iframely

Browse source
This commit is contained in:
yalh76 2022-02-06 18:37:38 +01:00
parent 38ee8f92e5
commit 839dfac3a1
10 changed files with 97 additions and 453 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

283
conf/iframely.config.local.js
View file

@ -1,283 +0,0 @@
(function() {
var config = {
// Specify a path for custom plugins. Custom plugins will override core plugins.
// CUSTOM_PLUGINS_PATH: __dirname + '/yourcustom-plugin-folder',
DEBUG: false,
RICH_LOG_ENABLED: false,
// For embeds that require render, baseAppUrl will be used as the host.
baseAppUrl: "http://__DOMAIN__",
relativeStaticUrl: "/r",
// Or just skip built-in renders altogether
SKIP_IFRAMELY_RENDERS: true,
// For legacy reasons the response format of Iframely open-source is
// different by default as it does not group the links array by rel.
// In order to get the same grouped response as in Cloud API,
// add `&group=true` to your request to change response per request
// or set `GROUP_LINKS` in your config to `true` for a global change.
GROUP_LINKS: true,
// Number of maximum redirects to follow before aborting the page
// request with `redirect loop` error.
MAX_REDIRECTS: 4,
SKIP_OEMBED_RE_LIST: [
// /^https?:\/\/yourdomain\.com\//,
],
/*
// Used to pass parameters to the generate functions when creating HTML elements
// disableSizeWrapper: Don't wrap element (iframe, video, etc) in a positioned div
GENERATE_LINK_PARAMS: {
disableSizeWrapper: true
},
*/
port: __PORT_IFRAMELY__, //can be overridden by PORT env var
host: '0.0.0.0', // Dockers beware. See https://github.com/itteco/iframely/issues/132#issuecomment-242991246
//can be overridden by HOST env var
// Optional SSL cert, if you serve under HTTPS.
/*
ssl: {
key: require('fs').readFileSync(__dirname + '/key.pem'),
cert: require('fs').readFileSync(__dirname + '/cert.pem'),
port: 443
},
*/
/*
Supported cache engines:
- no-cache - no caching will be used.
- node-cache - good for debug, node memory will be used (https://github.com/tcs-de/nodecache).
- redis - https://github.com/mranney/node_redis.
- memcached - https://github.com/3rd-Eden/node-memcached
*/
CACHE_ENGINE: 'node-cache',
CACHE_TTL: 0, // In seconds.
// 0 = 'never expire' for memcached & node-cache to let cache engine decide itself when to evict the record
// 0 = 'no cache' for redis. Use high enough (e.g. 365*24*60*60*1000) ttl for similar 'never expire' approach instead
/*
// Redis cache options.
REDIS_OPTIONS: {
host: '127.0.0.1',
port: 6379
},
*/
/*
// Memcached options. See https://github.com/3rd-Eden/node-memcached#server-locations
MEMCACHED_OPTIONS: {
locations: "127.0.0.1:11211"
}
*/
/*
// Access-Control-Allow-Origin list.
allowedOrigins: [
"*",
"http://another_domain.com"
],
*/
/*
// Uncomment to enable plugin testing framework.
tests: {
mongodb: 'mongodb://localhost:27017/iframely-tests',
single_test_timeout: 10 * 1000,
plugin_test_period: 2 * 60 * 60 * 1000,
relaunch_script_period: 5 * 60 * 1000
},
*/
// If there's no response from remote server, the timeout will occur after
RESPONSE_TIMEOUT: 5 * 1000, //ms
/* From v1.4.0, Iframely supports HTTP/2 by default. Disable it, if you'd rather not.
Alternatively, you can also disable per origin. See `proxy` option below.
*/
// DISABLE_HTTP2: true,
// Customize API calls to oembed endpoints.
ADD_OEMBED_PARAMS: [{
// Endpoint url regexp array.
re: [/^http:\/\/api\.instagram\.com\/oembed/],
// Custom get params object.
params: {
hidecaption: true
}
}, {
re: [/^https:\/\/www\.facebook\.com\/plugins\/page\/oembed\.json/i],
params: {
show_posts: 0,
show_facepile: 0,
maxwidth: 600
}
}, {
// match i=user or i=moment or i=timeline to configure these types invidually
// see params spec at https://dev.twitter.com/web/embedded-timelines/oembed
re: [/^https?:\/\/publish\.twitter\.com\/oembed\?i=user/i],
params: {
limit: 1,
maxwidth: 600
}
/*
}, {
// Facebook https://developers.facebook.com/docs/plugins/oembed-endpoints
re: [/^https:\/\/www\.facebook\.com\/plugins\/\w+\/oembed\.json/i],
params: {
// Skip script tag and fb-root div.
omitscript: true
}
*/
}],
/*
// Configure use of HTTP proxies as needed.
// You don't have to specify all options per regex - just what you need to override
PROXY: [{
re: [/^https?:\/\/www\.domain\.com/],
proxy_server: 'http://1.2.3.4:8080',
user_agent: 'CHANGE YOUR AGENT',
headers: {
// HTTP headers
// Overrides previous params if overlapped.
},
request_options: {
// Refer to: https://github.com/request/request
// Overrides previous params if overlapped.
},
disable_http2: true
}],
*/
// Customize API calls to 3rd parties. At the very least - configure required keys.
providerOptions: {
locale: "en_US", // ISO 639-1 two-letter language code, e.g. en_CA or fr_CH.
// Will be added as highest priotity in accept-language header with each request.
// Plus is used in FB, YouTube and perhaps other plugins
"twitter": {
"max-width": 550,
"min-width": 250,
hide_media: false,
hide_thread: false,
omit_script: false,
center: false,
// dnt: true,
cache_ttl: 100 * 365 * 24 * 3600 // 100 Years.
},
readability: {
enabled: false
// allowPTagDescription: true // to enable description fallback to first paragraph
},
images: {
loadSize: false, // if true, will try an load first bytes of all images to get/confirm the sizes
checkFavicon: false // if true, will verify all favicons
},
tumblr: {
consumer_key: "INSERT YOUR VALUE"
// media_only: true // disables status embeds for images and videos - will return plain media
},
google: {
// https://developers.google.com/maps/documentation/embed/guide#api_key
maps_key: "INSERT YOUR VALUE"
},
/*
// Optional Camo Proxy to wrap all images: https://github.com/atmos/camo
camoProxy: {
camo_proxy_key: "INSERT YOUR VALUE",
camo_proxy_host: "INSERT YOUR VALUE"
// ssl_only: true // will only proxy non-ssl images
},
*/
// List of query parameters to add to YouTube and Vimeo frames
// Start it with leading "?". Or omit alltogether for default values
// API key is optional, youtube will work without it too.
// It is probably the same API key you use for Google Maps.
youtube: {
// api_key: "INSERT YOUR VALUE",
get_params: "?rel=0&showinfo=1" // https://developers.google.com/youtube/player_parameters
},
vimeo: {
get_params: "?byline=0&badge=0" // https://developer.vimeo.com/player/embedding
},
/*
soundcloud: {
old_player: true // enables classic player
},
giphy: {
media_only: true // disables branded player for gifs and returns just the image
}
*/
/*
bandcamp: {
get_params: '/size=large/bgcol=333333/linkcol=ffffff/artwork=small/transparent=true/',
media: {
album: {
height: 472,
'max-width': 700
},
track: {
height: 120,
'max-width': 700
}
}
}
*/
},
// WHITELIST_WILDCARD, if present, will be added to whitelist as record for top level domain: "*"
// with it, you can define what parsers do when they run accross unknown publisher.
// If absent or empty, all generic media parsers will be disabled except for known domains
// More about format: https://iframely.com/docs/qa-format
/*
WHITELIST_WILDCARD: {
"twitter": {
"player": "allow",
"photo": "deny"
},
"oembed": {
"video": "allow",
"photo": "allow",
"rich": "deny",
"link": "deny"
},
"og": {
"video": ["allow", "ssl", "responsive"]
},
"iframely": {
"survey": "allow",
"reader": "allow",
"player": "allow",
"image": "allow"
},
"html-meta": {
"video": ["allow", "responsive"],
"promo": "allow"
}
}
*/
// Black-list any of the inappropriate domains. Iframely will return 417
// At minimum, keep your localhosts blacklisted to avoid SSRF
BLACKLIST_DOMAINS_RE: [
/^https?:\/\/127\.0\.0\.1/i,
/^https?:\/\/localhost/i,
// And this is AWS metadata service
// https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
/^https?:\/\/169\.254\.169\.254/
]
};
module.exports = config;
})();

45
conf/iframely.service
View file

@ -1,45 +0,0 @@
[Unit]
Description=__APP__ Iframely Daemon
After=network.target
[Service]
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__/iframely/
ExecStart=__YNH_NODE__ -- server
StandardOutput=append:/var/log/__APP__/__APP__-iframely.log
StandardError=inherit
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

123
conf/lemmy.hjson
View file

@ -1,72 +1,49 @@
{
# for more info about the config, check out the documentation
# https://join.lemmy.ml/docs/en/administration/configuration.html
setup: {
# username for the admin user
admin_username: "__ADMIN__"
# password for the admin user
admin_password: "__PASSWORD__"
# optional: email for the admin user (can be omitted and set later through the website)
admin_email: "__ADMIN_EMAIL__"
# name of the site (can be changed later)
site_name: "__SITENAME__"
}
# settings related to the postgresql database
database: {
# username to connect to postgres
# Username to connect to postgres
user: "__DB_USER__"
# password to connect to postgres
# Password to connect to postgres
password: "__DB_PWD__"
# host where postgres is running
# Host where postgres is running
host: "localhost"
# port where postgres can be accessed
# Port where postgres can be accessed
port: 5432
# name of the postgres database for lemmy
# Name of the postgres database for lemmy
database: "__DB_NAME__"
# maximum number of active sql connections
# Maximum number of active sql connections
pool_size: 5
}
# the domain name of your instance (eg "lemmy.ml")
hostname: "__DOMAIN__"
# address where lemmy should listen for incoming requests
bind: "0.0.0.0"
# port where lemmy should listen for incoming requests
port: __PORT_LEMMY__
# whether tls is required for activitypub. only disable this for debugging, never for producion.
tls_enabled: true
# json web token for authorization between server and client
jwt_secret: "__RANDOM__"
# address where pictrs is available
pictrs_url: "http://127.0.0.1:__PORT_PICTRS__"
# address where iframely is available
iframely_url: "http://127.0.0.1:__PORT_IFRAMELY__"
# rate limits for various user actions, by user ip
rate_limit: {
# maximum number of messages created in interval
# Maximum number of messages created in interval
message: 180
# interval length for message limit
# Interval length for message limit, in seconds
message_per_second: 60
# maximum number of posts created in interval
# Maximum number of posts created in interval
post: 6
# interval length for post limit
# Interval length for post limit, in seconds
post_per_second: 600
# maximum number of registrations in interval
# Maximum number of registrations in interval
register: 3
# interval length for registration limit
# Interval length for registration limit, in seconds
register_per_second: 3600
# maximum number of image uploads in interval
# Maximum number of image uploads in interval
image: 6
# interval length for image uploads
# Interval length for image uploads, in seconds
image_per_second: 3600
# Maximum number of comments created in interval
comment: 6
# Interval length for comment limit, in seconds
comment_per_second: 600
}
# settings related to activitypub federation
# Settings related to activitypub federation
federation: {
# whether to enable activitypub federation.
# Whether to enable activitypub federation.
enabled: true
# Allows and blocks are described here:
# https://join-lemmy.org/docs/en/federation/administration.html#instance-allowlist-and-blocklist
#
# https://join-lemmy.org/docs/en/federation/administration.html///instance-allowlist-and-blocklist
#
# list of instances with which federation is allowed
# allowed_instances: ["instance1.tld","instance2.tld"]
# instances which we never federate anything with (but previously federated objects are unaffected)
@ -76,20 +53,60 @@
# strict_allowlist: true
}
captcha: {
enabled: true
difficulty: medium # Can be easy, medium, or hard
# Whether captcha is required for signup
enabled: false
# Can be easy, medium, or hard
difficulty: "medium"
}
# email sending configuration
# Email sending configuration. All options except login/password are mandatory
email: {
# hostname and port of the smtp server
# Hostname and port of the smtp server
smtp_server: "127.0.0.1:25"
# login name for smtp server
# Login name for smtp server
smtp_login: ""
# password to login to the smtp server
# Password to login to the smtp server
smtp_password: ""
# address to send emails from, eg "noreply@your-instance.com"
# Address to send emails from, eg noreply@your-instance.com
smtp_from_address: "lemmy@__DOMAIN__"
# whether or not smtp connections should use tls
# Whether or not smtp connections should use tls
use_tls: true
}
# Parameters for automatic configuration of new instance (only used at first start)
setup: {
# Username for the admin user
admin_username: "__ADMIN__"
# Password for the admin user. It must be at least 10 characters.
admin_password: "__PASSWORD__"
# Name of the site (can be changed later)
site_name: "__SITENAME__"
# Email for the admin user (optional, can be omitted and set later through the website)
admin_email: "__ADMIN_EMAIL__"
sidebar: "string"
description: "string"
icon: "string"
banner: "string"
enable_downvotes: true
open_registration: true
enable_nsfw: true
community_creation_admin_only: true
require_email_verification: true
require_application: true
application_question: "string"
private_instance: false
}
# the domain name of your instance (mandatory)
hostname: "__DOMAIN__"
# Address where lemmy should listen for incoming requests
bind: "0.0.0.0"
# Port where lemmy should listen for incoming requests
port: __PORT_LEMMY__
# Whether the site is available over TLS. Needs to be true for federation to work.
tls_enabled: true
# Address where pictrs is available (for image hosting)
pictrs_url: "http://127.0.0.1:__PORT_PICTRS__"
slur_filter: "(\bThis\b)|(\bis\b)|(\bsample\b)"
# Maximum length of local community and user names
actor_name_max_length: 20
# Maximum number of HTTP requests allowed to handle a single incoming activity (or a single object fetch through the search).
http_fetch_retry_limit: 25
}

31
conf/nginx.conf
View file

@ -1,20 +1,26 @@
#limit_req_zone $binary_remote_addr zone=lemmy_ratelimit:10m rate=1r/s;
# Only connect to this site via HTTPS for the two years
more_set_headers "Strict-Transport-Security: max-age=63072000";
# Various content security headers
more_set_headers "Referrer-Policy: same-origin";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Frame-Options: DENY";
more_set_headers "X-XSS-Protection: 1; mode=block";
# Upload limit for pictrs
client_max_body_size 20M;
# frontend
location / {
# The default ports:
# lemmy_ui_port: 1235
# lemmy_port: 8536
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
set $proxpass "http://127.0.0.1:__PORT_UI__";
if ($http_accept = "application/activity+json") {
set $proxpass "http://127.0.0.1:__PORT_LEMMY__";
}
if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") {
if ($http_accept ~ "^application/.*$") {
set $proxpass "http://127.0.0.1:__PORT_LEMMY__";
}
if ($request_method = POST) {
@ -52,13 +58,6 @@
return 301 /pictrs/image/$1;
}
location /iframely/ {
proxy_pass http://127.0.0.1:__PORT_IFRAMELY__/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# Anonymize IP addresses
# https://www.supertechcrew.com/anonymizing-logs-nginx-apache/

5
scripts/_common.sh
View file

@ -11,9 +11,8 @@ imagemagick_build_dependencies="libltdl-dev libjpeg-dev libpng-dev libwebp-dev l
imagemagick_dependencies=""
pictrs_build_dependencies="pkg-config build-essential libgexiv2-dev libxml2 libltdl7 libavcodec-dev libavfilter-dev libavdevice-dev libavformat-dev libavresample-dev libavutil-dev libswscale-dev libswresample-dev llvm-dev libclang-dev clang"
pictrs_dependencies="libgexiv2-2 libpng16-16 libjpeg62-turbo libwebp6 libwebpdemux2 libwebpmux3 libltdl7 libgomp1 libxml2 libavcodec58 libavfilter7 libavdevice58 libavformat58 libavresample4 libavutil56 libswscale5 libswresample3 tini"
iframely_dependencies="musl-dev"
pkg_dependencies="$lemmy_dependencies $lemmyui_dependencies $imagemagick_dependencies $pictrs_dependencies $iframely_dependencies"
pkg_dependencies="$lemmy_dependencies $lemmyui_dependencies $imagemagick_dependencies $pictrs_dependencies"
pkg_build_dependencies="$imagemagick_build_dependencies $pictrs_build_dependencies"
NODEJS_VERSION=12
@ -24,8 +23,6 @@ LEMMYUI_VERSION=0.15.2
PICTRS_VERSION=0.3.0-beta.12-r1
IFRAMELY_VERSION=latest
#=================================================
# PERSONAL HELPERS
#=================================================

1
scripts/backup
View file

@ -69,7 +69,6 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
ynh_backup --src_path="/etc/systemd/system/$app.service"
ynh_backup --src_path="/etc/systemd/system/$app-ui.service"
ynh_backup --src_path="/etc/systemd/system/$app-iframely.service"
ynh_backup --src_path="/etc/systemd/system/$app-pict-rs.service"
#=================================================

22
scripts/install
View file

@ -28,7 +28,6 @@ path_url="/"
admin=$YNH_APP_ARG_ADMIN
password=$(ynh_string_random --length=12)
sitename=$YNH_APP_ARG_SITENAME
random=$(ynh_string_random --length=10)
admin_email=$(ynh_user_get_info --username=$admin --key="mail")
app=$YNH_APP_INSTANCE_NAME
@ -54,7 +53,6 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=password --value=$password
ynh_app_setting_set --app=$app --key=sitename --value=$sitename
ynh_app_setting_set --app=$app --key=random --value=$random
#=================================================
# STANDARD MODIFICATIONS
@ -70,8 +68,6 @@ port_ui=$(ynh_find_port --port=1235)
ynh_app_setting_set --app=$app --key=port_ui --value=$port_ui
port_pictrs=$(ynh_find_port --port=8537)
ynh_app_setting_set --app=$app --key=port_pictrs --value=$port_pictrs
port_iframely=$(ynh_find_port --port=8061)
ynh_app_setting_set --app=$app --key=port_iframely --value=$port_iframely
#=================================================
# INSTALL DEPENDENCIES
@ -103,6 +99,7 @@ db_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pgcrypto;" --database="$db_name"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
@ -116,7 +113,6 @@ ynh_setup_source --dest_dir="$final_path/build-lemmy-ui/" --source_id="docker-im
ynh_setup_source --dest_dir="$final_path/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
ynh_setup_source --dest_dir="$final_path/build-pict-rs/" --source_id="pict-rs"
ynh_setup_source --dest_dir="$final_path/build-iframely/" --source_id="docker-image-extract"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
@ -195,14 +191,6 @@ ynh_secure_remove --file="$final_path/build-pict-rs"
ynh_secure_remove --file="$final_path/.cargo"
ynh_secure_remove --file="$final_path/.rustup"
# Install iframely
pushd $final_path/build-iframely
./docker-image-extract dogbin/iframely:$IFRAMELY_VERSION
popd
mkdir -p "$final_path/iframely/"
rsync -a "$final_path/build-iframely/output/iframely/" "$final_path/iframely/"
ynh_secure_remove --file="$final_path/build-iframely"
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
ynh_package_autoremove
@ -221,11 +209,6 @@ ynh_add_config --template="../conf/lemmy.hjson" --destination="$final_path/confi
chmod 400 "$final_path/config/config.hjson"
chown $app:$app "$final_path/config/config.hjson"
ynh_add_config --template="../conf/iframely.config.local.js" --destination="$final_path/iframely/iframely.config.local.js"
chmod 400 "$final_path/iframely/iframely.config.local.js"
chown $app:$app "$final_path/iframely/iframely.config.local.js"
#=================================================
# SETUP SYSTEMD
#=================================================
@ -234,7 +217,6 @@ ynh_script_progression --message="Configuring a systemd service..."
# Create a dedicated systemd config
ynh_add_systemd_config --service="$app" --template="lemmy.service"
ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
ynh_add_systemd_config --service="$app-iframely" --template="iframely.service"
ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service"
#=================================================
@ -260,7 +242,6 @@ ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log"
yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log"
yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log"
#=================================================
# START SYSTEMD SERVICE
@ -271,7 +252,6 @@ ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd
#=================================================
# SETUP SSOWAT

6
scripts/remove
View file

@ -39,11 +39,6 @@ then
yunohost service remove $app-ui
fi
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app-iframely service integration..."
yunohost service remove $app-iframely
fi
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app-pict-rs service integration..."
yunohost service remove $app-pict-rs
@ -57,7 +52,6 @@ ynh_script_progression --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config
ynh_remove_systemd_config
ynh_remove_systemd_config --service=$app-ui
ynh_remove_systemd_config --service=$app-iframely
ynh_remove_systemd_config --service=$app-pict-rs
#=================================================

5
scripts/restore
View file

@ -126,6 +126,7 @@ ynh_script_progression --message="Restoring the PostgreSQL database..."
ynh_psql_test_if_first_run
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name"
ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pgcrypto;" --database="$db_name"
#=================================================
# RESTORE SYSTEMD
@ -136,8 +137,6 @@ ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet
ynh_restore_file --origin_path="/etc/systemd/system/$app-ui.service"
systemctl enable $app-ui.service --quiet
ynh_restore_file --origin_path="/etc/systemd/system/$app-iframely.service"
systemctl enable $app-iframely.service --quiet
ynh_restore_file --origin_path="/etc/systemd/system/$app-pict-rs.service"
systemctl enable $app-pict-rs.service --quiet
@ -160,7 +159,6 @@ ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log"
yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log"
yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log"
#=================================================
@ -170,7 +168,6 @@ ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd
#=================================================

29
scripts/upgrade
View file

@ -26,11 +26,9 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
password=$(ynh_app_setting_get --app=$app --key=password)
sitename=$(ynh_app_setting_get --app=$app --key=sitename)
random=$(ynh_app_setting_get --app=$app --key=random)
port_lemmy=$(ynh_app_setting_get --app=$app --key=port_lemmy)
port_ui=$(ynh_app_setting_get --app=$app --key=port_ui)
port_pictrs=$(ynh_app_setting_get --app=$app --key=port_pictrs)
port_iframely=$(ynh_app_setting_get --app=$app --key=port_iframely)
admin_email=$(ynh_user_get_info --username=$admin --key="mail")
#=================================================
@ -65,7 +63,6 @@ ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped" --log_path=systemd
ynh_systemd_action --service_name=$app-ui --action="stop" --line_match="Stopped" --log_path=systemd
ynh_systemd_action --service_name=$app-pict-rs --action="stop" --line_match="Stopped" --log_path=systemd
ynh_systemd_action --service_name=$app-iframely --action="stop" --line_match="Stopped" --log_path=systemd
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
@ -79,6 +76,15 @@ if ynh_legacy_permissions_exists; then
ynh_app_setting_delete --app=$app --key=is_public
fi
ynh_app_setting_delete --app=$app --key=random
ynh_app_setting_delete --app=$app --key=port_iframely
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app-iframely service integration..."
yunohost service remove $app-iframely
fi
ynh_remove_systemd_config --service=$app-iframely
#=================================================
# CREATE DEDICATED USER
#=================================================
@ -101,7 +107,6 @@ then
ynh_setup_source --dest_dir="$final_path/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
ynh_setup_source --dest_dir="$final_path/build-pict-rs/" --source_id="pict-rs"
ynh_setup_source --dest_dir="$final_path/build-iframely/" --source_id="docker-image-extract"
fi
chmod 750 "$final_path"
@ -181,14 +186,6 @@ then
ynh_secure_remove --file="$final_path/.cargo"
ynh_secure_remove --file="$final_path/.rustup"
# Install iframely
pushd $final_path/build-iframely
./docker-image-extract dogbin/iframely:latest
popd
mkdir -p "$final_path/iframely/"
rsync -a "$final_path/build-iframely/output/iframely/" "$final_path/iframely/"
ynh_secure_remove --file="$final_path/build-iframely"
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
ynh_package_autoremove
fi
@ -208,11 +205,6 @@ ynh_add_config --template="../conf/lemmy.hjson" --destination="$final_path/confi
chmod 400 "$final_path/config/config.hjson"
chown $app:$app "$final_path/config/config.hjson"
ynh_add_config --template="../conf/iframely.config.local.js" --destination="$final_path/iframely/iframely.config.local.js"
chmod 400 "$final_path/iframely/iframely.config.local.js"
chown $app:$app "$final_path/iframely/iframely.config.local.js"
#=================================================
# SETUP SYSTEMD
#=================================================
@ -221,7 +213,6 @@ ynh_script_progression --message="Upgrading systemd configuration..."
# Create a dedicated systemd config
ynh_add_systemd_config --service="$app" --template="lemmy.service"
ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
ynh_add_systemd_config --service="$app-iframely" --template="iframely.service"
ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service"
#=================================================
@ -247,7 +238,6 @@ ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log"
yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log"
yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log"
#=================================================
# START SYSTEMD SERVICE
@ -257,7 +247,6 @@ ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd
#=================================================
# RELOAD NGINX