1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/lemmy_ynh.git synced 2024-09-03 19:36:09 +02:00

Merge pull request #8 from YunoHost-Apps/testing

Testing
This commit is contained in:
yalh76 2021-09-16 20:13:37 +02:00 committed by GitHub
commit 99efad793f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
29 changed files with 1025 additions and 303 deletions

View file

@ -8,7 +8,7 @@ about: When creating a bug report, please use the following template to provide
1. *Read this whole template first.*
2. *Determine if you are on the right place:*
- *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!*
- *Otherwise, the issue may be due to REPLACEBYYOURAPP itself. Refer to its documentation or repository for help.*
- *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.*
- *When in doubt, post here and we will figure it out together.*
3. *Delete the italic comments as you write over them below, and remove this guide.*
---
@ -31,7 +31,7 @@ about: When creating a bug report, please use the following template to provide
- *If you performed a command from the CLI, the command itself is enough. For example:*
```sh
sudo yunohost app install REPLACEBYYOURAPP
sudo yunohost app install the_app
```
- *If you used the webadmin, please perform the equivalent command from the CLI first.*
- *If the error occurs in your browser, explain what you did:*

16
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,16 @@
## Problem
- *Description of why you made this PR*
## Solution
- *And how do you fix that problem*
## PR Status
- [ ] Code finished and ready to be reviewed/tested
- [ ] The fix/enhancement were manually tested (if applicable)
## Automatic tests
Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization)

View file

@ -1,74 +1,52 @@
<!--
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
It shall NOT be edited by hand.
-->
# lemmy for YunoHost
# Lemmy app for YunoHost
**Warning:** This app uses Docker. YunoHost do not encourages to use black box container technologies like Docker and Ansible.
[![Integration level](https://dash.yunohost.org/integration/lemmy.svg)](https://dash.yunohost.org/appci/app/lemmy) ![](https://ci-apps.yunohost.org/ci/badges/lemmy.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/lemmy.maintain.svg)
[![Install lemmy with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=lemmy)
Then why this package uses Docker?
It's because the developers of the core app do not support simple installation. And packaging without documentaion is time consuming.
*[Lire ce readme en français.](./README_fr.md)*
[![Integration level](https://dash.yunohost.org/integration/lemmy.svg)](https://dash.yunohost.org/appci/app/lemmy) ![](https://ci-apps.yunohost.org/ci/badges/lemmy.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/lemmy.maintain.svg)
[![Install Lemmy with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=lemmy)
> *This package allows you to install Lemmy quickly and simply on a YunoHost server.
> *This package allows you to install lemmy quickly and simply on a YunoHost server.
If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
## Overview
Lemmy is similar to sites like Reddit, Lobste.rs, Raddle, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse.
**Shipped version:** 0.9.9
A link aggregator / Reddit clone for the fediverse.
**Shipped version:** 0.11.3~ynh1
**Demo:** https://join.lemmy.ml/join/
## Screenshots
![](https://raw.githubusercontent.com/LemmyNet/joinlemmy-site/main/static/images/main_img.webp)
![](./doc/screenshots/screenshot1.webp)
## Demo
## Disclaimers / important information
* [Official demo](https://join.lemmy.ml/join/)
* Any known limitations, constrains or stuff not working, such as (but not limited to):
* Lemmy require full domain path to be installed. Eg. lemmy.domain.tld
* The admin username and password will be sent to the admin of the YunoHost through mail.
## Documentation and resources
## Configuration
Lemmy require full domain path to be instlled. Eg. lemmy.domain.tld
The admin username and password will be sent to the admin of the YunoHost through mail.
## Documentation
* Official documentation: https://join.lemmy.ml/docs/en/index.html
## YunoHost specific features
#### Multi-user support
Are LDAP and HTTP auth supported? No
Can the app be used by multiple users? Yes
#### Supported architectures
* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/lemmy%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/lemmy/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/lemmy%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/lemmy/)
## Links
* Report a bug: https://github.com/YunoHost-Apps/lemmy_ynh/issues
* App website: https://join.lemmy.ml
* Upstream app repository: https://github.com/LemmyNet/lemmy
* YunoHost website: https://yunohost.org/
---
* Official app website: https://join-lemmy.org/
* Official admin documentation: https://join-lemmy.org/docs/en/
* Upstream app code repository: https://github.com/LemmyNet/lemmy
* YunoHost documentation for this app: https://yunohost.org/app_lemmy
* Report a bug: https://github.com/YunoHost-Apps/lemmy_ynh/issues
## Developer info
**Only if you want to use a testing branch for coding, instead of merging directly into master.**
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/lemmy_ynh/tree/testing).
To try the testing branch, please proceed like that.
```
sudo yunohost app install https://github.com/YunoHost-Apps/lemmy_ynh/tree/testing --debug
or
sudo yunohost app upgrade lemmy -u https://github.com/YunoHost-Apps/lemmy_ynh/tree/testing --debug
```
**More info regarding app packaging:** https://yunohost.org/packaging_apps

48
README_fr.md Normal file
View file

@ -0,0 +1,48 @@
# lemmy pour YunoHost
[![Niveau d'intégration](https://dash.yunohost.org/integration/lemmy.svg)](https://dash.yunohost.org/appci/app/lemmy) ![](https://ci-apps.yunohost.org/ci/badges/lemmy.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/lemmy.maintain.svg)
[![Installer lemmy avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=lemmy)
*[Read this readme in english.](./README.md)*
*[Lire ce readme en français.](./README_fr.md)*
> *Ce package vous permet d'installer lemmy rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
## Vue d'ensemble
**Version incluse :** 0.11.3~ynh1
**Démo :** https://join.lemmy.ml/join/
## Captures d'écran
![](./doc/screenshots/screenshot1.webp)
## Avertissements / informations importantes
* Any known limitations, constrains or stuff not working, such as (but not limited to):
* Lemmy require full domain path to be installed. Eg. lemmy.domain.tld
* The admin username and password will be sent to the admin of the YunoHost through mail.
## Documentations et ressources
* Site officiel de l'app : https://join-lemmy.org/
* Documentation officielle de l'admin : https://join-lemmy.org/docs/en/
* Dépôt de code officiel de l'app : https://github.com/LemmyNet/lemmy
* Documentation YunoHost pour cette app : https://yunohost.org/app_lemmy
* Signaler un bug : https://github.com/YunoHost-Apps/lemmy_ynh/issues
## Informations pour les développeurs
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/lemmy_ynh/tree/testing).
Pour essayer la branche testing, procédez comme suit.
```
sudo yunohost app install https://github.com/YunoHost-Apps/lemmy_ynh/tree/testing --debug
ou
sudo yunohost app upgrade lemmy -u https://github.com/YunoHost-Apps/lemmy_ynh/tree/testing --debug
```
**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps

View file

@ -1,14 +1,9 @@
# See here for more information
# https://github.com/YunoHost/package_check#syntax-check_process-file
# Move this file from check_process.default to check_process when you have filled it.
;; Test complet
; Manifest
domain="domain.tld" (DOMAIN)
path="/path" (PATH)
admin="john" (USER)
sitename="lemmy website) (SITENAME)
domain="domain.tld"
path="/"
admin="john"
sitename="lemmy website"
; Checks
pkg_linter=1
setup_sub_dir=0

View file

@ -1,7 +0,0 @@
SOURCE_URL=url of app's source
SOURCE_SUM=sha256 checksum
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

View file

@ -1,56 +0,0 @@
version: "2.2"
services:
postgres:
image: postgres:12-alpine
environment:
- POSTGRES_USER=lemmy
- POSTGRES_PASSWORD=password
- POSTGRES_DB=lemmy
volumes:
- ./volumes/postgres:/var/lib/postgresql/data
restart: always
lemmy:
image: dessalines/lemmy:0.9.9
ports:
- "127.0.0.1:__PORT__LEMMY__:8536"
restart: always
environment:
- RUST_LOG=error
volumes:
- ./lemmy.hjson:/config/config.hjson
depends_on:
- postgres
- pictrs
- iframely
lemmy-ui:
image: dessalines/lemmy-ui:0.9.9
ports:
- "127.0.0.1:__PORT_UI__:1234"
restart: always
environment:
- LEMMY_INTERNAL_HOST=lemmy:8536
- LEMMY_EXTERNAL_HOST=localhost:__PORT__LEMMY__
- LEMMY_HTTPS=false
depends_on:
- lemmy
pictrs:
image: asonix/pictrs:v0.2.5-r0
ports:
- "127.0.0.1:__PORT_PICTRS__:8080"
user: 991:991
volumes:
- ./volumes/pictrs:/mnt
restart: always
iframely:
image: dogbin/iframely:latest
ports:
- "127.0.0.1:__PORT_IFRAMELY__:80"
volumes:
- ./iframely.config.local.js:/iframely/config.local.js:ro
restart: always
mem_limit: 100m

View file

@ -0,0 +1,7 @@
SOURCE_URL=https://codeload.github.com/jjlin/docker-image-extract/tar.gz/a9e455e44bbbfba897bf3342d9661b182cee67a9
SOURCE_SUM=9eb0c734e83a3fd7102fc7209af4977024ec467fbc819782491af47295675f67
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

View file

@ -37,7 +37,7 @@
},
*/
port: 80, //can be overridden by PORT env var
port: __PORT_IFRAMELY__, //can be overridden by PORT env var
host: '0.0.0.0', // Dockers beware. See https://github.com/itteco/iframely/issues/132#issuecomment-242991246
//can be overridden by HOST env var

45
conf/iframely.service Normal file
View file

@ -0,0 +1,45 @@
[Unit]
Description=__APP__ Iframely Daemon
After=network.target
[Service]
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__/iframely/
ExecStart=__YNH_NODE__ -- server
StandardOutput=append:/var/log/__APP__/__APP__-iframely.log
StandardError=inherit
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

7
conf/imagemagick.src Normal file
View file

@ -0,0 +1,7 @@
SOURCE_URL=https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.0.10-62.tar.gz
SOURCE_SUM=84442158aea070095efa832cfe868fd99d6befdf609444f0c9e9f1b4f25480cd
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

View file

@ -0,0 +1,7 @@
SOURCE_URL=https://codeload.github.com/LemmyNet/lemmy-translations/tar.gz/9e3dfebe14693553f1002ef06f02201ca1d52863
SOURCE_SUM=1693789ac4d6a3905530b2cf76ad50151082f5e96d1639dc06e30219649a6c87
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

49
conf/lemmy-ui.service Normal file
View file

@ -0,0 +1,49 @@
[Unit]
Description=__APP__ Lemmy UI Daemon
After=network.target
[Service]
Type=simple
User=__APP__
Group=__APP__
Environment="LEMMY_INTERNAL_HOST=127.0.0.1:__PORT_LEMMY__"
Environment="LEMMY_EXTERNAL_HOST=__DOMAIN__"
Environment="LEMMY_HTTPS=true"
Environment="LEMMY_UI_HOST=0.0.0.0:__PORT_UI__"
WorkingDirectory=__FINALPATH__/lemmy-ui/
ExecStart=__YNH_NODE__ dist/js/server.js
StandardOutput=append:/var/log/__APP__/__APP__-ui.log
StandardError=inherit
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

View file

@ -6,41 +6,90 @@
# username for the admin user
admin_username: "__ADMIN__"
# password for the admin user
admin_password: "__ADMIN_PASS__"
admin_password: "__PASSWORD__"
# optional: email for the admin user (can be omitted and set later through the website)
admin_email: "__ADMIN_EMAIL__"
# name of the site (can be changed later)
site_name: "__NAME__"
site_name: "__SITENAME__"
}
# settings related to the postgresql database
database: {
# username to connect to postgres
user: "__DB_USER__"
# password to connect to postgres
password: "__DB_PWD__"
# host where postgres is running
host: "localhost"
# port where postgres can be accessed
port: 5432
# name of the postgres database for lemmy
database: "__DB_NAME__"
# maximum number of active sql connections
pool_size: 5
}
# the domain name of your instance (eg "lemmy.ml")
hostname: "__DOMAIN__"
# address where lemmy should listen for incoming requests
bind: "0.0.0.0"
# port where lemmy should listen for incoming requests
port: 8536
port: __PORT_LEMMY__
# whether tls is required for activitypub. only disable this for debugging, never for producion.
tls_enabled: true
# json web token for authorization between server and client
jwt_secret: "__RANDOM__"
# settings related to the postgresql database
database: {
# name of the postgres database for lemmy
database: "lemmy"
# username to connect to postgres
user: "lemmy"
# password to connect to postgres
password: "password"
# host where postgres is running
host: "postgres"
# address where pictrs is available
pictrs_url: "http://127.0.0.1:__PORT_PICTRS__"
# address where iframely is available
iframely_url: "http://127.0.0.1:__PORT_IFRAMELY__"
# rate limits for various user actions, by user ip
rate_limit: {
# maximum number of messages created in interval
message: 180
# interval length for message limit
message_per_second: 60
# maximum number of posts created in interval
post: 6
# interval length for post limit
post_per_second: 600
# maximum number of registrations in interval
register: 3
# interval length for registration limit
register_per_second: 3600
# maximum number of image uploads in interval
image: 6
# interval length for image uploads
image_per_second: 3600
}
# settings related to activitypub federation
federation: {
# whether to enable activitypub federation.
enabled: true
# Allows and blocks are described here:
# https://join-lemmy.org/docs/en/federation/administration.html#instance-allowlist-and-blocklist
#
# list of instances with which federation is allowed
# allowed_instances: ["instance1.tld","instance2.tld"]
# instances which we never federate anything with (but previously federated objects are unaffected)
# blocked_instances: []
# If true, only federate with instances on the allowlist and block everything else. If false,
# use allowlist only for remote communities, and posts/comments in local communities.
# strict_allowlist: true
}
captcha: {
enabled: true
difficulty: medium # Can be easy, medium, or hard
}
# email sending configuration
email: {
# hostname and port of the smtp server
smtp_server: "127.0.0.1:25"
# login name for smtp server
smtp_login: ""
# password to login to the smtp server
smtp_password: ""
# address to send emails from, eg "noreply@your-instance.com"
smtp_from_address: "lemmy@__DOMAIN__"
# whether or not smtp connections should use tls
use_tls: true
}
# # optional: email sending configuration
# email: {
# # hostname and port of the smtp server
smtp_server: "127.0.0.1:25"
# # login name for smtp server
smtp_login: ""
# # password to login to the smtp server
smtp_password: ""
# # address to send emails from, eg "noreply@your-instance.com"
smtp_from_address: "lemmy@__DOMAIN__"
# # whether or not smtp connections should use tls
use_tls: true
# }
}

46
conf/lemmy.service Normal file
View file

@ -0,0 +1,46 @@
[Unit]
Description=__APP__ Lemmy Daemon
After=network.target
[Service]
Type=simple
User=__APP__
Group=__APP__
Environment="LEMMY_CONFIG_LOCATION=__FINALPATH__/config/config.hjson"
WorkingDirectory=__FINALPATH__/lemmy/
ExecStart=__FINALPATH__/lemmy/lemmy
StandardOutput=append:/var/log/__APP__/__APP__.log
StandardError=inherit
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

45
conf/pict-rs.service Normal file
View file

@ -0,0 +1,45 @@
[Unit]
Description=__APP__ pict-rs Daemon
After=network.target
[Service]
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__/pict-rs/
ExecStart=__FINALPATH__/pict-rs/pict-rs -a 127.0.0.1:__PORT_PICTRS__ -p __DATADIR__/pictrs-data
StandardOutput=append:/var/log/__APP__/__APP__-pict-rs.log
StandardError=inherit
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

7
conf/pict-rs.src Normal file
View file

@ -0,0 +1,7 @@
SOURCE_URL=https://git.asonix.dog/asonix/pict-rs/archive/v0.2.6-r2.tar.gz
SOURCE_SUM=c8542ff79fc2f0699b33994d6718a9f8f4bfc94e6c7c7e1e5dc13911afd40d10
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

0
doc/.gitkeep Normal file
View file

3
doc/DISCLAIMER.md Normal file
View file

@ -0,0 +1,3 @@
* Any known limitations, constrains or stuff not working, such as (but not limited to):
* Lemmy require full domain path to be installed. Eg. lemmy.domain.tld
* The admin username and password will be sent to the admin of the YunoHost through mail.

0
doc/screenshots/.gitkeep Normal file
View file

Binary file not shown.

After

Width:  |  Height:  |  Size: 97 KiB

View file

@ -5,8 +5,15 @@
"description": {
"en": "A link aggregator / Reddit clone for the fediverse."
},
"version": "0.9.9~ynh1",
"version": "0.11.3~ynh1",
"url": "https://join.lemmy.ml/",
"upstream": {
"license": "GPL-3.0",
"website": "https://join-lemmy.org/",
"demo": "https://join.lemmy.ml/join/",
"admindoc": "https://join-lemmy.org/docs/en/",
"code": "https://github.com/LemmyNet/lemmy"
},
"license": "GPL-3.0",
"maintainer": {
"name": "Anmol Sharma",
@ -25,19 +32,11 @@
{
"name": "domain",
"type": "domain",
"ask": {
"en": "Choose a domain name for Lemmy",
"fr": "Choisissez un nom de domaine pour Lemmy"
},
"example": "example.com"
},
{
"name": "admin",
"type": "string",
"ask": {
"en": "Choose an admin username",
"fr": "Choisissez l'administrateur"
},
"type": "user",
"example": "johndoe"
},
{
@ -48,7 +47,6 @@
},
"example": "lemmy website"
}
]
}
}

View file

@ -1,16 +0,0 @@
## Problem
- *Description of why you made this PR*
## Solution
- *And how do you fix that problem*
## PR Status
- [ ] Code finished.
- [ ] Tested with Package_check.
- [ ] Fix or enhancement tested.
- [ ] Upgrade from last version tested.
- [ ] Can be reviewed and tested.
## Package_check results
---
* An automatic package_check will be launch at https://ci-apps-dev.yunohost.org/, when you add a specific comment to your Pull Request: "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!"*

View file

@ -5,7 +5,26 @@
#=================================================
# dependencies used by the app
pkg_dependencies="deb1 deb2 php$YNH_DEFAULT_PHP_VERSION-deb1 php$YNH_DEFAULT_PHP_VERSION-deb2"
lemmy_dependencies="postgresql postgresql-contrib"
lemmyui_dependencies="espeak"
imagemagick_build_dependencies="libltdl-dev libjpeg-dev libpng-dev libwebp-dev liblzma-dev libxml2-dev"
imagemagick_dependencies=""
pictrs_build_dependencies="pkg-config build-essential libgexiv2-dev libxml2 libltdl7 libavcodec-dev libavfilter-dev libavdevice-dev libavformat-dev libavresample-dev libavutil-dev libswscale-dev libswresample-dev llvm-dev libclang-dev clang"
pictrs_dependencies="libgexiv2-2 libpng16-16 libjpeg62-turbo libwebp6 libwebpdemux2 libwebpmux3 libltdl7 libgomp1 libxml2 libavcodec58 libavfilter7 libavdevice58 libavformat58 libavresample4 libavutil56 libswscale5 libswresample3 tini"
iframely_dependencies="musl-dev"
pkg_dependencies="$lemmy_dependencies $lemmyui_dependencies $imagemagick_dependencies $pictrs_dependencies $iframely_dependencies"
pkg_build_dependencies="$imagemagick_build_dependencies $pictrs_build_dependencies"
NODEJS_VERSION=12
LEMMY_VERSION=0.11.3
LEMMYUI_VERSION=0.11.3
PICTRS_VERSION=v0.2.6-r2
IFRAMELY_VERSION=latest
#=================================================
# PERSONAL HELPERS

View file

@ -15,7 +15,6 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
@ -30,26 +29,55 @@ app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
ynh_print_info --message="Declaring files to be backed up..."
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup --src_path="$final_path"
#=================================================
# BACKUP THE DATA DIR
#=================================================
ynh_backup --src_path="$datadir" --is_big
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP LOGROTATE
#=================================================
ynh_backup --src_path="/etc/logrotate.d/$app"
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_backup --src_path="/etc/systemd/system/$app.service"
ynh_backup --src_path="/etc/systemd/system/$app-ui.service"
ynh_backup --src_path="/etc/systemd/system/$app-iframely.service"
ynh_backup --src_path="/etc/systemd/system/$app-pict-rs.service"
#=================================================
# BACKUP THE POSTGRESQL DATABASE
#=================================================
ynh_print_info --message="Backing up the PostgreSQL database..."
ynh_psql_dump_db --database="$db_name" > db.sql
#=================================================
# END OF SCRIPT

View file

@ -14,8 +14,7 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
@ -26,19 +25,18 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN
path_url="/"
version=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4)
admin=$YNH_APP_ARG_ADMIN
password=$(ynh_string_random --length=12)
sitename=$YNH_APP_ARG_SITENAME
random=$(ynh_string_random --length=10)
admin_email=$(ynh_user_get_info --username=$admin --key="mail")
app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=1
ynh_script_progression --message="Validating installation parameters..."
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
@ -49,7 +47,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
@ -63,97 +61,231 @@ ynh_app_setting_set --app=$app --key=random --value=$random
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding an available port..." --weight=1
ynh_script_progression --message="Finding an available port..."
# Find an available port
port_lemmy=$(ynh_find_port --port=8536)
port_ui=$(ynh_find_port --port=1235)
port_pictrs=$(ynh_find_port --port=8537)
port_iframely=$(ynh_find_port --port=8061)
ynh_app_setting_set --app=$app --key=port_lemmy --value=$port_lemmy
port_ui=$(ynh_find_port --port=1235)
ynh_app_setting_set --app=$app --key=port_ui --value=$port_ui
port_pictrs=$(ynh_find_port --port=8537)
ynh_app_setting_set --app=$app --key=port_pictrs --value=$port_pictrs
port_iframely=$(ynh_find_port --port=8061)
ynh_app_setting_set --app=$app --key=port_iframely --value=$port_iframely
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=1
ynh_script_progression --message="Installing dependencies..."
#ynh_install_app_dependencies $pkg_dependencies
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $pkg_build_dependencies
ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
ynh_use_nodejs
ln -fs /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1
# Install Docker and compose
curl -sSL https://get.docker.com | sh
systemctl enable docker --quiet
curl -L https://github.com/docker/compose/releases/download/${version}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app --home_dir=$final_path
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Creating a PostgreSQL database..."
ynh_psql_test_if_first_run
db_name=$(ynh_sanitize_dbid --db_name=$app)
db_user=$db_name
db_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=1
ynh_script_progression --message="Setting up source files..."
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path/build-lemmy/" --source_id="docker-image-extract"
ynh_setup_source --dest_dir="$final_path/build-lemmy-ui/" --source_id="docker-image-extract"
ynh_setup_source --dest_dir="$final_path/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
ynh_setup_source --dest_dir="$final_path/build-pict-rs/" --source_id="pict-rs"
ynh_setup_source --dest_dir="$final_path/build-iframely/" --source_id="docker-image-extract"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
mkdir "$final_path"
cp -f ../conf/docker-compose.yml "$final_path/docker-compose.yml"
cp -f ../conf/lemmy.hjson "$final_path/lemmy.hjson"
cp -f ../conf/iframely.config.local.js "$final_path/iframely.config.local.js"
pushd "$final_path"
mkdir -p volumes/pictrs
chown -R 991:991 volumes/pictrs
popd
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
ynh_script_progression --message="Configuring NGINX web server..."
# Create a dedicated NGINX config
ynh_add_nginx_config 'port_lemmy port_ui port_pictrs port_iframely'
ynh_add_nginx_config
#=================================================
# MODIFY A CONFIG FILE
# SPECIFIC SETUP
#=================================================
# CREATE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Creating a data directory..."
datadir=/home/yunohost.app/$app
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
mkdir -p $datadir/pictrs-data
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__ADMIN_PASS__" --replace_string="$password" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__NAME__" --replace_string="$sitename" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__RANDOM__" --replace_string="$random" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__PORT__LEMMY__" --replace_string="$port_lemmy" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__PORT_UI__" --replace_string="$port_ui" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__PORT_PICTRS__" --replace_string="$port_pictrs" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__PORT_IFRAMELY__" --replace_string="$port_iframely" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/iframely.config.local.js"
chmod 750 "$datadir"
chmod -R o-rwx "$datadir"
chown -R $app:$app "$datadir"
#=================================================
# MAKE INSTALL
#=================================================
ynh_script_progression --message="Making install..."
# Install lemmy
pushd $final_path/build-lemmy
./docker-image-extract dessalines/lemmy:$LEMMY_VERSION
popd
mkdir -p "$final_path/lemmy/"
mv -f "$final_path/build-lemmy/output/app/lemmy" "$final_path/lemmy/lemmy"
ynh_secure_remove --file="$final_path/build-lemmy"
# Install lemmy-ui
pushd $final_path/build-lemmy-ui
./docker-image-extract dessalines/lemmy-ui:$LEMMYUI_VERSION
popd
mkdir -p "$final_path/lemmy-ui/"
rsync -a "$final_path/build-lemmy-ui/output/app/" "$final_path/lemmy-ui/"
ynh_secure_remove --file="$final_path/build-lemmy-ui"
# Install ImageMagick
pushd "$final_path/build-imagemagick/"
ynh_exec_warn_less ./configure --with-modules
ynh_exec_warn_less make
ynh_exec_warn_less make install
ynh_exec_warn_less ldconfig /usr/local/lib
popd
ynh_secure_remove --file="$final_path/build-imagemagick"
# Install rustup with the toolchain needed by pict-rs
pushd "$final_path"
sudo -u "$app" RUSTUP_HOME="$final_path/.rustup" CARGO_HOME="$final_path/.cargo" bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly'
popd
export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin"
# Install pict-rs
pushd $final_path/build-pict-rs
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --release
popd
mkdir -p "$final_path/pict-rs/"
mv -f "$final_path/build-pict-rs/target/release/pict-rs" "$final_path/pict-rs/pict-rs"
ynh_secure_remove --file="$final_path/build-pict-rs"
# Remove rustup
ynh_secure_remove --file="$final_path/.cargo"
ynh_secure_remove --file="$final_path/.rustup"
# Install iframely
pushd $final_path/build-iframely
./docker-image-extract dogbin/iframely:$IFRAMELY_VERSION
popd
mkdir -p "$final_path/iframely/"
rsync -a "$final_path/build-iframely/output/iframely/" "$final_path/iframely/"
ynh_secure_remove --file="$final_path/build-iframely"
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#=================================================
# ADD A CONFIGURATION
#=================================================
ynh_script_progression --message="Adding a configuration file..."
mkdir -p "$final_path/config/"
ynh_add_config --template="../conf/lemmy.hjson" --destination="$final_path/config/config.hjson"
chmod 400 "$final_path/config/config.hjson"
chown $app:$app "$final_path/config/config.hjson"
ynh_add_config --template="../conf/iframely.config.local.js" --destination="$final_path/iframely/iframely.config.local.js"
chmod 400 "$final_path/iframely/iframely.config.local.js"
chown $app:$app "$final_path/iframely/iframely.config.local.js"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Configuring a systemd service..."
# Create a dedicated systemd config
ynh_add_systemd_config --service="$app" --template="lemmy.service"
ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
ynh_add_systemd_config --service="$app-iframely" --template="iframely.service"
ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..."
mkdir -p "/var/log/$app"
chmod 750 "/var/log/$app"
chmod -R o-rwx "/var/log/$app"
chown -R $app:$app "/var/log/$app"
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log"
yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log"
yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1
ynh_script_progression --message="Configuring permissions..."
# Make app public
ynh_permission_update --permission="main" --add="visitors"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# Run Lemmy through Docker
#=================================================
# chown -R $(whoami) /usr/local/bin
chmod +x /usr/local/bin/docker-compose
cd "$final_path" && docker-compose up -d
#=================================================
# SEND A README FOR THE ADMIN
#=================================================
@ -175,4 +307,4 @@ ynh_send_readme_to_admin "$message"
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --last
ynh_script_progression --message="Installation of $app completed"

View file

@ -12,30 +12,99 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# STANDARD REMOVE
#=================================================
cd "$final_path" && docker-compose down --rmi all
# REMOVE SERVICE INTEGRATION IN YUNOHOST
#=================================================
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app service integration..."
yunohost service remove $app
fi
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app-ui service integration..."
yunohost service remove $app-ui
fi
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app-iframely service integration..."
yunohost service remove $app-iframely
fi
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app-pict-rs service integration..."
yunohost service remove $app-pict-rs
fi
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
ynh_script_progression --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config
ynh_remove_systemd_config
ynh_remove_systemd_config --service=$app-ui
ynh_remove_systemd_config --service=$app-iframely
ynh_remove_systemd_config --service=$app-pict-rs
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..."
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# REMOVE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Removing the PostgreSQL database..."
# Remove a database if it exists, along with the associated user
ynh_psql_remove_db --db_user=$db_user --db_name=$db_name
#=================================================
# REMOVE IMAGEMAGICK
#=================================================
ynh_script_progression --message="Removing ImageMagick..."
ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
# Install ImageMagick
pushd "$final_path/build-imagemagick/"
ynh_exec_warn_less ./configure
ynh_exec_warn_less make uninstall
popd
ynh_secure_remove --file="$final_path/build-imagemagick"
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=1
ynh_script_progression --message="Removing dependencies..."
# Remove metapackage and its dependencies
ynh_remove_nodejs
ynh_remove_app_dependencies
ynh_secure_remove --file="/lib/libc.musl-x86_64.so.1"
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..." --weight=1
ynh_script_progression --message="Removing app main directory..."
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
@ -43,13 +112,33 @@ ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
ynh_script_progression --message="Removing NGINX web server configuration..."
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# SPECIFIC REMOVE
#=================================================
# REMOVE VARIOUS FILES
#=================================================
ynh_script_progression --message="Removing various files..."
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..."
# Delete a system user
ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Removal of $app completed" --last
ynh_script_progression --message="Removal of $app completed"

View file

@ -15,8 +15,7 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
#### Remove this function if there's nothing to clean before calling the remove script.
true
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
@ -24,19 +23,22 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
version=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=1
ynh_script_progression --message="Validating restoration parameters..."
ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die --message="Path not available: ${domain}${path_url}"
@ -48,45 +50,136 @@ test ! -d $final_path \
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the NGINX web server configuration..."
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir=$final_path
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_script_progression --message="Restoring the app main directory..."
ynh_restore_file --origin_path="$final_path"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#=================================================
# INSTALL DEPENDENCIES
# RESTORE THE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=1
ynh_script_progression --message="Restoring the data directory..."
#ynh_install_app_dependencies $pkg_dependencies
ynh_restore_file --origin_path="$datadir" --not_mandatory
# Install Docker and compose
curl -sSL https://get.docker.com | sh
systemctl enable docker --quiet
curl -L https://github.com/docker/compose/releases/download/${version}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
mkdir -p $datadir
chmod 750 "$datadir"
chmod -R o-rwx "$datadir"
chown -R $app:$app "$datadir"
#=================================================
# SPECIFIC RESTORATION
#=================================================
# Run Lemmy through Docker
# REINSTALL DEPENDENCIES
#=================================================
# chown -R $(whoami) /usr/local/bin
ynh_script_progression --message="Reinstalling dependencies..."
chmod +x /usr/local/bin/docker-compose
cd "$final_path" && docker-compose up -d
# Define and install dependencies
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
ynh_use_nodejs
ln -fs /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1
#=================================================
# BUILDING IMAGEMAGICK
#=================================================
ynh_script_progression --message="Building ImageMagick..."
ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $imagemagick_build_dependencies
# Install ImageMagick
pushd "$final_path/build-imagemagick/"
ynh_exec_warn_less ./configure --with-modules
ynh_exec_warn_less make
ynh_exec_warn_less make install
ynh_exec_warn_less ldconfig /usr/local/lib
popd
ynh_secure_remove --file="$final_path/build-imagemagick"
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
#=================================================
# RESTORE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the PostgreSQL database..."
ynh_psql_test_if_first_run
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name"
#=================================================
# RESTORE SYSTEMD
#=================================================
ynh_script_progression --message="Restoring the systemd configuration..."
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet
ynh_restore_file --origin_path="/etc/systemd/system/$app-ui.service"
systemctl enable $app-ui.service --quiet
ynh_restore_file --origin_path="/etc/systemd/system/$app-iframely.service"
systemctl enable $app-iframely.service --quiet
ynh_restore_file --origin_path="/etc/systemd/system/$app-pict-rs.service"
systemctl enable $app-pict-rs.service --quiet
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..."
mkdir -p "/var/log/$app"
chmod 750 "/var/log/$app"
chmod -R o-rwx "/var/log/$app"
chown -R $app:$app "/var/log/$app"
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log"
yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log"
yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
@ -94,4 +187,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --last
ynh_script_progression --message="Restoration completed for $app"

View file

@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
@ -20,6 +20,10 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
password=$(ynh_app_setting_get --app=$app --key=password)
sitename=$(ynh_app_setting_get --app=$app --key=sitename)
random=$(ynh_app_setting_get --app=$app --key=random)
@ -27,17 +31,24 @@ port_lemmy=$(ynh_app_setting_get --app=$app --key=port_lemmy)
port_ui=$(ynh_app_setting_get --app=$app --key=port_ui)
port_pictrs=$(ynh_app_setting_get --app=$app --key=port_pictrs)
port_iframely=$(ynh_app_setting_get --app=$app --key=port_iframely)
version=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4)
admin_email=$(ynh_user_get_info --username=$admin --key="mail")
#=================================================
# CHECK VERSION
#=================================================
ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
@ -47,7 +58,34 @@ ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped" --log_path=systemd
ynh_systemd_action --service_name=$app-ui --action="stop" --line_match="Stopped" --log_path=systemd
ynh_systemd_action --service_name=$app-pict-rs --action="stop" --line_match="Stopped" --log_path=systemd
ynh_systemd_action --service_name=$app-iframely --action="stop" --line_match="Stopped" --log_path=systemd
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..."
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir=$final_path
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
@ -55,78 +93,180 @@ ynh_abort_if_errors
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..." --weight=1
ynh_script_progression --message="Upgrading source files..."
# Download, check integrity, uncompress and patch the source from app.src
cp -f ../conf/docker-compose.yml "$final_path/docker-compose.yml"
cp -f ../conf/lemmy.hjson "$final_path/lemmy.hjson"
cp -f ../conf/iframely.config.local.js "$final_path/iframely.config.local.js"
pushd "$final_path"
chown -R 991:991 volumes/pictrs
popd
# Download, check integrity, uncompress the source of lemmy from app.src to his build directory
ynh_setup_source --dest_dir="$final_path/build-lemmy/" --source_id="docker-image-extract"
ynh_setup_source --dest_dir="$final_path/build-lemmy-ui/" --source_id="docker-image-extract"
ynh_setup_source --dest_dir="$final_path/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
ynh_setup_source --dest_dir="$final_path/build-pict-rs/" --source_id="pict-rs"
ynh_setup_source --dest_dir="$final_path/build-iframely/" --source_id="docker-image-extract"
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated NGINX config
ynh_add_nginx_config 'port_lemmy port_ui port_pictrs port_iframely'
ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=1
#ynh_install_app_dependencies $pkg_dependencies
# Install Docker and compose
curl -sSL https://get.docker.com | sh
systemctl enable docker --quiet
curl -L https://github.com/docker/compose/releases/download/${version}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
ynh_script_progression --message="Upgrading dependencies..."
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
ynh_use_nodejs
ln -fs /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1
#=================================================
# SPECIFIC UPGRADE
#=================================================
# MAKE UPGRADE
#=================================================
ynh_script_progression --message="Making upgrade..."
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $pkg_build_dependencies
# Install lemmy
pushd $final_path/build-lemmy
./docker-image-extract dessalines/lemmy:$LEMMY_VERSION
popd
mkdir -p "$final_path/lemmy/"
mv -f "$final_path/build-lemmy/output/app/lemmy" "$final_path/lemmy/lemmy"
ynh_secure_remove --file="$final_path/build-lemmy"
# Install lemmy-ui
pushd $final_path/build-lemmy-ui
./docker-image-extract dessalines/lemmy-ui:$LEMMYUI_VERSION
popd
mkdir -p "$final_path/lemmy-ui/"
rsync -a "$final_path/build-lemmy-ui/output/app/" "$final_path/lemmy-ui/"
ynh_secure_remove --file="$final_path/build-lemmy-ui"
# Install ImageMagick
pushd "$final_path/build-imagemagick/"
ynh_exec_warn_less ./configure --with-modules
ynh_exec_warn_less make
ynh_exec_warn_less make install
ynh_exec_warn_less ldconfig /usr/local/lib
popd
ynh_secure_remove --file="$final_path/build-imagemagick"
# Install rustup with the toolchain needed by pict-rs
pushd "$final_path"
sudo -u "$app" RUSTUP_HOME="$final_path/.rustup" CARGO_HOME="$final_path/.cargo" bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly'
popd
export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin"
# Install pict-rs
pushd $final_path/build-pict-rs
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --release
popd
mkdir -p "$final_path/pict-rs/"
mv -f "$final_path/build-pict-rs/target/release/pict-rs" "$final_path/pict-rs/pict-rs"
ynh_secure_remove --file="$final_path/build-pict-rs"
# Remove rustup
ynh_secure_remove --file="$final_path/.cargo"
ynh_secure_remove --file="$final_path/.rustup"
# Install iframely
pushd $final_path/build-iframely
./docker-image-extract dogbin/iframely:latest
popd
mkdir -p "$final_path/iframely/"
rsync -a "$final_path/build-iframely/output/iframely/" "$final_path/iframely/"
ynh_secure_remove --file="$final_path/build-iframely"
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#=================================================
# MODIFY A CONFIG FILE
# UPDATE A CONFIG FILE
#=================================================
ynh_script_progression --message="Updating a configuration file..."
mkdir -p "$final_path/lemmy/"
ynh_add_config --template="../conf/lemmy.hjson" --destination="$final_path/config/config.hjson"
ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/CONFIG_FILE"
chmod 400 "$final_path/config/config.hjson"
chown $app:$app "$final_path/config/config.hjson"
ynh_add_config --template="../conf/iframely.config.local.js" --destination="$final_path/iframely/iframely.config.local.js"
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__ADMIN_PASS__" --replace_string="$password" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__NAME__" --replace_string="$sitename" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__RANDOM__" --replace_string="$random" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__PORT__LEMMY__" --replace_string="$port_lemmy" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__PORT_UI__" --replace_string="$port_ui" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__PORT_PICTRS__" --replace_string="$port_pictrs" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__PORT_IFRAMELY__" --replace_string="$port_iframely" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/iframely.config.local.js"
chmod 400 "$final_path/iframely/iframely.config.local.js"
chown $app:$app "$final_path/iframely/iframely.config.local.js"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Upgrading systemd configuration..."
# Create a dedicated systemd config
ynh_add_systemd_config --service="$app" --template="lemmy.service"
ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
ynh_add_systemd_config --service="$app-iframely" --template="iframely.service"
ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..."
mkdir -p "/var/log/$app"
chmod 750 "/var/log/$app"
chmod -R o-rwx "/var/log/$app"
chown -R $app:$app "/var/log/$app"
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log"
yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log"
yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# Run Lemmy through Docker
#=================================================
#chown -R $(whoami) /usr/local/bin
chmod +x /usr/local/bin/docker-compose
cd "$final_path" && docker-compose up -d
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last
ynh_script_progression --message="Upgrade of $app completed"