From f7a3120e1ce1fb827cab8ac19143b2c58c5f68d1 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Thu, 15 Jun 2023 20:16:05 +0200 Subject: [PATCH 01/49] Upgrade sources --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 6a9045a..0218c7b 100644 --- a/manifest.toml +++ b/manifest.toml @@ -40,8 +40,8 @@ ram.runtime = "50M" autoupdate.strategy = "latest_github_commit" [resources.sources.lemmy-translations] - url = "https://github.com/LemmyNet/lemmy-translations/archive/2b5f0a7422e85410ca4d7e5a240866fc40c91bc8.tar.gz" - sha256 = "6fbd8e1b9f565ab72dee07f2f60d71c0552c38f3293d8ed7669945e0440f6d1b" + url = "https://github.com/LemmyNet/lemmy-translations/archive/98a5976849920f612292a8d1d7281ac50215cf70.tar.gz" + sha256 = "aa7021ab060cd3a0d92194334c8e723b17b2d88e828e5360450b6d772eb51fd5" autoupdate.upstream = "https://github.com/LemmyNet/lemmy-translations/" autoupdate.strategy = "latest_github_commit" From 7b23850383b55e7ae3ec8d3a4edf7040e88d39fa Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 23 Jun 2023 20:16:21 +0200 Subject: [PATCH 02/49] Upgrade sources --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 0218c7b..8c2ba79 100644 --- a/manifest.toml +++ b/manifest.toml @@ -40,8 +40,8 @@ ram.runtime = "50M" autoupdate.strategy = "latest_github_commit" [resources.sources.lemmy-translations] - url = "https://github.com/LemmyNet/lemmy-translations/archive/98a5976849920f612292a8d1d7281ac50215cf70.tar.gz" - sha256 = "aa7021ab060cd3a0d92194334c8e723b17b2d88e828e5360450b6d772eb51fd5" + url = "https://github.com/LemmyNet/lemmy-translations/archive/a241fe1255a6363c7ae1ec5a09520c066745e6ce.tar.gz" + sha256 = "3e3ac4c547c1040a80833d526bc0bd4e6bbad252a168de3ed81ee9d36aee8e5e" autoupdate.upstream = "https://github.com/LemmyNet/lemmy-translations/" autoupdate.strategy = "latest_github_commit" From 06e92c99de251c5c378d3e2e29f64a4e25121bf0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 20:53:49 +0200 Subject: [PATCH 03/49] Update manifest.toml --- manifest.toml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manifest.toml b/manifest.toml index 0218c7b..dfa5f67 100644 --- a/manifest.toml +++ b/manifest.toml @@ -30,6 +30,10 @@ ram.runtime = "50M" type = "domain" full_domain = true + [install.init_main_permission] + type = "group" + default = "visitors" + [resources] [resources.sources] From c8f600876b2a34dc1f7ccf578f42c6978abd04b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 20:54:58 +0200 Subject: [PATCH 04/49] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index bb33055..cf5c856 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Lemmy" description.en = "Link aggregator/Reddit clone for the fediverse" description.fr = "Agrégateur de liens/clone Reddit pour le fedivers" -version = "0.16.7~ynh2" +version = "0.16.7~ynh3" maintainers = [] From bf161e309bf4272d350ec6d5739bb4dfe6918613 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 23 Jun 2023 18:55:03 +0000 Subject: [PATCH 05/49] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d4a1ddf..6012991 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Shipped version:** 0.16.7~ynh2 +**Shipped version:** 0.16.7~ynh3 **Demo:** https://lemmy.ml/ diff --git a/README_fr.md b/README_fr.md index 859ae42..e1a767e 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Version incluse :** 0.16.7~ynh2 +**Version incluse :** 0.16.7~ynh3 **Démo :** https://lemmy.ml/ From 37aa8a2e15189fbd78bea229f04c948072ebd7d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 21:05:01 +0200 Subject: [PATCH 06/49] Update manifest.toml --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index cf5c856..0155ebf 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Lemmy" description.en = "Link aggregator/Reddit clone for the fediverse" description.fr = "Agrégateur de liens/clone Reddit pour le fedivers" -version = "0.16.7~ynh3" +version = "0.18.0~ynh1" maintainers = [] @@ -17,7 +17,7 @@ admindoc = "https://join-lemmy.org/docs/en/" code = "https://github.com/LemmyNet/lemmy" [integration] -yunohost = ">= 11.1.20" +yunohost = ">= 11.1.21" architectures = "all" multi_instance = false ldap = false From 126bfe9acf07e2455d1426845f39ef6865f63a13 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 23 Jun 2023 19:05:05 +0000 Subject: [PATCH 07/49] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d4a1ddf..57739d8 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Shipped version:** 0.16.7~ynh2 +**Shipped version:** 0.18.0~ynh1 **Demo:** https://lemmy.ml/ diff --git a/README_fr.md b/README_fr.md index 859ae42..565452b 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Version incluse :** 0.16.7~ynh2 +**Version incluse :** 0.18.0~ynh1 **Démo :** https://lemmy.ml/ From 97cb4bc3fc3af8bb4766179202a948c171edd6a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 21:27:19 +0200 Subject: [PATCH 08/49] Update _common.sh --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 702e69f..3693f10 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -NODEJS_VERSION=18 +NODEJS_VERSION=16 #================================================= # PERSONAL HELPERS From a90ba89e7318fb5a7783e171c8a7b231ea141cd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 21:33:02 +0200 Subject: [PATCH 09/49] fix --- manifest.toml | 2 +- scripts/_common.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 0155ebf..4897bba 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Lemmy" description.en = "Link aggregator/Reddit clone for the fediverse" description.fr = "Agrégateur de liens/clone Reddit pour le fedivers" -version = "0.18.0~ynh1" +version = "0.17.4~ynh1" maintainers = [] diff --git a/scripts/_common.sh b/scripts/_common.sh index 3693f10..702e69f 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -NODEJS_VERSION=16 +NODEJS_VERSION=18 #================================================= # PERSONAL HELPERS From 29d07790136bf82a95d4748c0198232305b05dc4 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 23 Jun 2023 19:33:07 +0000 Subject: [PATCH 10/49] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 57739d8..913b5bc 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Shipped version:** 0.18.0~ynh1 +**Shipped version:** 0.17.4~ynh1 **Demo:** https://lemmy.ml/ diff --git a/README_fr.md b/README_fr.md index 565452b..3c99a3c 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Version incluse :** 0.18.0~ynh1 +**Version incluse :** 0.17.4~ynh1 **Démo :** https://lemmy.ml/ From e24a737694a8c1b1627fbba4cbfe606a1f2de1c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 21:43:08 +0200 Subject: [PATCH 11/49] fix --- conf/lemmy-ui.service | 2 +- manifest.toml | 2 +- scripts/install | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/conf/lemmy-ui.service b/conf/lemmy-ui.service index 0b0c0c6..6a3cf7b 100644 --- a/conf/lemmy-ui.service +++ b/conf/lemmy-ui.service @@ -9,7 +9,7 @@ Group=__APP__ Environment="LEMMY_INTERNAL_HOST=127.0.0.1:__PORT__" Environment="LEMMY_EXTERNAL_HOST=__DOMAIN__" Environment="LEMMY_HTTPS=true" -Environment="LEMMY_UI_HOST=0.0.0.0:__PORT_UI__" +Environment="LEMMY_UI_HOST=127.0.0.1:__PORT_UI__" WorkingDirectory=__INSTALL_DIR__/lemmy-ui/ ExecStart=__YNH_NODE__ dist/js/server.js StandardOutput=append:/var/log/__APP__/__APP__-ui.log diff --git a/manifest.toml b/manifest.toml index 4897bba..0155ebf 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Lemmy" description.en = "Link aggregator/Reddit clone for the fediverse" description.fr = "Agrégateur de liens/clone Reddit pour le fedivers" -version = "0.17.4~ynh1" +version = "0.18.0~ynh1" maintainers = [] diff --git a/scripts/install b/scripts/install index e4dab13..fd15d3e 100755 --- a/scripts/install +++ b/scripts/install @@ -121,8 +121,8 @@ yunohost service add $app-ui --log="/var/log/$app/$app-ui.log" ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --line_match="Starting http server at" --log_path="/var/log/$app/$app.log" -ynh_systemd_action --service_name=$app-ui --action="start" --line_match="http://0.0.0.0" --log_path="/var/log/$app/$app-ui.log" +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" #--line_match="Starting http server at" +ynh_systemd_action --service_name=$app-ui --action="start" --log_path="/var/log/$app/$app-ui.log" #--line_match="http://0.0.0.0" #================================================= # END OF SCRIPT From 337c75d6bff6d8118b3d637aecc1add5c7d9794b Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 23 Jun 2023 19:43:18 +0000 Subject: [PATCH 12/49] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 913b5bc..57739d8 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Shipped version:** 0.17.4~ynh1 +**Shipped version:** 0.18.0~ynh1 **Demo:** https://lemmy.ml/ diff --git a/README_fr.md b/README_fr.md index 3c99a3c..565452b 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Version incluse :** 0.17.4~ynh1 +**Version incluse :** 0.18.0~ynh1 **Démo :** https://lemmy.ml/ From b0674d28a55af81f7102beb5d96781a2607aca17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 21:48:45 +0200 Subject: [PATCH 13/49] Update install --- scripts/install | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/install b/scripts/install index fd15d3e..453d64a 100755 --- a/scripts/install +++ b/scripts/install @@ -60,6 +60,14 @@ mkdir -p "$install_dir/lemmy-ui/" rsync -a "$install_dir/build-lemmy-ui/output/app/" "$install_dir/lemmy-ui/" ynh_secure_remove --file="$install_dir/build-lemmy-ui" + + +pushd $install_dir/lemmy-ui/ + npm install --platform=linux --arch=x64 sharp +popd + + + # Install lemmy pushd $install_dir/build-lemmy ./docker-image-extract dessalines/lemmy:$(ynh_app_upstream_version) From 81cbf50bd4db74034ae86f135587e4756248380d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 21:52:32 +0200 Subject: [PATCH 14/49] Update install --- scripts/install | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install b/scripts/install index 453d64a..78a30e5 100755 --- a/scripts/install +++ b/scripts/install @@ -64,6 +64,7 @@ ynh_secure_remove --file="$install_dir/build-lemmy-ui" pushd $install_dir/lemmy-ui/ npm install --platform=linux --arch=x64 sharp + npm install express popd From 513d5ae664fc55425a2275ff72abfd778dc17c2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 21:56:05 +0200 Subject: [PATCH 15/49] Update install --- scripts/install | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 78a30e5..dedf80a 100755 --- a/scripts/install +++ b/scripts/install @@ -63,8 +63,7 @@ ynh_secure_remove --file="$install_dir/build-lemmy-ui" pushd $install_dir/lemmy-ui/ - npm install --platform=linux --arch=x64 sharp - npm install express + npm install popd From df690d786d7771b1c0149738b7566ed35194ef0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 22:50:05 +0200 Subject: [PATCH 16/49] Update install --- scripts/install | 8 -------- 1 file changed, 8 deletions(-) diff --git a/scripts/install b/scripts/install index dedf80a..fd15d3e 100755 --- a/scripts/install +++ b/scripts/install @@ -60,14 +60,6 @@ mkdir -p "$install_dir/lemmy-ui/" rsync -a "$install_dir/build-lemmy-ui/output/app/" "$install_dir/lemmy-ui/" ynh_secure_remove --file="$install_dir/build-lemmy-ui" - - -pushd $install_dir/lemmy-ui/ - npm install -popd - - - # Install lemmy pushd $install_dir/build-lemmy ./docker-image-extract dessalines/lemmy:$(ynh_app_upstream_version) From ed44d07c13b5a843e3005bfb8633e72ed78dc2ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 22:56:16 +0200 Subject: [PATCH 17/49] revert --- conf/lemmy-ui.service | 2 +- scripts/install | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/conf/lemmy-ui.service b/conf/lemmy-ui.service index 6a3cf7b..0b0c0c6 100644 --- a/conf/lemmy-ui.service +++ b/conf/lemmy-ui.service @@ -9,7 +9,7 @@ Group=__APP__ Environment="LEMMY_INTERNAL_HOST=127.0.0.1:__PORT__" Environment="LEMMY_EXTERNAL_HOST=__DOMAIN__" Environment="LEMMY_HTTPS=true" -Environment="LEMMY_UI_HOST=127.0.0.1:__PORT_UI__" +Environment="LEMMY_UI_HOST=0.0.0.0:__PORT_UI__" WorkingDirectory=__INSTALL_DIR__/lemmy-ui/ ExecStart=__YNH_NODE__ dist/js/server.js StandardOutput=append:/var/log/__APP__/__APP__-ui.log diff --git a/scripts/install b/scripts/install index fd15d3e..d91bc38 100755 --- a/scripts/install +++ b/scripts/install @@ -121,8 +121,8 @@ yunohost service add $app-ui --log="/var/log/$app/$app-ui.log" ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" #--line_match="Starting http server at" -ynh_systemd_action --service_name=$app-ui --action="start" --log_path="/var/log/$app/$app-ui.log" #--line_match="http://0.0.0.0" +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Starting http server at" +ynh_systemd_action --service_name=$app-ui --action="start" --log_path="/var/log/$app/$app-ui.log" --line_match="http://0.0.0.0" #================================================= # END OF SCRIPT From ad37b7d4b4b10d17264b5be97a5e4e4d9ba91606 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 23:17:27 +0200 Subject: [PATCH 18/49] fix --- conf/nginx.conf | 14 ++++++++------ manifest.toml | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 1ec7d21..2ea6460 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,3 +1,5 @@ +#https://github.com/LemmyNet/lemmy-ansible/blob/main/templates/nginx_internal.conf + #limit_req_zone $binary_remote_addr zone=lemmy_ratelimit:10m rate=1r/s; # Only connect to this site via HTTPS for the two years @@ -19,7 +21,11 @@ location / { # lemmy_port: 8536 set $proxpass "http://127.0.0.1:__PORT_UI__"; - if ($http_accept ~ "^application/.*$") { + + if ($http_accept ~ "^application/activity+json") { + set $proxpass "http://127.0.0.1:__PORT__"; + } + if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") { set $proxpass "http://127.0.0.1:__PORT__"; } if ($request_method = POST) { @@ -28,7 +34,6 @@ location / { proxy_pass $proxpass; rewrite ^(.+)/+$ $1 permanent; - # Send actual client IP upstream proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; @@ -42,10 +47,7 @@ location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; - # Rate limit - # limit_req zone=lemmy_ratelimit burst=30 nodelay; - - # Add IP forwarding headers + # Send actual client IP upstream proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/manifest.toml b/manifest.toml index 0155ebf..4ed7666 100644 --- a/manifest.toml +++ b/manifest.toml @@ -51,7 +51,7 @@ ram.runtime = "50M" [resources.ports] main.default = 8536 - ui.default = 8537 + ui.default = 1235 [resources.system_user] From f1670d7992ebd3db1f2d42e0dda15f18012537ee Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 27 Jun 2023 20:16:16 +0200 Subject: [PATCH 19/49] Upgrade sources --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index cf5c856..6079889 100644 --- a/manifest.toml +++ b/manifest.toml @@ -44,8 +44,8 @@ ram.runtime = "50M" autoupdate.strategy = "latest_github_commit" [resources.sources.lemmy-translations] - url = "https://github.com/LemmyNet/lemmy-translations/archive/a241fe1255a6363c7ae1ec5a09520c066745e6ce.tar.gz" - sha256 = "3e3ac4c547c1040a80833d526bc0bd4e6bbad252a168de3ed81ee9d36aee8e5e" + url = "https://github.com/LemmyNet/lemmy-translations/archive/b3cca4b7e26dd7d9a389f75c6e50a489d93791ea.tar.gz" + sha256 = "f4c98ea0b89ae940afad102104d1ab61bc0331340ebef2a029a2bf7d45014315" autoupdate.upstream = "https://github.com/LemmyNet/lemmy-translations/" autoupdate.strategy = "latest_github_commit" From 03e4ecbe0cf8486981fcca7288727b461918387c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 28 Jun 2023 11:49:59 +0200 Subject: [PATCH 20/49] Update lemmy-ui.service --- conf/lemmy-ui.service | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/conf/lemmy-ui.service b/conf/lemmy-ui.service index 0b0c0c6..f5c3821 100644 --- a/conf/lemmy-ui.service +++ b/conf/lemmy-ui.service @@ -15,35 +15,5 @@ ExecStart=__YNH_NODE__ dist/js/server.js StandardOutput=append:/var/log/__APP__/__APP__-ui.log StandardError=inherit -# Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline -# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html -NoNewPrivileges=yes -PrivateTmp=yes -PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 -RestrictNamespaces=yes -RestrictRealtime=yes -DevicePolicy=closed -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -LockPersonality=yes -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap - -# Denying access to capabilities that should not be relevant for webapps -# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html -CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD -CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE -CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT -CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK -CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM -CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG -CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE -CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG - [Install] WantedBy=multi-user.target From 3bfe54434b4a1961212ff4882e24a5b6304b0564 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 28 Jun 2023 11:50:44 +0200 Subject: [PATCH 21/49] Update lemmy-ui.service --- conf/lemmy-ui.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/lemmy-ui.service b/conf/lemmy-ui.service index f5c3821..7f8101b 100644 --- a/conf/lemmy-ui.service +++ b/conf/lemmy-ui.service @@ -9,7 +9,7 @@ Group=__APP__ Environment="LEMMY_INTERNAL_HOST=127.0.0.1:__PORT__" Environment="LEMMY_EXTERNAL_HOST=__DOMAIN__" Environment="LEMMY_HTTPS=true" -Environment="LEMMY_UI_HOST=0.0.0.0:__PORT_UI__" +Environment="LEMMY_UI_HOST=127.0.0.1:__PORT_UI__" WorkingDirectory=__INSTALL_DIR__/lemmy-ui/ ExecStart=__YNH_NODE__ dist/js/server.js StandardOutput=append:/var/log/__APP__/__APP__-ui.log From 72fe2e4d48377dc34bdc291111937b93aca987f2 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 28 Jun 2023 20:16:22 +0200 Subject: [PATCH 22/49] Upgrade sources --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 6079889..7c3cc70 100644 --- a/manifest.toml +++ b/manifest.toml @@ -44,8 +44,8 @@ ram.runtime = "50M" autoupdate.strategy = "latest_github_commit" [resources.sources.lemmy-translations] - url = "https://github.com/LemmyNet/lemmy-translations/archive/b3cca4b7e26dd7d9a389f75c6e50a489d93791ea.tar.gz" - sha256 = "f4c98ea0b89ae940afad102104d1ab61bc0331340ebef2a029a2bf7d45014315" + url = "https://github.com/LemmyNet/lemmy-translations/archive/7ea868c6fc93e4eea17966e8c970c374d06cc2eb.tar.gz" + sha256 = "b294a8d5090af5fbe23a7f208bd42a8fc2b91b492fb8ad8dec9225cb8d53eab3" autoupdate.upstream = "https://github.com/LemmyNet/lemmy-translations/" autoupdate.strategy = "latest_github_commit" From 5c89f392bef398e887301bdcacb62695160976d4 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Thu, 29 Jun 2023 20:16:34 +0200 Subject: [PATCH 23/49] Upgrade sources --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 7c3cc70..b517d46 100644 --- a/manifest.toml +++ b/manifest.toml @@ -44,8 +44,8 @@ ram.runtime = "50M" autoupdate.strategy = "latest_github_commit" [resources.sources.lemmy-translations] - url = "https://github.com/LemmyNet/lemmy-translations/archive/7ea868c6fc93e4eea17966e8c970c374d06cc2eb.tar.gz" - sha256 = "b294a8d5090af5fbe23a7f208bd42a8fc2b91b492fb8ad8dec9225cb8d53eab3" + url = "https://github.com/LemmyNet/lemmy-translations/archive/5a9d44656e2658ab7cb2dbec3fd1bfaf57654533.tar.gz" + sha256 = "bb5178c6fd1d1423de525ca02805449b038747b17d9555141207f28d8600c511" autoupdate.upstream = "https://github.com/LemmyNet/lemmy-translations/" autoupdate.strategy = "latest_github_commit" From 5bf303ed8cefaa22d4a0420952ca00db5fbf672c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 1 Jul 2023 12:28:47 +0200 Subject: [PATCH 24/49] Update manifest.toml --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index b517d46..ebe47ab 100644 --- a/manifest.toml +++ b/manifest.toml @@ -17,8 +17,8 @@ admindoc = "https://join-lemmy.org/docs/en/" code = "https://github.com/LemmyNet/lemmy" [integration] -yunohost = ">= 11.1.20" -architectures = "all" +yunohost = ">= 11.1.21" +architectures = ["amd64", "arm64"] multi_instance = false ldap = false sso = false From d6320093db5870a95b387541742f733b1f1b939d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 1 Jul 2023 12:30:03 +0200 Subject: [PATCH 25/49] Update manifest.toml --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index ebe47ab..a11761e 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Lemmy" description.en = "Link aggregator/Reddit clone for the fediverse" description.fr = "Agrégateur de liens/clone Reddit pour le fedivers" -version = "0.16.7~ynh3" +version = "0.16.7~ynh4" maintainers = [] @@ -18,7 +18,7 @@ code = "https://github.com/LemmyNet/lemmy" [integration] yunohost = ">= 11.1.21" -architectures = ["amd64", "arm64"] +architectures = ["amd64"] multi_instance = false ldap = false sso = false From 7e2e33bff09ae76f6627e1e839f2428d77ab779b Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sat, 1 Jul 2023 10:30:08 +0000 Subject: [PATCH 26/49] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6012991..6de0548 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Shipped version:** 0.16.7~ynh3 +**Shipped version:** 0.16.7~ynh4 **Demo:** https://lemmy.ml/ diff --git a/README_fr.md b/README_fr.md index e1a767e..4227837 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Version incluse :** 0.16.7~ynh3 +**Version incluse :** 0.16.7~ynh4 **Démo :** https://lemmy.ml/ From 5c84f50d729c82f31b158378bd55170a846fd5cd Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 4 Jul 2023 20:16:11 +0200 Subject: [PATCH 27/49] Upgrade sources --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index a11761e..71a25e1 100644 --- a/manifest.toml +++ b/manifest.toml @@ -44,8 +44,8 @@ ram.runtime = "50M" autoupdate.strategy = "latest_github_commit" [resources.sources.lemmy-translations] - url = "https://github.com/LemmyNet/lemmy-translations/archive/5a9d44656e2658ab7cb2dbec3fd1bfaf57654533.tar.gz" - sha256 = "bb5178c6fd1d1423de525ca02805449b038747b17d9555141207f28d8600c511" + url = "https://github.com/LemmyNet/lemmy-translations/archive/f9ed0698944cb6d44dc733677a4634b7bc916536.tar.gz" + sha256 = "5adc6b03f1507a9fa040a20f67959cd32622182b1168c31851b529f11557ddd6" autoupdate.upstream = "https://github.com/LemmyNet/lemmy-translations/" autoupdate.strategy = "latest_github_commit" From 09b648e175ab43fbe94a8d84db649a95b57a5619 Mon Sep 17 00:00:00 2001 From: Matthew DeAbreu Date: Fri, 7 Jul 2023 15:16:53 -0700 Subject: [PATCH 28/49] add separate permission for API endpoint --- manifest.toml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/manifest.toml b/manifest.toml index a11761e..b11534a 100644 --- a/manifest.toml +++ b/manifest.toml @@ -62,6 +62,11 @@ ram.runtime = "50M" [resources.permissions] main.url = "/" + api.url = "/api" + api.allowed = "visitors" + api.auth_header = false + api.show_tile = false + api.protected = true [resources.apt] packages = "postgresql espeak" From 4f7e36a024972c0b95184041075f7b1f9c7f2f35 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sat, 8 Jul 2023 08:12:27 +0200 Subject: [PATCH 29/49] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 4ed7666..1278411 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Lemmy" description.en = "Link aggregator/Reddit clone for the fediverse" description.fr = "Agrégateur de liens/clone Reddit pour le fedivers" -version = "0.18.0~ynh1" +version = "0.18.1~ynh1" maintainers = [] From 36d699a42f96d48551c3d0e126eedcc4a4a3915d Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sat, 8 Jul 2023 06:12:31 +0000 Subject: [PATCH 30/49] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 57739d8..5234eee 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Shipped version:** 0.18.0~ynh1 +**Shipped version:** 0.18.1~ynh1 **Demo:** https://lemmy.ml/ diff --git a/README_fr.md b/README_fr.md index 565452b..073c329 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Version incluse :** 0.18.0~ynh1 +**Version incluse :** 0.18.1~ynh1 **Démo :** https://lemmy.ml/ From f13926721d4a946c5393e59136151a1ff99111a6 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sat, 8 Jul 2023 20:16:18 +0200 Subject: [PATCH 31/49] Upgrade sources --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 024cff2..aa41df5 100644 --- a/manifest.toml +++ b/manifest.toml @@ -44,8 +44,8 @@ ram.runtime = "50M" autoupdate.strategy = "latest_github_commit" [resources.sources.lemmy-translations] - url = "https://github.com/LemmyNet/lemmy-translations/archive/f9ed0698944cb6d44dc733677a4634b7bc916536.tar.gz" - sha256 = "5adc6b03f1507a9fa040a20f67959cd32622182b1168c31851b529f11557ddd6" + url = "https://github.com/LemmyNet/lemmy-translations/archive/713ceed9c7ef84deaa222e68361e670e0763cd83.tar.gz" + sha256 = "1a4c9ff2c4eb965c955cb00bde8214dd2286b39c3d6faad5f486e6cc0d17b2cb" autoupdate.upstream = "https://github.com/LemmyNet/lemmy-translations/" autoupdate.strategy = "latest_github_commit" From 95aea5187ed040a3ef687832261ec1c3383bbcc5 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 9 Jul 2023 20:16:22 +0200 Subject: [PATCH 32/49] Upgrade sources --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index aa41df5..c289040 100644 --- a/manifest.toml +++ b/manifest.toml @@ -44,8 +44,8 @@ ram.runtime = "50M" autoupdate.strategy = "latest_github_commit" [resources.sources.lemmy-translations] - url = "https://github.com/LemmyNet/lemmy-translations/archive/713ceed9c7ef84deaa222e68361e670e0763cd83.tar.gz" - sha256 = "1a4c9ff2c4eb965c955cb00bde8214dd2286b39c3d6faad5f486e6cc0d17b2cb" + url = "https://github.com/LemmyNet/lemmy-translations/archive/f1602a5993c426d56ebb7c98a8453fbfb482e9a7.tar.gz" + sha256 = "570d3f8c1ab13dbf72fd2f2f6d7a930a5fd7233259fbd0f1b156205524f0e4c3" autoupdate.upstream = "https://github.com/LemmyNet/lemmy-translations/" autoupdate.strategy = "latest_github_commit" From fcefb8d8aaba7f1eb01f425593a66df675983a86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Mon, 10 Jul 2023 16:26:49 +0200 Subject: [PATCH 33/49] Update lemmy-ui.service --- conf/lemmy-ui.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/lemmy-ui.service b/conf/lemmy-ui.service index 7f8101b..f5c3821 100644 --- a/conf/lemmy-ui.service +++ b/conf/lemmy-ui.service @@ -9,7 +9,7 @@ Group=__APP__ Environment="LEMMY_INTERNAL_HOST=127.0.0.1:__PORT__" Environment="LEMMY_EXTERNAL_HOST=__DOMAIN__" Environment="LEMMY_HTTPS=true" -Environment="LEMMY_UI_HOST=127.0.0.1:__PORT_UI__" +Environment="LEMMY_UI_HOST=0.0.0.0:__PORT_UI__" WorkingDirectory=__INSTALL_DIR__/lemmy-ui/ ExecStart=__YNH_NODE__ dist/js/server.js StandardOutput=append:/var/log/__APP__/__APP__-ui.log From 8d12e318539090e056879f4d506c212185d4486a Mon Sep 17 00:00:00 2001 From: Matthew DeAbreu Date: Mon, 10 Jul 2023 13:54:16 -0700 Subject: [PATCH 34/49] add inbox permission api permission allows access to the API which can be used to manipulate the Lemmy instance (login, create user, etc) but the instance will not take part in federation. To take part in federation other instances need to `post` to the url `/inbox` --- manifest.toml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manifest.toml b/manifest.toml index c289040..6f71cf0 100644 --- a/manifest.toml +++ b/manifest.toml @@ -62,12 +62,19 @@ ram.runtime = "50M" [resources.permissions] main.url = "/" + api.url = "/api" api.allowed = "visitors" api.auth_header = false api.show_tile = false api.protected = true + inbox.url = "/inbox" + inbox.allowed = "visitors" + inbox.auth_header = false + inbox.show_tile = false + inbox.protected = true + [resources.apt] packages = "postgresql espeak" From 6ac0fa048fc7a9a715802c108daad889e6d1e8d7 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 11 Jul 2023 07:44:39 +0200 Subject: [PATCH 35/49] fix --- manifest.toml | 3 +++ scripts/_common.sh | 2 +- scripts/install | 10 +++++++++- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index db07e21..f40a365 100644 --- a/manifest.toml +++ b/manifest.toml @@ -65,6 +65,9 @@ ram.runtime = "50M" [resources.apt] packages = "postgresql espeak" + extras.yarn.repo = "deb https://dl.yarnpkg.com/debian/ stable main" + extras.yarn.key = "https://dl.yarnpkg.com/debian/pubkey.gpg" + extras.yarn.packages = "yarn" [resources.database] type = "postgresql" diff --git a/scripts/_common.sh b/scripts/_common.sh index 702e69f..75bdfd1 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -NODEJS_VERSION=18 +NODEJS_VERSION=20 #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index d91bc38..14c277e 100755 --- a/scripts/install +++ b/scripts/install @@ -18,7 +18,6 @@ ynh_install_nodejs --nodejs_version=$NODEJS_VERSION ynh_use_nodejs ln -fs /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1 - #================================================= # CREATE A POSTGRESQL DATABASE #================================================= @@ -47,6 +46,15 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# INSTALL THE SHARP +#================================================= + +pushd $install_dir + ynh_use_nodejs + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn install --global sharp +popd + #================================================= # MAKE INSTALL #================================================= From 0c4d544a34d403722388d30f55463a564cbab5ac Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 11 Jul 2023 07:52:44 +0200 Subject: [PATCH 36/49] Update install --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index 14c277e..25c9393 100755 --- a/scripts/install +++ b/scripts/install @@ -52,7 +52,7 @@ ynh_add_nginx_config pushd $install_dir ynh_use_nodejs - ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn install --global sharp + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn global add sharp popd #================================================= From 2c2901e36219e4deee96e5e92a3484d81e2f9407 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 11 Jul 2023 07:52:59 +0200 Subject: [PATCH 37/49] Update _common.sh --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 75bdfd1..702e69f 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -NODEJS_VERSION=20 +NODEJS_VERSION=18 #================================================= # PERSONAL HELPERS From 808495b43bb9d1b8d1863e3a9210f59b805c5f02 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 11 Jul 2023 08:03:10 +0200 Subject: [PATCH 38/49] Update _common.sh --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 702e69f..75bdfd1 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -NODEJS_VERSION=18 +NODEJS_VERSION=20 #================================================= # PERSONAL HELPERS From 789467d126b22aa24abb6e2a0886a540269635d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 12 Jul 2023 07:35:21 +0200 Subject: [PATCH 39/49] Update scripts/install Co-authored-by: Matthew DeAbreu --- scripts/install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 25c9393..26a9389 100755 --- a/scripts/install +++ b/scripts/install @@ -50,9 +50,9 @@ ynh_add_nginx_config # INSTALL THE SHARP #================================================= -pushd $install_dir +pushd $install_dir/lemmy-ui ynh_use_nodejs - ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn global add sharp + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn add sharp popd #================================================= From a1c5df6f33456cf7a7a49fafcd3adfd6a9313614 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 07:56:48 +0200 Subject: [PATCH 40/49] Update upgrade --- scripts/upgrade | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 06a9d25..f36f87d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -85,6 +85,15 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# INSTALL SHARP +#================================================= + +pushd $install_dir/lemmy-ui + ynh_use_nodejs + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn add sharp +popd + #================================================= # SPECIFIC UPGRADE #================================================= From 3cbc91a676b5602aaa2f1a116d0d85ebffa67817 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 07:58:28 +0200 Subject: [PATCH 41/49] Update tests.toml --- tests.toml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests.toml b/tests.toml index 524d6d3..fedf5c7 100644 --- a/tests.toml +++ b/tests.toml @@ -14,4 +14,5 @@ test_format = 1.0 # Commits to test upgrade from # ------------------------------- - test_upgrade_from.206df4db0b99c52f07ea1a2d5daf799d4b8357fd.name = "Upgrade from 0.15.2~ynh3" \ No newline at end of file + test_upgrade_from.206df4db0b99c52f07ea1a2d5daf799d4b8357fd.name = "Upgrade from 0.15.2~ynh3" + test_upgrade_from.383e145946458933a81010282b77dd986978ad6c.name = "Upgrade from 0.16.7~ynh4" From 3728c3419021d508e2953f84d88d465ddb3ae3a2 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 08:00:26 +0200 Subject: [PATCH 42/49] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index f40a365..4323187 100644 --- a/manifest.toml +++ b/manifest.toml @@ -23,7 +23,7 @@ multi_instance = false ldap = false sso = false disk = "50M" -ram.build = "100M" +ram.build = "500M" ram.runtime = "50M" [install.domain] From e132b2cfcd218e7ed60bf7068821c84a15b45140 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 08:01:43 +0200 Subject: [PATCH 43/49] cleaning --- doc/DESCRIPTION_fr.md | 1 + tests.toml | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 doc/DESCRIPTION_fr.md diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md new file mode 100644 index 0000000..0c98e9b --- /dev/null +++ b/doc/DESCRIPTION_fr.md @@ -0,0 +1 @@ +Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. diff --git a/tests.toml b/tests.toml index fedf5c7..01931a3 100644 --- a/tests.toml +++ b/tests.toml @@ -9,7 +9,6 @@ test_format = 1.0 args.admin = "john" args.sitename = "lemmy website" - # ------------------------------- # Commits to test upgrade from # ------------------------------- From a993b0500019e0a172f0747650537de6b58dcf71 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 08:04:04 +0200 Subject: [PATCH 44/49] Update lemmy-ui.service --- conf/lemmy-ui.service | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/conf/lemmy-ui.service b/conf/lemmy-ui.service index f5c3821..0b0c0c6 100644 --- a/conf/lemmy-ui.service +++ b/conf/lemmy-ui.service @@ -15,5 +15,35 @@ ExecStart=__YNH_NODE__ dist/js/server.js StandardOutput=append:/var/log/__APP__/__APP__-ui.log StandardError=inherit +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target From 337a139167d07f513f084829d7ec4691f1fe4189 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 08:06:01 +0200 Subject: [PATCH 45/49] Update nginx.conf --- conf/nginx.conf | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 2ea6460..b21f6da 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -22,10 +22,7 @@ location / { set $proxpass "http://127.0.0.1:__PORT_UI__"; - if ($http_accept ~ "^application/activity+json") { - set $proxpass "http://127.0.0.1:__PORT__"; - } - if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") { + if ($http_accept ~ "^application/.*$") { set $proxpass "http://127.0.0.1:__PORT__"; } if ($request_method = POST) { From 3f134fdac36ce458c890f07d53486f570e5d8561 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 08:07:00 +0200 Subject: [PATCH 46/49] Update tests.toml --- tests.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests.toml b/tests.toml index 01931a3..a213874 100644 --- a/tests.toml +++ b/tests.toml @@ -13,5 +13,5 @@ test_format = 1.0 # Commits to test upgrade from # ------------------------------- - test_upgrade_from.206df4db0b99c52f07ea1a2d5daf799d4b8357fd.name = "Upgrade from 0.15.2~ynh3" + #test_upgrade_from.206df4db0b99c52f07ea1a2d5daf799d4b8357fd.name = "Upgrade from 0.15.2~ynh3" test_upgrade_from.383e145946458933a81010282b77dd986978ad6c.name = "Upgrade from 0.16.7~ynh4" From 7656a710336b199a57e0ded905f86d6458507dda Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 08:12:49 +0200 Subject: [PATCH 47/49] Update DESCRIPTION_fr.md --- doc/DESCRIPTION_fr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md index 0c98e9b..34188d4 100644 --- a/doc/DESCRIPTION_fr.md +++ b/doc/DESCRIPTION_fr.md @@ -1 +1 @@ -Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. +Lemmy est similaire à des sites comme Reddit, Lobste.rs ou Hacker News : vous vous abonnez aux forums qui vous intéressent, publiez des liens et des discussions, puis votez et commentez-les. Dans les coulisses, c'est très différent ; n'importe qui peut facilement exécuter un serveur, et tous ces serveurs sont fédérés (pensez au courrier électronique) et connectés au même univers, appelé Fediverse. \ No newline at end of file From 9d1393691f8eeb5e0702576c85b2a2a36d029c9f Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 12 Jul 2023 06:12:54 +0000 Subject: [PATCH 48/49] Auto-update README --- README_fr.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README_fr.md b/README_fr.md index 073c329..0c82ad3 100644 --- a/README_fr.md +++ b/README_fr.md @@ -16,8 +16,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po ## Vue d’ensemble -Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. - +Lemmy est similaire à des sites comme Reddit, Lobste.rs ou Hacker News : vous vous abonnez aux forums qui vous intéressent, publiez des liens et des discussions, puis votez et commentez-les. Dans les coulisses, c'est très différent ; n'importe qui peut facilement exécuter un serveur, et tous ces serveurs sont fédérés (pensez au courrier électronique) et connectés au même univers, appelé Fediverse. **Version incluse :** 0.18.1~ynh1 From 4bcce516b297ece74690f9c57f7b43b84d54aba8 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 08:13:17 +0200 Subject: [PATCH 49/49] Update install --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index 26a9389..8e99d95 100755 --- a/scripts/install +++ b/scripts/install @@ -47,7 +47,7 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 ynh_add_nginx_config #================================================= -# INSTALL THE SHARP +# INSTALL SHARP #================================================= pushd $install_dir/lemmy-ui