YunoHost-Apps/lemmy_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/lemmy_ynh.git synced 2024-09-03 19:36:09 +02:00
Code Issues Activity Actions

From Scratch

Browse source
This commit is contained in:
yalh76 2021-07-07 16:42:05 +02:00
parent 86d57004cc
commit daa63c8e20
30 changed files with 1009 additions and 279 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
issue_template.md → .github/ISSUE_TEMPLATE.md vendored
View file

@ -8,7 +8,7 @@ about: When creating a bug report, please use the following template to provide
1. *Read this whole template first.*
2. *Determine if you are on the right place:*
- *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!*
- *Otherwise, the issue may be due to REPLACEBYYOURAPP itself. Refer to its documentation or repository for help.*
- *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.*
- *When in doubt, post here and we will figure it out together.*
3. *Delete the italic comments as you write over them below, and remove this guide.*
---
@ -31,7 +31,7 @@ about: When creating a bug report, please use the following template to provide
- *If you performed a command from the CLI, the command itself is enough. For example:*
```sh
sudo yunohost app install REPLACEBYYOURAPP
sudo yunohost app install the_app
```
- *If you used the webadmin, please perform the equivalent command from the CLI first.*
- *If the error occurs in your browser, explain what you did:*

16
.github/PULL_REQUEST_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,16 @@
## Problem
- *Description of why you made this PR*
## Solution
- *And how do you fix that problem*
## PR Status
- [ ] Code finished and ready to be reviewed/tested
- [ ] The fix/enhancement were manually tested (if applicable)
## Automatic tests
Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization)

4
README.md
View file

@ -1,10 +1,6 @@
# Lemmy app for YunoHost
**Warning:** This app uses Docker. YunoHost do not encourages to use black box container technologies like Docker and Ansible.
Then why this package uses Docker?
It's because the developers of the core app do not support simple installation. And packaging without documentaion is time consuming.
[![Integration level](https://dash.yunohost.org/integration/lemmy.svg)](https://dash.yunohost.org/appci/app/lemmy) ![](https://ci-apps.yunohost.org/ci/badges/lemmy.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/lemmy.maintain.svg)

13
check_process
View file

@ -1,14 +1,9 @@
# See here for more information
# https://github.com/YunoHost/package_check#syntax-check_process-file
# Move this file from check_process.default to check_process when you have filled it.
;; Test complet
; Manifest
domain="domain.tld" (DOMAIN)
path="/path" (PATH)
admin="john" (USER)
sitename="lemmy website) (SITENAME)
domain="domain.tld"
path="/"
admin="john"
sitename="lemmy website"
; Checks
pkg_linter=1
setup_sub_dir=0

7
conf/app.src
View file

@ -1,7 +0,0 @@
SOURCE_URL=url of app's source
SOURCE_SUM=sha256 checksum
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

56
conf/docker-compose.yml
View file

@ -1,56 +0,0 @@
version: "2.2"
services:
postgres:
image: postgres:12-alpine
environment:
- POSTGRES_USER=lemmy
- POSTGRES_PASSWORD=password
- POSTGRES_DB=lemmy
volumes:
- ./volumes/postgres:/var/lib/postgresql/data
restart: always
lemmy:
image: dessalines/lemmy:0.9.9
ports:
- "127.0.0.1:__PORT__LEMMY__:8536"
restart: always
environment:
- RUST_LOG=error
volumes:
- ./lemmy.hjson:/config/config.hjson
depends_on:
- postgres
- pictrs
- iframely
lemmy-ui:
image: dessalines/lemmy-ui:0.9.9
ports:
- "127.0.0.1:__PORT_UI__:1234"
restart: always
environment:
- LEMMY_INTERNAL_HOST=lemmy:8536
- LEMMY_EXTERNAL_HOST=localhost:__PORT__LEMMY__
- LEMMY_HTTPS=false
depends_on:
- lemmy
pictrs:
image: asonix/pictrs:v0.2.5-r0
ports:
- "127.0.0.1:__PORT_PICTRS__:8080"
user: 991:991
volumes:
- ./volumes/pictrs:/mnt
restart: always
iframely:
image: dogbin/iframely:latest
ports:
- "127.0.0.1:__PORT_IFRAMELY__:80"
volumes:
- ./iframely.config.local.js:/iframely/config.local.js:ro
restart: always
mem_limit: 100m

74
conf/iframely.config.local.js
View file

@ -37,7 +37,7 @@
},
*/
port: 80, //can be overridden by PORT env var
port: __PORT_IFRAMELY__, //can be overridden by PORT env var
host: '0.0.0.0', // Dockers beware. See https://github.com/itteco/iframely/issues/132#issuecomment-242991246
//can be overridden by HOST env var
@ -58,7 +58,7 @@
- memcached - https://github.com/3rd-Eden/node-memcached
*/
CACHE_ENGINE: 'node-cache',
CACHE_TTL: 0, // In seconds.
CACHE_TTL: 0, // In seconds.
// 0 = 'never expire' for memcached & node-cache to let cache engine decide itself when to evict the record
// 0 = 'no cache' for redis. Use high enough (e.g. 365*24*60*60*1000) ttl for similar 'never expire' approach instead
@ -104,16 +104,31 @@
// DISABLE_HTTP2: true,
// Customize API calls to oembed endpoints.
// Must have: please add your `access_token` for Facebook and Instagram API calls
ADD_OEMBED_PARAMS: [{
// Endpoint url regexp array.
re: [/^http:\/\/api\.instagram\.com\/oembed/],
// Custom get params object.
params: {
re: [ // Endpoint's URL regexp array.
/^https:\/\/graph\.facebook\.com\/v\d+\.\d+\/instagram_oembed/i
],
params: { // Custom query-string params object.
// TODO: get your access Insagtam token as described
// on https://developers.facebook.com/docs/instagram/oembed/
access_token: '', // The simplest way is
// to use `{app-id}|{app secret}` as access token
// Add any other optional params
hidecaption: true
}
}, {
re: [/^https:\/\/www\.facebook\.com\/plugins\/page\/oembed\.json/i],
re: [/^https:\/\/graph\.facebook\.com\/v\d+\.\d+\/oembed_page/i],
params: {
// TODO: get your access token as described
// on https://developers.facebook.com/docs/plugins/oembed
access_token: '', // The simplest way is
// to use `{app-id}|{app secret}` as access token
// Add any other optional params
show_posts: 0,
show_facepile: 0,
maxwidth: 600
@ -126,20 +141,24 @@
limit: 1,
maxwidth: 600
}
/*
}, {
// Facebook https://developers.facebook.com/docs/plugins/oembed-endpoints
re: [/^https:\/\/www\.facebook\.com\/plugins\/\w+\/oembed\.json/i],
// Facebook https://developers.facebook.com/docs/plugins/oembed/
re: [/^https:\/\/graph\.facebook\.com\/v\d+\.\d+\/oembed_/i],
params: {
// Skip script tag and fb-root div.
omitscript: true
// TODO: get your access token as described
// on https://developers.facebook.com/docs/plugins/oembed
access_token: '', // The simplest way is
// to use `{app-id}|{app secret}` as access token
// Add any other optional params, like skip script tag and fb-root div
// omitscript: true
}
*/
}],
/* Configure use of HTTP proxies as needed.
You don't have to specify all options per regex - just what you need to override
*/
/*
// Configure use of HTTP proxies as needed.
// You don't have to specify all options per regex - just what you need to override
PROXY: [{
re: [/^https?:\/\/www\.domain\.com/],
proxy_server: 'http://1.2.3.4:8080',
@ -152,14 +171,16 @@
// Refer to: https://github.com/request/request
// Overrides previous params if overlapped.
},
cache_ttl: 3600, // in seconds, cache response for 1 hour.
disable_http2: true
}],
*/
// Customize API calls to 3rd parties. At the very least - configure required keys.
// For available provider options - please see the code of its domain plugin.
providerOptions: {
locale: "en_US", // ISO 639-1 two-letter language code, e.g. en_CA or fr_CH.
// Will be added as highest priotity in accept-language header with each request.
locale: "en_US", // ISO 639-1 two-letter language code, e.g. en_CA or fr_CH.
// Will be added as highest priotity in accept-language header with each request.
// Plus is used in FB, YouTube and perhaps other plugins
"twitter": {
"max-width": 550,
@ -203,21 +224,18 @@
// It is probably the same API key you use for Google Maps.
youtube: {
// api_key: "INSERT YOUR VALUE",
// parts: [ "snippet", "player" ], // list of fields you want to use in the request, in most cases you only need those two
get_params: "?rel=0&showinfo=1" // https://developers.google.com/youtube/player_parameters
},
vimeo: {
get_params: "?byline=0&badge=0" // https://developer.vimeo.com/player/embedding
},
/*
soundcloud: {
old_player: true // enables classic player
},
giphy: {
media_only: true // disables branded player for gifs and returns just the image
}
*/
/*
},
bandcamp: {
get_params: '/size=large/bgcol=333333/linkcol=ffffff/artwork=small/transparent=true/',
media: {
@ -230,7 +248,11 @@
'max-width': 700
}
}
}
},
// Docs: https://dev.twitch.tv/docs/embed/video-and-clips
twitch: {
parent: 'jsbin.com, null.jsbin.com, localhost'
},
*/
},
@ -276,7 +298,11 @@
// And this is AWS metadata service
// https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
/^https?:\/\/169\.254\.169\.254/
]
],
// Endpoint for prerender service, if you need it. Used to parse React apps. Very slow.
// Tested with https://github.com/prerender/prerender
// PRERENDER_URL: "https://domain/render?url="
};
module.exports = config;

45
conf/iframely.service Normal file
View file

@ -0,0 +1,45 @@
[Unit]
Description=__APP__ Iframely Daemon
After=network.target
[Service]
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__/iframely/
ExecStart=__YNH_NODE__ -- server
StandardOutput=append:/var/log/__APP__/__APP__-iframely.log
StandardError=inherit
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

7
conf/iframely.src Normal file
View file

@ -0,0 +1,7 @@
SOURCE_URL=https://github.com/itteco/iframely/archive/refs/tags/v1.6.0.tar.gz
SOURCE_SUM=8130267e17e4484a2cdd028cdffb619f430b9cd19b3614b5d1de2d05304d03f8
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

7
conf/imagemagick.src Normal file
View file

@ -0,0 +1,7 @@
SOURCE_URL=https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.0.11-14.tar.gz
SOURCE_SUM=dfa5aa3f7f289f12c2f9ee6c7c19b02ae857b4eec02f40298f60f5c11048a016
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

7
conf/lemmy-translations.src Normal file
View file

@ -0,0 +1,7 @@
SOURCE_URL=https://codeload.github.com/LemmyNet/lemmy-translations/tar.gz/9e3dfebe14693553f1002ef06f02201ca1d52863
SOURCE_SUM=1693789ac4d6a3905530b2cf76ad50151082f5e96d1639dc06e30219649a6c87
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

49
conf/lemmy-ui.service Normal file
View file

@ -0,0 +1,49 @@
[Unit]
Description=__APP__ Lemmy UI Daemon
After=network.target
[Service]
Type=simple
User=__APP__
Group=__APP__
Environment="LEMMY_INTERNAL_HOST=127.0.0.1:__PORT_LEMMY__"
Environment=" LEMMY_EXTERNAL_HOST=__DOMAIN__"
Environment="LEMMY_HTTPS=true"
Environment="LEMMY_UI_HOST=0.0.0.0:__PORT_UI__"
WorkingDirectory=__FINALPATH__/lemmy-ui/
ExecStart=__YNH_NODE__ dist/js/server.js
StandardOutput=append:/var/log/__APP__/__APP__-ui.log
StandardError=inherit
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

7
conf/lemmy-ui.src Normal file
View file

@ -0,0 +1,7 @@
SOURCE_URL=https://github.com/LemmyNet/lemmy-ui/archive/refs/tags/0.11.2.tar.gz
SOURCE_SUM=645954b3726803b0ba6b756a2b4f4099e2de29e59cadd828bebd592b29149611
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

103
conf/lemmy.hjson
View file

@ -6,41 +6,90 @@
# username for the admin user
admin_username: "__ADMIN__"
# password for the admin user
admin_password: "__ADMIN_PASS__"
admin_password: "__PASSWORD__"
# optional: email for the admin user (can be omitted and set later through the website)
admin_email: "__ADMIN_EMAIL__"
# name of the site (can be changed later)
site_name: "__NAME__"
site_name: "__SITENAME__"
}
# settings related to the postgresql database
database: {
# username to connect to postgres
user: "__DB_USER__"
# password to connect to postgres
password: "__DB_PWD__"
# host where postgres is running
host: "localhost"
# port where postgres can be accessed
port: 5432
# name of the postgres database for lemmy
database: "__DB_NAME__"
# maximum number of active sql connections
pool_size: 5
}
# the domain name of your instance (eg "lemmy.ml")
hostname: "__DOMAIN__"
# address where lemmy should listen for incoming requests
bind: "0.0.0.0"
# port where lemmy should listen for incoming requests
port: 8536
port: __PORT_LEMMY__
# whether tls is required for activitypub. only disable this for debugging, never for producion.
tls_enabled: true
# json web token for authorization between server and client
jwt_secret: "__RANDOM__"
# settings related to the postgresql database
database: {
# name of the postgres database for lemmy
database: "lemmy"
# username to connect to postgres
user: "lemmy"
# password to connect to postgres
password: "password"
# host where postgres is running
host: "postgres"
# address where pictrs is available
pictrs_url: "http://127.0.0.1:__PORT_PICTRS__"
# address where iframely is available
iframely_url: "http://127.0.0.1:__PORT_IFRAMELY__"
# rate limits for various user actions, by user ip
rate_limit: {
# maximum number of messages created in interval
message: 180
# interval length for message limit
message_per_second: 60
# maximum number of posts created in interval
post: 6
# interval length for post limit
post_per_second: 600
# maximum number of registrations in interval
register: 3
# interval length for registration limit
register_per_second: 3600
# maximum number of image uploads in interval
image: 6
# interval length for image uploads
image_per_second: 3600
}
# settings related to activitypub federation
federation: {
# whether to enable activitypub federation.
enabled: true
# Allows and blocks are described here:
# https://join-lemmy.org/docs/en/federation/administration.html#instance-allowlist-and-blocklist
#
# list of instances with which federation is allowed
# allowed_instances: ["instance1.tld","instance2.tld"]
# instances which we never federate anything with (but previously federated objects are unaffected)
# blocked_instances: []
# If true, only federate with instances on the allowlist and block everything else. If false,
# use allowlist only for remote communities, and posts/comments in local communities.
# strict_allowlist: true
}
captcha: {
enabled: true
difficulty: medium # Can be easy, medium, or hard
}
# email sending configuration
email: {
# hostname and port of the smtp server
smtp_server: "127.0.0.1:25"
# login name for smtp server
smtp_login: ""
# password to login to the smtp server
smtp_password: ""
# address to send emails from, eg "noreply@your-instance.com"
smtp_from_address: "lemmy@__DOMAIN__"
# whether or not smtp connections should use tls
use_tls: true
}
# # optional: email sending configuration
# email: {
# # hostname and port of the smtp server
smtp_server: "127.0.0.1:25"
# # login name for smtp server
smtp_login: ""
# # password to login to the smtp server
smtp_password: ""
# # address to send emails from, eg "noreply@your-instance.com"
smtp_from_address: "lemmy@__DOMAIN__"
# # whether or not smtp connections should use tls
use_tls: true
# }
}

46
conf/lemmy.service Normal file
View file

@ -0,0 +1,46 @@
[Unit]
Description=__APP__ Lemmy Daemon
After=network.target
[Service]
Type=simple
User=__APP__
Group=__APP__
Environment="LEMMY_CONFIG_LOCATION=__FINALPATH__/config/config.hjson"
WorkingDirectory=__FINALPATH__/lemmy_server/
ExecStart=__FINALPATH__/lemmy_server/lemmy_server
StandardOutput=append:/var/log/__APP__/__APP__.log
StandardError=inherit
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

7
conf/lemmy.src Normal file
View file

@ -0,0 +1,7 @@
SOURCE_URL=https://github.com/LemmyNet/lemmy/archive/refs/tags/0.11.0.tar.gz
SOURCE_SUM=8c93268d5cb7b30c9c25e2fdeef83153d95b7b79ad0b0a6f354d89e72a0ec641
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

45
conf/pict-rs.service Normal file
View file

@ -0,0 +1,45 @@
[Unit]
Description=__APP__ pict-rs Daemon
After=network.target
[Service]
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__/pict-rs/
ExecStart=__FINALPATH__/pict-rs/pict-rs -a 127.0.0.1:__PORT_PICTRS__ -p __DATADIR__/pictrs-data
StandardOutput=append:/var/log/__APP__/__APP__-pict-rs.log
StandardError=inherit
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

7
conf/pict-rs.src Normal file
View file

@ -0,0 +1,7 @@
SOURCE_URL=https://git.asonix.dog/asonix/pict-rs/archive/v0.2.6-r2.tar.gz
SOURCE_SUM=c8542ff79fc2f0699b33994d6718a9f8f4bfc94e6c7c7e1e5dc13911afd40d10
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

0
doc/.gitkeep Normal file
View file

3
doc/DISCLAIMER.md Normal file
View file

@ -0,0 +1,3 @@
* Any known limitations, constrains or stuff not working, such as (but not limited to):
* Lemmy require full domain path to be installed. Eg. lemmy.domain.tld
* The admin username and password will be sent to the admin of the YunoHost through mail.

0
doc/screenshots/.gitkeep Normal file
View file

BIN
doc/screenshots/screenshot1.webp Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 97 KiB

18
manifest.json
View file

@ -7,6 +7,13 @@
},
"version": "0.9.9~ynh1",
"url": "https://join.lemmy.ml/",
"upstream": {
"license": "GPL-3.0",
"website": "https://join-lemmy.org/",
"demo": "https://join.lemmy.ml/join/",
"admindoc": "https://join-lemmy.org/docs/en/",
"code": "https://github.com/LemmyNet/lemmy"
},
"license": "GPL-3.0",
"maintainer": {
"name": "Anmol Sharma",
@ -25,19 +32,11 @@
{
"name": "domain",
"type": "domain",
"ask": {
"en": "Choose a domain name for Lemmy",
"fr": "Choisissez un nom de domaine pour Lemmy"
},
"example": "example.com"
},
{
"name": "admin",
"type": "string",
"ask": {
"en": "Choose an admin username",
"fr": "Choisissez l'administrateur"
},
"type": "user",
"example": "johndoe"
},
{
@ -48,7 +47,6 @@
},
"example": "lemmy website"
}
]
}
}

16
pull_request_template.md
View file

@ -1,16 +0,0 @@
## Problem
- *Description of why you made this PR*
## Solution
- *And how do you fix that problem*
## PR Status
- [ ] Code finished.
- [ ] Tested with Package_check.
- [ ] Fix or enhancement tested.
- [ ] Upgrade from last version tested.
- [ ] Can be reviewed and tested.
## Package_check results
---
* An automatic package_check will be launch at https://ci-apps-dev.yunohost.org/, when you add a specific comment to your Pull Request: "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!"*

4
scripts/_common.sh
View file

@ -5,7 +5,9 @@
#=================================================
# dependencies used by the app
pkg_dependencies="deb1 deb2 php$YNH_DEFAULT_PHP_VERSION-deb1 php$YNH_DEFAULT_PHP_VERSION-deb2"
pkg_dependencies="postgresql postgresql-contrib espeak bash-completion ffmpeg clang pkg-config libgexiv2-dev libgexiv2-2 libssl-dev libc6-dev libpq-dev libavutil-dev libavformat-dev libavfilter-dev libavdevice-dev libavresample-dev libjpeg-turbo-progs libpng-dev"
NODEJS_VERSION=12
#=================================================
# PERSONAL HELPERS

34
scripts/backup
View file

@ -15,7 +15,6 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
@ -30,26 +29,55 @@ app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
ynh_print_info --message="Declaring files to be backed up..."
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup --src_path="$final_path"
#=================================================
# BACKUP THE DATA DIR
#=================================================
ynh_backup --src_path="$datadir" --is_big
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP LOGROTATE
#=================================================
ynh_backup --src_path="/etc/logrotate.d/$app"
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_backup --src_path="/etc/systemd/system/$app.service"
ynh_backup --src_path="/etc/systemd/system/$app-ui.service"
ynh_backup --src_path="/etc/systemd/system/$app-iframely.service"
ynh_backup --src_path="/etc/systemd/system/$app-pict-rs.service"
#=================================================
# BACKUP THE POSTGRESQL DATABASE
#=================================================
ynh_print_info --message="Backing up the PostgreSQL database..."
ynh_psql_dump_db --database="$db_name" > db.sql
#=================================================
# END OF SCRIPT

236
scripts/install
View file

@ -14,8 +14,7 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
@ -26,19 +25,18 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN
path_url="/"
version=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4)
admin=$YNH_APP_ARG_ADMIN
password=$(ynh_string_random --length=12)
sitename=$YNH_APP_ARG_SITENAME
random=$(ynh_string_random --length=10)
admin_email=$(ynh_user_get_info --username=$admin --key="mail")
app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=1
ynh_script_progression --message="Validating installation parameters..."
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
@ -49,7 +47,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
@ -63,97 +61,229 @@ ynh_app_setting_set --app=$app --key=random --value=$random
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding an available port..." --weight=1
ynh_script_progression --message="Finding an available port..."
# Find an available port
port_lemmy=$(ynh_find_port --port=8536)
port_ui=$(ynh_find_port --port=1235)
port_pictrs=$(ynh_find_port --port=8537)
port_iframely=$(ynh_find_port --port=8061)
ynh_app_setting_set --app=$app --key=port_lemmy --value=$port_lemmy
port_ui=$(ynh_find_port --port=1235)
ynh_app_setting_set --app=$app --key=port_ui --value=$port_ui
port_pictrs=$(ynh_find_port --port=8537)
ynh_app_setting_set --app=$app --key=port_pictrs --value=$port_pictrs
port_iframely=$(ynh_find_port --port=8061)
ynh_app_setting_set --app=$app --key=port_iframely --value=$port_iframely
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=1
ynh_script_progression --message="Installing dependencies..."
#ynh_install_app_dependencies $pkg_dependencies
ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
ynh_use_nodejs
ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
# Install Docker and compose
curl -sSL https://get.docker.com | sh
systemctl enable docker --quiet
curl -L https://github.com/docker/compose/releases/download/${version}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app --home_dir=$final_path
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Creating a PostgreSQL database..."
ynh_psql_test_if_first_run
db_name=$(ynh_sanitize_dbid --db_name=$app)
db_user=$db_name
db_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=1
ynh_script_progression --message="Setting up source files..."
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path/build-lemmy/" --source_id="lemmy"
ynh_setup_source --dest_dir="$final_path/lemmy-ui/" --source_id="lemmy-ui"
ynh_setup_source --dest_dir="$final_path/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
ynh_setup_source --dest_dir="$final_path/iframely/" --source_id="iframely"
ynh_setup_source --dest_dir="$final_path/build-pict-rs/" --source_id="pict-rs"
ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
mkdir "$final_path"
cp -f ../conf/docker-compose.yml "$final_path/docker-compose.yml"
cp -f ../conf/lemmy.hjson "$final_path/lemmy.hjson"
cp -f ../conf/iframely.config.local.js "$final_path/iframely.config.local.js"
pushd "$final_path"
mkdir -p volumes/pictrs
chown -R 991:991 volumes/pictrs
popd
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
ynh_script_progression --message="Configuring NGINX web server..."
# Create a dedicated NGINX config
ynh_add_nginx_config 'port_lemmy port_ui port_pictrs port_iframely'
ynh_add_nginx_config
#=================================================
# MODIFY A CONFIG FILE
# SPECIFIC SETUP
#=================================================
# CREATE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Creating a data directory..."
datadir=/home/yunohost.app/$app
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
mkdir -p $datadir/pictrs-data
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__ADMIN_PASS__" --replace_string="$password" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__NAME__" --replace_string="$sitename" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__RANDOM__" --replace_string="$random" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__PORT__LEMMY__" --replace_string="$port_lemmy" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__PORT_UI__" --replace_string="$port_ui" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__PORT_PICTRS__" --replace_string="$port_pictrs" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__PORT_IFRAMELY__" --replace_string="$port_iframely" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/iframely.config.local.js"
chmod 750 "$datadir"
chmod -R o-rwx "$datadir"
chown -R $app:$app "$datadir"
#=================================================
# MAKE INSTALL
#=================================================
ynh_script_progression --message="Making install..."
# Install ImageMagick
pushd "$final_path/build-imagemagick/"
./configure
make
make install
ldconfig /usr/local/lib
popd
# Install rustup with the toolchain needed by lemmy
pushd "$final_path"
sudo -u "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly'
popd
export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin"
# Compile lemmy
pushd $final_path/build-lemmy
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --release
popd
# Compile pict-rs
pushd $final_path/build-pict-rs
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --release
popd
# Install lemmy
mkdir -p "$final_path/lemmy_server/"
cp -af "$final_path/build-lemmy/target/release/lemmy_server" "$final_path/lemmy_server/lemmy_server"
# Install pict-rs
mkdir -p "$final_path/pict-rs/"
cp -af "$final_path/build-pict-rs/target/release/pict-rs" "$final_path/pict-rs/pict-rs"
# Remove build files and rustup
ynh_secure_remove --file="$final_path/build-lemmy"
ynh_secure_remove --file="$final_path/build-pict-rs"
ynh_secure_remove --file="$final_path/build-imagemagick"
ynh_secure_remove --file="$final_path/.cargo"
ynh_secure_remove --file="$final_path/.rustup"
# Compile lemmy-ui
pushd $final_path/lemmy-ui
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" yarn install --pure-lockfile
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" yarn build:prod
popd
# Compile iframely
pushd $final_path/iframely
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" $ynh_npm install
popd
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#=================================================
# ADD A CONFIGURATION
#=================================================
ynh_script_progression --message="Adding a configuration file..."
mkdir -p "$final_path/config/"
ynh_add_config --template="../conf/lemmy.hjson" --destination="$final_path/config/config.hjson"
chmod 400 "$final_path/config/config.hjson"
chown $app:$app "$final_path/config/config.hjson"
ynh_add_config --template="../conf/iframely.config.local.js" --destination="$final_path/iframely/iframely.config.local.js"
chmod 400 "$final_path/iframely/iframely.config.local.js"
chown $app:$app "$final_path/iframely/iframely.config.local.js"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Configuring a systemd service..."
# Create a dedicated systemd config
ynh_add_systemd_config --service="$app" --template="lemmy.service"
ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
ynh_add_systemd_config --service="$app-iframely" --template="iframely.service"
ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..."
mkdir -p "/var/log/$app"
chmod 750 "/var/log/$app"
chmod -R o-rwx "/var/log/$app"
chown -R $app:$app "/var/log/$app"
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log"
yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log"
yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1
ynh_script_progression --message="Configuring permissions..."
# Make app public
ynh_permission_update --permission="main" --add="visitors"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# Run Lemmy through Docker
#=================================================
# chown -R $(whoami) /usr/local/bin
chmod +x /usr/local/bin/docker-compose
cd "$final_path" && docker-compose up -d
#=================================================
# SEND A README FOR THE ADMIN
#=================================================
@ -175,4 +305,4 @@ ynh_send_readme_to_admin "$message"
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --last
ynh_script_progression --message="Installation of $app completed"

101
scripts/remove
View file

@ -12,30 +12,91 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# STANDARD REMOVE
#=================================================
cd "$final_path" && docker-compose down --rmi all
# REMOVE SERVICE INTEGRATION IN YUNOHOST
#=================================================
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app service integration..."
yunohost service remove $app
fi
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app-ui service integration..."
yunohost service remove $app-ui
fi
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app-iframely service integration..."
yunohost service remove $app-iframely
fi
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app-pict-rs service integration..."
yunohost service remove $app-pict-rs
fi
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
ynh_script_progression --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config
ynh_remove_systemd_config
ynh_remove_systemd_config --service=$app-ui
ynh_remove_systemd_config --service=$app-iframely
ynh_remove_systemd_config --service=$app-pict-rs
#=================================================
# REMOVE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Removing the PostgreSQL database..."
# Remove a database if it exists, along with the associated user
ynh_psql_remove_db --db_user=$db_user --db_name=$db_name
#=================================================
# REMOVE IMAGEMAGICK
#=================================================
ynh_script_progression --message="Removing ImageMagick..."
ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
# Install ImageMagick
pushd "$final_path/build-imagemagick/"
./configure
make uninstall
ldconfig /usr/local/lib
popd
ynh_secure_remove --file="$final_path/build-imagemagick"
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=1
ynh_script_progression --message="Removing dependencies..."
# Remove metapackage and its dependencies
ynh_remove_nodejs
ynh_remove_app_dependencies
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..." --weight=1
ynh_script_progression --message="Removing app main directory..."
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
@ -43,13 +104,41 @@ ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
ynh_script_progression --message="Removing NGINX web server configuration..."
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..."
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# SPECIFIC REMOVE
#=================================================
# REMOVE VARIOUS FILES
#=================================================
ynh_script_progression --message="Removing various files..."
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..."
# Delete a system user
ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Removal of $app completed" --last
ynh_script_progression --message="Removal of $app completed"

128
scripts/restore
View file

@ -15,8 +15,7 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
#### Remove this function if there's nothing to clean before calling the remove script.
true
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
@ -24,19 +23,22 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
version=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=1
ynh_script_progression --message="Validating restoration parameters..."
ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die --message="Path not available: ${domain}${path_url}"
@ -48,45 +50,133 @@ test ! -d $final_path \
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the NGINX web server configuration..."
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir=$final_path
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_script_progression --message="Restoring the app main directory..."
ynh_restore_file --origin_path="$final_path"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#=================================================
# INSTALL DEPENDENCIES
# RESTORE THE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=1
ynh_script_progression --message="Restoring the data directory..."
#ynh_install_app_dependencies $pkg_dependencies
ynh_restore_file --origin_path="$datadir" --not_mandatory
# Install Docker and compose
curl -sSL https://get.docker.com | sh
systemctl enable docker --quiet
curl -L https://github.com/docker/compose/releases/download/${version}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
mkdir -p $datadir
chmod 750 "$datadir"
chmod -R o-rwx "$datadir"
chown -R $app:$app "$datadir"
#=================================================
# SPECIFIC RESTORATION
#=================================================
# Run Lemmy through Docker
# REINSTALL DEPENDENCIES
#=================================================
# chown -R $(whoami) /usr/local/bin
ynh_script_progression --message="Reinstalling dependencies..."
chmod +x /usr/local/bin/docker-compose
cd "$final_path" && docker-compose up -d
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
ynh_use_nodejs
ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
#=================================================
# BUILDING IMAGEMAGICK
#=================================================
ynh_script_progression --message="Building ImageMagick..."
ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
# Install ImageMagick
pushd "$final_path/build-imagemagick/"
./configure
make
make install
ldconfig /usr/local/lib
popd
ynh_secure_remove --file="$final_path/build-imagemagick"
#=================================================
# RESTORE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the PostgreSQL database..."
ynh_psql_test_if_first_run
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name"
#=================================================
# RESTORE SYSTEMD
#=================================================
ynh_script_progression --message="Restoring the systemd configuration..."
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet
ynh_restore_file --origin_path="/etc/systemd/system/$app-ui.service"
systemctl enable $app-ui.service --quiet
ynh_restore_file --origin_path="/etc/systemd/system/$app-iframely.service"
systemctl enable $app-iframely.service --quiet
ynh_restore_file --origin_path="/etc/systemd/system/$app-pict-rs.service"
systemctl enable $app-pict-rs.service --quiet
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log"
yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log"
yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..."
mkdir -p "/var/log/$app"
chmod 750 "/var/log/$app"
chmod -R o-rwx "/var/log/$app"
chown -R $app:$app "/var/log/$app"
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
@ -94,4 +184,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --last
ynh_script_progression --message="Restoration completed for $app"

244
scripts/upgrade
View file

@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
@ -20,6 +20,10 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
password=$(ynh_app_setting_get --app=$app --key=password)
sitename=$(ynh_app_setting_get --app=$app --key=sitename)
random=$(ynh_app_setting_get --app=$app --key=random)
@ -27,17 +31,24 @@ port_lemmy=$(ynh_app_setting_get --app=$app --key=port_lemmy)
port_ui=$(ynh_app_setting_get --app=$app --key=port_ui)
port_pictrs=$(ynh_app_setting_get --app=$app --key=port_pictrs)
port_iframely=$(ynh_app_setting_get --app=$app --key=port_iframely)
version=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4)
admin_email=$(ynh_user_get_info --username=$admin --key="mail")
#=================================================
# CHECK VERSION
#=================================================
ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
@ -47,7 +58,44 @@ ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped" --log_path=systemd
ynh_systemd_action --service_name=$app-ui --action="stop" --line_match="Stopped" --log_path=systemd
ynh_systemd_action --service_name=$app-iframely --action="stop" --line_match="Stopped" --log_path=systemd
ynh_systemd_action --service_name=$app-pict-rs --action="stop" --line_match="Stopped" --log_path=systemd
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..."
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi
if ! ynh_permission_exists --permission="admin"; then
# Create the required permissions
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
fi
# Create a permission if needed
if ! ynh_permission_exists --permission="api"; then
ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
fi
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir=$final_path
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
@ -55,78 +103,190 @@ ynh_abort_if_errors
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..." --weight=1
ynh_script_progression --message="Upgrading source files..."
# Download, check integrity, uncompress and patch the source from app.src
cp -f ../conf/docker-compose.yml "$final_path/docker-compose.yml"
cp -f ../conf/lemmy.hjson "$final_path/lemmy.hjson"
cp -f ../conf/iframely.config.local.js "$final_path/iframely.config.local.js"
pushd "$final_path"
chown -R 991:991 volumes/pictrs
popd
# Download, check integrity, uncompress the source of lemmy from app.src to his build directory
ynh_setup_source --dest_dir="$final_path/build-lemmy/" --source_id="lemmy"
ynh_setup_source --dest_dir="$final_path/lemmy-ui/" --source_id="lemmy-ui"
ynh_setup_source --dest_dir="$final_path/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
ynh_setup_source --dest_dir="$final_path/iframely/" --source_id="iframely"
ynh_setup_source --dest_dir="$final_path/build-pict-rs/" --source_id="pict-rs"
ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated NGINX config
ynh_add_nginx_config 'port_lemmy port_ui port_pictrs port_iframely'
ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=1
#ynh_install_app_dependencies $pkg_dependencies
# Install Docker and compose
curl -sSL https://get.docker.com | sh
systemctl enable docker --quiet
curl -L https://github.com/docker/compose/releases/download/${version}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
ynh_script_progression --message="Upgrading dependencies..."
ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
ynh_use_nodejs
ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
#=================================================
# SPECIFIC UPGRADE
#=================================================
# MAKE UPGRADE
#=================================================
ynh_script_progression --message="Making upgrade..."
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
# Install ImageMagick
pushd "$final_path/build-imagemagick/"
./configure
make
make install
ldconfig /usr/local/lib
popd
# Install rustup with the toolchain needed by lemmy
pushd "$final_path"
sudo -u "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly'
popd
export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin"
# Compile lemmy
pushd "$final_path"/build
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --release
popd
# Compile pict-rs
pushd $final_path/build-pict-rs
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --release
popd
# Remove old generated files before copying the new ones
ynh_secure_remove --file="$final_path/lemmy/.fingerprint"
ynh_secure_remove --file="$final_path/lemmy/build"
ynh_secure_remove --file="$final_path/lemmy/deps"
ynh_secure_remove --file="$final_path/lemmy/examples"
ynh_secure_remove --file="$final_path/lemmy/incremental"
ynh_secure_remove --file="$final_path/lemmy/.cargo-lock"
ynh_secure_remove --file="$final_path/lemmy/lemmy.d"
# Install lemmy
mkdir -p "$final_path/lemmy_server/"
cp -af "$final_path/build-lemmy/target/release/lemmy_server" "$final_path/lemmy_server/lemmy_server"
# Install pict-rs
mkdir -p "$final_path/pict-rs/"
cp -af "$final_path/build-pict-rs/target/release/pict-rs" "$final_path/pict-rs/pict-rs"
# Remove build files and rustup
ynh_secure_remove --file="$final_path/build-lemmy"
ynh_secure_remove --file="$final_path/build-pict-rs"
ynh_secure_remove --file="$final_path/build-imagemagick"
ynh_secure_remove --file="$final_path/.cargo"
ynh_secure_remove --file="$final_path/.rustup"
# Compile lemmy-ui
pushd $final_path/lemmy-ui
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" yarn install --pure-lockfile
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" yarn build:prod
popd
# Compile iframely
pushd $final_path/iframely
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" $ynh_npm install
popd
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
mkdir -p "/var/log/$app"
chmod 750 "/var/log/$app"
chmod -R o-rwx "/var/log/$app"
chown -R $app:$app "/var/log/$app"
#=================================================
# MODIFY A CONFIG FILE
# UPDATE A CONFIG FILE
#=================================================
ynh_script_progression --message="Updating a configuration file..."
mkdir -p "$final_path/lemmy_server/"
ynh_add_config --template="../conf/lemmy.hjson" --destination="$final_path/config/config.hjson"
ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/CONFIG_FILE"
chmod 400 "$final_path/config/config.hjson"
chown $app:$app "$final_path/config/config.hjson"
ynh_add_config --template="../conf/iframely.config.local.js" --destination="$final_path/iframely/iframely.config.local.js"
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__ADMIN_PASS__" --replace_string="$password" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__NAME__" --replace_string="$sitename" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__RANDOM__" --replace_string="$random" --target_file="$final_path/lemmy.hjson"
ynh_replace_string --match_string="__PORT__LEMMY__" --replace_string="$port_lemmy" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__PORT_UI__" --replace_string="$port_ui" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__PORT_PICTRS__" --replace_string="$port_pictrs" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__PORT_IFRAMELY__" --replace_string="$port_iframely" --target_file="$final_path/docker-compose.yml"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/iframely.config.local.js"
chmod 400 "$final_path/iframely/iframely.config.local.js"
chown $app:$app "$final_path/iframely/iframely.config.local.js"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Upgrading systemd configuration..."
# Create a dedicated systemd config
ynh_add_systemd_config --service="$app" --template="lemmy.service"
ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
ynh_add_systemd_config --service="$app-iframely" --template="iframely.service"
ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..."
mkdir -p "/var/log/$app"
chmod 750 "/var/log/$app"
chmod -R o-rwx "/var/log/$app"
chown -R $app:$app "/var/log/$app"
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log"
yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log"
yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd
ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# Run Lemmy through Docker
#=================================================
#chown -R $(whoami) /usr/local/bin
chmod +x /usr/local/bin/docker-compose
cd "$final_path" && docker-compose up -d
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last
ynh_script_progression --message="Upgrade of $app completed"