mirror of
https://github.com/YunoHost-Apps/lemmy_ynh.git
synced 2024-09-03 19:36:09 +02:00
From Scratch
This commit is contained in:
parent
86d57004cc
commit
daa63c8e20
30 changed files with 1009 additions and 279 deletions
|
@ -8,7 +8,7 @@ about: When creating a bug report, please use the following template to provide
|
|||
1. *Read this whole template first.*
|
||||
2. *Determine if you are on the right place:*
|
||||
- *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!*
|
||||
- *Otherwise, the issue may be due to REPLACEBYYOURAPP itself. Refer to its documentation or repository for help.*
|
||||
- *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.*
|
||||
- *When in doubt, post here and we will figure it out together.*
|
||||
3. *Delete the italic comments as you write over them below, and remove this guide.*
|
||||
---
|
||||
|
@ -31,7 +31,7 @@ about: When creating a bug report, please use the following template to provide
|
|||
|
||||
- *If you performed a command from the CLI, the command itself is enough. For example:*
|
||||
```sh
|
||||
sudo yunohost app install REPLACEBYYOURAPP
|
||||
sudo yunohost app install the_app
|
||||
```
|
||||
- *If you used the webadmin, please perform the equivalent command from the CLI first.*
|
||||
- *If the error occurs in your browser, explain what you did:*
|
16
.github/PULL_REQUEST_TEMPLATE.md
vendored
Normal file
16
.github/PULL_REQUEST_TEMPLATE.md
vendored
Normal file
|
@ -0,0 +1,16 @@
|
|||
## Problem
|
||||
|
||||
- *Description of why you made this PR*
|
||||
|
||||
## Solution
|
||||
|
||||
- *And how do you fix that problem*
|
||||
|
||||
## PR Status
|
||||
|
||||
- [ ] Code finished and ready to be reviewed/tested
|
||||
- [ ] The fix/enhancement were manually tested (if applicable)
|
||||
|
||||
## Automatic tests
|
||||
|
||||
Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization)
|
|
@ -1,10 +1,6 @@
|
|||
|
||||
|
||||
# Lemmy app for YunoHost
|
||||
**Warning:** This app uses Docker. YunoHost do not encourages to use black box container technologies like Docker and Ansible.
|
||||
|
||||
Then why this package uses Docker?
|
||||
It's because the developers of the core app do not support simple installation. And packaging without documentaion is time consuming.
|
||||
|
||||
[![Integration level](https://dash.yunohost.org/integration/lemmy.svg)](https://dash.yunohost.org/appci/app/lemmy) ![](https://ci-apps.yunohost.org/ci/badges/lemmy.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/lemmy.maintain.svg)
|
||||
|
||||
|
|
|
@ -1,14 +1,9 @@
|
|||
# See here for more information
|
||||
# https://github.com/YunoHost/package_check#syntax-check_process-file
|
||||
|
||||
# Move this file from check_process.default to check_process when you have filled it.
|
||||
|
||||
;; Test complet
|
||||
; Manifest
|
||||
domain="domain.tld" (DOMAIN)
|
||||
path="/path" (PATH)
|
||||
admin="john" (USER)
|
||||
sitename="lemmy website) (SITENAME)
|
||||
domain="domain.tld"
|
||||
path="/"
|
||||
admin="john"
|
||||
sitename="lemmy website"
|
||||
; Checks
|
||||
pkg_linter=1
|
||||
setup_sub_dir=0
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
SOURCE_URL=url of app's source
|
||||
SOURCE_SUM=sha256 checksum
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
SOURCE_FILENAME=
|
||||
SOURCE_EXTRACT=true
|
|
@ -1,56 +0,0 @@
|
|||
version: "2.2"
|
||||
|
||||
services:
|
||||
postgres:
|
||||
image: postgres:12-alpine
|
||||
environment:
|
||||
- POSTGRES_USER=lemmy
|
||||
- POSTGRES_PASSWORD=password
|
||||
- POSTGRES_DB=lemmy
|
||||
volumes:
|
||||
- ./volumes/postgres:/var/lib/postgresql/data
|
||||
restart: always
|
||||
|
||||
lemmy:
|
||||
image: dessalines/lemmy:0.9.9
|
||||
ports:
|
||||
- "127.0.0.1:__PORT__LEMMY__:8536"
|
||||
restart: always
|
||||
environment:
|
||||
- RUST_LOG=error
|
||||
volumes:
|
||||
- ./lemmy.hjson:/config/config.hjson
|
||||
depends_on:
|
||||
- postgres
|
||||
- pictrs
|
||||
- iframely
|
||||
|
||||
lemmy-ui:
|
||||
image: dessalines/lemmy-ui:0.9.9
|
||||
ports:
|
||||
- "127.0.0.1:__PORT_UI__:1234"
|
||||
restart: always
|
||||
environment:
|
||||
- LEMMY_INTERNAL_HOST=lemmy:8536
|
||||
- LEMMY_EXTERNAL_HOST=localhost:__PORT__LEMMY__
|
||||
- LEMMY_HTTPS=false
|
||||
depends_on:
|
||||
- lemmy
|
||||
|
||||
pictrs:
|
||||
image: asonix/pictrs:v0.2.5-r0
|
||||
ports:
|
||||
- "127.0.0.1:__PORT_PICTRS__:8080"
|
||||
user: 991:991
|
||||
volumes:
|
||||
- ./volumes/pictrs:/mnt
|
||||
restart: always
|
||||
|
||||
iframely:
|
||||
image: dogbin/iframely:latest
|
||||
ports:
|
||||
- "127.0.0.1:__PORT_IFRAMELY__:80"
|
||||
volumes:
|
||||
- ./iframely.config.local.js:/iframely/config.local.js:ro
|
||||
restart: always
|
||||
mem_limit: 100m
|
|
@ -37,7 +37,7 @@
|
|||
},
|
||||
*/
|
||||
|
||||
port: 80, //can be overridden by PORT env var
|
||||
port: __PORT_IFRAMELY__, //can be overridden by PORT env var
|
||||
host: '0.0.0.0', // Dockers beware. See https://github.com/itteco/iframely/issues/132#issuecomment-242991246
|
||||
//can be overridden by HOST env var
|
||||
|
||||
|
@ -104,16 +104,31 @@
|
|||
// DISABLE_HTTP2: true,
|
||||
|
||||
// Customize API calls to oembed endpoints.
|
||||
// Must have: please add your `access_token` for Facebook and Instagram API calls
|
||||
ADD_OEMBED_PARAMS: [{
|
||||
// Endpoint url regexp array.
|
||||
re: [/^http:\/\/api\.instagram\.com\/oembed/],
|
||||
// Custom get params object.
|
||||
params: {
|
||||
|
||||
re: [ // Endpoint's URL regexp array.
|
||||
/^https:\/\/graph\.facebook\.com\/v\d+\.\d+\/instagram_oembed/i
|
||||
],
|
||||
params: { // Custom query-string params object.
|
||||
|
||||
// TODO: get your access Insagtam token as described
|
||||
// on https://developers.facebook.com/docs/instagram/oembed/
|
||||
access_token: '', // The simplest way is
|
||||
// to use `{app-id}|{app secret}` as access token
|
||||
|
||||
// Add any other optional params
|
||||
hidecaption: true
|
||||
}
|
||||
}, {
|
||||
re: [/^https:\/\/www\.facebook\.com\/plugins\/page\/oembed\.json/i],
|
||||
re: [/^https:\/\/graph\.facebook\.com\/v\d+\.\d+\/oembed_page/i],
|
||||
params: {
|
||||
// TODO: get your access token as described
|
||||
// on https://developers.facebook.com/docs/plugins/oembed
|
||||
access_token: '', // The simplest way is
|
||||
// to use `{app-id}|{app secret}` as access token
|
||||
|
||||
// Add any other optional params
|
||||
show_posts: 0,
|
||||
show_facepile: 0,
|
||||
maxwidth: 600
|
||||
|
@ -126,20 +141,24 @@
|
|||
limit: 1,
|
||||
maxwidth: 600
|
||||
}
|
||||
/*
|
||||
}, {
|
||||
// Facebook https://developers.facebook.com/docs/plugins/oembed-endpoints
|
||||
re: [/^https:\/\/www\.facebook\.com\/plugins\/\w+\/oembed\.json/i],
|
||||
// Facebook https://developers.facebook.com/docs/plugins/oembed/
|
||||
re: [/^https:\/\/graph\.facebook\.com\/v\d+\.\d+\/oembed_/i],
|
||||
params: {
|
||||
// Skip script tag and fb-root div.
|
||||
omitscript: true
|
||||
// TODO: get your access token as described
|
||||
// on https://developers.facebook.com/docs/plugins/oembed
|
||||
access_token: '', // The simplest way is
|
||||
// to use `{app-id}|{app secret}` as access token
|
||||
|
||||
// Add any other optional params, like skip script tag and fb-root div
|
||||
// omitscript: true
|
||||
}
|
||||
*/
|
||||
}],
|
||||
|
||||
/* Configure use of HTTP proxies as needed.
|
||||
You don't have to specify all options per regex - just what you need to override
|
||||
*/
|
||||
/*
|
||||
// Configure use of HTTP proxies as needed.
|
||||
// You don't have to specify all options per regex - just what you need to override
|
||||
PROXY: [{
|
||||
re: [/^https?:\/\/www\.domain\.com/],
|
||||
proxy_server: 'http://1.2.3.4:8080',
|
||||
|
@ -152,11 +171,13 @@
|
|||
// Refer to: https://github.com/request/request
|
||||
// Overrides previous params if overlapped.
|
||||
},
|
||||
cache_ttl: 3600, // in seconds, cache response for 1 hour.
|
||||
disable_http2: true
|
||||
}],
|
||||
*/
|
||||
|
||||
// Customize API calls to 3rd parties. At the very least - configure required keys.
|
||||
// For available provider options - please see the code of its domain plugin.
|
||||
providerOptions: {
|
||||
locale: "en_US", // ISO 639-1 two-letter language code, e.g. en_CA or fr_CH.
|
||||
// Will be added as highest priotity in accept-language header with each request.
|
||||
|
@ -203,21 +224,18 @@
|
|||
// It is probably the same API key you use for Google Maps.
|
||||
youtube: {
|
||||
// api_key: "INSERT YOUR VALUE",
|
||||
// parts: [ "snippet", "player" ], // list of fields you want to use in the request, in most cases you only need those two
|
||||
get_params: "?rel=0&showinfo=1" // https://developers.google.com/youtube/player_parameters
|
||||
},
|
||||
vimeo: {
|
||||
get_params: "?byline=0&badge=0" // https://developer.vimeo.com/player/embedding
|
||||
},
|
||||
|
||||
/*
|
||||
soundcloud: {
|
||||
old_player: true // enables classic player
|
||||
},
|
||||
giphy: {
|
||||
media_only: true // disables branded player for gifs and returns just the image
|
||||
}
|
||||
*/
|
||||
/*
|
||||
},
|
||||
bandcamp: {
|
||||
get_params: '/size=large/bgcol=333333/linkcol=ffffff/artwork=small/transparent=true/',
|
||||
media: {
|
||||
|
@ -230,7 +248,11 @@
|
|||
'max-width': 700
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
// Docs: https://dev.twitch.tv/docs/embed/video-and-clips
|
||||
twitch: {
|
||||
parent: 'jsbin.com, null.jsbin.com, localhost'
|
||||
},
|
||||
*/
|
||||
},
|
||||
|
||||
|
@ -276,7 +298,11 @@
|
|||
// And this is AWS metadata service
|
||||
// https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html
|
||||
/^https?:\/\/169\.254\.169\.254/
|
||||
]
|
||||
],
|
||||
|
||||
// Endpoint for prerender service, if you need it. Used to parse React apps. Very slow.
|
||||
// Tested with https://github.com/prerender/prerender
|
||||
// PRERENDER_URL: "https://domain/render?url="
|
||||
};
|
||||
|
||||
module.exports = config;
|
||||
|
|
45
conf/iframely.service
Normal file
45
conf/iframely.service
Normal file
|
@ -0,0 +1,45 @@
|
|||
[Unit]
|
||||
Description=__APP__ Iframely Daemon
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=__APP__
|
||||
Group=__APP__
|
||||
WorkingDirectory=__FINALPATH__/iframely/
|
||||
ExecStart=__YNH_NODE__ -- server
|
||||
StandardOutput=append:/var/log/__APP__/__APP__-iframely.log
|
||||
StandardError=inherit
|
||||
|
||||
# Sandboxing options to harden security
|
||||
# Depending on specificities of your service/app, you may need to tweak these
|
||||
# .. but this should be a good baseline
|
||||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
NoNewPrivileges=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
DevicePolicy=closed
|
||||
ProtectSystem=full
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
LockPersonality=yes
|
||||
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
|
||||
|
||||
# Denying access to capabilities that should not be relevant for webapps
|
||||
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
7
conf/iframely.src
Normal file
7
conf/iframely.src
Normal file
|
@ -0,0 +1,7 @@
|
|||
SOURCE_URL=https://github.com/itteco/iframely/archive/refs/tags/v1.6.0.tar.gz
|
||||
SOURCE_SUM=8130267e17e4484a2cdd028cdffb619f430b9cd19b3614b5d1de2d05304d03f8
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
SOURCE_FILENAME=
|
||||
SOURCE_EXTRACT=true
|
7
conf/imagemagick.src
Normal file
7
conf/imagemagick.src
Normal file
|
@ -0,0 +1,7 @@
|
|||
SOURCE_URL=https://github.com/ImageMagick/ImageMagick/archive/refs/tags/7.0.11-14.tar.gz
|
||||
SOURCE_SUM=dfa5aa3f7f289f12c2f9ee6c7c19b02ae857b4eec02f40298f60f5c11048a016
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
SOURCE_FILENAME=
|
||||
SOURCE_EXTRACT=true
|
7
conf/lemmy-translations.src
Normal file
7
conf/lemmy-translations.src
Normal file
|
@ -0,0 +1,7 @@
|
|||
SOURCE_URL=https://codeload.github.com/LemmyNet/lemmy-translations/tar.gz/9e3dfebe14693553f1002ef06f02201ca1d52863
|
||||
SOURCE_SUM=1693789ac4d6a3905530b2cf76ad50151082f5e96d1639dc06e30219649a6c87
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
SOURCE_FILENAME=
|
||||
SOURCE_EXTRACT=true
|
49
conf/lemmy-ui.service
Normal file
49
conf/lemmy-ui.service
Normal file
|
@ -0,0 +1,49 @@
|
|||
[Unit]
|
||||
Description=__APP__ Lemmy UI Daemon
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=__APP__
|
||||
Group=__APP__
|
||||
Environment="LEMMY_INTERNAL_HOST=127.0.0.1:__PORT_LEMMY__"
|
||||
Environment=" LEMMY_EXTERNAL_HOST=__DOMAIN__"
|
||||
Environment="LEMMY_HTTPS=true"
|
||||
Environment="LEMMY_UI_HOST=0.0.0.0:__PORT_UI__"
|
||||
WorkingDirectory=__FINALPATH__/lemmy-ui/
|
||||
ExecStart=__YNH_NODE__ dist/js/server.js
|
||||
StandardOutput=append:/var/log/__APP__/__APP__-ui.log
|
||||
StandardError=inherit
|
||||
|
||||
# Sandboxing options to harden security
|
||||
# Depending on specificities of your service/app, you may need to tweak these
|
||||
# .. but this should be a good baseline
|
||||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
NoNewPrivileges=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
DevicePolicy=closed
|
||||
ProtectSystem=full
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
LockPersonality=yes
|
||||
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
|
||||
|
||||
# Denying access to capabilities that should not be relevant for webapps
|
||||
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
7
conf/lemmy-ui.src
Normal file
7
conf/lemmy-ui.src
Normal file
|
@ -0,0 +1,7 @@
|
|||
SOURCE_URL=https://github.com/LemmyNet/lemmy-ui/archive/refs/tags/0.11.2.tar.gz
|
||||
SOURCE_SUM=645954b3726803b0ba6b756a2b4f4099e2de29e59cadd828bebd592b29149611
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
SOURCE_FILENAME=
|
||||
SOURCE_EXTRACT=true
|
|
@ -6,41 +6,90 @@
|
|||
# username for the admin user
|
||||
admin_username: "__ADMIN__"
|
||||
# password for the admin user
|
||||
admin_password: "__ADMIN_PASS__"
|
||||
admin_password: "__PASSWORD__"
|
||||
# optional: email for the admin user (can be omitted and set later through the website)
|
||||
admin_email: "__ADMIN_EMAIL__"
|
||||
# name of the site (can be changed later)
|
||||
site_name: "__NAME__"
|
||||
site_name: "__SITENAME__"
|
||||
}
|
||||
# settings related to the postgresql database
|
||||
database: {
|
||||
# username to connect to postgres
|
||||
user: "__DB_USER__"
|
||||
# password to connect to postgres
|
||||
password: "__DB_PWD__"
|
||||
# host where postgres is running
|
||||
host: "localhost"
|
||||
# port where postgres can be accessed
|
||||
port: 5432
|
||||
# name of the postgres database for lemmy
|
||||
database: "__DB_NAME__"
|
||||
# maximum number of active sql connections
|
||||
pool_size: 5
|
||||
}
|
||||
|
||||
# the domain name of your instance (eg "lemmy.ml")
|
||||
hostname: "__DOMAIN__"
|
||||
# address where lemmy should listen for incoming requests
|
||||
bind: "0.0.0.0"
|
||||
# port where lemmy should listen for incoming requests
|
||||
port: 8536
|
||||
port: __PORT_LEMMY__
|
||||
# whether tls is required for activitypub. only disable this for debugging, never for producion.
|
||||
tls_enabled: true
|
||||
# json web token for authorization between server and client
|
||||
jwt_secret: "__RANDOM__"
|
||||
# settings related to the postgresql database
|
||||
database: {
|
||||
# name of the postgres database for lemmy
|
||||
database: "lemmy"
|
||||
# username to connect to postgres
|
||||
user: "lemmy"
|
||||
# password to connect to postgres
|
||||
password: "password"
|
||||
# host where postgres is running
|
||||
host: "postgres"
|
||||
# address where pictrs is available
|
||||
pictrs_url: "http://127.0.0.1:__PORT_PICTRS__"
|
||||
# address where iframely is available
|
||||
iframely_url: "http://127.0.0.1:__PORT_IFRAMELY__"
|
||||
# rate limits for various user actions, by user ip
|
||||
rate_limit: {
|
||||
# maximum number of messages created in interval
|
||||
message: 180
|
||||
# interval length for message limit
|
||||
message_per_second: 60
|
||||
# maximum number of posts created in interval
|
||||
post: 6
|
||||
# interval length for post limit
|
||||
post_per_second: 600
|
||||
# maximum number of registrations in interval
|
||||
register: 3
|
||||
# interval length for registration limit
|
||||
register_per_second: 3600
|
||||
# maximum number of image uploads in interval
|
||||
image: 6
|
||||
# interval length for image uploads
|
||||
image_per_second: 3600
|
||||
}
|
||||
# # optional: email sending configuration
|
||||
# email: {
|
||||
# # hostname and port of the smtp server
|
||||
# settings related to activitypub federation
|
||||
federation: {
|
||||
# whether to enable activitypub federation.
|
||||
enabled: true
|
||||
# Allows and blocks are described here:
|
||||
# https://join-lemmy.org/docs/en/federation/administration.html#instance-allowlist-and-blocklist
|
||||
#
|
||||
# list of instances with which federation is allowed
|
||||
# allowed_instances: ["instance1.tld","instance2.tld"]
|
||||
# instances which we never federate anything with (but previously federated objects are unaffected)
|
||||
# blocked_instances: []
|
||||
# If true, only federate with instances on the allowlist and block everything else. If false,
|
||||
# use allowlist only for remote communities, and posts/comments in local communities.
|
||||
# strict_allowlist: true
|
||||
}
|
||||
captcha: {
|
||||
enabled: true
|
||||
difficulty: medium # Can be easy, medium, or hard
|
||||
}
|
||||
# email sending configuration
|
||||
email: {
|
||||
# hostname and port of the smtp server
|
||||
smtp_server: "127.0.0.1:25"
|
||||
# # login name for smtp server
|
||||
# login name for smtp server
|
||||
smtp_login: ""
|
||||
# # password to login to the smtp server
|
||||
# password to login to the smtp server
|
||||
smtp_password: ""
|
||||
# # address to send emails from, eg "noreply@your-instance.com"
|
||||
# address to send emails from, eg "noreply@your-instance.com"
|
||||
smtp_from_address: "lemmy@__DOMAIN__"
|
||||
# # whether or not smtp connections should use tls
|
||||
# whether or not smtp connections should use tls
|
||||
use_tls: true
|
||||
# }
|
||||
}
|
||||
}
|
||||
|
|
46
conf/lemmy.service
Normal file
46
conf/lemmy.service
Normal file
|
@ -0,0 +1,46 @@
|
|||
[Unit]
|
||||
Description=__APP__ Lemmy Daemon
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=__APP__
|
||||
Group=__APP__
|
||||
Environment="LEMMY_CONFIG_LOCATION=__FINALPATH__/config/config.hjson"
|
||||
WorkingDirectory=__FINALPATH__/lemmy_server/
|
||||
ExecStart=__FINALPATH__/lemmy_server/lemmy_server
|
||||
StandardOutput=append:/var/log/__APP__/__APP__.log
|
||||
StandardError=inherit
|
||||
|
||||
# Sandboxing options to harden security
|
||||
# Depending on specificities of your service/app, you may need to tweak these
|
||||
# .. but this should be a good baseline
|
||||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
NoNewPrivileges=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
DevicePolicy=closed
|
||||
ProtectSystem=full
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
LockPersonality=yes
|
||||
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
|
||||
|
||||
# Denying access to capabilities that should not be relevant for webapps
|
||||
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
7
conf/lemmy.src
Normal file
7
conf/lemmy.src
Normal file
|
@ -0,0 +1,7 @@
|
|||
SOURCE_URL=https://github.com/LemmyNet/lemmy/archive/refs/tags/0.11.0.tar.gz
|
||||
SOURCE_SUM=8c93268d5cb7b30c9c25e2fdeef83153d95b7b79ad0b0a6f354d89e72a0ec641
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
SOURCE_FILENAME=
|
||||
SOURCE_EXTRACT=true
|
45
conf/pict-rs.service
Normal file
45
conf/pict-rs.service
Normal file
|
@ -0,0 +1,45 @@
|
|||
[Unit]
|
||||
Description=__APP__ pict-rs Daemon
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=__APP__
|
||||
Group=__APP__
|
||||
WorkingDirectory=__FINALPATH__/pict-rs/
|
||||
ExecStart=__FINALPATH__/pict-rs/pict-rs -a 127.0.0.1:__PORT_PICTRS__ -p __DATADIR__/pictrs-data
|
||||
StandardOutput=append:/var/log/__APP__/__APP__-pict-rs.log
|
||||
StandardError=inherit
|
||||
|
||||
# Sandboxing options to harden security
|
||||
# Depending on specificities of your service/app, you may need to tweak these
|
||||
# .. but this should be a good baseline
|
||||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
NoNewPrivileges=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
DevicePolicy=closed
|
||||
ProtectSystem=full
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
LockPersonality=yes
|
||||
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
|
||||
|
||||
# Denying access to capabilities that should not be relevant for webapps
|
||||
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
7
conf/pict-rs.src
Normal file
7
conf/pict-rs.src
Normal file
|
@ -0,0 +1,7 @@
|
|||
SOURCE_URL=https://git.asonix.dog/asonix/pict-rs/archive/v0.2.6-r2.tar.gz
|
||||
SOURCE_SUM=c8542ff79fc2f0699b33994d6718a9f8f4bfc94e6c7c7e1e5dc13911afd40d10
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
SOURCE_FILENAME=
|
||||
SOURCE_EXTRACT=true
|
0
doc/.gitkeep
Normal file
0
doc/.gitkeep
Normal file
3
doc/DISCLAIMER.md
Normal file
3
doc/DISCLAIMER.md
Normal file
|
@ -0,0 +1,3 @@
|
|||
* Any known limitations, constrains or stuff not working, such as (but not limited to):
|
||||
* Lemmy require full domain path to be installed. Eg. lemmy.domain.tld
|
||||
* The admin username and password will be sent to the admin of the YunoHost through mail.
|
0
doc/screenshots/.gitkeep
Normal file
0
doc/screenshots/.gitkeep
Normal file
BIN
doc/screenshots/screenshot1.webp
Normal file
BIN
doc/screenshots/screenshot1.webp
Normal file
Binary file not shown.
After Width: | Height: | Size: 97 KiB |
|
@ -7,6 +7,13 @@
|
|||
},
|
||||
"version": "0.9.9~ynh1",
|
||||
"url": "https://join.lemmy.ml/",
|
||||
"upstream": {
|
||||
"license": "GPL-3.0",
|
||||
"website": "https://join-lemmy.org/",
|
||||
"demo": "https://join.lemmy.ml/join/",
|
||||
"admindoc": "https://join-lemmy.org/docs/en/",
|
||||
"code": "https://github.com/LemmyNet/lemmy"
|
||||
},
|
||||
"license": "GPL-3.0",
|
||||
"maintainer": {
|
||||
"name": "Anmol Sharma",
|
||||
|
@ -25,19 +32,11 @@
|
|||
{
|
||||
"name": "domain",
|
||||
"type": "domain",
|
||||
"ask": {
|
||||
"en": "Choose a domain name for Lemmy",
|
||||
"fr": "Choisissez un nom de domaine pour Lemmy"
|
||||
},
|
||||
"example": "example.com"
|
||||
},
|
||||
{
|
||||
"name": "admin",
|
||||
"type": "string",
|
||||
"ask": {
|
||||
"en": "Choose an admin username",
|
||||
"fr": "Choisissez l'administrateur"
|
||||
},
|
||||
"type": "user",
|
||||
"example": "johndoe"
|
||||
},
|
||||
{
|
||||
|
@ -48,7 +47,6 @@
|
|||
},
|
||||
"example": "lemmy website"
|
||||
}
|
||||
|
||||
]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
## Problem
|
||||
- *Description of why you made this PR*
|
||||
|
||||
## Solution
|
||||
- *And how do you fix that problem*
|
||||
|
||||
## PR Status
|
||||
- [ ] Code finished.
|
||||
- [ ] Tested with Package_check.
|
||||
- [ ] Fix or enhancement tested.
|
||||
- [ ] Upgrade from last version tested.
|
||||
- [ ] Can be reviewed and tested.
|
||||
|
||||
## Package_check results
|
||||
---
|
||||
* An automatic package_check will be launch at https://ci-apps-dev.yunohost.org/, when you add a specific comment to your Pull Request: "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!"*
|
|
@ -5,7 +5,9 @@
|
|||
#=================================================
|
||||
|
||||
# dependencies used by the app
|
||||
pkg_dependencies="deb1 deb2 php$YNH_DEFAULT_PHP_VERSION-deb1 php$YNH_DEFAULT_PHP_VERSION-deb2"
|
||||
pkg_dependencies="postgresql postgresql-contrib espeak bash-completion ffmpeg clang pkg-config libgexiv2-dev libgexiv2-2 libssl-dev libc6-dev libpq-dev libavutil-dev libavformat-dev libavfilter-dev libavdevice-dev libavresample-dev libjpeg-turbo-progs libpng-dev"
|
||||
|
||||
NODEJS_VERSION=12
|
||||
|
||||
#=================================================
|
||||
# PERSONAL HELPERS
|
||||
|
|
|
@ -15,7 +15,6 @@ source /usr/share/yunohost/helpers
|
|||
#=================================================
|
||||
|
||||
ynh_clean_setup () {
|
||||
### Remove this function if there's nothing to clean before calling the remove script.
|
||||
true
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
|
@ -30,26 +29,55 @@ app=$YNH_APP_INSTANCE_NAME
|
|||
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
|
||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
|
||||
|
||||
#=================================================
|
||||
# DECLARE DATA AND CONF FILES TO BACKUP
|
||||
#=================================================
|
||||
ynh_print_info --message="Declaring files to be backed up..."
|
||||
|
||||
|
||||
#=================================================
|
||||
# BACKUP THE APP MAIN DIR
|
||||
#=================================================
|
||||
|
||||
ynh_backup --src_path="$final_path"
|
||||
|
||||
#=================================================
|
||||
# BACKUP THE DATA DIR
|
||||
#=================================================
|
||||
|
||||
ynh_backup --src_path="$datadir" --is_big
|
||||
|
||||
#=================================================
|
||||
# BACKUP THE NGINX CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC BACKUP
|
||||
#=================================================
|
||||
# BACKUP LOGROTATE
|
||||
#=================================================
|
||||
|
||||
ynh_backup --src_path="/etc/logrotate.d/$app"
|
||||
|
||||
#=================================================
|
||||
# BACKUP SYSTEMD
|
||||
#=================================================
|
||||
|
||||
ynh_backup --src_path="/etc/systemd/system/$app.service"
|
||||
ynh_backup --src_path="/etc/systemd/system/$app-ui.service"
|
||||
ynh_backup --src_path="/etc/systemd/system/$app-iframely.service"
|
||||
ynh_backup --src_path="/etc/systemd/system/$app-pict-rs.service"
|
||||
|
||||
#=================================================
|
||||
# BACKUP THE POSTGRESQL DATABASE
|
||||
#=================================================
|
||||
ynh_print_info --message="Backing up the PostgreSQL database..."
|
||||
|
||||
ynh_psql_dump_db --database="$db_name" > db.sql
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
|
|
236
scripts/install
236
scripts/install
|
@ -14,8 +14,7 @@ source /usr/share/yunohost/helpers
|
|||
#=================================================
|
||||
|
||||
ynh_clean_setup () {
|
||||
### Remove this function if there's nothing to clean before calling the remove script.
|
||||
true
|
||||
ynh_clean_check_starting
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
@ -26,19 +25,18 @@ ynh_abort_if_errors
|
|||
|
||||
domain=$YNH_APP_ARG_DOMAIN
|
||||
path_url="/"
|
||||
version=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4)
|
||||
admin=$YNH_APP_ARG_ADMIN
|
||||
password=$(ynh_string_random --length=12)
|
||||
sitename=$YNH_APP_ARG_SITENAME
|
||||
random=$(ynh_string_random --length=10)
|
||||
admin_email=$(ynh_user_get_info --username=$admin --key="mail")
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
#=================================================
|
||||
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
||||
#=================================================
|
||||
|
||||
ynh_script_progression --message="Validating installation parameters..." --weight=1
|
||||
ynh_script_progression --message="Validating installation parameters..."
|
||||
|
||||
final_path=/var/www/$app
|
||||
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
|
||||
|
@ -49,7 +47,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
|
|||
#=================================================
|
||||
# STORE SETTINGS FROM MANIFEST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Storing installation settings..." --weight=1
|
||||
ynh_script_progression --message="Storing installation settings..."
|
||||
|
||||
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
||||
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
||||
|
@ -63,97 +61,229 @@ ynh_app_setting_set --app=$app --key=random --value=$random
|
|||
#=================================================
|
||||
# FIND AND OPEN A PORT
|
||||
#=================================================
|
||||
ynh_script_progression --message="Finding an available port..." --weight=1
|
||||
ynh_script_progression --message="Finding an available port..."
|
||||
|
||||
# Find an available port
|
||||
port_lemmy=$(ynh_find_port --port=8536)
|
||||
port_ui=$(ynh_find_port --port=1235)
|
||||
port_pictrs=$(ynh_find_port --port=8537)
|
||||
port_iframely=$(ynh_find_port --port=8061)
|
||||
ynh_app_setting_set --app=$app --key=port_lemmy --value=$port_lemmy
|
||||
port_ui=$(ynh_find_port --port=1235)
|
||||
ynh_app_setting_set --app=$app --key=port_ui --value=$port_ui
|
||||
port_pictrs=$(ynh_find_port --port=8537)
|
||||
ynh_app_setting_set --app=$app --key=port_pictrs --value=$port_pictrs
|
||||
port_iframely=$(ynh_find_port --port=8061)
|
||||
ynh_app_setting_set --app=$app --key=port_iframely --value=$port_iframely
|
||||
|
||||
#=================================================
|
||||
# INSTALL DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Installing dependencies..." --weight=1
|
||||
ynh_script_progression --message="Installing dependencies..."
|
||||
|
||||
#ynh_install_app_dependencies $pkg_dependencies
|
||||
ynh_install_app_dependencies $pkg_dependencies
|
||||
ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
|
||||
ynh_use_nodejs
|
||||
ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
|
||||
|
||||
# Install Docker and compose
|
||||
curl -sSL https://get.docker.com | sh
|
||||
systemctl enable docker --quiet
|
||||
curl -L https://github.com/docker/compose/releases/download/${version}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
|
||||
#=================================================
|
||||
# CREATE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring system user..."
|
||||
|
||||
# Create a system user
|
||||
ynh_system_user_create --username=$app --home_dir=$final_path
|
||||
|
||||
#=================================================
|
||||
# CREATE A POSTGRESQL DATABASE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Creating a PostgreSQL database..."
|
||||
|
||||
ynh_psql_test_if_first_run
|
||||
db_name=$(ynh_sanitize_dbid --db_name=$app)
|
||||
db_user=$db_name
|
||||
db_pwd=$(ynh_string_random --length=30)
|
||||
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
|
||||
ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
|
||||
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
|
||||
|
||||
#=================================================
|
||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Setting up source files..." --weight=1
|
||||
ynh_script_progression --message="Setting up source files..."
|
||||
|
||||
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
||||
# Download, check integrity, uncompress and patch the source from app.src
|
||||
ynh_setup_source --dest_dir="$final_path/build-lemmy/" --source_id="lemmy"
|
||||
ynh_setup_source --dest_dir="$final_path/lemmy-ui/" --source_id="lemmy-ui"
|
||||
ynh_setup_source --dest_dir="$final_path/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
|
||||
ynh_setup_source --dest_dir="$final_path/iframely/" --source_id="iframely"
|
||||
ynh_setup_source --dest_dir="$final_path/build-pict-rs/" --source_id="pict-rs"
|
||||
ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
|
||||
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:$app "$final_path"
|
||||
|
||||
mkdir "$final_path"
|
||||
cp -f ../conf/docker-compose.yml "$final_path/docker-compose.yml"
|
||||
cp -f ../conf/lemmy.hjson "$final_path/lemmy.hjson"
|
||||
cp -f ../conf/iframely.config.local.js "$final_path/iframely.config.local.js"
|
||||
pushd "$final_path"
|
||||
mkdir -p volumes/pictrs
|
||||
chown -R 991:991 volumes/pictrs
|
||||
popd
|
||||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
|
||||
ynh_script_progression --message="Configuring NGINX web server..."
|
||||
|
||||
# Create a dedicated NGINX config
|
||||
ynh_add_nginx_config 'port_lemmy port_ui port_pictrs port_iframely'
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
# MODIFY A CONFIG FILE
|
||||
# SPECIFIC SETUP
|
||||
#=================================================
|
||||
# CREATE DATA DIRECTORY
|
||||
#=================================================
|
||||
ynh_script_progression --message="Creating a data directory..."
|
||||
|
||||
datadir=/home/yunohost.app/$app
|
||||
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
|
||||
|
||||
mkdir -p $datadir/pictrs-data
|
||||
|
||||
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/lemmy.hjson"
|
||||
ynh_replace_string --match_string="__ADMIN_PASS__" --replace_string="$password" --target_file="$final_path/lemmy.hjson"
|
||||
ynh_replace_string --match_string="__NAME__" --replace_string="$sitename" --target_file="$final_path/lemmy.hjson"
|
||||
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/lemmy.hjson"
|
||||
ynh_replace_string --match_string="__RANDOM__" --replace_string="$random" --target_file="$final_path/lemmy.hjson"
|
||||
ynh_replace_string --match_string="__PORT__LEMMY__" --replace_string="$port_lemmy" --target_file="$final_path/docker-compose.yml"
|
||||
ynh_replace_string --match_string="__PORT_UI__" --replace_string="$port_ui" --target_file="$final_path/docker-compose.yml"
|
||||
ynh_replace_string --match_string="__PORT_PICTRS__" --replace_string="$port_pictrs" --target_file="$final_path/docker-compose.yml"
|
||||
ynh_replace_string --match_string="__PORT_IFRAMELY__" --replace_string="$port_iframely" --target_file="$final_path/docker-compose.yml"
|
||||
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/iframely.config.local.js"
|
||||
chmod 750 "$datadir"
|
||||
chmod -R o-rwx "$datadir"
|
||||
chown -R $app:$app "$datadir"
|
||||
|
||||
#=================================================
|
||||
# MAKE INSTALL
|
||||
#=================================================
|
||||
ynh_script_progression --message="Making install..."
|
||||
|
||||
# Install ImageMagick
|
||||
pushd "$final_path/build-imagemagick/"
|
||||
./configure
|
||||
make
|
||||
make install
|
||||
ldconfig /usr/local/lib
|
||||
popd
|
||||
|
||||
# Install rustup with the toolchain needed by lemmy
|
||||
pushd "$final_path"
|
||||
sudo -u "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly'
|
||||
popd
|
||||
|
||||
export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin"
|
||||
|
||||
# Compile lemmy
|
||||
pushd $final_path/build-lemmy
|
||||
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --release
|
||||
popd
|
||||
|
||||
# Compile pict-rs
|
||||
pushd $final_path/build-pict-rs
|
||||
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --release
|
||||
popd
|
||||
|
||||
# Install lemmy
|
||||
mkdir -p "$final_path/lemmy_server/"
|
||||
cp -af "$final_path/build-lemmy/target/release/lemmy_server" "$final_path/lemmy_server/lemmy_server"
|
||||
|
||||
# Install pict-rs
|
||||
mkdir -p "$final_path/pict-rs/"
|
||||
cp -af "$final_path/build-pict-rs/target/release/pict-rs" "$final_path/pict-rs/pict-rs"
|
||||
|
||||
# Remove build files and rustup
|
||||
ynh_secure_remove --file="$final_path/build-lemmy"
|
||||
ynh_secure_remove --file="$final_path/build-pict-rs"
|
||||
ynh_secure_remove --file="$final_path/build-imagemagick"
|
||||
ynh_secure_remove --file="$final_path/.cargo"
|
||||
ynh_secure_remove --file="$final_path/.rustup"
|
||||
|
||||
# Compile lemmy-ui
|
||||
pushd $final_path/lemmy-ui
|
||||
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" yarn install --pure-lockfile
|
||||
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" yarn build:prod
|
||||
popd
|
||||
|
||||
# Compile iframely
|
||||
pushd $final_path/iframely
|
||||
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" $ynh_npm install
|
||||
popd
|
||||
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:$app "$final_path"
|
||||
|
||||
#=================================================
|
||||
# ADD A CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Adding a configuration file..."
|
||||
|
||||
mkdir -p "$final_path/config/"
|
||||
ynh_add_config --template="../conf/lemmy.hjson" --destination="$final_path/config/config.hjson"
|
||||
|
||||
chmod 400 "$final_path/config/config.hjson"
|
||||
chown $app:$app "$final_path/config/config.hjson"
|
||||
|
||||
ynh_add_config --template="../conf/iframely.config.local.js" --destination="$final_path/iframely/iframely.config.local.js"
|
||||
|
||||
chmod 400 "$final_path/iframely/iframely.config.local.js"
|
||||
chown $app:$app "$final_path/iframely/iframely.config.local.js"
|
||||
|
||||
#=================================================
|
||||
# SETUP SYSTEMD
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring a systemd service..."
|
||||
|
||||
# Create a dedicated systemd config
|
||||
ynh_add_systemd_config --service="$app" --template="lemmy.service"
|
||||
ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
|
||||
ynh_add_systemd_config --service="$app-iframely" --template="iframely.service"
|
||||
ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service"
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# SETUP LOGROTATE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring log rotation..."
|
||||
|
||||
mkdir -p "/var/log/$app"
|
||||
chmod 750 "/var/log/$app"
|
||||
chmod -R o-rwx "/var/log/$app"
|
||||
chown -R $app:$app "/var/log/$app"
|
||||
|
||||
# Use logrotate to manage application logfile(s)
|
||||
ynh_use_logrotate
|
||||
|
||||
#=================================================
|
||||
# INTEGRATE SERVICE IN YUNOHOST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..."
|
||||
|
||||
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
|
||||
yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log"
|
||||
yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log"
|
||||
yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log"
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Starting a systemd service..."
|
||||
|
||||
# Start a systemd service
|
||||
ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd
|
||||
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd
|
||||
ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd
|
||||
ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd
|
||||
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring permissions..." --weight=1
|
||||
|
||||
ynh_script_progression --message="Configuring permissions..."
|
||||
|
||||
# Make app public
|
||||
ynh_permission_update --permission="main" --add="visitors"
|
||||
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
|
||||
ynh_script_progression --message="Reloading NGINX web server..."
|
||||
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
|
||||
#=================================================
|
||||
# Run Lemmy through Docker
|
||||
#=================================================
|
||||
# chown -R $(whoami) /usr/local/bin
|
||||
|
||||
chmod +x /usr/local/bin/docker-compose
|
||||
cd "$final_path" && docker-compose up -d
|
||||
|
||||
|
||||
#=================================================
|
||||
# SEND A README FOR THE ADMIN
|
||||
#=================================================
|
||||
|
@ -175,4 +305,4 @@ ynh_send_readme_to_admin "$message"
|
|||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_script_progression --message="Installation of $app completed" --last
|
||||
ynh_script_progression --message="Installation of $app completed"
|
||||
|
|
101
scripts/remove
101
scripts/remove
|
@ -12,30 +12,91 @@ source /usr/share/yunohost/helpers
|
|||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Loading installation settings..." --weight=1
|
||||
ynh_script_progression --message="Loading installation settings..."
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||
db_user=$db_name
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
|
||||
#=================================================
|
||||
# STANDARD REMOVE
|
||||
#=================================================
|
||||
cd "$final_path" && docker-compose down --rmi all
|
||||
# REMOVE SERVICE INTEGRATION IN YUNOHOST
|
||||
#=================================================
|
||||
|
||||
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
|
||||
if ynh_exec_warn_less yunohost service status $app >/dev/null
|
||||
then
|
||||
ynh_script_progression --message="Removing $app service integration..."
|
||||
yunohost service remove $app
|
||||
fi
|
||||
if ynh_exec_warn_less yunohost service status $app >/dev/null
|
||||
then
|
||||
ynh_script_progression --message="Removing $app-ui service integration..."
|
||||
yunohost service remove $app-ui
|
||||
fi
|
||||
if ynh_exec_warn_less yunohost service status $app >/dev/null
|
||||
then
|
||||
ynh_script_progression --message="Removing $app-iframely service integration..."
|
||||
yunohost service remove $app-iframely
|
||||
fi
|
||||
if ynh_exec_warn_less yunohost service status $app >/dev/null
|
||||
then
|
||||
ynh_script_progression --message="Removing $app-pict-rs service integration..."
|
||||
yunohost service remove $app-pict-rs
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# STOP AND REMOVE SERVICE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Stopping and removing the systemd service..."
|
||||
|
||||
# Remove the dedicated systemd config
|
||||
ynh_remove_systemd_config
|
||||
ynh_remove_systemd_config --service=$app-ui
|
||||
ynh_remove_systemd_config --service=$app-iframely
|
||||
ynh_remove_systemd_config --service=$app-pict-rs
|
||||
|
||||
#=================================================
|
||||
# REMOVE THE POSTGRESQL DATABASE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing the PostgreSQL database..."
|
||||
|
||||
# Remove a database if it exists, along with the associated user
|
||||
ynh_psql_remove_db --db_user=$db_user --db_name=$db_name
|
||||
|
||||
#=================================================
|
||||
# REMOVE IMAGEMAGICK
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing ImageMagick..."
|
||||
|
||||
ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
|
||||
|
||||
# Install ImageMagick
|
||||
pushd "$final_path/build-imagemagick/"
|
||||
./configure
|
||||
make uninstall
|
||||
ldconfig /usr/local/lib
|
||||
popd
|
||||
|
||||
ynh_secure_remove --file="$final_path/build-imagemagick"
|
||||
|
||||
#=================================================
|
||||
# REMOVE DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing dependencies..." --weight=1
|
||||
ynh_script_progression --message="Removing dependencies..."
|
||||
|
||||
# Remove metapackage and its dependencies
|
||||
ynh_remove_nodejs
|
||||
ynh_remove_app_dependencies
|
||||
|
||||
#=================================================
|
||||
# REMOVE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing app main directory..." --weight=1
|
||||
ynh_script_progression --message="Removing app main directory..."
|
||||
|
||||
# Remove the app directory securely
|
||||
ynh_secure_remove --file="$final_path"
|
||||
|
@ -43,13 +104,41 @@ ynh_secure_remove --file="$final_path"
|
|||
#=================================================
|
||||
# REMOVE NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
|
||||
ynh_script_progression --message="Removing NGINX web server configuration..."
|
||||
|
||||
# Remove the dedicated NGINX config
|
||||
ynh_remove_nginx_config
|
||||
|
||||
#=================================================
|
||||
# REMOVE LOGROTATE CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing logrotate configuration..."
|
||||
|
||||
# Remove the app-specific logrotate config
|
||||
ynh_remove_logrotate
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC REMOVE
|
||||
#=================================================
|
||||
# REMOVE VARIOUS FILES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing various files..."
|
||||
|
||||
# Remove the log files
|
||||
ynh_secure_remove --file="/var/log/$app"
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# REMOVE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing the dedicated system user..."
|
||||
|
||||
# Delete a system user
|
||||
ynh_system_user_delete --username=$app
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_script_progression --message="Removal of $app completed" --last
|
||||
ynh_script_progression --message="Removal of $app completed"
|
||||
|
|
128
scripts/restore
128
scripts/restore
|
@ -15,8 +15,7 @@ source /usr/share/yunohost/helpers
|
|||
#=================================================
|
||||
|
||||
ynh_clean_setup () {
|
||||
#### Remove this function if there's nothing to clean before calling the remove script.
|
||||
true
|
||||
ynh_clean_check_starting
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
@ -24,19 +23,22 @@ ynh_abort_if_errors
|
|||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Loading installation settings..." --weight=1
|
||||
ynh_script_progression --message="Loading installation settings..."
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
version=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4)
|
||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||
db_user=$db_name
|
||||
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
|
||||
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
|
||||
|
||||
#=================================================
|
||||
# CHECK IF THE APP CAN BE RESTORED
|
||||
#=================================================
|
||||
ynh_script_progression --message="Validating restoration parameters..." --weight=1
|
||||
ynh_script_progression --message="Validating restoration parameters..."
|
||||
|
||||
ynh_webpath_available --domain=$domain --path_url=$path_url \
|
||||
|| ynh_die --message="Path not available: ${domain}${path_url}"
|
||||
|
@ -48,45 +50,133 @@ test ! -d $final_path \
|
|||
#=================================================
|
||||
# RESTORE THE NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the NGINX web server configuration..."
|
||||
|
||||
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# RECREATE THE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Recreating the dedicated system user..."
|
||||
|
||||
# Create the dedicated user (if not existing)
|
||||
ynh_system_user_create --username=$app --home_dir=$final_path
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the app main directory..." --weight=1
|
||||
ynh_script_progression --message="Restoring the app main directory..."
|
||||
|
||||
ynh_restore_file --origin_path="$final_path"
|
||||
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:$app "$final_path"
|
||||
|
||||
#=================================================
|
||||
# INSTALL DEPENDENCIES
|
||||
# RESTORE THE DATA DIRECTORY
|
||||
#=================================================
|
||||
ynh_script_progression --message="Installing dependencies..." --weight=1
|
||||
ynh_script_progression --message="Restoring the data directory..."
|
||||
|
||||
#ynh_install_app_dependencies $pkg_dependencies
|
||||
ynh_restore_file --origin_path="$datadir" --not_mandatory
|
||||
|
||||
# Install Docker and compose
|
||||
curl -sSL https://get.docker.com | sh
|
||||
systemctl enable docker --quiet
|
||||
curl -L https://github.com/docker/compose/releases/download/${version}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
|
||||
mkdir -p $datadir
|
||||
|
||||
chmod 750 "$datadir"
|
||||
chmod -R o-rwx "$datadir"
|
||||
chown -R $app:$app "$datadir"
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC RESTORATION
|
||||
#=================================================
|
||||
# Run Lemmy through Docker
|
||||
# REINSTALL DEPENDENCIES
|
||||
#=================================================
|
||||
# chown -R $(whoami) /usr/local/bin
|
||||
ynh_script_progression --message="Reinstalling dependencies..."
|
||||
|
||||
chmod +x /usr/local/bin/docker-compose
|
||||
cd "$final_path" && docker-compose up -d
|
||||
# Define and install dependencies
|
||||
ynh_install_app_dependencies $pkg_dependencies
|
||||
ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
|
||||
ynh_use_nodejs
|
||||
ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
|
||||
|
||||
#=================================================
|
||||
# BUILDING IMAGEMAGICK
|
||||
#=================================================
|
||||
ynh_script_progression --message="Building ImageMagick..."
|
||||
|
||||
ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
|
||||
|
||||
# Install ImageMagick
|
||||
pushd "$final_path/build-imagemagick/"
|
||||
./configure
|
||||
make
|
||||
make install
|
||||
ldconfig /usr/local/lib
|
||||
popd
|
||||
|
||||
ynh_secure_remove --file="$final_path/build-imagemagick"
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE POSTGRESQL DATABASE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the PostgreSQL database..."
|
||||
|
||||
ynh_psql_test_if_first_run
|
||||
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
|
||||
ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name"
|
||||
|
||||
#=================================================
|
||||
# RESTORE SYSTEMD
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the systemd configuration..."
|
||||
|
||||
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
|
||||
systemctl enable $app.service --quiet
|
||||
ynh_restore_file --origin_path="/etc/systemd/system/$app-ui.service"
|
||||
systemctl enable $app-ui.service --quiet
|
||||
ynh_restore_file --origin_path="/etc/systemd/system/$app-iframely.service"
|
||||
systemctl enable $app-iframely.service --quiet
|
||||
ynh_restore_file --origin_path="/etc/systemd/system/$app-pict-rs.service"
|
||||
systemctl enable $app-pict-rs.service --quiet
|
||||
|
||||
#=================================================
|
||||
# INTEGRATE SERVICE IN YUNOHOST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..."
|
||||
|
||||
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
|
||||
yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log"
|
||||
yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log"
|
||||
yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log"
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Starting a systemd service..."
|
||||
|
||||
ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd
|
||||
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd
|
||||
ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd
|
||||
ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE LOGROTATE CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the logrotate configuration..."
|
||||
|
||||
mkdir -p "/var/log/$app"
|
||||
chmod 750 "/var/log/$app"
|
||||
chmod -R o-rwx "/var/log/$app"
|
||||
chown -R $app:$app "/var/log/$app"
|
||||
|
||||
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# RELOAD NGINX AND PHP-FPM
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
|
||||
ynh_script_progression --message="Reloading NGINX web server..."
|
||||
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
|
@ -94,4 +184,4 @@ ynh_systemd_action --service_name=nginx --action=reload
|
|||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_script_progression --message="Restoration completed for $app" --last
|
||||
ynh_script_progression --message="Restoration completed for $app"
|
||||
|
|
244
scripts/upgrade
244
scripts/upgrade
|
@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers
|
|||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Loading installation settings..." --weight=1
|
||||
ynh_script_progression --message="Loading installation settings..."
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
|
@ -20,6 +20,10 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||
admin=$(ynh_app_setting_get --app=$app --key=admin)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||
db_user=$db_name
|
||||
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
|
||||
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
|
||||
password=$(ynh_app_setting_get --app=$app --key=password)
|
||||
sitename=$(ynh_app_setting_get --app=$app --key=sitename)
|
||||
random=$(ynh_app_setting_get --app=$app --key=random)
|
||||
|
@ -27,17 +31,24 @@ port_lemmy=$(ynh_app_setting_get --app=$app --key=port_lemmy)
|
|||
port_ui=$(ynh_app_setting_get --app=$app --key=port_ui)
|
||||
port_pictrs=$(ynh_app_setting_get --app=$app --key=port_pictrs)
|
||||
port_iframely=$(ynh_app_setting_get --app=$app --key=port_iframely)
|
||||
version=$(curl -s https://api.github.com/repos/docker/compose/releases/latest | grep 'tag_name' | cut -d\" -f4)
|
||||
admin_email=$(ynh_user_get_info --username=$admin --key="mail")
|
||||
|
||||
#=================================================
|
||||
# CHECK VERSION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Checking version..."
|
||||
|
||||
upgrade_type=$(ynh_check_app_version_changed)
|
||||
|
||||
#=================================================
|
||||
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
|
||||
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
|
||||
|
||||
# Backup the current version of the app
|
||||
ynh_backup_before_upgrade
|
||||
ynh_clean_setup () {
|
||||
ynh_clean_check_starting
|
||||
# Restore it if the upgrade fails
|
||||
ynh_restore_upgradebackup
|
||||
}
|
||||
|
@ -47,7 +58,44 @@ ynh_abort_if_errors
|
|||
#=================================================
|
||||
# STANDARD UPGRADE STEPS
|
||||
#=================================================
|
||||
# STOP SYSTEMD SERVICE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Stopping a systemd service..."
|
||||
|
||||
ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped" --log_path=systemd
|
||||
ynh_systemd_action --service_name=$app-ui --action="stop" --line_match="Stopped" --log_path=systemd
|
||||
ynh_systemd_action --service_name=$app-iframely --action="stop" --line_match="Stopped" --log_path=systemd
|
||||
ynh_systemd_action --service_name=$app-pict-rs --action="stop" --line_match="Stopped" --log_path=systemd
|
||||
|
||||
#=================================================
|
||||
# ENSURE DOWNWARD COMPATIBILITY
|
||||
#=================================================
|
||||
ynh_script_progression --message="Ensuring downward compatibility..."
|
||||
|
||||
# Cleaning legacy permissions
|
||||
if ynh_legacy_permissions_exists; then
|
||||
ynh_legacy_permissions_delete_all
|
||||
|
||||
ynh_app_setting_delete --app=$app --key=is_public
|
||||
fi
|
||||
|
||||
if ! ynh_permission_exists --permission="admin"; then
|
||||
# Create the required permissions
|
||||
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
|
||||
fi
|
||||
|
||||
# Create a permission if needed
|
||||
if ! ynh_permission_exists --permission="api"; then
|
||||
ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# CREATE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Making sure dedicated system user exists..."
|
||||
|
||||
# Create a dedicated user (if not existing)
|
||||
ynh_system_user_create --username=$app --home_dir=$final_path
|
||||
|
||||
#=================================================
|
||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
|
@ -55,78 +103,190 @@ ynh_abort_if_errors
|
|||
|
||||
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
||||
then
|
||||
ynh_script_progression --message="Upgrading source files..." --weight=1
|
||||
ynh_script_progression --message="Upgrading source files..."
|
||||
|
||||
# Download, check integrity, uncompress and patch the source from app.src
|
||||
cp -f ../conf/docker-compose.yml "$final_path/docker-compose.yml"
|
||||
cp -f ../conf/lemmy.hjson "$final_path/lemmy.hjson"
|
||||
cp -f ../conf/iframely.config.local.js "$final_path/iframely.config.local.js"
|
||||
pushd "$final_path"
|
||||
chown -R 991:991 volumes/pictrs
|
||||
popd
|
||||
# Download, check integrity, uncompress the source of lemmy from app.src to his build directory
|
||||
ynh_setup_source --dest_dir="$final_path/build-lemmy/" --source_id="lemmy"
|
||||
ynh_setup_source --dest_dir="$final_path/lemmy-ui/" --source_id="lemmy-ui"
|
||||
ynh_setup_source --dest_dir="$final_path/lemmy-ui/lemmy-translations/" --source_id="lemmy-translations"
|
||||
|
||||
ynh_setup_source --dest_dir="$final_path/iframely/" --source_id="iframely"
|
||||
ynh_setup_source --dest_dir="$final_path/build-pict-rs/" --source_id="pict-rs"
|
||||
ynh_setup_source --dest_dir="$final_path/build-imagemagick/" --source_id="imagemagick"
|
||||
fi
|
||||
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:$app "$final_path"
|
||||
|
||||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
|
||||
ynh_script_progression --message="Upgrading NGINX web server configuration..."
|
||||
|
||||
# Create a dedicated NGINX config
|
||||
ynh_add_nginx_config 'port_lemmy port_ui port_pictrs port_iframely'
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
# UPGRADE DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading dependencies..." --weight=1
|
||||
|
||||
#ynh_install_app_dependencies $pkg_dependencies
|
||||
|
||||
# Install Docker and compose
|
||||
curl -sSL https://get.docker.com | sh
|
||||
systemctl enable docker --quiet
|
||||
curl -L https://github.com/docker/compose/releases/download/${version}/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
|
||||
ynh_script_progression --message="Upgrading dependencies..."
|
||||
|
||||
ynh_install_app_dependencies $pkg_dependencies
|
||||
ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
|
||||
ynh_use_nodejs
|
||||
ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC UPGRADE
|
||||
#=================================================
|
||||
# MAKE UPGRADE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Making upgrade..."
|
||||
|
||||
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
||||
then
|
||||
# Install ImageMagick
|
||||
pushd "$final_path/build-imagemagick/"
|
||||
./configure
|
||||
make
|
||||
make install
|
||||
ldconfig /usr/local/lib
|
||||
popd
|
||||
|
||||
# Install rustup with the toolchain needed by lemmy
|
||||
pushd "$final_path"
|
||||
sudo -u "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly'
|
||||
popd
|
||||
|
||||
export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin"
|
||||
|
||||
# Compile lemmy
|
||||
pushd "$final_path"/build
|
||||
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --release
|
||||
popd
|
||||
|
||||
# Compile pict-rs
|
||||
pushd $final_path/build-pict-rs
|
||||
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --release
|
||||
popd
|
||||
|
||||
# Remove old generated files before copying the new ones
|
||||
ynh_secure_remove --file="$final_path/lemmy/.fingerprint"
|
||||
ynh_secure_remove --file="$final_path/lemmy/build"
|
||||
ynh_secure_remove --file="$final_path/lemmy/deps"
|
||||
ynh_secure_remove --file="$final_path/lemmy/examples"
|
||||
ynh_secure_remove --file="$final_path/lemmy/incremental"
|
||||
ynh_secure_remove --file="$final_path/lemmy/.cargo-lock"
|
||||
ynh_secure_remove --file="$final_path/lemmy/lemmy.d"
|
||||
|
||||
# Install lemmy
|
||||
mkdir -p "$final_path/lemmy_server/"
|
||||
cp -af "$final_path/build-lemmy/target/release/lemmy_server" "$final_path/lemmy_server/lemmy_server"
|
||||
|
||||
# Install pict-rs
|
||||
mkdir -p "$final_path/pict-rs/"
|
||||
cp -af "$final_path/build-pict-rs/target/release/pict-rs" "$final_path/pict-rs/pict-rs"
|
||||
|
||||
# Remove build files and rustup
|
||||
ynh_secure_remove --file="$final_path/build-lemmy"
|
||||
ynh_secure_remove --file="$final_path/build-pict-rs"
|
||||
ynh_secure_remove --file="$final_path/build-imagemagick"
|
||||
ynh_secure_remove --file="$final_path/.cargo"
|
||||
ynh_secure_remove --file="$final_path/.rustup"
|
||||
|
||||
# Compile lemmy-ui
|
||||
pushd $final_path/lemmy-ui
|
||||
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" yarn install --pure-lockfile
|
||||
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" yarn build:prod
|
||||
popd
|
||||
|
||||
# Compile iframely
|
||||
pushd $final_path/iframely
|
||||
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" $ynh_npm install
|
||||
popd
|
||||
fi
|
||||
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:$app "$final_path"
|
||||
|
||||
mkdir -p "/var/log/$app"
|
||||
chmod 750 "/var/log/$app"
|
||||
chmod -R o-rwx "/var/log/$app"
|
||||
chown -R $app:$app "/var/log/$app"
|
||||
|
||||
#=================================================
|
||||
# MODIFY A CONFIG FILE
|
||||
# UPDATE A CONFIG FILE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Updating a configuration file..."
|
||||
|
||||
mkdir -p "$final_path/lemmy_server/"
|
||||
ynh_add_config --template="../conf/lemmy.hjson" --destination="$final_path/config/config.hjson"
|
||||
|
||||
ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/CONFIG_FILE"
|
||||
chmod 400 "$final_path/config/config.hjson"
|
||||
chown $app:$app "$final_path/config/config.hjson"
|
||||
|
||||
ynh_add_config --template="../conf/iframely.config.local.js" --destination="$final_path/iframely/iframely.config.local.js"
|
||||
|
||||
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/lemmy.hjson"
|
||||
ynh_replace_string --match_string="__ADMIN_PASS__" --replace_string="$password" --target_file="$final_path/lemmy.hjson"
|
||||
ynh_replace_string --match_string="__NAME__" --replace_string="$sitename" --target_file="$final_path/lemmy.hjson"
|
||||
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/lemmy.hjson"
|
||||
ynh_replace_string --match_string="__RANDOM__" --replace_string="$random" --target_file="$final_path/lemmy.hjson"
|
||||
ynh_replace_string --match_string="__PORT__LEMMY__" --replace_string="$port_lemmy" --target_file="$final_path/docker-compose.yml"
|
||||
ynh_replace_string --match_string="__PORT_UI__" --replace_string="$port_ui" --target_file="$final_path/docker-compose.yml"
|
||||
ynh_replace_string --match_string="__PORT_PICTRS__" --replace_string="$port_pictrs" --target_file="$final_path/docker-compose.yml"
|
||||
ynh_replace_string --match_string="__PORT_IFRAMELY__" --replace_string="$port_iframely" --target_file="$final_path/docker-compose.yml"
|
||||
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/iframely.config.local.js"
|
||||
chmod 400 "$final_path/iframely/iframely.config.local.js"
|
||||
chown $app:$app "$final_path/iframely/iframely.config.local.js"
|
||||
|
||||
#=================================================
|
||||
# SETUP SYSTEMD
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading systemd configuration..."
|
||||
|
||||
# Create a dedicated systemd config
|
||||
ynh_add_systemd_config --service="$app" --template="lemmy.service"
|
||||
ynh_add_systemd_config --service="$app-ui" --template="lemmy-ui.service"
|
||||
ynh_add_systemd_config --service="$app-iframely" --template="iframely.service"
|
||||
ynh_add_systemd_config --service="$app-pict-rs" --template="pict-rs.service"
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# SETUP LOGROTATE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading logrotate configuration..."
|
||||
|
||||
mkdir -p "/var/log/$app"
|
||||
chmod 750 "/var/log/$app"
|
||||
chmod -R o-rwx "/var/log/$app"
|
||||
chown -R $app:$app "/var/log/$app"
|
||||
|
||||
# Use logrotate to manage app-specific logfile(s)
|
||||
ynh_use_logrotate --non-append
|
||||
|
||||
#=================================================
|
||||
# INTEGRATE SERVICE IN YUNOHOST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Integrating service in YunoHost..."
|
||||
|
||||
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
|
||||
yunohost service add $app-ui --description="A short description of the app" --log="/var/log/$app/$app-ui.log"
|
||||
yunohost service add $app-iframely --description="A short description of the app" --log="/var/log/$app/$app-iframely.log"
|
||||
yunohost service add $app-pict-rs --description="A short description of the app" --log="/var/log/$app/$app-pict-rs.log"
|
||||
|
||||
#=================================================
|
||||
# START SYSTEMD SERVICE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Starting a systemd service..."
|
||||
|
||||
ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path=systemd
|
||||
ynh_systemd_action --service_name=$app-ui --action="start" --line_match="Started" --log_path=systemd
|
||||
ynh_systemd_action --service_name=$app-iframely --action="start" --line_match="Started" --log_path=systemd
|
||||
ynh_systemd_action --service_name=$app-pict-rs --action="start" --line_match="Started" --log_path=systemd
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
|
||||
ynh_script_progression --message="Reloading NGINX web server..."
|
||||
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
#=================================================
|
||||
# Run Lemmy through Docker
|
||||
#=================================================
|
||||
#chown -R $(whoami) /usr/local/bin
|
||||
chmod +x /usr/local/bin/docker-compose
|
||||
cd "$final_path" && docker-compose up -d
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_script_progression --message="Upgrade of $app completed" --last
|
||||
ynh_script_progression --message="Upgrade of $app completed"
|
||||
|
|
Loading…
Reference in a new issue