From 37aa8a2e15189fbd78bea229f04c948072ebd7d3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 21:05:01 +0200 Subject: [PATCH 01/33] Update manifest.toml --- manifest.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index cf5c856..0155ebf 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Lemmy" description.en = "Link aggregator/Reddit clone for the fediverse" description.fr = "Agrégateur de liens/clone Reddit pour le fedivers" -version = "0.16.7~ynh3" +version = "0.18.0~ynh1" maintainers = [] @@ -17,7 +17,7 @@ admindoc = "https://join-lemmy.org/docs/en/" code = "https://github.com/LemmyNet/lemmy" [integration] -yunohost = ">= 11.1.20" +yunohost = ">= 11.1.21" architectures = "all" multi_instance = false ldap = false From 126bfe9acf07e2455d1426845f39ef6865f63a13 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 23 Jun 2023 19:05:05 +0000 Subject: [PATCH 02/33] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d4a1ddf..57739d8 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Shipped version:** 0.16.7~ynh2 +**Shipped version:** 0.18.0~ynh1 **Demo:** https://lemmy.ml/ diff --git a/README_fr.md b/README_fr.md index 859ae42..565452b 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Version incluse :** 0.16.7~ynh2 +**Version incluse :** 0.18.0~ynh1 **Démo :** https://lemmy.ml/ From 97cb4bc3fc3af8bb4766179202a948c171edd6a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 21:27:19 +0200 Subject: [PATCH 03/33] Update _common.sh --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 702e69f..3693f10 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -NODEJS_VERSION=18 +NODEJS_VERSION=16 #================================================= # PERSONAL HELPERS From a90ba89e7318fb5a7783e171c8a7b231ea141cd8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 21:33:02 +0200 Subject: [PATCH 04/33] fix --- manifest.toml | 2 +- scripts/_common.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 0155ebf..4897bba 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Lemmy" description.en = "Link aggregator/Reddit clone for the fediverse" description.fr = "Agrégateur de liens/clone Reddit pour le fedivers" -version = "0.18.0~ynh1" +version = "0.17.4~ynh1" maintainers = [] diff --git a/scripts/_common.sh b/scripts/_common.sh index 3693f10..702e69f 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -NODEJS_VERSION=16 +NODEJS_VERSION=18 #================================================= # PERSONAL HELPERS From 29d07790136bf82a95d4748c0198232305b05dc4 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 23 Jun 2023 19:33:07 +0000 Subject: [PATCH 05/33] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 57739d8..913b5bc 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Shipped version:** 0.18.0~ynh1 +**Shipped version:** 0.17.4~ynh1 **Demo:** https://lemmy.ml/ diff --git a/README_fr.md b/README_fr.md index 565452b..3c99a3c 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Version incluse :** 0.18.0~ynh1 +**Version incluse :** 0.17.4~ynh1 **Démo :** https://lemmy.ml/ From e24a737694a8c1b1627fbba4cbfe606a1f2de1c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 21:43:08 +0200 Subject: [PATCH 06/33] fix --- conf/lemmy-ui.service | 2 +- manifest.toml | 2 +- scripts/install | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/conf/lemmy-ui.service b/conf/lemmy-ui.service index 0b0c0c6..6a3cf7b 100644 --- a/conf/lemmy-ui.service +++ b/conf/lemmy-ui.service @@ -9,7 +9,7 @@ Group=__APP__ Environment="LEMMY_INTERNAL_HOST=127.0.0.1:__PORT__" Environment="LEMMY_EXTERNAL_HOST=__DOMAIN__" Environment="LEMMY_HTTPS=true" -Environment="LEMMY_UI_HOST=0.0.0.0:__PORT_UI__" +Environment="LEMMY_UI_HOST=127.0.0.1:__PORT_UI__" WorkingDirectory=__INSTALL_DIR__/lemmy-ui/ ExecStart=__YNH_NODE__ dist/js/server.js StandardOutput=append:/var/log/__APP__/__APP__-ui.log diff --git a/manifest.toml b/manifest.toml index 4897bba..0155ebf 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Lemmy" description.en = "Link aggregator/Reddit clone for the fediverse" description.fr = "Agrégateur de liens/clone Reddit pour le fedivers" -version = "0.17.4~ynh1" +version = "0.18.0~ynh1" maintainers = [] diff --git a/scripts/install b/scripts/install index e4dab13..fd15d3e 100755 --- a/scripts/install +++ b/scripts/install @@ -121,8 +121,8 @@ yunohost service add $app-ui --log="/var/log/$app/$app-ui.log" ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --line_match="Starting http server at" --log_path="/var/log/$app/$app.log" -ynh_systemd_action --service_name=$app-ui --action="start" --line_match="http://0.0.0.0" --log_path="/var/log/$app/$app-ui.log" +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" #--line_match="Starting http server at" +ynh_systemd_action --service_name=$app-ui --action="start" --log_path="/var/log/$app/$app-ui.log" #--line_match="http://0.0.0.0" #================================================= # END OF SCRIPT From 337c75d6bff6d8118b3d637aecc1add5c7d9794b Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 23 Jun 2023 19:43:18 +0000 Subject: [PATCH 07/33] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 913b5bc..57739d8 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Shipped version:** 0.17.4~ynh1 +**Shipped version:** 0.18.0~ynh1 **Demo:** https://lemmy.ml/ diff --git a/README_fr.md b/README_fr.md index 3c99a3c..565452b 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Version incluse :** 0.17.4~ynh1 +**Version incluse :** 0.18.0~ynh1 **Démo :** https://lemmy.ml/ From b0674d28a55af81f7102beb5d96781a2607aca17 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 21:48:45 +0200 Subject: [PATCH 08/33] Update install --- scripts/install | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/install b/scripts/install index fd15d3e..453d64a 100755 --- a/scripts/install +++ b/scripts/install @@ -60,6 +60,14 @@ mkdir -p "$install_dir/lemmy-ui/" rsync -a "$install_dir/build-lemmy-ui/output/app/" "$install_dir/lemmy-ui/" ynh_secure_remove --file="$install_dir/build-lemmy-ui" + + +pushd $install_dir/lemmy-ui/ + npm install --platform=linux --arch=x64 sharp +popd + + + # Install lemmy pushd $install_dir/build-lemmy ./docker-image-extract dessalines/lemmy:$(ynh_app_upstream_version) From 81cbf50bd4db74034ae86f135587e4756248380d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 21:52:32 +0200 Subject: [PATCH 09/33] Update install --- scripts/install | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install b/scripts/install index 453d64a..78a30e5 100755 --- a/scripts/install +++ b/scripts/install @@ -64,6 +64,7 @@ ynh_secure_remove --file="$install_dir/build-lemmy-ui" pushd $install_dir/lemmy-ui/ npm install --platform=linux --arch=x64 sharp + npm install express popd From 513d5ae664fc55425a2275ff72abfd778dc17c2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 21:56:05 +0200 Subject: [PATCH 10/33] Update install --- scripts/install | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 78a30e5..dedf80a 100755 --- a/scripts/install +++ b/scripts/install @@ -63,8 +63,7 @@ ynh_secure_remove --file="$install_dir/build-lemmy-ui" pushd $install_dir/lemmy-ui/ - npm install --platform=linux --arch=x64 sharp - npm install express + npm install popd From df690d786d7771b1c0149738b7566ed35194ef0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 22:50:05 +0200 Subject: [PATCH 11/33] Update install --- scripts/install | 8 -------- 1 file changed, 8 deletions(-) diff --git a/scripts/install b/scripts/install index dedf80a..fd15d3e 100755 --- a/scripts/install +++ b/scripts/install @@ -60,14 +60,6 @@ mkdir -p "$install_dir/lemmy-ui/" rsync -a "$install_dir/build-lemmy-ui/output/app/" "$install_dir/lemmy-ui/" ynh_secure_remove --file="$install_dir/build-lemmy-ui" - - -pushd $install_dir/lemmy-ui/ - npm install -popd - - - # Install lemmy pushd $install_dir/build-lemmy ./docker-image-extract dessalines/lemmy:$(ynh_app_upstream_version) From ed44d07c13b5a843e3005bfb8633e72ed78dc2ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 22:56:16 +0200 Subject: [PATCH 12/33] revert --- conf/lemmy-ui.service | 2 +- scripts/install | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/conf/lemmy-ui.service b/conf/lemmy-ui.service index 6a3cf7b..0b0c0c6 100644 --- a/conf/lemmy-ui.service +++ b/conf/lemmy-ui.service @@ -9,7 +9,7 @@ Group=__APP__ Environment="LEMMY_INTERNAL_HOST=127.0.0.1:__PORT__" Environment="LEMMY_EXTERNAL_HOST=__DOMAIN__" Environment="LEMMY_HTTPS=true" -Environment="LEMMY_UI_HOST=127.0.0.1:__PORT_UI__" +Environment="LEMMY_UI_HOST=0.0.0.0:__PORT_UI__" WorkingDirectory=__INSTALL_DIR__/lemmy-ui/ ExecStart=__YNH_NODE__ dist/js/server.js StandardOutput=append:/var/log/__APP__/__APP__-ui.log diff --git a/scripts/install b/scripts/install index fd15d3e..d91bc38 100755 --- a/scripts/install +++ b/scripts/install @@ -121,8 +121,8 @@ yunohost service add $app-ui --log="/var/log/$app/$app-ui.log" ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" #--line_match="Starting http server at" -ynh_systemd_action --service_name=$app-ui --action="start" --log_path="/var/log/$app/$app-ui.log" #--line_match="http://0.0.0.0" +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Starting http server at" +ynh_systemd_action --service_name=$app-ui --action="start" --log_path="/var/log/$app/$app-ui.log" --line_match="http://0.0.0.0" #================================================= # END OF SCRIPT From ad37b7d4b4b10d17264b5be97a5e4e4d9ba91606 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 23 Jun 2023 23:17:27 +0200 Subject: [PATCH 13/33] fix --- conf/nginx.conf | 14 ++++++++------ manifest.toml | 2 +- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 1ec7d21..2ea6460 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,3 +1,5 @@ +#https://github.com/LemmyNet/lemmy-ansible/blob/main/templates/nginx_internal.conf + #limit_req_zone $binary_remote_addr zone=lemmy_ratelimit:10m rate=1r/s; # Only connect to this site via HTTPS for the two years @@ -19,7 +21,11 @@ location / { # lemmy_port: 8536 set $proxpass "http://127.0.0.1:__PORT_UI__"; - if ($http_accept ~ "^application/.*$") { + + if ($http_accept ~ "^application/activity+json") { + set $proxpass "http://127.0.0.1:__PORT__"; + } + if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") { set $proxpass "http://127.0.0.1:__PORT__"; } if ($request_method = POST) { @@ -28,7 +34,6 @@ location / { proxy_pass $proxpass; rewrite ^(.+)/+$ $1 permanent; - # Send actual client IP upstream proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; @@ -42,10 +47,7 @@ location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; - # Rate limit - # limit_req zone=lemmy_ratelimit burst=30 nodelay; - - # Add IP forwarding headers + # Send actual client IP upstream proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/manifest.toml b/manifest.toml index 0155ebf..4ed7666 100644 --- a/manifest.toml +++ b/manifest.toml @@ -51,7 +51,7 @@ ram.runtime = "50M" [resources.ports] main.default = 8536 - ui.default = 8537 + ui.default = 1235 [resources.system_user] From 03e4ecbe0cf8486981fcca7288727b461918387c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 28 Jun 2023 11:49:59 +0200 Subject: [PATCH 14/33] Update lemmy-ui.service --- conf/lemmy-ui.service | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/conf/lemmy-ui.service b/conf/lemmy-ui.service index 0b0c0c6..f5c3821 100644 --- a/conf/lemmy-ui.service +++ b/conf/lemmy-ui.service @@ -15,35 +15,5 @@ ExecStart=__YNH_NODE__ dist/js/server.js StandardOutput=append:/var/log/__APP__/__APP__-ui.log StandardError=inherit -# Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline -# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html -NoNewPrivileges=yes -PrivateTmp=yes -PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 -RestrictNamespaces=yes -RestrictRealtime=yes -DevicePolicy=closed -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -LockPersonality=yes -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap - -# Denying access to capabilities that should not be relevant for webapps -# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html -CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD -CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE -CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT -CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK -CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM -CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG -CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE -CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG - [Install] WantedBy=multi-user.target From 3bfe54434b4a1961212ff4882e24a5b6304b0564 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 28 Jun 2023 11:50:44 +0200 Subject: [PATCH 15/33] Update lemmy-ui.service --- conf/lemmy-ui.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/lemmy-ui.service b/conf/lemmy-ui.service index f5c3821..7f8101b 100644 --- a/conf/lemmy-ui.service +++ b/conf/lemmy-ui.service @@ -9,7 +9,7 @@ Group=__APP__ Environment="LEMMY_INTERNAL_HOST=127.0.0.1:__PORT__" Environment="LEMMY_EXTERNAL_HOST=__DOMAIN__" Environment="LEMMY_HTTPS=true" -Environment="LEMMY_UI_HOST=0.0.0.0:__PORT_UI__" +Environment="LEMMY_UI_HOST=127.0.0.1:__PORT_UI__" WorkingDirectory=__INSTALL_DIR__/lemmy-ui/ ExecStart=__YNH_NODE__ dist/js/server.js StandardOutput=append:/var/log/__APP__/__APP__-ui.log From 4f7e36a024972c0b95184041075f7b1f9c7f2f35 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sat, 8 Jul 2023 08:12:27 +0200 Subject: [PATCH 16/33] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 4ed7666..1278411 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Lemmy" description.en = "Link aggregator/Reddit clone for the fediverse" description.fr = "Agrégateur de liens/clone Reddit pour le fedivers" -version = "0.18.0~ynh1" +version = "0.18.1~ynh1" maintainers = [] From 36d699a42f96d48551c3d0e126eedcc4a4a3915d Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sat, 8 Jul 2023 06:12:31 +0000 Subject: [PATCH 17/33] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 57739d8..5234eee 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Shipped version:** 0.18.0~ynh1 +**Shipped version:** 0.18.1~ynh1 **Demo:** https://lemmy.ml/ diff --git a/README_fr.md b/README_fr.md index 565452b..073c329 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. -**Version incluse :** 0.18.0~ynh1 +**Version incluse :** 0.18.1~ynh1 **Démo :** https://lemmy.ml/ From fcefb8d8aaba7f1eb01f425593a66df675983a86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Mon, 10 Jul 2023 16:26:49 +0200 Subject: [PATCH 18/33] Update lemmy-ui.service --- conf/lemmy-ui.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/lemmy-ui.service b/conf/lemmy-ui.service index 7f8101b..f5c3821 100644 --- a/conf/lemmy-ui.service +++ b/conf/lemmy-ui.service @@ -9,7 +9,7 @@ Group=__APP__ Environment="LEMMY_INTERNAL_HOST=127.0.0.1:__PORT__" Environment="LEMMY_EXTERNAL_HOST=__DOMAIN__" Environment="LEMMY_HTTPS=true" -Environment="LEMMY_UI_HOST=127.0.0.1:__PORT_UI__" +Environment="LEMMY_UI_HOST=0.0.0.0:__PORT_UI__" WorkingDirectory=__INSTALL_DIR__/lemmy-ui/ ExecStart=__YNH_NODE__ dist/js/server.js StandardOutput=append:/var/log/__APP__/__APP__-ui.log From 6ac0fa048fc7a9a715802c108daad889e6d1e8d7 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 11 Jul 2023 07:44:39 +0200 Subject: [PATCH 19/33] fix --- manifest.toml | 3 +++ scripts/_common.sh | 2 +- scripts/install | 10 +++++++++- 3 files changed, 13 insertions(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index db07e21..f40a365 100644 --- a/manifest.toml +++ b/manifest.toml @@ -65,6 +65,9 @@ ram.runtime = "50M" [resources.apt] packages = "postgresql espeak" + extras.yarn.repo = "deb https://dl.yarnpkg.com/debian/ stable main" + extras.yarn.key = "https://dl.yarnpkg.com/debian/pubkey.gpg" + extras.yarn.packages = "yarn" [resources.database] type = "postgresql" diff --git a/scripts/_common.sh b/scripts/_common.sh index 702e69f..75bdfd1 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -NODEJS_VERSION=18 +NODEJS_VERSION=20 #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index d91bc38..14c277e 100755 --- a/scripts/install +++ b/scripts/install @@ -18,7 +18,6 @@ ynh_install_nodejs --nodejs_version=$NODEJS_VERSION ynh_use_nodejs ln -fs /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1 - #================================================= # CREATE A POSTGRESQL DATABASE #================================================= @@ -47,6 +46,15 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# INSTALL THE SHARP +#================================================= + +pushd $install_dir + ynh_use_nodejs + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn install --global sharp +popd + #================================================= # MAKE INSTALL #================================================= From 0c4d544a34d403722388d30f55463a564cbab5ac Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 11 Jul 2023 07:52:44 +0200 Subject: [PATCH 20/33] Update install --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index 14c277e..25c9393 100755 --- a/scripts/install +++ b/scripts/install @@ -52,7 +52,7 @@ ynh_add_nginx_config pushd $install_dir ynh_use_nodejs - ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn install --global sharp + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn global add sharp popd #================================================= From 2c2901e36219e4deee96e5e92a3484d81e2f9407 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 11 Jul 2023 07:52:59 +0200 Subject: [PATCH 21/33] Update _common.sh --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 75bdfd1..702e69f 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -NODEJS_VERSION=20 +NODEJS_VERSION=18 #================================================= # PERSONAL HELPERS From 808495b43bb9d1b8d1863e3a9210f59b805c5f02 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 11 Jul 2023 08:03:10 +0200 Subject: [PATCH 22/33] Update _common.sh --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 702e69f..75bdfd1 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -NODEJS_VERSION=18 +NODEJS_VERSION=20 #================================================= # PERSONAL HELPERS From 789467d126b22aa24abb6e2a0886a540269635d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 12 Jul 2023 07:35:21 +0200 Subject: [PATCH 23/33] Update scripts/install Co-authored-by: Matthew DeAbreu --- scripts/install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 25c9393..26a9389 100755 --- a/scripts/install +++ b/scripts/install @@ -50,9 +50,9 @@ ynh_add_nginx_config # INSTALL THE SHARP #================================================= -pushd $install_dir +pushd $install_dir/lemmy-ui ynh_use_nodejs - ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn global add sharp + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn add sharp popd #================================================= From a1c5df6f33456cf7a7a49fafcd3adfd6a9313614 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 07:56:48 +0200 Subject: [PATCH 24/33] Update upgrade --- scripts/upgrade | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 06a9d25..f36f87d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -85,6 +85,15 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# INSTALL SHARP +#================================================= + +pushd $install_dir/lemmy-ui + ynh_use_nodejs + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn add sharp +popd + #================================================= # SPECIFIC UPGRADE #================================================= From 3cbc91a676b5602aaa2f1a116d0d85ebffa67817 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 07:58:28 +0200 Subject: [PATCH 25/33] Update tests.toml --- tests.toml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/tests.toml b/tests.toml index 524d6d3..fedf5c7 100644 --- a/tests.toml +++ b/tests.toml @@ -14,4 +14,5 @@ test_format = 1.0 # Commits to test upgrade from # ------------------------------- - test_upgrade_from.206df4db0b99c52f07ea1a2d5daf799d4b8357fd.name = "Upgrade from 0.15.2~ynh3" \ No newline at end of file + test_upgrade_from.206df4db0b99c52f07ea1a2d5daf799d4b8357fd.name = "Upgrade from 0.15.2~ynh3" + test_upgrade_from.383e145946458933a81010282b77dd986978ad6c.name = "Upgrade from 0.16.7~ynh4" From 3728c3419021d508e2953f84d88d465ddb3ae3a2 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 08:00:26 +0200 Subject: [PATCH 26/33] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index f40a365..4323187 100644 --- a/manifest.toml +++ b/manifest.toml @@ -23,7 +23,7 @@ multi_instance = false ldap = false sso = false disk = "50M" -ram.build = "100M" +ram.build = "500M" ram.runtime = "50M" [install.domain] From e132b2cfcd218e7ed60bf7068821c84a15b45140 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 08:01:43 +0200 Subject: [PATCH 27/33] cleaning --- doc/DESCRIPTION_fr.md | 1 + tests.toml | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 doc/DESCRIPTION_fr.md diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md new file mode 100644 index 0000000..0c98e9b --- /dev/null +++ b/doc/DESCRIPTION_fr.md @@ -0,0 +1 @@ +Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. diff --git a/tests.toml b/tests.toml index fedf5c7..01931a3 100644 --- a/tests.toml +++ b/tests.toml @@ -9,7 +9,6 @@ test_format = 1.0 args.admin = "john" args.sitename = "lemmy website" - # ------------------------------- # Commits to test upgrade from # ------------------------------- From a993b0500019e0a172f0747650537de6b58dcf71 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 08:04:04 +0200 Subject: [PATCH 28/33] Update lemmy-ui.service --- conf/lemmy-ui.service | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/conf/lemmy-ui.service b/conf/lemmy-ui.service index f5c3821..0b0c0c6 100644 --- a/conf/lemmy-ui.service +++ b/conf/lemmy-ui.service @@ -15,5 +15,35 @@ ExecStart=__YNH_NODE__ dist/js/server.js StandardOutput=append:/var/log/__APP__/__APP__-ui.log StandardError=inherit +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target From 337a139167d07f513f084829d7ec4691f1fe4189 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 08:06:01 +0200 Subject: [PATCH 29/33] Update nginx.conf --- conf/nginx.conf | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 2ea6460..b21f6da 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -22,10 +22,7 @@ location / { set $proxpass "http://127.0.0.1:__PORT_UI__"; - if ($http_accept ~ "^application/activity+json") { - set $proxpass "http://127.0.0.1:__PORT__"; - } - if ($http_accept = "application/ld+json; profile=\"https://www.w3.org/ns/activitystreams\"") { + if ($http_accept ~ "^application/.*$") { set $proxpass "http://127.0.0.1:__PORT__"; } if ($request_method = POST) { From 3f134fdac36ce458c890f07d53486f570e5d8561 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 08:07:00 +0200 Subject: [PATCH 30/33] Update tests.toml --- tests.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests.toml b/tests.toml index 01931a3..a213874 100644 --- a/tests.toml +++ b/tests.toml @@ -13,5 +13,5 @@ test_format = 1.0 # Commits to test upgrade from # ------------------------------- - test_upgrade_from.206df4db0b99c52f07ea1a2d5daf799d4b8357fd.name = "Upgrade from 0.15.2~ynh3" + #test_upgrade_from.206df4db0b99c52f07ea1a2d5daf799d4b8357fd.name = "Upgrade from 0.15.2~ynh3" test_upgrade_from.383e145946458933a81010282b77dd986978ad6c.name = "Upgrade from 0.16.7~ynh4" From 7656a710336b199a57e0ded905f86d6458507dda Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 08:12:49 +0200 Subject: [PATCH 31/33] Update DESCRIPTION_fr.md --- doc/DESCRIPTION_fr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md index 0c98e9b..34188d4 100644 --- a/doc/DESCRIPTION_fr.md +++ b/doc/DESCRIPTION_fr.md @@ -1 +1 @@ -Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. +Lemmy est similaire à des sites comme Reddit, Lobste.rs ou Hacker News : vous vous abonnez aux forums qui vous intéressent, publiez des liens et des discussions, puis votez et commentez-les. Dans les coulisses, c'est très différent ; n'importe qui peut facilement exécuter un serveur, et tous ces serveurs sont fédérés (pensez au courrier électronique) et connectés au même univers, appelé Fediverse. \ No newline at end of file From 9d1393691f8eeb5e0702576c85b2a2a36d029c9f Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 12 Jul 2023 06:12:54 +0000 Subject: [PATCH 32/33] Auto-update README --- README_fr.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README_fr.md b/README_fr.md index 073c329..0c82ad3 100644 --- a/README_fr.md +++ b/README_fr.md @@ -16,8 +16,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po ## Vue d’ensemble -Lemmy is similar to sites like Reddit, Lobste.rs, or Hacker News: you subscribe to forums you're interested in, post links and discussions, then vote, and comment on them. Behind the scenes, it is very different; anyone can easily run a server, and all these servers are federated (think email), and connected to the same universe, called the Fediverse. - +Lemmy est similaire à des sites comme Reddit, Lobste.rs ou Hacker News : vous vous abonnez aux forums qui vous intéressent, publiez des liens et des discussions, puis votez et commentez-les. Dans les coulisses, c'est très différent ; n'importe qui peut facilement exécuter un serveur, et tous ces serveurs sont fédérés (pensez au courrier électronique) et connectés au même univers, appelé Fediverse. **Version incluse :** 0.18.1~ynh1 From 4bcce516b297ece74690f9c57f7b43b84d54aba8 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 12 Jul 2023 08:13:17 +0200 Subject: [PATCH 33/33] Update install --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index 26a9389..8e99d95 100755 --- a/scripts/install +++ b/scripts/install @@ -47,7 +47,7 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 ynh_add_nginx_config #================================================= -# INSTALL THE SHARP +# INSTALL SHARP #================================================= pushd $install_dir/lemmy-ui