diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh deleted file mode 100644 index 1499a0f..0000000 --- a/.github/workflows/updater.sh +++ /dev/null @@ -1,107 +0,0 @@ -#!/bin/bash - -#================================================= -# PACKAGE UPDATING HELPER -#================================================= - -# This script is meant to be run by GitHub Actions -# The YunoHost-Apps organisation offers a template Action to run this script periodically -# Since each app is different, maintainers can adapt its contents so as to perform -# automatic actions when a new upstream release is detected. - -#================================================= -# FETCHING LATEST RELEASE AND ITS ASSETS -#================================================= - -# Fetching information -current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') -repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') -# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) -version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -assets="https://github.com/tootsuite/mastodon/archive/refs/tags/$version.tar.gz" - -# Later down the script, we assume the version has only digits and dots -# Sometimes the release name starts with a "v", so let's filter it out. -# You may need more tweaks here if the upstream repository has different naming conventions. -if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} -fi - -# Setting up the environment variables -echo "Current version: $current_version" -echo "Latest release from upstream: $version" -echo "VERSION=$version" >> $GITHUB_ENV -echo "REPO=$repo" >> $GITHUB_ENV -# For the time being, let's assume the script will fail -echo "PROCEED=false" >> $GITHUB_ENV - -# Proceed only if the retrieved version is greater than the current one -if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "::warning ::No new version available" - exit 0 -# Proceed only if a PR for this new version does not already exist -elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then - echo "::warning ::A branch already exists for this update" - exit 0 -fi - -#================================================= -# UPDATE SOURCE FILES -#================================================= - -# Let's download source tarball -asset_url=$assets - -echo "Handling asset at $asset_url" - -src="app" - -# Create the temporary directory -tempdir="$(mktemp -d)" - -# Download sources and calculate checksum -filename=${asset_url##*/} -curl --silent -4 -L $asset_url -o "$tempdir/$filename" -checksum=$(sha256sum "$tempdir/$filename" | head -c 64) - -# Delete temporary directory -rm -rf $tempdir - -# Get extension -if [[ $filename == *.tar.gz ]]; then - extension=tar.gz -else - extension=${filename##*.} -fi - -# Rewrite source file -cat < conf/$src.src -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true -EOT -echo "... conf/$src.src updated" - -#================================================= -# SPECIFIC UPDATE STEPS -#================================================= - -# Any action on the app's source code can be done. -# The GitHub Action workflow takes care of committing all changes after this script ends. - -#================================================= -# GENERIC FINALIZATION -#================================================= - -# Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json - -# No need to update the README, yunohost-bot takes care of it - -# The Action will proceed only if the PROCEED environment variable is set to true -echo "PROCEED=true" >> $GITHUB_ENV -exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml deleted file mode 100644 index a56d7cb..0000000 --- a/.github/workflows/updater.yml +++ /dev/null @@ -1,49 +0,0 @@ -# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. -# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. -# This file should be enough by itself, but feel free to tune it to your needs. -# It calls updater.sh, which is where you should put the app-specific update steps. -name: Check for new upstream releases -on: - # Allow to manually trigger the workflow - workflow_dispatch: - # Run it every day at 6:00 UTC - schedule: - - cron: '0 6 * * *' -jobs: - updater: - runs-on: ubuntu-latest - steps: - - name: Fetch the source code - uses: actions/checkout@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run the updater script - id: run_updater - run: | - # Setting up Git user - git config --global user.name 'yunohost-bot' - git config --global user.email 'yunohost-bot@users.noreply.github.com' - # Run the updater script - /bin/bash .github/workflows/updater.sh - - name: Commit changes - id: commit - if: ${{ env.PROCEED == 'true' }} - run: | - git commit -am "Upgrade to v$VERSION" - - name: Create Pull Request - id: cpr - if: ${{ env.PROCEED == 'true' }} - uses: peter-evans/create-pull-request@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: Update to version ${{ env.VERSION }} - committer: 'yunohost-bot ' - author: 'yunohost-bot ' - signoff: false - base: testing - branch: ci-auto-update-v${{ env.VERSION }} - delete-branch: true - title: 'Upgrade to version ${{ env.VERSION }}' - body: | - Upgrade to v${{ env.VERSION }} - draft: false diff --git a/README.md b/README.md index 0f7a714..d9b4a89 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,8 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview -Mastodon is a free, open-source microblogging social network. It is a decentralized alternative to commercial platforms like Twitter and avoids the risks of a single company monopolizing your communication for commercial purposes. +Mastodon is a free, open-source microblogging social network. It is a decentralized alternative to commercial platforms like Twitter and avoids the risks of a single company monopolizing your communication for commercial purposes. + **Shipped version:** 4.2.8~ynh1 @@ -26,49 +27,6 @@ Mastodon is a free, open-source microblogging social network. It is a decentrali ![Screenshot of Mastodon](./doc/screenshots/mastodon.png) -## Disclaimers / important information - -## Important points to read before installing - -1. **Mastodon** require a dedicated **root domain**, eg. mastodon.domain.tld -1. The user choosen during the installation is automatically created in Mastodon with admin rights -1. At the end of the installation a mail is sent to the user with the automatically generated password -1. It seems important to close the inscriptions for your Mastodon, so that it remains a private body. We invite you to block remote malicious instances from the administration interface. You can also add text on your home page. - -## Configuration - -### Install - -#### Using *screen* in case of disconnect -``` -$ sudo apt-get install screen -$ screen -$ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git -``` -Recover after disconnect: -``` -$ screen -d -$ screen -r -``` - -### Update - -#### Using *screen* highly recommended - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` - -### Administrate with tootctl - -`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` - -## YunoHost specific features - -#### Multi-users support - -LDAP authentication is activated. All YunoHost users can authenticate. - -Log-out from YunoHost's portal doesn't log out from Mastodon. See https://github.com/YunoHost/issues/issues/501 - ## Documentation and resources * Official app website: diff --git a/README_fr.md b/README_fr.md index ac775e7..0d7e1a0 100644 --- a/README_fr.md +++ b/README_fr.md @@ -27,54 +27,6 @@ Mastodon est un réseau social de microblog auto-hébergé et open source. C'est ![Capture d’écran de Mastodon](./doc/screenshots/mastodon.png) -## Avertissements / informations importantes - -## Points importants à lire avant l'installation - -1. **Mastodon** nécessite un **nom de domaine** dédié, par exemple : mastodon.domain.tld -1. L'utilisateur sélectionné pendant l'installation sera créé automatiquement dans Mastodon avec des droits d'administration. -1. À la fin de l'installation, un mail est envoyé à cet utilisateur avec un mot de passe généré automatiquement. -1. Pour que votre instance Mastodon reste privée, il est important de fermer les inscriptions. Nous vous invitons à bloquer les instances distantes indésirables depuis l'interface d'administration. Vous pouvez également ajouter un texte sur votre page d'accueil dans l'administration. - -## Captures d'écran - -![](https://framalibre.org/sites/default/files/mastodon.png) - -## Configuration - -### Installation - -#### Utilisation de *screen* en cas de déconnection -``` -$ sudo apt-get install screen -$ screen -$ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git -``` -Récupérer l'installation après une deconnection : -``` -$ screen -d -$ screen -r -``` -L'utilisateur admin est créé automatiquement comme : user@domain.tld - -### Mise à jour - -#### Utilisation de *screen* fortement recommandée - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` - -### Administration avec tootctl - -`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` - -## Caractéristiques spécifiques YunoHost - -#### Support multi-utilisateur - -L'authentification LDAP est activée. Tous les utilisateurs YunoHost peuvent s'authentifier. - -Se déconnecter depuis le portail YunoHost ne vous déconnecte pas de Mastodon. Voir https://github.com/YunoHost/issues/issues/501 - ## Documentations et ressources * Site officiel de l’app : diff --git a/check_process b/check_process deleted file mode 100644 index 8714241..0000000 --- a/check_process +++ /dev/null @@ -1,22 +0,0 @@ -;; Test complet - ; Manifest - domain="domain.tld" - is_public=1 - admin="john" - language="fr_FR" - ; Checks - pkg_linter=1 - setup_sub_dir=0 - setup_root=1 - setup_nourl=0 - setup_private=1 - setup_public=1 - upgrade=1 - # 4.02~ynh2 - upgrade=1 from_commit=94381183ca2d14da72234b53c9a83972ffb16e54 - backup_restore=1 - multi_instance=0 - change_url=0 -;;; Options -Email=yalh@yahoo.com -Notification=all diff --git a/conf/.env.production.sample b/conf/.env.production.sample index 21cc8e5..7005b5d 100644 --- a/conf/.env.production.sample +++ b/conf/.env.production.sample @@ -30,11 +30,14 @@ DB_NAME=__DB_NAME__ DB_PASS=__DB_PWD__ DB_PORT=5432 -# ElasticSearch (optional) +# Elasticsearch (optional) # ------------------------ -# ES_ENABLED=true -# ES_HOST=es +ES_ENABLED=false +# ES_HOST=localhost # ES_PORT=9200 +# Authentication for ES (optional) +# ES_USER=elastic +# ES_PASS=password # Secrets # ------- @@ -54,17 +57,12 @@ VAPID_PUBLIC_KEY=__VAPID_PUBLIC_KEY__ # ------------ SMTP_SERVER=localhost SMTP_PORT=25 -#SMTP_LOGIN= -#SMTP_PASSWORD= -SMTP_FROM_ADDRESS=__ADMIN_MAIL__ -#SMTP_REPLY_TO= -#SMTP_DOMAIN= # defaults to LOCAL_DOMAIN -SMTP_DELIVERY_METHOD=sendmail # delivery method can also be smtp -SMTP_AUTH_METHOD=none -#SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt +SMTP_LOGIN=__APP__ +SMTP_PASSWORD=__MAIL_PWD__ +SMTP_FROM_ADDRESS=Mastodon <__APP__@__DOMAIN__> +SMTP_DELIVERY_METHOD=smtp +SMTP_AUTH_METHOD=plain SMTP_OPENSSL_VERIFY_MODE=none -#SMTP_ENABLE_STARTTLS_AUTO=true -#SMTP_TLS=true # Registrations # ------------ @@ -80,16 +78,13 @@ DEFAULT_LOCALE=__LANGUAGE__ # File storage (optional) # ----------------------- -# S3_ENABLED=true -# S3_BUCKET= +S3_ENABLED=false +# S3_BUCKET=files.example.com # AWS_ACCESS_KEY_ID= # AWS_SECRET_ACCESS_KEY= -# S3_REGION= -# S3_PROTOCOL=http -# S3_HOSTNAME=192.168.1.123:9000 -# S3_ALIAS_HOST= +# S3_ALIAS_HOST=files.example.com -# LDAP authentication (optional) +# IP and session retention # ----------------------- LDAP_ENABLED=true LDAP_HOST=localhost @@ -105,3 +100,9 @@ LDAP_UID_CONVERSION_ENABLED=true LDAP_UID_CONVERSION_SEARCH=., - LDAP_UID_CONVERSION_REPLACE=_ LDAP_TLS_NO_VERIFY=true + +# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml +# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800). +# ----------------------- +IP_RETENTION_PERIOD=1209600 +SESSION_RETENTION_PERIOD=1209600 diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index a6999e4..0000000 --- a/conf/app.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/tootsuite/mastodon/archive/refs/tags/v4.2.8.tar.gz -SOURCE_SUM=ccecdfaab5f84cfaeb193eff2b7b795f7bdd08aa872e265dcb2625310f2c9478 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true diff --git a/conf/cron b/conf/cron index 339d3c4..02b2a6a 100644 --- a/conf/cron +++ b/conf/cron @@ -1,7 +1,7 @@ # This is a system cron file, see crontab(5) # m h dom mon dow user command -@daily __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove -@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove-orphans -@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl accounts cull -@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl statuses remove -@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl preview_cards remove +@daily __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove +@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove-orphans +@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl accounts cull +@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl statuses remove +@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl preview_cards remove diff --git a/conf/mastodon-sidekiq.service b/conf/mastodon-sidekiq.service index 25a46fb..14bd592 100644 --- a/conf/mastodon-sidekiq.service +++ b/conf/mastodon-sidekiq.service @@ -5,15 +5,17 @@ After=network.target [Service] Type=simple User=__APP__ -WorkingDirectory=__FINALPATH__/live +WorkingDirectory=__INSTALL_DIR__/live Environment="__LD_PRELOAD__" Environment="RAILS_ENV=production" Environment="DB_POOL=25" Environment="MALLOC_ARENA_MAX=2" Environment="__YNH_RUBY_LOAD_PATH__" -ExecStart=__FINALPATH__/live/bin/bundle exec sidekiq -c 25 +ExecStart=__INSTALL_DIR__/live/bin/bundle exec sidekiq -c 25 TimeoutSec=15 Restart=always +StandardOutput=append:/var/log/__APP__/__APP__-sidekiq.log +StandardError=inherit # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these @@ -21,17 +23,17 @@ Restart=always # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html NoNewPrivileges=no PrivateTmp=yes -#PrivateDevices=yes -#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK -#RestrictNamespaces=yes -#RestrictRealtime=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes DevicePolicy=closed ProtectSystem=full ProtectControlGroups=yes -#ProtectKernelModules=yes -#ProtectKernelTunables=yes -#LockPersonality=yes -#SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap # Denying access to capabilities that should not be relevant for webapps # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html diff --git a/conf/mastodon-streaming.service b/conf/mastodon-streaming.service index c88e0fa..f63945e 100644 --- a/conf/mastodon-streaming.service +++ b/conf/mastodon-streaming.service @@ -5,7 +5,7 @@ After=network.target [Service] Type=simple User=__APP__ -WorkingDirectory=__FINALPATH__/live +WorkingDirectory=__INSTALL_DIR__/live Environment="NODE_ENV=production" Environment="PORT=__PORT_STREAM__" Environment="STREAMING_CLUSTER_NUM=1" @@ -13,6 +13,8 @@ Environment="__YNH_NODE_LOAD_PATH__" ExecStart=__YNH_NODE__ ./streaming TimeoutSec=15 Restart=always +StandardOutput=append:/var/log/__APP__/__APP__-streaming.log +StandardError=inherit # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these diff --git a/conf/mastodon-web.service b/conf/mastodon-web.service index 334233b..133fc3b 100644 --- a/conf/mastodon-web.service +++ b/conf/mastodon-web.service @@ -5,15 +5,17 @@ After=network.target [Service] Type=simple User=__APP__ -WorkingDirectory=__FINALPATH__/live +WorkingDirectory=__INSTALL_DIR__/live Environment="__LD_PRELOAD__" Environment="RAILS_ENV=production" Environment="PORT=__PORT_WEB__" Environment="__YNH_RUBY_LOAD_PATH__" -ExecStart=__FINALPATH__/live/bin/bundle exec puma -C config/puma.rb +ExecStart=__INSTALL_DIR__/live/bin/bundle exec puma -C config/puma.rb ExecReload=/bin/kill -SIGUSR1 $MAINPID TimeoutSec=15 Restart=always +StandardOutput=append:/var/log/__APP__/__APP__-web.log +StandardError=inherit # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these diff --git a/conf/nginx.conf b/conf/nginx.conf index 4b1f76b..09e4a84 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,6 +1,6 @@ client_max_body_size 99m; -root __FINALPATH__/live/public; +root __INSTALL_DIR__/live/public; location / { diff --git a/doc/ADMIN.md b/doc/ADMIN.md new file mode 100644 index 0000000..6cb69e2 --- /dev/null +++ b/doc/ADMIN.md @@ -0,0 +1,63 @@ +## Administrate with tooctl + +`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` + +## Update + +**`screen` (or `tmux`) can be used to make sure your session is not interrupted in case of connection problems.** +See [tutorial](https://www.howtogeek.com/662422/how-to-use-linuxs-screen-command/) for more background information. + +```bash +screen +sudo yunohost app upgrade mastodon +``` + +## Backups + +First of all: Mastodon uses a local cache to save media (such as posted images, videos etc.). This cache can grow huge. +You could consider cleaning up your local cache first as otherwise your backup will be very big and you might run out of disk space: + +To check your space usage, on a command line run: + +```bash +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media usage +``` + +If your cache is too big to backup, you can run the following command to clean up Attachments (the first line). +Substitute X by the number of days you want to keep, e.g. 1 day. +All older images will be deleted but will be refetched from the original server if necessary. + +First dry-run to see how much space is freed up (without actually removing): + +```bash +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X --dry-run` +``` + +If all looks good commit the cleanup: + +```bash +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X` +``` + +Check [the official documentation](https://docs.joinmastodon.org/admin/tootctl/#media-remove) for more details. + +## Before your Mastodon instance deletion + +Before definitively uninstalling Mastodon, you have to run `tootctl self-destruct` to broadcast your users and instance deletion to the federation. +Otherwise your data will remain in federation cache for ever. + +⚠️ Make sure you know exactly what you are doing before running this command. +⚠️ This operation is NOT reversible, and it can take a long time. +⚠️ The server will be in a BROKEN STATE after this command finishes. +⚠️ A running Sidekiq process is required, so do not shut down the server until the queues are fully cleared. + +```bash +screen +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl self-destruct +``` + +Check [the official documentation](https://docs.joinmastodon.org/admin/tootctl/#self-destruct) for more details. + +## Known Bugs + +- Log-out from YunoHost's portal doesn't log out from Mastodon. See diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md new file mode 100644 index 0000000..91125ba --- /dev/null +++ b/doc/ADMIN_fr.md @@ -0,0 +1,63 @@ +## Administration avec tooctl + +`$ cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help` + +## Mise à jour + +**`screen` (ou `tmux`) peut être utilisé pour vous assurer que votre session n'est pas interrompue en cas de problème de connection.** +Consultez ce [tutoriel](https://www.howtogeek.com/662422/how-to-use-linuxs-screen-command/) pour plus de détails. + +```bash +screen +sudo yunohost app upgrade mastodon +``` + +## Sauvegardes + +Tout d'abord : Mastodon utilise un cache local pour sauvegarder les médias (comme les images, vidéos, etc). Ce cache peut devenir énorme. +Vous devriez réfléchir à vider votre cache local avant de faire une sauvegarde, qui pourrait être énorme et vous pourriez manquer d'espace de stockage. + +Pour vérifier l'utilisation du stockage, en ligne de commande utilisez : + +```bash +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media usage +``` + +Si le cache est trop gros pour être sauvegardé, vous pouvez lancer la commande suivante pour en supprimer les médias attachés. +Changez `X` par le nombre de cache à conserver, par ex. 1 jour. +Tous les médias plus anciens seront supprimés, mais ils pourront être rechargé du serveur d'origine si nécessaire. + +En premier faite un essai à blanc pour voir combien de place sera libérée (sans rien supprimer): + +```bash +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X --dry-run` +``` + +Si cela semble bon, effectuez le nettoyage : + +```bash +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X +``` + +Consulter [la documentation officielle]() pour plus de détails. + +## Avant la suppression de votre instance Mastodon + +Avant de désinstaller définitivement Mastodon, vous devez lancer `tootctl self-destruct` pour annoncer à la fédération la suppression de vos utilisateurs et de votre instance. +Sinon, vos données resteront dans le cache de la fédération pour toujours. + +⚠️ Assurez-vous de savoir exactement ce que vous faites avant d'exécuter cette commande. +⚠️ Cette opération n'est PAS réversible et peut prendre beaucoup de temps. +⚠️ Le serveur sera dans un ÉTAT BRISÉ après la fin de cette commande. +⚠️Un processus Sidekiq en cours d'exécution est nécessaire, donc n'arrêtez pas le serveur avant que les files d'attente ne soient complètement vidées. + +```bash +screen +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl self-destruct +``` + +Consulter [la documentation officielle]() pour plus de détails. + +## Bugs connus + +- Se déconnecter depuis le portail YunoHost ne vous déconnecte pas de Mastodon. Voir diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index 72981f6..1bea4ef 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -1 +1 @@ -Mastodon is a free, open-source microblogging social network. It is a decentralized alternative to commercial platforms like Twitter and avoids the risks of a single company monopolizing your communication for commercial purposes. \ No newline at end of file +Mastodon is a free, open-source microblogging social network. It is a decentralized alternative to commercial platforms like Twitter and avoids the risks of a single company monopolizing your communication for commercial purposes. diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md deleted file mode 100644 index e08b255..0000000 --- a/doc/DISCLAIMER.md +++ /dev/null @@ -1,40 +0,0 @@ -## Important points to read before installing - -1. **Mastodon** require a dedicated **root domain**, eg. mastodon.domain.tld -1. The user choosen during the installation is automatically created in Mastodon with admin rights -1. At the end of the installation a mail is sent to the user with the automatically generated password -1. It seems important to close the inscriptions for your Mastodon, so that it remains a private body. We invite you to block remote malicious instances from the administration interface. You can also add text on your home page. - -## Configuration - -### Install - -#### Using *screen* in case of disconnect -``` -$ sudo apt-get install screen -$ screen -$ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git -``` -Recover after disconnect: -``` -$ screen -d -$ screen -r -``` - -### Update - -#### Using *screen* highly recommended - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` - -### Administrate with tootctl - -`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` - -## YunoHost specific features - -#### Multi-users support - -LDAP authentication is activated. All YunoHost users can authenticate. - -Log-out from YunoHost's portal doesn't log out from Mastodon. See https://github.com/YunoHost/issues/issues/501 diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md deleted file mode 100644 index 09ed5c9..0000000 --- a/doc/DISCLAIMER_fr.md +++ /dev/null @@ -1,45 +0,0 @@ -## Points importants à lire avant l'installation - -1. **Mastodon** nécessite un **nom de domaine** dédié, par exemple : mastodon.domain.tld -1. L'utilisateur sélectionné pendant l'installation sera créé automatiquement dans Mastodon avec des droits d'administration. -1. À la fin de l'installation, un mail est envoyé à cet utilisateur avec un mot de passe généré automatiquement. -1. Pour que votre instance Mastodon reste privée, il est important de fermer les inscriptions. Nous vous invitons à bloquer les instances distantes indésirables depuis l'interface d'administration. Vous pouvez également ajouter un texte sur votre page d'accueil dans l'administration. - -## Captures d'écran - -![](https://framalibre.org/sites/default/files/mastodon.png) - -## Configuration - -### Installation - -#### Utilisation de *screen* en cas de déconnection -``` -$ sudo apt-get install screen -$ screen -$ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git -``` -Récupérer l'installation après une deconnection : -``` -$ screen -d -$ screen -r -``` -L'utilisateur admin est créé automatiquement comme : user@domain.tld - -### Mise à jour - -#### Utilisation de *screen* fortement recommandée - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` - -### Administration avec tootctl - -`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` - -## Caractéristiques spécifiques YunoHost - -#### Support multi-utilisateur - -L'authentification LDAP est activée. Tous les utilisateurs YunoHost peuvent s'authentifier. - -Se déconnecter depuis le portail YunoHost ne vous déconnecte pas de Mastodon. Voir https://github.com/YunoHost/issues/issues/501 diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md new file mode 100644 index 0000000..c08f99b --- /dev/null +++ b/doc/PRE_INSTALL.md @@ -0,0 +1,23 @@ +## Important points to read before installing + +- **Mastodon** require a dedicated **root domain**, eg. `domaine.tld` or `mastodon.domain.tld`, with no other apps installed on that domain. You can't change the domain once installed. +- The user choosen during the installation is automatically created in Mastodon with admin rights +- It seems important to close registrations for your Mastodon, so that it remains a private body. We invite you to block remote malicious instances from the administration interface. You can also add text on your home page. + +## Using *screen* in case of disconnect + +Mastodon can take a long time to install, depending on server performance. +To avoid the process being interrupted by a disconnection, you can use `screen`. + +```bash +sudo apt install screen +screen +sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git +``` + +Recover after disconnect: + +```bash +screen -d +screen -r +``` diff --git a/doc/PRE_INSTALL_fr.md b/doc/PRE_INSTALL_fr.md new file mode 100644 index 0000000..2a407a6 --- /dev/null +++ b/doc/PRE_INSTALL_fr.md @@ -0,0 +1,23 @@ +## Points importants à lire avant l'installation + +- **Mastodon** nécessite un **nom de domaine** dédié, par exemple : `domaine.tld` ou `mastodon.domaine.tld` sans apps installées sur ce domaine. Il est impossible de changer le nom de domaine après l'installation. +- L'utilisateur sélectionné pendant l'installation sera créé automatiquement dans Mastodon avec des droits d'administration. +- Pour que votre instance Mastodon reste privée, il est important de fermer les inscriptions. Nous vous invitons à bloquer les instances indésirables depuis l'interface d'administration. Vous pouvez également ajouter un texte sur votre page d'accueil dans l'administration. + +## Utilisation de *screen* en cas de déconnexion + +L'installation de Mastodon peut être longue, selon les performances du serveur. +Pour éviter que le processus soit interrompu par une déconnexion, on peut utiliser `screen`. + +```bash +sudo apt install screen +screen +sudo yunohost app install mastodon +``` + +Récupérer l'installation après une deconnection : + +```bash +screen -d +screen -r +``` diff --git a/manifest.json b/manifest.json deleted file mode 100644 index 8f72071..0000000 --- a/manifest.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "name": "Mastodon", - "id": "mastodon", - "packaging_format": 1, - "description": { - "en": "Libre and federated social network", - "fr": "Réseau social libre et fédéré" - }, - "version": "4.2.8~ynh1", - "url": "https://github.com/mastodon/mastodon", - "upstream": { - "license": "AGPL-3.0-or-later", - "website": "https://joinmastodon.org/", - "demo": "https://joinmastodon.org/", - "admindoc": "https://docs.joinmastodon.org/", - "code": "https://github.com/mastodon/mastodon" - }, - "license": "AGPL-3.0-or-later", - "maintainer": { - "name": "yalh76" - }, - "previous_maintainer": [ - { - "name": "cyp", - "email": "cyp@rouquin.me" - }, - { - "name": "nemsia", - "email": "nemsia@nemsia.org" - } - ], - "requirements": { - "yunohost": ">= 11.2" - }, - "multi_instance": true, - "services": [ - "nginx" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "is_public", - "type": "boolean", - "default": true - }, - { - "name": "language", - "type": "select", - "ask": { - "en": "Choose the application language", - "fr": "Choisissez la langue de l'application" - }, - "choices": [ - "en_EN", - "fr_FR" - ], - "default": "fr_FR" - }, - { - "name": "admin", - "type": "user" - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..f45a854 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,86 @@ +packaging_format = 2 + +id = "mastodon" +name = "Mastodon" +description.en = "Libre and federated social network" +description.fr = "Réseau social libre et fédéré" + +version = "4.2.8~ynh1" + +maintainers = ["Tagada"] + +[upstream] +license = "AGPL-3.0-or-later" +website = "https://joinmastodon.org/" +demo = "https://joinmastodon.org/" +admindoc = "https://docs.joinmastodon.org/" +code = "https://github.com/mastodon/mastodon" +cpe = "cpe:2.3:a:joinmastodon:mastodon" +fund = "https://joinmastodon.org/sponsors" + +[integration] +yunohost = ">= 11.2" +architectures = "all" +multi_instance = true + +ldap = true + +sso = false + +disk = "2G" +ram.build = "1G" +ram.runtime = "500M" + +[install] + [install.domain] + type = "domain" + + [install.init_main_permission] + type = "group" + default = "visitors" + + [install.language] + ask.en = "Choose the application language" + ask.fr = "Choisissez la langue de l'application" + type = "select" + choices = ["en_EN", "fr_FR"] + default = "fr_FR" + + [install.admin] + type = "user" + +[resources] + [resources.sources] + [resources.sources.main] + url = "https://github.com/tootsuite/mastodon/archive/refs/tags/v4.2.8.tar.gz" + sha256 = "ccecdfaab5f84cfaeb193eff2b7b795f7bdd08aa872e265dcb2625310f2c9478" + autoupdate.strategy = "latest_github_release" + + [resources.system_user] + allow_email = true + + [resources.install_dir] + + [resources.permissions] + main.url = "/" + + api.url = "/api" + api.allowed = "visitors" + api.auth_header = false + api.show_tile = false + api.protected = true + + [resources.ports] + web.default = 3000 + stream.default = 4000 + + [resources.apt] + packages = "imagemagick, ffmpeg, libpq-dev, libxml2-dev, libxslt1-dev, file, git, git-core, g++, libprotobuf-dev, protobuf-compiler, pkg-config, gcc, autoconf, bison, build-essential, libssl-dev, libyaml-dev, libreadline6-dev, zlib1g-dev, libncurses5-dev, libffi-dev, libgdbm6, libgdbm-dev, redis-tools, redis-server, postgresql, postgresql-contrib, libidn11-dev, libicu-dev, libjemalloc-dev, curl, apt-transport-https" + + [resources.apt.extras.yarn] + repo = "deb https://dl.yarnpkg.com/debian/ stable main" + key = "https://dl.yarnpkg.com/debian/pubkey.gpg" + packages = "yarn" + + [resources.database] + type = "postgresql" diff --git a/scripts/_common.sh b/scripts/_common.sh index d6028ea..4049d21 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,17 +4,14 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app (must be on a single line) -pkg_dependencies="imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev file git-core g++ libprotobuf-dev protobuf-compiler pkg-config gcc autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3|libgdbm6 libgdbm-dev redis-tools redis-server postgresql postgresql-contrib libidn11-dev libicu-dev libjemalloc-dev curl apt-transport-https" -build_pkg_dependencies="" - memory_needed="2560" ruby_version=3.2.2 -nodejs_version=16 +nodejs_version=20 # Workaround for Mastodon on Bullseye # See https://github.com/mastodon/mastodon/issues/15751#issuecomment-873594463 -if [ "$(lsb_release --codename --short)" = "bullseye" ]; then +if [ "$(lsb_release --codename --short)" = "bullseye" ]; +then case $YNH_ARCH in amd64) ld_preload="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so" diff --git a/scripts/backup b/scripts/backup index 96a895d..de1ba98 100644 --- a/scripts/backup +++ b/scripts/backup @@ -10,27 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -40,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE NGINX CONFIGURATION @@ -50,6 +29,12 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # SPECIFIC BACKUP +#================================================= +# BACKUP LOGROTATE +#================================================= + +ynh_backup --src_path="/etc/logrotate.d/$app" + #================================================= # BACKUP SYSTEMD #================================================= diff --git a/scripts/install b/scripts/install index d5976f7..283e9d9 100644 --- a/scripts/install +++ b/scripts/install @@ -11,120 +11,30 @@ source ynh_install_ruby__2 source ynh_add_swap source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -domain=$YNH_APP_ARG_DOMAIN -path_url="/" -is_public=$YNH_APP_ARG_IS_PUBLIC -language=$YNH_APP_ARG_LANGUAGE -admin=$YNH_APP_ARG_ADMIN - -app=$YNH_APP_INSTANCE_NAME - admin_mail=$(ynh_user_get_info --username=$admin --key=mail) +# Set `service` settings to support `yunohost app shell` command +ynh_app_setting_set --app="$app" --key=service --value="$app-web.service" #================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." --weight=1 - -final_path=/var/www/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url - -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -ynh_script_progression --message="Storing installation settings..." --weight=1 - -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=language --value=$language -ynh_app_setting_set --app=$app --key=admin --value=$admin - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." --weight=1 - -# Find an available port -port_web=$(ynh_find_port --port=3000) -ynh_app_setting_set --app=$app --key=port_web --value=$port_web - -port_stream=$(ynh_find_port --port=4000) -ynh_app_setting_set --app=$app --key=port_stream --value=$port_stream - -#================================================= -# INSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Installing dependencies..." --weight=1 - -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies -ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" - -#================================================= -# CREATE A POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Creating a PostgreSQL database..." --weight=1 - -db_name=$(ynh_sanitize_dbid --db_name="${app}_production") -db_user=$(ynh_sanitize_dbid --db_name=$app) -ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_app_setting_set --app=$app --key=db_user --value=$db_user -ynh_psql_test_if_first_run -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name -ynh_psql_execute_as_root --sql="ALTER USER $db_user CREATEDB;" -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) - +# APP "BUILD" (DEPLOYING SOURCES, VENV, COMPILING ETC) #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 -ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path/live" +ynh_setup_source --dest_dir="$install_dir/live" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chown -R $app:www-data "$install_dir" #================================================= -# NGINX CONFIGURATION +# INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=1 +ynh_script_progression --message="Installing Ruby and NodeJS..." --weight=1 -# Create a dedicated NGINX config -ynh_add_nginx_config +ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -#================================================= -# SPECIFIC SETUP #================================================= # ADD SWAP IF NEEDED #================================================= @@ -138,7 +48,8 @@ if [ $total_memory -lt $memory_needed ]; then swap_needed=$(($memory_needed - $total_memory)) fi -ynh_script_progression --message="Adding $swap_needed Mo to swap..." +ynh_script_progression --message="Adding $swap_needed Mo to swap..." --weight=1 + ynh_add_swap --size=$swap_needed #================================================= @@ -146,7 +57,7 @@ ynh_add_swap --size=$swap_needed #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -config="$final_path/live/.env.production" +config="$install_dir/live/.env.production" language="$(echo $language | head -c 2)" @@ -159,28 +70,29 @@ ynh_app_setting_set --app="$app" --key=secret_key_base --value="$secret_key_base otp_secret=$(ynh_string_random --length=128) ynh_app_setting_set --app="$app" --key=otp_secret --value="$otp_secret" +# We need rake to build vapid keys, we generate them later once the app is installed vapid_private_key="" vapid_public_key="" -ynh_add_config --template="../conf/.env.production.sample" --destination="$config" - +ynh_add_config --template=".env.production.sample" --destination="$config" chmod 400 "$config" chown $app:$app "$config" -ynh_replace_string --match_string="registrations_mode: 'open'" --replace_string="registrations_mode: 'none'" --target_file="$final_path/live/config/settings.yml" -ynh_replace_string --match_string="min_invite_role: 'admin'" --replace_string="min_invite_role: 'none'" --target_file="$final_path/live/config/settings.yml" +ynh_replace_string --match_string="registrations_mode: 'open'" --replace_string="registrations_mode: 'none'" --target_file="$install_dir/live/config/settings.yml" +ynh_replace_string --match_string="min_invite_role: 'admin'" --replace_string="min_invite_role: 'none'" --target_file="$install_dir/live/config/settings.yml" -ynh_store_file_checksum --file="$final_path/live/config/settings.yml" +ynh_store_file_checksum --file="$install_dir/live/config/settings.yml" -chmod 400 "$final_path/live/config/settings.yml" -chown $app:$app "$final_path/live/config/settings.yml" +chmod 400 "$install_dir/live/config/settings.yml" +chown $app:$app "$install_dir/live/config/settings.yml" #================================================= # BUILD APP #================================================= ynh_script_progression --message="Building app..." --weight=1 -pushd "$final_path/live" +pushd "$install_dir/live" + # Building ruby packages ynh_use_ruby ynh_gem update --system ynh_gem install bundler --no-document @@ -188,92 +100,65 @@ pushd "$final_path/live" ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle config without 'development test' ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle config set force_ruby_platform true ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle install -j$(getconf _NPROCESSORS_ONLN) + # Building assets ynh_use_nodejs - ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile + ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile --production --network-timeout 600000 echo "SAFETY_ASSURED=1">> $config - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:setup --quiet + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate --quiet ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:precompile --quiet + # Generate vapid keys ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt + # Create the first admin user ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=Owner > /dev/null - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl accounts modify "$admin" --approve popd -vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$final_path/live/key.txt") +# Re-generate config with vapid keys +vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$install_dir/live/key.txt") ynh_app_setting_set --app="$app" --key=vapid_private_key --value="$vapid_private_key" - -vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "$final_path/live/key.txt") +vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "$install_dir/live/key.txt") ynh_app_setting_set --app="$app" --key=vapid_public_key --value="$vapid_public_key" - -ynh_secure_remove --file="$final_path/live/key.txt" - +ynh_secure_remove --file="$install_dir/live/key.txt" ynh_delete_file_checksum --file="$config" - -ynh_add_config --template="../conf/.env.production.sample" --destination="$config" - +ynh_add_config --template=".env.production.sample" --destination="$config" chmod 400 "$config" chown $app:$app "$config" -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies -ynh_package_autoremove +#================================================= +# SYSTEM CONFIGURATION +#================================================= +ynh_script_progression --message="Adding system configurations related to $app..." --weight=1 -#================================================= -# SETUP SYSTEMD -#================================================= -ynh_script_progression --message="Configuring a systemd service..." --weight=1 +# Create a dedicated NGINX config using the conf/nginx.conf template +ynh_add_nginx_config # Create a dedicated systemd config ynh_add_systemd_config --service="$app-web" --template="mastodon-web.service" +yunohost service add "$app-web" --description="$app web service" + ynh_add_systemd_config --service="$app-sidekiq" --template="mastodon-sidekiq.service" +yunohost service add "$app-sidekiq" --description="$app sidekiq service" + ynh_add_systemd_config --service="$app-streaming" --template="mastodon-streaming.service" +yunohost service add "$app-streaming" --description="$app streaming service" -#================================================= -# SETUP THE CRON FILE -#================================================= -ynh_script_progression --message="Setuping the cron file..." --weight=1 +# Create a cron file +ynh_add_config --template="cron" --destination="/etc/cron.d/$app" -ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" +# Use logrotate to manage application logfile(s) +mkdir -p /var/log/$app +chown $app:$app /var/log/$app +ynh_use_logrotate #================================================= # GENERIC FINALIZATION -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - -yunohost service add "$app-web" --description="$app web service" -yunohost service add "$app-sidekiq" --description="$app sidekiq service" -yunohost service add "$app-streaming" --description="$app streaming service" - #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message="Starting all systemd services..." --weight=1 -ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd --line_match="Listening on" -ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded" -ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Streaming API now listening" - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" -fi - -ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemd_action --service_name=${app}-web --action="start" --log_path=/var/log/$app/$app-web.log --line_match="Listening on" +ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Schedules Loaded" +ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=/var/log/$app/$app-streaming.log --line_match="Streaming API now listening" #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 69fc9ec..7df4fda 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,22 +12,11 @@ source ynh_add_swap source /usr/share/yunohost/helpers #================================================= -# LOAD SETTINGS +# REMOVE SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$(ynh_app_setting_get --app=$app --key=db_user) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -#================================================= -# STANDARD REMOVE -#================================================= -# REMOVE SERVICE INTEGRATION IN YUNOHOST +# REMOVE SYSTEMD SERVICE #================================================= +ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status "$app-web" >/dev/null @@ -48,73 +37,27 @@ then yunohost service remove "$app-streaming" fi -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 - # Remove the dedicated systemd config ynh_remove_systemd_config --service="$app-web" ynh_remove_systemd_config --service="$app-sidekiq" ynh_remove_systemd_config --service="$app-streaming" -#================================================= -# REMOVE THE POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Removing the PostgreSQL database..." --weight=1 - -# Remove a database if it exists, along with the associated user -ynh_psql_remove_db --db_user=$db_user --db_name=$db_name - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." --weight=1 - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 - # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=1 - -# Remove metapackage and its dependencies -ynh_remove_ruby -ynh_remove_nodejs -ynh_remove_app_dependencies - -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE VARIOUS FILES -#================================================= -ynh_script_progression --message="Removing various files..." --weight=1 - # Remove a cron file ynh_secure_remove --file="/etc/cron.d/$app" +# Remote logrotate config +ynh_remove_logrotate + +# Remove metapackage and its dependencies +ynh_remove_ruby +ynh_remove_nodejs + # Remove swap ynh_del_swap -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." --weight=1 - -# Delete a system user -ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index a03e3ba..c843227 100644 --- a/scripts/restore +++ b/scripts/restore @@ -12,86 +12,24 @@ source ../settings/scripts/ynh_install_ruby__2 source ../settings/scripts/ynh_add_swap source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$(ynh_app_setting_get --app=$app --key=db_user) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=1 - -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " - #================================================= # STANDARD RESTORATION STEPS -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Reinstalling dependencies..." --weight=1 - -# Define and install dependencies -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies -ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # RESTORE THE POSTGRESQL DATABASE #================================================= ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1 -ynh_psql_test_if_first_run -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_execute_as_root --sql="ALTER USER $db_user CREATEDB;" ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" @@ -109,64 +47,63 @@ if [ $total_memory -lt $memory_needed ]; then fi ynh_script_progression --message="Adding $swap_needed Mo to swap..." --weight=1 + ynh_add_swap --size=$swap_needed +#================================================= +# REINSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Reinstalling Ruby and NodeJS..." --weight=1 + +ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version + #================================================= # BUILD APP #================================================= ynh_script_progression --message="Building app..." --weight=1 -pushd "$final_path/live" +pushd "$install_dir/live" ynh_use_ruby ynh_gem update --system ynh_gem install bundler --no-document ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle install --redownload -j$(getconf _NPROCESSORS_ONLN) popd -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies -ynh_package_autoremove +#================================================= +# RESTORE SYSTEM CONFIGURATIONS +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 -#================================================= -# RESTORE VARIOUS FILES -#================================================= -ynh_script_progression --message="Restoring various files..." --weight=1 - -ynh_restore_file --origin_path="/etc/cron.d/$app" - -#================================================= -# RESTORE SYSTEMD -#================================================= -ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/systemd/system/$app-web.service" ynh_restore_file --origin_path="/etc/systemd/system/$app-sidekiq.service" ynh_restore_file --origin_path="/etc/systemd/system/$app-streaming.service" systemctl enable "$app-web" "$app-sidekiq" "$app-streaming" --quiet -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - yunohost service add "$app-web" --description="$app web service" yunohost service add "$app-sidekiq" --description="$app sidekiq service" yunohost service add "$app-streaming" --description="$app streaming service" -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_restore_file --origin_path="/etc/cron.d/$app" -ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd --line_match="Listening on" -ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded" -ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Streaming API now listening" +mkdir -p /var/log/$app +chown -R $app:$app /var/log/$app +ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= # GENERIC FINALIZATION #================================================= -# RELOAD NGINX +# RELOAD NGINX AND THE APP SERVICE #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 + +ynh_systemd_action --service_name=${app}-web --action="start" --log_path=/var/log/$app/$app-web.log --line_match="Listening on" +ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Schedules Loaded" +ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=/var/log/$app/$app-streaming.log --line_match="Streaming API now listening" ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index e041939..aaafcc0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -11,209 +11,34 @@ source ynh_install_ruby__2 source ynh_add_swap source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -language=$(ynh_app_setting_get --app=$app --key=language) -admin=$(ynh_app_setting_get --app=$app --key=admin) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -redis_namespace=$(ynh_app_setting_get --app=$app --key=db_name) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$(ynh_app_setting_get --app=$app --key=db_user) -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -admin_mail=$(ynh_user_get_info --username=$admin --key='mail') -port_web=$(ynh_app_setting_get --app=$app --key=port_web) -port_stream=$(ynh_app_setting_get --app=$app --key=port_stream) - -secret_key_base=$(ynh_app_setting_get --app=$app --key=secret_key_base) -otp_secret=$(ynh_app_setting_get --app=$app --key=otp_secret) -vapid_private_key=$(ynh_app_setting_get --app=$app --key=vapid_private_key) -vapid_public_key=$(ynh_app_setting_get --app=$app --key=vapid_public_key) - -config="$final_path/live/.env.production" - -#================================================= -# CHECK VERSION -#================================================= -ynh_script_progression --message="Checking version..." --weight=1 - upgrade_type=$(ynh_check_app_version_changed) - -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors +config="$install_dir/live/.env.production" #================================================= # STANDARD UPGRADE STEPS -#================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 - -ynh_systemd_action --service_name=${app}-web --action="stop" --log_path=systemd -ynh_systemd_action --service_name=${app}-sidekiq --action="stop" --log_path=systemd -ynh_systemd_action --service_name=${app}-streaming --action="stop" --log_path=systemd - #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - -# Create a permission if needed -if ! ynh_permission_exists --permission="api"; then - ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" -fi - -# If port_web doesn't exist, create it, needed for old install -if [[ -z "$port_web" ]]; then - port_web=3000 - ynh_app_setting_set --app=$app --key=port_web --value=$port_web -fi - -# If port_web doesn't exist, create it, needed for old install -if [[ -z "$port_stream" ]]; then - port_stream=4000 - ynh_app_setting_set --app=$app --key=port_stream --value=$port_stream -fi - -# If db_user doesn't exist, create it, needed for old install -if [[ -z "$db_user" ]]; then - db_user=$(ynh_sanitize_dbid --db_name=$app) - ynh_app_setting_set --app=$app --key=db_user --value=$db_user -fi - -# If db_pwd doesn't exist, create it, needed for old install -if [[ -z "$db_pwd" ]]; then - db_pwd=$(ynh_string_random) - ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd - ynh_psql_test_if_first_run - sudo --login --user=postgres psql -c"ALTER user $app WITH PASSWORD '$db_pwd'" postgres - ynh_replace_string --match_string="DB_PASS=" --replace_string="DB_PASS=${db_pwd}" --target_file="$config" -fi - -# Remove paperclip_secret -ynh_app_setting_delete --app=$app --key=paperclip_secret - -# If secret_key_base doesn't exist, retrieve it or create it -if [[ -z "$secret_key_base" ]]; then - secret_key_base=$(grep -oP "SECRET_KEY_BASE=\K\w+" $config) - if [[ -z "$secret_key_base" ]]; then - secret_key_base=$(ynh_string_random --length=128) - fi - ynh_app_setting_set --app=$app --key=secret_key_base --value="$secret_key_base" -fi - -# If otp_secret doesn't exist, retrieve it or create it -if [[ -z "$otp_secret" ]]; then - otp_secret=$(grep -oP "OTP_SECRET=\K\w+" $config) - if [[ -z "$otp_secret" ]]; then - otp_secret=$(ynh_string_random --length=128) - fi - ynh_app_setting_set --app=$app --key=otp_secret --value="$otp_secret" -fi - -# If vapid_private_key doesn't exist, retrieve it or create it -if [[ -z "$vapid_private_key" ]]; then - vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" $config) - vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" $config) - ynh_app_setting_set "$app" vapid_private_key "$vapid_private_key" - ynh_app_setting_set "$app" vapid_public_key "$vapid_public_key" -fi - -# If redis_namespace doesn't exist, create it -if [[ -z "$redis_namespace" ]]; then - redis_namespace=${app}_production - ynh_app_setting_set --app=$app --key=redis_namespace --value=$redis_namespace +# Set `service` settings to support `yunohost app shell` command +if [[ -z "${service:-}" ]]; then + service="$app-web.service" + ynh_app_setting_set --app="$app" --key=service --value="$service" fi #Remove previous added repository ynh_remove_extra_repo #================================================= -# CREATE DEDICATED USER +# STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 +ynh_script_progression --message="Stopping a systemd service..." --weight=1 -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_systemd_action --service_name=${app}-web --action="stop" --log_path=/var/log/$app/$app-web.log --line_match="Goodbye" +ynh_systemd_action --service_name=${app}-sidekiq --action="stop" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Bye" +ynh_systemd_action --service_name=${app}-streaming --action="stop" --log_path=/var/log/$app/$app-streaming.log --line_match="exiting" -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE -#================================================= - -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Upgrading source files..." --weight=1 - - # Download Mastodon - tmpdir="$(mktemp -d)" - - mkdir $tmpdir/system - if [ -d "$final_path/live/public/system" ]; then - mv --verbose --no-target-directory --backup=numbered "$final_path/live/public/system" "$final_path/system.tmp" - fi - rsync -a "$config" "$tmpdir/." - ynh_secure_remove --file="$final_path/live" - - ynh_setup_source --dest_dir="$final_path/live" - - if [ -d "$final_path/system.tmp" ]; then - mv --verbose --no-target-directory "$final_path/system.tmp" "$final_path/live/public/system" - fi - rsync -a "$tmpdir/.env.production" "$final_path/live/." - ynh_secure_remove --file="$tmpdir" - - # Clean files which are not needed anymore - ynh_secure_remove --file="$final_path/live/config/initializers/timeout.rb" -fi - -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=1 - -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies -ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 - -# Create a dedicated NGINX config -ynh_add_nginx_config - -#================================================= -# SPECIFIC UPGRADE #================================================= # ADD SWAP IF NEEDED #================================================= @@ -231,11 +56,37 @@ ynh_script_progression --message="Adding $swap_needed Mo to swap..." ynh_add_swap --size=$swap_needed #================================================= -# BUILD APP +# UPGRADE DEPENDENCIES #================================================= -ynh_script_progression --message="Building app..." --weight=1 +ynh_script_progression --message="Upgrading Ruby and NodeJS..." --weight=1 -pushd "$final_path/live" +ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version + +#================================================= +# "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...) +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --weight=1 + + # Download Mastodon + ynh_setup_source --dest_dir="$install_dir/live" --keep="public/system/" + + chmod 750 "$install_dir" + chmod -R o-rwx "$install_dir" + chown -R $app:www-data "$install_dir" +fi + +#================================================= +# BUILD ASSETS +#================================================= +ynh_script_progression --message="Building assets..." --weight=1 + +pushd "$install_dir/live" ynh_use_ruby ynh_gem update --system ynh_gem install bundler --no-document @@ -244,16 +95,37 @@ pushd "$final_path/live" ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle config set force_ruby_platform true --quiet ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle install -j$(getconf _NPROCESSORS_ONLN) ynh_use_nodejs - ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile + ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile --production --network-timeout 600000 ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:clean ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:precompile - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl cache clear popd -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies -ynh_package_autoremove +#================================================= +# REAPPLY SYSTEM CONFIGURATIONS +#================================================= +ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1 +ynh_add_nginx_config + +# Create a dedicated systemd config +ynh_add_systemd_config --service="$app-web" --template="mastodon-web.service" +yunohost service add "$app-web" --description="$app web service" + +ynh_add_systemd_config --service="$app-sidekiq" --template="mastodon-sidekiq.service" +yunohost service add "$app-sidekiq" --description="$app sidekiq service" + +ynh_add_systemd_config --service="$app-streaming" --template="mastodon-streaming.service" +yunohost service add "$app-streaming" --description="$app streaming service" + +ynh_add_config --template="cron" --destination="/etc/cron.d/$app" + +# Use logrotate to manage app-specific logfile(s) +mkdir -p /var/log/$app +chown $app:$app /var/log/$app +ynh_use_logrotate --non-append + +#================================================= +# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...) #================================================= # UPDATE A CONFIG FILE #================================================= @@ -261,54 +133,30 @@ ynh_script_progression --message="Updating a config file..." --weight=1 language="$(echo $language | head -c 2)" -ynh_add_config --template="../conf/.env.production.sample" --destination="$config" +ynh_add_config --template=".env.production.sample" --destination="$config" chmod 400 "$config" chown $app:$app "$config" #================================================= -# SETUP SYSTEMD +# APPLY MIGRATIONS #================================================= -ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 +ynh_script_progression --message="Applying migrations..." --weight=1 -# Create a dedicated systemd config -ynh_add_systemd_config --service="$app-web" --template="mastodon-web.service" -ynh_add_systemd_config --service="$app-sidekiq" --template="mastodon-sidekiq.service" -ynh_add_systemd_config --service="$app-streaming" --template="mastodon-streaming.service" - -#================================================= -# SETUP THE CRON FILE -#================================================= -ynh_script_progression --message="Setuping the cron file..." --weight=1 - -ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" - -#================================================= -# GENERIC FINALIZATION -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - -yunohost service add "$app-web" --description="$app web service" -yunohost service add "$app-sidekiq" --description="$app sidekiq service" -yunohost service add "$app-streaming" --description="$app streaming service" +pushd "$install_dir/live" + ynh_use_ruby + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl cache clear +popd #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd --line_match="Listening on" -ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded" -ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Streaming API now listening" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemd_action --service_name=${app}-web --action="start" --log_path=/var/log/$app/$app-web.log --line_match="Listening on" +ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Schedules Loaded" +ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=/var/log/$app/$app-streaming.log --line_match="Streaming API now listening" #================================================= # END OF SCRIPT diff --git a/scripts/ynh_add_swap b/scripts/ynh_add_swap index d7ec44b..aa82c51 100644 --- a/scripts/ynh_add_swap +++ b/scripts/ynh_add_swap @@ -19,6 +19,13 @@ ynh_add_swap () { SD_CARD_CAN_SWAP=${SD_CARD_CAN_SWAP:-0} + # Can't swap inside an LXD + if [ "$(systemd-detect-virt)" == "lxc" ] + then + ynh_print_warn --message="You are inside a LXC container, swap will not be added, but that can cause troubles for the app $app. Please make sure you have more than 2.5G available RAM." + return + fi + # Swap on SD card only if it's is specified if ynh_is_main_device_a_sd_card && [ "$SD_CARD_CAN_SWAP" == "0" ] then diff --git a/scripts/ynh_install_ruby__2 b/scripts/ynh_install_ruby__2 index a2a83d0..521a182 100644 --- a/scripts/ynh_install_ruby__2 +++ b/scripts/ynh_install_ruby__2 @@ -36,7 +36,7 @@ build_pkg_dependencies="$build_pkg_dependencies $build_ruby_dependencies" # However, $PATH is duplicated into $ruby_path to outlast any manipulation of $PATH # You can use the variable `$ynh_ruby_load_path` to quickly load your Ruby version # in $PATH for an usage into a separate script. -# Exemple: $ynh_ruby_load_path $final_path/script_that_use_gem.sh` +# Exemple: $ynh_ruby_load_path $install_dir/script_that_use_gem.sh` # # # Finally, to start a Ruby service with the correct version, 2 solutions @@ -81,7 +81,7 @@ ynh_use_ruby () { ynh_ruby_load_path="PATH=$PATH" # Sets the local application-specific Ruby version - pushd $final_path + pushd $install_dir $rbenv_install_dir/bin/rbenv local $ruby_version popd } diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..c1f2069 --- /dev/null +++ b/tests.toml @@ -0,0 +1,26 @@ +test_format = 1.0 + +[default] + + # ------------ + # Tests to run + # ------------ + + exclude = ["install.multi", "install.private", "change_url"] + # The test IDs to be used in only/exclude statements are: install.root, install.subdir, install.nourl, install.multi, backup_restore, upgrade, upgrade.someCommitId change_url + + # ------------------------------- + # Default args to use for install + # ------------------------------- + + # Nothing to do here...yet + + # ------------------------------- + # Commits to test upgrade from + # ------------------------------- + + test_upgrade_from.43504e6.name = "Upgrade from 4.2.5~ynh1" + test_upgrade_from.43504e6.args.domain="domain.tld" + test_upgrade_from.43504e6.args.is_public=1 + test_upgrade_from.43504e6.args.admin="john" + test_upgrade_from.43504e6.args.language="fr_FR"