From e31df0ed77b5b051458defbd9ee5e5792437746a Mon Sep 17 00:00:00 2001 From: tituspijean Date: Thu, 23 Feb 2023 23:37:42 +0100 Subject: [PATCH 01/30] [autopatch] Upgrade auto-updater --- .github/workflows/updater.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml index fb72ba0..a56d7cb 100644 --- a/.github/workflows/updater.yml +++ b/.github/workflows/updater.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Fetch the source code - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: token: ${{ secrets.GITHUB_TOKEN }} - name: Run the updater script @@ -33,7 +33,7 @@ jobs: - name: Create Pull Request id: cpr if: ${{ env.PROCEED == 'true' }} - uses: peter-evans/create-pull-request@v3 + uses: peter-evans/create-pull-request@v4 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: Update to version ${{ env.VERSION }} From aee65e2f4d306a83c4abcb43f60ca4b84030321f Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Thu, 23 Feb 2023 22:37:45 +0000 Subject: [PATCH 02/30] Auto-update README --- README.md | 1 + README_fr.md | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 4dd8f5e..795d8e5 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ It shall NOT be edited by hand. # Mastodon for YunoHost [![Integration level](https://dash.yunohost.org/integration/mastodon.svg)](https://dash.yunohost.org/appci/app/mastodon) ![Working status](https://ci-apps.yunohost.org/ci/badges/mastodon.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/mastodon.maintain.svg) + [![Install Mastodon with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=mastodon) *[Lire ce readme en français.](./README_fr.md)* diff --git a/README_fr.md b/README_fr.md index 508e70d..9db805c 100644 --- a/README_fr.md +++ b/README_fr.md @@ -6,6 +6,7 @@ It shall NOT be edited by hand. # Mastodon pour YunoHost [![Niveau d’intégration](https://dash.yunohost.org/integration/mastodon.svg)](https://dash.yunohost.org/appci/app/mastodon) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/mastodon.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/mastodon.maintain.svg) + [![Installer Mastodon avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=mastodon) *[Read this readme in english.](./README.md)* From 5ae7e3848a2b5c09fa3657099f64167c38d1dc72 Mon Sep 17 00:00:00 2001 From: panomaki Date: Tue, 4 Apr 2023 19:55:17 +0200 Subject: [PATCH 03/30] Delete app-blurhash-bugfix.patch Fix superfluous. --- sources/patches/app-blurhash-bugfix.patch | 60 ----------------------- 1 file changed, 60 deletions(-) delete mode 100644 sources/patches/app-blurhash-bugfix.patch diff --git a/sources/patches/app-blurhash-bugfix.patch b/sources/patches/app-blurhash-bugfix.patch deleted file mode 100644 index e75702b..0000000 --- a/sources/patches/app-blurhash-bugfix.patch +++ /dev/null @@ -1,60 +0,0 @@ -diff --git a/Gemfile b/Gemfile -index 7c36bc6b8..3f691d102 100644 ---- a/Gemfile -+++ b/Gemfile -@@ -22,7 +22,8 @@ - gem 'fog-core', '<= 2.1.0' - gem 'fog-openstack', '~> 0.3', require: false - gem 'kt-paperclip', '~> 7.1' --gem 'blurhash', '~> 0.1' -+gem 'blurhash', github: 'Gargron/blurhash', ref: '870a34e01ce7d09a7bd4d700435e1764ca823246' -+ - - gem 'active_model_serializers', '~> 0.10' - gem 'addressable', '~> 2.8' - -diff --git a/Gemfile.lock b/Gemfile.lock -index 7c36bc6b8..3f691d102 100644 ---- a/Gemfile.lock -+++ b/Gemfile.lock -@@ -7,6 +7,13 @@ - hkdf (~> 0.2) - jwt (~> 2.0) - -+GIT -+ remote: https://github.com/Gargron/blurhash.git -+ revision: 870a34e01ce7d09a7bd4d700435e1764ca823246 -+ ref: 870a34e01ce7d09a7bd4d700435e1764ca823246 -+ specs: -+ blurhash (0.1.6) -+ - GEM - remote: https://rubygems.org/ - specs: -@@ -120,8 +127,6 @@ - bindata (2.4.10) - binding_of_caller (1.0.0) - debug_inspector (>= 0.0.1) -- blurhash (0.1.6) -- ffi (~> 1.14) - bootsnap (1.13.0) - msgpack (~> 1.2) - brakeman (5.3.1) -@@ -448,7 +453,7 @@ - openssl-signature_algorithm (1.2.1) - openssl (> 2.0, < 3.1) - orm_adapter (0.5.0) -- ox (2.14.11) -+ ox (2.14.13) - parallel (1.22.1) - parser (3.1.2.1) - ast (~> 2.4.1) -@@ -738,7 +743,7 @@ - aws-sdk-s3 (~> 1.114) - better_errors (~> 2.9) - binding_of_caller (~> 1.0) -- blurhash (~> 0.1) -+ blurhash! - bootsnap (~> 1.13.0) - brakeman (~> 5.3) - browser From 41cd265505e67caa7bf7da5bdeeab06ea60c1f32 Mon Sep 17 00:00:00 2001 From: panomaki Date: Tue, 4 Apr 2023 19:57:21 +0200 Subject: [PATCH 04/30] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 795d8e5..d9832d6 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Mastodon is a free, open-source microblogging social network. It is a decentralized alternative to commercial platforms like Twitter and avoids the risks of a single company monopolizing your communication for commercial purposes. -**Shipped version:** 4.0.2~ynh2 +**Shipped version:** 4.1.2~ynh1 **Demo:** https://joinmastodon.org/ From 68a543146c739fd31d200b52b2f92dc92c57060a Mon Sep 17 00:00:00 2001 From: panomaki Date: Tue, 4 Apr 2023 19:57:46 +0200 Subject: [PATCH 05/30] Update README_fr.md --- README_fr.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README_fr.md b/README_fr.md index 9db805c..30de3c7 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Mastodon est un réseau social de microblog auto-hébergé et open source. C'est une alternative décentralisée aux plates-formes commerciales comme Twitter. Mastodon évite ainsi les risques qu'une seule société monopolise votre communication à des fins commerciales. -**Version incluse :** 4.0.2~ynh2 +**Version incluse :** 4.1.2~ynh1 **Démo :** https://joinmastodon.org/ @@ -95,4 +95,4 @@ ou sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh/tree/testing --debug ``` -**Plus d’infos sur le packaging d’applications :** \ No newline at end of file +**Plus d’infos sur le packaging d’applications :** From dad53a85fdd4e9303a870d3d0ad738ab9769e225 Mon Sep 17 00:00:00 2001 From: panomaki Date: Tue, 4 Apr 2023 19:58:33 +0200 Subject: [PATCH 06/30] Update manifest.json --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 871809b..8abc517 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Libre and federated social network", "fr": "Réseau social libre et fédéré" }, - "version": "4.0.2~ynh2", + "version": "4.1.2~ynh1", "url": "https://github.com/mastodon/mastodon", "upstream": { "license": "AGPL-3.0-or-later", From a0fc18466a33387ec29c568b840d43f00c0942d5 Mon Sep 17 00:00:00 2001 From: panomaki Date: Tue, 4 Apr 2023 20:00:49 +0200 Subject: [PATCH 07/30] Update app.src --- conf/app.src | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/app.src b/conf/app.src index dbf6513..7df3b2a 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/tootsuite/mastodon/archive/refs/tags/v4.0.2.tar.gz -SOURCE_SUM=70a4d9dcd9b746f6e9ced9b567ee5ad81e530cfaccb7f471259b917c20166309 +SOURCE_URL=https://github.com/tootsuite/mastodon/archive/refs/tags/v4.1.2.tar.gz +SOURCE_SUM=12837c7b57acc11ebd24b23a270500c8917459ecdc2a841ba452296b02bcaf29 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true From f54bf9ea0112362d65fa1803d954aebf4890d08a Mon Sep 17 00:00:00 2001 From: panomaki Date: Tue, 4 Apr 2023 20:10:16 +0200 Subject: [PATCH 08/30] Update _common.sh --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 1b9fd22..8fb5cec 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -9,7 +9,7 @@ pkg_dependencies="imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev file git build_pkg_dependencies="" memory_needed="2560" -ruby_version=3.0.3 +ruby_version=3.0.6 nodejs_version=16 # Workaround for Mastodon on Bullseye From 60394c8c0044cbbed5273dd462fbf0b38820d474 Mon Sep 17 00:00:00 2001 From: panomaki Date: Wed, 12 Apr 2023 07:52:27 +0200 Subject: [PATCH 09/30] Update checked upgrade paths Changed version upgrades to latest 3.5.3 and 4.0.2 versions. --- check_process | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/check_process b/check_process index eda9f29..488396a 100644 --- a/check_process +++ b/check_process @@ -12,16 +12,10 @@ setup_private=1 setup_public=1 upgrade=1 - # 3.4.1~ynh1 - #upgrade=1 from_commit=efbdbb05350b820c6e59a7bbbf70f57cf679fff8 - # 3.4.1~ynh4 - #upgrade=1 from_commit=adec07db890dec787416e1b7c4493d24391d3500 - # 3.4.4~ynh1 - #upgrade=1 from_commit=4d413848bf444586e28f3658de0ebe36d6ebf059 - # 3.5.3~ynh1 - upgrade=1 from_commit=acdc124f76fb9724cb22acb18c45cf0c3c2e62b5 # 3.5.3~ynh3 upgrade=1 from_commit=efa2d628920edce255ff406b28a97b1dd20e3d74 + # 4.02~ynh2 + upgrade=1 from_commit=94381183ca2d14da72234b53c9a83972ffb16e54 backup_restore=1 multi_instance=0 change_url=0 From 6f94c6315a85fb3a0d304d02e55f8bedb89c6fd5 Mon Sep 17 00:00:00 2001 From: panomaki Date: Wed, 12 Apr 2023 11:13:14 +0200 Subject: [PATCH 10/30] Update check_process --- check_process | 2 -- 1 file changed, 2 deletions(-) diff --git a/check_process b/check_process index 488396a..8714241 100644 --- a/check_process +++ b/check_process @@ -12,8 +12,6 @@ setup_private=1 setup_public=1 upgrade=1 - # 3.5.3~ynh3 - upgrade=1 from_commit=efa2d628920edce255ff406b28a97b1dd20e3d74 # 4.02~ynh2 upgrade=1 from_commit=94381183ca2d14da72234b53c9a83972ffb16e54 backup_restore=1 From 21a9f171b83de4bc8cace4f41c81b28f7661deac Mon Sep 17 00:00:00 2001 From: panomaki Date: Wed, 12 Apr 2023 11:29:34 +0200 Subject: [PATCH 11/30] Update README.md --- README.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/README.md b/README.md index d9832d6..138b62e 100644 --- a/README.md +++ b/README.md @@ -57,6 +57,22 @@ $ screen -r `$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` +Upgrading from 3.5.3 to 4.1.2 directly has not been integration-tested. It is recommended to do a two-step upgrade: + +Mastodon can grow huge. You could consider cleaning up your local cache first as otherwise your backup will be very big: +'sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=0 --dry-run' +If all looks good commit the cleanup: +'sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=0' + +First upgrade to 4.0.2~ynh2: + +`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh/tree/94381183ca2d14da72234b53c9a83972ffb16e54 --debug ` + +Check your installation. If all looks well, upgrade to 4.1.2~ynh1: + +`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` + + ### Administrate with tooctl `$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` From 30f48695dae1594af4ad43a081fe5387378e70ce Mon Sep 17 00:00:00 2001 From: panomaki Date: Wed, 12 Apr 2023 11:30:43 +0200 Subject: [PATCH 12/30] Update README.md --- README.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 138b62e..fc27836 100644 --- a/README.md +++ b/README.md @@ -60,9 +60,12 @@ $ screen -r Upgrading from 3.5.3 to 4.1.2 directly has not been integration-tested. It is recommended to do a two-step upgrade: Mastodon can grow huge. You could consider cleaning up your local cache first as otherwise your backup will be very big: -'sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=0 --dry-run' + +`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=0 --dry-run` + If all looks good commit the cleanup: -'sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=0' + +`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=0 ` First upgrade to 4.0.2~ynh2: From 736ca816d7e4778e2510bce0eb74892a857df6c4 Mon Sep 17 00:00:00 2001 From: panomaki Date: Thu, 13 Apr 2023 13:23:46 +0200 Subject: [PATCH 13/30] Update README.md Added extra explanations. --- README.md | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index fc27836..0773938 100644 --- a/README.md +++ b/README.md @@ -53,19 +53,35 @@ $ screen -r ### Update -#### Using *screen* highly recommended +##### Please use screen as the upgrade process can take a long time! -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` +#### A note about backups -Upgrading from 3.5.3 to 4.1.2 directly has not been integration-tested. It is recommended to do a two-step upgrade: +First of all: Mastodon uses a local cache to save media (such as posted images, videos etc.). This cache can grow huge. +You could consider cleaning up your local cache first as otherwise your backup will be very big and you might run out of disk space: -Mastodon can grow huge. You could consider cleaning up your local cache first as otherwise your backup will be very big: +To check your space usage, on a command line run: -`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=0 --dry-run` +`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media usage` + +If your cache is too big to backup, you can run the following command to clean up Attachments (the first line). Substitute X by the number of days you want to keep, e.g. 1 day. All older images will be deleted but will be refetched from the original server if necessary. + +First dry-run to see how much space is freed up (without actually removing): + +`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X --dry-run` If all looks good commit the cleanup: -`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=0 ` +`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X ` + +##### Upgrade + +The actual upgrade can be done using the following command: + +`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` + + +Upgrading from 3.5.3 to 4.1.2 directly has not been integration-tested. It is recommended to do a two-step upgrade: First upgrade to 4.0.2~ynh2: From 28593d50084cd9b865df7648cb23d5bc636373f8 Mon Sep 17 00:00:00 2001 From: panomaki Date: Thu, 13 Apr 2023 16:45:56 +0200 Subject: [PATCH 14/30] Update README.md Extra sentence and link to screen tutorial. --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 0773938..40e405e 100644 --- a/README.md +++ b/README.md @@ -40,6 +40,10 @@ Mastodon is a free, open-source microblogging social network. It is a decentrali ### Install #### Using *screen* in case of disconnect + +Screen (or tmux) can be used to make sure your session is not interrupted in case of connection problems. +See [tutorial](https://www.howtogeek.com/662422/how-to-use-linuxs-screen-command/) for more background information. + ``` $ sudo apt-get install screen $ screen From c78db950cfa0cfbccf63bba6357d401f99db7e13 Mon Sep 17 00:00:00 2001 From: lapineige Date: Thu, 13 Apr 2023 23:19:06 +0200 Subject: [PATCH 15/30] Cleaning + v4.1 --- README_fr.md | 43 +++++++++++++++++++++++++++++++++++++------ 1 file changed, 37 insertions(+), 6 deletions(-) diff --git a/README_fr.md b/README_fr.md index 30de3c7..3d52153 100644 --- a/README_fr.md +++ b/README_fr.md @@ -36,15 +36,15 @@ Mastodon est un réseau social de microblog auto-hébergé et open source. C'est 1. À la fin de l'installation, un mail est envoyé à cet utilisateur avec un mot de passe généré automatiquement. 1. Pour que votre instance Mastodon reste privée, il est important de fermer les inscriptions. Nous vous invitons à bloquer les instances distantes indésirables depuis l'interface d'administration. Vous pouvez également ajouter un texte sur votre page d'accueil dans l'administration. -## Captures d'écran - -![](https://framalibre.org/sites/default/files/mastodon.png) - ## Configuration ### Installation #### Utilisation de *screen* en cas de déconnection + +Screen (or tmux) peut être utilisé pour vous assurer que votre session n'est pas interrompue en cas de problème de connection. +Consultez ce [tutoriel](https://www.howtogeek.com/662422/how-to-use-linuxs-screen-command/) pour plus de détails. + ``` $ sudo apt-get install screen $ screen @@ -55,11 +55,42 @@ Récupérer l'installation après une deconnection : $ screen -d $ screen -r ``` -L'utilisateur admin est créé automatiquement comme : user@domain.tld ### Mise à jour -#### Utilisation de *screen* fortement recommandée +**Utilisation de *screen* fortement recommandée** + +### Note à propos des sauvegardes + +Tout d'abord : Mastodon utilise un cache local pour sauvegarder les médias (comme les images, vidéos, etc). Ce cache peut devenir énorme. +Vous devriez réfléchir à vider votre cache local avant de faire une sauvegarde, qui pourrait être énorme et vous pourriez manquer d'espace de stockage. + +Pour vérifier l'utilisation du stockage, en ligne de commande utilisez : + +`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media usage` + +Si le cache est trop gros pour être sauvegardé, vous pouvez lancer la commande suivante pour en supprimer les médias attachés. Changez `X` par le nombre de cache à conserver, par ex. 1 jour. Tous les médias plus anciens seront supprimés, mais ils pourront être rechargé du serveur d'origine si nécessaire. + +En premier faite un essai à blanc pour voir combien de place sera libérée (sans rien supprimer): +`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X --dry-run` + +Si cela semble bon, effectuez le nettoyage : +`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X ` + +##### Upgrade + +La mise à niveau proprement dite peut être effectuée à l'aide de la commande suivante : + +`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` + + +Mettre à niveau de 3.5.3 en 4.1.2 directement n'a pas été testé automatiquement. Il est donc recommandé de la réaliser en 2 étapes : + +Mettez d'abord à niveau en 4.0.2~ynh2: + +`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh/tree/94381183ca2d14da72234b53c9a83972ffb16e54 --debug ` + +Vérifiez votre installation. Si cela semble bon, mettez à niveau en 4.1.2~ynh1: `$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` From d5acfd722de0c944ce53fc2fd91efb9474d59fef Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 14 Apr 2023 09:23:33 +0000 Subject: [PATCH 16/30] Auto-update README --- README.md | 41 +---------------------------------------- README_fr.md | 45 +++++++-------------------------------------- 2 files changed, 8 insertions(+), 78 deletions(-) diff --git a/README.md b/README.md index 40e405e..d9832d6 100644 --- a/README.md +++ b/README.md @@ -40,10 +40,6 @@ Mastodon is a free, open-source microblogging social network. It is a decentrali ### Install #### Using *screen* in case of disconnect - -Screen (or tmux) can be used to make sure your session is not interrupted in case of connection problems. -See [tutorial](https://www.howtogeek.com/662422/how-to-use-linuxs-screen-command/) for more background information. - ``` $ sudo apt-get install screen $ screen @@ -57,45 +53,10 @@ $ screen -r ### Update -##### Please use screen as the upgrade process can take a long time! - -#### A note about backups - -First of all: Mastodon uses a local cache to save media (such as posted images, videos etc.). This cache can grow huge. -You could consider cleaning up your local cache first as otherwise your backup will be very big and you might run out of disk space: - -To check your space usage, on a command line run: - -`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media usage` - -If your cache is too big to backup, you can run the following command to clean up Attachments (the first line). Substitute X by the number of days you want to keep, e.g. 1 day. All older images will be deleted but will be refetched from the original server if necessary. - -First dry-run to see how much space is freed up (without actually removing): - -`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X --dry-run` - -If all looks good commit the cleanup: - -`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X ` - -##### Upgrade - -The actual upgrade can be done using the following command: +#### Using *screen* highly recommended `$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` - -Upgrading from 3.5.3 to 4.1.2 directly has not been integration-tested. It is recommended to do a two-step upgrade: - -First upgrade to 4.0.2~ynh2: - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh/tree/94381183ca2d14da72234b53c9a83972ffb16e54 --debug ` - -Check your installation. If all looks well, upgrade to 4.1.2~ynh1: - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` - - ### Administrate with tooctl `$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` diff --git a/README_fr.md b/README_fr.md index 3d52153..98f83f1 100644 --- a/README_fr.md +++ b/README_fr.md @@ -36,15 +36,15 @@ Mastodon est un réseau social de microblog auto-hébergé et open source. C'est 1. À la fin de l'installation, un mail est envoyé à cet utilisateur avec un mot de passe généré automatiquement. 1. Pour que votre instance Mastodon reste privée, il est important de fermer les inscriptions. Nous vous invitons à bloquer les instances distantes indésirables depuis l'interface d'administration. Vous pouvez également ajouter un texte sur votre page d'accueil dans l'administration. +## Captures d'écran + +![](https://framalibre.org/sites/default/files/mastodon.png) + ## Configuration ### Installation #### Utilisation de *screen* en cas de déconnection - -Screen (or tmux) peut être utilisé pour vous assurer que votre session n'est pas interrompue en cas de problème de connection. -Consultez ce [tutoriel](https://www.howtogeek.com/662422/how-to-use-linuxs-screen-command/) pour plus de détails. - ``` $ sudo apt-get install screen $ screen @@ -55,42 +55,11 @@ Récupérer l'installation après une deconnection : $ screen -d $ screen -r ``` +L'utilisateur admin est créé automatiquement comme : user@domain.tld ### Mise à jour -**Utilisation de *screen* fortement recommandée** - -### Note à propos des sauvegardes - -Tout d'abord : Mastodon utilise un cache local pour sauvegarder les médias (comme les images, vidéos, etc). Ce cache peut devenir énorme. -Vous devriez réfléchir à vider votre cache local avant de faire une sauvegarde, qui pourrait être énorme et vous pourriez manquer d'espace de stockage. - -Pour vérifier l'utilisation du stockage, en ligne de commande utilisez : - -`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media usage` - -Si le cache est trop gros pour être sauvegardé, vous pouvez lancer la commande suivante pour en supprimer les médias attachés. Changez `X` par le nombre de cache à conserver, par ex. 1 jour. Tous les médias plus anciens seront supprimés, mais ils pourront être rechargé du serveur d'origine si nécessaire. - -En premier faite un essai à blanc pour voir combien de place sera libérée (sans rien supprimer): -`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X --dry-run` - -Si cela semble bon, effectuez le nettoyage : -`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X ` - -##### Upgrade - -La mise à niveau proprement dite peut être effectuée à l'aide de la commande suivante : - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` - - -Mettre à niveau de 3.5.3 en 4.1.2 directement n'a pas été testé automatiquement. Il est donc recommandé de la réaliser en 2 étapes : - -Mettez d'abord à niveau en 4.0.2~ynh2: - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh/tree/94381183ca2d14da72234b53c9a83972ffb16e54 --debug ` - -Vérifiez votre installation. Si cela semble bon, mettez à niveau en 4.1.2~ynh1: +#### Utilisation de *screen* fortement recommandée `$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` @@ -126,4 +95,4 @@ ou sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh/tree/testing --debug ``` -**Plus d’infos sur le packaging d’applications :** +**Plus d’infos sur le packaging d’applications :** \ No newline at end of file From ed7d1e2eaafb15c51e4eb38c16b226cd6d3bf6a2 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Thu, 6 Jul 2023 13:17:09 +0000 Subject: [PATCH 17/30] Upgrade to v4.1.3 --- conf/app.src | 4 ++-- manifest.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/conf/app.src b/conf/app.src index 7df3b2a..59c5c02 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/tootsuite/mastodon/archive/refs/tags/v4.1.2.tar.gz -SOURCE_SUM=12837c7b57acc11ebd24b23a270500c8917459ecdc2a841ba452296b02bcaf29 +SOURCE_URL=https://github.com/tootsuite/mastodon/archive/refs/tags/v4.1.3.tar.gz +SOURCE_SUM=5fd18661a990d09053673bfa8bcd880ab661109eb472a9d9f22b6d5f8dbf3e37 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index 8abc517..e088486 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Libre and federated social network", "fr": "Réseau social libre et fédéré" }, - "version": "4.1.2~ynh1", + "version": "4.1.3~ynh1", "url": "https://github.com/mastodon/mastodon", "upstream": { "license": "AGPL-3.0-or-later", From 0d25cc99ff72ace609d049612856df6305b8cb19 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Thu, 6 Jul 2023 13:17:15 +0000 Subject: [PATCH 18/30] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d9832d6..984f73f 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Mastodon is a free, open-source microblogging social network. It is a decentralized alternative to commercial platforms like Twitter and avoids the risks of a single company monopolizing your communication for commercial purposes. -**Shipped version:** 4.1.2~ynh1 +**Shipped version:** 4.1.3~ynh1 **Demo:** https://joinmastodon.org/ diff --git a/README_fr.md b/README_fr.md index 98f83f1..8547b67 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Mastodon est un réseau social de microblog auto-hébergé et open source. C'est une alternative décentralisée aux plates-formes commerciales comme Twitter. Mastodon évite ainsi les risques qu'une seule société monopolise votre communication à des fins commerciales. -**Version incluse :** 4.1.2~ynh1 +**Version incluse :** 4.1.3~ynh1 **Démo :** https://joinmastodon.org/ From d29210aa754f149e56e8dd6656eb5ebb68ff4ff1 Mon Sep 17 00:00:00 2001 From: Tagadda <36127788+Tagadda@users.noreply.github.com> Date: Fri, 7 Jul 2023 23:04:37 +0200 Subject: [PATCH 19/30] Update nginx.conf --- conf/nginx.conf | 107 +++++++++++++++++++++++++++++++++--------------- 1 file changed, 75 insertions(+), 32 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 19c2c01..6af1000 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,7 +1,5 @@ -# upload max size -client_max_body_size 100M; +client_max_body_size 99m; -# add to v1.4 assets root __FINALPATH__/live/public; location / { @@ -13,23 +11,86 @@ location / { include conf.d/yunohost_panel.conf.inc; } -location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) { - more_set_headers "Cache-Control: public, max-age=31536000, immutable"; - more_set_headers "Strict-Transport-Security: max-age=31536000"; - try_files $uri @proxy; +location ~ /sw.js { + more_set_headers "Cache-Control: public, max-age=604800, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; } -location /sw.js { - more_set_headers "Cache-Control: public, max-age=0"; - more_set_headers "Strict-Transport-Security: max-age=31536000"; - try_files $uri @proxy; +location ~ ^/assets/ { + more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; +} + +location ~ ^/avatars/ { + more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; +} + +location ~ ^/emoji/ { + more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; +} + +location ~ ^/headers/ { + more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; +} + +location ~ ^/packs/ { + more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; +} + +location ~ ^/shortcuts/ { + more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; +} + +location ~ ^/sounds/ { + more_set_headers "Cache-Control: public, max-age=2419200, must-revalidate"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + try_files $uri =404; +} + +location ~ ^/system/ { + more_set_headers "Cache-Control: public, max-age=2419200, immutable"; + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + more_set_headers "X-Content-Type-Option: nosniff"; + more_set_headers "Content-Security-Policy: default-src 'none'; form-action 'none'"; + try_files $uri =404; +} + +location ^~ /api/v1/streaming { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Proxy ""; + + proxy_pass http://127.0.0.1:__PORT_STREAM__; + proxy_buffering off; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + more_set_headers "Strict-Transport-Security: max-age=63072000; includeSubDomains"; + + tcp_nodelay on; } location @proxy { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Proxy ""; proxy_pass_header Server; @@ -38,31 +99,13 @@ location @proxy { proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + proxy_set_header Connection $connection_upgrade; - #proxy_cache CACHE; + proxy_cache CACHE; proxy_cache_valid 200 7d; proxy_cache_valid 410 24h; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; more_set_headers "X-Cached: $upstream_cache_status"; - more_set_headers "Strict-Transport-Security: max-age=31536000"; - - tcp_nodelay on; -} - -location /api/v1/streaming { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header Proxy ""; - - proxy_pass http://127.0.0.1:__PORT_STREAM__; - proxy_buffering off; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; tcp_nodelay on; } From f2e80e2a60395efdfdcac22ed5a5f8b497c2d676 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Sat, 8 Jul 2023 16:07:47 +0200 Subject: [PATCH 20/30] Upgrade to version 4.1.4 (#389) * Upgrade to v4.1.4 * Auto-update README * Update nginx.conf --------- Co-authored-by: yunohost-bot Co-authored-by: yunohost-bot Co-authored-by: Tagadda <36127788+Tagadda@users.noreply.github.com> --- README.md | 2 +- README_fr.md | 2 +- conf/app.src | 4 ++-- conf/nginx.conf | 2 +- manifest.json | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 984f73f..ffb2167 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Mastodon is a free, open-source microblogging social network. It is a decentralized alternative to commercial platforms like Twitter and avoids the risks of a single company monopolizing your communication for commercial purposes. -**Shipped version:** 4.1.3~ynh1 +**Shipped version:** 4.1.4~ynh1 **Demo:** https://joinmastodon.org/ diff --git a/README_fr.md b/README_fr.md index 8547b67..b88ff84 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Mastodon est un réseau social de microblog auto-hébergé et open source. C'est une alternative décentralisée aux plates-formes commerciales comme Twitter. Mastodon évite ainsi les risques qu'une seule société monopolise votre communication à des fins commerciales. -**Version incluse :** 4.1.3~ynh1 +**Version incluse :** 4.1.4~ynh1 **Démo :** https://joinmastodon.org/ diff --git a/conf/app.src b/conf/app.src index 59c5c02..707becd 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/tootsuite/mastodon/archive/refs/tags/v4.1.3.tar.gz -SOURCE_SUM=5fd18661a990d09053673bfa8bcd880ab661109eb472a9d9f22b6d5f8dbf3e37 +SOURCE_URL=https://github.com/tootsuite/mastodon/archive/refs/tags/v4.1.4.tar.gz +SOURCE_SUM=524bac8c4108acc07b001caf44951446cb587f9626d8e0d15ed2f5811b980aaa SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/nginx.conf b/conf/nginx.conf index 6af1000..4b1f76b 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -101,7 +101,7 @@ location @proxy { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; - proxy_cache CACHE; + #proxy_cache CACHE; proxy_cache_valid 200 7d; proxy_cache_valid 410 24h; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; diff --git a/manifest.json b/manifest.json index e088486..5d59d9e 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Libre and federated social network", "fr": "Réseau social libre et fédéré" }, - "version": "4.1.3~ynh1", + "version": "4.1.4~ynh1", "url": "https://github.com/mastodon/mastodon", "upstream": { "license": "AGPL-3.0-or-later", From 8d587025001ce0d147ea14f84b08c1cef9a1a9f0 Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Sun, 23 Jul 2023 04:49:07 +0200 Subject: [PATCH 21/30] Convert to v2 (#383) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * convert script * v2 * Auto-update README * Update documentation cc @panomaki * Bump ruby version from 3.0.6 to 3.2.2 * v2 * Auto-update README * woops * v2 * v2 * s/final_path/install_dir * Update PRE_INSTALL.md * too soon... * v2 * v2 * v2 * Update tests.toml * Update doc/PRE_INSTALL.md Co-authored-by: Alexandre Aubin * Update doc/PRE_INSTALL_fr.md Co-authored-by: Alexandre Aubin * Update tests.toml Co-authored-by: Alexandre Aubin * Update tests.toml Co-authored-by: Alexandre Aubin * Update doc/PRE_INSTALL.md Co-authored-by: Alexandre Aubin * Update doc/PRE_INSTALL_fr.md Co-authored-by: Alexandre Aubin * Apply suggestions * Update manifest.toml * Auto-update README * Update manifest.toml * Update scripts * Auto-update README * Remove SSO integration * Use new mail mechanism * cleaning * Update manifest.toml --------- Co-authored-by: yunohost-bot Co-authored-by: Alexandre Aubin Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> --- README.md | 43 ------ README_fr.md | 48 ------ check_process | 22 --- conf/.env.production.sample | 41 +++--- conf/app.src | 7 - conf/cron | 10 +- conf/mastodon-sidekiq.service | 4 +- conf/mastodon-streaming.service | 2 +- conf/mastodon-web.service | 4 +- conf/nginx.conf | 2 +- doc/ADMIN.md | 36 +++++ doc/ADMIN_fr.md | 34 +++++ doc/DISCLAIMER.md | 40 ----- doc/DISCLAIMER_fr.md | 45 ------ doc/PRE_INSTALL.md | 18 +++ doc/PRE_INSTALL_fr.md | 20 +++ manifest.json | 69 --------- manifest.toml | 86 +++++++++++ scripts/_common.sh | 7 +- scripts/backup | 23 +-- scripts/install | 199 +++++-------------------- scripts/remove | 74 +--------- scripts/restore | 122 ++++------------ scripts/upgrade | 252 ++++++++------------------------ scripts/ynh_install_ruby__2 | 4 +- sources/patches/app-sso.patch | 56 ------- tests.toml | 26 ++++ 27 files changed, 392 insertions(+), 902 deletions(-) delete mode 100644 check_process delete mode 100644 conf/app.src create mode 100644 doc/ADMIN.md create mode 100644 doc/ADMIN_fr.md delete mode 100644 doc/DISCLAIMER.md delete mode 100644 doc/DISCLAIMER_fr.md create mode 100644 doc/PRE_INSTALL.md create mode 100644 doc/PRE_INSTALL_fr.md delete mode 100644 manifest.json create mode 100644 manifest.toml delete mode 100644 sources/patches/app-sso.patch create mode 100644 tests.toml diff --git a/README.md b/README.md index ffb2167..fb27d83 100644 --- a/README.md +++ b/README.md @@ -26,49 +26,6 @@ Mastodon is a free, open-source microblogging social network. It is a decentrali ![Screenshot of Mastodon](./doc/screenshots/mastodon.png) -## Disclaimers / important information - -## Important points to read before installing - -1. **Mastodon** require a dedicated **root domain**, eg. mastodon.domain.tld -1. The user choosen during the installation is automatically created in Mastodon with admin rights -1. At the end of the installation a mail is sent to the user with the automatically generated password -1. It seems important to close the inscriptions for your Mastodon, so that it remains a private body. We invite you to block remote malicious instances from the administration interface. You can also add text on your home page. - -## Configuration - -### Install - -#### Using *screen* in case of disconnect -``` -$ sudo apt-get install screen -$ screen -$ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git -``` -Recover after disconnect: -``` -$ screen -d -$ screen -r -``` - -### Update - -#### Using *screen* highly recommended - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` - -### Administrate with tooctl - -`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` - -## YunoHost specific features - -#### Multi-users support - -LDAP authentication is activated. All YunoHost users can authenticate. - -Log-out from YunoHost's portal doesn't log out from Mastodon. See https://github.com/YunoHost/issues/issues/501 - ## Documentation and resources * Official app website: diff --git a/README_fr.md b/README_fr.md index b88ff84..49eda93 100644 --- a/README_fr.md +++ b/README_fr.md @@ -27,54 +27,6 @@ Mastodon est un réseau social de microblog auto-hébergé et open source. C'est ![Capture d’écran de Mastodon](./doc/screenshots/mastodon.png) -## Avertissements / informations importantes - -## Points importants à lire avant l'installation - -1. **Mastodon** nécessite un **nom de domaine** dédié, par exemple : mastodon.domain.tld -1. L'utilisateur sélectionné pendant l'installation sera créé automatiquement dans Mastodon avec des droits d'administration. -1. À la fin de l'installation, un mail est envoyé à cet utilisateur avec un mot de passe généré automatiquement. -1. Pour que votre instance Mastodon reste privée, il est important de fermer les inscriptions. Nous vous invitons à bloquer les instances distantes indésirables depuis l'interface d'administration. Vous pouvez également ajouter un texte sur votre page d'accueil dans l'administration. - -## Captures d'écran - -![](https://framalibre.org/sites/default/files/mastodon.png) - -## Configuration - -### Installation - -#### Utilisation de *screen* en cas de déconnection -``` -$ sudo apt-get install screen -$ screen -$ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git -``` -Récupérer l'installation après une deconnection : -``` -$ screen -d -$ screen -r -``` -L'utilisateur admin est créé automatiquement comme : user@domain.tld - -### Mise à jour - -#### Utilisation de *screen* fortement recommandée - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` - -### Administration avec tooctl - -`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` - -## Caractéristiques spécifiques YunoHost - -#### Support multi-utilisateur - -L'authentification LDAP est activée. Tous les utilisateurs YunoHost peuvent s'authentifier. - -Se déconnecter depuis le portail YunoHost ne vous déconnecte pas de Mastodon. Voir https://github.com/YunoHost/issues/issues/501 - ## Documentations et ressources * Site officiel de l’app : diff --git a/check_process b/check_process deleted file mode 100644 index 8714241..0000000 --- a/check_process +++ /dev/null @@ -1,22 +0,0 @@ -;; Test complet - ; Manifest - domain="domain.tld" - is_public=1 - admin="john" - language="fr_FR" - ; Checks - pkg_linter=1 - setup_sub_dir=0 - setup_root=1 - setup_nourl=0 - setup_private=1 - setup_public=1 - upgrade=1 - # 4.02~ynh2 - upgrade=1 from_commit=94381183ca2d14da72234b53c9a83972ffb16e54 - backup_restore=1 - multi_instance=0 - change_url=0 -;;; Options -Email=yalh@yahoo.com -Notification=all diff --git a/conf/.env.production.sample b/conf/.env.production.sample index 21cc8e5..7005b5d 100644 --- a/conf/.env.production.sample +++ b/conf/.env.production.sample @@ -30,11 +30,14 @@ DB_NAME=__DB_NAME__ DB_PASS=__DB_PWD__ DB_PORT=5432 -# ElasticSearch (optional) +# Elasticsearch (optional) # ------------------------ -# ES_ENABLED=true -# ES_HOST=es +ES_ENABLED=false +# ES_HOST=localhost # ES_PORT=9200 +# Authentication for ES (optional) +# ES_USER=elastic +# ES_PASS=password # Secrets # ------- @@ -54,17 +57,12 @@ VAPID_PUBLIC_KEY=__VAPID_PUBLIC_KEY__ # ------------ SMTP_SERVER=localhost SMTP_PORT=25 -#SMTP_LOGIN= -#SMTP_PASSWORD= -SMTP_FROM_ADDRESS=__ADMIN_MAIL__ -#SMTP_REPLY_TO= -#SMTP_DOMAIN= # defaults to LOCAL_DOMAIN -SMTP_DELIVERY_METHOD=sendmail # delivery method can also be smtp -SMTP_AUTH_METHOD=none -#SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt +SMTP_LOGIN=__APP__ +SMTP_PASSWORD=__MAIL_PWD__ +SMTP_FROM_ADDRESS=Mastodon <__APP__@__DOMAIN__> +SMTP_DELIVERY_METHOD=smtp +SMTP_AUTH_METHOD=plain SMTP_OPENSSL_VERIFY_MODE=none -#SMTP_ENABLE_STARTTLS_AUTO=true -#SMTP_TLS=true # Registrations # ------------ @@ -80,16 +78,13 @@ DEFAULT_LOCALE=__LANGUAGE__ # File storage (optional) # ----------------------- -# S3_ENABLED=true -# S3_BUCKET= +S3_ENABLED=false +# S3_BUCKET=files.example.com # AWS_ACCESS_KEY_ID= # AWS_SECRET_ACCESS_KEY= -# S3_REGION= -# S3_PROTOCOL=http -# S3_HOSTNAME=192.168.1.123:9000 -# S3_ALIAS_HOST= +# S3_ALIAS_HOST=files.example.com -# LDAP authentication (optional) +# IP and session retention # ----------------------- LDAP_ENABLED=true LDAP_HOST=localhost @@ -105,3 +100,9 @@ LDAP_UID_CONVERSION_ENABLED=true LDAP_UID_CONVERSION_SEARCH=., - LDAP_UID_CONVERSION_REPLACE=_ LDAP_TLS_NO_VERIFY=true + +# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml +# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800). +# ----------------------- +IP_RETENTION_PERIOD=1209600 +SESSION_RETENTION_PERIOD=1209600 diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index 707becd..0000000 --- a/conf/app.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/tootsuite/mastodon/archive/refs/tags/v4.1.4.tar.gz -SOURCE_SUM=524bac8c4108acc07b001caf44951446cb587f9626d8e0d15ed2f5811b980aaa -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true diff --git a/conf/cron b/conf/cron index 339d3c4..02b2a6a 100644 --- a/conf/cron +++ b/conf/cron @@ -1,7 +1,7 @@ # This is a system cron file, see crontab(5) # m h dom mon dow user command -@daily __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove -@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove-orphans -@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl accounts cull -@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl statuses remove -@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl preview_cards remove +@daily __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove +@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove-orphans +@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl accounts cull +@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl statuses remove +@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl preview_cards remove diff --git a/conf/mastodon-sidekiq.service b/conf/mastodon-sidekiq.service index 40591c0..47ae8ed 100644 --- a/conf/mastodon-sidekiq.service +++ b/conf/mastodon-sidekiq.service @@ -5,13 +5,13 @@ After=network.target [Service] Type=simple User=__APP__ -WorkingDirectory=__FINALPATH__/live +WorkingDirectory=__INSTALL_DIR__/live Environment="__LD_PRELOAD__" Environment="RAILS_ENV=production" Environment="DB_POOL=25" Environment="MALLOC_ARENA_MAX=2" Environment="__YNH_RUBY_LOAD_PATH__" -ExecStart=__FINALPATH__/live/bin/bundle exec sidekiq -c 25 +ExecStart=__INSTALL_DIR__/live/bin/bundle exec sidekiq -c 25 TimeoutSec=15 Restart=always StandardError=syslog diff --git a/conf/mastodon-streaming.service b/conf/mastodon-streaming.service index 4122b02..a5fcfa0 100644 --- a/conf/mastodon-streaming.service +++ b/conf/mastodon-streaming.service @@ -5,7 +5,7 @@ After=network.target [Service] Type=simple User=__APP__ -WorkingDirectory=__FINALPATH__/live +WorkingDirectory=__INSTALL_DIR__/live Environment="NODE_ENV=production" Environment="PORT=__PORT_STREAM__" Environment="STREAMING_CLUSTER_NUM=1" diff --git a/conf/mastodon-web.service b/conf/mastodon-web.service index 5d22974..5fc8819 100644 --- a/conf/mastodon-web.service +++ b/conf/mastodon-web.service @@ -5,12 +5,12 @@ After=network.target [Service] Type=simple User=__APP__ -WorkingDirectory=__FINALPATH__/live +WorkingDirectory=__INSTALL_DIR__/live Environment="__LD_PRELOAD__" Environment="RAILS_ENV=production" Environment="PORT=__PORT_WEB__" Environment="__YNH_RUBY_LOAD_PATH__" -ExecStart=__FINALPATH__/live/bin/bundle exec puma -C config/puma.rb +ExecStart=__INSTALL_DIR__/live/bin/bundle exec puma -C config/puma.rb ExecReload=/bin/kill -SIGUSR1 $MAINPID TimeoutSec=15 Restart=always diff --git a/conf/nginx.conf b/conf/nginx.conf index 4b1f76b..09e4a84 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,6 +1,6 @@ client_max_body_size 99m; -root __FINALPATH__/live/public; +root __INSTALL_DIR__/live/public; location / { diff --git a/doc/ADMIN.md b/doc/ADMIN.md new file mode 100644 index 0000000..e50c8af --- /dev/null +++ b/doc/ADMIN.md @@ -0,0 +1,36 @@ +## Administrate with tooctl + +`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` + +## Update + +**`screen` (or `tmux`) can be used to make sure your session is not interrupted in case of connection problems.** +See [tutorial](https://www.howtogeek.com/662422/how-to-use-linuxs-screen-command/) for more background information. + +``` +$ screen +$ sudo yunohost app upgrade mastodon +``` + +## Backups + +First of all: Mastodon uses a local cache to save media (such as posted images, videos etc.). This cache can grow huge. +You could consider cleaning up your local cache first as otherwise your backup will be very big and you might run out of disk space: + +To check your space usage, on a command line run: + +`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media usage` + +If your cache is too big to backup, you can run the following command to clean up Attachments (the first line). Substitute X by the number of days you want to keep, e.g. 1 day. All older images will be deleted but will be refetched from the original server if necessary. + +First dry-run to see how much space is freed up (without actually removing): + +`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X --dry-run` + +If all looks good commit the cleanup: + +`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X ` + +## Known Bugs + +- Log-out from YunoHost's portal doesn't log out from Mastodon. See https://github.com/YunoHost/issues/issues/501 diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md new file mode 100644 index 0000000..2d5a54c --- /dev/null +++ b/doc/ADMIN_fr.md @@ -0,0 +1,34 @@ +## Administration avec tooctl + +`$ cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help` + +## Mise à jour + +**`screen` (ou `tmux`) peut être utilisé pour vous assurer que votre session n'est pas interrompue en cas de problème de connection.** +Consultez ce [tutoriel](https://www.howtogeek.com/662422/how-to-use-linuxs-screen-command/) pour plus de détails. + +``` +$ screen +$ sudo yunohost app upgrade mastodon +``` + +## Sauvegardes + +Tout d'abord : Mastodon utilise un cache local pour sauvegarder les médias (comme les images, vidéos, etc). Ce cache peut devenir énorme. +Vous devriez réfléchir à vider votre cache local avant de faire une sauvegarde, qui pourrait être énorme et vous pourriez manquer d'espace de stockage. + +Pour vérifier l'utilisation du stockage, en ligne de commande utilisez : + +`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media usage` + +Si le cache est trop gros pour être sauvegardé, vous pouvez lancer la commande suivante pour en supprimer les médias attachés. Changez `X` par le nombre de cache à conserver, par ex. 1 jour. Tous les médias plus anciens seront supprimés, mais ils pourront être rechargé du serveur d'origine si nécessaire. + +En premier faite un essai à blanc pour voir combien de place sera libérée (sans rien supprimer): +`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X --dry-run` + +Si cela semble bon, effectuez le nettoyage : +`$ sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X ` + +## Bugs connus + +- Se déconnecter depuis le portail YunoHost ne vous déconnecte pas de Mastodon. Voir https://github.com/YunoHost/issues/issues/501 diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md deleted file mode 100644 index 959c15d..0000000 --- a/doc/DISCLAIMER.md +++ /dev/null @@ -1,40 +0,0 @@ -## Important points to read before installing - -1. **Mastodon** require a dedicated **root domain**, eg. mastodon.domain.tld -1. The user choosen during the installation is automatically created in Mastodon with admin rights -1. At the end of the installation a mail is sent to the user with the automatically generated password -1. It seems important to close the inscriptions for your Mastodon, so that it remains a private body. We invite you to block remote malicious instances from the administration interface. You can also add text on your home page. - -## Configuration - -### Install - -#### Using *screen* in case of disconnect -``` -$ sudo apt-get install screen -$ screen -$ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git -``` -Recover after disconnect: -``` -$ screen -d -$ screen -r -``` - -### Update - -#### Using *screen* highly recommended - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` - -### Administrate with tooctl - -`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` - -## YunoHost specific features - -#### Multi-users support - -LDAP authentication is activated. All YunoHost users can authenticate. - -Log-out from YunoHost's portal doesn't log out from Mastodon. See https://github.com/YunoHost/issues/issues/501 diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md deleted file mode 100644 index a7b81ce..0000000 --- a/doc/DISCLAIMER_fr.md +++ /dev/null @@ -1,45 +0,0 @@ -## Points importants à lire avant l'installation - -1. **Mastodon** nécessite un **nom de domaine** dédié, par exemple : mastodon.domain.tld -1. L'utilisateur sélectionné pendant l'installation sera créé automatiquement dans Mastodon avec des droits d'administration. -1. À la fin de l'installation, un mail est envoyé à cet utilisateur avec un mot de passe généré automatiquement. -1. Pour que votre instance Mastodon reste privée, il est important de fermer les inscriptions. Nous vous invitons à bloquer les instances distantes indésirables depuis l'interface d'administration. Vous pouvez également ajouter un texte sur votre page d'accueil dans l'administration. - -## Captures d'écran - -![](https://framalibre.org/sites/default/files/mastodon.png) - -## Configuration - -### Installation - -#### Utilisation de *screen* en cas de déconnection -``` -$ sudo apt-get install screen -$ screen -$ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git -``` -Récupérer l'installation après une deconnection : -``` -$ screen -d -$ screen -r -``` -L'utilisateur admin est créé automatiquement comme : user@domain.tld - -### Mise à jour - -#### Utilisation de *screen* fortement recommandée - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` - -### Administration avec tooctl - -`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` - -## Caractéristiques spécifiques YunoHost - -#### Support multi-utilisateur - -L'authentification LDAP est activée. Tous les utilisateurs YunoHost peuvent s'authentifier. - -Se déconnecter depuis le portail YunoHost ne vous déconnecte pas de Mastodon. Voir https://github.com/YunoHost/issues/issues/501 diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md new file mode 100644 index 0000000..cc1b424 --- /dev/null +++ b/doc/PRE_INSTALL.md @@ -0,0 +1,18 @@ +## Important points to read before installing + +- **Mastodon** require a dedicated **root domain**, eg. `domaine.tld` or `mastodon.domain.tld`, with no other apps installed on that domain. You can't change the domain once installed. +- The user choosen during the installation is automatically created in Mastodon with admin rights +- It seems important to close the inscriptions for your Mastodon, so that it remains a private body. We invite you to block remote malicious instances from the administration interface. You can also add text on your home page. + +## Using *screen* in case of disconnect + +``` +$ sudo apt install screen +$ screen +$ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git +``` +Recover after disconnect: +``` +$ screen -d +$ screen -r +``` diff --git a/doc/PRE_INSTALL_fr.md b/doc/PRE_INSTALL_fr.md new file mode 100644 index 0000000..3569013 --- /dev/null +++ b/doc/PRE_INSTALL_fr.md @@ -0,0 +1,20 @@ +## Points importants à lire avant l'installation + +- **Mastodon** nécessite un **nom de domaine** dédié, par exemple : `domaine.tld` ou `mastodon.domaine.tld` sans apps installées sur ce domaine. Il est impossible de changer le nom de domaine après l'installation. +- L'utilisateur sélectionné pendant l'installation sera créé automatiquement dans Mastodon avec des droits d'administration. +- Pour que votre instance Mastodon reste privée, il est important de fermer les inscriptions. Nous vous invitons à bloquer les instances indésirables depuis l'interface d'administration. Vous pouvez également ajouter un texte sur votre page d'accueil dans l'administration. + +## Utilisation de *screen* en cas de déconnexion + +L'installation de Mastodon peut être longue, selon les performances du serveur. Pour éviter que le processus soit interrompu par une déconnexion, on peut utiliser `screen`. + +``` +$ sudo apt install screen +$ screen +$ sudo yunohost app install mastodon +``` +Récupérer l'installation après une deconnection : +``` +$ screen -d +$ screen -r +``` diff --git a/manifest.json b/manifest.json deleted file mode 100644 index 5d59d9e..0000000 --- a/manifest.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "name": "Mastodon", - "id": "mastodon", - "packaging_format": 1, - "description": { - "en": "Libre and federated social network", - "fr": "Réseau social libre et fédéré" - }, - "version": "4.1.4~ynh1", - "url": "https://github.com/mastodon/mastodon", - "upstream": { - "license": "AGPL-3.0-or-later", - "website": "https://joinmastodon.org/", - "demo": "https://joinmastodon.org/", - "admindoc": "https://docs.joinmastodon.org/", - "code": "https://github.com/mastodon/mastodon" - }, - "license": "AGPL-3.0-or-later", - "maintainer": { - "name": "yalh76" - }, - "previous_maintainer": [ - { - "name": "cyp", - "email": "cyp@rouquin.me" - }, - { - "name": "nemsia", - "email": "nemsia@nemsia.org" - } - ], - "requirements": { - "yunohost": ">= 4.3.0" - }, - "multi_instance": true, - "services": [ - "nginx" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "is_public", - "type": "boolean", - "default": true - }, - { - "name": "language", - "type": "string", - "ask": { - "en": "Choose the application language", - "fr": "Choisissez la langue de l'application" - }, - "choices": [ - "en_EN", - "fr_FR" - ], - "default": "fr_FR" - }, - { - "name": "admin", - "type": "user" - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..b4031fd --- /dev/null +++ b/manifest.toml @@ -0,0 +1,86 @@ +packaging_format = 2 + +id = "mastodon" +name = "Mastodon" +description.en = "Libre and federated social network" +description.fr = "Réseau social libre et fédéré" + +version = "4.1.4~ynh1" + +maintainers = ["yalh76"] + +[upstream] +license = "AGPL-3.0-or-later" +website = "https://joinmastodon.org/" +demo = "https://joinmastodon.org/" +admindoc = "https://docs.joinmastodon.org/" +code = "https://github.com/mastodon/mastodon" +cpe = " cpe:2.3:a:joinmastodon:mastodon" +fund = "https://joinmastodon.org/sponsors" + +[integration] +yunohost = ">= 11.2" +architectures = "all" +multi_instance = true +ldap = true +sso = false +disk = "2G" +ram.build = "1G" +ram.runtime = "500M" + +[install] + [install.domain] + # this is a generic question - ask strings are automatically handled by Yunohost's core + type = "domain" + full_domain = true + + [install.init_main_permission] + type = "group" + default = "visitors" + + [install.language] + ask.en = "Choose the application language" + ask.fr = "Choisissez la langue de l'application" + type = "string" + choices = ["en_EN", "fr_FR"] + default = "fr_FR" + + [install.admin] + # this is a generic question - ask strings are automatically handled by Yunohost's core + type = "user" + +[resources] + [resources.sources] + [resources.sources.main] + url = "https://github.com/tootsuite/mastodon/archive/refs/tags/v4.1.4.tar.gz" + sha256 = "524bac8c4108acc07b001caf44951446cb587f9626d8e0d15ed2f5811b980aaa" + autoupdate.strategy = "latest_github_release" + + [resources.system_user] + allow_email = true + + [resources.install_dir] + + [resources.permissions] + main.url = "/" + + api.url = "/api" + api.allowed = "visitors" + api.auth_header = false + api.show_tile = false + api.protected = true + + [resources.ports] + web.default = 3000 + stream.default = 4000 + + [resources.apt] + packages = "imagemagick, ffmpeg, libpq-dev, libxml2-dev, libxslt1-dev, file, git-core, g++, libprotobuf-dev, protobuf-compiler, pkg-config, gcc, autoconf, bison, build-essential, libssl-dev, libyaml-dev, libreadline6-dev, zlib1g-dev, libncurses5-dev, libffi-dev, libgdbm6, libgdbm-dev, redis-tools, redis-server, postgresql, postgresql-contrib, libidn11-dev, libicu-dev, libjemalloc-dev, curl, apt-transport-https" + + [resources.apt.extras.yarn] + repo = "deb https://dl.yarnpkg.com/debian/ stable main" + key = "https://dl.yarnpkg.com/debian/pubkey.gpg" + packages = "yarn" + + [resources.database] + type = "postgresql" diff --git a/scripts/_common.sh b/scripts/_common.sh index 8fb5cec..8f10c6b 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,17 +4,14 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app (must be on a single line) -pkg_dependencies="imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev file git-core g++ libprotobuf-dev protobuf-compiler pkg-config gcc autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3|libgdbm6 libgdbm-dev redis-tools redis-server postgresql postgresql-contrib libidn11-dev libicu-dev libjemalloc-dev curl apt-transport-https" -build_pkg_dependencies="" - memory_needed="2560" ruby_version=3.0.6 nodejs_version=16 # Workaround for Mastodon on Bullseye # See https://github.com/mastodon/mastodon/issues/15751#issuecomment-873594463 -if [ "$(lsb_release --codename --short)" = "bullseye" ]; then +if [ "$(lsb_release --codename --short)" = "bullseye" ]; +then case $YNH_ARCH in amd64) ld_preload="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so" diff --git a/scripts/backup b/scripts/backup index 96a895d..7df8f50 100644 --- a/scripts/backup +++ b/scripts/backup @@ -10,27 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -40,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/install b/scripts/install index 6df1759..05dc9e2 100644 --- a/scripts/install +++ b/scripts/install @@ -11,120 +11,28 @@ source ynh_install_ruby__2 source ynh_add_swap source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -domain=$YNH_APP_ARG_DOMAIN -path_url="/" -is_public=$YNH_APP_ARG_IS_PUBLIC -language=$YNH_APP_ARG_LANGUAGE -admin=$YNH_APP_ARG_ADMIN - -app=$YNH_APP_INSTANCE_NAME - admin_mail=$(ynh_user_get_info --username=$admin --key=mail) #================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." --weight=1 - -final_path=/var/www/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url - -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -ynh_script_progression --message="Storing installation settings..." --weight=1 - -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=language --value=$language -ynh_app_setting_set --app=$app --key=admin --value=$admin - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." --weight=1 - -# Find an available port -port_web=$(ynh_find_port --port=3000) -ynh_app_setting_set --app=$app --key=port_web --value=$port_web - -port_stream=$(ynh_find_port --port=4000) -ynh_app_setting_set --app=$app --key=port_stream --value=$port_stream - -#================================================= -# INSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Installing dependencies..." --weight=1 - -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies -ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" - -#================================================= -# CREATE A POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Creating a PostgreSQL database..." --weight=1 - -db_name=$(ynh_sanitize_dbid --db_name="${app}_production") -db_user=$(ynh_sanitize_dbid --db_name=$app) -ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_app_setting_set --app=$app --key=db_user --value=$db_user -ynh_psql_test_if_first_run -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name -ynh_psql_execute_as_root --sql="ALTER USER $db_user CREATEDB;" -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) - +# APP "BUILD" (DEPLOYING SOURCES, VENV, COMPILING ETC) #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 -ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path/live" +ynh_setup_source --dest_dir="$install_dir/live" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chown -R $app:www-data "$install_dir" #================================================= -# NGINX CONFIGURATION +# INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=1 +ynh_script_progression --message="Installing Ruby and NodeJS..." --weight=1 -# Create a dedicated NGINX config -ynh_add_nginx_config +ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -#================================================= -# SPECIFIC SETUP #================================================= # ADD SWAP IF NEEDED #================================================= @@ -146,7 +54,7 @@ ynh_add_swap --size=$swap_needed #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -config="$final_path/live/.env.production" +config="$install_dir/live/.env.production" language="$(echo $language | head -c 2)" @@ -159,28 +67,29 @@ ynh_app_setting_set --app="$app" --key=secret_key_base --value="$secret_key_base otp_secret=$(ynh_string_random --length=128) ynh_app_setting_set --app="$app" --key=otp_secret --value="$otp_secret" +# We need rake to build vapid keys, we generate them later once the app is installed vapid_private_key="" vapid_public_key="" ynh_add_config --template="../conf/.env.production.sample" --destination="$config" - chmod 400 "$config" chown $app:$app "$config" -ynh_replace_string --match_string="registrations_mode: 'open'" --replace_string="registrations_mode: 'none'" --target_file="$final_path/live/config/settings.yml" -ynh_replace_string --match_string="min_invite_role: 'admin'" --replace_string="min_invite_role: 'none'" --target_file="$final_path/live/config/settings.yml" +ynh_replace_string --match_string="registrations_mode: 'open'" --replace_string="registrations_mode: 'none'" --target_file="$install_dir/live/config/settings.yml" +ynh_replace_string --match_string="min_invite_role: 'admin'" --replace_string="min_invite_role: 'none'" --target_file="$install_dir/live/config/settings.yml" -ynh_store_file_checksum --file="$final_path/live/config/settings.yml" +ynh_store_file_checksum --file="$install_dir/live/config/settings.yml" -chmod 400 "$final_path/live/config/settings.yml" -chown $app:$app "$final_path/live/config/settings.yml" +chmod 400 "$install_dir/live/config/settings.yml" +chown $app:$app "$install_dir/live/config/settings.yml" #================================================= # BUILD APP #================================================= ynh_script_progression --message="Building app..." --weight=1 -pushd "$final_path/live" +pushd "$install_dir/live" + # Building ruby packages ynh_use_ruby ynh_gem update --system ynh_gem install bundler --no-document @@ -188,93 +97,61 @@ pushd "$final_path/live" ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle config without 'development test' ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle config set force_ruby_platform true ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle install -j$(getconf _NPROCESSORS_ONLN) + # Building assets ynh_use_nodejs ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile echo "SAFETY_ASSURED=1">> $config - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:setup --quiet + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate --quiet ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:precompile --quiet + # Generate vapid keys ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=Admin > /dev/null - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl accounts modify "$admin" --approve + # Create the first admin user + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=Owner > /dev/null popd -vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$final_path/live/key.txt") +# Re-generate config with vapid keys +vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$install_dir/live/key.txt") ynh_app_setting_set --app="$app" --key=vapid_private_key --value="$vapid_private_key" - -vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "$final_path/live/key.txt") +vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "$install_dir/live/key.txt") ynh_app_setting_set --app="$app" --key=vapid_public_key --value="$vapid_public_key" - -ynh_secure_remove --file="$final_path/live/key.txt" - +ynh_secure_remove --file="$install_dir/live/key.txt" ynh_delete_file_checksum --file="$config" - ynh_add_config --template="../conf/.env.production.sample" --destination="$config" - chmod 400 "$config" chown $app:$app "$config" -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies -ynh_package_autoremove +#================================================= +# SYSTEM CONFIGURATION +#================================================= +ynh_script_progression --message="Adding system configurations related to $app..." --weight=1 -#================================================= -# SETUP SYSTEMD -#================================================= -ynh_script_progression --message="Configuring a systemd service..." --weight=1 +# Create a dedicated NGINX config using the conf/nginx.conf template +ynh_add_nginx_config # Create a dedicated systemd config ynh_add_systemd_config --service="$app-web" --template="mastodon-web.service" +yunohost service add "$app-web" --description="$app web service" + ynh_add_systemd_config --service="$app-sidekiq" --template="mastodon-sidekiq.service" +yunohost service add "$app-sidekiq" --description="$app sidekiq service" + ynh_add_systemd_config --service="$app-streaming" --template="mastodon-streaming.service" +yunohost service add "$app-streaming" --description="$app streaming service" -#================================================= -# SETUP THE CRON FILE -#================================================= -ynh_script_progression --message="Setuping the cron file..." --weight=1 - +# Create a cron file ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" #================================================= # GENERIC FINALIZATION -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - -yunohost service add "$app-web" --description="$app web service" -yunohost service add "$app-sidekiq" --description="$app sidekiq service" -yunohost service add "$app-streaming" --description="$app streaming service" - #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message="Starting all systemd services..." --weight=1 ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd --line_match="Listening on" ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded" ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Worker 1 now listening" -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" -fi - -ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index 69fc9ec..800687d 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,22 +12,11 @@ source ynh_add_swap source /usr/share/yunohost/helpers #================================================= -# LOAD SETTINGS +# REMOVE SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$(ynh_app_setting_get --app=$app --key=db_user) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -#================================================= -# STANDARD REMOVE -#================================================= -# REMOVE SERVICE INTEGRATION IN YUNOHOST +# REMOVE SYSTEMD SERVICE #================================================= +ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status "$app-web" >/dev/null @@ -48,73 +37,24 @@ then yunohost service remove "$app-streaming" fi -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 - # Remove the dedicated systemd config ynh_remove_systemd_config --service="$app-web" ynh_remove_systemd_config --service="$app-sidekiq" ynh_remove_systemd_config --service="$app-streaming" -#================================================= -# REMOVE THE POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Removing the PostgreSQL database..." --weight=1 - -# Remove a database if it exists, along with the associated user -ynh_psql_remove_db --db_user=$db_user --db_name=$db_name - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." --weight=1 - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 - # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=1 - -# Remove metapackage and its dependencies -ynh_remove_ruby -ynh_remove_nodejs -ynh_remove_app_dependencies - -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE VARIOUS FILES -#================================================= -ynh_script_progression --message="Removing various files..." --weight=1 - # Remove a cron file ynh_secure_remove --file="/etc/cron.d/$app" +# Remove metapackage and its dependencies +ynh_remove_ruby +ynh_remove_nodejs + # Remove swap ynh_del_swap -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." --weight=1 - -# Delete a system user -ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index be0e019..f4703a6 100644 --- a/scripts/restore +++ b/scripts/restore @@ -12,86 +12,24 @@ source ../settings/scripts/ynh_install_ruby__2 source ../settings/scripts/ynh_add_swap source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$(ynh_app_setting_get --app=$app --key=db_user) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=1 - -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " - #================================================= # STANDARD RESTORATION STEPS -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Reinstalling dependencies..." --weight=1 - -# Define and install dependencies -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies -ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # RESTORE THE POSTGRESQL DATABASE #================================================= ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1 -ynh_psql_test_if_first_run -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_execute_as_root --sql="ALTER USER $db_user CREATEDB;" ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" @@ -111,62 +49,56 @@ fi ynh_script_progression --message="Adding $swap_needed Mo to swap..." --weight=1 ynh_add_swap --size=$swap_needed +#================================================= +# REINSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Reinstalling Ruby and NodeJS..." --weight=1 + +ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version + #================================================= # BUILD APP #================================================= ynh_script_progression --message="Building app..." --weight=1 -pushd "$final_path/live" +pushd "$install_dir/live" ynh_use_ruby ynh_gem update --system ynh_gem install bundler --no-document ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle install --redownload -j$(getconf _NPROCESSORS_ONLN) popd -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies -ynh_package_autoremove +#================================================= +# RESTORE SYSTEM CONFIGURATIONS +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 -#================================================= -# RESTORE VARIOUS FILES -#================================================= -ynh_script_progression --message="Restoring various files..." --weight=1 - -ynh_restore_file --origin_path="/etc/cron.d/$app" - -#================================================= -# RESTORE SYSTEMD -#================================================= -ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/systemd/system/$app-web.service" ynh_restore_file --origin_path="/etc/systemd/system/$app-sidekiq.service" ynh_restore_file --origin_path="/etc/systemd/system/$app-streaming.service" systemctl enable "$app-web" "$app-sidekiq" "$app-streaming" --quiet -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - yunohost service add "$app-web" --description="$app web service" yunohost service add "$app-sidekiq" --description="$app sidekiq service" yunohost service add "$app-streaming" --description="$app streaming service" -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 - -ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd --line_match="Listening on" -ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded" -ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Worker 1 now listening" +ynh_restore_file --origin_path="/etc/cron.d/$app" #================================================= # GENERIC FINALIZATION #================================================= -# RELOAD NGINX +# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 + +ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd --line_match="Listening on" +ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded" +ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Worker 1 now listening" ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index 9be5f2f..6693941 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -11,109 +11,18 @@ source ynh_install_ruby__2 source ynh_add_swap source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -language=$(ynh_app_setting_get --app=$app --key=language) -admin=$(ynh_app_setting_get --app=$app --key=admin) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -redis_namespace=$(ynh_app_setting_get --app=$app --key=db_name) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$(ynh_app_setting_get --app=$app --key=db_user) -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -admin_mail=$(ynh_user_get_info --username=$admin --key='mail') -port_web=$(ynh_app_setting_get --app=$app --key=port_web) -port_stream=$(ynh_app_setting_get --app=$app --key=port_stream) - -secret_key_base=$(ynh_app_setting_get --app=$app --key=secret_key_base) -otp_secret=$(ynh_app_setting_get --app=$app --key=otp_secret) -vapid_private_key=$(ynh_app_setting_get --app=$app --key=vapid_private_key) -vapid_public_key=$(ynh_app_setting_get --app=$app --key=vapid_public_key) - -config="$final_path/live/.env.production" - -#================================================= -# CHECK VERSION -#================================================= -ynh_script_progression --message="Checking version..." --weight=1 - upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors +admin_mail=$(ynh_user_get_info --username=$admin --key='mail') +config="$install_dir/live/.env.production" #================================================= # STANDARD UPGRADE STEPS -#================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 - -ynh_systemd_action --service_name=${app}-web --action="stop" --log_path=systemd --line_match="Stopped" -ynh_systemd_action --service_name=${app}-sidekiq --action="stop" --log_path=systemd --line_match="Stopped" -ynh_systemd_action --service_name=${app}-streaming --action="stop" --log_path=systemd --line_match="Stopped" - #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - -# Create a permission if needed -if ! ynh_permission_exists --permission="api"; then - ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" -fi - -# If port_web doesn't exist, create it, needed for old install -if [[ -z "$port_web" ]]; then - port_web=3000 - ynh_app_setting_set --app=$app --key=port_web --value=$port_web -fi - -# If port_web doesn't exist, create it, needed for old install -if [[ -z "$port_stream" ]]; then - port_stream=4000 - ynh_app_setting_set --app=$app --key=port_stream --value=$port_stream -fi - -# If db_user doesn't exist, create it, needed for old install -if [[ -z "$db_user" ]]; then - db_user=$(ynh_sanitize_dbid --db_name=$app) - ynh_app_setting_set --app=$app --key=db_user --value=$db_user -fi - -# If db_pwd doesn't exist, create it, needed for old install -if [[ -z "$db_pwd" ]]; then - db_pwd=$(ynh_string_random) - ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd - ynh_psql_test_if_first_run - sudo --login --user=postgres psql -c"ALTER user $app WITH PASSWORD '$db_pwd'" postgres - ynh_replace_string --match_string="DB_PASS=" --replace_string="DB_PASS=${db_pwd}" --target_file="$config" -fi - # Remove paperclip_secret ynh_app_setting_delete --app=$app --key=paperclip_secret @@ -153,67 +62,14 @@ fi ynh_remove_extra_repo #================================================= -# CREATE DEDICATED USER +# STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 +ynh_script_progression --message="Stopping a systemd service..." --weight=1 -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_systemd_action --service_name=${app}-web --action="stop" --log_path=systemd --line_match="Stopped" +ynh_systemd_action --service_name=${app}-sidekiq --action="stop" --log_path=systemd --line_match="Stopped" +ynh_systemd_action --service_name=${app}-streaming --action="stop" --log_path=systemd --line_match="Stopped" -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE -#================================================= - -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Upgrading source files..." --weight=1 - - # Download Mastodon - tmpdir="$(mktemp -d)" - - mkdir $tmpdir/system - if [ -d "$final_path/live/public/system" ]; then - mv --verbose --no-target-directory --backup=numbered "$final_path/live/public/system" "$final_path/system.tmp" - fi - rsync -a "$config" "$tmpdir/." - ynh_secure_remove --file="$final_path/live" - - ynh_setup_source --dest_dir="$final_path/live" - - if [ -d "$final_path/system.tmp" ]; then - mv --verbose --no-target-directory "$final_path/system.tmp" "$final_path/live/public/system" - fi - rsync -a "$tmpdir/.env.production" "$final_path/live/." - ynh_secure_remove --file="$tmpdir" - - # Clean files which are not needed anymore - ynh_secure_remove --file="$final_path/live/config/initializers/timeout.rb" -fi - -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=1 - -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies -ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 - -# Create a dedicated NGINX config -ynh_add_nginx_config - -#================================================= -# SPECIFIC UPGRADE #================================================= # ADD SWAP IF NEEDED #================================================= @@ -231,11 +87,37 @@ ynh_script_progression --message="Adding $swap_needed Mo to swap..." ynh_add_swap --size=$swap_needed #================================================= -# BUILD APP +# UPGRADE DEPENDENCIES #================================================= -ynh_script_progression --message="Building app..." --weight=1 +ynh_script_progression --message="Upgrading Ruby and NodeJS..." --weight=1 -pushd "$final_path/live" +ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version + +#================================================= +# "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...) +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --weight=1 + + # Download Mastodon + ynh_setup_source --dest_dir="$install_dir/live" --keep="public/system/" + + chmod 750 "$install_dir" + chmod -R o-rwx "$install_dir" + chown -R $app:www-data "$install_dir" +fi + +#================================================= +# BUILD ASSETS +#================================================= +ynh_script_progression --message="Building assets..." --weight=1 + +pushd "$install_dir/live" ynh_use_ruby ynh_gem update --system ynh_gem install bundler --no-document @@ -247,13 +129,29 @@ pushd "$final_path/live" ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:clean ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:precompile - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl cache clear popd -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies -ynh_package_autoremove +#================================================= +# REAPPLY SYSTEM CONFIGURATIONS +#================================================= +ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1 +ynh_add_nginx_config + +# Create a dedicated systemd config +ynh_add_systemd_config --service="$app-web" --template="mastodon-web.service" +yunohost service add "$app-web" --description="$app web service" + +ynh_add_systemd_config --service="$app-sidekiq" --template="mastodon-sidekiq.service" +yunohost service add "$app-sidekiq" --description="$app sidekiq service" + +ynh_add_systemd_config --service="$app-streaming" --template="mastodon-streaming.service" +yunohost service add "$app-streaming" --description="$app streaming service" + +ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" + +#================================================= +# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...) #================================================= # UPDATE A CONFIG FILE #================================================= @@ -267,32 +165,15 @@ chmod 400 "$config" chown $app:$app "$config" #================================================= -# SETUP SYSTEMD +# APPLY MIGRATIONS #================================================= -ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 +ynh_script_progression --message="Applying migrations..." --weight=1 -# Create a dedicated systemd config -ynh_add_systemd_config --service="$app-web" --template="mastodon-web.service" -ynh_add_systemd_config --service="$app-sidekiq" --template="mastodon-sidekiq.service" -ynh_add_systemd_config --service="$app-streaming" --template="mastodon-streaming.service" - -#================================================= -# SETUP THE CRON FILE -#================================================= -ynh_script_progression --message="Setuping the cron file..." --weight=1 - -ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" - -#================================================= -# GENERIC FINALIZATION -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - -yunohost service add "$app-web" --description="$app web service" -yunohost service add "$app-sidekiq" --description="$app sidekiq service" -yunohost service add "$app-streaming" --description="$app streaming service" +pushd "$install_dir/live" + ynh_use_ruby + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl cache clear +popd #================================================= # START SYSTEMD SERVICE @@ -303,13 +184,6 @@ ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded" ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Worker 1 now listening" -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/ynh_install_ruby__2 b/scripts/ynh_install_ruby__2 index a2a83d0..521a182 100644 --- a/scripts/ynh_install_ruby__2 +++ b/scripts/ynh_install_ruby__2 @@ -36,7 +36,7 @@ build_pkg_dependencies="$build_pkg_dependencies $build_ruby_dependencies" # However, $PATH is duplicated into $ruby_path to outlast any manipulation of $PATH # You can use the variable `$ynh_ruby_load_path` to quickly load your Ruby version # in $PATH for an usage into a separate script. -# Exemple: $ynh_ruby_load_path $final_path/script_that_use_gem.sh` +# Exemple: $ynh_ruby_load_path $install_dir/script_that_use_gem.sh` # # # Finally, to start a Ruby service with the correct version, 2 solutions @@ -81,7 +81,7 @@ ynh_use_ruby () { ynh_ruby_load_path="PATH=$PATH" # Sets the local application-specific Ruby version - pushd $final_path + pushd $install_dir $rbenv_install_dir/bin/rbenv local $ruby_version popd } diff --git a/sources/patches/app-sso.patch b/sources/patches/app-sso.patch deleted file mode 100644 index 72f738e..0000000 --- a/sources/patches/app-sso.patch +++ /dev/null @@ -1,56 +0,0 @@ -diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb -index 7c36bc6b8..3f691d102 100644 ---- a/app/controllers/application_controller.rb -+++ b/app/controllers/application_controller.rb -@@ -69,7 +69,7 @@ class ApplicationController < ActionController::Base - end - - def after_sign_out_path_for(_resource_or_scope) -- new_user_session_path -+ "https://#{File.read('/etc/yunohost/current_host')}/yunohost/sso/?action=logout" - end - - protected -diff --git a/config/initializers/devise.rb b/config/initializers/devise.rb -index 5232e6cfd..160348674 100644 ---- a/config/initializers/devise.rb -+++ b/config/initializers/devise.rb -@@ -180,7 +180,7 @@ Devise.setup do |config| - # given strategies, for example, `config.http_authenticatable = [:database]` will - # enable it only for database authentication. The supported strategies are: - # :database = Support basic authentication with authentication key + password -- config.http_authenticatable = [:pam, :database] -+ config.http_authenticatable = [:two_factor_ldap, :pam, :database] - - # If 401 status code should be returned for AJAX requests. True by default. - # config.http_authenticatable_on_xhr = true -diff --git a/lib/devise/two_factor_ldap_authenticatable.rb b/lib/devise/two_factor_ldap_authenticatable.rb -index 065aa2de8..0eb4be10c 100644 ---- a/lib/devise/two_factor_ldap_authenticatable.rb -+++ b/lib/devise/two_factor_ldap_authenticatable.rb -@@ -5,13 +5,13 @@ require 'devise/strategies/base' - - module Devise - module Strategies -- class TwoFactorLdapAuthenticatable < Base -+ class TwoFactorLdapAuthenticatable < Authenticatable - def valid? -- valid_params? && mapping.to.respond_to?(:authenticate_with_ldap) -+ (valid_for_params_auth? || valid_for_http_auth?) && mapping.to.respond_to?(:authenticate_with_ldap) - end - - def authenticate! -- resource = mapping.to.authenticate_with_ldap(params[scope]) -+ resource = mapping.to.authenticate_with_ldap(authentication_hash.merge(:password => password)) - - if resource && !resource.otp_required_for_login? - success!(resource) -@@ -23,7 +23,7 @@ module Devise - protected - - def valid_params? -- params[scope] && params[scope][:password].present? -+ super && params[scope][:password].present? - end - end - end diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..c84ca01 --- /dev/null +++ b/tests.toml @@ -0,0 +1,26 @@ +test_format = 1.0 + +[default] + + # ------------ + # Tests to run + # ------------ + + exclude = ["install.multi", "change_url"] + # The test IDs to be used in only/exclude statements are: install.root, install.subdir, install.nourl, install.multi, backup_restore, upgrade, upgrade.someCommitId change_url + + # ------------------------------- + # Default args to use for install + # ------------------------------- + + # Nothing to do here...yet + + # ------------------------------- + # Commits to test upgrade from + # ------------------------------- + + test_upgrade_from.bda899e.name = "Upgrade from 4.1.2~ynh1" + test_upgrade_from.bda899e.args.domain="domain.tld" + test_upgrade_from.bda899e.args.is_public=1 + test_upgrade_from.bda899e.args.admin="john" + test_upgrade_from.bda899e.args.language="fr_FR" From 6221ef155c1df7972d5cc69e7a174ca419250a18 Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Sun, 23 Jul 2023 04:52:18 +0200 Subject: [PATCH 22/30] Bump ynh version --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index b4031fd..be463ed 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Mastodon" description.en = "Libre and federated social network" description.fr = "Réseau social libre et fédéré" -version = "4.1.4~ynh1" +version = "4.1.4~ynh2" maintainers = ["yalh76"] From 160a548596847676b8a1363d4a9c59c8528faddf Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 23 Jul 2023 02:52:21 +0000 Subject: [PATCH 23/30] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index fb27d83..a977eb8 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Mastodon is a free, open-source microblogging social network. It is a decentralized alternative to commercial platforms like Twitter and avoids the risks of a single company monopolizing your communication for commercial purposes. -**Shipped version:** 4.1.4~ynh1 +**Shipped version:** 4.1.4~ynh2 **Demo:** https://joinmastodon.org/ diff --git a/README_fr.md b/README_fr.md index 49eda93..31dc557 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Mastodon est un réseau social de microblog auto-hébergé et open source. C'est une alternative décentralisée aux plates-formes commerciales comme Twitter. Mastodon évite ainsi les risques qu'une seule société monopolise votre communication à des fins commerciales. -**Version incluse :** 4.1.4~ynh1 +**Version incluse :** 4.1.4~ynh2 **Démo :** https://joinmastodon.org/ From 16cb53fb7bf097527e573b7a729f4764ebbbfcf0 Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Mon, 24 Jul 2023 19:38:45 +0200 Subject: [PATCH 24/30] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index be463ed..8a02d9d 100644 --- a/manifest.toml +++ b/manifest.toml @@ -41,7 +41,7 @@ ram.runtime = "500M" [install.language] ask.en = "Choose the application language" ask.fr = "Choisissez la langue de l'application" - type = "string" + type = "select" choices = ["en_EN", "fr_FR"] default = "fr_FR" From 327c998132459867460209ee2576c6316f714a3e Mon Sep 17 00:00:00 2001 From: Tagada <36127788+Tagadda@users.noreply.github.com> Date: Mon, 24 Jul 2023 19:38:59 +0200 Subject: [PATCH 25/30] Update doc/PRE_INSTALL.md Co-authored-by: Alexandre Aubin --- doc/PRE_INSTALL.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md index cc1b424..8a729ee 100644 --- a/doc/PRE_INSTALL.md +++ b/doc/PRE_INSTALL.md @@ -2,7 +2,7 @@ - **Mastodon** require a dedicated **root domain**, eg. `domaine.tld` or `mastodon.domain.tld`, with no other apps installed on that domain. You can't change the domain once installed. - The user choosen during the installation is automatically created in Mastodon with admin rights -- It seems important to close the inscriptions for your Mastodon, so that it remains a private body. We invite you to block remote malicious instances from the administration interface. You can also add text on your home page. +- It seems important to close registrations for your Mastodon, so that it remains a private body. We invite you to block remote malicious instances from the administration interface. You can also add text on your home page. ## Using *screen* in case of disconnect From e24fc7f7b407582a0f90899942ecff7f5ee11d59 Mon Sep 17 00:00:00 2001 From: Tagadda <36127788+Tagadda@users.noreply.github.com> Date: Tue, 1 Aug 2023 04:46:44 +0200 Subject: [PATCH 26/30] Add service setting for app shell --- scripts/install | 2 ++ scripts/upgrade | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/scripts/install b/scripts/install index 05dc9e2..67f48d3 100644 --- a/scripts/install +++ b/scripts/install @@ -12,6 +12,8 @@ source ynh_add_swap source /usr/share/yunohost/helpers admin_mail=$(ynh_user_get_info --username=$admin --key=mail) +# Set `service` settings to support `yunohost app shell` command +ynh_app_setting_set --app="$app" --key=service --value="$app-web.service" #================================================= # APP "BUILD" (DEPLOYING SOURCES, VENV, COMPILING ETC) diff --git a/scripts/upgrade b/scripts/upgrade index 6693941..f2058d1 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -58,6 +58,12 @@ if [[ -z "$redis_namespace" ]]; then ynh_app_setting_set --app=$app --key=redis_namespace --value=$redis_namespace fi +# If service doesn't exist, create it +if [[ -z "$service" ]]; then + # Set `service` settings to support `yunohost app shell` command + ynh_app_setting_set --app="$app" --key=service --value="$app-web.service" +fi + #Remove previous added repository ynh_remove_extra_repo From 97e74bc498320f690f94b81b2911aa0da5bd846a Mon Sep 17 00:00:00 2001 From: Tagadda <36127788+Tagadda@users.noreply.github.com> Date: Tue, 1 Aug 2023 04:48:05 +0200 Subject: [PATCH 27/30] Use logrotate --- conf/mastodon-sidekiq.service | 3 ++- conf/mastodon-streaming.service | 3 ++- conf/mastodon-web.service | 3 ++- scripts/backup | 5 +++++ scripts/install | 11 ++++++++--- scripts/remove | 3 +++ scripts/restore | 10 +++++++--- scripts/upgrade | 17 +++++++++++------ 8 files changed, 40 insertions(+), 15 deletions(-) diff --git a/conf/mastodon-sidekiq.service b/conf/mastodon-sidekiq.service index 47ae8ed..d9c54a0 100644 --- a/conf/mastodon-sidekiq.service +++ b/conf/mastodon-sidekiq.service @@ -14,7 +14,8 @@ Environment="__YNH_RUBY_LOAD_PATH__" ExecStart=__INSTALL_DIR__/live/bin/bundle exec sidekiq -c 25 TimeoutSec=15 Restart=always -StandardError=syslog +StandardOutput=append:/var/log/__APP__/__APP__-sidekiq.log +StandardError=inherit # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these diff --git a/conf/mastodon-streaming.service b/conf/mastodon-streaming.service index a5fcfa0..f63945e 100644 --- a/conf/mastodon-streaming.service +++ b/conf/mastodon-streaming.service @@ -13,7 +13,8 @@ Environment="__YNH_NODE_LOAD_PATH__" ExecStart=__YNH_NODE__ ./streaming TimeoutSec=15 Restart=always -StandardError=syslog +StandardOutput=append:/var/log/__APP__/__APP__-streaming.log +StandardError=inherit # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these diff --git a/conf/mastodon-web.service b/conf/mastodon-web.service index 5fc8819..133fc3b 100644 --- a/conf/mastodon-web.service +++ b/conf/mastodon-web.service @@ -14,7 +14,8 @@ ExecStart=__INSTALL_DIR__/live/bin/bundle exec puma -C config/puma.rb ExecReload=/bin/kill -SIGUSR1 $MAINPID TimeoutSec=15 Restart=always -StandardError=syslog +StandardOutput=append:/var/log/__APP__/__APP__-web.log +StandardError=inherit # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these diff --git a/scripts/backup b/scripts/backup index 7df8f50..2cd6afd 100644 --- a/scripts/backup +++ b/scripts/backup @@ -29,6 +29,11 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # SPECIFIC BACKUP +#================================================= +# BACKUP LOGROTATE +#================================================= +ynh_backup --src_path="/etc/logrotate.d/$app" + #================================================= # BACKUP SYSTEMD #================================================= diff --git a/scripts/install b/scripts/install index 67f48d3..d0fd3dc 100644 --- a/scripts/install +++ b/scripts/install @@ -143,6 +143,11 @@ yunohost service add "$app-streaming" --description="$app streaming service" # Create a cron file ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" +# Use logrotate to manage application logfile(s) +mkdir /var/log/$app +chown $app:$app /var/log/$app +ynh_use_logrotate + #================================================= # GENERIC FINALIZATION #================================================= @@ -150,9 +155,9 @@ ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" #================================================= ynh_script_progression --message="Starting all systemd services..." --weight=1 -ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd --line_match="Listening on" -ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded" -ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Worker 1 now listening" +ynh_systemd_action --service_name=${app}-web --action="start" --log_path=/var/log/$app/$app-web.log --line_match="Listening on" +ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Schedules Loaded" +ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=/var/log/$app/$app-streaming.log --line_match="Worker 1 now listening" #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 800687d..7df4fda 100644 --- a/scripts/remove +++ b/scripts/remove @@ -48,6 +48,9 @@ ynh_remove_nginx_config # Remove a cron file ynh_secure_remove --file="/etc/cron.d/$app" +# Remote logrotate config +ynh_remove_logrotate + # Remove metapackage and its dependencies ynh_remove_ruby ynh_remove_nodejs diff --git a/scripts/restore b/scripts/restore index f4703a6..5c5ea32 100644 --- a/scripts/restore +++ b/scripts/restore @@ -89,6 +89,10 @@ yunohost service add "$app-streaming" --description="$app streaming service" ynh_restore_file --origin_path="/etc/cron.d/$app" +mkdir -p /var/log/$app +chown -R $app:$app /var/log/$app +ynh_restore_file --origin_path="/etc/logrotate.d/$app" + #================================================= # GENERIC FINALIZATION #================================================= @@ -96,9 +100,9 @@ ynh_restore_file --origin_path="/etc/cron.d/$app" #================================================= ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 -ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd --line_match="Listening on" -ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded" -ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Worker 1 now listening" +ynh_systemd_action --service_name=${app}-web --action="start" --log_path=/var/log/$app/$app-web.log --line_match="Listening on" +ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Schedules Loaded" +ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=/var/log/$app/$app-streaming.log --line_match="Worker 1 now listening" ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index f2058d1..36efc8c 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -72,9 +72,9 @@ ynh_remove_extra_repo #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=${app}-web --action="stop" --log_path=systemd --line_match="Stopped" -ynh_systemd_action --service_name=${app}-sidekiq --action="stop" --log_path=systemd --line_match="Stopped" -ynh_systemd_action --service_name=${app}-streaming --action="stop" --log_path=systemd --line_match="Stopped" +ynh_systemd_action --service_name=${app}-web --action="stop" --log_path=/var/log/$app/$app-web.log --line_match="Stopped" +ynh_systemd_action --service_name=${app}-sidekiq --action="stop" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Stopped" +ynh_systemd_action --service_name=${app}-streaming --action="stop" --log_path=/var/log/$app/$app-streaming.log --line_match="Stopped" #================================================= # ADD SWAP IF NEEDED @@ -156,6 +156,11 @@ yunohost service add "$app-streaming" --description="$app streaming service" ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" +# Use logrotate to manage app-specific logfile(s) +mkdir -p /var/log/$app +chown $app:$app /var/log/$app +ynh_use_logrotate --non-append + #================================================= # RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...) #================================================= @@ -186,9 +191,9 @@ popd #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd --line_match="Listening on" -ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded" -ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Worker 1 now listening" +ynh_systemd_action --service_name=${app}-web --action="start" --log_path=/var/log/$app/$app-web.log --line_match="Listening on" +ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Schedules Loaded" +ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=/var/log/$app/$app-streaming.log --line_match="Worker 1 now listening" #================================================= # END OF SCRIPT From fac45975c2f875d7ba9230f6e0a4e0fb6435b152 Mon Sep 17 00:00:00 2001 From: Tagadda <36127788+Tagadda@users.noreply.github.com> Date: Tue, 1 Aug 2023 04:49:25 +0200 Subject: [PATCH 28/30] smtp config follow-up Sidekiq service can be properly hardened since it doesn't use sendmail anymore o/ --- conf/mastodon-sidekiq.service | 16 ++++++++-------- scripts/upgrade | 2 -- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/conf/mastodon-sidekiq.service b/conf/mastodon-sidekiq.service index d9c54a0..14bd592 100644 --- a/conf/mastodon-sidekiq.service +++ b/conf/mastodon-sidekiq.service @@ -23,17 +23,17 @@ StandardError=inherit # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html NoNewPrivileges=no PrivateTmp=yes -#PrivateDevices=yes -#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK -#RestrictNamespaces=yes -#RestrictRealtime=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes DevicePolicy=closed ProtectSystem=full ProtectControlGroups=yes -#ProtectKernelModules=yes -#ProtectKernelTunables=yes -#LockPersonality=yes -#SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap # Denying access to capabilities that should not be relevant for webapps # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html diff --git a/scripts/upgrade b/scripts/upgrade index 36efc8c..8ccd0d0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,8 +12,6 @@ source ynh_add_swap source /usr/share/yunohost/helpers upgrade_type=$(ynh_check_app_version_changed) - -admin_mail=$(ynh_user_get_info --username=$admin --key='mail') config="$install_dir/live/.env.production" #================================================= From 099f221b7102f8564913de562c2c1432b9248453 Mon Sep 17 00:00:00 2001 From: Tagadda <36127788+Tagadda@users.noreply.github.com> Date: Tue, 1 Aug 2023 05:33:53 +0200 Subject: [PATCH 29/30] Fix mkdir failing if /var/log/mastodon already exists --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index d0fd3dc..5341e92 100644 --- a/scripts/install +++ b/scripts/install @@ -144,7 +144,7 @@ yunohost service add "$app-streaming" --description="$app streaming service" ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" # Use logrotate to manage application logfile(s) -mkdir /var/log/$app +mkdir -p /var/log/$app chown $app:$app /var/log/$app ynh_use_logrotate From eb86c0e5d4fa3860ca8e61a717e702cdb708a748 Mon Sep 17 00:00:00 2001 From: Tagadda <36127788+Tagadda@users.noreply.github.com> Date: Tue, 1 Aug 2023 19:30:57 +0200 Subject: [PATCH 30/30] upgrade: Rename database to match packaging v2 --- scripts/upgrade | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 8ccd0d0..86d57d0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -74,6 +74,13 @@ ynh_systemd_action --service_name=${app}-web --action="stop" --log_path=/var/log ynh_systemd_action --service_name=${app}-sidekiq --action="stop" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Stopped" ynh_systemd_action --service_name=${app}-streaming --action="stop" --log_path=/var/log/$app/$app-streaming.log --line_match="Stopped" +# Rename the database to match packaging v2 defaults db_name (`$app_production` to `$app`) +if [[ $db_name = *'_production' ]]; then + ynh_psql_execute_as_root --sql="ALTER DATABASE $db_name RENAME TO $app;" + db_name=$app + ynh_app_setting_set --app=$app --key=db_name --value=$db_name +fi + #================================================= # ADD SWAP IF NEEDED #=================================================