diff --git a/conf/nginx.conf b/conf/nginx.conf new file mode 100644 index 0000000..7a94b04 --- /dev/null +++ b/conf/nginx.conf @@ -0,0 +1,16 @@ +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { + + client_max_body_size 10M; + + proxy_pass http://127.0.0.1:__PORT__; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + + # preserve client IP + proxy_set_header X-Forwarded-For $remote_addr; + + # Include SSOWAT user panel's shortcut tile. + include conf.d/yunohost_panel.conf.inc; +} \ No newline at end of file diff --git a/conf/systemd.service b/conf/systemd.service new file mode 100644 index 0000000..d98a47e --- /dev/null +++ b/conf/systemd.service @@ -0,0 +1,52 @@ +[Unit] +Description=Service for Piped (__APP__) +After=network.target + +[Service] +Type=simple +User=__APP__ +Group=__APP__ + +WorkingDirectory=__INSTALL_DIR__/ +ExecStart= +StandardOutput=append:/var/log/__APP__/__APP__.log +StandardError=inherit +Restart=on-failure +RestartSec=10 + +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..a5d9c06 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,65 @@ +packaging_format = 2 + +id = "piped" +name = "Piped" + +description.en = "An open-source alternative frontend for YouTube which is efficient by design." +description.fr = "An open-source alternative frontend for YouTube which is efficient by design." + +version = "2024.01.21~ynh1" + +maintainers = ["orhtej2"] + +[upstream] +license = "GNU AFFERO GPL" +website = "https://docs.piped.video/" +demo = "https://piped.video/" +admindoc = "https://docs.piped.video/docs/" + +code = "https://github.com/TeamPiped/Piped" + +[integration] +yunohost = '>= 11.2' +architectures = "all" # TODO : handle the "all" option (no ["all"]) +multi_instance = true ldap = "not_relevant" # TODO : fixme, use actual booleans + handle the "not_relevant" value +sso = "not_relevant" +# FIXME: replace with an **estimate** minimum disk and RAM requirements. e.g. 20M, 400M, 1G... You may have have a look at CI results +disk = "50M" +ram.build = "50M" +ram.runtime = "50M" + +[install] + + [install.domain] + type = "domain" + + [install.init_main_permission] + type = "group" + default = "visitors" + +[resources] + + [resources.sources] + + [resources.sources.main] + # This will pre-fetch the asset which can then be deployed during the install/upgrade scripts with : + # ynh_setup_source --dest_dir="$install_dir" + # You can also define other assets than "main" and add --source_id="foobar" in the previous command + url = "https://codeload.github.com/TeamPiped/Piped/zip/11610d545cb08c87e4ae1c415f4acc2b37d0f789" + sha256 = "11610d545cb08c87e4ae1c415f4acc2b37d0f7891234567890-1231234567890" + + # These infos are used by https://github.com/YunoHost/apps/blob/master/tools/autoupdate_app_sources/autoupdate_app_sources.py + # to auto-update the previous asset urls and sha256sum + manifest version + # assuming the upstream's code repo is on github and relies on tags or releases + # See the 'sources' resource documentation for more details + + autoupdate.strategy = "latest_github_tag" + + [resources.system_user] + + [resources.install_dir] + + [resources.permissions] + main.url = "/" + + [resources.ports] diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..c8eee12 --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +#================================================= +# COMMON VARIABLES +#================================================= + +#================================================= +# PERSONAL HELPERS +#================================================= diff --git a/scripts/backup b/scripts/backup new file mode 100644 index 0000000..ce0d9e0 --- /dev/null +++ b/scripts/backup @@ -0,0 +1,27 @@ +#!/bin/bash +#### App file generated with YoloGen, the YunoHost app generator, version . + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# DECLARE DATA AND CONF FILES TO BACKUP +#================================================= +ynh_print_info --message="Declaring files to be backed up..." + +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" + +ynh_backup --src_path="/etc/systemd/system/$app.service" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." \ No newline at end of file diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..1998d1e --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,43 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." + +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" + +#================================================= +# MODIFY URL IN NGINX CONF +#================================================= +ynh_script_progression --message="Updating NGINX web server configuration..." + +ynh_change_url_nginx_config + +#================================================= +# SPECIFIC MODIFICATIONS +#================================================= +# ... +#================================================= + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." + +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Change of URL completed for $app" --last \ No newline at end of file diff --git a/scripts/install b/scripts/install new file mode 100644 index 0000000..5cfd722 --- /dev/null +++ b/scripts/install @@ -0,0 +1,88 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# INSTALL DEPENDENCIES +#================================================= + +ynh_script_progression --message="Installing NodeJS..." --weight=10 + +# Install Nodejs +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version +ynh_use_nodejs + +#================================================= +# APP "BUILD" (DEPLOYING SOURCES, VENV, COMPILING ETC) +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= +ynh_script_progression --message="Setting up source files..." + +ynh_setup_source --dest_dir="$install_dir" + +chown -R $app:www-data "$install_dir" + +#================================================= +# SYSTEM CONFIGURATION +#================================================= +ynh_script_progression --message="Adding system configurations related to $app..." + +# Create a dedicated NGINX config using the conf/nginx.conf template +ynh_add_nginx_config + +# Create a dedicated systemd config +ynh_add_systemd_config + +yunohost service add $app --log="/var/log/$app/$app.log" + +#================================================= +# APP INITIAL CONFIGURATION +#================================================= +# ADD A CONFIGURATION +#================================================= +ynh_script_progression --message="Adding app's configuration file..." + +ynh_add_config --template="" --destination="$install_dir/" + +# FIXME: this should be handled by the core in the future +# You may need to use chmod 600 instead of 400, +# for example if the app is expected to be able to modify its own config +chmod 400 "$install_dir/" +chown $app:$app "$install_dir/" + +#================================================= +# INSTALL APP +#================================================= +ynh_script_progression --message="Installing app..." --weight=5 + +pushd $install_dir +ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install --production --ignore-scripts +ynh_exec_as $app $ynh_node_load_PATH $ynh_npm run build +popd + +#================================================= +# FINALIZE APP INSTALL WITH CURL +#================================================= + +# REMOVEME? ynh_script_progression --message="Finalizing installation..." +# REMOVEME? ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting app's systemd service..." + +# Start a systemd service +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# END OF SCRIPT +#================================================= +ynh_script_progression --message="Installation of $app completed" --last \ No newline at end of file diff --git a/scripts/remove b/scripts/remove new file mode 100644 index 0000000..97ae1b9 --- /dev/null +++ b/scripts/remove @@ -0,0 +1,37 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# REMOVE SYSTEM CONFIGURATIONS +#================================================= +# REMOVE SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Removing system configurations related to $app..." + +# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) +if ynh_exec_warn_less yunohost service status $app >/dev/null +then + ynh_script_progression --message="Removing $app service integration..." + yunohost service remove $app +fi + +ynh_remove_systemd_config + +ynh_remove_nginx_config + +# Remove other various files specific to the app... such as : + +ynh_secure_remove --file="/var/log/$app" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Removal of $app completed" --last \ No newline at end of file diff --git a/scripts/restore b/scripts/restore new file mode 100644 index 0000000..877d2f8 --- /dev/null +++ b/scripts/restore @@ -0,0 +1,56 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= +ynh_script_progression --message="Restoring the app main directory..." --weight=1 + +ynh_restore_file --origin_path="$install_dir" + +chown -R $app:www-data "$install_dir" + +#================================================= +# RESTORE THE MYSQL DATABASE +#================================================= + +#================================================= +# RESTORE SYSTEM CONFIGURATIONS +#================================================= +ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 + +# This should be a symetric version of what happens in the install script + +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" + +ynh_restore_file --origin_path="/etc/systemd/system/$app.service" +systemctl enable $app.service --quiet + +yunohost service add $app --log="/var/log/$app/$app.log" + +# Other various files... + +#================================================= +# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE +#================================================= +ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 + +# Typically you only have either $app or php-fpm but not both at the same time... +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Restoration completed for $app" --last \ No newline at end of file diff --git a/scripts/upgrade b/scripts/upgrade new file mode 100644 index 0000000..d376899 --- /dev/null +++ b/scripts/upgrade @@ -0,0 +1,77 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +upgrade_type=$(ynh_check_app_version_changed) + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= + +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." + +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" + +#================================================= +# "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...) +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." + + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$install_dir" +fi + +chown -R $app:www-data "$install_dir" + +#================================================= +# REAPPLY SYSTEM CONFIGURATIONS +#================================================= +ynh_script_progression --message="Upgrading system configurations related to $app..." + +ynh_add_nginx_config + +ynh_add_systemd_config + +yunohost service add $app --log="/var/log/$app/$app.log" + +#================================================= +# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...) +#================================================= +# UPDATE A CONFIG FILE +#================================================= +ynh_script_progression --message="Updating a configuration file..." + +ynh_add_config --template="" --destination="$install_dir/" + +chmod 400 "$install_dir/some_config_file" +chown $app:$app "$install_dir/some_config_file" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." + +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Upgrade of $app completed" --last \ No newline at end of file