diff --git a/conf/app.src b/conf/app.src index e8c5f3c..e4dd89f 100755 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://git.pleroma.social/pleroma/pleroma/-/archive/v0.9.0/pleroma-v0.9.0.tar.gz -SOURCE_SUM=068fd77e6c00998e41e7db58ff122dee714da0c0ba0eb5c590b81eb93543a11e +SOURCE_URL=url of app's source +SOURCE_SUM=sha256 checksum SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/config.exs b/conf/config.exs new file mode 100644 index 0000000..73d55b0 --- /dev/null +++ b/conf/config.exs @@ -0,0 +1,318 @@ +# This file is responsible for configuring your application +# and its dependencies with the aid of the Mix.Config module. +# +# This configuration file is loaded before any dependency and +# is restricted to this project. +use Mix.Config + +# General application configuration +config :pleroma, ecto_repos: [Pleroma.Repo] + +config :pleroma, Pleroma.Repo, types: Pleroma.PostgresTypes + +config :pleroma, Pleroma.Captcha, + enabled: false, + seconds_valid: 60, + method: Pleroma.Captcha.Kocaptcha + +config :pleroma, :hackney_pools, + federation: [ + max_connections: 50, + timeout: 150_000 + ], + media: [ + max_connections: 50, + timeout: 150_000 + ], + upload: [ + max_connections: 25, + timeout: 300_000 + ] + +config :pleroma, Pleroma.Captcha.Kocaptcha, endpoint: "https://captcha.kotobank.ch" + +# Upload configuration +config :pleroma, Pleroma.Upload, + uploader: Pleroma.Uploaders.Local, + filters: [], + proxy_remote: false, + proxy_opts: [ + redirect_on_failure: false, + max_body_length: 25 * 1_048_576, + http: [ + follow_redirect: true, + pool: :upload + ] + ] + +config :pleroma, Pleroma.Uploaders.Local, uploads: "uploads" + +config :pleroma, Pleroma.Uploaders.S3, + bucket: nil, + public_endpoint: "https://s3.amazonaws.com" + +config :pleroma, Pleroma.Uploaders.MDII, + cgi: "https://mdii.sakura.ne.jp/mdii-post.cgi", + files: "https://mdii.sakura.ne.jp" + +config :pleroma, :emoji, shortcode_globs: ["/emoji/custom/**/*.png"] + +config :pleroma, :uri_schemes, + valid_schemes: [ + "https", + "http", + "dat", + "dweb", + "gopher", + "ipfs", + "ipns", + "irc", + "ircs", + "magnet", + "mailto", + "mumble", + "ssb", + "xmpp" + ] + +websocket_config = [ + path: "/websocket", + serializer: [ + {Phoenix.Socket.V1.JSONSerializer, "~> 1.0.0"}, + {Phoenix.Socket.V2.JSONSerializer, "~> 2.0.0"} + ], + timeout: 60_000, + transport_log: false, + compress: false +] + +# Configures the endpoint +config :pleroma, Pleroma.Web.Endpoint, + url: [host: "localhost"], + http: [ + dispatch: [ + {:_, + [ + {"/api/v1/streaming", Elixir.Pleroma.Web.MastodonAPI.WebsocketHandler, []}, + {"/socket/websocket", Phoenix.Endpoint.CowboyWebSocket, + {nil, {Pleroma.Web.Endpoint, Pleroma.Web.UserSocket, websocket_config}}}, + {:_, Plug.Adapters.Cowboy.Handler, {Pleroma.Web.Endpoint, []}} + ]} + ] + ], + protocol: "https", + secret_key_base: "aK4Abxf29xU9TTDKre9coZPUgevcVCFQJe/5xP/7Lt4BEif6idBIbjupVbOrbKxl", + signing_salt: "CqaoopA2", + render_errors: [view: Pleroma.Web.ErrorView, accepts: ~w(json)], + pubsub: [name: Pleroma.PubSub, adapter: Phoenix.PubSub.PG2], + secure_cookie_flag: true + +# Configures Elixir's Logger +config :logger, :console, + format: "$time $metadata[$level] $message\n", + metadata: [:request_id] + +config :logger, :ex_syslogger, + level: :debug, + ident: "Pleroma", + format: "$date $time $metadata[$level] $message", + metadata: [:request_id] + +config :mime, :types, %{ + "application/xml" => ["xml"], + "application/xrd+xml" => ["xrd+xml"], + "application/jrd+json" => ["jrd+json"], + "application/activity+json" => ["activity+json"], + "application/ld+json" => ["activity+json"] +} + +config :pleroma, :websub, Pleroma.Web.Websub +config :pleroma, :ostatus, Pleroma.Web.OStatus +config :pleroma, :httpoison, Pleroma.HTTP +config :tesla, adapter: Tesla.Adapter.Hackney + +# Configures http settings, upstream proxy etc. +config :pleroma, :http, proxy_url: nil + +config :pleroma, :instance, + name: "Pleroma", + email: "example@example.com", + description: "A Pleroma instance, an alternative fediverse server", + limit: 5_000, + remote_limit: 100_000, + upload_limit: 16_000_000, + avatar_upload_limit: 2_000_000, + background_upload_limit: 4_000_000, + banner_upload_limit: 4_000_000, + registrations_open: true, + federating: true, + federation_reachability_timeout_days: 7, + allow_relay: true, + rewrite_policy: Pleroma.Web.ActivityPub.MRF.NoOpPolicy, + public: true, + quarantined_instances: [], + managed_config: true, + static_dir: "instance/static/", + allowed_post_formats: [ + "text/plain", + "text/html", + "text/markdown" + ], + finmoji_enabled: true, + mrf_transparency: true, + autofollowed_nicknames: [], + max_pinned_statuses: 1, + no_attachment_links: false + +config :pleroma, :markup, + # XXX - unfortunately, inline images must be enabled by default right now, because + # of custom emoji. Issue #275 discusses defanging that somehow. + allow_inline_images: true, + allow_headings: false, + allow_tables: false, + allow_fonts: false, + scrub_policy: [ + Pleroma.HTML.Transform.MediaProxy, + Pleroma.HTML.Scrubber.Default + ] + +config :pleroma, :frontend_configurations, + pleroma_fe: %{ + theme: "pleroma-dark", + logo: "/static/logo.png", + background: "/images/city.jpg", + redirectRootNoLogin: "/main/all", + redirectRootLogin: "/main/friends", + showInstanceSpecificPanel: true, + scopeOptionsEnabled: false, + formattingOptionsEnabled: false, + collapseMessageWithSubject: false, + hidePostStats: false, + hideUserStats: false, + scopeCopy: true, + subjectLineBehavior: "email", + alwaysShowSubjectInput: true + } + +config :pleroma, :activitypub, + accept_blocks: true, + unfollow_blocked: true, + outgoing_blocks: true, + follow_handshake_timeout: 500 + +config :pleroma, :user, deny_follow_blocked: true + +config :pleroma, :mrf_normalize_markup, scrub_policy: Pleroma.HTML.Scrubber.Default + +config :pleroma, :mrf_rejectnonpublic, + allow_followersonly: false, + allow_direct: false + +config :pleroma, :mrf_hellthread, threshold: 10 + +config :pleroma, :mrf_simple, + media_removal: [], + media_nsfw: [], + federated_timeline_removal: [], + reject: [], + accept: [] + +config :pleroma, :rich_media, enabled: true + +config :pleroma, :media_proxy, + enabled: false, + proxy_opts: [ + redirect_on_failure: false, + max_body_length: 25 * 1_048_576, + http: [ + follow_redirect: true, + pool: :media + ] + ] + +config :pleroma, :chat, enabled: true + +config :ecto, json_library: Jason + +config :phoenix, :format_encoders, json: Jason + +config :pleroma, :gopher, + enabled: false, + ip: {0, 0, 0, 0}, + port: 9999 + +config :pleroma, Pleroma.Web.Metadata, providers: [], unfurl_nsfw: false + +config :pleroma, :suggestions, + enabled: false, + third_party_engine: + "http://vinayaka.distsn.org/cgi-bin/vinayaka-user-match-suggestions-api.cgi?{{host}}+{{user}}", + timeout: 300_000, + limit: 23, + web: "https://vinayaka.distsn.org/?{{host}}+{{user}}" + +config :pleroma, :http_security, + enabled: true, + sts: false, + sts_max_age: 31_536_000, + ct_max_age: 2_592_000, + referrer_policy: "same-origin" + +config :cors_plug, + max_age: 86_400, + methods: ["POST", "PUT", "DELETE", "GET", "PATCH", "OPTIONS"], + expose: [ + "Link", + "X-RateLimit-Reset", + "X-RateLimit-Limit", + "X-RateLimit-Remaining", + "X-Request-Id", + "Idempotency-Key" + ], + credentials: true, + headers: ["Authorization", "Content-Type", "Idempotency-Key"] + +config :pleroma, Pleroma.User, + restricted_nicknames: [ + ".well-known", + "~", + "about", + "activities", + "api", + "auth", + "dev", + "friend-requests", + "inbox", + "internal", + "main", + "media", + "nodeinfo", + "notice", + "oauth", + "objects", + "ostatus_subscribe", + "pleroma", + "proxy", + "push", + "registration", + "relay", + "settings", + "status", + "tag", + "user-search", + "users", + "web" + ] + +config :pleroma, Pleroma.Web.Federator, max_jobs: 50 + +config :pleroma, Pleroma.Web.Federator.RetryQueue, + enabled: false, + max_jobs: 20, + initial_timeout: 30, + max_retries: 5 + +# Import environment specific config. This must remain at the bottom +# of this file so it overrides the configuration defined above. +import_config "#{Mix.env()}.exs" + diff --git a/conf/prod.secret.exs b/conf/generated_config.exs similarity index 85% rename from conf/prod.secret.exs rename to conf/generated_config.exs index 708f37c..6b7eebe 100644 --- a/conf/prod.secret.exs +++ b/conf/generated_config.exs @@ -1,10 +1,14 @@ +# Pleroma instance configuration + +# NOTE: This file should not be committed to a repo or otherwise made public +# without removing sensitive information. + use Mix.Config config :pleroma, Pleroma.Web.Endpoint, url: [host: "__DOMAIN__", scheme: "https", port: 443], secret_key_base: "__KEY__", - http: [port: __PORT__], - protocol: "http" + http: [port: __PORT__] config :pleroma, :instance, name: "__INSTANCE_NAME__", @@ -17,11 +21,7 @@ config :pleroma, :media_proxy, enabled: __MEDIA_CACHE__, redirect_on_failure: true #base_url: "https://cache.pleroma.social" - -config :pleroma, :fe, - scope_options_enabled: true -# Configure your database config :pleroma, Pleroma.Repo, adapter: Ecto.Adapters.Postgres, username: "__DB_NAME__", @@ -30,6 +30,10 @@ config :pleroma, Pleroma.Repo, hostname: "localhost", pool_size: 10 +# Enable Strict-Transport-Security once SSL is working: +# config :pleroma, :http_security, +# sts: true + # Configure S3 support if desired. # The public S3 endpoint is different depending on region and provider, # consult your S3 provider's documentation for details on what to use. @@ -51,9 +55,9 @@ config :pleroma, Pleroma.Repo, # Configure Openstack Swift support if desired. -# -# Many openstack deployments are different, so config is left very open with -# no assumptions made on which provider you're using. This should allow very +# +# Many openstack deployments are different, so config is left very open with +# no assumptions made on which provider you're using. This should allow very # wide support without needing separate handlers for OVH, Rackspace, etc. # # config :pleroma, Pleroma.Uploaders.Swift, @@ -66,3 +70,4 @@ config :pleroma, Pleroma.Repo, # object_url: "https://cdn-endpoint.provider.com/" # + diff --git a/conf/prod.exs b/conf/prod.exs new file mode 100644 index 0000000..b38f9bb --- /dev/null +++ b/conf/prod.exs @@ -0,0 +1,63 @@ +use Mix.Config + +# For production, we often load configuration from external +# sources, such as your system environment. For this reason, +# you won't find the :http configuration below, but set inside +# Pleroma.Web.Endpoint.load_from_system_env/1 dynamically. +# Any dynamic configuration should be moved to such function. +# +# Don't forget to configure the url host to something meaningful, +# Phoenix uses this information when generating URLs. +# +# Finally, we also include the path to a cache manifest +# containing the digested version of static files. This +# manifest is generated by the mix phoenix.digest task +# which you typically run after static files are built. +#config :pleroma, Pleroma.Web.Endpoint, + #http: [port: 4000], + #protocol: "http" + +# Do not print debug messages in production +config :logger, level: :info + +# ## SSL Support +# +# To get SSL working, you will need to add the `https` key +# to the previous section and set your `:url` port to 443: +# +# config :pleroma, Pleroma.Web.Endpoint, +# ... +# url: [host: "example.com", port: 443], +# https: [:inet6, +# port: 443, +# keyfile: System.get_env("SOME_APP_SSL_KEY_PATH"), +# certfile: System.get_env("SOME_APP_SSL_CERT_PATH")] +# +# Where those two env variables return an absolute path to +# the key and cert in disk or a relative path inside priv, +# for example "priv/ssl/server.key". +# +# We also recommend setting `force_ssl`, ensuring no data is +# ever sent via http, always redirecting to https: +# +# config :pleroma, Pleroma.Web.Endpoint, +# force_ssl: [hsts: true] +# +# Check `Plug.SSL` for all available options in `force_ssl`. + +# ## Using releases +# +# If you are doing OTP releases, you need to instruct Phoenix +# to start the server for all endpoints: +# +# config :phoenix, :serve_endpoints, true +# +# Alternatively, you can configure exactly which server to +# start per endpoint: +# +# config :pleroma, Pleroma.Web.Endpoint, server: true +# + +# Finally import the config/prod.secret.exs +# which should be versioned separately. +import_config "prod.secret.exs" diff --git a/conf/setup_db.psql b/conf/setup_db.psql deleted file mode 100644 index 93a6984..0000000 --- a/conf/setup_db.psql +++ /dev/null @@ -1,6 +0,0 @@ -CREATE USER __DB_NAME__ WITH ENCRYPTED PASSWORD '__DB_PWD__'; -CREATE DATABASE __DB_NAME__ OWNER __DB_NAME__; -\c __DB_NAME__; ---Extensions made by ecto.migrate that need superuser access -CREATE EXTENSION IF NOT EXISTS citext; -CREATE EXTENSION IF NOT EXISTS pg_trgm; diff --git a/conf/systemd.service b/conf/systemd.service index 03754c5..ccfd652 100755 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -5,6 +5,7 @@ After=network.target postgresql.service [Service] Environment="MIX_ENV=prod" User=__APP__ +Group=__APP__ WorkingDirectory=__FINALPATH__/__APP__ Environment="HOME=__FINALPATH__" ExecStart=/usr/bin/mix phx.server diff --git a/manifest.json b/manifest.json index 58b971a..e47d88d 100755 --- a/manifest.json +++ b/manifest.json @@ -1,5 +1,5 @@ { - "name": "pleroma", + "name": "Pleroma", "id": "pleroma", "packaging_format": 1, "description": { diff --git a/scripts/backup b/scripts/backup index 43012a4..f239428 100755 --- a/scripts/backup +++ b/scripts/backup @@ -7,6 +7,7 @@ #================================================= source ../settings/scripts/_common.sh +source ../settings/scripts/ynh_systemd_action source /usr/share/yunohost/helpers #================================================= @@ -15,7 +16,7 @@ source /usr/share/yunohost/helpers ynh_clean_setup () { ### Remove this function if there's nothing to clean before calling the remove script. - true + ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -28,12 +29,9 @@ app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get $app final_path) domain=$(ynh_app_setting_get $app domain) -db_name=$(ynh_app_setting_get "$app" psql_db) +db_name=$(ynh_app_setting_get "$app" db_name) cache=$(ynh_app_setting_get "$app" cache) -# Stop Pleroma for backup -yunohost service stop "$app" - #================================================= # STANDARD BACKUP STEPS #================================================= @@ -84,9 +82,3 @@ ynh_backup "/etc/systemd/system/$app.service" #================================================= #ynh_backup "/etc/cron.d/$app" - -#================================================= -# START SERVICE -#================================================= - -yunohost service start $app \ No newline at end of file diff --git a/scripts/change_url b/scripts/change_url index 71588c7..c9cb4f2 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -7,6 +7,7 @@ #================================================= source _common.sh +source ynh_systemd_action source /usr/share/yunohost/helpers #================================================= @@ -90,16 +91,26 @@ fi #================================================= # SPECIFIC MODIFICATIONS #================================================= -# ... +# STOP SERVICE #================================================= -# Stop pleroma for modification -yunohost service stop $app +ynh_systemd_action --action=stop --service_name=$app + +#================================================= +# MODIFY A CONFIG FILE +#================================================= ynh_replace_string "$old_domain" "$new_domain" "$final_path/$app/config/prod.secret.exs" -# Start pleroma after modification -yunohost service start $app +#================================================= +# START SERVICE +#================================================= + +ynh_systemd_action --action=start --service_name=$app + +#================================================= +# STORE THE CONFIG FILE CHECKSUM +#================================================= ### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script. ### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. @@ -107,8 +118,6 @@ ynh_backup_if_checksum_is_different "$final_path/config.ini" # Recalculate and store the checksum of the file for the next upgrade. ynh_store_file_checksum "$final_path/$app/config/prod.secret.exs" - - #================================================= # GENERIC FINALISATION #================================================= @@ -116,4 +125,3 @@ ynh_store_file_checksum "$final_path/$app/config/prod.secret.exs" #================================================= systemctl reload nginx -sleep 30 diff --git a/scripts/install b/scripts/install index 932ae6c..3496678 100755 --- a/scripts/install +++ b/scripts/install @@ -7,6 +7,7 @@ #================================================= source _common.sh +source ynh_systemd_action source /usr/share/yunohost/helpers #================================================= @@ -15,7 +16,7 @@ source /usr/share/yunohost/helpers ynh_clean_setup () { ### Remove this function if there's nothing to clean before calling the remove script. - true + ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -98,7 +99,7 @@ ynh_app_setting_set "$app" random_key "$random_key" ### - Remove the section "CLOSE A PORT" in the remove script # Find a free port -port=$(ynh_find_port 4000) +port=$(ynh_find_port 8095) # Open this port #yunohost firewall allow --no-upnp TCP $port 2>&1 ynh_app_setting_set $app port $port @@ -140,18 +141,20 @@ ynh_install_app_dependencies git build-essential postgresql postgresql-contrib o ### - Remove also the section "REMOVE THE POSTGRESQL DATABASE" in the remove script ### - As well as the section "RESTORE THE POSTGRESQL DATABASE" in the restore script -db_name="${app}" +db_name="$app" db_pwd=$(ynh_string_random 30) -ynh_app_setting_set "$app" psql_db "$db_name" -ynh_app_setting_set "$app" psqlpwd "$db_pwd" +ynh_app_setting_set "$app" db_name "$db_name" +ynh_app_setting_set "$app" db_pwd "$db_pwd" ynh_psql_test_if_first_run ynh_psql_create_user "$app" "$db_pwd" ynh_psql_execute_as_root \ -"CREATE DATABASE $db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $app;" +"CREATE DATABASE $db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $db_name;" ynh_psql_execute_as_root "\connect $db_name CREATE EXTENSION IF NOT EXISTS unaccent;CREATE EXTENSION IF NOT EXISTS pg_trgm;" ynh_psql_execute_as_root "\connect $db_name CREATE EXTENSION IF NOT EXISTS unaccent;CREATE EXTENSION IF NOT EXISTS citext;" +ynh_psql_execute_as_root "\connect $db_name +CREATE EXTENSION IF NOT EXISTS \"uuid-ossp\";" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -213,25 +216,19 @@ ynh_system_user_create "$app" "$final_path" #================================================= # SPECIFIC SETUP -#================================================= -# ... -#================================================= - #================================================= # MODIFY A CONFIG FILE #================================================= -cp -f ../conf/prod.secret.exs "$final_path/$app/config/prod.secret.exs" -cp -f ../conf/setup_db.psql "$final_path/$app/config/setup_db.psql" +cp -f ../conf/generated_config.exs "$final_path/$app/config/prod.secret.exs" ynh_replace_string "__DOMAIN__" "$domain" "$final_path/$app/config/prod.secret.exs" ynh_replace_string "__KEY__" "$random_key" "$final_path/$app/config/prod.secret.exs" ynh_replace_string "__INSTANCE_NAME__" "$name" "$final_path/$app/config/prod.secret.exs" -ynh_replace_string "__DB_NAME__" "$app" "$final_path/$app/config/prod.secret.exs" +ynh_replace_string "__DB_NAME__" "$db_name" "$final_path/$app/config/prod.secret.exs" ynh_replace_string "__DB_PWD__" "$db_pwd" "$final_path/$app/config/prod.secret.exs" ynh_replace_string "__ADMIN_EMAIL__" "$admin_email" "$final_path/$app/config/prod.secret.exs" ynh_replace_string "__PORT__" "$port" "$final_path/$app/config/prod.secret.exs" -ynh_replace_string "__DB_NAME__" "$app" "$final_path/$app/config/setup_db.psql" -ynh_replace_string "__DB_PWD__" "$db_pwd" "$final_path/$app/config/setup_db.psql" + if [ $cache -eq 1 ] then ynh_replace_string "__MEDIA_CACHE__" "true" "$final_path/$app/config/prod.secret.exs" @@ -247,27 +244,33 @@ else ynh_replace_string "__REG__" "false" "$final_path/$app/config/prod.secret.exs" fi +#Desactivate default frontend +cp -f ../conf/config.exs "$final_path/$app/config/config.exs" + +#Desactivate Pleroma.Web.Endpoint +cp -f ../conf/prod.exs "$final_path/$app/config/prod.exs" #================================================= -# SETUP +# MAKE SETUP #================================================= # Give permission to the final_path chown -R "$app":"$app" "$final_path" -# App setup and db migration -( cd $final_path/$app && sudo -u "$app" MIX_ENV=prod mix local.hex --force ) -( cd $final_path/$app && sudo -u "$app" MIX_ENV=prod mix local.rebar --force ) -( cd $final_path/$app && sudo -u "$app" MIX_ENV=prod mix deps.get ) -ynh_psql_execute_as_root \ -"ALTER USER $app WITH SUPERUSER;" +pushd $final_path/$app + # App setup and db migration + sudo -u "$app" MIX_ENV=prod mix local.hex --force + sudo -u "$app" MIX_ENV=prod mix local.rebar --force + sudo -u "$app" MIX_ENV=prod mix deps.get + sudo -u "$app" MIX_ENV=prod mix ecto.migrate --force -( cd $final_path/$app && sudo -u "$app" MIX_ENV=prod mix ecto.migrate --force ) + # Add user + sudo -u "$app" MIX_ENV=prod mix pleroma.user new "$admin" "$admin_email" --password "$password" --moderator --admin -y -ynh_psql_execute_as_root \ -"ALTER USER $app WITH NOSUPERUSER;" + #Generate key pair + sudo -u "$app" MIX_ENV=prod mix web_push.gen.keypair >> "config/prod.secret.exs" + ynh_replace_string "administrator@example.com" "__ADMIN_EMAIL__" "$final_path/$app/config/prod.secret.exs" +popd -# Add user -( cd $final_path/$app && sudo -u "$app" MIX_ENV=prod mix pleroma.user new "$admin" "$admin_email" --password "$password" --moderator --admin -y ) #================================================= # SETUP SYSTEMD @@ -401,5 +404,4 @@ systemctl reload nginx # START SERVICE #================================================= -yunohost service start $app -sleep 30 +ynh_systemd_action --action=start --service_name=$app --log_path=systemd --line_match="Running Pleroma.Web.Endpoint" diff --git a/scripts/remove b/scripts/remove index 5c4d6f5..e22f895 100755 --- a/scripts/remove +++ b/scripts/remove @@ -7,6 +7,7 @@ #================================================= source _common.sh +source ynh_systemd_action source /usr/share/yunohost/helpers #================================================= @@ -17,8 +18,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get $app domain) port=$(ynh_app_setting_get $app port) -db_name=$(ynh_app_setting_get "$app" psql_db) -db_user=$db_name +db_name=$(ynh_app_setting_get "$app" db_name) final_path=$(ynh_app_setting_get $app final_path) cache=$(ynh_app_setting_get "$app" cache) @@ -35,6 +35,12 @@ then yunohost service remove $app fi +#================================================= +# START SERVICE +#================================================= + +ynh_systemd_action --action=stop --service_name=$app + #================================================= # STOP AND REMOVE SERVICE #================================================= @@ -42,20 +48,24 @@ fi # Remove the dedicated systemd config ynh_remove_systemd_config +#================================================= +# REMOVE THE POSTGRESQL DATABASE +#================================================= + +ynh_psql_execute_as_root "\connect $db_name +SELECT pg_terminate_backend (pg_stat_activity.pid) FROM pg_stat_activity WHERE pg_stat_activity.datname = '$db_name';" + +# Remove a database if it exists, along with the associated user +ynh_psql_remove_db "$db_name" "$app" + #================================================= # REMOVE DEPENDENCIES #================================================= # Remove metapackage and its dependencies ynh_remove_app_dependencies -rm -f /etc/apt/sources.list.d/erlang-solutions.list +rm -f "/etc/apt/sources.list.d/erlang-solutions.list" -#================================================= -# REMOVE THE MYSQL DATABASE -#================================================= - -# Remove a database if it exists, along with the associated user -ynh_psql_remove_db "$db_name" "$app" #================================================= # REMOVE APP MAIN DIR #================================================= @@ -69,7 +79,7 @@ ynh_secure_remove "$final_path" # Remove the dedicated nginx config ynh_remove_nginx_config -ynh_secure_remove /etc/nginx/conf.d/$app-cache.conf +ynh_secure_remove "/etc/nginx/conf.d/$app-cache.conf" #================================================= # REMOVE PHP-FPM CONFIGURATION diff --git a/scripts/restore b/scripts/restore index b3c412c..c4a54d5 100755 --- a/scripts/restore +++ b/scripts/restore @@ -7,6 +7,7 @@ #================================================= source ../settings/scripts/_common.sh +source ../settings/scripts/ynh_systemd_action source /usr/share/yunohost/helpers #================================================= @@ -15,7 +16,7 @@ source /usr/share/yunohost/helpers ynh_clean_setup () { #### Remove this function if there's nothing to clean before calling the remove script. - true + ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -30,8 +31,8 @@ domain=$(ynh_app_setting_get $app domain) path_url="/" final_path=$(ynh_app_setting_get $app final_path) port=$(ynh_app_setting_get "$app" port) -db_name=$(ynh_app_setting_get "$app" psql_db) -db_pwd=$(ynh_app_setting_get "$app" psqlpwd) +db_name=$(ynh_app_setting_get "$app" db_name) +db_pwd=$(ynh_app_setting_get "$app" db_pwd) cache=$(ynh_app_setting_get "$app" cache) @@ -103,7 +104,6 @@ chown -R "$app":"$app" "$final_path" # REINSTALL DEPENDENCIES #================================================= - # Add erlang for Debian Jessie if [ "$(lsb_release --codename --short)" == "jessie" ]; then @@ -157,5 +157,4 @@ systemctl reload nginx # START SERVICE #================================================= -yunohost service start $app -sleep 30 +ynh_systemd_action --action=start --service_name=$app --log_path=systemd --line_match="Running Pleroma.Web.Endpoint" diff --git a/scripts/upgrade b/scripts/upgrade index d8c05fc..a5d050e 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -7,6 +7,7 @@ #================================================= source _common.sh +source ynh_systemd_action source /usr/share/yunohost/helpers #================================================= @@ -20,16 +21,28 @@ path_url="/" admin=$(ynh_app_setting_get $app admin) is_public=$(ynh_app_setting_get $app is_public) final_path=$(ynh_app_setting_get $app final_path) -db_name=$(ynh_app_setting_get "$app" psql_db) +db_name=$(ynh_app_setting_get "$app" db_name) admin_email=$(ynh_app_setting_get "$app" admin_email) random_key=$(ynh_app_setting_get "$app" random_key) name=$(ynh_app_setting_get "$app" name) port=$(ynh_app_setting_get "$app" port) -db_pwd=$(ynh_app_setting_get "$app" psqlpwd) +db_pwd=$(ynh_app_setting_get "$app" db_pwd) cache=$(ynh_app_setting_get "$app" cache) size=$(ynh_app_setting_get "$app" size) registration=$(ynh_app_setting_get "$app" registration) +psql_db=$(ynh_app_setting_get "$app" psql_db) + +if [ -n "$psql_db" ] +then + db_name=$(ynh_app_setting_get "$app" psql_db) + db_pwd=$(ynh_app_setting_get "$app" psqlpwd) + ynh_app_setting_set "$app" db_name "$db_name" + ynh_app_setting_set "$app" db_pwd "$db_pwd" + ynh_app_setting_delete "$app" psql_db + ynh_app_setting_delete "$app" psqlpwd +fi + #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -64,12 +77,16 @@ ynh_backup_before_upgrade ynh_clean_setup () { # restore it if the upgrade fails ynh_restore_upgradebackup + ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors -# Stop Pleroma for upgrade -yunohost service stop "$app" +#================================================= +# STOP SERVICE +#================================================= + +ynh_systemd_action --action=stop --service_name=$app #================================================= # CHECK THE PATH @@ -145,9 +162,48 @@ ynh_system_user_create "$app" "$final_path" #================================================= # SPECIFIC UPGRADE #================================================= -# ... +# MODIFY A CONFIG FILE +#================================================= +cp -f ../conf/generated_config.exs "$final_path/$app/config/prod.secret.exs" + +ynh_replace_string "__DOMAIN__" "$domain" "$final_path/$app/config/prod.secret.exs" +ynh_replace_string "__KEY__" "$random_key" "$final_path/$app/config/prod.secret.exs" +ynh_replace_string "__INSTANCE_NAME__" "$name" "$final_path/$app/config/prod.secret.exs" +ynh_replace_string "__DB_NAME__" "$db_name" "$final_path/$app/config/prod.secret.exs" +ynh_replace_string "__DB_PWD__" "$db_pwd" "$final_path/$app/config/prod.secret.exs" +ynh_replace_string "__ADMIN_EMAIL__" "$admin_email" "$final_path/$app/config/prod.secret.exs" +ynh_replace_string "__PORT__" "$port" "$final_path/$app/config/prod.secret.exs" + +if [ $cache -eq 1 ] +then + ynh_replace_string "__MEDIA_CACHE__" "true" "$final_path/$app/config/prod.secret.exs" +else + ynh_replace_string "__MEDIA_CACHE__" "false" "$final_path/$app/config/prod.secret.exs" +fi + +# Set registrations open/closed +if [ $registration -eq 1 ] +then + ynh_replace_string "__REG__" "true" "$final_path/$app/config/prod.secret.exs" +else + ynh_replace_string "__REG__" "false" "$final_path/$app/config/prod.secret.exs" +fi + +#Desactivate default frontend +cp -f ../conf/config.exs "$final_path/$app/config/config.exs" + +#Desactivate Pleroma.Web.Endpoint +cp -f ../conf/prod.exs "$final_path/$app/config/prod.exs" + +#================================================= +# CONFIGURE #================================================= +#Desactivate default frontend +cp -f ../conf/config.exs "$final_path/$app/config/config.exs" + +#Desactivate Pleroma.Web.Endpoint +cp -f ../conf/prod.exs "$final_path/$app/config/prod.exs" #================================================= # MAKE UPGRADE @@ -155,16 +211,10 @@ ynh_system_user_create "$app" "$final_path" # Give permission to the final_path chown -R "$app":"$app" "$final_path" -( cd $final_path/$app && sudo -u "$app" MIX_ENV=prod mix local.hex --force ) -( cd $final_path/$app && sudo -u "$app" MIX_ENV=prod mix local.rebar --force ) -( cd $final_path/$app && sudo -u "$app" mix deps.get ) -ynh_psql_execute_as_root \ -"ALTER USER $app WITH SUPERUSER;" -( cd $final_path/$app && sudo -u "$app" MIX_ENV=prod mix ecto.migrate --force ) -ynh_psql_execute_as_root \ -"ALTER USER $app WITH NOSUPERUSER;" - - +pushd $final_path/$app + sudo -u "$app" mix deps.get + sudo -u "$app" MIX_ENV=prod mix ecto.migrate --force +popd ### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script. ### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. @@ -226,5 +276,4 @@ systemctl reload nginx # START SERVICE #================================================= -yunohost service start $app -sleep 30 \ No newline at end of file +ynh_systemd_action --action=start --service_name=$app --log_path=systemd --line_match="Running Pleroma.Web.Endpoint" diff --git a/scripts/ynh_systemd_action b/scripts/ynh_systemd_action new file mode 100644 index 0000000..6bed6be --- /dev/null +++ b/scripts/ynh_systemd_action @@ -0,0 +1,89 @@ +#!/bin/bash + +# Start (or other actions) a service, print a log in case of failure and optionnaly wait until the service is completely started +# +# usage: ynh_systemd_action [-n service_name] [-a action] [ [-l "line to match"] [-p log_path] [-t timeout] [-e length] ] +# | arg: -n, --service_name= - Name of the service to reload. Default : $app +# | arg: -a, --action= - Action to perform with systemctl. Default: start +# | arg: -l, --line_match= - Line to match - The line to find in the log to attest the service have finished to boot. +# If not defined it don't wait until the service is completely started. +# | arg: -p, --log_path= - Log file - Path to the log file. Default : /var/log/$app/$app.log +# | arg: -t, --timeout= - Timeout - The maximum time to wait before ending the watching. Default : 300 seconds. +# | arg: -e, --length= - Length of the error log : Default : 20 +ynh_systemd_action() { + # Declare an array to define the options of this helper. + declare -Ar args_array=( [n]=service_name= [a]=action= [l]=line_match= [p]=log_path= [t]=timeout= [e]=length= ) + local service_name + local action + local line_match + local length + local log_path + local timeout + + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + local service_name="${service_name:-$app}" + local action=${action:-start} + local log_path="${log_path:-/var/log/$service_name/$service_name.log}" + local length=${length:-20} + local timeout=${timeout:-300} + + # Start to read the log + if [[ -n "${line_match:-}" ]] + then + local templog="$(mktemp)" + # Following the starting of the app in its log + if [ "$log_path" == "systemd" ] ; then + # Read the systemd journal + journalctl -u $service_name -f --since=-45 > "$templog" & + else + # Read the specified log file + tail -F -n0 "$log_path" > "$templog" & + fi + # Get the PID of the tail command + local pid_tail=$! + fi + + echo "${action^} the service $service_name" >&2 + systemctl $action $service_name \ + || ( journalctl --lines=$length -u $service_name >&2 \ + ; test -n "$log_path" && echo "--" && tail --lines=$length "$log_path" >&2 \ + ; false ) + + # Start the timeout and try to find line_match + if [[ -n "${line_match:-}" ]] + then + local i=0 + for i in $(seq 1 $timeout) + do + # Read the log until the sentence is found, that means the app finished to start. Or run until the timeout + if grep --quiet "$line_match" "$templog" + then + echo "The service $service_name has correctly started." >&2 + break + fi + echo -n "." >&2 + sleep 1 + done + if [ $i -eq $timeout ] + then + echo "The service $service_name didn't fully started before the timeout." >&2 + journalctl --lines=$length -u $service_name >&2 + test -n "$log_path" && echo "--" && tail --lines=$length "$log_path" >&2 + fi + + echo "" + ynh_clean_check_starting + fi +} + +# Clean temporary process and file used by ynh_check_starting +# (usually used in ynh_clean_setup scripts) +# +# usage: ynh_clean_check_starting +ynh_clean_check_starting () { + # Stop the execution of tail. + kill -s 15 $pid_tail 2>&1 + ynh_secure_remove "$templog" 2>&1 +}