mirror of
https://github.com/YunoHost-Apps/syncserver-rs_ynh.git
synced 2024-09-03 20:26:32 +02:00
Tweak with latest findings.
This commit is contained in:
orhtej2
parent
a7a27bb21b
commit
d59decc543
6 changed files with 71 additions and 37 deletions
29
conf/config.toml
Normal file
29
conf/config.toml
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
master_secret = "__SECRET__"
|
||||
|
||||
# removing this line will default to moz_json formatted logs (which is preferred for production envs)
|
||||
human_logs = 1
|
||||
|
||||
port = __PORT__
|
||||
|
||||
# Example Syncstorage settings:
|
||||
# Example MySQL DSN:
|
||||
syncstorage.database_url = "mysql://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__"
|
||||
# Example Spanner DSN:
|
||||
# database_url="spanner://projects/SAMPLE_GCP_PROJECT/instances/SAMPLE_SPANNER_INSTANCE/databases/SAMPLE_SPANNER_DB"
|
||||
# enable quota limits
|
||||
syncstorage.enable_quota = 0
|
||||
# set the quota limit to 2GB.
|
||||
# max_quota_limit = 200000000
|
||||
syncstorage.enabled = true
|
||||
syncstorage.limits.max_total_records = 1666 # See issues #298/#333
|
||||
|
||||
# Example Tokenserver settings:
|
||||
tokenserver.database_url = "mysql://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__"
|
||||
tokenserver.enabled = true
|
||||
tokenserver.node_type = "mysql"
|
||||
tokenserver.fxa_email_domain = "api-accounts.stage.mozaws.net"
|
||||
tokenserver.fxa_metrics_hash_secret = "__SECRET__"
|
||||
tokenserver.fxa_oauth_server_url = "https://oauth.stage.mozaws.net"
|
||||
tokenserver.fxa_browserid_audience = "https://token.stage.mozaws.net"
|
||||
tokenserver.fxa_browserid_issuer = "https://api-accounts.stage.mozaws.net"
|
||||
tokenserver.fxa_browserid_server_url = "https://verifier.stage.mozaws.net/v2"
|
||||
|
|
@ -1,15 +1,23 @@
|
|||
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
|
||||
rewrite ^__PATH__$ __PATH__/ permanent;
|
||||
location __PATH__/ {
|
||||
|
||||
# Path to source
|
||||
alias __INSTALL_DIR__/ ;
|
||||
# Path to source
|
||||
alias __INSTALL_DIR__/ ;
|
||||
|
||||
include uwsgi_params;
|
||||
# Needed for long running operations in admin interface
|
||||
proxy_pass http://127.0.0.1:__PORT__/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_buffering off;
|
||||
client_max_body_size 200M;
|
||||
include uwsgi_params;
|
||||
# Needed for long running operations in admin interface
|
||||
proxy_pass http://127.0.0.1:__PORT__/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Host $host:$server_port;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
proxy_buffering off;
|
||||
client_max_body_size 200M;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +0,0 @@
|
|||
HOST=0.0.0.0
|
||||
PORT=__PORT__
|
||||
MASTER_SECRET=__SECRET__
|
||||
|
||||
[syncstorage]
|
||||
DATABASE_URL=mysql://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__
|
||||
|
|
@ -1,15 +1,20 @@
|
|||
[Unit]
|
||||
Description=Small description of the service
|
||||
Description=Firefox Sync Storage server
|
||||
After=network.target
|
||||
After=mariadb.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=__APP__
|
||||
Group=__APP__
|
||||
WorkingDirectory=__INSTALL_DIR__/
|
||||
ExecStart=__INSTALL_DIR__/script
|
||||
WorkingDirectory=__INSTALL_DIR__
|
||||
ExecStart=__INSTALL_DIR__/bin/syncserver --config ./config.toml
|
||||
StandardOutput=append:/var/log/__APP__/__APP__.log
|
||||
StandardError=inherit
|
||||
Environment=PATH="__INSTALL_DIR__/venv/bin:$(PATH)"
|
||||
Environment=PYTHONPATH=$(PYTHON_SITE_PACKGES)
|
||||
Environment=RUST_LOG=debug
|
||||
Environment=RUST_BACKTRACE=full
|
||||
|
||||
# Sandboxing options to harden security
|
||||
# Depending on specificities of your service/app, you may need to tweak these
|
||||
|
|
@ -47,3 +52,4 @@ CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
|||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
|
|
|
|||
|
|
@ -53,9 +53,9 @@ ram.runtime = "50M"
|
|||
# This will pre-fetch the asset which can then be deployed during the install/upgrade scripts with :
|
||||
# ynh_setup_source --dest_dir="$install_dir"
|
||||
# You can also define other assets than "main" and add --source_id="foobar" in the previous command
|
||||
url = "https://github.com/mozilla-services/syncstorage-rs/archive/refs/tags/0.13.6.tar.gz"
|
||||
sha256 = "ddf8169a0a9bd06db10bf032a2b9af7ea4e5816251e82d9e7627f87eba1f27bd"
|
||||
autoupdate.strategy = "latest_github_tag"
|
||||
url = "https://github.com/mozilla-services/syncstorage-rs/archive/acc5524cf361d6abf3aedb73bb54ef3db1b6fda3.tar.gz"
|
||||
sha256 = "52cbd6aa890deee4079463c0f45bb2985891f78114ecbbfacb5387fdc0b806f5"
|
||||
autoupdate.strategy = "latest_github_commit"
|
||||
|
||||
# This will provision/deprovision a unix system user
|
||||
[resources.system_user]
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ source _common.sh
|
|||
source ynh_install_go
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
salt=$(ynh_string_random --length=40)
|
||||
secret=$(ynh_string_random --length=40)
|
||||
|
||||
#=================================================
|
||||
# INSTALL DEPENDENCIES
|
||||
|
|
@ -57,12 +57,11 @@ ynh_exec_as $app python -m venv "${install_dir}/venv"
|
|||
source "${install_dir}/venv/bin/activate"
|
||||
set -o nounset
|
||||
|
||||
ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH pip install --upgrade pip
|
||||
ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH pip install --upgrade setuptools
|
||||
ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH $install_dir/venv/bin/pip install --upgrade pip
|
||||
ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH $install_dir/venv/bin/pip install --upgrade setuptools
|
||||
pushd $install_dir/build
|
||||
ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH GOPATH=$GOPATH GOCACHE=$GOCACHE CGO_ENABLED=1 pip install -r requirements.txt
|
||||
ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH GOPATH=$GOPATH GOCACHE=$GOCACHE CGO_ENABLED=1 cargo install --path ./syncserver --locked --root $install_dir
|
||||
ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH GOPATH=$GOPATH GOCACHE=$GOCACHE CGO_ENABLED=1 cargo install --path ./syncserver --locked --root $install_dir --bin purge_ttl
|
||||
ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH GOPATH=$GOPATH GOCACHE=$GOCACHE CGO_ENABLED=1 $install_dir/venv/bin/pip install -r requirements.txt
|
||||
ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH GOPATH=$GOPATH GOCACHE=$GOCACHE CGO_ENABLED=1 cargo install --path ./syncserver --locked --root $install_dir --no-default-features --features=syncstorage-db/mysql
|
||||
popd
|
||||
)
|
||||
|
||||
|
|
@ -87,9 +86,8 @@ yunohost service add $app --description="Firefox Sync Server (Rust)" --log="/var
|
|||
# Use logrotate to manage application logfile(s)
|
||||
ynh_use_logrotate
|
||||
|
||||
|
||||
# Create a dedicated Fail2Ban config
|
||||
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex=""
|
||||
#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex=""
|
||||
#=================================================
|
||||
# APP INITIAL CONFIGURATION
|
||||
#=================================================
|
||||
|
|
@ -97,13 +95,13 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg
|
|||
#=================================================
|
||||
ynh_script_progression --message="Adding a configuration file..." --weight=1
|
||||
|
||||
ynh_add_config --template="sync.ini" --destination="$install_dir/sync.ini"
|
||||
ynh_add_config --template="config.toml" --destination="$install_dir/config.toml"
|
||||
|
||||
# FIXME: this should be handled by the core in the future
|
||||
# You may need to use chmod 600 instead of 400,
|
||||
# for example if the app is expected to be able to modify its own config
|
||||
chmod 400 "$install_dir/sync.ini"
|
||||
chown $app:$app "$install_dir/sync.ini"
|
||||
chmod 400 "$install_dir/config.toml"
|
||||
chown $app:$app "$install_dir/config.toml"
|
||||
|
||||
### For more complex cases where you want to replace stuff using regexes,
|
||||
### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
|
||||
|
|
@ -118,8 +116,8 @@ chown $app:$app "$install_dir/sync.ini"
|
|||
|
||||
#### TODO in Yunohost App Generator
|
||||
# Installation with curl
|
||||
ynh_script_progression --message="Finalizing installation..." --weight=1
|
||||
ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
|
||||
#ynh_script_progression --message="Finalizing installation..." --weight=1
|
||||
#ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
|
|
@ -128,7 +126,6 @@ ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
|
|||
#=================================================
|
||||
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||
|
||||
|
||||
# Start a systemd service
|
||||
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
|
||||
#=================================================
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue