From d59decc5430ad4c37e85bca986e35407d3578a1a Mon Sep 17 00:00:00 2001
From: orhtej2 <2871798+orhtej2@users.noreply.github.com>
Date: Fri, 29 Sep 2023 22:30:54 +0200
Subject: [PATCH] Tweak with latest findings.

---
 conf/config.toml     | 29 +++++++++++++++++++++++++++++
 conf/nginx.conf      | 30 +++++++++++++++++++-----------
 conf/sync.ini        |  6 ------
 conf/systemd.service | 12 +++++++++---
 manifest.toml        |  6 +++---
 scripts/install      | 25 +++++++++++--------------
 6 files changed, 71 insertions(+), 37 deletions(-)
 create mode 100644 conf/config.toml
 delete mode 100644 conf/sync.ini

diff --git a/conf/config.toml b/conf/config.toml
new file mode 100644
index 0000000..9fb393c
--- /dev/null
+++ b/conf/config.toml
@@ -0,0 +1,29 @@
+master_secret = "__SECRET__"
+
+# removing this line will default to moz_json formatted logs (which is preferred for production envs)
+human_logs = 1
+
+port = __PORT__
+
+# Example Syncstorage settings:
+# Example MySQL DSN:
+syncstorage.database_url = "mysql://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__"
+# Example Spanner DSN:
+# database_url="spanner://projects/SAMPLE_GCP_PROJECT/instances/SAMPLE_SPANNER_INSTANCE/databases/SAMPLE_SPANNER_DB"
+# enable quota limits
+syncstorage.enable_quota = 0
+# set the quota limit to 2GB.
+# max_quota_limit = 200000000
+syncstorage.enabled = true
+syncstorage.limits.max_total_records = 1666 # See issues #298/#333
+
+# Example Tokenserver settings:
+tokenserver.database_url = "mysql://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__"
+tokenserver.enabled = true
+tokenserver.node_type = "mysql"
+tokenserver.fxa_email_domain = "api-accounts.stage.mozaws.net"
+tokenserver.fxa_metrics_hash_secret = "__SECRET__"
+tokenserver.fxa_oauth_server_url = "https://oauth.stage.mozaws.net"
+tokenserver.fxa_browserid_audience = "https://token.stage.mozaws.net"
+tokenserver.fxa_browserid_issuer = "https://api-accounts.stage.mozaws.net"
+tokenserver.fxa_browserid_server_url = "https://verifier.stage.mozaws.net/v2"
diff --git a/conf/nginx.conf b/conf/nginx.conf
index cedfd98..1004e1c 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,15 +1,23 @@
-#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
+rewrite ^__PATH__$ __PATH__/ permanent;
 location __PATH__/ {
 
-	# Path to source
-	alias __INSTALL_DIR__/ ;
+    # Path to source
+    alias __INSTALL_DIR__/ ;
 
-	include uwsgi_params;
-	# Needed for long running operations in admin interface
-    proxy_pass                  http://127.0.0.1:__PORT__/;
-    proxy_set_header            Host $host;
-	proxy_set_header   X-Forwarded-Proto $scheme;
-    proxy_buffering off;
-    client_max_body_size        200M;
+    include uwsgi_params;
+    # Needed for long running operations in admin interface
+    proxy_pass                 http://127.0.0.1:__PORT__/;
+    proxy_set_header           Host $host;
+    proxy_set_header           X-Forwarded-Proto $scheme;
+    proxy_set_header           X-Forwarded-Host $host:$server_port;
+    proxy_set_header           X-Forwarded-Server $host;
+    proxy_set_header           X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    proxy_buffering            off;
+    client_max_body_size       200M;
     proxy_set_header X-Real-IP $remote_addr;
-}
\ No newline at end of file
+}
+
+
+
+
diff --git a/conf/sync.ini b/conf/sync.ini
deleted file mode 100644
index 8e37223..0000000
--- a/conf/sync.ini
+++ /dev/null
@@ -1,6 +0,0 @@
-HOST=0.0.0.0
-PORT=__PORT__
-MASTER_SECRET=__SECRET__
-
-[syncstorage]
-DATABASE_URL=mysql://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__
\ No newline at end of file
diff --git a/conf/systemd.service b/conf/systemd.service
index f100e84..26e3371 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -1,15 +1,20 @@
 [Unit]
-Description=Small description of the service
+Description=Firefox Sync Storage server
 After=network.target
+After=mariadb.service
 
 [Service]
 Type=simple
 User=__APP__
 Group=__APP__
-WorkingDirectory=__INSTALL_DIR__/
-ExecStart=__INSTALL_DIR__/script
+WorkingDirectory=__INSTALL_DIR__
+ExecStart=__INSTALL_DIR__/bin/syncserver --config ./config.toml
 StandardOutput=append:/var/log/__APP__/__APP__.log
 StandardError=inherit
+Environment=PATH="__INSTALL_DIR__/venv/bin:$(PATH)"
+Environment=PYTHONPATH=$(PYTHON_SITE_PACKGES)
+Environment=RUST_LOG=debug
+Environment=RUST_BACKTRACE=full
 
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these
@@ -47,3 +52,4 @@ CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
 
 [Install]
 WantedBy=multi-user.target
+
diff --git a/manifest.toml b/manifest.toml
index 2ef79e9..406ffe1 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -53,9 +53,9 @@ ram.runtime = "50M"
         # This will pre-fetch the asset which can then be deployed during the install/upgrade scripts with :
         #    ynh_setup_source --dest_dir="$install_dir"
         # You can also define other assets than "main" and add --source_id="foobar" in the previous command
-        url = "https://github.com/mozilla-services/syncstorage-rs/archive/refs/tags/0.13.6.tar.gz"
-        sha256 = "ddf8169a0a9bd06db10bf032a2b9af7ea4e5816251e82d9e7627f87eba1f27bd"
-        autoupdate.strategy = "latest_github_tag"
+        url = "https://github.com/mozilla-services/syncstorage-rs/archive/acc5524cf361d6abf3aedb73bb54ef3db1b6fda3.tar.gz"
+        sha256 = "52cbd6aa890deee4079463c0f45bb2985891f78114ecbbfacb5387fdc0b806f5"
+        autoupdate.strategy = "latest_github_commit"
 
     # This will provision/deprovision a unix system user
     [resources.system_user]
diff --git a/scripts/install b/scripts/install
index f695277..a9196fb 100644
--- a/scripts/install
+++ b/scripts/install
@@ -12,7 +12,7 @@ source _common.sh
 source ynh_install_go
 source /usr/share/yunohost/helpers
 
-salt=$(ynh_string_random --length=40)
+secret=$(ynh_string_random --length=40)
 
 #=================================================
 # INSTALL DEPENDENCIES
@@ -57,12 +57,11 @@ ynh_exec_as $app python -m venv "${install_dir}/venv"
 	source "${install_dir}/venv/bin/activate"
 	set -o nounset
 
-	ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH pip install --upgrade pip
-	ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH pip install --upgrade setuptools
+	ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH $install_dir/venv/bin/pip install --upgrade pip
+	ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH $install_dir/venv/bin/pip install --upgrade setuptools
     pushd $install_dir/build
-        ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH GOPATH=$GOPATH GOCACHE=$GOCACHE CGO_ENABLED=1 pip install -r requirements.txt
-        ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH GOPATH=$GOPATH GOCACHE=$GOCACHE CGO_ENABLED=1 cargo install --path ./syncserver --locked --root $install_dir
-        ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH GOPATH=$GOPATH GOCACHE=$GOCACHE CGO_ENABLED=1 cargo install --path ./syncserver --locked --root $install_dir --bin purge_ttl
+        ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH GOPATH=$GOPATH GOCACHE=$GOCACHE CGO_ENABLED=1 $install_dir/venv/bin/pip install -r requirements.txt
+        ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH GOPATH=$GOPATH GOCACHE=$GOCACHE CGO_ENABLED=1 cargo install --path ./syncserver --locked --root $install_dir  --no-default-features --features=syncstorage-db/mysql
     popd
 )
 
@@ -87,9 +86,8 @@ yunohost service add $app --description="Firefox Sync Server (Rust)" --log="/var
 # Use logrotate to manage application logfile(s)
 ynh_use_logrotate
 
-
 # Create a dedicated Fail2Ban config
-ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex=""
+#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex=""
 #=================================================
 # APP INITIAL CONFIGURATION
 #=================================================
@@ -97,13 +95,13 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg
 #=================================================
 ynh_script_progression --message="Adding a configuration file..." --weight=1
 
-ynh_add_config --template="sync.ini" --destination="$install_dir/sync.ini"
+ynh_add_config --template="config.toml" --destination="$install_dir/config.toml"
 
 # FIXME: this should be handled by the core in the future
 # You may need to use chmod 600 instead of 400,
 # for example if the app is expected to be able to modify its own config
-chmod 400 "$install_dir/sync.ini"
-chown $app:$app "$install_dir/sync.ini"
+chmod 400 "$install_dir/config.toml"
+chown $app:$app "$install_dir/config.toml"
 
 ### For more complex cases where you want to replace stuff using regexes,
 ### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
@@ -118,8 +116,8 @@ chown $app:$app "$install_dir/sync.ini"
 
 #### TODO in Yunohost App Generator
 # Installation with curl
-ynh_script_progression --message="Finalizing installation..." --weight=1
-ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
+#ynh_script_progression --message="Finalizing installation..." --weight=1
+#ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
 
 #=================================================
 # GENERIC FINALIZATION
@@ -128,7 +126,6 @@ ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --weight=1
 
-
 # Start a systemd service
 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
 #=================================================