Packaging v2 (#399)

* Convert to v2 (#383) * convert script * v2 * Auto-update README * Update documentation cc @panomaki * Bump ruby version from 3.0.6 to 3.2.2 * v2 * Auto-update README * woops * v2 * v2 * s/final_path/install_dir * Update PRE_INSTALL.md * too soon... * v2 * v2 * v2 * Update tests.toml * Update doc/PRE_INSTALL.md Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> * Update doc/PRE_INSTALL_fr.md Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> * Update tests.toml Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> * Update tests.toml Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> * Update doc/PRE_INSTALL.md Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> * Update doc/PRE_INSTALL_fr.md Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> * Apply suggestions * Update manifest.toml * Auto-update README * Update manifest.toml * Update scripts * Auto-update README * Remove SSO integration * Use new mail mechanism * cleaning * Update manifest.toml --------- Co-authored-by: yunohost-bot <yunohost@yunohost.org> Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> * Bump ynh version * Auto-update README * Update manifest.toml * Update doc/PRE_INSTALL.md Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> * Add service setting for app shell * Use logrotate * smtp config follow-up Sidekiq service can be properly hardened since it doesn't use sendmail anymore o/ * Fix mkdir failing if /var/log/mastodon already exists * upgrade: Rename database to match packaging v2 * Bump 4.1.6~ynh2 * Auto-update README * Disable install.private test * remove full_domain * 4.1.7 (#403) * 4.1.7 * Auto-update README * Update manifest.toml * Auto-update README --------- Co-authored-by: yunohost-bot <yunohost@yunohost.org> Co-authored-by: Tagada <36127788+Tagadda@users.noreply.github.com> * fix * fix * Don't swap when running on a LXC * Hardcore the needed RAM * Auto-update README * Auto-update README * Update manifest.toml * Auto-update README * Update _common.sh * Auto-update README * cleaning * cleaning * Auto-update README * Auto-update README * Update tests.toml * Fix restore * Fix manifest.toml * Auto-update README * Auto-update README * add `tootctl self-destruct` info * format * Auto-update README * lol autotranslate * break line * break lines * translation from french * update version * Auto-update README * Update manifest.toml --------- Co-authored-by: yunohost-bot <yunohost@yunohost.org> Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> Co-authored-by: ericgaspar <junk.eg@free.fr> Co-authored-by: OniriCorpe <oniricorpe@disroot.org>
author: Tagada <36127788+Tagadda@users.noreply.github.com> 2024-02-24 23:28:27 +0100
committer: GitHub <noreply@github.com> 2024-02-24 23:28:27 +0100
commit: c699e1f7a79354bdaa51474b30074c6e3005fc27 (patch)
tree: 3e78117f8130159de4d759103eb7d61e449c061a /conf
parent: 17d9f373c9c8d2d443e561bfd39f8a9690e8ff43 (diff)
download: mastodon_ynh-c699e1f7a79354bdaa51474b30074c6e3005fc27.tar.gz
mastodon_ynh-c699e1f7a79354bdaa51474b30074c6e3005fc27.tar.bz2
mastodon_ynh-c699e1f7a79354bdaa51474b30074c6e3005fc27.zip
7 files changed, 46 insertions, 46 deletions
diff --git a/conf/.env.production.sample b/conf/.env.production.sample
index 21cc8e5..7005b5d 100644
--- a/conf/.env.production.sample
+++ b/conf/.env.production.sample
@@ -30,11 +30,14 @@ DB_NAME=__DB_NAME__
 DB_PASS=__DB_PWD__
 DB_PORT=5432
 
-# ElasticSearch (optional)
+# Elasticsearch (optional)
 # ------------------------
-# ES_ENABLED=true
-# ES_HOST=es
+ES_ENABLED=false
+# ES_HOST=localhost
 # ES_PORT=9200
+# Authentication for ES (optional)
+# ES_USER=elastic
+# ES_PASS=password
 
 # Secrets
 # -------
@@ -54,17 +57,12 @@ VAPID_PUBLIC_KEY=__VAPID_PUBLIC_KEY__
 # ------------
 SMTP_SERVER=localhost
 SMTP_PORT=25
-#SMTP_LOGIN=
-#SMTP_PASSWORD=
-SMTP_FROM_ADDRESS=__ADMIN_MAIL__
-#SMTP_REPLY_TO=
-#SMTP_DOMAIN= # defaults to LOCAL_DOMAIN
-SMTP_DELIVERY_METHOD=sendmail # delivery method can also be smtp
-SMTP_AUTH_METHOD=none
-#SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt
+SMTP_LOGIN=__APP__
+SMTP_PASSWORD=__MAIL_PWD__
+SMTP_FROM_ADDRESS=Mastodon <__APP__@__DOMAIN__>
+SMTP_DELIVERY_METHOD=smtp
+SMTP_AUTH_METHOD=plain
 SMTP_OPENSSL_VERIFY_MODE=none
-#SMTP_ENABLE_STARTTLS_AUTO=true
-#SMTP_TLS=true
 
 # Registrations
 # ------------
@@ -80,16 +78,13 @@ DEFAULT_LOCALE=__LANGUAGE__
 
 # File storage (optional)
 # -----------------------
-# S3_ENABLED=true
-# S3_BUCKET=
+S3_ENABLED=false
+# S3_BUCKET=files.example.com
 # AWS_ACCESS_KEY_ID=
 # AWS_SECRET_ACCESS_KEY=
-# S3_REGION=
-# S3_PROTOCOL=http
-# S3_HOSTNAME=192.168.1.123:9000
-# S3_ALIAS_HOST=
+# S3_ALIAS_HOST=files.example.com
 
-# LDAP authentication (optional)
+# IP and session retention
 # -----------------------
 LDAP_ENABLED=true
 LDAP_HOST=localhost
@@ -105,3 +100,9 @@ LDAP_UID_CONVERSION_ENABLED=true
 LDAP_UID_CONVERSION_SEARCH=., -
 LDAP_UID_CONVERSION_REPLACE=_
 LDAP_TLS_NO_VERIFY=true
+
+# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml
+# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800).
+# -----------------------
+IP_RETENTION_PERIOD=1209600
+SESSION_RETENTION_PERIOD=1209600
diff --git a/conf/app.src b/conf/app.src
deleted file mode 100644
index a6999e4..0000000
--- a/conf/app.src
+++ /dev/null
@@ -1,7 +0,0 @@
-SOURCE_URL=https://github.com/tootsuite/mastodon/archive/refs/tags/v4.2.8.tar.gz
-SOURCE_SUM=ccecdfaab5f84cfaeb193eff2b7b795f7bdd08aa872e265dcb2625310f2c9478
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FORMAT=tar.gz
-SOURCE_IN_SUBDIR=true
-SOURCE_FILENAME=
-SOURCE_EXTRACT=true
diff --git a/conf/cron b/conf/cron
index 339d3c4..02b2a6a 100644
--- a/conf/cron
+++ b/conf/cron
@@ -1,7 +1,7 @@
 # This is a system cron file, see crontab(5)
 # m h dom mon dow user command
-@daily __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove
-@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove-orphans
-@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl accounts cull
-@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl statuses remove
-@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl preview_cards remove
+@daily __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove
+@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove-orphans
+@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl accounts cull
+@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl statuses remove
+@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl preview_cards remove
diff --git a/conf/mastodon-sidekiq.service b/conf/mastodon-sidekiq.service
index 25a46fb..14bd592 100644
--- a/conf/mastodon-sidekiq.service
+++ b/conf/mastodon-sidekiq.service
@@ -5,15 +5,17 @@ After=network.target
 [Service]
 Type=simple
 User=__APP__
-WorkingDirectory=__FINALPATH__/live
+WorkingDirectory=__INSTALL_DIR__/live
 Environment="__LD_PRELOAD__"
 Environment="RAILS_ENV=production"
 Environment="DB_POOL=25"
 Environment="MALLOC_ARENA_MAX=2"
 Environment="__YNH_RUBY_LOAD_PATH__"
-ExecStart=__FINALPATH__/live/bin/bundle exec sidekiq -c 25
+ExecStart=__INSTALL_DIR__/live/bin/bundle exec sidekiq -c 25
 TimeoutSec=15
 Restart=always
+StandardOutput=append:/var/log/__APP__/__APP__-sidekiq.log
+StandardError=inherit
 
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these 
@@ -21,17 +23,17 @@ Restart=always
 # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 NoNewPrivileges=no
 PrivateTmp=yes
-#PrivateDevices=yes
-#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
-#RestrictNamespaces=yes
-#RestrictRealtime=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
 DevicePolicy=closed
 ProtectSystem=full
 ProtectControlGroups=yes
-#ProtectKernelModules=yes
-#ProtectKernelTunables=yes
-#LockPersonality=yes
-#SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
 
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
diff --git a/conf/mastodon-streaming.service b/conf/mastodon-streaming.service
index c88e0fa..f63945e 100644
--- a/conf/mastodon-streaming.service
+++ b/conf/mastodon-streaming.service
@@ -5,7 +5,7 @@ After=network.target
 [Service]
 Type=simple
 User=__APP__
-WorkingDirectory=__FINALPATH__/live
+WorkingDirectory=__INSTALL_DIR__/live
 Environment="NODE_ENV=production"
 Environment="PORT=__PORT_STREAM__"
 Environment="STREAMING_CLUSTER_NUM=1"
@@ -13,6 +13,8 @@ Environment="__YNH_NODE_LOAD_PATH__"
 ExecStart=__YNH_NODE__ ./streaming
 TimeoutSec=15
 Restart=always
+StandardOutput=append:/var/log/__APP__/__APP__-streaming.log
+StandardError=inherit
 
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these 
diff --git a/conf/mastodon-web.service b/conf/mastodon-web.service
index 334233b..133fc3b 100644
--- a/conf/mastodon-web.service
+++ b/conf/mastodon-web.service
@@ -5,15 +5,17 @@ After=network.target
 [Service]
 Type=simple
 User=__APP__
-WorkingDirectory=__FINALPATH__/live
+WorkingDirectory=__INSTALL_DIR__/live
 Environment="__LD_PRELOAD__"
 Environment="RAILS_ENV=production"
 Environment="PORT=__PORT_WEB__"
 Environment="__YNH_RUBY_LOAD_PATH__"
-ExecStart=__FINALPATH__/live/bin/bundle exec puma -C config/puma.rb
+ExecStart=__INSTALL_DIR__/live/bin/bundle exec puma -C config/puma.rb
 ExecReload=/bin/kill -SIGUSR1 $MAINPID
 TimeoutSec=15
 Restart=always
+StandardOutput=append:/var/log/__APP__/__APP__-web.log
+StandardError=inherit
 
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these 
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 4b1f76b..09e4a84 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,6 +1,6 @@
 client_max_body_size 99m;
 
-root __FINALPATH__/live/public;
+root __INSTALL_DIR__/live/public;
 
 location / {
author	Tagada <36127788+Tagadda@users.noreply.github.com>	2024-02-24 23:28:27 +0100
committer	GitHub <noreply@github.com>	2024-02-24 23:28:27 +0100
commit	c699e1f7a79354bdaa51474b30074c6e3005fc27 (patch)
tree	3e78117f8130159de4d759103eb7d61e449c061a /conf
parent	17d9f373c9c8d2d443e561bfd39f8a9690e8ff43 (diff)
download	mastodon_ynh-c699e1f7a79354bdaa51474b30074c6e3005fc27.tar.gz mastodon_ynh-c699e1f7a79354bdaa51474b30074c6e3005fc27.tar.bz2 mastodon_ynh-c699e1f7a79354bdaa51474b30074c6e3005fc27.zip