diff options
| -rw-r--r-- | .github/workflows/updater.sh | 107 | ||||
| -rw-r--r-- | .github/workflows/updater.yml | 49 | ||||
| -rw-r--r-- | README.md | 49 | ||||
| -rw-r--r-- | README_fr.md | 54 | ||||
| -rw-r--r-- | check_process | 22 | ||||
| -rw-r--r-- | conf/.env.production.sample | 41 | ||||
| -rw-r--r-- | conf/app.src | 7 | ||||
| -rw-r--r-- | conf/cron | 10 | ||||
| -rw-r--r-- | conf/mastodon-sidekiq.service | 22 | ||||
| -rw-r--r-- | conf/mastodon-streaming.service | 4 | ||||
| -rw-r--r-- | conf/mastodon-web.service | 6 | ||||
| -rw-r--r-- | conf/nginx.conf | 2 | ||||
| -rw-r--r-- | doc/ADMIN.md | 72 | ||||
| -rw-r--r-- | doc/ADMIN_fr.md | 72 | ||||
| -rw-r--r-- | doc/DESCRIPTION.md | 3 | ||||
| -rw-r--r-- | doc/DESCRIPTION_fr.md | 4 | ||||
| -rw-r--r-- | doc/DISCLAIMER.md | 40 | ||||
| -rw-r--r-- | doc/DISCLAIMER_fr.md | 45 | ||||
| -rw-r--r-- | doc/PRE_INSTALL.md | 23 | ||||
| -rw-r--r-- | doc/PRE_INSTALL_fr.md | 23 | ||||
| -rw-r--r-- | manifest.json | 69 | ||||
| -rw-r--r-- | manifest.toml | 86 | ||||
| -rw-r--r-- | scripts/_common.sh | 9 | ||||
| -rw-r--r-- | scripts/backup | 29 | ||||
| -rw-r--r-- | scripts/install | 217 | ||||
| -rw-r--r-- | scripts/remove | 73 | ||||
| -rw-r--r-- | scripts/restore | 121 | ||||
| -rw-r--r-- | scripts/upgrade | 290 | ||||
| -rw-r--r-- | scripts/ynh_add_swap | 7 | ||||
| -rw-r--r-- | scripts/ynh_install_ruby__2 | 4 | ||||
| -rw-r--r-- | tests.toml | 26 |
31 files changed, 537 insertions, 1049 deletions
diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh deleted file mode 100644 index 1499a0f..0000000 --- a/.github/workflows/updater.sh +++ /dev/null @@ -1,107 +0,0 @@ -#!/bin/bash - -#================================================= -# PACKAGE UPDATING HELPER -#================================================= - -# This script is meant to be run by GitHub Actions -# The YunoHost-Apps organisation offers a template Action to run this script periodically -# Since each app is different, maintainers can adapt its contents so as to perform -# automatic actions when a new upstream release is detected. - -#================================================= -# FETCHING LATEST RELEASE AND ITS ASSETS -#================================================= - -# Fetching information -current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') -repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') -# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) -version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -assets="https://github.com/tootsuite/mastodon/archive/refs/tags/$version.tar.gz" - -# Later down the script, we assume the version has only digits and dots -# Sometimes the release name starts with a "v", so let's filter it out. -# You may need more tweaks here if the upstream repository has different naming conventions. -if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} -fi - -# Setting up the environment variables -echo "Current version: $current_version" -echo "Latest release from upstream: $version" -echo "VERSION=$version" >> $GITHUB_ENV -echo "REPO=$repo" >> $GITHUB_ENV -# For the time being, let's assume the script will fail -echo "PROCEED=false" >> $GITHUB_ENV - -# Proceed only if the retrieved version is greater than the current one -if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "::warning ::No new version available" - exit 0 -# Proceed only if a PR for this new version does not already exist -elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then - echo "::warning ::A branch already exists for this update" - exit 0 -fi - -#================================================= -# UPDATE SOURCE FILES -#================================================= - -# Let's download source tarball -asset_url=$assets - -echo "Handling asset at $asset_url" - -src="app" - -# Create the temporary directory -tempdir="$(mktemp -d)" - -# Download sources and calculate checksum -filename=${asset_url##*/} -curl --silent -4 -L $asset_url -o "$tempdir/$filename" -checksum=$(sha256sum "$tempdir/$filename" | head -c 64) - -# Delete temporary directory -rm -rf $tempdir - -# Get extension -if [[ $filename == *.tar.gz ]]; then - extension=tar.gz -else - extension=${filename##*.} -fi - -# Rewrite source file -cat <<EOT > conf/$src.src -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true -EOT -echo "... conf/$src.src updated" - -#================================================= -# SPECIFIC UPDATE STEPS -#================================================= - -# Any action on the app's source code can be done. -# The GitHub Action workflow takes care of committing all changes after this script ends. - -#================================================= -# GENERIC FINALIZATION -#================================================= - -# Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json - -# No need to update the README, yunohost-bot takes care of it - -# The Action will proceed only if the PROCEED environment variable is set to true -echo "PROCEED=true" >> $GITHUB_ENV -exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml deleted file mode 100644 index a56d7cb..0000000 --- a/.github/workflows/updater.yml +++ /dev/null @@ -1,49 +0,0 @@ -# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. -# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. -# This file should be enough by itself, but feel free to tune it to your needs. -# It calls updater.sh, which is where you should put the app-specific update steps. -name: Check for new upstream releases -on: - # Allow to manually trigger the workflow - workflow_dispatch: - # Run it every day at 6:00 UTC - schedule: - - cron: '0 6 * * *' -jobs: - updater: - runs-on: ubuntu-latest - steps: - - name: Fetch the source code - uses: actions/checkout@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run the updater script - id: run_updater - run: | - # Setting up Git user - git config --global user.name 'yunohost-bot' - git config --global user.email 'yunohost-bot@users.noreply.github.com' - # Run the updater script - /bin/bash .github/workflows/updater.sh - - name: Commit changes - id: commit - if: ${{ env.PROCEED == 'true' }} - run: | - git commit -am "Upgrade to v$VERSION" - - name: Create Pull Request - id: cpr - if: ${{ env.PROCEED == 'true' }} - uses: peter-evans/create-pull-request@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: Update to version ${{ env.VERSION }} - committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>' - author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>' - signoff: false - base: testing - branch: ci-auto-update-v${{ env.VERSION }} - delete-branch: true - title: 'Upgrade to version ${{ env.VERSION }}' - body: | - Upgrade to v${{ env.VERSION }} - draft: false @@ -16,9 +16,11 @@ It shall NOT be edited by hand. ## Overview -Mastodon is a free, open-source microblogging social network. It is a decentralized alternative to commercial platforms like Twitter and avoids the risks of a single company monopolizing your communication for commercial purposes. +Mastodon is a free, open-source microblogging social network. +It is a decentralized alternative to commercial platforms like Twitter and avoids the risks of a single company monopolizing your communication for commercial purposes. -**Shipped version:** 4.2.8~ynh1 + +**Shipped version:** 4.2.8~ynh2 **Demo:** <https://joinmastodon.org/> @@ -26,49 +28,6 @@ Mastodon is a free, open-source microblogging social network. It is a decentrali  -## Disclaimers / important information - -## Important points to read before installing - -1. **Mastodon** require a dedicated **root domain**, eg. mastodon.domain.tld -1. The user choosen during the installation is automatically created in Mastodon with admin rights -1. At the end of the installation a mail is sent to the user with the automatically generated password -1. It seems important to close the inscriptions for your Mastodon, so that it remains a private body. We invite you to block remote malicious instances from the administration interface. You can also add text on your home page. - -## Configuration - -### Install - -#### Using *screen* in case of disconnect -``` -$ sudo apt-get install screen -$ screen -$ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git -``` -Recover after disconnect: -``` -$ screen -d -$ screen -r -``` - -### Update - -#### Using *screen* highly recommended - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` - -### Administrate with tootctl - -`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` - -## YunoHost specific features - -#### Multi-users support - -LDAP authentication is activated. All YunoHost users can authenticate. - -Log-out from YunoHost's portal doesn't log out from Mastodon. See https://github.com/YunoHost/issues/issues/501 - ## Documentation and resources - Official app website: <https://joinmastodon.org/> diff --git a/README_fr.md b/README_fr.md index 20b9b54..42f7447 100644 --- a/README_fr.md +++ b/README_fr.md @@ -16,10 +16,12 @@ Il NE doit PAS être modifié à la main. ## Vue d’ensemble -Mastodon est un réseau social de microblog auto-hébergé et open source. C'est une alternative décentralisée aux plates-formes commerciales comme Twitter. Mastodon évite ainsi les risques qu'une seule société monopolise votre communication à des fins commerciales. +Mastodon est un réseau social de microblog auto-hébergé et open source. +C'est une alternative décentralisée aux plates-formes commerciales comme Twitter. +Mastodon évite ainsi les risques qu'une seule société monopolise votre communication à des fins commerciales. -**Version incluse :** 4.2.8~ynh1 +**Version incluse :** 4.2.8~ynh2 **Démo :** <https://joinmastodon.org/> @@ -27,54 +29,6 @@ Mastodon est un réseau social de microblog auto-hébergé et open source. C'est  -## Avertissements / informations importantes - -## Points importants à lire avant l'installation - -1. **Mastodon** nécessite un **nom de domaine** dédié, par exemple : mastodon.domain.tld -1. L'utilisateur sélectionné pendant l'installation sera créé automatiquement dans Mastodon avec des droits d'administration. -1. À la fin de l'installation, un mail est envoyé à cet utilisateur avec un mot de passe généré automatiquement. -1. Pour que votre instance Mastodon reste privée, il est important de fermer les inscriptions. Nous vous invitons à bloquer les instances distantes indésirables depuis l'interface d'administration. Vous pouvez également ajouter un texte sur votre page d'accueil dans l'administration. - -## Captures d'écran - - - -## Configuration - -### Installation - -#### Utilisation de *screen* en cas de déconnection -``` -$ sudo apt-get install screen -$ screen -$ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git -``` -Récupérer l'installation après une deconnection : -``` -$ screen -d -$ screen -r -``` -L'utilisateur admin est créé automatiquement comme : user@domain.tld - -### Mise à jour - -#### Utilisation de *screen* fortement recommandée - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` - -### Administration avec tootctl - -`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` - -## Caractéristiques spécifiques YunoHost - -#### Support multi-utilisateur - -L'authentification LDAP est activée. Tous les utilisateurs YunoHost peuvent s'authentifier. - -Se déconnecter depuis le portail YunoHost ne vous déconnecte pas de Mastodon. Voir https://github.com/YunoHost/issues/issues/501 - ## Documentations et ressources - Site officiel de l’app : <https://joinmastodon.org/> diff --git a/check_process b/check_process deleted file mode 100644 index 8714241..0000000 --- a/check_process +++ /dev/null @@ -1,22 +0,0 @@ -;; Test complet - ; Manifest - domain="domain.tld" - is_public=1 - admin="john" - language="fr_FR" - ; Checks - pkg_linter=1 - setup_sub_dir=0 - setup_root=1 - setup_nourl=0 - setup_private=1 - setup_public=1 - upgrade=1 - # 4.02~ynh2 - upgrade=1 from_commit=94381183ca2d14da72234b53c9a83972ffb16e54 - backup_restore=1 - multi_instance=0 - change_url=0 -;;; Options -Email=yalh@yahoo.com -Notification=all diff --git a/conf/.env.production.sample b/conf/.env.production.sample index 21cc8e5..7005b5d 100644 --- a/conf/.env.production.sample +++ b/conf/.env.production.sample @@ -30,11 +30,14 @@ DB_NAME=__DB_NAME__ DB_PASS=__DB_PWD__ DB_PORT=5432 -# ElasticSearch (optional) +# Elasticsearch (optional) # ------------------------ -# ES_ENABLED=true -# ES_HOST=es +ES_ENABLED=false +# ES_HOST=localhost # ES_PORT=9200 +# Authentication for ES (optional) +# ES_USER=elastic +# ES_PASS=password # Secrets # ------- @@ -54,17 +57,12 @@ VAPID_PUBLIC_KEY=__VAPID_PUBLIC_KEY__ # ------------ SMTP_SERVER=localhost SMTP_PORT=25 -#SMTP_LOGIN= -#SMTP_PASSWORD= -SMTP_FROM_ADDRESS=__ADMIN_MAIL__ -#SMTP_REPLY_TO= -#SMTP_DOMAIN= # defaults to LOCAL_DOMAIN -SMTP_DELIVERY_METHOD=sendmail # delivery method can also be smtp -SMTP_AUTH_METHOD=none -#SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt +SMTP_LOGIN=__APP__ +SMTP_PASSWORD=__MAIL_PWD__ +SMTP_FROM_ADDRESS=Mastodon <__APP__@__DOMAIN__> +SMTP_DELIVERY_METHOD=smtp +SMTP_AUTH_METHOD=plain SMTP_OPENSSL_VERIFY_MODE=none -#SMTP_ENABLE_STARTTLS_AUTO=true -#SMTP_TLS=true # Registrations # ------------ @@ -80,16 +78,13 @@ DEFAULT_LOCALE=__LANGUAGE__ # File storage (optional) # ----------------------- -# S3_ENABLED=true -# S3_BUCKET= +S3_ENABLED=false +# S3_BUCKET=files.example.com # AWS_ACCESS_KEY_ID= # AWS_SECRET_ACCESS_KEY= -# S3_REGION= -# S3_PROTOCOL=http -# S3_HOSTNAME=192.168.1.123:9000 -# S3_ALIAS_HOST= +# S3_ALIAS_HOST=files.example.com -# LDAP authentication (optional) +# IP and session retention # ----------------------- LDAP_ENABLED=true LDAP_HOST=localhost @@ -105,3 +100,9 @@ LDAP_UID_CONVERSION_ENABLED=true LDAP_UID_CONVERSION_SEARCH=., - LDAP_UID_CONVERSION_REPLACE=_ LDAP_TLS_NO_VERIFY=true + +# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml +# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800). +# ----------------------- +IP_RETENTION_PERIOD=1209600 +SESSION_RETENTION_PERIOD=1209600 diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index a6999e4..0000000 --- a/conf/app.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/tootsuite/mastodon/archive/refs/tags/v4.2.8.tar.gz -SOURCE_SUM=ccecdfaab5f84cfaeb193eff2b7b795f7bdd08aa872e265dcb2625310f2c9478 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true @@ -1,7 +1,7 @@ # This is a system cron file, see crontab(5) # m h dom mon dow user command -@daily __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove -@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove-orphans -@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl accounts cull -@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl statuses remove -@monthly __APP__ cd __FINAL_PATH__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl preview_cards remove +@daily __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove +@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl media remove-orphans +@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl accounts cull +@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl statuses remove +@monthly __APP__ cd __INSTALL_DIR__/live && __YNH_RUBY_LOAD_PATH__ __LD_PRELOAD__ RAILS_ENV=production bin/tootctl preview_cards remove diff --git a/conf/mastodon-sidekiq.service b/conf/mastodon-sidekiq.service index 25a46fb..14bd592 100644 --- a/conf/mastodon-sidekiq.service +++ b/conf/mastodon-sidekiq.service @@ -5,15 +5,17 @@ After=network.target [Service] Type=simple User=__APP__ -WorkingDirectory=__FINALPATH__/live +WorkingDirectory=__INSTALL_DIR__/live Environment="__LD_PRELOAD__" Environment="RAILS_ENV=production" Environment="DB_POOL=25" Environment="MALLOC_ARENA_MAX=2" Environment="__YNH_RUBY_LOAD_PATH__" -ExecStart=__FINALPATH__/live/bin/bundle exec sidekiq -c 25 +ExecStart=__INSTALL_DIR__/live/bin/bundle exec sidekiq -c 25 TimeoutSec=15 Restart=always +StandardOutput=append:/var/log/__APP__/__APP__-sidekiq.log +StandardError=inherit # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these @@ -21,17 +23,17 @@ Restart=always # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html NoNewPrivileges=no PrivateTmp=yes -#PrivateDevices=yes -#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK -#RestrictNamespaces=yes -#RestrictRealtime=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes DevicePolicy=closed ProtectSystem=full ProtectControlGroups=yes -#ProtectKernelModules=yes -#ProtectKernelTunables=yes -#LockPersonality=yes -#SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap # Denying access to capabilities that should not be relevant for webapps # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html diff --git a/conf/mastodon-streaming.service b/conf/mastodon-streaming.service index c88e0fa..f63945e 100644 --- a/conf/mastodon-streaming.service +++ b/conf/mastodon-streaming.service @@ -5,7 +5,7 @@ After=network.target [Service] Type=simple User=__APP__ -WorkingDirectory=__FINALPATH__/live +WorkingDirectory=__INSTALL_DIR__/live Environment="NODE_ENV=production" Environment="PORT=__PORT_STREAM__" Environment="STREAMING_CLUSTER_NUM=1" @@ -13,6 +13,8 @@ Environment="__YNH_NODE_LOAD_PATH__" ExecStart=__YNH_NODE__ ./streaming TimeoutSec=15 Restart=always +StandardOutput=append:/var/log/__APP__/__APP__-streaming.log +StandardError=inherit # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these diff --git a/conf/mastodon-web.service b/conf/mastodon-web.service index 334233b..133fc3b 100644 --- a/conf/mastodon-web.service +++ b/conf/mastodon-web.service @@ -5,15 +5,17 @@ After=network.target [Service] Type=simple User=__APP__ -WorkingDirectory=__FINALPATH__/live +WorkingDirectory=__INSTALL_DIR__/live Environment="__LD_PRELOAD__" Environment="RAILS_ENV=production" Environment="PORT=__PORT_WEB__" Environment="__YNH_RUBY_LOAD_PATH__" -ExecStart=__FINALPATH__/live/bin/bundle exec puma -C config/puma.rb +ExecStart=__INSTALL_DIR__/live/bin/bundle exec puma -C config/puma.rb ExecReload=/bin/kill -SIGUSR1 $MAINPID TimeoutSec=15 Restart=always +StandardOutput=append:/var/log/__APP__/__APP__-web.log +StandardError=inherit # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these diff --git a/conf/nginx.conf b/conf/nginx.conf index 4b1f76b..09e4a84 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,6 +1,6 @@ client_max_body_size 99m; -root __FINALPATH__/live/public; +root __INSTALL_DIR__/live/public; location / { diff --git a/doc/ADMIN.md b/doc/ADMIN.md new file mode 100644 index 0000000..dfce904 --- /dev/null +++ b/doc/ADMIN.md @@ -0,0 +1,72 @@ +## Administrate with tooctl + +`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` + +## Update + +**`screen` (or `tmux`) can be used to make sure your session is not interrupted in case of connection problems.** +See [tutorial](https://www.howtogeek.com/662422/how-to-use-linuxs-screen-command/) for more background information. + +```bash +screen +sudo yunohost app upgrade mastodon +``` + +Recover the screen session after disconnect: + +```bash +screen -d +screen -r +``` + +## Backups + +First of all: Mastodon uses a local cache to save media (such as posted images, videos etc.). This cache can grow huge. +You could consider cleaning up your local cache first as otherwise your backup will be very big and you might run out of disk space: + +To check your space usage, on a command line run: + +```bash +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media usage +``` + +If your cache is too big to backup, you can run the following command to clean up Attachments (the first line). +Substitute X by the number of days you want to keep, e.g. 1 day. +All older images will be deleted but will be refetched from the original server if necessary. + +First dry-run to see how much space is freed up (without actually removing): + +```bash +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X --dry-run` +``` + +If all looks good commit the cleanup: + +```bash +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X` +``` + +Check [the official documentation](https://docs.joinmastodon.org/admin/tootctl/#media-remove) for more details. + +## Before your Mastodon instance deletion + +Before definitively uninstalling Mastodon, you have to run `tootctl self-destruct` to broadcast your users and instance deletion to the federation. +Otherwise your data will remain in federation cache for ever. + +⚠️ Make sure you know exactly what you are doing before running this command. +⚠️ **This operation is NOT reversible, and it can take a long time.** +⚠️ The server will be in a BROKEN STATE after this command finishes. +⚠️ A running Sidekiq process is required, **so do not shut down the server until the queues are fully cleared**. + +```bash +screen +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl self-destruct --dry-run +``` + +Remove the `--dry-run` part only when you're absolutely certain that you really want to delete your Mastodon instance. + +Check [the official documentation](https://docs.joinmastodon.org/admin/tootctl/#self-destruct) for more details. + +## Known Bugs + +- Log-out from YunoHost's portal doesn't log out from Mastodon. See <https://github.com/YunoHost/issues/issues/501> diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md new file mode 100644 index 0000000..c879081 --- /dev/null +++ b/doc/ADMIN_fr.md @@ -0,0 +1,72 @@ +## Administration avec tooctl + +`$ cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help` + +## Mise à jour + +**`screen` (ou `tmux`) peut être utilisé pour vous assurer que votre session n'est pas interrompue en cas de problème de connection.** +Consultez ce [tutoriel](https://www.howtogeek.com/662422/how-to-use-linuxs-screen-command/) pour plus de détails. + +```bash +screen +sudo yunohost app upgrade mastodon +``` + +Récupérer la session screen après une déconnexion : + +```bash +screen -d +screen -r +``` + +## Sauvegardes + +Tout d'abord : Mastodon utilise un cache local pour sauvegarder les médias (comme les images, vidéos, etc). Ce cache peut devenir énorme. +Vous devriez réfléchir à vider votre cache local avant de faire une sauvegarde, qui pourrait être énorme et vous pourriez manquer d'espace de stockage. + +Pour vérifier l'utilisation du stockage, en ligne de commande utilisez : + +```bash +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media usage +``` + +Si le cache est trop gros pour être sauvegardé, vous pouvez lancer la commande suivante pour en supprimer les médias attachés. +Changez `X` par le nombre de cache à conserver, par ex. 1 jour. +Tous les médias plus anciens seront supprimés, mais ils pourront être rechargé du serveur d'origine si nécessaire. + +En premier faite un essai à blanc pour voir combien de place sera libérée (sans rien supprimer): + +```bash +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X --dry-run` +``` + +Si cela semble bon, effectuez le nettoyage : + +```bash +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl media remove --days=X +``` + +Consulter [la documentation officielle](https://docs.joinmastodon.org/admin/tootctl/#media-remove) pour plus de détails. + +## Avant la suppression de votre instance Mastodon + +Avant de désinstaller définitivement Mastodon, vous devez lancer `tootctl self-destruct` pour annoncer à la fédération la suppression de vos utilisateurs et de votre instance. +Sinon, vos données resteront dans le cache de la fédération pour toujours. + +⚠️ Assurez-vous de savoir exactement ce que vous faites avant d'exécuter cette commande. +⚠️ **Cette opération n'est PAS réversible et peut prendre beaucoup de temps.** +⚠️ Le serveur sera dans un ÉTAT BRISÉ après la fin de cette commande. +⚠️Un processus Sidekiq en cours d'exécution est nécessaire, **donc ne stoppez pas le serveur avant que les files d'attente ne soient complètement vidées**. + +```bash +screen +sudo cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl self-destruct --dry-run +``` + +Retirez la partie `--dry-run` uniquement lorsque vous avez la certitude que que vous voulez vraiment supprimer votre instance Mastodon. + +Consulter [la documentation officielle](https://docs.joinmastodon.org/admin/tootctl/#self-destruct) pour plus de détails. + +## Bugs connus + +- Se déconnecter depuis le portail YunoHost ne vous déconnecte pas de Mastodon. Voir <https://github.com/YunoHost/issues/issues/501> diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index 72981f6..d15afb9 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -1 +1,2 @@ -Mastodon is a free, open-source microblogging social network. It is a decentralized alternative to commercial platforms like Twitter and avoids the risks of a single company monopolizing your communication for commercial purposes.
\ No newline at end of file +Mastodon is a free, open-source microblogging social network. +It is a decentralized alternative to commercial platforms like Twitter and avoids the risks of a single company monopolizing your communication for commercial purposes. diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md index bb225b2..f68bfd0 100644 --- a/doc/DESCRIPTION_fr.md +++ b/doc/DESCRIPTION_fr.md @@ -1 +1,3 @@ -Mastodon est un réseau social de microblog auto-hébergé et open source. C'est une alternative décentralisée aux plates-formes commerciales comme Twitter. Mastodon évite ainsi les risques qu'une seule société monopolise votre communication à des fins commerciales. +Mastodon est un réseau social de microblog auto-hébergé et open source. +C'est une alternative décentralisée aux plates-formes commerciales comme Twitter. +Mastodon évite ainsi les risques qu'une seule société monopolise votre communication à des fins commerciales. diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md deleted file mode 100644 index e08b255..0000000 --- a/doc/DISCLAIMER.md +++ /dev/null @@ -1,40 +0,0 @@ -## Important points to read before installing - -1. **Mastodon** require a dedicated **root domain**, eg. mastodon.domain.tld -1. The user choosen during the installation is automatically created in Mastodon with admin rights -1. At the end of the installation a mail is sent to the user with the automatically generated password -1. It seems important to close the inscriptions for your Mastodon, so that it remains a private body. We invite you to block remote malicious instances from the administration interface. You can also add text on your home page. - -## Configuration - -### Install - -#### Using *screen* in case of disconnect -``` -$ sudo apt-get install screen -$ screen -$ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git -``` -Recover after disconnect: -``` -$ screen -d -$ screen -r -``` - -### Update - -#### Using *screen* highly recommended - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` - -### Administrate with tootctl - -`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` - -## YunoHost specific features - -#### Multi-users support - -LDAP authentication is activated. All YunoHost users can authenticate. - -Log-out from YunoHost's portal doesn't log out from Mastodon. See https://github.com/YunoHost/issues/issues/501 diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md deleted file mode 100644 index 09ed5c9..0000000 --- a/doc/DISCLAIMER_fr.md +++ /dev/null @@ -1,45 +0,0 @@ -## Points importants à lire avant l'installation - -1. **Mastodon** nécessite un **nom de domaine** dédié, par exemple : mastodon.domain.tld -1. L'utilisateur sélectionné pendant l'installation sera créé automatiquement dans Mastodon avec des droits d'administration. -1. À la fin de l'installation, un mail est envoyé à cet utilisateur avec un mot de passe généré automatiquement. -1. Pour que votre instance Mastodon reste privée, il est important de fermer les inscriptions. Nous vous invitons à bloquer les instances distantes indésirables depuis l'interface d'administration. Vous pouvez également ajouter un texte sur votre page d'accueil dans l'administration. - -## Captures d'écran - - - -## Configuration - -### Installation - -#### Utilisation de *screen* en cas de déconnection -``` -$ sudo apt-get install screen -$ screen -$ sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git -``` -Récupérer l'installation après une deconnection : -``` -$ screen -d -$ screen -r -``` -L'utilisateur admin est créé automatiquement comme : user@domain.tld - -### Mise à jour - -#### Utilisation de *screen* fortement recommandée - -`$ sudo yunohost app upgrade mastodon -u https://github.com/YunoHost-Apps/mastodon_ynh --debug ` - -### Administration avec tootctl - -`$ (cd /var/www/mastodon/live && sudo -u mastodon RAILS_ENV=production PATH=/opt/rbenv/versions/mastodon/bin bin/tootctl --help)` - -## Caractéristiques spécifiques YunoHost - -#### Support multi-utilisateur - -L'authentification LDAP est activée. Tous les utilisateurs YunoHost peuvent s'authentifier. - -Se déconnecter depuis le portail YunoHost ne vous déconnecte pas de Mastodon. Voir https://github.com/YunoHost/issues/issues/501 diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md new file mode 100644 index 0000000..0088f30 --- /dev/null +++ b/doc/PRE_INSTALL.md @@ -0,0 +1,23 @@ +## Important points to read before installing + +- **Mastodon** require a dedicated **root domain**, eg. `domaine.tld` or `mastodon.domain.tld`, with no other apps installed on that domain. You can't change the domain once installed. +- The user choosen during the installation is automatically created in Mastodon with admin rights +- To ensure that your Mastodon instance remains private and that the community is secure, it is important that registrations are closed and verified. We invite you to block remote malicious instances from the administration interface. You can also add text on your home page using the administration interface. + +## Using *screen* in case of disconnect + +Mastodon can take a long time to install, depending on server performance. +To avoid the process being interrupted by a disconnection, you can use `screen`. + +```bash +sudo apt install screen +screen +sudo yunohost app install https://github.com/YunoHost-Apps/mastodon_ynh.git +``` + +Recover the screen session after disconnect: + +```bash +screen -d +screen -r +``` diff --git a/doc/PRE_INSTALL_fr.md b/doc/PRE_INSTALL_fr.md new file mode 100644 index 0000000..7128e3a --- /dev/null +++ b/doc/PRE_INSTALL_fr.md @@ -0,0 +1,23 @@ +## Points importants à lire avant l'installation + +- **Mastodon** nécessite un **nom de domaine** dédié, par exemple : `domaine.tld` ou `mastodon.domaine.tld` sans apps installées sur ce domaine. Il est impossible de changer le nom de domaine après l'installation. +- L'utilisateur sélectionné pendant l'installation sera créé automatiquement dans Mastodon avec des droits d'administration. +- Pour que votre instance Mastodon reste privée et que la communauté soit sécurisée, il est important que les inscriptions soient fermées et vérifiées. Nous vous invitons à bloquer les instances indésirables depuis l'interface d'administration. Vous pouvez également ajouter un texte sur votre page d'accueil dans l'interface d'administration. + +## Utilisation de *screen* en cas de déconnexion + +L'installation de Mastodon peut être longue, selon les performances du serveur. +Pour éviter que le processus soit interrompu par une déconnexion, vous pouvez utiliser `screen`. + +```bash +sudo apt install screen +screen +sudo yunohost app install mastodon +``` + +Récupérer l'installation après une deconnection : + +```bash +screen -d +screen -r +``` diff --git a/manifest.json b/manifest.json deleted file mode 100644 index 8f72071..0000000 --- a/manifest.json +++ /dev/null @@ -1,69 +0,0 @@ -{ - "name": "Mastodon", - "id": "mastodon", - "packaging_format": 1, - "description": { - "en": "Libre and federated social network", - "fr": "Réseau social libre et fédéré" - }, - "version": "4.2.8~ynh1", - "url": "https://github.com/mastodon/mastodon", - "upstream": { - "license": "AGPL-3.0-or-later", - "website": "https://joinmastodon.org/", - "demo": "https://joinmastodon.org/", - "admindoc": "https://docs.joinmastodon.org/", - "code": "https://github.com/mastodon/mastodon" - }, - "license": "AGPL-3.0-or-later", - "maintainer": { - "name": "yalh76" - }, - "previous_maintainer": [ - { - "name": "cyp", - "email": "cyp@rouquin.me" - }, - { - "name": "nemsia", - "email": "nemsia@nemsia.org" - } - ], - "requirements": { - "yunohost": ">= 11.2" - }, - "multi_instance": true, - "services": [ - "nginx" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "is_public", - "type": "boolean", - "default": true - }, - { - "name": "language", - "type": "select", - "ask": { - "en": "Choose the application language", - "fr": "Choisissez la langue de l'application" - }, - "choices": [ - "en_EN", - "fr_FR" - ], - "default": "fr_FR" - }, - { - "name": "admin", - "type": "user" - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..7f4ce98 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,86 @@ +packaging_format = 2 + +id = "mastodon" +name = "Mastodon" +description.en = "Libre and federated social network" +description.fr = "Réseau social libre et fédéré" + +version = "4.2.8~ynh2" + +maintainers = ["Tagada"] + +[upstream] +license = "AGPL-3.0-or-later" +website = "https://joinmastodon.org/" +demo = "https://joinmastodon.org/" +admindoc = "https://docs.joinmastodon.org/" +code = "https://github.com/mastodon/mastodon" +cpe = "cpe:2.3:a:joinmastodon:mastodon" +fund = "https://joinmastodon.org/sponsors" + +[integration] +yunohost = ">= 11.2" +architectures = "all" +multi_instance = true + +ldap = true + +sso = false + +disk = "2G" +ram.build = "1G" +ram.runtime = "500M" + +[install] + [install.domain] + type = "domain" + + [install.init_main_permission] + type = "group" + default = "visitors" + + [install.language] + ask.en = "Choose the application language" + ask.fr = "Choisissez la langue de l'application" + type = "select" + choices = ["en_EN", "fr_FR"] + default = "fr_FR" + + [install.admin] + type = "user" + +[resources] + [resources.sources] + [resources.sources.main] + url = "https://github.com/tootsuite/mastodon/archive/refs/tags/v4.2.8.tar.gz" + sha256 = "ccecdfaab5f84cfaeb193eff2b7b795f7bdd08aa872e265dcb2625310f2c9478" + autoupdate.strategy = "latest_github_release" + + [resources.system_user] + allow_email = true + + [resources.install_dir] + + [resources.permissions] + main.url = "/" + + api.url = "/api" + api.allowed = "visitors" + api.auth_header = false + api.show_tile = false + api.protected = true + + [resources.ports] + web.default = 3000 + stream.default = 4000 + + [resources.apt] + packages = "imagemagick, ffmpeg, libpq-dev, libxml2-dev, libxslt1-dev, file, git, git-core, g++, libprotobuf-dev, protobuf-compiler, pkg-config, gcc, autoconf, bison, build-essential, libssl-dev, libyaml-dev, libreadline6-dev, zlib1g-dev, libncurses5-dev, libffi-dev, libgdbm6, libgdbm-dev, redis-tools, redis-server, rsync, postgresql, postgresql-contrib, libidn11-dev, libicu-dev, libjemalloc-dev, curl, apt-transport-https" + + [resources.apt.extras.yarn] + repo = "deb https://dl.yarnpkg.com/debian/ stable main" + key = "https://dl.yarnpkg.com/debian/pubkey.gpg" + packages = "yarn" + + [resources.database] + type = "postgresql" diff --git a/scripts/_common.sh b/scripts/_common.sh index d6028ea..4049d21 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,17 +4,14 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app (must be on a single line) -pkg_dependencies="imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev file git-core g++ libprotobuf-dev protobuf-compiler pkg-config gcc autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3|libgdbm6 libgdbm-dev redis-tools redis-server postgresql postgresql-contrib libidn11-dev libicu-dev libjemalloc-dev curl apt-transport-https" -build_pkg_dependencies="" - memory_needed="2560" ruby_version=3.2.2 -nodejs_version=16 +nodejs_version=20 # Workaround for Mastodon on Bullseye # See https://github.com/mastodon/mastodon/issues/15751#issuecomment-873594463 -if [ "$(lsb_release --codename --short)" = "bullseye" ]; then +if [ "$(lsb_release --codename --short)" = "bullseye" ]; +then case $YNH_ARCH in amd64) ld_preload="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so" diff --git a/scripts/backup b/scripts/backup index 96a895d..de1ba98 100644 --- a/scripts/backup +++ b/scripts/backup @@ -11,27 +11,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) - -#================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= ynh_print_info --message="Declaring files to be backed up..." @@ -40,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE NGINX CONFIGURATION @@ -51,6 +30,12 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # SPECIFIC BACKUP #================================================= +# BACKUP LOGROTATE +#================================================= + +ynh_backup --src_path="/etc/logrotate.d/$app" + +#================================================= # BACKUP SYSTEMD #================================================= diff --git a/scripts/install b/scripts/install index d5976f7..283e9d9 100644 --- a/scripts/install +++ b/scripts/install @@ -11,121 +11,31 @@ source ynh_install_ruby__2 source ynh_add_swap source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -domain=$YNH_APP_ARG_DOMAIN -path_url="/" -is_public=$YNH_APP_ARG_IS_PUBLIC -language=$YNH_APP_ARG_LANGUAGE -admin=$YNH_APP_ARG_ADMIN - -app=$YNH_APP_INSTANCE_NAME - admin_mail=$(ynh_user_get_info --username=$admin --key=mail) +# Set `service` settings to support `yunohost app shell` command +ynh_app_setting_set --app="$app" --key=service --value="$app-web.service" #================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." --weight=1 - -final_path=/var/www/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url - -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -ynh_script_progression --message="Storing installation settings..." --weight=1 - -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=language --value=$language -ynh_app_setting_set --app=$app --key=admin --value=$admin - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." --weight=1 - -# Find an available port -port_web=$(ynh_find_port --port=3000) -ynh_app_setting_set --app=$app --key=port_web --value=$port_web - -port_stream=$(ynh_find_port --port=4000) -ynh_app_setting_set --app=$app --key=port_stream --value=$port_stream - -#================================================= -# INSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Installing dependencies..." --weight=1 - -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies -ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" - -#================================================= -# CREATE A POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Creating a PostgreSQL database..." --weight=1 - -db_name=$(ynh_sanitize_dbid --db_name="${app}_production") -db_user=$(ynh_sanitize_dbid --db_name=$app) -ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_app_setting_set --app=$app --key=db_user --value=$db_user -ynh_psql_test_if_first_run -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name -ynh_psql_execute_as_root --sql="ALTER USER $db_user CREATEDB;" -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) - +# APP "BUILD" (DEPLOYING SOURCES, VENV, COMPILING ETC) #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 -ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path/live" +ynh_setup_source --dest_dir="$install_dir/live" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chown -R $app:www-data "$install_dir" #================================================= -# NGINX CONFIGURATION +# INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=1 +ynh_script_progression --message="Installing Ruby and NodeJS..." --weight=1 -# Create a dedicated NGINX config -ynh_add_nginx_config +ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= -# SPECIFIC SETUP -#================================================= # ADD SWAP IF NEEDED #================================================= ynh_script_progression --message="Adding swap if needed..." --weight=1 @@ -138,7 +48,8 @@ if [ $total_memory -lt $memory_needed ]; then swap_needed=$(($memory_needed - $total_memory)) fi -ynh_script_progression --message="Adding $swap_needed Mo to swap..." +ynh_script_progression --message="Adding $swap_needed Mo to swap..." --weight=1 + ynh_add_swap --size=$swap_needed #================================================= @@ -146,7 +57,7 @@ ynh_add_swap --size=$swap_needed #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -config="$final_path/live/.env.production" +config="$install_dir/live/.env.production" language="$(echo $language | head -c 2)" @@ -159,28 +70,29 @@ ynh_app_setting_set --app="$app" --key=secret_key_base --value="$secret_key_base otp_secret=$(ynh_string_random --length=128) ynh_app_setting_set --app="$app" --key=otp_secret --value="$otp_secret" +# We need rake to build vapid keys, we generate them later once the app is installed vapid_private_key="" vapid_public_key="" -ynh_add_config --template="../conf/.env.production.sample" --destination="$config" - +ynh_add_config --template=".env.production.sample" --destination="$config" chmod 400 "$config" chown $app:$app "$config" -ynh_replace_string --match_string="registrations_mode: 'open'" --replace_string="registrations_mode: 'none'" --target_file="$final_path/live/config/settings.yml" -ynh_replace_string --match_string="min_invite_role: 'admin'" --replace_string="min_invite_role: 'none'" --target_file="$final_path/live/config/settings.yml" +ynh_replace_string --match_string="registrations_mode: 'open'" --replace_string="registrations_mode: 'none'" --target_file="$install_dir/live/config/settings.yml" +ynh_replace_string --match_string="min_invite_role: 'admin'" --replace_string="min_invite_role: 'none'" --target_file="$install_dir/live/config/settings.yml" -ynh_store_file_checksum --file="$final_path/live/config/settings.yml" +ynh_store_file_checksum --file="$install_dir/live/config/settings.yml" -chmod 400 "$final_path/live/config/settings.yml" -chown $app:$app "$final_path/live/config/settings.yml" +chmod 400 "$install_dir/live/config/settings.yml" +chown $app:$app "$install_dir/live/config/settings.yml" #================================================= # BUILD APP #================================================= ynh_script_progression --message="Building app..." --weight=1 -pushd "$final_path/live" +pushd "$install_dir/live" + # Building ruby packages ynh_use_ruby ynh_gem update --system ynh_gem install bundler --no-document @@ -188,92 +100,65 @@ pushd "$final_path/live" ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle config without 'development test' ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle config set force_ruby_platform true ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle install -j$(getconf _NPROCESSORS_ONLN) + # Building assets ynh_use_nodejs - ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile + ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile --production --network-timeout 600000 echo "SAFETY_ASSURED=1">> $config - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:setup --quiet + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate --quiet ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:precompile --quiet + # Generate vapid keys ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt + # Create the first admin user ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=Owner > /dev/null - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl accounts modify "$admin" --approve popd -vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$final_path/live/key.txt") +# Re-generate config with vapid keys +vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$install_dir/live/key.txt") ynh_app_setting_set --app="$app" --key=vapid_private_key --value="$vapid_private_key" - -vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "$final_path/live/key.txt") +vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "$install_dir/live/key.txt") ynh_app_setting_set --app="$app" --key=vapid_public_key --value="$vapid_public_key" - -ynh_secure_remove --file="$final_path/live/key.txt" - +ynh_secure_remove --file="$install_dir/live/key.txt" ynh_delete_file_checksum --file="$config" - -ynh_add_config --template="../conf/.env.production.sample" --destination="$config" - +ynh_add_config --template=".env.production.sample" --destination="$config" chmod 400 "$config" chown $app:$app "$config" -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies -ynh_package_autoremove - #================================================= -# SETUP SYSTEMD +# SYSTEM CONFIGURATION #================================================= -ynh_script_progression --message="Configuring a systemd service..." --weight=1 +ynh_script_progression --message="Adding system configurations related to $app..." --weight=1 + +# Create a dedicated NGINX config using the conf/nginx.conf template +ynh_add_nginx_config # Create a dedicated systemd config ynh_add_systemd_config --service="$app-web" --template="mastodon-web.service" +yunohost service add "$app-web" --description="$app web service" + ynh_add_systemd_config --service="$app-sidekiq" --template="mastodon-sidekiq.service" +yunohost service add "$app-sidekiq" --description="$app sidekiq service" + ynh_add_systemd_config --service="$app-streaming" --template="mastodon-streaming.service" +yunohost service add "$app-streaming" --description="$app streaming service" -#================================================= -# SETUP THE CRON FILE -#================================================= -ynh_script_progression --message="Setuping the cron file..." --weight=1 +# Create a cron file +ynh_add_config --template="cron" --destination="/etc/cron.d/$app" -ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" +# Use logrotate to manage application logfile(s) +mkdir -p /var/log/$app +chown $app:$app /var/log/$app +ynh_use_logrotate #================================================= # GENERIC FINALIZATION #================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - -yunohost service add "$app-web" --description="$app web service" -yunohost service add "$app-sidekiq" --description="$app sidekiq service" -yunohost service add "$app-streaming" --description="$app streaming service" - -#================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 - -ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd --line_match="Listening on" -ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded" -ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Streaming API now listening" - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" -fi - -ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression --message="Starting all systemd services..." --weight=1 -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemd_action --service_name=${app}-web --action="start" --log_path=/var/log/$app/$app-web.log --line_match="Listening on" +ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Schedules Loaded" +ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=/var/log/$app/$app-streaming.log --line_match="Streaming API now listening" #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 69fc9ec..7df4fda 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,22 +12,11 @@ source ynh_add_swap source /usr/share/yunohost/helpers #================================================= -# LOAD SETTINGS +# REMOVE SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$(ynh_app_setting_get --app=$app --key=db_user) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -#================================================= -# STANDARD REMOVE -#================================================= -# REMOVE SERVICE INTEGRATION IN YUNOHOST +# REMOVE SYSTEMD SERVICE #================================================= +ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status "$app-web" >/dev/null @@ -48,74 +37,28 @@ then yunohost service remove "$app-streaming" fi -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 - # Remove the dedicated systemd config ynh_remove_systemd_config --service="$app-web" ynh_remove_systemd_config --service="$app-sidekiq" ynh_remove_systemd_config --service="$app-streaming" -#================================================= -# REMOVE THE POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Removing the PostgreSQL database..." --weight=1 - -# Remove a database if it exists, along with the associated user -ynh_psql_remove_db --db_user=$db_user --db_name=$db_name - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." --weight=1 - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 - # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=1 +# Remove a cron file +ynh_secure_remove --file="/etc/cron.d/$app" + +# Remote logrotate config +ynh_remove_logrotate # Remove metapackage and its dependencies ynh_remove_ruby ynh_remove_nodejs -ynh_remove_app_dependencies - -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE VARIOUS FILES -#================================================= -ynh_script_progression --message="Removing various files..." --weight=1 - -# Remove a cron file -ynh_secure_remove --file="/etc/cron.d/$app" # Remove swap ynh_del_swap #================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." --weight=1 - -# Delete a system user -ynh_system_user_delete --username=$app - -#================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index a03e3ba..c843227 100644 --- a/scripts/restore +++ b/scripts/restore @@ -13,85 +13,23 @@ source ../settings/scripts/ynh_add_swap source /usr/share/yunohost/helpers #================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$(ynh_app_setting_get --app=$app --key=db_user) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=1 - -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " - -#================================================= # STANDARD RESTORATION STEPS #================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - -#================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_restore_file --origin_path="$final_path" - -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Reinstalling dependencies..." --weight=1 - -# Define and install dependencies -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies -ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 +ynh_restore_file --origin_path="$install_dir" -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # RESTORE THE POSTGRESQL DATABASE #================================================= ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1 -ynh_psql_test_if_first_run -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_execute_as_root --sql="ALTER USER $db_user CREATEDB;" ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" @@ -109,64 +47,63 @@ if [ $total_memory -lt $memory_needed ]; then fi ynh_script_progression --message="Adding $swap_needed Mo to swap..." --weight=1 + ynh_add_swap --size=$swap_needed #================================================= +# REINSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Reinstalling Ruby and NodeJS..." --weight=1 + +ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version + +#================================================= # BUILD APP #================================================= ynh_script_progression --message="Building app..." --weight=1 -pushd "$final_path/live" +pushd "$install_dir/live" ynh_use_ruby ynh_gem update --system ynh_gem install bundler --no-document ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle install --redownload -j$(getconf _NPROCESSORS_ONLN) popd -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies -ynh_package_autoremove - #================================================= -# RESTORE VARIOUS FILES +# RESTORE SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Restoring various files..." --weight=1 - -ynh_restore_file --origin_path="/etc/cron.d/$app" - -#================================================= -# RESTORE SYSTEMD +# RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 +ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 + +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/systemd/system/$app-web.service" ynh_restore_file --origin_path="/etc/systemd/system/$app-sidekiq.service" ynh_restore_file --origin_path="/etc/systemd/system/$app-streaming.service" systemctl enable "$app-web" "$app-sidekiq" "$app-streaming" --quiet -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - yunohost service add "$app-web" --description="$app web service" yunohost service add "$app-sidekiq" --description="$app sidekiq service" yunohost service add "$app-streaming" --description="$app streaming service" -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_restore_file --origin_path="/etc/cron.d/$app" -ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd --line_match="Listening on" -ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded" -ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Streaming API now listening" +mkdir -p /var/log/$app +chown -R $app:$app /var/log/$app +ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= # GENERIC FINALIZATION #================================================= -# RELOAD NGINX +# RELOAD NGINX AND THE APP SERVICE #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 + +ynh_systemd_action --service_name=${app}-web --action="start" --log_path=/var/log/$app/$app-web.log --line_match="Listening on" +ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Schedules Loaded" +ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=/var/log/$app/$app-streaming.log --line_match="Streaming API now listening" ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index e041939..aaafcc0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -11,231 +11,82 @@ source ynh_install_ruby__2 source ynh_add_swap source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -language=$(ynh_app_setting_get --app=$app --key=language) -admin=$(ynh_app_setting_get --app=$app --key=admin) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -redis_namespace=$(ynh_app_setting_get --app=$app --key=db_name) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$(ynh_app_setting_get --app=$app --key=db_user) -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -admin_mail=$(ynh_user_get_info --username=$admin --key='mail') -port_web=$(ynh_app_setting_get --app=$app --key=port_web) -port_stream=$(ynh_app_setting_get --app=$app --key=port_stream) - -secret_key_base=$(ynh_app_setting_get --app=$app --key=secret_key_base) -otp_secret=$(ynh_app_setting_get --app=$app --key=otp_secret) -vapid_private_key=$(ynh_app_setting_get --app=$app --key=vapid_private_key) -vapid_public_key=$(ynh_app_setting_get --app=$app --key=vapid_public_key) - -config="$final_path/live/.env.production" - -#================================================= -# CHECK VERSION -#================================================= -ynh_script_progression --message="Checking version..." --weight=1 - upgrade_type=$(ynh_check_app_version_changed) - -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors +config="$install_dir/live/.env.production" #================================================= # STANDARD UPGRADE STEPS #================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 - -ynh_systemd_action --service_name=${app}-web --action="stop" --log_path=systemd -ynh_systemd_action --service_name=${app}-sidekiq --action="stop" --log_path=systemd -ynh_systemd_action --service_name=${app}-streaming --action="stop" --log_path=systemd - -#================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - -# Create a permission if needed -if ! ynh_permission_exists --permission="api"; then - ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" -fi - -# If port_web doesn't exist, create it, needed for old install -if [[ -z "$port_web" ]]; then - port_web=3000 - ynh_app_setting_set --app=$app --key=port_web --value=$port_web -fi - -# If port_web doesn't exist, create it, needed for old install -if [[ -z "$port_stream" ]]; then - port_stream=4000 - ynh_app_setting_set --app=$app --key=port_stream --value=$port_stream -fi - -# If db_user doesn't exist, create it, needed for old install -if [[ -z "$db_user" ]]; then - db_user=$(ynh_sanitize_dbid --db_name=$app) - ynh_app_setting_set --app=$app --key=db_user --value=$db_user -fi - -# If db_pwd doesn't exist, create it, needed for old install -if [[ -z "$db_pwd" ]]; then - db_pwd=$(ynh_string_random) - ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd - ynh_psql_test_if_first_run - sudo --login --user=postgres psql -c"ALTER user $app WITH PASSWORD '$db_pwd'" postgres - ynh_replace_string --match_string="DB_PASS=" --replace_string="DB_PASS=${db_pwd}" --target_file="$config" -fi - -# Remove paperclip_secret -ynh_app_setting_delete --app=$app --key=paperclip_secret - -# If secret_key_base doesn't exist, retrieve it or create it -if [[ -z "$secret_key_base" ]]; then - secret_key_base=$(grep -oP "SECRET_KEY_BASE=\K\w+" $config) - if [[ -z "$secret_key_base" ]]; then - secret_key_base=$(ynh_string_random --length=128) - fi - ynh_app_setting_set --app=$app --key=secret_key_base --value="$secret_key_base" -fi - -# If otp_secret doesn't exist, retrieve it or create it -if [[ -z "$otp_secret" ]]; then - otp_secret=$(grep -oP "OTP_SECRET=\K\w+" $config) - if [[ -z "$otp_secret" ]]; then - otp_secret=$(ynh_string_random --length=128) - fi - ynh_app_setting_set --app=$app --key=otp_secret --value="$otp_secret" -fi - -# If vapid_private_key doesn't exist, retrieve it or create it -if [[ -z "$vapid_private_key" ]]; then - vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" $config) - vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" $config) - ynh_app_setting_set "$app" vapid_private_key "$vapid_private_key" - ynh_app_setting_set "$app" vapid_public_key "$vapid_public_key" -fi - -# If redis_namespace doesn't exist, create it -if [[ -z "$redis_namespace" ]]; then - redis_namespace=${app}_production - ynh_app_setting_set --app=$app --key=redis_namespace --value=$redis_namespace +# Set `service` settings to support `yunohost app shell` command +if [[ -z "${service:-}" ]]; then + service="$app-web.service" + ynh_app_setting_set --app="$app" --key=service --value="$service" fi #Remove previous added repository ynh_remove_extra_repo #================================================= -# CREATE DEDICATED USER +# STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 +ynh_script_progression --message="Stopping a systemd service..." --weight=1 -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_systemd_action --service_name=${app}-web --action="stop" --log_path=/var/log/$app/$app-web.log --line_match="Goodbye" +ynh_systemd_action --service_name=${app}-sidekiq --action="stop" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Bye" +ynh_systemd_action --service_name=${app}-streaming --action="stop" --log_path=/var/log/$app/$app-streaming.log --line_match="exiting" #================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE +# ADD SWAP IF NEEDED #================================================= +ynh_script_progression --message="Adding swap if needed..." --weight=1 -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Upgrading source files..." --weight=1 - - # Download Mastodon - tmpdir="$(mktemp -d)" - - mkdir $tmpdir/system - if [ -d "$final_path/live/public/system" ]; then - mv --verbose --no-target-directory --backup=numbered "$final_path/live/public/system" "$final_path/system.tmp" - fi - rsync -a "$config" "$tmpdir/." - ynh_secure_remove --file="$final_path/live" - - ynh_setup_source --dest_dir="$final_path/live" - - if [ -d "$final_path/system.tmp" ]; then - mv --verbose --no-target-directory "$final_path/system.tmp" "$final_path/live/public/system" - fi - rsync -a "$tmpdir/.env.production" "$final_path/live/." - ynh_secure_remove --file="$tmpdir" +total_memory=$(ynh_get_ram --total) +swap_needed=0 - # Clean files which are not needed anymore - ynh_secure_remove --file="$final_path/live/config/initializers/timeout.rb" +if [ $total_memory -lt $memory_needed ]; then + # Need a minimum of 8Go of memory + swap_needed=$(($memory_needed - $total_memory)) fi -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +ynh_script_progression --message="Adding $swap_needed Mo to swap..." +ynh_add_swap --size=$swap_needed #================================================= # UPGRADE DEPENDENCIES #================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=1 +ynh_script_progression --message="Upgrading Ruby and NodeJS..." --weight=1 -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -ynh_exec_warn_less ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" #================================================= -# NGINX CONFIGURATION +# "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...) #================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 - -# Create a dedicated NGINX config -ynh_add_nginx_config - -#================================================= -# SPECIFIC UPGRADE -#================================================= -# ADD SWAP IF NEEDED +# DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Adding swap if needed..." --weight=1 -total_memory=$(ynh_get_ram --total) -swap_needed=0 +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --weight=1 -if [ $total_memory -lt $memory_needed ]; then - # Need a minimum of 8Go of memory - swap_needed=$(($memory_needed - $total_memory)) -fi + # Download Mastodon + ynh_setup_source --dest_dir="$install_dir/live" --keep="public/system/" -ynh_script_progression --message="Adding $swap_needed Mo to swap..." -ynh_add_swap --size=$swap_needed + chmod 750 "$install_dir" + chmod -R o-rwx "$install_dir" + chown -R $app:www-data "$install_dir" +fi #================================================= -# BUILD APP +# BUILD ASSETS #================================================= -ynh_script_progression --message="Building app..." --weight=1 +ynh_script_progression --message="Building assets..." --weight=1 -pushd "$final_path/live" +pushd "$install_dir/live" ynh_use_ruby ynh_gem update --system ynh_gem install bundler --no-document @@ -244,71 +95,68 @@ pushd "$final_path/live" ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle config set force_ruby_platform true --quiet ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle install -j$(getconf _NPROCESSORS_ONLN) ynh_use_nodejs - ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile + ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile --production --network-timeout 600000 ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:clean ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:precompile - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl cache clear popd -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies -ynh_package_autoremove - #================================================= -# UPDATE A CONFIG FILE +# REAPPLY SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Updating a config file..." --weight=1 - -language="$(echo $language | head -c 2)" +ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1 -ynh_add_config --template="../conf/.env.production.sample" --destination="$config" - -chmod 400 "$config" -chown $app:$app "$config" - -#================================================= -# SETUP SYSTEMD -#================================================= -ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 +ynh_add_nginx_config # Create a dedicated systemd config ynh_add_systemd_config --service="$app-web" --template="mastodon-web.service" +yunohost service add "$app-web" --description="$app web service" + ynh_add_systemd_config --service="$app-sidekiq" --template="mastodon-sidekiq.service" +yunohost service add "$app-sidekiq" --description="$app sidekiq service" + ynh_add_systemd_config --service="$app-streaming" --template="mastodon-streaming.service" +yunohost service add "$app-streaming" --description="$app streaming service" -#================================================= -# SETUP THE CRON FILE -#================================================= -ynh_script_progression --message="Setuping the cron file..." --weight=1 +ynh_add_config --template="cron" --destination="/etc/cron.d/$app" -ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" +# Use logrotate to manage app-specific logfile(s) +mkdir -p /var/log/$app +chown $app:$app /var/log/$app +ynh_use_logrotate --non-append #================================================= -# GENERIC FINALIZATION +# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...) #================================================= -# INTEGRATE SERVICE IN YUNOHOST +# UPDATE A CONFIG FILE #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 +ynh_script_progression --message="Updating a config file..." --weight=1 -yunohost service add "$app-web" --description="$app web service" -yunohost service add "$app-sidekiq" --description="$app sidekiq service" -yunohost service add "$app-streaming" --description="$app streaming service" +language="$(echo $language | head -c 2)" + +ynh_add_config --template=".env.production.sample" --destination="$config" + +chmod 400 "$config" +chown $app:$app "$config" #================================================= -# START SYSTEMD SERVICE +# APPLY MIGRATIONS #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message="Applying migrations..." --weight=1 -ynh_systemd_action --service_name=${app}-web --action="start" --log_path=systemd --line_match="Listening on" -ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=systemd --line_match="Schedules Loaded" -ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=systemd --line_match="Streaming API now listening" +pushd "$install_dir/live" + ynh_use_ruby + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl cache clear +popd #================================================= -# RELOAD NGINX +# START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemd_action --service_name=${app}-web --action="start" --log_path=/var/log/$app/$app-web.log --line_match="Listening on" +ynh_systemd_action --service_name=${app}-sidekiq --action="start" --log_path=/var/log/$app/$app-sidekiq.log --line_match="Schedules Loaded" +ynh_systemd_action --service_name=${app}-streaming --action="start" --log_path=/var/log/$app/$app-streaming.log --line_match="Streaming API now listening" #================================================= # END OF SCRIPT diff --git a/scripts/ynh_add_swap b/scripts/ynh_add_swap index d7ec44b..aa82c51 100644 --- a/scripts/ynh_add_swap +++ b/scripts/ynh_add_swap @@ -19,6 +19,13 @@ ynh_add_swap () { SD_CARD_CAN_SWAP=${SD_CARD_CAN_SWAP:-0} + # Can't swap inside an LXD + if [ "$(systemd-detect-virt)" == "lxc" ] + then + ynh_print_warn --message="You are inside a LXC container, swap will not be added, but that can cause troubles for the app $app. Please make sure you have more than 2.5G available RAM." + return + fi + # Swap on SD card only if it's is specified if ynh_is_main_device_a_sd_card && [ "$SD_CARD_CAN_SWAP" == "0" ] then diff --git a/scripts/ynh_install_ruby__2 b/scripts/ynh_install_ruby__2 index a2a83d0..521a182 100644 --- a/scripts/ynh_install_ruby__2 +++ b/scripts/ynh_install_ruby__2 @@ -36,7 +36,7 @@ build_pkg_dependencies="$build_pkg_dependencies $build_ruby_dependencies" # However, $PATH is duplicated into $ruby_path to outlast any manipulation of $PATH # You can use the variable `$ynh_ruby_load_path` to quickly load your Ruby version # in $PATH for an usage into a separate script. -# Exemple: $ynh_ruby_load_path $final_path/script_that_use_gem.sh` +# Exemple: $ynh_ruby_load_path $install_dir/script_that_use_gem.sh` # # # Finally, to start a Ruby service with the correct version, 2 solutions @@ -81,7 +81,7 @@ ynh_use_ruby () { ynh_ruby_load_path="PATH=$PATH" # Sets the local application-specific Ruby version - pushd $final_path + pushd $install_dir $rbenv_install_dir/bin/rbenv local $ruby_version popd } diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..c1f2069 --- /dev/null +++ b/tests.toml @@ -0,0 +1,26 @@ +test_format = 1.0 + +[default] + + # ------------ + # Tests to run + # ------------ + + exclude = ["install.multi", "install.private", "change_url"] + # The test IDs to be used in only/exclude statements are: install.root, install.subdir, install.nourl, install.multi, backup_restore, upgrade, upgrade.someCommitId change_url + + # ------------------------------- + # Default args to use for install + # ------------------------------- + + # Nothing to do here...yet + + # ------------------------------- + # Commits to test upgrade from + # ------------------------------- + + test_upgrade_from.43504e6.name = "Upgrade from 4.2.5~ynh1" + test_upgrade_from.43504e6.args.domain="domain.tld" + test_upgrade_from.43504e6.args.is_public=1 + test_upgrade_from.43504e6.args.admin="john" + test_upgrade_from.43504e6.args.language="fr_FR" |