Install web portal properly

For the most part

conf/web.service

@@ -0,0 +1,75 @@
+[Unit]
+### see man systemd.unit
+Description=Snikket Web Server
+After=network.target remote-fs.target
+Documentation=https://snikket.org/service/help/
+
+[Service]
+### See man systemd.service ###
+# With this configuration, systemd takes care of daemonization
+# so Prosody should be configured with daemonize = false
+Type=simple
+
+# Not sure if this is needed for 'simple'
+RuntimeDirectory=snikket
+
+# Load environment file used by Snikket
+EnvironmentFile=/etc/snikket/environment
+
+# Start by executing the main executable
+ExecStart=__INSTALL_DIR__/snikket_web/.venv/bin/python3 -m hypercorn -b localhost:__PORT__ --access-logfile=- --log-file=- 'snikket_web:create_app()'
+
+ExecReload=/bin/kill -HUP $MAINPID
+
+# Restart on crashes
+Restart=on-abnormal
+
+# Set O_NONBLOCK flag on sockets passed via socket activation
+NonBlocking=true
+
+### See man systemd.exec ###
+
+WorkingDirectory=__INSTALL_DIR__
+
+User=__APP__
+Group=__APP__
+
+# Nice=0
+
+# Set stdin to /dev/null since Prosody does not need it
+StandardInput=null
+
+# Direct stdout/-err to journald for use with log = "*stdout"
+StandardOutput=journal
+StandardError=inherit
+
+# This usually defaults to 4k or so
+# LimitNOFILE=1M
+
+## Interesting protection methods
+# Finding a useful combo of these settings would be nice
+#
+# Needs read access to /etc/prosody for config
+# Needs write access to /var/lib/prosody for storing data (for internal storage)
+# Needs write access to /var/log/prosody for writing logs (depending on config)
+# Needs read access to code and libraries loaded
+
+# ReadWriteDirectories=/var/lib/prosody /var/log/prosody
+# InaccessibleDirectories=/boot /home /media /mnt /root /srv
+# ReadOnlyDirectories=/usr /etc/prosody
+
+# PrivateTmp=true
+# PrivateDevices=true
+# PrivateNetwork=false
+
+# ProtectSystem=full
+# ProtectHome=true
+# ProtectKernelTunables=true
+# ProtectControlGroups=true
+# SystemCallFilter=
+
+# This should break LuaJIT
+# MemoryDenyWriteExecute=true
+
+[Install]
+WantedBy=multi-user.target

manifest.toml

@@ -54,8 +54,10 @@ ram.runtime = "50M"
     url = "https://hg.prosody.im/prosody-modules/archive/095030677ae6.tar.gz"
     sha256 = "8c2a51ef72cbe86a3b2a8e5c4d8656ee1d167f153223b481b5e8c4c5ed85f11d"
     [resources.sources.snikket-portal]
-    url = "https://github.com/snikket-im/snikket-web-portal/archive/7c0310a141d45d71ccf4505f56267d2f4213ca08.tar.gz"
+    url = "snikket/snikket-web-portal:dev"
-    sha256 = "3b0afaf99c7360b5813cf7e10021827fa9bd13e40e169ef68004ffec3bb6fa92"
+    sha256 = "a43d2131ac32ebdc2394675bf33ea75a9e2996e13ea352398909a30feab27c16"
+    format = "docker"
+    prefetch = false # Prefetch doesn't seem to be supported with Docker images
 
     [resources.system_user]
 
@@ -74,15 +76,16 @@ ram.runtime = "50M"
     server.exposed="TCP"
     server.fixed=true
     http.default=5280
-    main.default=80
+    main.exposed="TCP"
     # TODO: Need to remove/disable Metronome *before* installation starts because of the port allocation here
+    # TODO: Or switch to using prosody_ynh as a dependency
 
     [resources.permissions]
     main.url = "/"
     main.additional_urls = [ "groups.__DOMAIN__/", "share.__DOMAIN__/" ]
 
     [resources.apt]
-    packages = "libicu-dev, libidn11-dev, libssl-dev, openssl, txt2man, lua-luaossl, lua-readline, dns-root-data, lua-dbi-sqlite3"
+    packages = "libicu-dev, libidn11-dev, libssl-dev, openssl, txt2man, lua-luaossl, lua-readline, dns-root-data, lua-dbi-sqlite3, build-essential, python3-dev, python3-pip, python3-venv"
     packages_from_raw_bash = """
     if [[ $YNH_DEBIAN_VERSION == "bullseye" ]]; then
         echo "lua5.2, lua5.2-expat, lua5.2-socket, lua5.2-sec, lua5.2-unbound, liblua5.2-dev, lua-busted";

scripts/install

@@ -34,6 +34,9 @@ ynh_setup_source --dest_dir="$snikketdir"
 moddir="$(mktemp -d)"
 ynh_setup_source --dest_dir="$moddir" --source_id=prosody-modules
 
+portaldir="$(mktemp -d)"
+ynh_setup_source --dest_dir="$portaldir" --source_id=snikket-portal
+
 #=================================================
 # SPECIFIC SETUP
 #=================================================
@@ -53,8 +56,6 @@ pushd "$builddir"
 	popd
 popd
 
-ynh_secure_remove --file="$builddir"
-
 #=================================================
 # ADD A CONFIGURATION
 #=================================================
@@ -102,6 +103,26 @@ do
   cp -r "$snikketdir/snikket-modules/$module" "/etc/$app/modules/$module"
 done < "../sources/snikket-modules.txt"
 
+#=================================================
+# SETUP SNIKKET ADMIN PORTAL
+#=================================================
+ynh_script_progression --message="Installing admin portal..."
+cp -r "${portaldir}/opt/snikket-web-portal/snikket_web/" "$install_dir/"
+pushd "$install_dir/snikket_web"
+  python -m venv .venv
+  cp -r "$portaldir"/usr/lib/python3/dist-packages/* .venv/lib/python*/site-packages/
+  cp -r "$portaldir"/usr/local/lib/python3.11/dist-packages/* .venv/lib/python*/site-packages/
+popd
+
+#=================================================
+# CLEAN TEMPORARY FILES
+#=================================================
+ynh_script_progression --message="Cleaning temporary files..."
+ynh_secure_remove --file="$builddir"
+ynh_secure_remove --file="$snikketdir"
+ynh_secure_remove --file="$moddir"
+ynh_secure_remove --file="$portaldir"
+
 #=================================================
 # SETUP SNIKKET CONFIG
 #=================================================
@@ -114,6 +135,10 @@ SNIKKET_ADMIN_EMAIL=${admin}
 SNIKKET_TWEAK_TURNSERVER=0
 ENV_SNIKKET_TWEAK_INTERNAL_HTTP_PORT=${port}
 ENV_SNIKKET_PROXY65_PORT=${port_file}
+
+SNIKKET_WEB_DOMAIN=${domain}
+SNIKKET_WEB_PROSODY_ENDPOINT=http://localhost:$port_http
+SNIKKET_WEB_SECRET_KEY=TODO
 EOF
 
 #=================================================
@@ -131,6 +156,9 @@ ynh_script_progression --message="Adding system configurations..."
 
 # Create a dedicated systemd config
 ynh_add_systemd_config
+yunohost service add "$app" --description="Chat that is simple, secure, and private" --log="/var/log/$app/$app.log"
+ynh_add_systemd_config --service="$app-web" --template="web.service"
+yunohost service add "$app-web" --description="Chat that is simple, secure, and private" --log="/var/log/$app-web/$app-web.log"
 # Create a dedicated NGINX config using the conf/nginx.conf template
 ynh_add_nginx_config
 
@@ -150,13 +178,6 @@ chown -R $app:$app "/var/lib/$app"
 # Use logrotate to manage application logfile(s)
 ynh_use_logrotate
 
-#=================================================
-# INTEGRATE SERVICE IN YUNOHOST
-#=================================================
-ynh_script_progression --message="Integrating service in YunoHost..."
-
-yunohost service add "$app" --description="Chat that is simple, secure, and private" --log="/var/log/$app/$app.log"
-
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
@@ -164,6 +185,7 @@ ynh_script_progression --message="Starting a systemd service..."
 
 # Start a systemd service
 ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name="$app-web" --action="start" --log_path="/var/log/$app/$app-web.log"
 
 #=================================================
 # END OF SCRIPT

scripts/remove

@@ -20,10 +20,12 @@ if ynh_exec_warn_less yunohost service status $app >/dev/null
 then
 	ynh_script_progression --message="Removing $app service integration..."
 	yunohost service remove $app
+	yunohost service remove $app-web
 fi
 
 # Remove the dedicated systemd config
 ynh_remove_systemd_config
+ynh_remove_systemd_config --service=$app-web
 
 # Remove the app-specific logrotate config
 ynh_remove_logrotate