Install web portal properly

For the most part
This commit is contained in:
Norbi Peti 2024-06-10 03:23:02 +02:00
parent 008a113068
commit 28d41d79c4
4 changed files with 115 additions and 13 deletions

75
conf/web.service Normal file
View file

@ -0,0 +1,75 @@
[Unit]
### see man systemd.unit
Description=Snikket Web Server
After=network.target remote-fs.target
Documentation=https://snikket.org/service/help/
[Service]
### See man systemd.service ###
# With this configuration, systemd takes care of daemonization
# so Prosody should be configured with daemonize = false
Type=simple
# Not sure if this is needed for 'simple'
RuntimeDirectory=snikket
# Load environment file used by Snikket
EnvironmentFile=/etc/snikket/environment
# Start by executing the main executable
ExecStart=__INSTALL_DIR__/snikket_web/.venv/bin/python3 -m hypercorn -b localhost:__PORT__ --access-logfile=- --log-file=- 'snikket_web:create_app()'
ExecReload=/bin/kill -HUP $MAINPID
# Restart on crashes
Restart=on-abnormal
# Set O_NONBLOCK flag on sockets passed via socket activation
NonBlocking=true
### See man systemd.exec ###
WorkingDirectory=__INSTALL_DIR__
User=__APP__
Group=__APP__
# Nice=0
# Set stdin to /dev/null since Prosody does not need it
StandardInput=null
# Direct stdout/-err to journald for use with log = "*stdout"
StandardOutput=journal
StandardError=inherit
# This usually defaults to 4k or so
# LimitNOFILE=1M
## Interesting protection methods
# Finding a useful combo of these settings would be nice
#
# Needs read access to /etc/prosody for config
# Needs write access to /var/lib/prosody for storing data (for internal storage)
# Needs write access to /var/log/prosody for writing logs (depending on config)
# Needs read access to code and libraries loaded
# ReadWriteDirectories=/var/lib/prosody /var/log/prosody
# InaccessibleDirectories=/boot /home /media /mnt /root /srv
# ReadOnlyDirectories=/usr /etc/prosody
# PrivateTmp=true
# PrivateDevices=true
# PrivateNetwork=false
# ProtectSystem=full
# ProtectHome=true
# ProtectKernelTunables=true
# ProtectControlGroups=true
# SystemCallFilter=
# This should break LuaJIT
# MemoryDenyWriteExecute=true
[Install]
WantedBy=multi-user.target

View file

@ -54,8 +54,10 @@ ram.runtime = "50M"
url = "https://hg.prosody.im/prosody-modules/archive/095030677ae6.tar.gz" url = "https://hg.prosody.im/prosody-modules/archive/095030677ae6.tar.gz"
sha256 = "8c2a51ef72cbe86a3b2a8e5c4d8656ee1d167f153223b481b5e8c4c5ed85f11d" sha256 = "8c2a51ef72cbe86a3b2a8e5c4d8656ee1d167f153223b481b5e8c4c5ed85f11d"
[resources.sources.snikket-portal] [resources.sources.snikket-portal]
url = "https://github.com/snikket-im/snikket-web-portal/archive/7c0310a141d45d71ccf4505f56267d2f4213ca08.tar.gz" url = "snikket/snikket-web-portal:dev"
sha256 = "3b0afaf99c7360b5813cf7e10021827fa9bd13e40e169ef68004ffec3bb6fa92" sha256 = "a43d2131ac32ebdc2394675bf33ea75a9e2996e13ea352398909a30feab27c16"
format = "docker"
prefetch = false # Prefetch doesn't seem to be supported with Docker images
[resources.system_user] [resources.system_user]
@ -74,15 +76,16 @@ ram.runtime = "50M"
server.exposed="TCP" server.exposed="TCP"
server.fixed=true server.fixed=true
http.default=5280 http.default=5280
main.default=80 main.exposed="TCP"
# TODO: Need to remove/disable Metronome *before* installation starts because of the port allocation here # TODO: Need to remove/disable Metronome *before* installation starts because of the port allocation here
# TODO: Or switch to using prosody_ynh as a dependency
[resources.permissions] [resources.permissions]
main.url = "/" main.url = "/"
main.additional_urls = [ "groups.__DOMAIN__/", "share.__DOMAIN__/" ] main.additional_urls = [ "groups.__DOMAIN__/", "share.__DOMAIN__/" ]
[resources.apt] [resources.apt]
packages = "libicu-dev, libidn11-dev, libssl-dev, openssl, txt2man, lua-luaossl, lua-readline, dns-root-data, lua-dbi-sqlite3" packages = "libicu-dev, libidn11-dev, libssl-dev, openssl, txt2man, lua-luaossl, lua-readline, dns-root-data, lua-dbi-sqlite3, build-essential, python3-dev, python3-pip, python3-venv"
packages_from_raw_bash = """ packages_from_raw_bash = """
if [[ $YNH_DEBIAN_VERSION == "bullseye" ]]; then if [[ $YNH_DEBIAN_VERSION == "bullseye" ]]; then
echo "lua5.2, lua5.2-expat, lua5.2-socket, lua5.2-sec, lua5.2-unbound, liblua5.2-dev, lua-busted"; echo "lua5.2, lua5.2-expat, lua5.2-socket, lua5.2-sec, lua5.2-unbound, liblua5.2-dev, lua-busted";

View file

@ -34,6 +34,9 @@ ynh_setup_source --dest_dir="$snikketdir"
moddir="$(mktemp -d)" moddir="$(mktemp -d)"
ynh_setup_source --dest_dir="$moddir" --source_id=prosody-modules ynh_setup_source --dest_dir="$moddir" --source_id=prosody-modules
portaldir="$(mktemp -d)"
ynh_setup_source --dest_dir="$portaldir" --source_id=snikket-portal
#================================================= #=================================================
# SPECIFIC SETUP # SPECIFIC SETUP
#================================================= #=================================================
@ -53,8 +56,6 @@ pushd "$builddir"
popd popd
popd popd
ynh_secure_remove --file="$builddir"
#================================================= #=================================================
# ADD A CONFIGURATION # ADD A CONFIGURATION
#================================================= #=================================================
@ -102,6 +103,26 @@ do
cp -r "$snikketdir/snikket-modules/$module" "/etc/$app/modules/$module" cp -r "$snikketdir/snikket-modules/$module" "/etc/$app/modules/$module"
done < "../sources/snikket-modules.txt" done < "../sources/snikket-modules.txt"
#=================================================
# SETUP SNIKKET ADMIN PORTAL
#=================================================
ynh_script_progression --message="Installing admin portal..."
cp -r "${portaldir}/opt/snikket-web-portal/snikket_web/" "$install_dir/"
pushd "$install_dir/snikket_web"
python -m venv .venv
cp -r "$portaldir"/usr/lib/python3/dist-packages/* .venv/lib/python*/site-packages/
cp -r "$portaldir"/usr/local/lib/python3.11/dist-packages/* .venv/lib/python*/site-packages/
popd
#=================================================
# CLEAN TEMPORARY FILES
#=================================================
ynh_script_progression --message="Cleaning temporary files..."
ynh_secure_remove --file="$builddir"
ynh_secure_remove --file="$snikketdir"
ynh_secure_remove --file="$moddir"
ynh_secure_remove --file="$portaldir"
#================================================= #=================================================
# SETUP SNIKKET CONFIG # SETUP SNIKKET CONFIG
#================================================= #=================================================
@ -114,6 +135,10 @@ SNIKKET_ADMIN_EMAIL=${admin}
SNIKKET_TWEAK_TURNSERVER=0 SNIKKET_TWEAK_TURNSERVER=0
ENV_SNIKKET_TWEAK_INTERNAL_HTTP_PORT=${port} ENV_SNIKKET_TWEAK_INTERNAL_HTTP_PORT=${port}
ENV_SNIKKET_PROXY65_PORT=${port_file} ENV_SNIKKET_PROXY65_PORT=${port_file}
SNIKKET_WEB_DOMAIN=${domain}
SNIKKET_WEB_PROSODY_ENDPOINT=http://localhost:$port_http
SNIKKET_WEB_SECRET_KEY=TODO
EOF EOF
#================================================= #=================================================
@ -131,6 +156,9 @@ ynh_script_progression --message="Adding system configurations..."
# Create a dedicated systemd config # Create a dedicated systemd config
ynh_add_systemd_config ynh_add_systemd_config
yunohost service add "$app" --description="Chat that is simple, secure, and private" --log="/var/log/$app/$app.log"
ynh_add_systemd_config --service="$app-web" --template="web.service"
yunohost service add "$app-web" --description="Chat that is simple, secure, and private" --log="/var/log/$app-web/$app-web.log"
# Create a dedicated NGINX config using the conf/nginx.conf template # Create a dedicated NGINX config using the conf/nginx.conf template
ynh_add_nginx_config ynh_add_nginx_config
@ -150,13 +178,6 @@ chown -R $app:$app "/var/lib/$app"
# Use logrotate to manage application logfile(s) # Use logrotate to manage application logfile(s)
ynh_use_logrotate ynh_use_logrotate
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add "$app" --description="Chat that is simple, secure, and private" --log="/var/log/$app/$app.log"
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
#================================================= #=================================================
@ -164,6 +185,7 @@ ynh_script_progression --message="Starting a systemd service..."
# Start a systemd service # Start a systemd service
ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name="$app-web" --action="start" --log_path="/var/log/$app/$app-web.log"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

View file

@ -20,10 +20,12 @@ if ynh_exec_warn_less yunohost service status $app >/dev/null
then then
ynh_script_progression --message="Removing $app service integration..." ynh_script_progression --message="Removing $app service integration..."
yunohost service remove $app yunohost service remove $app
yunohost service remove $app-web
fi fi
# Remove the dedicated systemd config # Remove the dedicated systemd config
ynh_remove_systemd_config ynh_remove_systemd_config
ynh_remove_systemd_config --service=$app-web
# Remove the app-specific logrotate config # Remove the app-specific logrotate config
ynh_remove_logrotate ynh_remove_logrotate