1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2024-12-22 13:12:41 +00:00

Use generic configuration where possible

This commit is contained in:
J. King 2021-05-19 15:06:37 -04:00
parent fbe03a2534
commit 3a3b9231df
16 changed files with 59 additions and 135 deletions

33
dist/arch/PKGBUILD vendored
View file

@ -7,11 +7,13 @@ arch=("any")
url="https://thearsse.com/" url="https://thearsse.com/"
license=("MIT") license=("MIT")
depends=() depends=()
makedepends=("git" "php" "php-intl" "composer") makedepends=()
checkdepends=() checkdepends=()
optdepends=("php-pgsql: PostgreSQL database support" optdepends=("nginx: HTTP server"
"nginx: HTTP server" "apache: HTTP server"
"apache: HTTP server") "percona-server: Alternate database"
"postgresql: Alternate database"
"php-pgsql: PostgreSQL database support")
backup=("etc/webapps/arsse/config.php" "etc/php/php-fpm.d/arsse.conf") backup=("etc/webapps/arsse/config.php" "etc/php/php-fpm.d/arsse.conf")
install= install=
changelog= changelog=
@ -19,23 +21,32 @@ source=("arsse-0.9.1.tar.gz")
md5sums=("SKIP") md5sums=("SKIP")
package() { package() {
# define runtime dependencies
depends=("php" "php-intl" "php-sqlite" "php-fpm") depends=("php" "php-intl" "php-sqlite" "php-fpm")
# create most directories necessary forn the final package
cd "$pkgdir" cd "$pkgdir"
mkdir -p "usr/share/webapps/arsse" "usr/share/doc/arsse" "usr/share/licenses/arsse" "usr/lib/systemd/system" "usr/lib/sysusers.d" "usr/lib/tmpfiles.d" "etc/php/php-fpm.d/" "etc/webapps/arsse" "etc/webapps/arsse/nginx" mkdir -p "usr/share/webapps/arsse" "usr/share/doc/arsse" "usr/share/licenses/arsse" "usr/lib/systemd/system" "usr/lib/sysusers.d" "usr/lib/tmpfiles.d" "etc/php/php-fpm.d/" "etc/webapps/arsse" "etc/webapps/arsse/nginx"
#copy requisite files
cd "$srcdir/arsse" cd "$srcdir/arsse"
cp -r lib locale sql vendor www CHANGELOG UPGRADING README.md arsse.php "$pkgdir/usr/share/webapps/arsse" cp -r lib locale sql vendor www CHANGELOG UPGRADING README.md arsse.php "$pkgdir/usr/share/webapps/arsse"
cp -r manual/* "$pkgdir/usr/share/doc/arsse" cp -r manual/* "$pkgdir/usr/share/doc/arsse"
cp LICENSE AUTHORS "$pkgdir/usr/share/licenses/arsse" cp LICENSE AUTHORS "$pkgdir/usr/share/licenses/arsse"
cp dist/arch/*.service "$pkgdir/usr/lib/systemd/system" cp dist/systemd/* "$pkgdir/usr/lib/systemd/system"
cp dist/arch/sysuser.conf "$pkgdir/usr/lib/sysusers.d/arsse.conf" cp dist/sysuser.conf "$pkgdir/usr/lib/sysusers.d/arsse.conf"
cp dist/arch/tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/arsse.conf" cp dist/tmpfiles.conf "$pkgdir/usr/lib/tmpfiles.d/arsse.conf"
cp dist/arch/php-fpm.conf "$pkgdir/etc/php/php-fpm.d/arsse.conf" cp dist/php-fpm.conf "$pkgdir/etc/php/php-fpm.d/arsse.conf"
cp -r dist/arch/nginx config.defaults.php "$pkgdir/etc/webapps/arsse" cp -r dist/nginx config.defaults.php "$pkgdir/etc/webapps/arsse"
cd "$pkgdir" cd "$pkgdir"
# adjust permissions, just in case
chmod -R u=rwX,g=rX,o=rX * chmod -R u=rwX,g=rX,o=rX *
chmod u=r etc/webapps/arsse/ # create a symbolic link for the configuration file
ln -sT "/etc/webapps/arsse/config.php" "usr/share/webapps/arsse/config.php" ln -sT "/etc/webapps/arsse/config.php" "usr/share/webapps/arsse/config.php"
# copy files requiring special permissions
cd "$srcdir/arsse" cd "$srcdir/arsse"
install -DTm755 dist/arch/arsse.sh "$pkgdir/usr/bin/arsse" install -Dm755 dist/arsse "$pkgdir/usr/bin"
install -Dm640 dist/arch/config.php "$pkgdir/etc/webapps/arsse" install -Dm640 dist/arch/config.php "$pkgdir/etc/webapps/arsse"
# patch generic configuration files to use Arch-specific paths and identifiers
sed -ise 's/\/\(etc\|usr\/share\)\/arsse\//\/\1\/webapps\/arsse\//' "$pkgdir/etc/webapps/arsse/nginx/"* "$pkgdir/usr/lib/tmpfiles.d/arsse.conf" "$pkgdir/usr/lib/systemd/system/"* "$pkgdir/usr/bin/"*
sed -ise 's/\/var\/run\/php\//\/run\/php-fpm\//' "$pkgdir/etc/webapps/arsse/nginx/"* "$pkgdir/etc/php/php-fpm.d/arsse.conf"
sed -ise 's/www-data/http/' "$pkgdir/etc/php/php-fpm.d/arsse.conf"
} }

View file

@ -1,17 +0,0 @@
root /usr/share/webapps/arsse/www;
location @arsse {
# HTTP authentication may be enabled for this location, though this may impact some features
fastcgi_pass unix:/run/php-fpm/arsse.sock;
fastcgi_param SCRIPT_FILENAME /usr/share/webapps/arsse/arsse.php;
include /etc/webapps/arsse/nginx/arsse-fcgi.conf;
}
location @arsse_public {
# HTTP authentication should not be enabled for this location
fastcgi_pass unix:/run/php-fpm/arsse.sock;
fastcgi_param SCRIPT_FILENAME /usr/share/webapps/arsse/arsse.php;
include /etc/webapps/arsse/nginx/arsse-fcgi.conf;
}
include /etc/webapps/arsse/nginx/arsse-loc.conf;

View file

@ -1 +0,0 @@
u arsse - "The Arsse" /usr/lib/arsse -

View file

@ -1 +0,0 @@
z /etc/webapps/arsse/config.php - root arsse - -

View file

@ -7,4 +7,4 @@ if (posix_geteuid() == 0) {
posix_setuid($info['uid']); posix_setuid($info['uid']);
} }
} }
require "/usr/share/webapps/arsse/arsse.php"; require "/usr/share/arsse/arsse.php";

15
dist/arsse.service vendored
View file

@ -1,15 +0,0 @@
[Unit]
Description=The Arsse feed fetching service
After=network.target mysql.service postgresql.service
[Service]
User=www-data
Group=www-data
WorkingDirectory=/usr/share/arsse
Type=simple
StandardOutput=null
StandardError=syslog
ExecStart=/usr/bin/env php /usr/share/arsse/arsse.php daemon
[Install]
WantedBy=multi-user.target

75
dist/nginx.conf vendored
View file

@ -1,75 +0,0 @@
server {
server_name example.com;
listen 80; # adding HTTPS configuration is highly recommended
root /usr/share/arsse/www; # adjust according to your installation path
location / {
try_files $uri $uri/ =404;
}
location @arsse {
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; # adjust according to your system configuration
fastcgi_pass_header Authorization; # required if the Arsse is to perform its own HTTP authentication
fastcgi_pass_request_body on;
fastcgi_pass_request_headers on;
fastcgi_intercept_errors off;
fastcgi_buffering off;
fastcgi_param SCRIPT_FILENAME /usr/share/arsse/arsse.php; # adjust according to your installation path
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param REQUEST_URI $uri;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param REMOTE_USER $remote_user;
}
# Nextcloud News protocol
location /index.php/apps/news/api {
try_files $uri @arsse;
location ~ ^/index\.php/apps/news/api/?$ {
# this path should not be behind HTTP authentication
try_files $uri @arsse;
}
}
# Tiny Tiny RSS protocol
location /tt-rss/api {
try_files $uri @arsse;
}
# Tiny Tiny RSS feed icons
location /tt-rss/feed-icons/ {
try_files $uri @arsse;
}
# Tiny Tiny RSS special-feed icons; these are static files
location /tt-rss/images/ {
# this path should not be behind HTTP authentication
try_files $uri =404;
}
# Fever protocol
location /fever/ {
# this path should not be behind HTTP authentication
try_files $uri @arsse;
}
# Miniflux protocol
location /v1/ {
try_files $uri @arsse;
}
# Miniflux version number
location /version {
# this path should not be behind HTTP authentication
try_files $uri @arsse;
}
# Miniflux "health check"
location /healthcheck {
# this path should not be behind HTTP authentication
try_files $uri @arsse;
}
}

17
dist/nginx/arsse.conf vendored Normal file
View file

@ -0,0 +1,17 @@
root /usr/share/arsse/www;
location @arsse {
# HTTP authentication may be enabled for this location, though this may impact some features
fastcgi_pass unix:/var/run/php/arsse.sock;
fastcgi_param SCRIPT_FILENAME /usr/share/arsse/arsse.php;
include /etc/arsse/nginx/arsse-fcgi.conf;
}
location @arsse_public {
# HTTP authentication should not be enabled for this location
fastcgi_pass unix:/var/run/php/arsse.sock;
fastcgi_param SCRIPT_FILENAME /usr/share/arsse/arsse.php;
include /etc/arsse/nginx/arsse-fcgi.conf;
}
include /etc/arsse/nginx/arsse-loc.conf;

View file

@ -9,5 +9,5 @@ server {
ssl_certificate_key /etc/letsencrypt/live/news.example.com/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/news.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/news.example.com/chain.pem; ssl_trusted_certificate /etc/letsencrypt/live/news.example.com/chain.pem;
include /etc/webapps/arsse/nginx/arsse.conf; include /etc/arsse/nginx/arsse.conf;
} }

View file

@ -1,9 +1,9 @@
[arsse] [arsse]
user = arsse user = arsse
group = arsse group = arsse
listen = /run/php-fpm/arsse.sock listen = /var/run/php/arsse.sock
listen.owner = arsse listen.owner = arsse
listen.group = http listen.group = www-data
pm = dynamic pm = dynamic
pm.max_children = 5 pm.max_children = 5
pm.start_servers = 2 pm.start_servers = 2

View file

@ -3,11 +3,14 @@ Description=The Arsse newsfeed fetching service
Documentation=https://thearsse.com/manual/ Documentation=https://thearsse.com/manual/
PartOf=arsse.service PartOf=arsse.service
[Install]
WantedBy=multi-user.target
[Service] [Service]
User=arsse User=arsse
Group=arsse Group=arsse
Type=simple Type=simple
WorkingDirectory=/usr/share/webapps/arsse WorkingDirectory=/usr/share/arsse
ExecStart=/usr/bin/arsse daemon ExecStart=/usr/bin/arsse daemon
ProtectProc=invisible ProtectProc=invisible
@ -15,11 +18,7 @@ NoNewPrivileges=true
ProtectSystem=full ProtectSystem=full
ProtectHome=true ProtectHome=true
StateDirectory=arsse StateDirectory=arsse
ConfigurationDirectory=webapps/arsse ConfigurationDirectory=arsse
ReadOnlyPaths=/
ReadWriePaths=/var/lib/arsse
NoExecPaths=/
ExecPaths=/usr/bin/php /usr/bin/php7
PrivateTmp=true PrivateTmp=true
PrivateDevices=true PrivateDevices=true
RestrictSUIDSGID=true RestrictSUIDSGID=true
@ -29,5 +28,9 @@ SyslogIdentifier=arsse
Restart=on-failure Restart=on-failure
RestartPreventStatus= RestartPreventStatus=
[Install] # These directives can be used for extra security, but are disabled for now for compatibility
WantedBy=multi-user.target
#ReadOnlyPaths=/
#ReadWriePaths=/var/lib/arsse
#NoExecPaths=/
#ExecPaths=/usr/bin/php /usr/bin/php7

View file

@ -5,9 +5,9 @@ Requires=arsse-fetch.service
BindsTo=php-fpm.service BindsTo=php-fpm.service
After=php-fpm.service After=php-fpm.service
[Install]
WantedBy=multi-user.target
[Service] [Service]
Type=oneshot Type=oneshot
RemainAfterExit=true RemainAfterExit=true
[Install]
WantedBy=multi-user.target

1
dist/sysuser.conf vendored Normal file
View file

@ -0,0 +1 @@
u arsse - "The Arsse" /var/lib/arsse -

1
dist/tmpfiles.conf vendored Normal file
View file

@ -0,0 +1 @@
z /etc/arsse/config.php - root arsse - -