Initial commit

Author: JimboJoe

check_process

@@ -0,0 +1,35 @@
+;; Test complet
+	; Manifest
+		domain="domain.tld"	(DOMAIN)
+		path="/path"	(PATH)
+		admin="john"	(USER)
+		is_public=1	(PUBLIC|public=1|private=0)
+	; Checks
+		pkg_linter=1
+		setup_sub_dir=1
+		setup_root=1
+		# setup_nourl=0
+		# setup_private=1
+		# setup_public=1
+		# upgrade=1
+		# backup_restore=1
+		# multi_instance=1
+		# incorrect_path=1
+		# port_already_use=0
+		# change_url=1
+;;; Levels
+	Level 1=auto
+	Level 2=auto
+	Level 3=auto
+	Level 4=1
+# https://github.com/YunoHost-Apps/piwigo_ynh/issues/4
+	Level 5=1
+# https://github.com/YunoHost-Apps/piwigo_ynh/issues/5
+	Level 6=auto
+	Level 7=auto
+	Level 8=0
+	Level 9=0
+  Level 10=0
+;;; Options
+Email=
+Notification=none

conf/app.src

@@ -0,0 +1,3 @@
+SOURCE_URL=https://github.com/discourse/discourse/archive/v1.9.4.tar.gz
+SOURCE_SUM=68a2167fda5689a2817534183c3b890f8657677bc883c34e5dd40ac1cbf0c3ac
+SOURCE_FORMAT=tar.gz

conf/discourse-puma.service

@@ -0,0 +1,22 @@
+[Unit]
+Description=__APP__ puma service
+Wants=postgresql.service
+Wants=redis-server.service
+After=redis-server.service
+After=postgresql.service
+After=discourse-sidekiq.service
+Requires=discourse-sidekiq.service
+
+[Service]
+User=__APP__
+Group=__APP__
+WorkingDirectory=__FINALPATH__
+Environment=RAILS_ENV=production
+ExecStart=__FINALPATH__/bin/bundle exec puma --config config/puma.rb -e production
+ExecStop=__FINALPATH__/bin/bundle exec pumactl stop
+RemainAfterExit=true
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target

conf/discourse-sidekiq.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=__APP__ sidekiq service
+After=network.target
+
+[Service]
+User=__APP__
+Group=__APP__
+WorkingDirectory=__FINALPATH__
+Environment=RAILS_ENV=production
+ExecStart=__FINALPATH__/bin/bundle exec sidekiq -C config/sidekiq.yml
+Restart=always
+RestartSec=10
+
+[Install]
+WantedBy=multi-user.target

conf/ldap-auth.src

@@ -0,0 +1,3 @@
+SOURCE_URL=https://github.com/jonmbake/discourse-ldap-auth/archive/v0.3.5.tar.gz
+SOURCE_SUM=18aa689a2583ca1dc6bb75257a8bd951e6bbc6b16d64f5585b0452ffe0e91a8c
+SOURCE_FORMAT=tar.gz

conf/nginx.conf

@@ -0,0 +1,210 @@
+  # maximum file upload size (keep up to date when changing the corresponding site setting)
+  client_max_body_size 10m;
+
+  # path to discourse's public directory
+  set $public __FINALPATH__/public/;
+
+  # without weak etags we get zero benefit from etags on dynamically compressed content
+  # further more etags are based on the file in nginx not sha of data
+  # use dates, it solves the problem fine even cross server
+  etag off;
+
+  # prevent direct download of backups
+  location ^~ __PATH__/backups/ {
+    internal;
+  }
+
+  # bypass rails stack with a cheap 204 for favicon.ico requests
+  location __PATH__/favicon.ico {
+    return 204;
+    access_log off;
+    log_not_found off;
+  }
+
+  location __PATH__ {
+    alias $public;
+    add_header ETag "";
+
+    if ($scheme = http) {
+            rewrite ^ https://$server_name$request_uri? permanent;
+    }
+
+    # auth_basic on;
+    # auth_basic_user_file /etc/nginx/htpasswd;
+
+    # Include SSOWAT user panel.
+    include conf.d/yunohost_panel.conf.inc;
+
+
+    location ~* (assets|plugins|uploads)/.*\.(eot|ttf|woff|woff2|ico)$ {
+      expires 1y;
+      add_header Cache-Control public,immutable;
+      add_header Access-Control-Allow-Origin *;
+     }
+
+    location = __PATH__/srv/status {
+      access_log off;
+      log_not_found off;
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Request-Start "t=${msec}";
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_pass http://unix:__FINALPATH__/tmp/sockets/puma.sock;
+      break;
+    }
+
+    # some minimal caching here so we don't keep asking
+    # longer term we should increas probably to 1y
+    location ~ ^/javascripts/ {
+      expires 1d;
+      add_header Cache-Control public,immutable;
+    }
+
+    location ~ ^/assets/(?<asset_path>.+)$ {
+      expires 1y;
+      # asset pipeline enables this
+      # brotli_static on;
+      gzip_static on;
+      add_header Cache-Control public,immutable;
+      # HOOK in asset location (used for extensibility)
+      # TODO I don't think this break is needed, it just breaks out of rewrite
+      break;
+    }
+
+    location ~ ^/plugins/ {
+      expires 1y;
+      add_header Cache-Control public,immutable;
+    }
+
+    # cache emojis
+    location ~ /images/emoji/ {
+      expires 1y;
+      add_header Cache-Control public,immutable;
+    }
+
+    location ~ ^/uploads/ {
+
+      # NOTE: it is really annoying that we can't just define headers
+      # at the top level and inherit.
+      #
+      # proxy_set_header DOES NOT inherit, by design, we must repeat it,
+      # otherwise headers are not set correctly
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Request-Start "t=${msec}";
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_set_header X-Sendfile-Type X-Accel-Redirect;
+      proxy_set_header X-Accel-Mapping $public/=/downloads/;
+      expires 1y;
+      add_header Cache-Control public,immutable;
+
+      ## optional upload anti-hotlinking rules
+      #valid_referers none blocked mysite.com *.mysite.com;
+      #if ($invalid_referer) { return 403; }
+
+      # custom CSS
+      location ~ /stylesheet-cache/ {
+          try_files $uri =404;
+      }
+      # this allows us to bypass rails
+      location ~* \.(gif|png|jpg|jpeg|bmp|tif|tiff|svg|ico|webp)$ {
+          try_files $uri =404;
+      }
+      # thumbnails & optimized images
+      location ~ /_?optimized/ {
+          try_files $uri =404;
+      }
+
+      proxy_pass http://unix:__FINALPATH__/tmp/sockets/puma.sock;
+      break;
+    }
+
+    location ~ ^/admin/backups/ {
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Request-Start "t=${msec}";
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_set_header X-Sendfile-Type X-Accel-Redirect;
+      proxy_set_header X-Accel-Mapping $public/=/downloads/;
+      proxy_pass http://unix:__FINALPATH__/tmp/sockets/puma.sock;
+      break;
+    }
+
+    # This big block is needed so we can selectively enable
+    # acceleration for backups and avatars
+    # see note about repetition above
+    location ~ ^/(letter_avatar/|user_avatar|highlight-js|stylesheets|favicon/proxied|service-worker) {
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Request-Start "t=${msec}";
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+
+      # if Set-Cookie is in the response nothing gets cached
+      # this is double bad cause we are not passing last modified in
+      proxy_ignore_headers "Set-Cookie";
+      proxy_hide_header "Set-Cookie";
+
+      # note x-accel-redirect can not be used with proxy_cache
+#      proxy_cache one;
+      proxy_cache_valid 200 301 302 7d;
+      proxy_cache_valid any 1m;
+      proxy_pass http://unix:__FINALPATH__/tmp/sockets/puma.sock;
+      break;
+    }
+
+#    location /letter_avatar_proxy/ {
+#      # Don't send any client headers to the avatars service
+#      proxy_method GET;
+#      proxy_pass_request_headers off;
+#      proxy_pass_request_body off;
+#
+#      # Don't let cookies interrupt caching, and don't pass them to the
+#      # client
+#      proxy_ignore_headers "Set-Cookie";
+#      proxy_hide_header "Set-Cookie";
+#
+#      proxy_cache one;
+#      proxy_cache_key $uri;
+#      proxy_cache_valid 200 7d;
+#      proxy_cache_valid 404 1m;
+#      proxy_set_header Connection "";
+#
+#      proxy_pass https://avatars.discourse.org/;
+#      break;
+#    }
+
+    # we need buffering off for message bus
+    location __PATH__/message-bus/ {
+      proxy_set_header X-Request-Start "t=${msec}";
+      proxy_set_header Host $http_host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+      proxy_http_version 1.1;
+      proxy_buffering off;
+      proxy_pass http://unix:__FINALPATH__/tmp/sockets/puma.sock;
+      break;
+    }
+
+    # this means every file in public is tried first
+    try_files $uri @__NAME__;
+  }
+
+  location __PATH__/downloads/ {
+    internal;
+    alias $public/;
+  }
+
+  location @__NAME__ {
+    add_header Referrer-Policy 'no-referrer-when-downgrade';
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Request-Start "t=${msec}";
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto https;
+    proxy_pass http://unix:__FINALPATH__/tmp/sockets/puma.sock;
+}

conf/secrets.yml

@@ -0,0 +1,8 @@
+development:
+  secret_key_base:
+
+test:
+  secret_key_base:
+
+production:
+  secret_key_base: __SECRET__

conf/sidekiq.yml

@@ -0,0 +1,11 @@
+---
+:concurrency: 5
+:pidfile: tmp/pids/sidekiq.pid
+staging:
+  :concurrency: 10
+production:
+  :concurrency: 20
+:queues:
+  - default
+  - critical
+  - low

manifest.json

@@ -0,0 +1,65 @@
+{
+    "name": "Discourse",
+    "id": "discourse",
+    "packaging_format": 1,
+    "description": {
+        "en": "photo gallery",
+        "fr": "Galerie photo"
+    },
+    "version": "1.9.4~ynh1",
+    "url": "http://Discourse.org",
+    "license": "GPL-2.0",
+    "maintainer": {
+        "name": "JimboJoe",
+        "email": "[email protected]",
+        "url": ""
+    },
+    "requirements": {
+    "yunohost": ">= 2.7.9"
+    },
+    "multi_instance": true,
+    "services": [
+        "nginx"
+    ],
+    "arguments": {
+        "install" : [
+            {
+                "name": "domain",
+                "type": "domain",
+                "ask": {
+                    "en": "Choose a domain for Discourse",
+                    "fr": "Choisissez un nom de domaine pour Discourse"
+                },
+                "example": "domain.org"
+            },
+            {
+                "name": "path",
+                "type": "path",
+                "ask": {
+                    "en": "Choose a path for Discourse",
+                    "fr": "Choisissez un chemin pour Discourse"
+                },
+                "example": "/forum",
+                "default": "/forum"
+            },
+            {
+                "name": "admin",
+                "type": "user",
+                "ask": {
+                    "en": "Choose an admin user",
+                    "fr": "Choisissez l'administrateur"
+                },
+                "example": "homer"
+            },
+            {
+                "name": "is_public",
+                "type": "boolean",
+                "ask": {
+                    "en": "Is it a public application?",
+                    "fr": "Est-ce une application publique ?"
+                },
+                "default": true
+            }
+        ]
+    }
+}