-
Notifications
You must be signed in to change notification settings - Fork 12
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* add schema * add daemon * finalization * fixes * systemd config renamed to $app-daemon * fixes * fixes * gorgotten yunohost service remove "$app" * fixes * fix StandardOutput * fix this damn pidfile * better comment for posterity * fix yunohost service remove * update config files * fix domain name change * use the provided config file template at install * Auto-update README * post install: show explicitely the admin login (email) * trying to fix the systemd config * fix pidfile config indentation * add log path * remove irrelevant comment * delete an eventual remaining daemon.pid at restoration * fixes * fix a typo for all_users * adding comment: "Removing the cron..." * use ynh_secure_remove instead of rm * add pre upgrade message about the daemon * fix service name * comment --------- Co-authored-by: yunohost-bot <yunohost@yunohost.org>
- Loading branch information
1 parent
f1890e8
commit f316878
Showing
15 changed files
with
145 additions
and
32 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
[Unit] | ||
Description=Friendica daemon | ||
After=network.target mariadb.service | ||
Requires=network.target remote-fs.target nss-lookup.target | ||
|
||
[Service] | ||
User=__APP__ | ||
Group=__APP__ | ||
WorkingDirectory=__INSTALL_DIR__/ | ||
Type=simple | ||
StandardOutput=append:/var/log/__APP__/daemon.log | ||
StandardError=inherit | ||
ExecStart=/usr/bin/php__PHPVERSION__ __INSTALL_DIR__/bin/daemon.php start | ||
ExecStop=/usr/bin/php__PHPVERSION__ __INSTALL_DIR__/bin/daemon.php stop | ||
PIDFile=__INSTALL_DIR__/daemon.pid | ||
PrivateTmp=true | ||
InaccessibleDirectories=/home /root /boot /opt /mnt /media | ||
ReadOnlyDirectories=/etc /usr | ||
Restart=always | ||
RestartSec=10 | ||
StartLimitBurst=1 | ||
StartLimitIntervalSec=10 | ||
|
||
# Sandboxing options to harden security | ||
# Depending on specificities of your service/app, you may need to tweak these | ||
# .. but this should be a good baseline | ||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html | ||
NoNewPrivileges=yes | ||
PrivateTmp=yes | ||
PrivateDevices=yes | ||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK | ||
RestrictNamespaces=yes | ||
RestrictRealtime=yes | ||
DevicePolicy=closed | ||
ProtectClock=yes | ||
ProtectHostname=yes | ||
ProtectProc=invisible | ||
ProtectSystem=full | ||
ProtectControlGroups=yes | ||
ProtectKernelModules=yes | ||
ProtectKernelTunables=yes | ||
LockPersonality=yes | ||
SystemCallArchitectures=native | ||
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged | ||
|
||
# Denying access to capabilities that should not be relevant for webapps | ||
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html | ||
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD | ||
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE | ||
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT | ||
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK | ||
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM | ||
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG | ||
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE | ||
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW | ||
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG | ||
|
||
[Install] | ||
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
You can now login to <https://__DOMAIN__> using `__EMAIL__` and your usual YunoHost password. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Vous pouvez désormais vous connecter à <https://__DOMAIN__> en utilisant `__EMAIL__` et votre mot de passe YunoHost habituel. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
This update will make your Friendica instance use a daemon to handle background tasks, instead of a cron. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters