Mise à jour du README

README.md

@@ -39,7 +39,9 @@ sudo apt install  imagemagick \
                   certbot \
                   python3-certbot-nginx
 ```
+
 ### Création de l'utilisateur Système: pleroma
+
 ```
 sudo adduser --system --shell /bin/false \
             --home /opt/pleroma pleroma
@@ -50,6 +52,7 @@ export FLAVOUR="amd64"
 
 
 ### Téléchargement, décompression
+
 ```
 sudo su pleroma -s $SHELL -lc "
 curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' \
@@ -59,6 +62,7 @@ unzip /tmp/pleroma.zip -d /tmp/
 ```
 
 ### Déplacement de la release
+
 ```
 sudo su pleroma -s $SHELL -lc "
 mv /tmp/release/* /opt/pleroma
@@ -68,6 +72,7 @@ rm /tmp/pleroma.zip
 ```
 
 ### Création des Dossiers
+
 ```
 sudo mkdir -p /var/lib/pleroma/{uploads,static}
 sudo mkdir -p /etc/pleroma
@@ -76,11 +81,14 @@ sudo chown -R pleroma /etc/pleroma
 ```
 
 ## Générateur de configuration
+
 ```
 sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql"
 ```
 
 ## Configuration:par le questionnaire
+
+```
 - What domain will your instance use? (e.g pleroma.soykaf.com) [] toot.chalec.org
 - What is the name of your instance? (e.g. The Corndog Emporium) [toot.chalec.org] Le Fédivers de Chalec.org
 - What is your admin email address? [] contact+toot@chalec.org
@@ -90,7 +98,7 @@ sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pler
 - What is the hostname of your database? [localhost] 
 - What is the name of your database? [pleroma] 
 - What is the user used to connect to your database? [pleroma] 
-- What is the password used to connect to your database? [autogenerated] ***
+- What is the password used to connect to your database? [autogenerated]
 - Would you like to use RUM indices? [n] 
 - What port will the app listen to (leave it if you are using the default setup with nginx)? [4000]
 - What ip will the app listen to (leave it if you are using the default setup with nginx)? [127.0.0.1]
@@ -99,17 +107,22 @@ sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pler
 - Do you want to strip location (GPS) data from uploaded images? This requires exiftool, it was detected as installed. (y/n) [y] 
 - Do you want to anonymize the filenames of uploads? (y/n) [n] y
 - Do you want to deduplicate uploaded files? (y/n) [n]
+```
 
 # Création de la base de données Postgresql
+
 ```
 sudo su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"
 ```
+
 ## Création du schéma de la base de données
+
 ```
 sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
 ```
 
 # Firewall
+
 ```
 sudo ufw allow 443
 sudo ufw allow 80
@@ -117,6 +130,7 @@ sudo ufw allow 4000
 ```
 
 # Nginx
+
 ```
 ## Copy example file
 sudo cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/toot.chalec.org.conf
@@ -127,11 +141,13 @@ sudo nano /etc/nginx/sites-available/toot.chalec.org.conf
 ```
 
 # Let's encrypt
+
 ```
 sudo certbot certonly -d toot.chalec.org
 ```
 
 # Service SystemD
+
 ```
 # Copy the service into a proper directory
 sudo cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
@@ -140,31 +156,39 @@ sudo systemctl enable pleroma
 ```
 
 # Activation de nginx
+
 ```
 sudo ln -s /etc/nginx/sites-available/toot.chalec.org.conf /etc/nginx/sites-enabled/toot.chalec.org
 sudo nginx -t && sudo systemctl restart nginx
 ```
 
 # Création de l'utilisateur admin
+
 ```
 cd /opt/pleroma
 sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl user new admin contact+toot@chalec.org --admin"
 ```
 
-# Installation du front-end soapbox
+# Installation et mise à jour du front-end soapbox
+
 ```
+# Pour la première installation
 sudo apt install busybox
+
+# Installation et mise à jour
 cd /tmp
 curl -L https://gitlab.com/soapbox-pub/soapbox-fe/-/jobs/artifacts/v1.3.0/download?job=build-production -o soapbox-fe.zip
 sudo busybox unzip soapbox-fe.zip -o -d /var/lib/pleroma
 ```
 
 # Optimisation de Postgresql
+
 ```
 sudo nano /etc/postgresql/13/main/postgresql.conf
 ```
 
 ## Valeurs changées dans postgresql
+
 ```
 # Values to change according to https://pgtune.leopard.in.ua/
 # DB Version: 13
@@ -198,3 +222,110 @@ max_parallel_maintenance_workers = 2
 ```
 sudo systemctl restart postgresql
 ```
+
+# Mise à jour de Pleroma
+
+```
+sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl update"
+sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
+```
+
+# Configuration de nginx
+
+```
+# default nginx site config for Pleroma
+#
+# Simple installation instructions:
+# 1. Install your TLS certificate, possibly using Let's Encrypt.
+# 2. Replace 'example.tld' with your instance's domain wherever it appears.
+# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
+#    in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
+
+proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
+                 inactive=720m use_temp_path=off;
+
+# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
+# and `localhost.` resolves to [::0] on some systems: see issue #930
+upstream phoenix {
+    server 127.0.0.1:4000 max_fails=5 fail_timeout=60s;
+}
+
+server {
+    server_name    toot.chalec.org;
+
+    # Uncomment this if you need to use the 'webroot' method with certbot. Make sure
+    # that the directory exists and that it is accessible by the webserver. If you followed
+    # the guide, you already ran 'mkdir -p /var/lib/letsencrypt' to create the folder.
+    # You may need to load this file with the ssl server block commented out, run certbot
+    # to get the certificate, and then uncomment it.
+    #
+    # location ~ /\.well-known/acme-challenge {
+    #     root /var/lib/letsencrypt/;
+    # }
+
+    return         302 https://$server_name$request_uri;
+
+    listen [::]:80; # managed by Certbot
+    listen 80; # managed by Certbot
+}
+
+# Enable SSL session caching for improved performance
+ssl_session_cache shared:ssl_session_cache:10m;
+
+server {
+ 
+    set_real_ip_from  192.168.1.1;
+    real_ip_header proxy_protocol;
+
+    server_name toot.chalec.org;
+
+    listen 0.0.0.0:443 ssl proxy_protocol;
+    listen [::]:443 ssl ipv6only=on;
+
+    ssl_certificate /etc/letsencrypt/live/toot.chalec.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/toot.chalec.org/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+    gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 6;
+    gzip_buffers 16 8k;
+    gzip_http_version 1.1;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
+
+    # the nginx default is 1m, not enough for large media uploads
+    client_max_body_size 16m;
+    ignore_invalid_headers off;
+
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+    location / {
+        proxy_pass http://phoenix;
+    }
+
+    location ~ ^/(media|proxy) {
+        proxy_cache        pleroma_media_cache;
+        slice              1m;
+        proxy_cache_key    $host$uri$is_args$args$slice_range;
+        proxy_set_header   Range $slice_range;
+        proxy_cache_valid  200 206 301 304 1h;
+        proxy_cache_lock   on;
+        proxy_ignore_client_abort on;
+        proxy_buffering    on;
+        chunked_transfer_encoding on;
+        proxy_pass         http://phoenix;
+    }
+
+}
+```
+
+# Sources
+- OTP Installation : https://docs-develop.pleroma.social/backend/installation/otp_en/
+- Mise à jour de Pleroma : https://docs.pleroma.social/backend/administration/updating/
+- Soapbox: https://gitlab.com/soapbox-pub/soapbox-fe/
+- logo : https://git.a-lec.org/a-lec/commissions/chalec/identite-visuelle/-/blob/main/vecteurs/chalecolor/toot.chalec.org.svg

check_update_pleroma

@@ -0,0 +1,76 @@
+#!/bin/bash 
+# GNU AGPLv3+
+# Nagios plugin to check Gitea version
+
+function usage()
+{
+ echo "Usage : $0"
+}
+
+
+function getCurrentVersion
+{
+    local result
+
+    local json=$(curl -s -X GET "https://forge.chalec.org/api/v1/version" -H  "accept: application/json")
+    #echo "[$json]"
+    
+    # {"version":"1.11.1"}
+    local regexp='\{"version":"(.*)"}'
+    if [[ $json =~ $regexp ]]; then
+        result=${BASH_REMATCH[1]}
+    else
+        result=
+    fi
+
+    echo "$result"
+}   
+
+function getLastVersionFromGithub
+{
+    local result
+    
+    local owner="$1"
+    local repo="$2"
+
+    local json=$(curl -s -X GET https://api.github.com/repos/$owner/$repo/releases/latest |grep tag_name)
+    #echo "[$json]"
+
+    # [  "tag_name": "v1.11.1",]
+    local regexp='.*"tag_name": "v(.+)".*'
+
+    if [[ $json =~ $regexp ]]; then
+        result=${BASH_REMATCH[1]}
+    else
+        result=
+    fi
+   
+    echo "$result"
+}
+
+
+#
+if [ "$#" -ne 0 ]; then
+    usage
+else
+    currentVersion=$(getCurrentVersion)
+    #echo "Current version = $currentVersion"
+    
+    lastVersion=$(getLastVersionFromGithub "go-gitea" "gitea")
+    #echo "Last version    = $lastVersion"
+
+    if [ $currentVersion = $lastVersion ]; then
+        echo "OK"
+        result=0
+    else
+        echo "WARNING : new version available, current is $currentVersion, last is $lastVersion."
+        result=1
+    fi    
+fi
+exit $result
+
+
+#
+# LAST_VERSION=$(curl --silent https://gitlab.com/api/v4/projects/21505091/repository/tags | jq -r '.[0].name')
+# lastVersion=$(curl -s https://framagit.org/api/v4/projects/20125/releases | jshon -a -e name 2>/dev/null | sed -e "/rc/d" | cut -d '"' -f2 | grep -v '[\^\(alpha\)]'|head -n 1)
+# lastVersion=$(curl -s https://framagit.org/api/v4/projects/16/releases | jshon -a -e name|cut -d '"' -f2|grep -v '[\^\(alpha\)]'|sort -rV|head -n 1)