From 6248392992d05d2408f6c88153453c8e2749b5e3 Mon Sep 17 00:00:00 2001 From: Dessalines Date: Sat, 28 Dec 2019 16:06:37 -0500 Subject: [PATCH] Config fixes. - Adding front_end_dir to settings. - Adding unit test for PasswordResetRequest encryption. - Readme points to lemmy.hjson - Fixing docker prod, dev, and ansible builds. - Removing redundant env files, as all config is now in a single file. - Some formatting fixes. --- README.md | 12 ++---- ansible/lemmy.yml | 11 +---- ansible/templates/env | 2 - docker/dev/.env | 5 --- docker/dev/config/config.hjson | 2 - docker/dev/docker-compose.yml | 6 +-- docker/lemmy.hjson | 56 +++++++++++++++++++++++++ docker/prod/.env | 5 --- docker/prod/docker-compose.yml | 6 +-- server/config/defaults.hjson | 14 ++++--- server/src/db/password_reset_request.rs | 13 +++--- server/src/lib.rs | 2 +- server/src/main.rs | 19 +++++---- server/src/settings.rs | 1 + 14 files changed, 90 insertions(+), 64 deletions(-) delete mode 100644 ansible/templates/env delete mode 100644 docker/dev/.env delete mode 100644 docker/dev/config/config.hjson create mode 100644 docker/lemmy.hjson delete mode 100644 docker/prod/.env diff --git a/README.md b/README.md index 143bfaa79..e3f85eb62 100644 --- a/README.md +++ b/README.md @@ -120,7 +120,7 @@ Make sure you have both docker and docker-compose(>=`1.24.0`) installed: mkdir lemmy/ cd lemmy/ wget https://raw.githubusercontent.com/dessalines/lemmy/master/docker/prod/docker-compose.yml -wget https://raw.githubusercontent.com/dessalines/lemmy/master/docker/prod/.env +wget https://raw.githubusercontent.com/dessalines/lemmy/master/docker/lemmy.hjson # Edit the .env if you want custom passwords docker-compose up -d ``` @@ -225,16 +225,12 @@ cd lemmy ## Configuration -The configuration is based on the file [defaults.hjson](server/config/defaults.hjson). This file also contains -documentation for all the available options. To override the defaults, you can copy the options you want to change -into your local `config.hjson` file. +The configuration is based on the file [defaults.hjson](server/config/defaults.hjson). This file also contains documentation for all the available options. To override the defaults, you can copy the options you want to change into your local `config.hjson` file. -Additionally, you can override any config files with environment variables. These have the same name as the config -options, and are prefixed with `LEMMY_`. For example, you can override the `database.password` with +Additionally, you can override any config files with environment variables. These have the same name as the config options, and are prefixed with `LEMMY_`. For example, you can override the `database.password` with `LEMMY__DATABASE__POOL_SIZE=10`. -An additional option `LEMMY_DATABASE_URL` is available, which can be used with a PostgreSQL connection string like -`postgres://lemmy:password@lemmy_db:5432/lemmy`, passing all connection details at once. +An additional option `LEMMY_DATABASE_URL` is available, which can be used with a PostgreSQL connection string like `postgres://lemmy:password@lemmy_db:5432/lemmy`, passing all connection details at once. ## Documentation diff --git a/ansible/lemmy.yml b/ansible/lemmy.yml index acdb6b06b..7243afddc 100644 --- a/ansible/lemmy.yml +++ b/ansible/lemmy.yml @@ -32,22 +32,13 @@ - name: add all template files template: src={{item.src}} dest={{item.dest}} with_items: - - { src: 'templates/env', dest: '/lemmy/.env' } - - { src: 'templates/config.hjson', dest: '/lemmy/config.hjson' } + - { src: '../docker/lemmy.hjson', dest: '/lemmy/lemmy.hjson' } - { src: '../docker/prod/docker-compose.yml', dest: '/lemmy/docker-compose.yml' } - { src: 'templates/nginx.conf', dest: '/etc/nginx/sites-enabled/lemmy.conf' } vars: postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}" jwt_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/jwt chars=ascii_letters,digits') }}" - - name: set env file permissions - file: - path: "/lemmy/.env" - state: touch - mode: 0600 - access_time: preserve - modification_time: preserve - - name: enable and start docker service systemd: name: docker diff --git a/ansible/templates/env b/ansible/templates/env deleted file mode 100644 index c2b15f579..000000000 --- a/ansible/templates/env +++ /dev/null @@ -1,2 +0,0 @@ -DATABASE_PASSWORD={{ postgres_password }} -LEMMY_FRONT_END_DIR=/app/dist diff --git a/docker/dev/.env b/docker/dev/.env deleted file mode 100644 index 4e1bf7f65..000000000 --- a/docker/dev/.env +++ /dev/null @@ -1,5 +0,0 @@ -LEMMY_DOMAIN=my_domain -LEMMY_DATABASE_PASSWORD=password -LEMMY_DATABASE_URL=postgres://lemmy:password@lemmy_db:5432/lemmy -LEMMY_JWT_SECRET=changeme -LEMMY_FRONT_END_DIR=/app/dist diff --git a/docker/dev/config/config.hjson b/docker/dev/config/config.hjson deleted file mode 100644 index 2c63c0851..000000000 --- a/docker/dev/config/config.hjson +++ /dev/null @@ -1,2 +0,0 @@ -{ -} diff --git a/docker/dev/docker-compose.yml b/docker/dev/docker-compose.yml index 92a8ee450..eabd334d5 100644 --- a/docker/dev/docker-compose.yml +++ b/docker/dev/docker-compose.yml @@ -5,7 +5,7 @@ services: image: postgres:12-alpine environment: - POSTGRES_USER=lemmy - - POSTGRES_PASSWORD=${LEMMY_DATABASE_PASSWORD} + - POSTGRES_PASSWORD=password - POSTGRES_DB=lemmy volumes: - lemmy_db:/var/lib/postgresql/data @@ -16,11 +16,9 @@ services: dockerfile: docker/dev/Dockerfile ports: - "127.0.0.1:8536:8536" - env_file: - - .env restart: always volumes: - - ./config/config.hjson:/config/config.hjson:ro + - ../lemmy.hjson:/config/config.hjson:ro depends_on: - lemmy_db lemmy_pictshare: diff --git a/docker/lemmy.hjson b/docker/lemmy.hjson new file mode 100644 index 000000000..2ec00de50 --- /dev/null +++ b/docker/lemmy.hjson @@ -0,0 +1,56 @@ +{ + database: { + # username to connect to postgres + user: "lemmy" + # password to connect to postgres + password: "password" + # host where postgres is running + host: "lemmy_db" + # port where postgres can be accessed + port: 5432 + # name of the postgres database for lemmy + database: "lemmy" + # maximum number of active sql connections + pool_size: 5 + } + # the domain name of your instance (eg "dev.lemmy.ml") + hostname: "rrr" + # address where lemmy should listen for incoming requests + bind: "0.0.0.0" + # port where lemmy should listen for incoming requests + port: 8536 + # json web token for authorization between server and client + jwt_secret: "changeme" + # The dir for the front end + front_end_dir: "/app/dist" + # whether to enable activitypub federation. this feature is in alpha, do not enable in production, as might + # cause problems like remote instances fetching and permanently storing bad data. + federation_enabled: false + # rate limits for various user actions, by user ip + rate_limit: { + # maximum number of messages created in interval + message: 30 + # interval length for message limit + message_per_second: 60 + # maximum number of posts created in interval + post: 6 + # interval length for post limit + post_per_second: 600 + # maximum number of registrations in interval + register: 3 + # interval length for registration limit + register_per_second: 3600 + } +# # email sending configuration +# email: { +# # hostname of the smtp server +# smtp_server: "" +# # login name for smtp server +# smtp_login: "" +# # password to login to the smtp server +# smtp_password: "" +# # address to send emails from, eg "info@your-instance.com" +# smtp_from_address: "" +# } +} + diff --git a/docker/prod/.env b/docker/prod/.env deleted file mode 100644 index 4e1bf7f65..000000000 --- a/docker/prod/.env +++ /dev/null @@ -1,5 +0,0 @@ -LEMMY_DOMAIN=my_domain -LEMMY_DATABASE_PASSWORD=password -LEMMY_DATABASE_URL=postgres://lemmy:password@lemmy_db:5432/lemmy -LEMMY_JWT_SECRET=changeme -LEMMY_FRONT_END_DIR=/app/dist diff --git a/docker/prod/docker-compose.yml b/docker/prod/docker-compose.yml index 9df9f19a1..9b1c858fc 100644 --- a/docker/prod/docker-compose.yml +++ b/docker/prod/docker-compose.yml @@ -5,7 +5,7 @@ services: image: postgres:12-alpine environment: - POSTGRES_USER=lemmy - - POSTGRES_PASSWORD=${DATABASE_PASSWORD} + - POSTGRES_PASSWORD=password - POSTGRES_DB=lemmy volumes: - lemmy_db:/var/lib/postgresql/data @@ -14,11 +14,9 @@ services: image: dessalines/lemmy:v0.5.0.3 ports: - "127.0.0.1:8536:8536" - env_file: - - .env restart: always volumes: - - ./config.hjson:/config/config.hjson:ro + - ./lemmy.hjson:/config/config.hjson:ro depends_on: - lemmy_db lemmy_pictshare: diff --git a/server/config/defaults.hjson b/server/config/defaults.hjson index e5a8f6dc0..0fabda0b0 100644 --- a/server/config/defaults.hjson +++ b/server/config/defaults.hjson @@ -22,23 +22,25 @@ port: 8536 # json web token for authorization between server and client jwt_secret: "changeme" + # The dir for the front end + front_end_dir: "../ui/dist" # whether to enable activitypub federation. this feature is in alpha, do not enable in production, as might # cause problems like remote instances fetching and permanently storing bad data. federation_enabled: false # rate limits for various user actions, by user ip rate_limit: { # maximum number of messages created in interval - message: 30, + message: 30 # interval length for message limit - message_per_second: 60, + message_per_second: 60 # maximum number of posts created in interval - post: 6, + post: 6 # interval length for post limit - post_per_second: 600, + post_per_second: 600 # maximum number of registrations in interval - register: 3, + register: 3 # interval length for registration limit - register_per_second: 3600, + register_per_second: 3600 } # # email sending configuration # email: { diff --git a/server/src/db/password_reset_request.rs b/server/src/db/password_reset_request.rs index 337b2e6b0..91e27c57a 100644 --- a/server/src/db/password_reset_request.rs +++ b/server/src/db/password_reset_request.rs @@ -104,23 +104,20 @@ mod tests { let inserted_user = User_::create(&conn, &new_user).unwrap(); - let new_password_reset_request = PasswordResetRequestForm { - user_id: inserted_user.id, - token_encrypted: "no".into(), - }; + let token = "nope"; + let token_encrypted_ = "ca3704aa0b06f5954c79ee837faa152d84d6b2d42838f0637a15eda8337dbdce"; let inserted_password_reset_request = - PasswordResetRequest::create(&conn, &new_password_reset_request).unwrap(); + PasswordResetRequest::create_token(&conn, inserted_user.id, token).unwrap(); let expected_password_reset_request = PasswordResetRequest { id: inserted_password_reset_request.id, user_id: inserted_user.id, - token_encrypted: "no".into(), + token_encrypted: token_encrypted_.to_string(), published: inserted_password_reset_request.published, }; - let read_password_reset_request = - PasswordResetRequest::read(&conn, inserted_password_reset_request.id).unwrap(); + let read_password_reset_request = PasswordResetRequest::read_from_token(&conn, token).unwrap(); let num_deleted = User_::delete(&conn, inserted_user.id).unwrap(); assert_eq!(expected_password_reset_request, read_password_reset_request); diff --git a/server/src/lib.rs b/server/src/lib.rs index ed76b22bf..dd0097f12 100644 --- a/server/src/lib.rs +++ b/server/src/lib.rs @@ -127,7 +127,7 @@ pub fn send_email( #[cfg(test)] mod tests { - use crate::{extract_usernames, has_slurs, is_email_regex, remove_slurs, Settings}; + use crate::{extract_usernames, has_slurs, is_email_regex, remove_slurs}; #[test] fn test_email() { diff --git a/server/src/main.rs b/server/src/main.rs index 398a6c39a..52c395d32 100644 --- a/server/src/main.rs +++ b/server/src/main.rs @@ -13,7 +13,6 @@ use lemmy_server::nodeinfo; use lemmy_server::settings::Settings; use lemmy_server::webfinger; use lemmy_server::websocket::server::*; -use std::env; use std::time::{Duration, Instant}; embed_migrations!(); @@ -201,7 +200,10 @@ fn main() { let app = App::new() .data(server.clone()) // Front end routes - .service(actix_files::Files::new("/static", front_end_dir())) + .service(actix_files::Files::new( + "/static", + settings.front_end_dir.to_owned(), + )) .route("/", web::get().to(index)) .route( "/home/type/{type}/sort/{sort}/page/{page}", @@ -256,11 +258,12 @@ fn main() { ) .route( "/federation/u/{user_name}", - web::get().to(apub::user::get_apub_user)) + web::get().to(apub::user::get_apub_user), + ) .route("/feeds/all.xml", web::get().to(feeds::get_all_feed)); // Federation - if Settings::get().federation_enabled { + if settings.federation_enabled { app.route( ".well-known/webfinger", web::get().to(webfinger::get_webfinger_response), @@ -278,9 +281,7 @@ fn main() { } fn index() -> Result { - Ok(NamedFile::open(front_end_dir() + "/index.html")?) -} - -fn front_end_dir() -> String { - env::var("LEMMY_FRONT_END_DIR").unwrap_or("../ui/dist".to_string()) + Ok(NamedFile::open( + Settings::get().front_end_dir.to_owned() + "/index.html", + )?) } diff --git a/server/src/settings.rs b/server/src/settings.rs index 446bf04fa..6cb4de0bd 100644 --- a/server/src/settings.rs +++ b/server/src/settings.rs @@ -14,6 +14,7 @@ pub struct Settings { pub bind: IpAddr, pub port: u16, pub jwt_secret: String, + pub front_end_dir: String, pub rate_limit: RateLimitConfig, pub email: Option, pub federation_enabled: bool,