Config fixes.

- Adding front_end_dir to settings.
- Adding unit test for PasswordResetRequest encryption.
- Readme points to lemmy.hjson
- Fixing docker prod, dev, and ansible builds.
- Removing redundant env files, as all config is now in a single file.
- Some formatting fixes.
This commit is contained in:
Dessalines 2019-12-28 16:06:37 -05:00
parent f18ebed740
commit 6248392992
14 changed files with 90 additions and 64 deletions

12
README.md vendored
View file

@ -120,7 +120,7 @@ Make sure you have both docker and docker-compose(>=`1.24.0`) installed:
mkdir lemmy/ mkdir lemmy/
cd lemmy/ cd lemmy/
wget https://raw.githubusercontent.com/dessalines/lemmy/master/docker/prod/docker-compose.yml wget https://raw.githubusercontent.com/dessalines/lemmy/master/docker/prod/docker-compose.yml
wget https://raw.githubusercontent.com/dessalines/lemmy/master/docker/prod/.env wget https://raw.githubusercontent.com/dessalines/lemmy/master/docker/lemmy.hjson
# Edit the .env if you want custom passwords # Edit the .env if you want custom passwords
docker-compose up -d docker-compose up -d
``` ```
@ -225,16 +225,12 @@ cd lemmy
## Configuration ## Configuration
The configuration is based on the file [defaults.hjson](server/config/defaults.hjson). This file also contains The configuration is based on the file [defaults.hjson](server/config/defaults.hjson). This file also contains documentation for all the available options. To override the defaults, you can copy the options you want to change into your local `config.hjson` file.
documentation for all the available options. To override the defaults, you can copy the options you want to change
into your local `config.hjson` file.
Additionally, you can override any config files with environment variables. These have the same name as the config Additionally, you can override any config files with environment variables. These have the same name as the config options, and are prefixed with `LEMMY_`. For example, you can override the `database.password` with
options, and are prefixed with `LEMMY_`. For example, you can override the `database.password` with
`LEMMY__DATABASE__POOL_SIZE=10`. `LEMMY__DATABASE__POOL_SIZE=10`.
An additional option `LEMMY_DATABASE_URL` is available, which can be used with a PostgreSQL connection string like An additional option `LEMMY_DATABASE_URL` is available, which can be used with a PostgreSQL connection string like `postgres://lemmy:password@lemmy_db:5432/lemmy`, passing all connection details at once.
`postgres://lemmy:password@lemmy_db:5432/lemmy`, passing all connection details at once.
## Documentation ## Documentation

11
ansible/lemmy.yml vendored
View file

@ -32,22 +32,13 @@
- name: add all template files - name: add all template files
template: src={{item.src}} dest={{item.dest}} template: src={{item.src}} dest={{item.dest}}
with_items: with_items:
- { src: 'templates/env', dest: '/lemmy/.env' } - { src: '../docker/lemmy.hjson', dest: '/lemmy/lemmy.hjson' }
- { src: 'templates/config.hjson', dest: '/lemmy/config.hjson' }
- { src: '../docker/prod/docker-compose.yml', dest: '/lemmy/docker-compose.yml' } - { src: '../docker/prod/docker-compose.yml', dest: '/lemmy/docker-compose.yml' }
- { src: 'templates/nginx.conf', dest: '/etc/nginx/sites-enabled/lemmy.conf' } - { src: 'templates/nginx.conf', dest: '/etc/nginx/sites-enabled/lemmy.conf' }
vars: vars:
postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}" postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}"
jwt_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/jwt chars=ascii_letters,digits') }}" jwt_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/jwt chars=ascii_letters,digits') }}"
- name: set env file permissions
file:
path: "/lemmy/.env"
state: touch
mode: 0600
access_time: preserve
modification_time: preserve
- name: enable and start docker service - name: enable and start docker service
systemd: systemd:
name: docker name: docker

View file

@ -1,2 +0,0 @@
DATABASE_PASSWORD={{ postgres_password }}
LEMMY_FRONT_END_DIR=/app/dist

5
docker/dev/.env vendored
View file

@ -1,5 +0,0 @@
LEMMY_DOMAIN=my_domain
LEMMY_DATABASE_PASSWORD=password
LEMMY_DATABASE_URL=postgres://lemmy:password@lemmy_db:5432/lemmy
LEMMY_JWT_SECRET=changeme
LEMMY_FRONT_END_DIR=/app/dist

View file

@ -1,2 +0,0 @@
{
}

View file

@ -5,7 +5,7 @@ services:
image: postgres:12-alpine image: postgres:12-alpine
environment: environment:
- POSTGRES_USER=lemmy - POSTGRES_USER=lemmy
- POSTGRES_PASSWORD=${LEMMY_DATABASE_PASSWORD} - POSTGRES_PASSWORD=password
- POSTGRES_DB=lemmy - POSTGRES_DB=lemmy
volumes: volumes:
- lemmy_db:/var/lib/postgresql/data - lemmy_db:/var/lib/postgresql/data
@ -16,11 +16,9 @@ services:
dockerfile: docker/dev/Dockerfile dockerfile: docker/dev/Dockerfile
ports: ports:
- "127.0.0.1:8536:8536" - "127.0.0.1:8536:8536"
env_file:
- .env
restart: always restart: always
volumes: volumes:
- ./config/config.hjson:/config/config.hjson:ro - ../lemmy.hjson:/config/config.hjson:ro
depends_on: depends_on:
- lemmy_db - lemmy_db
lemmy_pictshare: lemmy_pictshare:

56
docker/lemmy.hjson vendored Normal file
View file

@ -0,0 +1,56 @@
{
database: {
# username to connect to postgres
user: "lemmy"
# password to connect to postgres
password: "password"
# host where postgres is running
host: "lemmy_db"
# port where postgres can be accessed
port: 5432
# name of the postgres database for lemmy
database: "lemmy"
# maximum number of active sql connections
pool_size: 5
}
# the domain name of your instance (eg "dev.lemmy.ml")
hostname: "rrr"
# address where lemmy should listen for incoming requests
bind: "0.0.0.0"
# port where lemmy should listen for incoming requests
port: 8536
# json web token for authorization between server and client
jwt_secret: "changeme"
# The dir for the front end
front_end_dir: "/app/dist"
# whether to enable activitypub federation. this feature is in alpha, do not enable in production, as might
# cause problems like remote instances fetching and permanently storing bad data.
federation_enabled: false
# rate limits for various user actions, by user ip
rate_limit: {
# maximum number of messages created in interval
message: 30
# interval length for message limit
message_per_second: 60
# maximum number of posts created in interval
post: 6
# interval length for post limit
post_per_second: 600
# maximum number of registrations in interval
register: 3
# interval length for registration limit
register_per_second: 3600
}
# # email sending configuration
# email: {
# # hostname of the smtp server
# smtp_server: ""
# # login name for smtp server
# smtp_login: ""
# # password to login to the smtp server
# smtp_password: ""
# # address to send emails from, eg "info@your-instance.com"
# smtp_from_address: ""
# }
}

5
docker/prod/.env vendored
View file

@ -1,5 +0,0 @@
LEMMY_DOMAIN=my_domain
LEMMY_DATABASE_PASSWORD=password
LEMMY_DATABASE_URL=postgres://lemmy:password@lemmy_db:5432/lemmy
LEMMY_JWT_SECRET=changeme
LEMMY_FRONT_END_DIR=/app/dist

View file

@ -5,7 +5,7 @@ services:
image: postgres:12-alpine image: postgres:12-alpine
environment: environment:
- POSTGRES_USER=lemmy - POSTGRES_USER=lemmy
- POSTGRES_PASSWORD=${DATABASE_PASSWORD} - POSTGRES_PASSWORD=password
- POSTGRES_DB=lemmy - POSTGRES_DB=lemmy
volumes: volumes:
- lemmy_db:/var/lib/postgresql/data - lemmy_db:/var/lib/postgresql/data
@ -14,11 +14,9 @@ services:
image: dessalines/lemmy:v0.5.0.3 image: dessalines/lemmy:v0.5.0.3
ports: ports:
- "127.0.0.1:8536:8536" - "127.0.0.1:8536:8536"
env_file:
- .env
restart: always restart: always
volumes: volumes:
- ./config.hjson:/config/config.hjson:ro - ./lemmy.hjson:/config/config.hjson:ro
depends_on: depends_on:
- lemmy_db - lemmy_db
lemmy_pictshare: lemmy_pictshare:

View file

@ -22,23 +22,25 @@
port: 8536 port: 8536
# json web token for authorization between server and client # json web token for authorization between server and client
jwt_secret: "changeme" jwt_secret: "changeme"
# The dir for the front end
front_end_dir: "../ui/dist"
# whether to enable activitypub federation. this feature is in alpha, do not enable in production, as might # whether to enable activitypub federation. this feature is in alpha, do not enable in production, as might
# cause problems like remote instances fetching and permanently storing bad data. # cause problems like remote instances fetching and permanently storing bad data.
federation_enabled: false federation_enabled: false
# rate limits for various user actions, by user ip # rate limits for various user actions, by user ip
rate_limit: { rate_limit: {
# maximum number of messages created in interval # maximum number of messages created in interval
message: 30, message: 30
# interval length for message limit # interval length for message limit
message_per_second: 60, message_per_second: 60
# maximum number of posts created in interval # maximum number of posts created in interval
post: 6, post: 6
# interval length for post limit # interval length for post limit
post_per_second: 600, post_per_second: 600
# maximum number of registrations in interval # maximum number of registrations in interval
register: 3, register: 3
# interval length for registration limit # interval length for registration limit
register_per_second: 3600, register_per_second: 3600
} }
# # email sending configuration # # email sending configuration
# email: { # email: {

View file

@ -104,23 +104,20 @@ mod tests {
let inserted_user = User_::create(&conn, &new_user).unwrap(); let inserted_user = User_::create(&conn, &new_user).unwrap();
let new_password_reset_request = PasswordResetRequestForm { let token = "nope";
user_id: inserted_user.id, let token_encrypted_ = "ca3704aa0b06f5954c79ee837faa152d84d6b2d42838f0637a15eda8337dbdce";
token_encrypted: "no".into(),
};
let inserted_password_reset_request = let inserted_password_reset_request =
PasswordResetRequest::create(&conn, &new_password_reset_request).unwrap(); PasswordResetRequest::create_token(&conn, inserted_user.id, token).unwrap();
let expected_password_reset_request = PasswordResetRequest { let expected_password_reset_request = PasswordResetRequest {
id: inserted_password_reset_request.id, id: inserted_password_reset_request.id,
user_id: inserted_user.id, user_id: inserted_user.id,
token_encrypted: "no".into(), token_encrypted: token_encrypted_.to_string(),
published: inserted_password_reset_request.published, published: inserted_password_reset_request.published,
}; };
let read_password_reset_request = let read_password_reset_request = PasswordResetRequest::read_from_token(&conn, token).unwrap();
PasswordResetRequest::read(&conn, inserted_password_reset_request.id).unwrap();
let num_deleted = User_::delete(&conn, inserted_user.id).unwrap(); let num_deleted = User_::delete(&conn, inserted_user.id).unwrap();
assert_eq!(expected_password_reset_request, read_password_reset_request); assert_eq!(expected_password_reset_request, read_password_reset_request);

View file

@ -127,7 +127,7 @@ pub fn send_email(
#[cfg(test)] #[cfg(test)]
mod tests { mod tests {
use crate::{extract_usernames, has_slurs, is_email_regex, remove_slurs, Settings}; use crate::{extract_usernames, has_slurs, is_email_regex, remove_slurs};
#[test] #[test]
fn test_email() { fn test_email() {

View file

@ -13,7 +13,6 @@ use lemmy_server::nodeinfo;
use lemmy_server::settings::Settings; use lemmy_server::settings::Settings;
use lemmy_server::webfinger; use lemmy_server::webfinger;
use lemmy_server::websocket::server::*; use lemmy_server::websocket::server::*;
use std::env;
use std::time::{Duration, Instant}; use std::time::{Duration, Instant};
embed_migrations!(); embed_migrations!();
@ -201,7 +200,10 @@ fn main() {
let app = App::new() let app = App::new()
.data(server.clone()) .data(server.clone())
// Front end routes // Front end routes
.service(actix_files::Files::new("/static", front_end_dir())) .service(actix_files::Files::new(
"/static",
settings.front_end_dir.to_owned(),
))
.route("/", web::get().to(index)) .route("/", web::get().to(index))
.route( .route(
"/home/type/{type}/sort/{sort}/page/{page}", "/home/type/{type}/sort/{sort}/page/{page}",
@ -256,11 +258,12 @@ fn main() {
) )
.route( .route(
"/federation/u/{user_name}", "/federation/u/{user_name}",
web::get().to(apub::user::get_apub_user)) web::get().to(apub::user::get_apub_user),
)
.route("/feeds/all.xml", web::get().to(feeds::get_all_feed)); .route("/feeds/all.xml", web::get().to(feeds::get_all_feed));
// Federation // Federation
if Settings::get().federation_enabled { if settings.federation_enabled {
app.route( app.route(
".well-known/webfinger", ".well-known/webfinger",
web::get().to(webfinger::get_webfinger_response), web::get().to(webfinger::get_webfinger_response),
@ -278,9 +281,7 @@ fn main() {
} }
fn index() -> Result<NamedFile, actix_web::error::Error> { fn index() -> Result<NamedFile, actix_web::error::Error> {
Ok(NamedFile::open(front_end_dir() + "/index.html")?) Ok(NamedFile::open(
} Settings::get().front_end_dir.to_owned() + "/index.html",
)?)
fn front_end_dir() -> String {
env::var("LEMMY_FRONT_END_DIR").unwrap_or("../ui/dist".to_string())
} }

View file

@ -14,6 +14,7 @@ pub struct Settings {
pub bind: IpAddr, pub bind: IpAddr,
pub port: u16, pub port: u16,
pub jwt_secret: String, pub jwt_secret: String,
pub front_end_dir: String,
pub rate_limit: RateLimitConfig, pub rate_limit: RateLimitConfig,
pub email: Option<EmailConfig>, pub email: Option<EmailConfig>,
pub federation_enabled: bool, pub federation_enabled: bool,