Config fixes.

- Adding front_end_dir to settings.
- Adding unit test for PasswordResetRequest encryption.
- Readme points to lemmy.hjson
- Fixing docker prod, dev, and ansible builds.
- Removing redundant env files, as all config is now in a single file.
- Some formatting fixes.
pull/722/head
Dessalines 2019-12-28 16:06:37 -05:00
parent a3065ed39f
commit 786be3fa66
14 changed files with 90 additions and 64 deletions

12
README.md vendored
View File

@ -120,7 +120,7 @@ Make sure you have both docker and docker-compose(>=`1.24.0`) installed:
mkdir lemmy/
cd lemmy/
wget https://raw.githubusercontent.com/dessalines/lemmy/master/docker/prod/docker-compose.yml
wget https://raw.githubusercontent.com/dessalines/lemmy/master/docker/prod/.env
wget https://raw.githubusercontent.com/dessalines/lemmy/master/docker/lemmy.hjson
# Edit the .env if you want custom passwords
docker-compose up -d
```
@ -225,16 +225,12 @@ cd lemmy
## Configuration
The configuration is based on the file [defaults.hjson](server/config/defaults.hjson). This file also contains
documentation for all the available options. To override the defaults, you can copy the options you want to change
into your local `config.hjson` file.
The configuration is based on the file [defaults.hjson](server/config/defaults.hjson). This file also contains documentation for all the available options. To override the defaults, you can copy the options you want to change into your local `config.hjson` file.
Additionally, you can override any config files with environment variables. These have the same name as the config
options, and are prefixed with `LEMMY_`. For example, you can override the `database.password` with
Additionally, you can override any config files with environment variables. These have the same name as the config options, and are prefixed with `LEMMY_`. For example, you can override the `database.password` with
`LEMMY__DATABASE__POOL_SIZE=10`.
An additional option `LEMMY_DATABASE_URL` is available, which can be used with a PostgreSQL connection string like
`postgres://lemmy:password@lemmy_db:5432/lemmy`, passing all connection details at once.
An additional option `LEMMY_DATABASE_URL` is available, which can be used with a PostgreSQL connection string like `postgres://lemmy:password@lemmy_db:5432/lemmy`, passing all connection details at once.
## Documentation

11
ansible/lemmy.yml vendored
View File

@ -32,22 +32,13 @@
- name: add all template files
template: src={{item.src}} dest={{item.dest}}
with_items:
- { src: 'templates/env', dest: '/lemmy/.env' }
- { src: 'templates/config.hjson', dest: '/lemmy/config.hjson' }
- { src: '../docker/lemmy.hjson', dest: '/lemmy/lemmy.hjson' }
- { src: '../docker/prod/docker-compose.yml', dest: '/lemmy/docker-compose.yml' }
- { src: 'templates/nginx.conf', dest: '/etc/nginx/sites-enabled/lemmy.conf' }
vars:
postgres_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/postgres chars=ascii_letters,digits') }}"
jwt_password: "{{ lookup('password', 'passwords/{{ inventory_hostname }}/jwt chars=ascii_letters,digits') }}"
- name: set env file permissions
file:
path: "/lemmy/.env"
state: touch
mode: 0600
access_time: preserve
modification_time: preserve
- name: enable and start docker service
systemd:
name: docker

View File

@ -1,2 +0,0 @@
DATABASE_PASSWORD={{ postgres_password }}
LEMMY_FRONT_END_DIR=/app/dist

5
docker/dev/.env vendored
View File

@ -1,5 +0,0 @@
LEMMY_DOMAIN=my_domain
LEMMY_DATABASE_PASSWORD=password
LEMMY_DATABASE_URL=postgres://lemmy:password@lemmy_db:5432/lemmy
LEMMY_JWT_SECRET=changeme
LEMMY_FRONT_END_DIR=/app/dist

View File

@ -1,2 +0,0 @@
{
}

View File

@ -5,7 +5,7 @@ services:
image: postgres:12-alpine
environment:
- POSTGRES_USER=lemmy
- POSTGRES_PASSWORD=${LEMMY_DATABASE_PASSWORD}
- POSTGRES_PASSWORD=password
- POSTGRES_DB=lemmy
volumes:
- lemmy_db:/var/lib/postgresql/data
@ -16,11 +16,9 @@ services:
dockerfile: docker/dev/Dockerfile
ports:
- "127.0.0.1:8536:8536"
env_file:
- .env
restart: always
volumes:
- ./config/config.hjson:/config/config.hjson:ro
- ../lemmy.hjson:/config/config.hjson:ro
depends_on:
- lemmy_db
lemmy_pictshare:

56
docker/lemmy.hjson vendored 100644
View File

@ -0,0 +1,56 @@
{
database: {
# username to connect to postgres
user: "lemmy"
# password to connect to postgres
password: "password"
# host where postgres is running
host: "lemmy_db"
# port where postgres can be accessed
port: 5432
# name of the postgres database for lemmy
database: "lemmy"
# maximum number of active sql connections
pool_size: 5
}
# the domain name of your instance (eg "dev.lemmy.ml")
hostname: "rrr"
# address where lemmy should listen for incoming requests
bind: "0.0.0.0"
# port where lemmy should listen for incoming requests
port: 8536
# json web token for authorization between server and client
jwt_secret: "changeme"
# The dir for the front end
front_end_dir: "/app/dist"
# whether to enable activitypub federation. this feature is in alpha, do not enable in production, as might
# cause problems like remote instances fetching and permanently storing bad data.
federation_enabled: false
# rate limits for various user actions, by user ip
rate_limit: {
# maximum number of messages created in interval
message: 30
# interval length for message limit
message_per_second: 60
# maximum number of posts created in interval
post: 6
# interval length for post limit
post_per_second: 600
# maximum number of registrations in interval
register: 3
# interval length for registration limit
register_per_second: 3600
}
# # email sending configuration
# email: {
# # hostname of the smtp server
# smtp_server: ""
# # login name for smtp server
# smtp_login: ""
# # password to login to the smtp server
# smtp_password: ""
# # address to send emails from, eg "info@your-instance.com"
# smtp_from_address: ""
# }
}

5
docker/prod/.env vendored
View File

@ -1,5 +0,0 @@
LEMMY_DOMAIN=my_domain
LEMMY_DATABASE_PASSWORD=password
LEMMY_DATABASE_URL=postgres://lemmy:password@lemmy_db:5432/lemmy
LEMMY_JWT_SECRET=changeme
LEMMY_FRONT_END_DIR=/app/dist

View File

@ -5,7 +5,7 @@ services:
image: postgres:12-alpine
environment:
- POSTGRES_USER=lemmy
- POSTGRES_PASSWORD=${DATABASE_PASSWORD}
- POSTGRES_PASSWORD=password
- POSTGRES_DB=lemmy
volumes:
- lemmy_db:/var/lib/postgresql/data
@ -14,11 +14,9 @@ services:
image: dessalines/lemmy:v0.5.0.3
ports:
- "127.0.0.1:8536:8536"
env_file:
- .env
restart: always
volumes:
- ./config.hjson:/config/config.hjson:ro
- ./lemmy.hjson:/config/config.hjson:ro
depends_on:
- lemmy_db
lemmy_pictshare:

View File

@ -22,23 +22,25 @@
port: 8536
# json web token for authorization between server and client
jwt_secret: "changeme"
# The dir for the front end
front_end_dir: "../ui/dist"
# whether to enable activitypub federation. this feature is in alpha, do not enable in production, as might
# cause problems like remote instances fetching and permanently storing bad data.
federation_enabled: false
# rate limits for various user actions, by user ip
rate_limit: {
# maximum number of messages created in interval
message: 30,
message: 30
# interval length for message limit
message_per_second: 60,
message_per_second: 60
# maximum number of posts created in interval
post: 6,
post: 6
# interval length for post limit
post_per_second: 600,
post_per_second: 600
# maximum number of registrations in interval
register: 3,
register: 3
# interval length for registration limit
register_per_second: 3600,
register_per_second: 3600
}
# # email sending configuration
# email: {

View File

@ -104,23 +104,20 @@ mod tests {
let inserted_user = User_::create(&conn, &new_user).unwrap();
let new_password_reset_request = PasswordResetRequestForm {
user_id: inserted_user.id,
token_encrypted: "no".into(),
};
let token = "nope";
let token_encrypted_ = "ca3704aa0b06f5954c79ee837faa152d84d6b2d42838f0637a15eda8337dbdce";
let inserted_password_reset_request =
PasswordResetRequest::create(&conn, &new_password_reset_request).unwrap();
PasswordResetRequest::create_token(&conn, inserted_user.id, token).unwrap();
let expected_password_reset_request = PasswordResetRequest {
id: inserted_password_reset_request.id,
user_id: inserted_user.id,
token_encrypted: "no".into(),
token_encrypted: token_encrypted_.to_string(),
published: inserted_password_reset_request.published,
};
let read_password_reset_request =
PasswordResetRequest::read(&conn, inserted_password_reset_request.id).unwrap();
let read_password_reset_request = PasswordResetRequest::read_from_token(&conn, token).unwrap();
let num_deleted = User_::delete(&conn, inserted_user.id).unwrap();
assert_eq!(expected_password_reset_request, read_password_reset_request);

View File

@ -127,7 +127,7 @@ pub fn send_email(
#[cfg(test)]
mod tests {
use crate::{extract_usernames, has_slurs, is_email_regex, remove_slurs, Settings};
use crate::{extract_usernames, has_slurs, is_email_regex, remove_slurs};
#[test]
fn test_email() {

View File

@ -13,7 +13,6 @@ use lemmy_server::nodeinfo;
use lemmy_server::settings::Settings;
use lemmy_server::webfinger;
use lemmy_server::websocket::server::*;
use std::env;
use std::time::{Duration, Instant};
embed_migrations!();
@ -201,7 +200,10 @@ fn main() {
let app = App::new()
.data(server.clone())
// Front end routes
.service(actix_files::Files::new("/static", front_end_dir()))
.service(actix_files::Files::new(
"/static",
settings.front_end_dir.to_owned(),
))
.route("/", web::get().to(index))
.route(
"/home/type/{type}/sort/{sort}/page/{page}",
@ -256,11 +258,12 @@ fn main() {
)
.route(
"/federation/u/{user_name}",
web::get().to(apub::user::get_apub_user))
web::get().to(apub::user::get_apub_user),
)
.route("/feeds/all.xml", web::get().to(feeds::get_all_feed));
// Federation
if Settings::get().federation_enabled {
if settings.federation_enabled {
app.route(
".well-known/webfinger",
web::get().to(webfinger::get_webfinger_response),
@ -278,9 +281,7 @@ fn main() {
}
fn index() -> Result<NamedFile, actix_web::error::Error> {
Ok(NamedFile::open(front_end_dir() + "/index.html")?)
}
fn front_end_dir() -> String {
env::var("LEMMY_FRONT_END_DIR").unwrap_or("../ui/dist".to_string())
Ok(NamedFile::open(
Settings::get().front_end_dir.to_owned() + "/index.html",
)?)
}

View File

@ -14,6 +14,7 @@ pub struct Settings {
pub bind: IpAddr,
pub port: u16,
pub jwt_secret: String,
pub front_end_dir: String,
pub rate_limit: RateLimitConfig,
pub email: Option<EmailConfig>,
pub federation_enabled: bool,