From da0f2da98688eb5c4fc81bb2da7c63f48d3277b2 Mon Sep 17 00:00:00 2001
From: dinomug <mugcake@disroot.org>
Date: Fri, 10 Jan 2025 16:19:31 -0600
Subject: [PATCH] Add installer and config files

---
 installer.sh                | 117 ++++++++++++++++++++++++++++++++++++
 mediagoblin-celeryd.service |  18 ++++++
 mediagoblin-paster.service  |  17 ++++++
 nginx.conf                  |  66 ++++++++++++++++++++
 4 files changed, 218 insertions(+)
 create mode 100644 installer.sh
 create mode 100644 mediagoblin-celeryd.service
 create mode 100644 mediagoblin-paster.service
 create mode 100644 nginx.conf

diff --git a/installer.sh b/installer.sh
new file mode 100644
index 0000000..89d4784
--- /dev/null
+++ b/installer.sh
@@ -0,0 +1,117 @@
+#!/bin/bash
+#
+# Setting up CMXSL's instance of MediaGoblin
+# Source https://docs.mediagoblin.org/en/stable/siteadmin/deploying.html
+#
+# CMXSL members © - 2024, https://cmxsl.org/
+# GPLv3 or later.
+#
+# NOTE
+# - for Debian-basded distros (Trisquel GNU/Linux)
+# - in deps, python3-venv depends python3-pip-whl (broken)
+# - username and db name are the same: mediagoblin
+# (by the moment) RUN IT AT THE ROOT IN HOME!!
+
+echo "Installing MediaGoblin"
+
+# --- Install deps
+sudo apt-get update
+sudo apt-get install automake git nodejs npm python3-dev \
+     python3-venv python3-gst-1.0 python3-lxml python3-pil \
+     nginx-light rabbitmq-server \
+     postgresql python3-psycopg2
+
+# --- Configure PostgreSQL
+sudo --login --user=postgres createuser --no-createdb mediagoblin
+sudo --login --user=postgres createdb --encoding=UTF8 --owner=mediagoblin mediagoblin
+
+# --- Drop privileges
+# create mediagoblin user
+sudo useradd --system --create-home --home-dir /var/lib/mediagoblin \
+     --group www-data --comment 'GNU MediaGoblin system account' mediagoblin
+# create mediagoblin group (to be sure)
+sudo groupadd --force mediagoblin
+sudo usermod --append --groups mediagoblin mediagoblin
+
+# --- Create MediaGoblin dir
+# iocal git repository will be located at: /srv/media.cmxsl.org/mediagoblin/
+sudo mkdir --parents /srv/media.cmxsl.org
+sudo chown --no-dereference --recursive mediagoblin:www-data /srv/media.cmxsl.org
+
+# --- Install MediaGoblin
+# switch to mediagoblin user
+sudo su mediagoblin --shell=/bin/bash
+cd /srv/media.cmxsl.org
+
+# installing from source
+git clone --depth=1 https://git.sr.ht/~mediagoblin/mediagoblin \
+    --branch stable --recursive
+
+cd mediagoblin
+./autogen.sh
+./configure
+make
+# set proper permissions
+mkdir --mode=2750 user_dev
+
+# --- Configure
+sed -i -e 's/notice@mediagoblin.example.org/admin@cmxsl.org/g' /srv/media.cmxsl.org/mediagoblin/mediagoblin.ini
+sed -i '/sql_engine = postgresql:\/\/\/mediagoblin/s/^#//g' /srv/media.cmxsl.org/mediagoblin/mediagoblin.ini
+# populate the db with the MediaGoblin data structures
+./bin/gmg dbupdate
+# create an admin account
+./bin/gmg adduser --username chaneque --email admin@cmxsl.org
+./bin/gmg makeadmin chaneque
+# test the server
+# echo "Testing the server. In your browser http://localhost:6543 CTRL-c to exit."
+# echo "..."
+# ./lazyserver.sh --server-name=broadcast
+
+exit
+
+echo "Deploying MediaGoblin"
+
+# --- Deploy MediaGoblin
+sudo ln --symbolic /srv/media.cmxsl.org/nginx.conf /etc/nginx/sites-enabled/mediagoblin.conf
+sudo rm --force /etc/nginx/sites-enabled/default
+sudo systemctl enable nginx
+
+sudo cp ~/mediagoblin-setup/nginx.conf /srv/media.cmxsl.org/
+
+# quick test
+sudo nginx -t
+
+sudo systemctl restart nginx
+
+# test the server
+# echo "Testing NGINX. In your browser http://localhost:6543 CTRL-c to exit."
+# echo "..."
+# sudo su mediagoblin --shell=/bin/bash
+# cd /srv/media.cmxsl.org/mediagoblin/
+# ./lazyserver.sh --server-name=main
+
+# set permissions in the new directories
+sudo chown --no-dereference --recursive mediagoblin:www-data /srv/media.cmxsl.org
+sudo find /srv/media.cmxsl.org -type d -exec chmod 755 {} \;
+sudo find /srv/media.cmxsl.org -type f -exec chmod 644 {} \;
+sudo find /srv/media.cmxsl.org/mediagoblin/user_dev/crypto -type d -exec chmod 750 {} \;
+sudo find /srv/media.cmxsl.org/mediagoblin/user_dev/crypto -type f -exec chmod 640 {} \;
+sudo find /srv/media.cmxsl.org/mediagoblin/bin -type f -exec chmod 750 {} \;
+
+exit
+
+# --- Run MediaGoblin as a system services
+sudo mkdir --parents /var/log/mediagoblin
+sudo chown --no-dereference --recursive mediagoblin:mediagoblin /var/log/mediagoblin
+
+sudo cp ~/mediagoblin-setup/*.service /etc/systemd/system/
+
+# enable the project processes to start at boot
+sudo systemctl enable mediagoblin-paster.service
+sudo systemctl enable mediagoblin-celeryd.service
+
+# start these processes for the current session
+sudo systemctl start mediagoblin-paster.service
+sudo systemctl start mediagoblin-celeryd.service
+
+echo "MediaGoblin installed!!!"
diff --git a/mediagoblin-celeryd.service b/mediagoblin-celeryd.service
new file mode 100644
index 0000000..42c3e53
--- /dev/null
+++ b/mediagoblin-celeryd.service
@@ -0,0 +1,18 @@
+# Set the WorkingDirectory and Environment values to match your environment.
+[Unit]
+Description=MediaGoblin Celery
+After=rabbitmq-server.service
+
+[Service]
+User=mediagoblin
+Group=mediagoblin
+Type=simple
+WorkingDirectory=/srv/media.cmxsl.org/mediagoblin
+Environment=MEDIAGOBLIN_CONFIG=/srv/media.cmxsl.org/mediagoblin/mediagoblin.ini \
+            CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery
+ExecStart=/srv/media.cmxsl.org/mediagoblin/bin/celery worker \
+            --logfile=/var/log/mediagoblin/celery.log \
+            --loglevel=INFO
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/mediagoblin-paster.service b/mediagoblin-paster.service
new file mode 100644
index 0000000..e44495c
--- /dev/null
+++ b/mediagoblin-paster.service
@@ -0,0 +1,17 @@
+# Set the WorkingDirectory and Environment values to match your environment.
+[Unit]
+Description=Mediagoblin
+
+[Service]
+Type=simple
+User=mediagoblin
+Group=mediagoblin
+Environment=CELERY_ALWAYS_EAGER=false
+WorkingDirectory=/srv/media.cmxsl.org/mediagoblin
+ExecStart=/srv/media.cmxsl.org/mediagoblin/bin/paster serve \
+            /srv/media.cmxsl.org/mediagoblin/paste.ini \
+            --log-file=/var/log/mediagoblin/mediagoblin.log \
+            --server-name=main
+
+[Install]
+WantedBy=multi-user.target
\ No newline at end of file
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..65760db
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,66 @@
+server {
+ #################################################
+ # Stock useful config options, but ignore them :)
+ #################################################
+ include /etc/nginx/mime.types;
+
+ autoindex off;
+ default_type  application/octet-stream;
+ sendfile on;
+
+ # Gzip
+ gzip on;
+ gzip_min_length 1024;
+ gzip_buffers 4 32k;
+ gzip_types text/plain application/x-javascript text/javascript text/xml text/css;
+
+ #####################################
+ # Mounting MediaGoblin stuff
+ # This is the section you should read
+ #####################################
+
+ # Change this to allow your users to upload larger files. If
+ # you enable audio or video you will need to increase this. This
+ # is essentially a security setting to prevent *extremely* large
+ # files being uploaded. Example settings include 500m and 1g.
+ client_max_body_size 100m;
+
+ # prevent attacks (someone uploading a .txt file that the browser
+ # interprets as an HTML file, etc.)
+ add_header X-Content-Type-Options nosniff;
+
+ server_name media.cmxsl.org www.media.cmxsl.org;
+ access_log /var/log/nginx/media.cmxsl.access.log;
+ error_log /var/log/nginx/media.cmxsl.error.log;
+
+ # MediaGoblin's stock static files: CSS, JS, etc.
+ location /mgoblin_static/ {
+    alias /srv/media.cmxsl.org/mediagoblin/mediagoblin/static/;
+ }
+
+ # Instance specific media:
+ location /mgoblin_media/ {
+    alias /srv/media.cmxsl.org/mediagoblin/user_dev/media/public/;
+ }
+
+ # Theme static files (usually symlinked in)
+ location /theme_static/ {
+    alias /srv/media.cmxsl.org/mediagoblin/user_dev/theme_static/;
+ }
+
+ # Plugin static files (usually symlinked in)
+ location /plugin_static/ {
+    alias /srv/media.cmxsl.org/mediagoblin/user_dev/plugin_static/;
+ }
+
+ # Forward requests to the MediaGoblin app server.
+ location / {
+    proxy_pass http://127.0.0.1:6543;
+    # On Debian and derivatives the below proxy_set_header lines can be replaced by:
+    # include proxy_params;
+    proxy_set_header Host $http_host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+ }
+}
\ No newline at end of file