Add installer and config files

2025-01-10 16:19:31 -06:00 · 2025-01-10 16:19:31 -06:00 · da0f2da986
parent 3874f06762
commit da0f2da986
4 changed files with 218 additions and 0 deletions
--- a/installer.sh
+++ b/installer.sh
@ -0,0 +1,117 @@
 #!/bin/bash
 #
 # Setting up CMXSL's instance of MediaGoblin
 # Source https://docs.mediagoblin.org/en/stable/siteadmin/deploying.html
 #
 # CMXSL members © - 2024, https://cmxsl.org/
 # GPLv3 or later.
 #
 # NOTE
 # - for Debian-basded distros (Trisquel GNU/Linux)
 # - in deps, python3-venv depends python3-pip-whl (broken)
 # - username and db name are the same: mediagoblin
 # (by the moment) RUN IT AT THE ROOT IN HOME!!
 echo "Installing MediaGoblin"
 # --- Install deps
 sudo apt-get update
 sudo apt-get install automake git nodejs npm python3-dev \
     python3-venv python3-gst-1.0 python3-lxml python3-pil \
     nginx-light rabbitmq-server \
     postgresql python3-psycopg2
 # --- Configure PostgreSQL
 sudo --login --user=postgres createuser --no-createdb mediagoblin
 sudo --login --user=postgres createdb --encoding=UTF8 --owner=mediagoblin mediagoblin
 # --- Drop privileges
 # create mediagoblin user
 sudo useradd --system --create-home --home-dir /var/lib/mediagoblin \
     --group www-data --comment 'GNU MediaGoblin system account' mediagoblin
 # create mediagoblin group (to be sure)
 sudo groupadd --force mediagoblin
 sudo usermod --append --groups mediagoblin mediagoblin
 # --- Create MediaGoblin dir
 # iocal git repository will be located at: /srv/media.cmxsl.org/mediagoblin/
 sudo mkdir --parents /srv/media.cmxsl.org
 sudo chown --no-dereference --recursive mediagoblin:www-data /srv/media.cmxsl.org
 # --- Install MediaGoblin
 # switch to mediagoblin user
 sudo su mediagoblin --shell=/bin/bash
 cd /srv/media.cmxsl.org
 # installing from source
 git clone --depth=1 https://git.sr.ht/~mediagoblin/mediagoblin \
    --branch stable --recursive
 cd mediagoblin
 ./autogen.sh
 ./configure
 make
 # set proper permissions
 mkdir --mode=2750 user_dev
 # --- Configure
 sed -i -e 's/notice@mediagoblin.example.org/admin@cmxsl.org/g' /srv/media.cmxsl.org/mediagoblin/mediagoblin.ini
 sed -i '/sql_engine = postgresql:\/\/\/mediagoblin/s/^#//g' /srv/media.cmxsl.org/mediagoblin/mediagoblin.ini
 # populate the db with the MediaGoblin data structures
 ./bin/gmg dbupdate
 # create an admin account
 ./bin/gmg adduser --username chaneque --email admin@cmxsl.org
 ./bin/gmg makeadmin chaneque
 # test the server
 # echo "Testing the server. In your browser http://localhost:6543 CTRL-c to exit."
 # echo "..."
 # ./lazyserver.sh --server-name=broadcast
 exit
 echo "Deploying MediaGoblin"
 # --- Deploy MediaGoblin
 sudo ln --symbolic /srv/media.cmxsl.org/nginx.conf /etc/nginx/sites-enabled/mediagoblin.conf
 sudo rm --force /etc/nginx/sites-enabled/default
 sudo systemctl enable nginx
 sudo cp ~/mediagoblin-setup/nginx.conf /srv/media.cmxsl.org/
 # quick test
 sudo nginx -t
 sudo systemctl restart nginx
 # test the server
 # echo "Testing NGINX. In your browser http://localhost:6543 CTRL-c to exit."
 # echo "..."
 # sudo su mediagoblin --shell=/bin/bash
 # cd /srv/media.cmxsl.org/mediagoblin/
 # ./lazyserver.sh --server-name=main
 # set permissions in the new directories
 sudo chown --no-dereference --recursive mediagoblin:www-data /srv/media.cmxsl.org
 sudo find /srv/media.cmxsl.org -type d -exec chmod 755 {} \;
 sudo find /srv/media.cmxsl.org -type f -exec chmod 644 {} \;
 sudo find /srv/media.cmxsl.org/mediagoblin/user_dev/crypto -type d -exec chmod 750 {} \;
 sudo find /srv/media.cmxsl.org/mediagoblin/user_dev/crypto -type f -exec chmod 640 {} \;
 sudo find /srv/media.cmxsl.org/mediagoblin/bin -type f -exec chmod 750 {} \;
 exit
 # --- Run MediaGoblin as a system services
 sudo mkdir --parents /var/log/mediagoblin
 sudo chown --no-dereference --recursive mediagoblin:mediagoblin /var/log/mediagoblin
 sudo cp ~/mediagoblin-setup/*.service /etc/systemd/system/
 # enable the project processes to start at boot
 sudo systemctl enable mediagoblin-paster.service
 sudo systemctl enable mediagoblin-celeryd.service
 # start these processes for the current session
 sudo systemctl start mediagoblin-paster.service
 sudo systemctl start mediagoblin-celeryd.service
 echo "MediaGoblin installed!!!"
--- a/mediagoblin-celeryd.service
+++ b/mediagoblin-celeryd.service
@ -0,0 +1,18 @@
 # Set the WorkingDirectory and Environment values to match your environment.
 [Unit]
 Description=MediaGoblin Celery
 After=rabbitmq-server.service
 [Service]
 User=mediagoblin
 Group=mediagoblin
 Type=simple
 WorkingDirectory=/srv/media.cmxsl.org/mediagoblin
 Environment=MEDIAGOBLIN_CONFIG=/srv/media.cmxsl.org/mediagoblin/mediagoblin.ini \
            CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery
 ExecStart=/srv/media.cmxsl.org/mediagoblin/bin/celery worker \
            --logfile=/var/log/mediagoblin/celery.log \
            --loglevel=INFO
 [Install]
 WantedBy=multi-user.target
--- a/mediagoblin-paster.service
+++ b/mediagoblin-paster.service
@ -0,0 +1,17 @@
 # Set the WorkingDirectory and Environment values to match your environment.
 [Unit]
 Description=Mediagoblin
 [Service]
 Type=simple
 User=mediagoblin
 Group=mediagoblin
 Environment=CELERY_ALWAYS_EAGER=false
 WorkingDirectory=/srv/media.cmxsl.org/mediagoblin
 ExecStart=/srv/media.cmxsl.org/mediagoblin/bin/paster serve \
            /srv/media.cmxsl.org/mediagoblin/paste.ini \
            --log-file=/var/log/mediagoblin/mediagoblin.log \
            --server-name=main
 [Install]
 WantedBy=multi-user.target
--- a/nginx.conf
+++ b/nginx.conf
@ -0,0 +1,66 @@
 server {
 #################################################
 # Stock useful config options, but ignore them :)
 #################################################
 include /etc/nginx/mime.types;
 autoindex off;
 default_type  application/octet-stream;
 sendfile on;
 # Gzip
 gzip on;
 gzip_min_length 1024;
 gzip_buffers 4 32k;
 gzip_types text/plain application/x-javascript text/javascript text/xml text/css;
 #####################################
 # Mounting MediaGoblin stuff
 # This is the section you should read
 #####################################
 # Change this to allow your users to upload larger files. If
 # you enable audio or video you will need to increase this. This
 # is essentially a security setting to prevent *extremely* large
 # files being uploaded. Example settings include 500m and 1g.
 client_max_body_size 100m;
 # prevent attacks (someone uploading a .txt file that the browser
 # interprets as an HTML file, etc.)
 add_header X-Content-Type-Options nosniff;
 server_name media.cmxsl.org www.media.cmxsl.org;
 access_log /var/log/nginx/media.cmxsl.access.log;
 error_log /var/log/nginx/media.cmxsl.error.log;
 # MediaGoblin's stock static files: CSS, JS, etc.
 location /mgoblin_static/ {
    alias /srv/media.cmxsl.org/mediagoblin/mediagoblin/static/;
 }
 # Instance specific media:
 location /mgoblin_media/ {
    alias /srv/media.cmxsl.org/mediagoblin/user_dev/media/public/;
 }
 # Theme static files (usually symlinked in)
 location /theme_static/ {
    alias /srv/media.cmxsl.org/mediagoblin/user_dev/theme_static/;
 }
 # Plugin static files (usually symlinked in)
 location /plugin_static/ {
    alias /srv/media.cmxsl.org/mediagoblin/user_dev/plugin_static/;
 }
 # Forward requests to the MediaGoblin app server.
 location / {
    proxy_pass http://127.0.0.1:6543;
    # On Debian and derivatives the below proxy_set_header lines can be replaced by:
    # include proxy_params;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
 }
 }