Update arm config

2022-05-13 12:07:00 +00:00 · 2022-05-13 12:07:00 +00:00 · 1705078a28
commit 1705078a28
parent 83c2a1876b
10 changed files with 37 additions and 28 deletions
--- a/ansible/tasks/common/docker.yml
+++ b/ansible/tasks/common/docker.yml
@ -20,7 +20,7 @@
  when: lsb_release.stdout == "bookworm"

 - name: Add deb for non-bookworm
-  shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+  shell: echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
  when: lsb_release.stdout != "bookworm"

 - name: Update packages
--- a/ansible/tasks/common/essential.yml
+++ b/ansible/tasks/common/essential.yml
@ -13,12 +13,12 @@
    name: "{{ username }}"
    group: root

- name: Disable SSH password auth
-  lineinfile:
-    dest: /etc/ssh/sshd_config
-    regexp: "^#PasswordAuthentication yes"
-    line: "PasswordAuthentication no"
-  register: sshd_config
+# - name: Disable SSH password auth
+#   lineinfile:
+#     dest: /etc/ssh/sshd_config
+#     regexp: "^#PasswordAuthentication yes"
+#     line: "PasswordAuthentication no"
+#   register: sshd_config

 - name: Enable passwordless sudo for user
  lineinfile:
--- a/ansible/tasks/common/packages.yml
+++ b/ansible/tasks/common/packages.yml
@ -20,7 +20,11 @@
 - name: Clean packages
  shell: cd {{ playbook_dir }} && pnpm -r clean

+- name: Remove packages/system-api/dist folder
+  shell: rm -rf {{ playbook_dir }}/packages/system-api/dist
+
 - name: Build packages
+  become_user: "{{ username }}"
  shell: cd {{ playbook_dir }} && pnpm -r build-prod

 - name: Check if app is already running
--- a/apps/filerun/config.json
+++ b/apps/filerun/config.json
@ -1,6 +1,7 @@
 {
  "name": "FileRun",
  "port": 8087,
+  "available": false,
  "id": "filerun",
  "description": "Reliable and Performant File Management Desktop Sync and File Sharing",
  "short_desc": "Access your homeserver files from your browser",
--- a/apps/freshrss/docker-compose.yml
+++ b/apps/freshrss/docker-compose.yml
@ -2,23 +2,24 @@ version: "3.7"

 services:
  freshrss:
+    image: lscr.io/linuxserver/freshrss:1.19.2
    container_name: freshrss
-    image: freshrss/freshrss:arm
-    restart: unless-stopped
+    environment:
+      - PUID=1000
+      - PGID=1000
+      - TZ=${TZ}
+    volumes:
+      - ${APP_DATA_DIR}/data/freshrss:/config
    ports:
      - ${APP_PORT}:80
-    volumes:
-      - ${APP_DATA_DIR}/data/freshrss:/var/www/FreshRSS/data
-      - ${APP_DATA_DIR}/data/extensions/:/var/www/FreshRSS/extensions
-    environment:
-      CRON_MIN: '*/20'
-      TZ: $TZ
+    restart: unless-stopped
    networks:
      - tipi_main_network
+
    # labels:
    #     traefik.enable: true
    #     traefik.http.routers.freshrss.rule: Host(`freshrss.tipi.home`)
    #     traefik.http.routers.freshrss.service: freshrss
    #     traefik.http.routers.freshrss.tls: true
    #     traefik.http.routers.freshrss.entrypoints: websecure
-    #     traefik.http.services.freshrss.loadbalancer.server.port: 80
+    #     traefik.http.services.freshrss.loadbalancer.server.port: 80
--- a/apps/invidious/docker-compose.arm.yml
+++ b/apps/invidious/docker-compose.arm.yml
@ -8,9 +8,6 @@ services:
    ports:
      - "${APP_PORT}:3000"
    environment:
-      # Please read the following file for a comprehensive list of all available
-      # configuration options and their associated syntax:
-      # https://github.com/iv-org/invidious/blob/master/config/config.example.yml
      INVIDIOUS_CONFIG: |
        db:
          dbname: invidious
--- a/apps/pihole/docker-compose.yml
+++ b/apps/pihole/docker-compose.yml
@ -19,7 +19,7 @@ services:
    hostname: pihole
    dns:
      - 127.0.0.1
-      - 10.21.21.200 # Points to unbound
+      # - 10.21.21.200 # Points to unbound
    ports:
      - 53:53/tcp
      - 53:53/udp
@ -30,7 +30,7 @@ services:
    environment:
      TZ: ${TZ}
      WEBPASSWORD: ${APP_PASSWORD}
-      PIHOLE_DNS_: 10.21.21.200 # Points to unbound
+      # PIHOLE_DNS_: 10.21.21.200 # Points to unbound
      FTLCONF_REPLY_ADDR4: 10.21.21.201
    cap_add:
      - NET_ADMIN
--- a/packages/system-api/src/modules/apps/tests/apps.service.test.ts
+++ b/packages/system-api/src/modules/apps/tests/apps.service.test.ts
@ -37,6 +37,10 @@ const testApp2: Partial<AppConfig> = {
  id: 'test-app2',
 };

+const testApp3: Partial<AppConfig> = {
+  id: 'test-app3',
+};
+
 const MOCK_FILE_EMPTY = {
  [`${config.ROOT_FOLDER}/apps/test-app/config.json`]: JSON.stringify(testApp),
  [`${config.ROOT_FOLDER}/.env`]: 'TEST=test',
@ -46,6 +50,7 @@ const MOCK_FILE_EMPTY = {
 const MOCK_FILE_INSTALLED = {
  [`${config.ROOT_FOLDER}/apps/test-app/config.json`]: JSON.stringify(testApp),
  [`${config.ROOT_FOLDER}/apps/test-app2/config.json`]: JSON.stringify(testApp2),
+  [`${config.ROOT_FOLDER}/apps/test-app3/config.json`]: JSON.stringify(testApp3),
  [`${config.ROOT_FOLDER}/.env`]: 'TEST=test',
  [`${config.ROOT_FOLDER}/state/apps.json`]: '{"installed": "test-app"}',
  [`${config.ROOT_FOLDER}/app-data/test-app`]: '',
--- a/packages/system-api/src/server.ts
+++ b/packages/system-api/src/server.ts
@ -8,7 +8,7 @@ import { isProd } from './constants/constants';
 import appsRoutes from './modules/apps/apps.routes';
 import systemRoutes from './modules/system/system.routes';
 import authRoutes from './modules/auth/auth.routes';
-import { tradeTokenForUser } from './modules/auth/auth.helpers';
+import AuthHelpers from './modules/auth/auth.helpers';
 import cookieParser from 'cookie-parser';
 import config from './config';

@ -30,7 +30,7 @@ app.use((req, res, next) => {
  let user = null;

  if (req?.cookies?.tipi_token) {
-    user = tradeTokenForUser(req.cookies.tipi_token);
+    user = AuthHelpers.tradeTokenForUser(req.cookies.tipi_token);
    if (user) req.user = user;
  }

--- a/scripts/start.sh
+++ b/scripts/start.sh
@ -14,10 +14,11 @@ SED_ROOT_FOLDER="$(echo $ROOT_FOLDER | sed 's/\//\\\//g')"
 INTERNAL_IP="$(hostname -I | awk '{print $1}')"
 DNS_IP=9.9.9.9 # Default to Quad9 DNS
 ARCHITECTURE="$(uname -m)"
+USERNAME="$(id -nu 1000)"

 if [[ "$ARCHITECTURE" == "x86_64" ]]; then
  ARCHITECTURE="amd64"
-else if [[ "$ARCHITECTURE" == "aarch64" ]]; then
+elif [[ "$ARCHITECTURE" == "aarch64" ]]; then
  ARCHITECTURE="arm64"
 fi

@ -44,8 +45,6 @@ function derive_entropy() {
  printf "%s" "${identifier}" | openssl dgst -sha256 -hmac "${tipi_seed}" | sed 's/^.* //'
 }

-
-
 # Get dns ip if pihole is installed
 str=$(get_json_field ${STATE_FOLDER}/apps.json installed)

@ -123,7 +122,7 @@ done
 mv -f "$ENV_FILE" "$ROOT_FOLDER/.env"
 mv -f "$ENV_FILE_SYSTEM_API" "$ROOT_FOLDER/packages/system-api/.env"

-ansible-playbook ansible/start.yml -i ansible/hosts -K -e username="$USER"
+ansible-playbook ansible/start.yml -i ansible/hosts -K -e username="$USERNAME"

 # Run docker-compose
 docker-compose --env-file "${ROOT_FOLDER}/.env" up --detach --remove-orphans --build || {
@ -164,4 +163,6 @@ cat << "EOF"
 EOF
 echo ""
 echo "Visit http://${INTERNAL_IP}/ to view the dashboard"
-echo ""
+echo ""
+
+