2019-09-22 14:25:22 +02:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
. /etc/weblate-bootstrap
|
|
|
|
|
|
|
|
|
|
# Install deps
|
|
|
|
|
apt-get install --no-install-recommends -y\
|
|
|
|
|
build-essential \
|
|
|
|
|
certbot \
|
|
|
|
|
curl \
|
|
|
|
|
cython \
|
|
|
|
|
exim4 \
|
|
|
|
|
g++ \
|
|
|
|
|
gcc \
|
|
|
|
|
gettext \
|
|
|
|
|
gir1.2-pango-1.0 \
|
|
|
|
|
git \
|
|
|
|
|
git-svn \
|
|
|
|
|
gnupg \
|
|
|
|
|
libcairo-dev \
|
|
|
|
|
libenchant1c2a \
|
|
|
|
|
libfreetype6-dev \
|
|
|
|
|
libgirepository1.0-dev \
|
|
|
|
|
libjpeg-dev \
|
|
|
|
|
libldap2-dev \
|
|
|
|
|
libleptonica-dev \
|
|
|
|
|
libsasl2-dev \
|
|
|
|
|
libssl-dev \
|
|
|
|
|
libtesseract-dev \
|
|
|
|
|
libxml2-dev \
|
|
|
|
|
libxmlsec1-dev \
|
|
|
|
|
libxslt-dev \
|
|
|
|
|
libyaml-dev \
|
2019-10-24 13:35:04 +02:00
|
|
|
libacl1-dev \
|
2019-09-22 14:25:22 +02:00
|
|
|
libz-dev \
|
|
|
|
|
mercurial \
|
|
|
|
|
nginx \
|
|
|
|
|
openssh-client \
|
|
|
|
|
pkg-config \
|
|
|
|
|
postgresql-client \
|
|
|
|
|
python3-certbot-nginx \
|
|
|
|
|
python3-dev \
|
|
|
|
|
python3-gdbm \
|
|
|
|
|
python3-pip \
|
|
|
|
|
python3-virtualenv \
|
|
|
|
|
redis-server \
|
2019-10-24 14:05:45 +02:00
|
|
|
rsync \
|
2019-09-22 14:25:22 +02:00
|
|
|
subversion \
|
|
|
|
|
tesseract-ocr \
|
|
|
|
|
uwsgi \
|
|
|
|
|
uwsgi-plugin-python3 \
|
|
|
|
|
virtualenv \
|
|
|
|
|
uwsgi \
|
|
|
|
|
uwsgi-plugin-python3
|
|
|
|
|
|
|
|
|
|
# Add user
|
2019-10-24 13:33:46 +02:00
|
|
|
adduser weblate --disabled-password --gecos Weblate
|
2019-10-26 07:08:18 +02:00
|
|
|
usermod --append --groups adm weblate
|
2019-09-22 14:25:22 +02:00
|
|
|
|
|
|
|
|
# Install Weblate and deps
|
2019-09-22 20:27:56 +02:00
|
|
|
sudo -u weblate virtualenv --python=python3 /home/weblate/weblate-env
|
|
|
|
|
sudo -u weblate /home/weblate/weblate-env/bin/pip install Weblate psycopg2-binary ruamel.yaml aeidon boto3 zeep chardet tesserocr phply
|
2019-10-24 13:16:13 +02:00
|
|
|
sudo -u weblate /home/weblate/weblate-env/bin/pip install https://github.com/WeblateOrg/hosted/archive/master.zip
|
2019-09-22 14:25:22 +02:00
|
|
|
|
2019-11-28 09:38:27 +01:00
|
|
|
PYVER=$(python3 -c 'import sys; print("{}.{}".format(*sys.version_info[:2]))')
|
|
|
|
|
|
2019-09-22 14:25:22 +02:00
|
|
|
# Configure Weblate
|
2019-11-28 09:38:27 +01:00
|
|
|
sudo -u weblate cp /home/weblate/weblate-env/lib/python$PYVER/site-packages/weblate/settings_example.py /home/weblate/weblate-env/lib/python$PYVER/site-packages/weblate/settings.py
|
2019-09-22 14:25:22 +02:00
|
|
|
|
|
|
|
|
sed -i \
|
2019-09-22 20:33:44 +02:00
|
|
|
-e 's#^DATA_DIR.*#DATA_DIR = "/home/weblate/data"#' \
|
|
|
|
|
-e 's#^ENABLE_HTTPS.*#ENABLE_HTTPS = True#' \
|
|
|
|
|
-e 's#^SERVER_EMAIL.*#SERVER_EMAIL = "noreply@weblate.org"#' \
|
2019-09-22 20:34:43 +02:00
|
|
|
-e 's#^DEFAULT_FROM_EMAIL.*#DEFAULT_FROM_EMAIL = "noreply@weblate.org"#' \
|
|
|
|
|
-e "s#^SECRET_KEY.*#SECRET_KEY = '$WEBLATE_SECRET'#" \
|
|
|
|
|
-e "s#^SITE_TITLE.*#SITE_TITLE = '$WEBLATE_TITLE'#" \
|
|
|
|
|
-e "s#^ALLOWED_HOSTS.*#ALLOWED_HOSTS = ['$WEBLATE_DOMAIN']#" \
|
|
|
|
|
-e "s#^SENTRY_DSN.*#SENTRY_DSN = '$WEBLATE_SENTRY'#" \
|
2019-10-24 13:50:58 +02:00
|
|
|
-e "s#^ \"PASSWORD\":.*# \"PASSWORD\": '$POSTGRES_PASS',#" \
|
2019-11-28 09:10:32 +01:00
|
|
|
-e "s#.*your_email@example.com.*# ('Michal Čihař', 'michal@cihar.com'),#" \
|
2019-10-24 13:38:40 +02:00
|
|
|
-e '/social_core.pipeline.social_auth.load_extra_data/ a \
|
2019-10-24 13:08:58 +02:00
|
|
|
"weblate.legal.pipeline.tos_confirm",' \
|
2019-10-24 13:38:40 +02:00
|
|
|
-e '/weblate.middleware.SecurityMiddleware/ a \
|
2019-10-24 13:08:58 +02:00
|
|
|
"weblate.legal.middleware.RequireTOSMiddleware",' \
|
2019-10-24 13:38:40 +02:00
|
|
|
-e '/weblate.gitexport/ a \
|
2019-10-30 05:30:02 +01:00
|
|
|
"wlhosted",' \
|
|
|
|
|
-e '/weblate.gitexport/ a \
|
2019-10-24 13:08:58 +02:00
|
|
|
"wlhosted.legal",' \
|
2019-10-24 13:59:07 +02:00
|
|
|
-e '/weblate.gitexport/ a \
|
|
|
|
|
"weblate.legal",' \
|
2019-11-28 09:38:27 +01:00
|
|
|
/home/weblate/weblate-env/lib/python$PYVER/site-packages/weblate/settings.py
|
2019-09-22 14:25:22 +02:00
|
|
|
|
2019-11-28 09:38:27 +01:00
|
|
|
cat <<EOT >> /home/weblate/weblate-env/lib/python$PYVER/site-packages/weblate/settings.py
|
2019-11-28 09:10:32 +01:00
|
|
|
|
|
|
|
|
# Hosted customization
|
|
|
|
|
ADMINS_CONTACT = ['rt@weblate.org']
|
|
|
|
|
DEFAULT_COMMITER_EMAIL = 'hosted@weblate.org'
|
|
|
|
|
DEFAULT_COMMITER_NAME = 'Hosted Weblate'
|
|
|
|
|
LOGIN_REQUIRED_URLS = (r'/(.*)$', )
|
|
|
|
|
EOT
|
|
|
|
|
|
2019-11-28 09:38:27 +01:00
|
|
|
echo 'STATUS_URL = "https://status.weblate.org/"' >> /home/weblate/weblate-env/lib/python$PYVER/site-packages/weblate/settings.py
|
2019-10-24 13:00:59 +02:00
|
|
|
|
|
|
|
|
# Fill the database
|
2019-09-22 20:42:37 +02:00
|
|
|
sudo -u weblate /home/weblate/weblate-env/bin/weblate migrate
|
2019-09-22 20:27:56 +02:00
|
|
|
sudo -u weblate /home/weblate/weblate-env/bin/weblate changesite --set-name $WEBLATE_DOMAIN
|
|
|
|
|
sudo -u weblate /home/weblate/weblate-env/bin/weblate createadmin --username nijel --email michal@cihar.com --name 'Michal Čihař'
|
|
|
|
|
sudo -u weblate /home/weblate/weblate-env/bin/weblate collectstatic
|
2019-10-30 05:30:12 +01:00
|
|
|
sudo -u weblate /home/weblate/weblate-env/bin/weblate compilemessages
|
2019-09-22 14:25:22 +02:00
|
|
|
|
|
|
|
|
# Celery and uwsgi
|
2019-11-28 09:38:27 +01:00
|
|
|
cd /home/weblate/weblate-env/lib/python$PYVER/site-packages/weblate/examples/
|
2019-09-22 14:25:22 +02:00
|
|
|
cp celery-weblate.logrotate /etc/logrotate.d/
|
|
|
|
|
cp celery-weblate.service /etc/systemd/system/
|
|
|
|
|
cp celery-weblate.conf /etc/default/celery-weblate
|
|
|
|
|
cp weblate.uwsgi.ini /etc/uwsgi/apps-available/weblate.ini
|
|
|
|
|
systemctl daemon-reload
|
|
|
|
|
systemctl start celery-weblate.service
|
|
|
|
|
ln -s ../apps-available/weblate.ini /etc/uwsgi/apps-enabled/
|
|
|
|
|
systemctl restart uwsgi.service
|
|
|
|
|
|
2019-09-22 21:23:35 +02:00
|
|
|
# SSL cert
|
2019-11-28 10:10:21 +01:00
|
|
|
if [ "x$1" != "x--nocert" ] ; then
|
|
|
|
|
certbot --agree-tos -m rt@weblate.org -d $WEBLATE_DOMAIN
|
|
|
|
|
fi
|
2019-09-22 21:23:35 +02:00
|
|
|
|
|
|
|
|
# Enable status locally
|
2019-11-25 20:00:20 +01:00
|
|
|
sed -i '/server_name _/a location = /nginx_status {\n stub_status;\n}' /etc/nginx/sites-available/default
|
2019-09-22 21:23:35 +02:00
|
|
|
# Weblate nginx snippet
|
|
|
|
|
cat > /etc/nginx/snippets/weblate.conf <<EOT
|
|
|
|
|
location ~ ^/favicon.ico$ {
|
|
|
|
|
# DATA_DIR/static/favicon.ico
|
|
|
|
|
alias /home/weblate/data/static/favicon.ico;
|
|
|
|
|
expires 30d;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location ~ ^/robots.txt$ {
|
|
|
|
|
# DATA_DIR/static/robots.txt
|
|
|
|
|
alias /home/weblate/data/static/robots.txt;
|
|
|
|
|
expires 30d;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location /static/ {
|
|
|
|
|
# DATA_DIR/static/
|
|
|
|
|
alias /home/weblate/data/static/;
|
|
|
|
|
expires 30d;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location /media/ {
|
|
|
|
|
# DATA_DIR/media/
|
|
|
|
|
alias /home/weblate/data/media/;
|
|
|
|
|
expires 30d;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
location / {
|
|
|
|
|
include uwsgi_params;
|
|
|
|
|
# Needed for long running operations in admin interface
|
|
|
|
|
uwsgi_read_timeout 3600;
|
|
|
|
|
# Adjust based to uwsgi configuration:
|
|
|
|
|
uwsgi_pass unix:///run/uwsgi/app/weblate/socket;
|
|
|
|
|
# uwsgi_pass 127.0.0.1:8080;
|
|
|
|
|
}
|
2019-10-24 13:16:13 +02:00
|
|
|
error_page 500 502 504 /weblate_50x.html;
|
|
|
|
|
error_page 503 /weblate_503.html;
|
|
|
|
|
location = /weblate_503.html {
|
2019-11-28 09:38:27 +01:00
|
|
|
root /home/weblate/weblate-env/lib/python$PYVER/site-packages/wlhosted/error;
|
2019-10-24 13:16:13 +02:00
|
|
|
internal;
|
|
|
|
|
}
|
|
|
|
|
location = /weblate_50x.html {
|
2019-11-28 09:38:27 +01:00
|
|
|
root /home/weblate/weblate-env/lib/python$PYVER/site-packages/wlhosted/error;
|
2019-10-24 13:16:13 +02:00
|
|
|
internal;
|
|
|
|
|
}
|
2019-09-22 21:23:35 +02:00
|
|
|
EOT
|
|
|
|
|
# Insert include after first server_name stanza
|
|
|
|
|
sed -i "0,/server_name $WEBLATE_DOMAIN.*/s//&\\ninclude snippets\/weblate.conf;/" /etc/nginx/sites-available/default
|
|
|
|
|
# Delete default location, replaced by snippet
|
|
|
|
|
sed -i ':a;N;$!ba;s/\(snippets\/weblate.conf;\)[^}]*}/\1/g' /etc/nginx/sites-available/default
|
2019-10-24 13:57:55 +02:00
|
|
|
systemctl reload nginx.service
|
2019-10-24 13:00:49 +02:00
|
|
|
|
|
|
|
|
# Matomo
|
|
|
|
|
sudo -u weblate git clone https://github.com/matomo-org/matomo-log-analytics.git /home/weblate/matomo-log-analytics
|
|
|
|
|
cat > /home/weblate/run-matomo.sh <<EOT
|
|
|
|
|
#!/bin/sh
|
|
|
|
|
/usr/bin/python2 \
|
|
|
|
|
/home/weblate/matomo-log-analytics/import_logs.py \
|
|
|
|
|
--url=https://stats.cihar.com/ \
|
|
|
|
|
--idsite=$MATOMO_SITE \
|
|
|
|
|
--token-auth=$MATOMO_TOKEN \
|
|
|
|
|
/var/log/nginx/access.log.1
|
|
|
|
|
EOT
|
|
|
|
|
chmod +x /home/weblate/run-matomo.sh
|
|
|
|
|
chown weblate:weblate /home/weblate/run-matomo.sh
|
2019-10-26 07:07:19 +02:00
|
|
|
echo '0 7 * * * /home/weblate/run-matomo.sh | logger -t matomo' > /tmp/weblate-cron
|
2019-12-08 22:08:39 +01:00
|
|
|
crontab /tmp/weblate-cron
|
|
|
|
|
rm /tmp/weblate-cron
|
