Weblate/scripts
2
0
Fork 0
mirror of https://gh.llkk.cc/https://github.com/WeblateOrg/scripts.git synced 2025-10-03 15:01:00 +08:00
Code Issues Projects Packages Wiki Activity Actions 3

chore: apply shfmt

Browse source
This commit is contained in:
Michal Čihař 2025-04-08 11:35:17 +02:00
parent 78892e5652
commit d5780ab4ee
13 changed files with 110 additions and 116 deletions
Download patch file Download diff file Expand all files Collapse all files

10
bootstrap
View file

@ -3,25 +3,25 @@
echo "Weblate domain:"
read -r domain
cloud_domain="${domain%.weblate.cloud}"
if [ "$cloud_domain" = "$domain" ] ; then
if [ "$cloud_domain" = "$domain" ]; then
echo "Cloud domain (without .weblate.cloud):"
read -r cloud_domain
fi
echo "Weblate title:"
read -r title
if [ -f ~/.config/weblate-bootstrap/sentry_dsn ] ; then
if [ -f ~/.config/weblate-bootstrap/sentry_dsn ]; then
sentry=$(cat ~/.config/weblate-bootstrap/sentry_dsn)
else
echo "Sentry DSN:"
read -r sentry
fi
if [ -f ~/.config/weblate-bootstrap/sentry_token ] ; then
if [ -f ~/.config/weblate-bootstrap/sentry_token ]; then
sentry_token=$(cat ~/.config/weblate-bootstrap/sentry_token)
else
echo "Sentry Token:"
read -r sentry_token
fi
if [ -f ~/.config/weblate-bootstrap/graylog_token ] ; then
if [ -f ~/.config/weblate-bootstrap/graylog_token ]; then
graylog_token=$(cat ~/.config/weblate-bootstrap/graylog_token)
else
echo "Graylog Token:"
@ -30,7 +30,7 @@ fi

smtp_pass=$(openssl rand -hex 32)

cat > "${1:-/etc/weblate-bootstrap}" <<EOT
cat > "${1:-/etc/weblate-bootstrap}" << EOT
WEBLATE_DOMAIN="$domain"
WEBLATE_CLOUD_DOMAIN="$cloud_domain"
WEBLATE_TITLE="$title"

3
configure-system
View file

@ -7,8 +7,7 @@ apt update
apt install -y fail2ban vim
apt purge -y vim-tiny cryptsetup-initramfs


cat > /etc/fail2ban/jail.d/sshd.conf <<EOT
cat > /etc/fail2ban/jail.d/sshd.conf << EOT
[sshd]
mode = aggressive
EOT

10
create-monitor-user
View file

@ -3,22 +3,22 @@
KEY="$(sed -n '/^env.KEY/ s/^env.KEY \(.*\)/\1/p' /etc/munin/plugin-conf.d/weblate_servers)"
SERVER="$(sed -n '/^env.SERVER/ s/^env.SERVER \(.*\)/\1/p' /etc/munin/plugin-conf.d/weblate_servers)"

if [ -z "$SERVER" ] ; then
if [ -z "$SERVER" ]; then
echo "Missing server configuration!"
exit 1
fi

if [ -n "$KEY" ] ; then
if ! curl -f -s -H "Authorization: Token $KEY" "${SERVER}api/metrics/" -o /dev/null ; then
if [ -n "$KEY" ]; then
if ! curl -f -s -H "Authorization: Token $KEY" "${SERVER}api/metrics/" -o /dev/null; then
echo "Key not working, recreating"
KEY=""
fi
fi

if [ -z "$KEY" ] ; then
if [ -z "$KEY" ]; then

echo "Generating new key"
if [ -f "/home/weblate/weblate/docker-compose.override.yml" ] ; then
if [ -f "/home/weblate/weblate/docker-compose.override.yml" ]; then
cd /home/weblate/weblate || exit 1
KEY="$(sudo -u weblate docker compose exec --user weblate weblate weblate shell -c 'from weblate.auth.models import User; user = User.objects.create(username="monitor"); print(user.auth_token.key)')"
else

2
install-docker
View file

@ -18,7 +18,7 @@ curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o

# APT source
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]') \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/$(lsb_release -is | tr '[:upper:]' '[:lower:]') \
$(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list

# Install Docker

2
install-graylog
View file

@ -2,7 +2,7 @@

set -e

if [ -n "$1" ] ; then
if [ -n "$1" ]; then
WEBLATE_GRAYLOG_TOKEN="$1"
else
# shellcheck disable=SC1091

2
install-mail-delivery
View file

@ -2,7 +2,7 @@

set -e

if [ -z "$1" ] || [ "$1" = "--help" ] ; then
if [ -z "$1" ] || [ "$1" = "--help" ]; then
echo "Usage: install-mail-delivery HOSTNAME"
exit 1
fi

8
install-munin
View file

@ -11,14 +11,14 @@ export PATH

# Munin
mkdir -p /etc/munin/plugin-conf.d/
cat > /etc/munin/plugin-conf.d/postgres <<EOT
cat > /etc/munin/plugin-conf.d/postgres << EOT
[postgres_*]
user weblate
env.PGHOST 127.0.0.1
env.PGUSER weblate
env.PGPASSWORD weblate
EOT
cat > /etc/munin/plugin-conf.d/redis <<EOT
cat > /etc/munin/plugin-conf.d/redis << EOT
[redis]
env.host1 127.0.0.1
env.port1 6379
@ -31,7 +31,7 @@ wget https://raw.githubusercontent.com/munin-monitoring/contrib/master/plugins/r
wget https://raw.githubusercontent.com/WeblateOrg/munin/master/weblate
wget https://raw.githubusercontent.com/WeblateOrg/munin/master/ksm
chmod +x redis weblate ksm
cat > /etc/munin/plugin-conf.d/weblate_servers <<EOT
cat > /etc/munin/plugin-conf.d/weblate_servers << EOT
[weblate]
env.SERVER https://$WEBLATE_DOMAIN/
env.KEY
@ -44,5 +44,5 @@ mkdir /run/munin/
chmod 777 /run/munin/
apt install -y munin-node munin-plugins-extra libdbd-pg-perl libwww-perl libswitch-perl

sed -i "/allow.*::1/ a allow ^172\\\\.16\\\\.0\\\\.9\$" /etc/munin/munin-node.conf
sed -i '/allow.*::1/ a allow ^172\\.16\\.0\\.9$' /etc/munin/munin-node.conf
systemctl restart munin-node

12
install-remote
View file

@ -3,12 +3,12 @@

set -e

if [ ! -f .venv/bin/activate ] ; then
if [ ! -f .venv/bin/activate ]; then
echo "Missing virtual environment!"
exit 2
fi

if [ -z "$1" ] || [ "$1" = "--help" ] ; then
if [ -z "$1" ] || [ "$1" = "--help" ]; then
echo "Usage: install-remote HOSTNAME [VERSION]"
exit 1
fi
@ -24,7 +24,7 @@ TMPFILE=$(mktemp --tmpdir weblate-log.XXXXXXXXXX)

# Gather basic configuration
bootstrap "$BOOTSTRAP" "$2"
cat >> "$BOOTSTRAP" <<EOT
cat >> "$BOOTSTRAP" << EOT
WEBLATE_PASSWORD="$(apg -a 0 -M sncl -n 1 -x 10 -m 20)"
EOT

@ -54,8 +54,8 @@ hcloud server create \
IPADDRESS=$(sed -n 's/IPv4: \(.*\)/\1/p' "$TMPFILE")
IP6ADDRESS=$(sed -n 's/IPv6: \(.*\)/\1/p' "$TMPFILE")

hcloud server set-rdns --ip "$IPADDRESS" --hostname "$WEBLATE_DOMAIN" "$SERVER_NAME"
hcloud server set-rdns --ip "$IP6ADDRESS" --hostname "$WEBLATE_DOMAIN" "$SERVER_NAME"
hcloud server set-rdns --ip "$IPADDRESS" --hostname "$WEBLATE_DOMAIN" "$SERVER_NAME"
hcloud server set-rdns --ip "$IP6ADDRESS" --hostname "$WEBLATE_DOMAIN" "$SERVER_NAME"
./dns-edit "$IPADDRESS" "$IP6ADDRESS" "$WEBLATE_CLOUD_DOMAIN"

ssh-keygen -f ~/.ssh/known_hosts -R "$IPADDRESS"
@ -92,7 +92,7 @@ echo "TODO:"
echo " * Store password: $WEBLATE_PASSWORD"
echo " * Add $IPADDRESS to SSH configuration"
# AMD uses ens10
echo " * Add host to munin: $(s ip -f inet address show enp7s0 | sed -En -e 's/.*inet ([0-9.]+).*/\1/p')"
echo " * Add host to munin: $(s ip -f inet address show enp7s0 | sed -En -e 's/.*inet ([0-9.]+).*/\1/p')"
echo " * Link with purchased service"
echo " * Activate and verify backups"
echo " * Verify SMTP is working"

15
install-weblate
View file

@ -9,8 +9,7 @@ cd /tmp

# Install deps
apt-get update
apt-get install --no-install-recommends -y\
build-essential \
apt-get install --no-install-recommends -y build-essential \
certbot \
curl \
cython3 \
@ -118,7 +117,7 @@ SENTRY_TOKEN = '$WEBLATE_SENTRY_TOKEN'" \
-e 's/# "weblate.machinery.apertium.ApertiumAPYTranslation",/"weblate.machinery.apertium.ApertiumAPYTranslation",/' \
"$SETTINGS_PY"

cat <<EOT >> "$SETTINGS_PY"
cat << EOT >> "$SETTINGS_PY"

# Hosted customization
ADMINS_CONTACT = ['care@weblate.org']
@ -131,7 +130,7 @@ EOT

# Fill the database
sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate migrate
if [ -n "$WEBLATE_PASSWORD" ] ; then
if [ -n "$WEBLATE_PASSWORD" ]; then
sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate createadmin --username nijel --email michal@cihar.com --name 'Michal Čihař' --password "$WEBLATE_PASSWORD"
else
sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate createadmin --username nijel --email michal@cihar.com --name 'Michal Čihař'
@ -139,7 +138,7 @@ fi
sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate collectstatic --noinput
sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate compress --force
# Track deploy at Sentry
if ! grep -q "SENTRY_TOKEN = ''" "$SETTINGS_PY" ; then
if ! grep -q "SENTRY_TOKEN = ''" "$SETTINGS_PY"; then
sudo -u weblate "$WEBLATE_HOME/weblate-env/bin/weblate" sentry_deploy
fi

@ -156,20 +155,20 @@ ln -s ../apps-available/weblate.ini /etc/uwsgi/apps-enabled/
systemctl restart uwsgi.service

# SSL cert
if [ "$1" != "--nocert" ] ; then
if [ "$1" != "--nocert" ]; then
certbot --agree-tos --email care@weblate.org --redirect --no-eff-email -d "$WEBLATE_DOMAIN"
fi

# Enable http/2
sed -i -e 's/ssl;/ssl http2;/' -e 's/ssl ipv6only=on/ssl ipv6only=on http2/' /etc/nginx/sites-available/default
# Enable status locally
sed -i '/server_name _/a location = /nginx_status {\n stub_status;\n}' /etc/nginx/sites-available/default
sed -i '/server_name _/a location = /nginx_status {\n stub_status;\n}' /etc/nginx/sites-available/default
# Enable compression for js/css
sed -i 's/^\t# gzip/\tgzip/' /etc/nginx/nginx.conf
# Hide server version
sed -i 's/# server_tokens off/server_tokens off/' /etc/nginx/nginx.conf
# Weblate nginx snippet
cat > /etc/nginx/snippets/weblate.conf <<EOT
cat > /etc/nginx/snippets/weblate.conf << EOT
location /static/ {
# DATA_DIR/static/
alias $WEBLATE_HOME/data/static/;

36
install-weblate-docker
View file

@ -5,21 +5,21 @@ set -e
# shellcheck disable=SC1091
. /etc/weblate-bootstrap

if [ "$1" = "--nocert" ] ; then
if [ "$1" = "--nocert" ]; then
CERT=0
shift
else
CERT=1
fi

if [ "$1" = "--nomail" ] ; then
if [ "$1" = "--nomail" ]; then
IGNORE_CHECKS=,weblate.E003
shift
else
IGNORE_CHECKS=""
fi

if [ "$1" = "--migrate" ] ; then
if [ "$1" = "--migrate" ]; then
MIGRATE=1
CERT=0
shift
@ -27,7 +27,7 @@ else
MIGRATE=0
fi

if [ "$MIGRATE" -eq 0 ] ; then
if [ "$MIGRATE" -eq 0 ]; then
adduser weblate --disabled-password --gecos Weblate
fi
usermod --append --groups adm weblate
@ -38,8 +38,7 @@ WEBLATE_DOCKER="$WEBLATE_HOME/weblate"

cd /tmp
apt-get update
apt-get install --no-install-recommends -y\
fail2ban python3-pyinotify python3-systemd \
apt-get install --no-install-recommends -y fail2ban python3-pyinotify python3-systemd \
systemd-timesyncd \
rsyslog \
nginx \
@ -51,21 +50,21 @@ apt-get install --no-install-recommends -y\
sudo -u weblate git clone https://github.com/WeblateOrg/wllegal.git $WEBLATE_HOME/wllegal

# SSL cert
if [ "$CERT" -eq 1 ] ; then
if [ "$CERT" -eq 1 ]; then
certbot --agree-tos --email care@weblate.org --redirect --no-eff-email -d "$WEBLATE_DOMAIN"
fi

# Enable http/2
sed -i -e 's/ssl;/ssl http2;/' -e 's/ssl ipv6only=on/ssl ipv6only=on http2/' /etc/nginx/sites-available/default
if [ "$MIGRATE" -eq 0 ] ; then
if [ "$MIGRATE" -eq 0 ]; then
# Enable status locally
sed -i '/server_name _/a location = /nginx_status {\n stub_status;\n}' /etc/nginx/sites-available/default
sed -i '/server_name _/a location = /nginx_status {\n stub_status;\n}' /etc/nginx/sites-available/default
fi
# Hide server version
sed -i 's/# server_tokens off/server_tokens off/' /etc/nginx/nginx.conf

# Weblate nginx snippet
cat > /etc/nginx/snippets/weblate.conf <<EOT
cat > /etc/nginx/snippets/weblate.conf << EOT
location / {
proxy_pass http://127.0.0.1:8080;
proxy_read_timeout 3600s;
@ -89,7 +88,7 @@ cat > /etc/nginx/snippets/weblate.conf <<EOT
access_log /var/log/nginx/access.log;
EOT

if [ "$MIGRATE" -eq 0 ] ; then
if [ "$MIGRATE" -eq 0 ]; then
# Insert include after first server_name stanza
sed -i "0,/server_name $WEBLATE_DOMAIN.*/s//&\\ninclude snippets\/weblate.conf;/" /etc/nginx/sites-available/default
# Delete default location, replaced by snippet
@ -99,14 +98,13 @@ systemctl enable nginx.service
systemctl restart nginx.service

# Fail2ban
if [ ! -d "$WEBLATE_HOME/fail2ban" ] ; then
if [ ! -d "$WEBLATE_HOME/fail2ban" ]; then
sudo -u weblate git clone https://github.com/WeblateOrg/fail2ban.git $WEBLATE_HOME/fail2ban
ln -s $WEBLATE_HOME/fail2ban/filter.d/* /etc/fail2ban/filter.d/
ln -s $WEBLATE_HOME/fail2ban/jail.d/* /etc/fail2ban/jail.d/
systemctl restart fail2ban.service
fi


# Install Weblate dirs
mkdir -p "$WEBLATE_DOCKER" "$WEBLATE_HOME/cache" "$WEBLATE_HOME/data" "$WEBLATE_HOME/postgresql" "$WEBLATE_HOME/redis"

@ -115,7 +113,7 @@ cd "$WEBLATE_DOCKER"

curl -fsSL https://raw.githubusercontent.com/WeblateOrg/docker-compose/main/docker-compose.yml > docker-compose.yml
curl -fsSL https://raw.githubusercontent.com/WeblateOrg/docker-compose/main/environment > environment
cat > docker-compose.override.yml <<EOT
cat > docker-compose.override.yml << EOT
services:
weblate:
image: weblate/weblate:latest
@ -155,7 +153,7 @@ volumes:
device: '$WEBLATE_HOME/redis'
EOT

cat >> environment <<EOT
cat >> environment << EOT

# E-mail setup
WEBLATE_EMAIL_HOST=172.16.0.84
@ -199,7 +197,7 @@ chown -R weblate:weblate $WEBLATE_HOME
# Fetch Weblate containers
sudo -u weblate docker compose pull

if [ "$MIGRATE" -eq 1 ] ; then
if [ "$MIGRATE" -eq 1 ]; then
exit 0
fi

@ -210,17 +208,17 @@ sudo -u weblate docker compose up -d --wait
sudo -u weblate docker compose logs

# Track deploy to Sentry
if [ -n "$WEBLATE_SENTRY_TOKEN" ] ; then
if [ -n "$WEBLATE_SENTRY_TOKEN" ]; then
sudo -u weblate docker compose exec --user weblate weblate weblate sentry_deploy || true
fi

# Create admin user
if [ -n "$WEBLATE_PASSWORD" ] ; then
if [ -n "$WEBLATE_PASSWORD" ]; then
sudo -u weblate docker compose exec --user weblate weblate weblate createadmin --username nijel --email michal@cihar.com --name 'Michal Čihař' --password "$WEBLATE_PASSWORD" --update
fi

# Machinery configuration
if [ "$CERT" -eq 1 ] ; then
if [ "$CERT" -eq 1 ]; then
sudo -u weblate docker compose exec --user weblate weblate weblate install_machinery --service libretranslate --configuration '{"key": "", "url": "http://172.16.0.9:5000/"}'
sudo -u weblate docker compose exec --user weblate weblate weblate install_machinery --service apertium-apy --configuration '{"url": "http://172.16.0.9:2737/"}'
fi

6
migrate-docker
View file

@ -21,7 +21,7 @@ install-docker

# Stop services, wait for empty queue
systemctl stop uwsgi
while sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" celery_queues | grep ': [^0]' ; do
while sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" celery_queues | grep ': [^0]'; do
sleep 1
done
systemctl stop celery-weblate
@ -33,7 +33,7 @@ install-weblate-docker "$@" --migrate

# Dump PostgreSQL and load it to Docker
# shellcheck disable=SC2024
sudo -u "postgres" pg_dump --no-privileges --no-owner --clean --if-exists weblate > "$WEBLATE_HOME/weblate.sql"
sudo -u "postgres" pg_dump --no-privileges --no-owner --clean --if-exists weblate > "$WEBLATE_HOME/weblate.sql"
systemctl stop postgresql

cd "$WEBLATE_DOCKER"
@ -61,7 +61,7 @@ sudo -u weblate docker compose up -d --wait
sudo -u weblate docker compose logs

# Track deploy to Sentry
if [ -n "$WEBLATE_SENTRY_TOKEN" ] ; then
if [ -n "$WEBLATE_SENTRY_TOKEN" ]; then
sudo -u weblate docker compose exec --user weblate weblate weblate sentry_deploy
fi


5
upgrade-nginx-ssl
View file

@ -8,9 +8,8 @@ sed -i '/\/etc\/letsencrypt\/options-ssl-nginx.conf/ D' /etc/nginx/sites-availab
# Disable built-in SSL config
sed -i -e '/ssl_protocols/D' -e '/ssl_prefer_server_ciphers/D' /etc/nginx/nginx.conf


# Update SSL config
cat > /etc/nginx/conf.d/ssl.conf <<EOT
cat > /etc/nginx/conf.d/ssl.conf << EOT
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
@ -26,7 +25,7 @@ ssl_stapling_verify on;
EOT

# Update DH params
if [ ! -f /etc/nginx/ffdhe4096.pem ] ; then
if [ ! -f /etc/nginx/ffdhe4096.pem ]; then
curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/nginx/ffdhe4096.pem
fi


115
upgrade-weblate
View file

@ -4,7 +4,7 @@ set -e

cd /tmp

if [ -f /etc/weblate-bootstrap ] ; then
if [ -f /etc/weblate-bootstrap ]; then
# shellcheck disable=SC1091
. /etc/weblate-bootstrap
fi
@ -24,49 +24,49 @@ if [ "$VALID_ARGUMENTS" != "0" ]; then
exit 1
fi
eval set -- "$PARSED_ARGUMENTS"
while : ; do
while :; do
case "$1" in
-d | --nodiff | --no-diff)
DO_DIFF=0
shift
;;
-r | --lazy-restart)
LAZY_RESTART=1
shift
;;
-h | --help)
usage
exit
;;
--)
shift
break
;;
*)
echo "Unexpected option: $1 - this should not happen."
usage
exit 1
;;
-d | --nodiff | --no-diff)
DO_DIFF=0
shift
;;
-r | --lazy-restart)
LAZY_RESTART=1
shift
;;
-h | --help)
usage
exit
;;
--)
shift
break
;;
*)
echo "Unexpected option: $1 - this should not happen."
usage
exit 1
;;
esac
done

# Detect user
if [ -n "$WEBLATE_USERNAME" ] ; then
if [ -n "$WEBLATE_USERNAME" ]; then
USERNAME=$WEBLATE_USERNAME
else
for u in weblate ec2-user apache ; do
if id $u > /dev/null 2>&1 ; then
for u in weblate ec2-user apache; do
if id $u > /dev/null 2>&1; then
USERNAME=$u
break
fi
done
fi
if [ -z "$USERNAME" ] ; then
if [ -z "$USERNAME" ]; then
echo "Could not detect username!"
exit 1
fi

if [ "$USERNAME" = root ] && [ -d /opt/weblate ] ; then
if [ "$USERNAME" = root ] && [ -d /opt/weblate ]; then
WEBLATE_HOME=/opt/weblate
WEBLATE_USERNAME=apache
else
@ -78,7 +78,7 @@ fi
# WEBLATE_USERNAME is user running Weblate
# USERNAME is user owning Weblate sources

if [ -f "$WEBLATE_HOME/weblate/docker-compose.override.yml" ] ; then
if [ -f "$WEBLATE_HOME/weblate/docker-compose.override.yml" ]; then
# Docker based upgrade
cd "$WEBLATE_HOME/weblate"
sudo -u weblate docker compose pull
@ -91,19 +91,18 @@ if [ -f "$WEBLATE_HOME/weblate/docker-compose.override.yml" ] ; then
else

# Detect web service
for service in gunicorn.service uwsgi.service httpd.service ; do
if systemctl cat -- $service > /dev/null 2>&1 ; then
for service in gunicorn.service uwsgi.service httpd.service; do
if systemctl cat -- $service > /dev/null 2>&1; then
SERVICE=$service
break
fi
done
if [ -z "$SERVICE" ] ; then
if [ -z "$SERVICE" ]; then
echo "Could not detect web service!"
exit 1
fi


if [ "$WEBLATE_HOME" = /opt/weblate ] ; then
if [ "$WEBLATE_HOME" = /opt/weblate ]; then
WEBLATE_ENV="/opt/weblate"
else
WEBLATE_ENV="$WEBLATE_HOME/weblate-env"
@ -111,11 +110,11 @@ else

PYVER="$("$WEBLATE_ENV/bin/python" -c 'import sys; print("{}.{}".format(*sys.version_info[:2]))')"

if [ -d "$WEBLATE_HOME/weblate-src" ] ; then
if [ -d "$WEBLATE_HOME/weblate-src" ]; then
WEBLATE_DIR="$WEBLATE_HOME/weblate-src"
WEBLATE_PKG="$WEBLATE_DIR"
PIP_ARGS="--editable"
elif [ -d "$WEBLATE_HOME/weblate" ] ; then
elif [ -d "$WEBLATE_HOME/weblate" ]; then
WEBLATE_DIR="$WEBLATE_HOME/weblate"
WEBLATE_PKG="$WEBLATE_DIR"
PIP_ARGS="--editable"
@ -125,7 +124,7 @@ else
PIP_ARGS=""
fi
WEBLATE_FLAGS="all,zxcvbn,wllegal"
if [ -d "$WEBLATE_HOME/hosted" ] ; then
if [ -d "$WEBLATE_HOME/hosted" ]; then
PIP_ARGS="--editable $WEBLATE_HOME/hosted $PIP_ARGS"
WEBLATE_FLAGS="$WEBLATE_FLAGS,mysql,saml2idp"
fi
@ -142,35 +141,35 @@ else
sudo -u "$USERNAME" "$WEBLATE_ENV/bin/pip" wheel --wheel-dir "$WHEELS" "Weblate[${WEBLATE_FLAGS}]"
rm -rf "$WHEELS"

if [ $LAZY_RESTART -eq 0 ] ; then
if [ $LAZY_RESTART -eq 0 ]; then
# Stop web
if [ "$SERVICE" = gunicorn.service ] ; then
if [ "$SERVICE" = gunicorn.service ]; then
systemctl disable gunicorn.socket
fi
systemctl stop "$SERVICE"
# Wait for celery to process all jobs
while sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" celery_queues | grep ': [^0]' ; do
while sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" celery_queues | grep ': [^0]'; do
sleep 1
done

# Stop celery
systemctl stop celery-weblate.service
for WORKER in $WEBLATE_WORKERS ; do
for WORKER in $WEBLATE_WORKERS; do
ssh "root@$WORKER" systemctl stop celery-weblate.service
done
fi

# Upgrade modules
if [ "$WEBLATE_PKG" != "Weblate" ] ; then
if [ "$WEBLATE_PKG" != "Weblate" ]; then
OLD_DIR=$PWD
cd "$WEBLATE_DIR"
git config --global safe.directory "$WEBLATE_DIR"
OLD_HEAD=$(git log -n1 --format=%H)
sudo -u "$USERNAME" sh -c "cd $WEBLATE_DIR; git pull"
if [ -d "$WEBLATE_HOME/hosted" ] ; then
if [ -d "$WEBLATE_HOME/hosted" ]; then
sudo -u "$WEBLATE_USERNAME" sh -c "cd $WEBLATE_HOME/hosted; git pull -q"
fi
if [ "$DO_DIFF" -eq 1 ] && git diff --exit-code "$OLD_HEAD".. -- weblate/settings_example.py > /dev/null ; then
if [ "$DO_DIFF" -eq 1 ] && git diff --exit-code "$OLD_HEAD".. -- weblate/settings_example.py > /dev/null; then
DO_DIFF="0"
fi
cd "$OLD_DIR"
@ -179,10 +178,10 @@ else
sudo -u "$USERNAME" "$WEBLATE_ENV/bin/pip" install --upgrade-strategy eager --upgrade $PIP_ARGS "${WEBLATE_PKG}[${WEBLATE_FLAGS}]"

# Adjust configuration
if [ "$DO_DIFF" -eq 1 ] ; then
if [ "$DO_DIFF" -eq 1 ]; then
vimdiff "$WEBLATE_DIR/weblate/settings_example.py" "$WEBLATE_DIR/weblate/settings.py"
fi
if [ -z "$WEBLATE_WORKERS" ] ; then
if [ -z "$WEBLATE_WORKERS" ]; then
sed "s@/home/weblate/weblate-env@$WEBLATE_ENV@" "$WEBLATE_DIR/weblate/examples/celery-weblate.conf" > /etc/default/celery-weblate
fi

@ -191,33 +190,33 @@ else
sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" ensure_stats
sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" collectstatic --noinput
sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" compress --force
if ! grep -q UPDATE_LANGUAGES "$WEBLATE_DIR/weblate/settings.py" ; then
if ! grep -q UPDATE_LANGUAGES "$WEBLATE_DIR/weblate/settings.py"; then
sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" setuplang
fi
if [ "$WEBLATE_DIR" = "$WEBLATE_HOME/weblate" ] ; then
if [ "$WEBLATE_DIR" = "$WEBLATE_HOME/weblate" ]; then
sudo -u "$WEBLATE_USERNAME" sh -c "cd $WEBLATE_DIR; $WEBLATE_ENV/bin/weblate compilemessages"
if [ -d "$WEBLATE_HOME/hosted" ] ; then
if [ -d "$WEBLATE_HOME/hosted" ]; then
sudo -u "$WEBLATE_USERNAME" sh -c "cd $WEBLATE_HOME/hosted; $WEBLATE_ENV/bin/weblate compilemessages"
fi
fi
# Track deploy at Sentry
if ! grep -q "SENTRY_TOKEN = ''" "$WEBLATE_DIR/weblate/settings.py" ; then
if ! grep -q "SENTRY_TOKEN = ''" "$WEBLATE_DIR/weblate/settings.py"; then
sudo -u "$WEBLATE_USERNAME" "$WEBLATE_ENV/bin/weblate" sentry_deploy
fi

# Start the services
if [ $LAZY_RESTART -eq 0 ] ; then
if [ $LAZY_RESTART -eq 0 ]; then
systemctl start celery-weblate.service
for WORKER in $WEBLATE_WORKERS ; do
for WORKER in $WEBLATE_WORKERS; do
ssh "root@$WORKER" systemctl start celery-weblate.service
done
systemctl start "$SERVICE"
if [ "$SERVICE" = gunicorn.service ] ; then
if [ "$SERVICE" = gunicorn.service ]; then
systemctl enable gunicorn.socket
fi
else
systemctl restart celery-weblate.service &
for WORKER in $WEBLATE_WORKERS ; do
for WORKER in $WEBLATE_WORKERS; do
ssh "root@$WORKER" systemctl restart celery-weblate.service &
done
systemctl restart "$SERVICE"
@ -225,18 +224,18 @@ else
fi

# Upgrade legal
if [ -d "$WEBLATE_HOME/wllegal" ] ; then
if [ -d "$WEBLATE_HOME/wllegal" ]; then
sudo -u "$USERNAME" sh -c "cd $WEBLATE_HOME/wllegal && git pull"
fi

# Upgrade munin plugin
if [ -d /usr/share/munin/plugins ] ; then
if [ -d /usr/share/munin/plugins ]; then
wget -O - https://raw.githubusercontent.com/WeblateOrg/munin/master/weblate > /usr/share/munin/plugins/weblate
wget -O - https://raw.githubusercontent.com/WeblateOrg/munin/master/ksm > /usr/share/munin/plugins/ksm
fi

# Upgrade fail2ban
if [ -d "$WEBLATE_HOME/fail2ban" ] ; then
if [ -d "$WEBLATE_HOME/fail2ban" ]; then
sudo -u "$USERNAME" sh -c "cd $WEBLATE_HOME/fail2ban && git pull"
# shellcheck disable=SC2086
ln -sf $WEBLATE_HOME/fail2ban/filter.d/* /etc/fail2ban/filter.d/
@ -247,6 +246,6 @@ if [ -d "$WEBLATE_HOME/fail2ban" ] ; then
systemctl reload fail2ban.service
fi

if [ -n "$WEBLATE_WORKERS" ] ; then
if [ -n "$WEBLATE_WORKERS" ]; then
echo "Celery configuration not updated, using remote workers!"
fi