Weblate/scripts
2
0
Fork 0
mirror of https://gh.llkk.cc/https://github.com/WeblateOrg/scripts.git synced 2025-10-03 15:01:00 +08:00
Code Issues Projects Packages Wiki Activity Actions 3
scripts/install-weblate-docker
Michal Čihař 8e62db5f12 disable machinery install without cert 
This is needed for CI
2023-06-16 13:54:08 +02:00

261 lines
7.7 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
set -e
# shellcheck disable=SC1091
. /etc/weblate-bootstrap
if [ "$1" = "--nocert" ] ; then
CERT=0
shift
else
CERT=1
fi
if [ "$1" = "--nomail" ] ; then
IGNORE_CHECKS=,weblate.E003
shift
else
IGNORE_CHECKS=""
fi
if [ "$1" = "--migrate" ] ; then
MIGRATE=1
CERT=0
shift
else
MIGRATE=0
fi
if [ "$MIGRATE" -eq 0 ] ; then
adduser weblate --disabled-password --gecos Weblate
fi
usermod --append --groups adm weblate
usermod --append --groups docker weblate
WEBLATE_HOME=~weblate
WEBLATE_DOCKER="$WEBLATE_HOME/weblate"
# Legal stuff
sudo -u weblate git clone https://github.com/WeblateOrg/wllegal.git $WEBLATE_HOME/wllegal
cd /tmp
apt-get update
apt-get install --no-install-recommends -y\
fail2ban python3-pyinotify python3-systemd \
rsyslog \
nginx \
openssh-client \
python3-certbot-nginx
# SSL cert
if [ "$CERT" -eq 1 ] ; then
certbot --agree-tos --email care@weblate.org --redirect --no-eff-email -d "$WEBLATE_DOMAIN"
fi
# Enable http/2
sed -i -e 's/ssl;/ssl http2;/' -e 's/ssl ipv6only=on/ssl ipv6only=on http2/' /etc/nginx/sites-available/default
if [ "$MIGRATE" -eq 0 ] ; then
# Enable status locally
sed -i '/server_name _/a location = /nginx_status {\n stub_status;\n}' /etc/nginx/sites-available/default
fi
# Hide server version
sed -i 's/# server_tokens off/server_tokens off/' /etc/nginx/nginx.conf
# Weblate nginx snippet
cat > /etc/nginx/snippets/weblate.conf <<EOT
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host \$host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host \$server_name;
}
client_max_body_size 200m;
error_page 500 502 504 /weblate_50x.html;
error_page 503 /weblate_503.html;
location = /weblate_503.html {
root $WEBLATE_HOME/wllegal/wllegal/templates;
internal;
}
location = /weblate_50x.html {
root $WEBLATE_HOME/wllegal/wllegal/templates;
internal;
}
access_log /var/log/nginx/matomo.log matomo;
access_log /var/log/nginx/access.log;
EOT
cat > /etc/nginx/conf.d/matomo.conf <<EOT
log_format matomo '{"ip": "\$remote_addr",'
'"host": "\$host",'
'"path": "\$request_uri",'
'"status": "\$status",'
'"referrer": "\$http_referer",'
'"user_agent": "\$http_user_agent",'
'"length": \$bytes_sent,'
'"generation_time_milli": \$request_time,'
'"date": "\$time_iso8601"}';
EOT
if [ "$MIGRATE" -eq 0 ] ; then
# Insert include after first server_name stanza
sed -i "0,/server_name $WEBLATE_DOMAIN.*/s//&\\ninclude snippets\/weblate.conf;/" /etc/nginx/sites-available/default
# Delete default location, replaced by snippet
sed -i ':a;N;$!ba;s/\(snippets\/weblate.conf;\)[^}]*}/\1/g' /etc/nginx/sites-available/default
fi
systemctl enable nginx.service
systemctl restart nginx.service
# Matomo
if [ ! -d "$WEBLATE_HOME/matomo-log-analytics" ] ; then
sudo -u weblate git clone https://github.com/matomo-org/matomo-log-analytics.git "$WEBLATE_HOME/matomo-log-analytics"
cat > $WEBLATE_HOME/run-matomo.sh <<EOT
#!/bin/sh
/usr/bin/python3 \
$WEBLATE_HOME/matomo-log-analytics/import_logs.py \
--url=https://stats.cihar.com \
--enable-http-errors \
--idsite=$MATOMO_SITE \
--token-auth=$MATOMO_TOKEN \
/var/log/nginx/matomo.log.1
EOT
chmod +x $WEBLATE_HOME/run-matomo.sh
chown weblate:weblate $WEBLATE_HOME/run-matomo.sh
fi
# Always randomize cron job
echo "$(( RANDOM % 60 )) 7 * * * $WEBLATE_HOME/run-matomo.sh | logger -t matomo" > /tmp/weblate-cron
crontab /tmp/weblate-cron
rm /tmp/weblate-cron
# Fail2ban
if [ ! -d "$WEBLATE_HOME/fail2ban" ] ; then
sudo -u weblate git clone https://github.com/WeblateOrg/fail2ban.git $WEBLATE_HOME/fail2ban
ln -s $WEBLATE_HOME/fail2ban/filter.d/* /etc/fail2ban/filter.d/
ln -s $WEBLATE_HOME/fail2ban/jail.d/* /etc/fail2ban/jail.d/
systemctl restart fail2ban.service
fi
# Install Weblate dirs
mkdir -p "$WEBLATE_DOCKER" "$WEBLATE_HOME/cache" "$WEBLATE_HOME/data" "$WEBLATE_HOME/postgresql" "$WEBLATE_HOME/redis"
# Go to the docker dir
cd "$WEBLATE_DOCKER"
curl -fsSL https://raw.githubusercontent.com/WeblateOrg/docker-compose/main/docker-compose.yml > docker-compose.yml
curl -fsSL https://raw.githubusercontent.com/WeblateOrg/docker-compose/main/environment > environment
cat > docker-compose.override.yml <<EOT
services:
weblate:
image: weblate/weblate:edge
ports:
- 127.0.0.1:8080:8080
database:
ports:
- 127.0.0.1:5432:5432
cache:
ports:
- 127.0.0.1:6379:6379
volumes:
weblate-data:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '$WEBLATE_HOME/data'
weblate-cache:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '$WEBLATE_HOME/cache'
postgres-data:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '$WEBLATE_HOME/postgresql'
redis-data:
driver: local
driver_opts:
type: 'none'
o: 'bind'
device: '$WEBLATE_HOME/redis'
EOT
cat >> environment <<EOT
# E-mail setup
WEBLATE_EMAIL_HOST=mail.cihar.com
WEBLATE_EMAIL_PORT=587
WEBLATE_EMAIL_HOST_USER=$WEBLATE_DOMAIN
WEBLATE_EMAIL_HOST_PASSWORD=$EXIM_PASS
WEBLATE_EMAIL_USE_TLS=1
# Hosted customization
WEBLATE_SERVER_EMAIL=noreply@weblate.org
WEBLATE_DEFAULT_FROM_EMAIL=noreply@weblate.org
WEBLATE_SITE_TITLE="$WEBLATE_TITLE"
WEBLATE_SITE_DOMAIN="$WEBLATE_DOMAIN"
WEBLATE_ADMIN_NAME='Michal Čihař'
WEBLATE_ADMIN_EMAIL='michal@cihar.com'
WEBLATE_DEFAULT_COMMITER_EMAIL='hosted@weblate.org'
WEBLATE_DEFAULT_COMMITER_NAME='Hosted Weblate'
WEBLATE_STATUS_URL="https://status.weblate.org/"
WEBLATE_GET_HELP_URL="https://care.weblate.org/"
WEBLATE_CONTACT_FORM="from"
WEBLATE_ADMINS_CONTACT='care@weblate.org'
WEBLATE_SILENCED_SYSTEM_CHECKS=weblate.E012,weblate.E013$IGNORE_CHECKS
# Sentry integration
SENTRY_DSN="$WEBLATE_SENTRY"
SENTRY_TOKEN="$WEBLATE_SENTRY_TOKEN"
SENTRY_TRACES_SAMPLE_RATE="0.1"
# Registration
WEBLATE_REGISTRATION_OPEN=0
WEBLATE_REQUIRE_LOGIN=1
WEBLATE_LEGAL_INTEGRATION=wllegal
# SSL
WEBLATE_ENABLE_HTTPS=1
WEBLATE_IP_PROXY_HEADER=HTTP_X_FORWARDED_FOR
EOT
# Fix permissions
chown -R weblate:weblate $WEBLATE_HOME
# Fetch Weblate containers
sudo -u weblate docker compose pull
if [ "$MIGRATE" -eq 1 ] ; then
exit 0
fi
# Start Weblate
sudo -u weblate docker compose up -d --wait
# Show logs
sudo -u weblate docker compose logs
# Track deploy to Sentry
if [ -n "$WEBLATE_SENTRY_TOKEN" ] ; then
sudo -u weblate docker compose exec --user weblate weblate weblate sentry_deploy
fi
# Create admin user
if [ -n "$WEBLATE_PASSWORD" ] ; then
sudo -u weblate docker compose exec --user weblate weblate weblate createadmin --username nijel --email michal@cihar.com --name 'Michal Čihař' --password "$WEBLATE_PASSWORD" --update
fi
# Machinery configuration
if [ "$CERT" -eq 1 ] ; then
sudo -u weblate docker compose exec --user weblate weblate weblate install_machinery --service libretranslate --configuration '{"key": "", "url": "http://172.16.0.9:5000/"}'
sudo -u weblate docker compose exec --user weblate weblate weblate install_machinery --service apertium-apy --configuration '{"url": "http://172.16.0.9:2737/"}'
fi
# Check
sudo -u weblate docker compose exec --user weblate weblate weblate check --deploy
Reference in a new issue View git blame Copy permalink