mirror of
https://gh.llkk.cc/https://github.com/WeblateOrg/scripts.git
synced 2025-10-03 15:01:00 +08:00
220 lines
7.6 KiB
Bash
Executable file
220 lines
7.6 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
# shellcheck disable=SC1091
|
|
. /etc/weblate-bootstrap
|
|
|
|
cd /tmp
|
|
|
|
# Install deps
|
|
apt-get update
|
|
apt-get install --no-install-recommends -y build-essential \
|
|
certbot \
|
|
curl \
|
|
cython3 \
|
|
fail2ban python3-pyinotify python3-systemd \
|
|
g++ \
|
|
gcc \
|
|
gettext \
|
|
gir1.2-pango-1.0 \
|
|
gir1.2-rsvg-2.0 \
|
|
git \
|
|
git-svn \
|
|
git-lfs \
|
|
gnupg \
|
|
libcairo2-dev \
|
|
libenchant-2-2 \
|
|
libfreetype6-dev \
|
|
libgirepository1.0-dev \
|
|
libjpeg-dev \
|
|
libldap2-dev \
|
|
libleptonica-dev \
|
|
libsasl2-dev \
|
|
libssl-dev \
|
|
libtesseract-dev \
|
|
libxml2-dev \
|
|
libxmlsec1-dev \
|
|
libxslt1-dev \
|
|
libyaml-dev \
|
|
libacl1-dev \
|
|
zlib1g-dev \
|
|
liblz4-dev \
|
|
libzstd-dev \
|
|
libxxhash-dev \
|
|
nginx \
|
|
openssh-client \
|
|
pkg-config \
|
|
postgresql-client \
|
|
python3-certbot-nginx \
|
|
python3-dev \
|
|
python3-gdbm \
|
|
python3-pip \
|
|
python3-virtualenv \
|
|
redis-server \
|
|
rsync \
|
|
subversion \
|
|
tesseract-ocr \
|
|
virtualenv \
|
|
uwsgi \
|
|
uwsgi-plugin-python3
|
|
|
|
# Install ruby deps for licesee
|
|
apt-get install -y \
|
|
ruby bundler cmake pkg-config git libssl-dev ruby-dev
|
|
|
|
# Add user
|
|
adduser weblate --disabled-password --gecos Weblate
|
|
usermod --append --groups adm weblate
|
|
|
|
WEBLATE_HOME=~weblate
|
|
|
|
# Install Weblate and deps
|
|
sudo -u weblate virtualenv --python=python3 "$WEBLATE_HOME/weblate-env"
|
|
sudo -u weblate "$WEBLATE_HOME/weblate-env/bin/pip" install "Weblate[all,zxcvbn,wsgi]$WEBLATE_VERSION" wllegal 'pygobject<3.52'
|
|
|
|
PYVER=$(python3 -c 'import sys; print("{}.{}".format(*sys.version_info[:2]))')
|
|
|
|
SETTINGS_PY="$WEBLATE_HOME/weblate-env/lib/python$PYVER/site-packages/weblate/settings.py"
|
|
|
|
# Configure Weblate
|
|
sudo -u weblate cp "$WEBLATE_HOME/weblate-env/lib/python$PYVER/site-packages/weblate/settings_example.py" "$SETTINGS_PY"
|
|
|
|
# shellcheck disable=SC1004
|
|
sed -i \
|
|
-e "s#^DATA_DIR.*#DATA_DIR = \"$WEBLATE_HOME/data\"#" \
|
|
-e 's#^ENABLE_HTTPS.*#ENABLE_HTTPS = True#' \
|
|
-e 's#^SERVER_EMAIL.*#SERVER_EMAIL = "noreply@weblate.org"#' \
|
|
-e 's#^DEFAULT_FROM_EMAIL.*#DEFAULT_FROM_EMAIL = "noreply@weblate.org"#' \
|
|
-e "s#^SECRET_KEY.*#SECRET_KEY = '$WEBLATE_SECRET'#" \
|
|
-e "s#^SITE_TITLE.*#SITE_TITLE = '$WEBLATE_TITLE'#" \
|
|
-e "s#^SITE_DOMAIN.*#SITE_DOMAIN = '$WEBLATE_DOMAIN'#" \
|
|
-e "s#^SENTRY_DSN.*#SENTRY_DSN = '$WEBLATE_SENTRY'#" \
|
|
-e "s#^SENTRY_ENVIRONMENT.*#SENTRY_ENVIRONMENT = SITE_DOMAIN#" \
|
|
-e "/HiredisParser/ D" \
|
|
-e "/SENTRY_DSN/ a \
|
|
SENTRY_TOKEN = '$WEBLATE_SENTRY_TOKEN'" \
|
|
-e "s#^ \"PASSWORD\":.*# \"PASSWORD\": '$POSTGRES_PASS',#" \
|
|
-e "s#.*your_email@example.com.*# ('Michal Čihař', 'michal@cihar.com'),#" \
|
|
-e '/social_core.pipeline.social_auth.load_extra_data/ a \
|
|
"weblate.legal.pipeline.tos_confirm",' \
|
|
-e '/weblate.middleware.SecurityMiddleware/ a \
|
|
"weblate.legal.middleware.RequireTOSMiddleware",' \
|
|
-e '/weblate.gitexport/ a \
|
|
"wllegal",' \
|
|
-e '/weblate.gitexport/ a \
|
|
"weblate.legal",' \
|
|
-e 's#^MT_APERTIUM_APY.*#MT_APERTIUM_APY = "http://172.16.0.9:2737/"#' \
|
|
-e 's/^# MT_SERVICES/MT_SERVICES/' \
|
|
-e 's/^# "weblate.machinery.apertium./ "weblate.machinery.apertium./' \
|
|
-e 's/^# "weblate.machinery.weblatetm./ "weblate.machinery.weblatetm./' \
|
|
-e 's/^# "weblate.memory.machine/ "weblate.memory.machine/' \
|
|
-e 's/^DEBUG =.*/DEBUG = False/' \
|
|
-e 's/"admin.E408"/"admin.E408", "weblate.E012", "weblate.E013"/' \
|
|
-e 's/^REGISTRATION_OPEN =.*/REGISTRATION_OPEN = False/' \
|
|
-e 's/^REQUIRE_LOGIN =.*/REQUIRE_LOGIN = True/' \
|
|
-e 's/^COMPRESS_OFFLINE =.*/COMPRESS_OFFLINE = True/' \
|
|
-e 's/# "weblate.machinery.apertium.ApertiumAPYTranslation",/"weblate.machinery.apertium.ApertiumAPYTranslation",/' \
|
|
"$SETTINGS_PY"
|
|
|
|
cat << EOT >> "$SETTINGS_PY"
|
|
|
|
# Hosted customization
|
|
ADMINS_CONTACT = ['care@weblate.org']
|
|
DEFAULT_COMMITER_EMAIL = 'hosted@weblate.org'
|
|
DEFAULT_COMMITER_NAME = 'Hosted Weblate'
|
|
STATUS_URL = "https://status.weblate.org/"
|
|
GET_HELP_URL = "https://care.weblate.org/"
|
|
CONTACT_FORM = "from"
|
|
EOT
|
|
|
|
# Fill the database
|
|
sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate migrate
|
|
if [ -n "$WEBLATE_PASSWORD" ]; then
|
|
sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate createadmin --username nijel --email michal@cihar.com --name 'Michal Čihař' --password "$WEBLATE_PASSWORD"
|
|
else
|
|
sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate createadmin --username nijel --email michal@cihar.com --name 'Michal Čihař'
|
|
fi
|
|
sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate collectstatic --noinput
|
|
sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate compress --force
|
|
# Track deploy at Sentry
|
|
if ! grep -q "SENTRY_TOKEN = ''" "$SETTINGS_PY"; then
|
|
sudo -u weblate "$WEBLATE_HOME/weblate-env/bin/weblate" sentry_deploy
|
|
fi
|
|
|
|
# Celery and uwsgi
|
|
cd "$WEBLATE_HOME/weblate-env/lib/python$PYVER/site-packages/weblate/examples/"
|
|
cp celery-weblate.logrotate /etc/logrotate.d/
|
|
cp celery-weblate.service /etc/systemd/system/
|
|
cp celery-weblate.conf /etc/default/celery-weblate
|
|
cp weblate.uwsgi.ini /etc/uwsgi/apps-available/weblate.ini
|
|
systemctl daemon-reload
|
|
systemctl enable celery-weblate.service
|
|
systemctl start celery-weblate.service
|
|
ln -s ../apps-available/weblate.ini /etc/uwsgi/apps-enabled/
|
|
systemctl restart uwsgi.service
|
|
|
|
# SSL cert
|
|
if [ "$1" != "--nocert" ]; then
|
|
certbot --agree-tos --email care@weblate.org --redirect --no-eff-email -d "$WEBLATE_DOMAIN"
|
|
fi
|
|
|
|
# Enable http/2
|
|
sed -i -e 's/ssl;/ssl http2;/' -e 's/ssl ipv6only=on/ssl ipv6only=on http2/' /etc/nginx/sites-available/default
|
|
# Enable status locally
|
|
sed -i '/server_name _/a location = /nginx_status {\n stub_status;\n}' /etc/nginx/sites-available/default
|
|
# Enable compression for js/css
|
|
sed -i 's/^\t# gzip/\tgzip/' /etc/nginx/nginx.conf
|
|
# Hide server version
|
|
sed -i 's/# server_tokens off/server_tokens off/' /etc/nginx/nginx.conf
|
|
# Weblate nginx snippet
|
|
cat > /etc/nginx/snippets/weblate.conf << EOT
|
|
location /static/ {
|
|
# DATA_DIR/static/
|
|
alias $WEBLATE_HOME/data/static/;
|
|
expires 30d;
|
|
}
|
|
|
|
location /media/ {
|
|
# DATA_DIR/media/
|
|
alias $WEBLATE_HOME/data/media/;
|
|
expires 30d;
|
|
}
|
|
|
|
location / {
|
|
include uwsgi_params;
|
|
# Needed for long running operations in admin interface
|
|
uwsgi_read_timeout 3600;
|
|
# Adjust based to uwsgi configuration:
|
|
uwsgi_pass unix:///run/uwsgi/app/weblate/socket;
|
|
# uwsgi_pass 127.0.0.1:8080;
|
|
}
|
|
client_max_body_size 20m;
|
|
error_page 500 502 504 /weblate_50x.html;
|
|
error_page 503 /weblate_503.html;
|
|
location = /weblate_503.html {
|
|
root $WEBLATE_HOME/weblate-env/lib/python$PYVER/site-packages/wllegal/templates;
|
|
internal;
|
|
}
|
|
location = /weblate_50x.html {
|
|
root $WEBLATE_HOME/weblate-env/lib/python$PYVER/site-packages/wllegal/templates;
|
|
internal;
|
|
}
|
|
access_log /var/log/nginx/access.log;
|
|
EOT
|
|
# Insert include after first server_name stanza
|
|
sed -i "0,/server_name $WEBLATE_DOMAIN.*/s//&\\ninclude snippets\/weblate.conf;/" /etc/nginx/sites-available/default
|
|
# Delete default location, replaced by snippet
|
|
sed -i ':a;N;$!ba;s/\(snippets\/weblate.conf;\)[^}]*}/\1/g' /etc/nginx/sites-available/default
|
|
systemctl enable nginx.service
|
|
systemctl restart nginx.service
|
|
|
|
# Licensee
|
|
apt install -y ruby-licensee
|
|
|
|
# Fail2ban
|
|
sudo -u weblate git clone https://github.com/WeblateOrg/fail2ban.git $WEBLATE_HOME/fail2ban
|
|
ln -s $WEBLATE_HOME/fail2ban/filter.d/* /etc/fail2ban/filter.d/
|
|
ln -s $WEBLATE_HOME/fail2ban/jail.d/* /etc/fail2ban/jail.d/
|
|
ln -s $WEBLATE_HOME/fail2ban/action.d/* /etc/fail2ban/action.d/
|
|
systemctl restart fail2ban.service
|
