Bump FW to 1.3.0

2023-06-11 22:43:57 +02:00 · 2023-06-11 22:43:57 +02:00 · 68257a9f01
parent c6304c8f40
commit 68257a9f01
5 changed files with 15 additions and 118 deletions
--- a/roles/music/tasks/main.yml
+++ b/roles/music/tasks/main.yml
@ -42,7 +42,6 @@
  loop:
    - docker-compose.yml.j2
    - conf.env.j2
-    - nginx.conf.j2

 - name: Copy nginx proxy file
  copy:
--- a/roles/music/templates/conf.env.j2
+++ b/roles/music/templates/conf.env.j2
@ -16,7 +16,8 @@ CACHE_URL=redis://funkwhale_redis:6379/0

 STATIC_ROOT={{ funkwhale_static_root }}
 MUSIC_DIRECTORY_PATH={{ funkwhale_import_music_directory }}
-FUNKWHALE_FRONTEND_PATH={{ funkwhale_frontend }}
+# Dummy value for front container ; we have S3
+MEDIA_ROOT=/media

 DJANGO_SETTINGS_MODULE=config.settings.production
 DJANGO_SECRET_KEY={{ funkwhale_secret_key }}
@ -35,3 +36,5 @@ AWS_DEFAULT_ACL=public-read

 THROTTLING_ENABLED=false
 EXTERNAL_REQUESTS_TIMEOUT=30
+
+NGINX_MAX_BODY_SIZE=500M
--- a/roles/music/templates/docker-compose.yml.j2
+++ b/roles/music/templates/docker-compose.yml.j2
@ -11,14 +11,12 @@ volumes:
    name: funkwhale_redis
  db:
    name: funkwhale_db
-  frontend:
-    name: funkwhale_frontend
  static:
    name: funkwhale_static

 services:
  celeryworker:
-    image: "funkwhale/funkwhale:{{ funkwhale_version }}"
+    image: "funkwhale/api:{{ funkwhale_version }}"
    container_name: funkwhale_celeryworker
    env_file:
      - ./conf.env
@ -28,29 +26,28 @@ services:
      - "{{ funkwhale_import_music_directory_host }}:{{ funkwhale_import_music_directory }}:ro"
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
-    command: celery -A funkwhale_api.taskapp worker -l INFO
+    command: celery -A funkwhale_api.taskapp worker -l INFO --concurrency=10
    networks:
      - db
    restart: unless-stopped

  celerybeat:
-    image: "funkwhale/funkwhale:{{ funkwhale_version }}"
+    image: "funkwhale/api:{{ funkwhale_version }}"
    container_name: funkwhale_celerybeat
    env_file: ./conf.env
-    command: celery -A funkwhale_api.taskapp beat --pidfile= -l INFO
+    command: celery -A funkwhale_api.taskapp beat -l INFO
    networks:
      - db
    restart: unless-stopped

  api:
-    image: "funkwhale/funkwhale:{{ funkwhale_version }}"
+    image: "funkwhale/api:{{ funkwhale_version }}"
    container_name: funkwhale_api
    env_file:
      - ./conf.env
    volumes:
      - "{{ funkwhale_import_music_directory_host }}:{{ funkwhale_import_music_directory }}:ro"
      - "static:{{ funkwhale_static_root }}"
-      - "frontend:{{ funkwhale_frontend }}"
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
@ -63,16 +60,13 @@ services:
      - db
    restart: unless-stopped

-  nginx:
-    image: nginx
-    container_name: funkwhale_nginx
+  front:
+    image: funkwhale/front:{{ funkwhale_version }}
+    container_name: funkwhale_front
    env_file: ./conf.env
    volumes:
-      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro
-      - ./funkwhale_proxy.conf:/etc/nginx/funkwhale_proxy.conf:ro
      - "{{ funkwhale_import_music_directory_host }}:{{ funkwhale_import_music_directory }}:ro"
-      - "static:{{ funkwhale_static_root }}"
-      - "frontend:{{ funkwhale_frontend }}"
+      - "static:/usr/share/nginx/html/staticfiles:ro"
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro
    labels:
--- a/roles/music/templates/nginx.conf.j2
+++ b/roles/music/templates/nginx.conf.j2
@ -1,98 +0,0 @@
-upstream funkwhale-api {
-    # depending on your setup, you may want to update this
-    server funkwhale_api:{{ funkwhale_api_port }};
-}
-
-
-# required for websocket support
-map $http_upgrade $connection_upgrade {
-    default upgrade;
-    ''      close;
-}
-
-server {
-    listen {{ funkwhale_nginx_port }};
-    server_name {{ funkwhale_subdomain }}.{{ domain_name }};
-
-    # TLS
-    # Feel free to use your own configuration for SSL here or simply remove the
-    # lines and move the configuration to the previous server block if you
-    # don't want to run funkwhale behind https (this is not recommended)
-    # have a look here for let's encrypt configuration:
-    # https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx
-
-    root {{ funkwhale_frontend }};
-
-    # If you are using S3 to host your files, remember to add your S3 URL to the
-    # media-src and img-src headers (e.g. img-src 'self' https://<your-S3-URL> data:)
-
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://s3.fr-par.scw.cloud data:; font-src 'self' data:; object-src 'none'; media-src 'self' https://s3.fr-par.scw.cloud data:";
-    add_header Referrer-Policy "strict-origin-when-cross-origin";
-
-
-    location / {
-        include /etc/nginx/funkwhale_proxy.conf;
-        # this is needed if you have file import via upload enabled
-        client_max_body_size {{ nginx_max_body_size }};
-        proxy_pass   http://funkwhale-api/;
-    }
-
-    location /front/ {
-        add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
-        add_header Referrer-Policy "strict-origin-when-cross-origin";
-        add_header Service-Worker-Allowed "/";
-        add_header X-Frame-Options "ALLOW";
-        alias /frontend/;
-        expires 30d;
-        add_header Pragma public;
-        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
-    }
-
-    location /front/embed.html {
-        add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:";
-        add_header Referrer-Policy "strict-origin-when-cross-origin";
-
-        add_header X-Frame-Options "ALLOW";
-        alias /frontend/embed.html;
-        expires 30d;
-        add_header Pragma public;
-        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
-    }
-
-    location /federation/ {
-        include /etc/nginx/funkwhale_proxy.conf;
-        proxy_pass   http://funkwhale-api/federation/;
-    }
-
-    # You can comment this if you do not plan to use the Subsonic API
-    location /rest/ {
-        include /etc/nginx/funkwhale_proxy.conf;
-        proxy_pass   http://funkwhale-api/api/subsonic/rest/;
-    }
-
-    location /.well-known/ {
-        include /etc/nginx/funkwhale_proxy.conf;
-        proxy_pass   http://funkwhale-api/.well-known/;
-    }
-
-    location ~ /_protected/media/(.+) {
-       internal;
-       # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932
-       proxy_set_header Authorization "";
-       proxy_pass $1;
-    }
-
-    location /_protected/music {
-        # this is an internal location that is used to serve
-        # audio files once correct permission / authentication
-        # has been checked on API side
-        # Set this to the same value as your MUSIC_DIRECTORY_PATH setting
-        internal;
-        alias   {{ funkwhale_import_music_directory }};
-    }
-
-    location /staticfiles/ {
-        # django static files
-        alias {{ funkwhale_static_root }}/;
-    }
-}
--- a/roles/music/vars/main.yml
+++ b/roles/music/vars/main.yml
@ -1,14 +1,13 @@
-funkwhale_version: 1.2.10
+funkwhale_version: 1.3.0
 funkwhale_api_port: 5000
 funkwhale_nginx_port: 80
 funkwhale_static_root: /static
 funkwhale_import_music_directory: /import
 funkwhale_import_music_directory_host: "{{ funkwhale_folder_name }}/import"
 funkwhale_folder_name: "{{ docker_files }}/funkwhale"
-funkwhale_frontend: /frontend
 funkwhale_subdomain: music
 nginx_max_body_size: 100M
-postgres_version: 13
+postgres_version: 15
 redis_version: 6
 deemix_folder_path: /home/{{ base_user_name }}/deemix
 deemix_songs_path: "{{ deemix_folder_path }}/songs"