Compare commits
1 commit
main
...
ada/gorele
Author | SHA1 | Date | |
---|---|---|---|
8458ad116a |
15 changed files with 180 additions and 58 deletions
2
.env
2
.env
|
@ -1,4 +1,4 @@
|
|||
PLAKKEN_LISTEN=:5000
|
||||
PLAKKEN_LISTEN=:3000
|
||||
PLAKKEN_REDIS_ADDRESS=localhost:6379
|
||||
PLAKKEN_REDIS_USER=
|
||||
PLAKKEN_REDIS_PASSWORD=
|
||||
|
|
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -22,3 +22,5 @@ plakken
|
|||
# Go workspace file
|
||||
go.work
|
||||
.idea/discord.xml
|
||||
|
||||
dist/
|
||||
|
|
69
.goreleaser.yaml
Normal file
69
.goreleaser.yaml
Normal file
|
@ -0,0 +1,69 @@
|
|||
gitea_urls:
|
||||
api: https://git.gnous.eu/api/v1
|
||||
download: https://git.gnous.eu
|
||||
skip_tls_verify: false
|
||||
|
||||
before:
|
||||
hooks:
|
||||
# You may remove this if you don't use go modules.
|
||||
- go mod tidy
|
||||
|
||||
builds:
|
||||
-
|
||||
env:
|
||||
- CGO_ENABLED=0
|
||||
goos:
|
||||
- linux
|
||||
- windows
|
||||
- darwin
|
||||
goarch:
|
||||
- amd64
|
||||
- arm64
|
||||
binary: plakken
|
||||
id: plakken
|
||||
|
||||
archives:
|
||||
- format: tar.gz
|
||||
format_overrides:
|
||||
-
|
||||
goos: windows
|
||||
format: zip
|
||||
|
||||
nfpms:
|
||||
-
|
||||
id: plakken
|
||||
package_name: plakken
|
||||
file_name_template: "{{ .ConventionalFileName }}"
|
||||
vendor: GnousEU
|
||||
homepage: https://git.gnous.eu/plakken/
|
||||
maintainer: GnousEU <contact@gnous.eu>
|
||||
description: A light paste server
|
||||
license: AGPLv3
|
||||
formats:
|
||||
- deb
|
||||
- rpm
|
||||
- archlinux
|
||||
umask: 0o002
|
||||
provides:
|
||||
- plakken
|
||||
suggests:
|
||||
- redis
|
||||
contents:
|
||||
- src: .env
|
||||
dst: /etc/plakken/env
|
||||
- src: plakken.service
|
||||
dst: /usr/lib/systemd/system/plakken.service
|
||||
scripts:
|
||||
preinstall: "deployment/goreleaser/preinstall.sh"
|
||||
preremove: "deployment/goreleaser/preremove.sh"
|
||||
postremove: "deployment/goreleaser/postremove.sh"
|
||||
|
||||
checksum:
|
||||
algorithm: sha256
|
||||
|
||||
changelog:
|
||||
sort: asc
|
||||
filters:
|
||||
exclude:
|
||||
- "^docs:"
|
||||
- "^test:"
|
|
@ -4,9 +4,9 @@ steps:
|
|||
settings:
|
||||
repo: git.gnous.eu/${CI_REPO_OWNER}/plakken
|
||||
dockerfile: deployment/docker/Dockerfile
|
||||
platforms: linux/amd64,linux/arm64/v8,linux/arm
|
||||
platforms: linux/amd64,linux/arm64/v8
|
||||
registry: https://git.gnous.eu
|
||||
tag: ${CI_COMMIT}
|
||||
tag: ${CI_COMMIT_SHA}
|
||||
username:
|
||||
from_secret: docker_username
|
||||
password:
|
||||
|
@ -14,19 +14,4 @@ steps:
|
|||
when:
|
||||
branch: ${CI_REPO_DEFAULT_BRANCH}
|
||||
event: push
|
||||
- name: publish_image_tag
|
||||
image: woodpeckerci/plugin-docker-buildx
|
||||
settings:
|
||||
repo: git.gnous.eu/${CI_REPO_OWNER}/plakken
|
||||
dockerfile: deployment/docker/Dockerfile
|
||||
platforms: linux/amd64,linux/arm64/v8,linux/arm
|
||||
registry: https://git.gnous.eu
|
||||
tags:
|
||||
- ${CI_COMMIT_TAG##v} # Remove v from tag
|
||||
- stable
|
||||
username:
|
||||
from_secret: docker_username
|
||||
password:
|
||||
from_secret: docker_password
|
||||
when:
|
||||
event: tag
|
||||
repo: gnouseu/plakken
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
steps:
|
||||
lint:
|
||||
image: golang:1.23
|
||||
image: golang:1.22
|
||||
commands:
|
||||
- go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
|
||||
- golangci-lint run
|
||||
|
@ -8,4 +8,4 @@ steps:
|
|||
- event: pull_request
|
||||
repo: gnouseu/plakken
|
||||
- event: push
|
||||
branch: main
|
||||
branch: ${CI_REPO_DEFAULT_BRANCH}
|
|
@ -1,24 +1,29 @@
|
|||
steps:
|
||||
- name: Build
|
||||
image: golang:1.23
|
||||
- name: Release
|
||||
image: golang:1.22
|
||||
commands:
|
||||
- go mod download
|
||||
- CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-w -s" -o plakken-linux-amd64 # Enable static binary, target Linux, remove debug information and strip binary
|
||||
- CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "-w -s" -o plakken-linux-arm64
|
||||
- CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -ldflags "-w -s" -o plakken-linux-arm
|
||||
- CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-w -s" -o plakken-windows-amd64.exe
|
||||
- CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "-w -s" -o plakken-windows-arm64.exe
|
||||
- CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -ldflags "-w -s" -o plakken-windows-arm.exe
|
||||
- go install github.com/goreleaser/goreleaser@latest
|
||||
- goreleaser release
|
||||
secrets: [ gitea_token ]
|
||||
when:
|
||||
event: tag
|
||||
- name: Release
|
||||
image: woodpeckerci/plugin-gitea-release
|
||||
repo: gnouseu/plakken
|
||||
depends_on: []
|
||||
- name: publish_image_tag
|
||||
image: woodpeckerci/plugin-docker-buildx
|
||||
settings:
|
||||
base_url: https://git.gnous.eu
|
||||
files:
|
||||
- "plakken*"
|
||||
api_key:
|
||||
from_secret: release_token
|
||||
target: main
|
||||
repo: git.gnous.eu/${CI_REPO_OWNER}/plakken
|
||||
dockerfile: deployment/docker/Dockerfile
|
||||
platforms: linux/amd64,linux/arm64/v8
|
||||
registry: https://git.gnous.eu
|
||||
tags:
|
||||
- ${CI_COMMIT_TAG##v} # Remove v from tag
|
||||
- stable
|
||||
username:
|
||||
from_secret: docker_username
|
||||
password:
|
||||
from_secret: docker_password
|
||||
when:
|
||||
event: tag
|
||||
event: tag
|
||||
repo: gnouseu/plakken
|
||||
depends_on: []
|
|
@ -1,5 +1,5 @@
|
|||
# Build
|
||||
FROM golang:1.23 AS build
|
||||
FROM golang:1.22 AS build
|
||||
|
||||
WORKDIR /build
|
||||
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
version: "3"
|
||||
|
||||
networks:
|
||||
plakken:
|
||||
external: false
|
||||
|
@ -7,8 +5,8 @@ networks:
|
|||
services:
|
||||
server:
|
||||
build:
|
||||
context: ../
|
||||
dockerfile: docker/Dockerfile
|
||||
context: ../../
|
||||
dockerfile: deployment/docker/Dockerfile
|
||||
restart: always
|
||||
container_name: plakken
|
||||
networks:
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
version: "3"
|
||||
|
||||
networks:
|
||||
plakken:
|
||||
external: false
|
||||
|
@ -20,7 +18,6 @@ services:
|
|||
- "3000:3000"
|
||||
environment:
|
||||
- PLAKKEN_REDIS_ADDRESS=redis:6379
|
||||
- POSTGRES_PASSWORD=gitea
|
||||
- PLAKKEN_REDIS_DB=0
|
||||
- PLAKKEN_URL_LENGTH=5
|
||||
depends_on:
|
||||
|
|
7
deployment/goreleaser/postremove.sh
Normal file
7
deployment/goreleaser/postremove.sh
Normal file
|
@ -0,0 +1,7 @@
|
|||
if getent passwd plakken > /dev/null; then
|
||||
userdel -r plakken
|
||||
fi
|
||||
|
||||
if getent group plakken > /dev/null; then
|
||||
groupdel plakken
|
||||
fi
|
12
deployment/goreleaser/preinstall.sh
Normal file
12
deployment/goreleaser/preinstall.sh
Normal file
|
@ -0,0 +1,12 @@
|
|||
if ! getent group plakken > /dev/null; then
|
||||
groupadd -r plakken
|
||||
fi
|
||||
|
||||
if ! getent passwd plakken > /dev/null; then
|
||||
useradd -r -d /var/lib/plakken -s /sbin/nologin -g plakken -c "Plakken server" plakken
|
||||
fi
|
||||
if ! test -d /var/lib/plakken; then
|
||||
mkdir -p /var/lib/plakken
|
||||
chmod 0750 /var/lib/plakken
|
||||
chown -R plakken:plakken /var/lib/plakken
|
||||
fi
|
1
deployment/goreleaser/preremove.sh
Normal file
1
deployment/goreleaser/preremove.sh
Normal file
|
@ -0,0 +1 @@
|
|||
systemctl stop plakken
|
6
go.mod
6
go.mod
|
@ -4,12 +4,12 @@ go 1.22
|
|||
|
||||
require (
|
||||
github.com/joho/godotenv v1.5.1
|
||||
github.com/redis/go-redis/v9 v9.6.1
|
||||
golang.org/x/crypto v0.27.0
|
||||
github.com/redis/go-redis/v9 v9.5.1
|
||||
golang.org/x/crypto v0.23.0
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/cespare/xxhash/v2 v2.3.0 // indirect
|
||||
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
|
||||
golang.org/x/sys v0.25.0 // indirect
|
||||
golang.org/x/sys v0.20.0 // indirect
|
||||
)
|
||||
|
|
8
go.sum
8
go.sum
|
@ -10,15 +10,7 @@ github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
|
|||
github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
|
||||
github.com/redis/go-redis/v9 v9.5.1 h1:H1X4D3yHPaYrkL5X06Wh6xNVM/pX0Ft4RV0vMGvLBh8=
|
||||
github.com/redis/go-redis/v9 v9.5.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
|
||||
github.com/redis/go-redis/v9 v9.5.2 h1:L0L3fcSNReTRGyZ6AqAEN0K56wYeYAwapBIhkvh0f3E=
|
||||
github.com/redis/go-redis/v9 v9.5.2/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
|
||||
github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4=
|
||||
github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA=
|
||||
golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
|
||||
golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
|
||||
golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
|
||||
golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
|
||||
golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
|
||||
golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
|
||||
golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
|
|
54
plakken.service
Normal file
54
plakken.service
Normal file
|
@ -0,0 +1,54 @@
|
|||
# /usr/lib/systemd/system/plakken.service
|
||||
[Unit]
|
||||
Description=A paste server
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=plakken
|
||||
|
||||
ExecStart=/usr/bin/plakken
|
||||
|
||||
|
||||
EnvironmentFile=/etc/plakken/env
|
||||
|
||||
ProtectSystem=strict
|
||||
ProtectHome=true
|
||||
NoNewPrivileges=yes
|
||||
RestrictNamespaces=true
|
||||
PrivateTmp=true
|
||||
PrivateDevices=true
|
||||
PrivateUsers=true
|
||||
ProtectClock=true
|
||||
ProtectControlGroups=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectKernelLogs=true
|
||||
ProtectKernelModules=true
|
||||
LockPersonality=true
|
||||
RestrictSUIDSGID=true
|
||||
RemoveIPC=true
|
||||
RestrictRealtime=true
|
||||
SystemCallArchitectures=native
|
||||
MemoryDenyWriteExecute=true
|
||||
UMask=177
|
||||
ProtectProc=invisible
|
||||
CapabilityBoundingSet=
|
||||
ProtectHostname=true
|
||||
RestrictAddressFamilies=~AF_(INET|INET6)
|
||||
RestrictAddressFamilies=~…
|
||||
RestrictAddressFamilies=~AF_UNIX
|
||||
RestrictAddressFamilies=~AF_NETLINK
|
||||
RestrictAddressFamilies=~AF_PACKET
|
||||
SystemCallFilter=~@reboot
|
||||
SystemCallFilter=~@obsolete
|
||||
SystemCallFilter=~@mount
|
||||
SystemCallFilter=~@module
|
||||
SystemCallFilter=~@debug
|
||||
SystemCallFilter=~@cpu-emulation
|
||||
SystemCallFilter=~@clock
|
||||
SystemCallFilter=~@swap
|
||||
SystemCallFilter=~@privileged
|
||||
ProcSubset=pid
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
Loading…
Reference in a new issue