📦 Add packaging

2024-05-11 17:38:03 +02:00
15 changed files with 180 additions and 58 deletions
--- a/.env
+++ b/.env
@ -1,4 +1,4 @@
-PLAKKEN_LISTEN=:5000
+PLAKKEN_LISTEN=:3000
 PLAKKEN_REDIS_ADDRESS=localhost:6379
 PLAKKEN_REDIS_USER=
 PLAKKEN_REDIS_PASSWORD=
--- a/.gitignore
+++ b/.gitignore
@ -22,3 +22,5 @@ plakken
 # Go workspace file
 go.work
 .idea/discord.xml
+
+dist/
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@ -0,0 +1,69 @@
+gitea_urls:
+  api: https://git.gnous.eu/api/v1
+  download: https://git.gnous.eu
+  skip_tls_verify: false
+
+before:
+  hooks:
+    # You may remove this if you don't use go modules.
+    - go mod tidy
+
+builds:
+  -
+    env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+      - windows
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+    binary: plakken
+    id: plakken
+
+archives:
+  - format: tar.gz
+    format_overrides:
+      -
+        goos: windows
+        format: zip
+
+nfpms:
+  -
+    id: plakken
+    package_name: plakken
+    file_name_template: "{{ .ConventionalFileName }}"
+    vendor: GnousEU
+    homepage: https://git.gnous.eu/plakken/
+    maintainer: GnousEU <contact@gnous.eu>
+    description: A light paste server
+    license: AGPLv3
+    formats:
+      - deb
+      - rpm
+      - archlinux
+    umask: 0o002
+    provides:
+      - plakken
+    suggests:
+      - redis
+    contents:
+      - src: .env
+        dst: /etc/plakken/env
+      - src: plakken.service
+        dst: /usr/lib/systemd/system/plakken.service
+    scripts:
+      preinstall: "deployment/goreleaser/preinstall.sh"
+      preremove: "deployment/goreleaser/preremove.sh"
+      postremove: "deployment/goreleaser/postremove.sh"
+
+checksum:
+  algorithm: sha256
+
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - "^docs:"
+      - "^test:"
--- a/.woodpecker/build.yaml
+++ b/.woodpecker/build.yaml
@ -4,9 +4,9 @@ steps:
    settings:
      repo: git.gnous.eu/${CI_REPO_OWNER}/plakken
      dockerfile: deployment/docker/Dockerfile
-      platforms: linux/amd64,linux/arm64/v8,linux/arm
+      platforms: linux/amd64,linux/arm64/v8
      registry: https://git.gnous.eu
-      tag: ${CI_COMMIT}
+      tag: ${CI_COMMIT_SHA}
      username:
          from_secret: docker_username
      password:
@ -14,19 +14,4 @@ steps:
    when:
      branch: ${CI_REPO_DEFAULT_BRANCH}
      event: push
-  - name: publish_image_tag
-    image: woodpeckerci/plugin-docker-buildx
-    settings:
-      repo: git.gnous.eu/${CI_REPO_OWNER}/plakken
-      dockerfile: deployment/docker/Dockerfile
-      platforms: linux/amd64,linux/arm64/v8,linux/arm
-      registry: https://git.gnous.eu
-      tags:
-        - ${CI_COMMIT_TAG##v} # Remove v from tag
-        - stable
-      username:
-        from_secret: docker_username
-      password:
-        from_secret: docker_password
-    when:
-      event: tag
+      repo: gnouseu/plakken
--- a/.woodpecker/lint.yml
+++ b/.woodpecker/lint.yml
@ -1,6 +1,6 @@
 steps:
  lint:
-    image: golang:1.23
+    image: golang:1.22
    commands:
      - go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
      - golangci-lint run
@ -8,4 +8,4 @@ steps:
      - event: pull_request
        repo: gnouseu/plakken
      - event: push
-        branch: main
+        branch: ${CI_REPO_DEFAULT_BRANCH}
--- a/.woodpecker/release.yaml
+++ b/.woodpecker/release.yaml
@ -1,24 +1,29 @@
 steps:
-  - name: Build
-    image: golang:1.23
+  - name: Release
+    image: golang:1.22
    commands:
-      - go mod download
-      - CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-w -s" -o plakken-linux-amd64 # Enable static binary, target Linux, remove debug information and strip binary
-      - CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "-w -s" -o plakken-linux-arm64
-      - CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -ldflags "-w -s" -o plakken-linux-arm
-      - CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-w -s" -o plakken-windows-amd64.exe
-      - CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "-w -s" -o plakken-windows-arm64.exe
-      - CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -ldflags "-w -s" -o plakken-windows-arm.exe
+      - go install github.com/goreleaser/goreleaser@latest
+      - goreleaser release
+    secrets: [ gitea_token ]
    when:
      event: tag
-  - name: Release
-    image: woodpeckerci/plugin-gitea-release
+      repo: gnouseu/plakken
+    depends_on: []
+  - name: publish_image_tag
+    image: woodpeckerci/plugin-docker-buildx
    settings:
-      base_url: https://git.gnous.eu
-      files:
-        - "plakken*"
-      api_key:
-        from_secret: release_token
-      target: main
+      repo: git.gnous.eu/${CI_REPO_OWNER}/plakken
+      dockerfile: deployment/docker/Dockerfile
+      platforms: linux/amd64,linux/arm64/v8
+      registry: https://git.gnous.eu
+      tags:
+        - ${CI_COMMIT_TAG##v} # Remove v from tag
+        - stable
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
    when:
-      event: tag
+      event: tag
+      repo: gnouseu/plakken
+    depends_on: []
--- a/deployment/docker/Dockerfile
+++ b/deployment/docker/Dockerfile
@ -1,5 +1,5 @@
 # Build
-FROM golang:1.23 AS build
+FROM golang:1.22 AS build

 WORKDIR /build

--- a/deployment/docker/docker-compose.dev.yaml
+++ b/deployment/docker/docker-compose.dev.yaml
@ -1,5 +1,3 @@
-version: "3"
-
 networks:
  plakken:
    external: false
@ -7,8 +5,8 @@ networks:
 services:
  server:
    build:
-      context: ../
-      dockerfile: docker/Dockerfile
+      context: ../../
+      dockerfile: deployment/docker/Dockerfile
    restart: always
    container_name: plakken
    networks:
--- a/deployment/docker/docker-compose.yaml
+++ b/deployment/docker/docker-compose.yaml
@ -1,5 +1,3 @@
-version: "3"
-
 networks:
  plakken:
    external: false
@ -20,7 +18,6 @@ services:
      - "3000:3000"
    environment:
      - PLAKKEN_REDIS_ADDRESS=redis:6379
-      - POSTGRES_PASSWORD=gitea
      - PLAKKEN_REDIS_DB=0
      - PLAKKEN_URL_LENGTH=5
    depends_on:
--- a/deployment/goreleaser/postremove.sh
+++ b/deployment/goreleaser/postremove.sh
@ -0,0 +1,7 @@
+if getent passwd plakken > /dev/null; then
+  userdel -r plakken
+fi
+
+if getent group plakken > /dev/null; then
+  groupdel plakken
+fi
--- a/deployment/goreleaser/preinstall.sh
+++ b/deployment/goreleaser/preinstall.sh
@ -0,0 +1,12 @@
+if ! getent group plakken > /dev/null; then
+  groupadd -r plakken
+fi
+
+if ! getent passwd plakken > /dev/null; then
+    useradd -r -d /var/lib/plakken -s /sbin/nologin -g plakken -c "Plakken server" plakken
+fi
+if ! test -d /var/lib/plakken; then
+    mkdir -p /var/lib/plakken
+    chmod 0750 /var/lib/plakken
+    chown -R plakken:plakken /var/lib/plakken
+fi
--- a/deployment/goreleaser/preremove.sh
+++ b/deployment/goreleaser/preremove.sh
@ -0,0 +1 @@
+systemctl stop plakken
--- a/go.mod
+++ b/go.mod
@ -4,12 +4,12 @@ go 1.22

 require (
 	github.com/joho/godotenv v1.5.1
-	github.com/redis/go-redis/v9 v9.6.1
-	golang.org/x/crypto v0.27.0
+	github.com/redis/go-redis/v9 v9.5.1
+	golang.org/x/crypto v0.23.0
 )

 require (
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
-	golang.org/x/sys v0.25.0 // indirect
+	golang.org/x/sys v0.20.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@ -10,15 +10,7 @@ github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
 github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
 github.com/redis/go-redis/v9 v9.5.1 h1:H1X4D3yHPaYrkL5X06Wh6xNVM/pX0Ft4RV0vMGvLBh8=
 github.com/redis/go-redis/v9 v9.5.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
-github.com/redis/go-redis/v9 v9.5.2 h1:L0L3fcSNReTRGyZ6AqAEN0K56wYeYAwapBIhkvh0f3E=
-github.com/redis/go-redis/v9 v9.5.2/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
-github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4=
-github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA=
 golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
 golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
-golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
-golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
 golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
 golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
-golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
--- a/plakken.service
+++ b/plakken.service
@ -0,0 +1,54 @@
+# /usr/lib/systemd/system/plakken.service
+[Unit]
+Description=A paste server
+After=network.target
+
+[Service]
+Type=simple
+User=plakken
+
+ExecStart=/usr/bin/plakken
+
+
+EnvironmentFile=/etc/plakken/env
+
+ProtectSystem=strict
+ProtectHome=true
+NoNewPrivileges=yes
+RestrictNamespaces=true
+PrivateTmp=true
+PrivateDevices=true
+PrivateUsers=true
+ProtectClock=true
+ProtectControlGroups=true
+ProtectKernelTunables=true
+ProtectKernelLogs=true
+ProtectKernelModules=true
+LockPersonality=true
+RestrictSUIDSGID=true
+RemoveIPC=true
+RestrictRealtime=true
+SystemCallArchitectures=native
+MemoryDenyWriteExecute=true
+UMask=177 
+ProtectProc=invisible
+CapabilityBoundingSet=
+ProtectHostname=true
+RestrictAddressFamilies=~AF_(INET|INET6)
+RestrictAddressFamilies=~…
+RestrictAddressFamilies=~AF_UNIX
+RestrictAddressFamilies=~AF_NETLINK
+RestrictAddressFamilies=~AF_PACKET
+SystemCallFilter=~@reboot
+SystemCallFilter=~@obsolete
+SystemCallFilter=~@mount
+SystemCallFilter=~@module
+SystemCallFilter=~@debug
+SystemCallFilter=~@cpu-emulation
+SystemCallFilter=~@clock
+SystemCallFilter=~@swap
+SystemCallFilter=~@privileged
+ProcSubset=pid
+
+[Install]
+WantedBy=multi-user.target