Compare commits

..

1 commit

Author SHA1 Message Date
Ada
8458ad116a
📦 Add packaging
All checks were successful
ci/woodpecker/push/build Pipeline was successful
ci/woodpecker/push/lint Pipeline was successful
ci/woodpecker/push/release Pipeline was successful
ci/woodpecker/pr/release Pipeline was successful
ci/woodpecker/pr/build Pipeline was successful
ci/woodpecker/pr/lint Pipeline was successful
2024-05-11 17:38:03 +02:00
15 changed files with 180 additions and 58 deletions

2
.env
View file

@ -1,4 +1,4 @@
PLAKKEN_LISTEN=:5000 PLAKKEN_LISTEN=:3000
PLAKKEN_REDIS_ADDRESS=localhost:6379 PLAKKEN_REDIS_ADDRESS=localhost:6379
PLAKKEN_REDIS_USER= PLAKKEN_REDIS_USER=
PLAKKEN_REDIS_PASSWORD= PLAKKEN_REDIS_PASSWORD=

2
.gitignore vendored
View file

@ -22,3 +22,5 @@ plakken
# Go workspace file # Go workspace file
go.work go.work
.idea/discord.xml .idea/discord.xml
dist/

69
.goreleaser.yaml Normal file
View file

@ -0,0 +1,69 @@
gitea_urls:
api: https://git.gnous.eu/api/v1
download: https://git.gnous.eu
skip_tls_verify: false
before:
hooks:
# You may remove this if you don't use go modules.
- go mod tidy
builds:
-
env:
- CGO_ENABLED=0
goos:
- linux
- windows
- darwin
goarch:
- amd64
- arm64
binary: plakken
id: plakken
archives:
- format: tar.gz
format_overrides:
-
goos: windows
format: zip
nfpms:
-
id: plakken
package_name: plakken
file_name_template: "{{ .ConventionalFileName }}"
vendor: GnousEU
homepage: https://git.gnous.eu/plakken/
maintainer: GnousEU <contact@gnous.eu>
description: A light paste server
license: AGPLv3
formats:
- deb
- rpm
- archlinux
umask: 0o002
provides:
- plakken
suggests:
- redis
contents:
- src: .env
dst: /etc/plakken/env
- src: plakken.service
dst: /usr/lib/systemd/system/plakken.service
scripts:
preinstall: "deployment/goreleaser/preinstall.sh"
preremove: "deployment/goreleaser/preremove.sh"
postremove: "deployment/goreleaser/postremove.sh"
checksum:
algorithm: sha256
changelog:
sort: asc
filters:
exclude:
- "^docs:"
- "^test:"

View file

@ -4,9 +4,9 @@ steps:
settings: settings:
repo: git.gnous.eu/${CI_REPO_OWNER}/plakken repo: git.gnous.eu/${CI_REPO_OWNER}/plakken
dockerfile: deployment/docker/Dockerfile dockerfile: deployment/docker/Dockerfile
platforms: linux/amd64,linux/arm64/v8,linux/arm platforms: linux/amd64,linux/arm64/v8
registry: https://git.gnous.eu registry: https://git.gnous.eu
tag: ${CI_COMMIT} tag: ${CI_COMMIT_SHA}
username: username:
from_secret: docker_username from_secret: docker_username
password: password:
@ -14,19 +14,4 @@ steps:
when: when:
branch: ${CI_REPO_DEFAULT_BRANCH} branch: ${CI_REPO_DEFAULT_BRANCH}
event: push event: push
- name: publish_image_tag repo: gnouseu/plakken
image: woodpeckerci/plugin-docker-buildx
settings:
repo: git.gnous.eu/${CI_REPO_OWNER}/plakken
dockerfile: deployment/docker/Dockerfile
platforms: linux/amd64,linux/arm64/v8,linux/arm
registry: https://git.gnous.eu
tags:
- ${CI_COMMIT_TAG##v} # Remove v from tag
- stable
username:
from_secret: docker_username
password:
from_secret: docker_password
when:
event: tag

View file

@ -1,6 +1,6 @@
steps: steps:
lint: lint:
image: golang:1.23 image: golang:1.22
commands: commands:
- go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest - go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
- golangci-lint run - golangci-lint run
@ -8,4 +8,4 @@ steps:
- event: pull_request - event: pull_request
repo: gnouseu/plakken repo: gnouseu/plakken
- event: push - event: push
branch: main branch: ${CI_REPO_DEFAULT_BRANCH}

View file

@ -1,24 +1,29 @@
steps: steps:
- name: Build - name: Release
image: golang:1.23 image: golang:1.22
commands: commands:
- go mod download - go install github.com/goreleaser/goreleaser@latest
- CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-w -s" -o plakken-linux-amd64 # Enable static binary, target Linux, remove debug information and strip binary - goreleaser release
- CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "-w -s" -o plakken-linux-arm64 secrets: [ gitea_token ]
- CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -ldflags "-w -s" -o plakken-linux-arm
- CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags "-w -s" -o plakken-windows-amd64.exe
- CGO_ENABLED=0 GOOS=linux GOARCH=arm64 go build -ldflags "-w -s" -o plakken-windows-arm64.exe
- CGO_ENABLED=0 GOOS=linux GOARCH=arm go build -ldflags "-w -s" -o plakken-windows-arm.exe
when: when:
event: tag event: tag
- name: Release repo: gnouseu/plakken
image: woodpeckerci/plugin-gitea-release depends_on: []
- name: publish_image_tag
image: woodpeckerci/plugin-docker-buildx
settings: settings:
base_url: https://git.gnous.eu repo: git.gnous.eu/${CI_REPO_OWNER}/plakken
files: dockerfile: deployment/docker/Dockerfile
- "plakken*" platforms: linux/amd64,linux/arm64/v8
api_key: registry: https://git.gnous.eu
from_secret: release_token tags:
target: main - ${CI_COMMIT_TAG##v} # Remove v from tag
- stable
username:
from_secret: docker_username
password:
from_secret: docker_password
when: when:
event: tag event: tag
repo: gnouseu/plakken
depends_on: []

View file

@ -1,5 +1,5 @@
# Build # Build
FROM golang:1.23 AS build FROM golang:1.22 AS build
WORKDIR /build WORKDIR /build

View file

@ -1,5 +1,3 @@
version: "3"
networks: networks:
plakken: plakken:
external: false external: false
@ -7,8 +5,8 @@ networks:
services: services:
server: server:
build: build:
context: ../ context: ../../
dockerfile: docker/Dockerfile dockerfile: deployment/docker/Dockerfile
restart: always restart: always
container_name: plakken container_name: plakken
networks: networks:

View file

@ -1,5 +1,3 @@
version: "3"
networks: networks:
plakken: plakken:
external: false external: false
@ -20,7 +18,6 @@ services:
- "3000:3000" - "3000:3000"
environment: environment:
- PLAKKEN_REDIS_ADDRESS=redis:6379 - PLAKKEN_REDIS_ADDRESS=redis:6379
- POSTGRES_PASSWORD=gitea
- PLAKKEN_REDIS_DB=0 - PLAKKEN_REDIS_DB=0
- PLAKKEN_URL_LENGTH=5 - PLAKKEN_URL_LENGTH=5
depends_on: depends_on:

View file

@ -0,0 +1,7 @@
if getent passwd plakken > /dev/null; then
userdel -r plakken
fi
if getent group plakken > /dev/null; then
groupdel plakken
fi

View file

@ -0,0 +1,12 @@
if ! getent group plakken > /dev/null; then
groupadd -r plakken
fi
if ! getent passwd plakken > /dev/null; then
useradd -r -d /var/lib/plakken -s /sbin/nologin -g plakken -c "Plakken server" plakken
fi
if ! test -d /var/lib/plakken; then
mkdir -p /var/lib/plakken
chmod 0750 /var/lib/plakken
chown -R plakken:plakken /var/lib/plakken
fi

View file

@ -0,0 +1 @@
systemctl stop plakken

6
go.mod
View file

@ -4,12 +4,12 @@ go 1.22
require ( require (
github.com/joho/godotenv v1.5.1 github.com/joho/godotenv v1.5.1
github.com/redis/go-redis/v9 v9.6.1 github.com/redis/go-redis/v9 v9.5.1
golang.org/x/crypto v0.27.0 golang.org/x/crypto v0.23.0
) )
require ( require (
github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
golang.org/x/sys v0.25.0 // indirect golang.org/x/sys v0.20.0 // indirect
) )

8
go.sum
View file

@ -10,15 +10,7 @@ github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4= github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
github.com/redis/go-redis/v9 v9.5.1 h1:H1X4D3yHPaYrkL5X06Wh6xNVM/pX0Ft4RV0vMGvLBh8= github.com/redis/go-redis/v9 v9.5.1 h1:H1X4D3yHPaYrkL5X06Wh6xNVM/pX0Ft4RV0vMGvLBh8=
github.com/redis/go-redis/v9 v9.5.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M= github.com/redis/go-redis/v9 v9.5.1/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
github.com/redis/go-redis/v9 v9.5.2 h1:L0L3fcSNReTRGyZ6AqAEN0K56wYeYAwapBIhkvh0f3E=
github.com/redis/go-redis/v9 v9.5.2/go.mod h1:hdY0cQFCN4fnSYT6TkisLufl/4W5UIXyv0b/CLO2V2M=
github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4=
github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA=
golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI=
golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8=
golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A=
golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70=
golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=

54
plakken.service Normal file
View file

@ -0,0 +1,54 @@
# /usr/lib/systemd/system/plakken.service
[Unit]
Description=A paste server
After=network.target
[Service]
Type=simple
User=plakken
ExecStart=/usr/bin/plakken
EnvironmentFile=/etc/plakken/env
ProtectSystem=strict
ProtectHome=true
NoNewPrivileges=yes
RestrictNamespaces=true
PrivateTmp=true
PrivateDevices=true
PrivateUsers=true
ProtectClock=true
ProtectControlGroups=true
ProtectKernelTunables=true
ProtectKernelLogs=true
ProtectKernelModules=true
LockPersonality=true
RestrictSUIDSGID=true
RemoveIPC=true
RestrictRealtime=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
UMask=177
ProtectProc=invisible
CapabilityBoundingSet=
ProtectHostname=true
RestrictAddressFamilies=~AF_(INET|INET6)
RestrictAddressFamilies=~…
RestrictAddressFamilies=~AF_UNIX
RestrictAddressFamilies=~AF_NETLINK
RestrictAddressFamilies=~AF_PACKET
SystemCallFilter=~@reboot
SystemCallFilter=~@obsolete
SystemCallFilter=~@mount
SystemCallFilter=~@module
SystemCallFilter=~@debug
SystemCallFilter=~@cpu-emulation
SystemCallFilter=~@clock
SystemCallFilter=~@swap
SystemCallFilter=~@privileged
ProcSubset=pid
[Install]
WantedBy=multi-user.target