Merge pull request #343 from threefoldtech/funkwhale

PeterNashaat · web-flow · commit ee0e36c11071 · 2025-03-06T11:31:02.000+02:00
fix ssh not working in funkwhale image
diff --git a/tfgrid3/funkwhale/Dockerfile b/tfgrid3/funkwhale/Dockerfile
@@ -11,10 +11,7 @@ RUN apt-get update && \
     gettext \
     gnupg \
     openssh-server \
-    ufw \
-    nginx \
-    certbot \
-    python3-certbot-nginx && \
+    ufw && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
@@ -26,10 +23,8 @@ RUN curl -s https://api.github.com/repos/threefoldtech/zinit/releases/latest | \
     chmod +x /sbin/zinit
 
 # Copy configuration scripts
-COPY scripts/ufw.sh /usr/local/bin/
-COPY scripts/dockerd.sh /usr/local/bin/
-COPY scripts/start-fk.sh /usr/local/bin/
-RUN chmod +x /usr/local/bin/ufw.sh /usr/local/bin/dockerd.sh /usr/local/bin/start-fk.sh
+COPY scripts/* /usr/local/bin/
+RUN chmod +x /usr/local/bin/*.sh 
 
 # Add Zinit configuration files
 ADD zinit /etc/zinit/
@@ -48,8 +43,8 @@ RUN apt-get update && \
 RUN apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
-# Expose ports for HTTP and SSH access
-EXPOSE 5000 222
+# Expose ports for HTTP access
+EXPOSE 5000
 
 # Command to run Zinit in the container
 CMD ["/sbin/zinit", "init", "--container"]
diff --git a/tfgrid3/funkwhale/README.md b/tfgrid3/funkwhale/README.md
@@ -24,18 +24,30 @@ Convert the docker image to Flist is using [Docker Hub Converter tool](https://h
 
 ## Environment Variables
 
-Several environment variables need to be configured before deploying Funkwhale:
+Several environment variables need to be configured before deploying Funkwhale. SMTP configuration is optional—if not configured, Funkwhale will still function, but it will not send any emails (e.g., notifications, password resets).
 
+### **Required for Basic Functionality**
 - `FUNKWHALE_SUPERUSER_NAME`: The username for the Funkwhale superuser.
 - `FUNKWHALE_SUPERUSER_EMAIL`: The email for the superuser account.
-- `FUNKWHALE_SUPERUSER_PASSWORD`: Password for the superuser account.
-- `FUNKWHALE_VERSION`: The version of Funkwhale to use (default: `1.4.0`).
+- `FUNKWHALE_SUPERUSER_PASSWORD`: The password for the superuser account.
 - `Domain`: The domain name for the Funkwhale instance (e.g., `funkwhale.example.com`).
 - `DJANGO_SECRET_KEY`: A unique secret key for Django. This environment variable is generated automatically by the **start script**.
 
-These variables are passed via `.env` files or Zinit service configurations. Ensure they are set properly before deployment.
+### **Optional for SMTP Configuration**
+If you want Funkwhale to send emails, such as notifications or password resets, you need to configure the following variables:
 
-## SSL Configuration
-This setup uses Certbot to generate and configure SSL certificates for your domain. Ensure the domain is properly configured with DNS settings that point to your server. The certificates are generated automatically during the deployment process.
+- `EMAIL_HOST`: The SMTP server address (e.g., `smtp.sendgrid.net`).
+- `EMAIL_PORT`: The port used by the SMTP server (e.g., `587`).
+- `EMAIL_USERNAME`: The username for SMTP authentication (e.g., `apikey` for SendGrid).
+- `EMAIL_PASSWORD`: The password or API key for SMTP authentication.
+- `EMAIL_PROTOCOL`: The protocol used for email communication. Supported options:
+  - `smtp`: Plain SMTP communication.
+  - `smtp+ssl`: SMTP with SSL encryption (port `465`).
+  - `smtp+tls`: SMTP with TLS encryption (port `587`).
+- `DEFAULT_FROM_EMAIL`: The default sender email address (e.g., `peter@funkwhale-test.com`).
 
+If these variables are not set, Funkwhale will default to outputting emails to the console (`consolemail://`), and emails will not actually be sent.
+
+### **Passing Environment Variables**
+These environment variables are passed via `.env` files or Zinit service configurations. Ensure they are set properly before deployment to guarantee correct operation.
 
diff --git a/tfgrid3/funkwhale/scripts/configure-smtp.sh b/tfgrid3/funkwhale/scripts/configure-smtp.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Path to the .env file
+ENV_FILE="/srv/funkwhale/.env"
+
+# Check if all required variables are set
+if [[ -z "$EMAIL_HOST" || -z "$EMAIL_PORT" || -z "$EMAIL_USERNAME" || -z "$EMAIL_PASSWORD" || -z "$EMAIL_PROTOCOL" || -z "$DEFAULT_FROM_EMAIL" ]]; then
+  echo "Missing required SMTP variables. Disabling SMTP."
+else
+  echo "All required SMTP variables are set. Configuring SMTP."
+  EMAIL_CONFIG="${EMAIL_PROTOCOL}://${EMAIL_USERNAME}:${EMAIL_PASSWORD}@${EMAIL_HOST}:${EMAIL_PORT}"
+  sed -i "/^# EMAIL_CONFIG=dummymail/s|^# EMAIL_CONFIG=.*|EMAIL_CONFIG=${EMAIL_CONFIG}|" "$ENV_FILE"
+  sed -i "/^# DEFAULT_FROM_EMAIL=/s|^# DEFAULT_FROM_EMAIL=.*|DEFAULT_FROM_EMAIL=${DEFAULT_FROM_EMAIL}|" "$ENV_FILE"
+fi
diff --git a/tfgrid3/funkwhale/scripts/start-fk.sh b/tfgrid3/funkwhale/scripts/start-fk.sh
@@ -4,7 +4,8 @@ set -ex
 # Check if FUNKWHALE_VERSION is set, if not, default to 1.4.0
 FUNKWHALE_VERSION=${FUNKWHALE_VERSION:-1.4.0}
 
-# Change to Funkwhale directory
+# Create and Change to Funkwhale directory
+mkdir /srv/funkwhale/
 cd /srv/funkwhale/
 
 # Download the Docker Compose and environment files for the specified version
@@ -21,7 +22,10 @@ sed -i "s#^DJANGO_SECRET_KEY=.*#DJANGO_SECRET_KEY=$DJANGO_SECRET#" .env
 # Add environment variables to the .env file
 sed -i "s#^FUNKWHALE_VERSION=.*#FUNKWHALE_VERSION=$FUNKWHALE_VERSION#" .env
 sed -i "s#^FUNKWHALE_HOSTNAME=.*#FUNKWHALE_HOSTNAME=$Domain#" .env
+sed -i 's/^FUNKWHALE_API_IP=.*/FUNKWHALE_API_IP=0.0.0.0/' .env
 
+# Setting SMTP Config
+bash /usr/local/bin/configure-smtp.sh
 # Pull the latest Docker images for Funkwhale
 docker-compose pull
 
@@ -40,43 +44,3 @@ EOF
 
 # Start Funkwhale services
 docker-compose up -d
-
-# Check if $Domain is set before proceeding with SSL generation
-if [ -z "$Domain" ]; then
-    echo "No Domain provided. Skipping SSL setup and exiting."
-    exit 0
-fi
-
-# Download and apply the Funkwhale Nginx proxy configuration
-curl -L -o /etc/nginx/funkwhale_proxy.conf "https://dev.funkwhale.audio/funkwhale/funkwhale/raw/$FUNKWHALE_VERSION/deploy/funkwhale_proxy.conf"
-curl -L -o /etc/nginx/sites-available/funkwhale.template "https://dev.funkwhale.audio/funkwhale/funkwhale/raw/$FUNKWHALE_VERSION/deploy/docker.proxy.template"
-
-# Apply environment variables to the Nginx template and create the final Nginx configuration
-set -a && source /srv/funkwhale/.env && set +a
-envsubst "`env | awk -F = '{printf \" $%s\", $$1}'`" < /etc/nginx/sites-available/funkwhale.template > /etc/nginx/sites-available/funkwhale.conf
-
-# Comment out SSL cert lines temporarily to allow HTTP access before SSL setup
-sed -i "s/listen      443 ssl http2\;/#listen      443 ssl http2\;/" /etc/nginx/sites-available/funkwhale.conf
-sed -i "s/listen \[::\]:443 ssl http2;/#listen \[::\]:443 ssl http2;/" /etc/nginx/sites-available/funkwhale.conf
-sed -i "s/ssl_certificate/\#ssl_certificate/" /etc/nginx/sites-available/funkwhale.conf
-
-# Enable the Funkwhale Nginx site and create a backup of the current configuration
-ln -s /etc/nginx/sites-available/funkwhale.conf /etc/nginx/sites-enabled/
-cp /etc/nginx/sites-available/funkwhale.conf /etc/nginx/sites-available/funkwhale.conf.bak
-
-# Generate SSL certificate using Certbot
-certbot --nginx -d $Domain --non-interactive --agree-tos --register-unsafely-without-email
-
-# Restore the original Nginx configuration from the backup
-mv /etc/nginx/sites-available/funkwhale.conf.bak /etc/nginx/sites-available/funkwhale.conf
-
-# Uncomment the SSL lines after Certbot finishes
-sed -i "s/\#ssl_certificate/ssl_certificate/" /etc/nginx/sites-available/funkwhale.conf
-sed -i "s/\#listen/listen/" /etc/nginx/sites-available/funkwhale.conf
-
-# Add HTTP to HTTPS redirection in the Nginx configuration
-sed -i "11a \    if (\$host = $Domain) {\n        return 301 https://\$host\$request_uri;\n    }" /etc/nginx/sites-available/funkwhale.conf
-
-# Restart Nginx to apply the New SSL configuration
-zinit stop nginx
-zinit start nginx
diff --git a/tfgrid3/funkwhale/scripts/ufw.sh b/tfgrid3/funkwhale/scripts/ufw.sh
@@ -5,5 +5,4 @@ ufw default deny incoming
 ufw default allow outgoing
 ufw allow ssh
 ufw limit ssh
-ufw allow 443
-ufw allow 80
+ufw allow 5000
diff --git a/tfgrid3/funkwhale/zinit/nginx.yaml b/tfgrid3/funkwhale/zinit/nginx.yaml
diff --git a/tfgrid3/funkwhale/zinit/sshkey.yaml b/tfgrid3/funkwhale/zinit/sshkey.yaml
@@ -1,12 +1,9 @@
 exec: |
   bash -c '
-    if [ ! -z "$SSH_KEY" ]; then
       mkdir -p /var/run/sshd
       mkdir -p /root/.ssh
       touch /root/.ssh/authorized_keys
-      
       chmod 700 /root/.ssh
       chmod 600 /root/.ssh/authorized_keys
-    fi
-  '
+      '
 oneshot: true
