mirror of
https://github.com/firefly-iii/firefly-iii.git
synced 2025-02-25 18:45:27 -06:00
Initial code base for Sandstorm.IO support. Very beta.
This commit is contained in:
parent
df1da32745
commit
96b5d174d1
55
.env.sandstorm
Executable file
55
.env.sandstorm
Executable file
@ -0,0 +1,55 @@
|
||||
APP_ENV=production
|
||||
APP_DEBUG=true
|
||||
APP_FORCE_SSL=false
|
||||
APP_FORCE_ROOT=
|
||||
APP_KEY=SomeRandomStringOf32CharsExactly
|
||||
APP_LOG=syslog
|
||||
APP_LOG_LEVEL=debug
|
||||
APP_URL=http://localhost
|
||||
|
||||
DB_CONNECTION=mysql
|
||||
DB_HOST=127.0.0.1
|
||||
DB_PORT=3306
|
||||
DB_DATABASE=firefly
|
||||
DB_USERNAME=firefly
|
||||
DB_PASSWORD=firefly
|
||||
|
||||
BROADCAST_DRIVER=log
|
||||
CACHE_DRIVER=file
|
||||
SESSION_DRIVER=file
|
||||
QUEUE_DRIVER=sync
|
||||
|
||||
COOKIE_PATH="/"
|
||||
COOKIE_DOMAIN=
|
||||
COOKIE_SECURE=false
|
||||
|
||||
REDIS_HOST=127.0.0.1
|
||||
REDIS_PASSWORD=null
|
||||
REDIS_PORT=6379
|
||||
|
||||
MAIL_DRIVER=smtp
|
||||
MAIL_HOST=mailtrap.io
|
||||
MAIL_PORT=2525
|
||||
MAIL_FROM=changeme@example.com
|
||||
MAIL_USERNAME=null
|
||||
MAIL_PASSWORD=null
|
||||
MAIL_ENCRYPTION=null
|
||||
|
||||
SEND_REGISTRATION_MAIL=true
|
||||
SEND_ERROR_MESSAGE=true
|
||||
SHOW_INCOMPLETE_TRANSLATIONS=false
|
||||
|
||||
CACHE_PREFIX=firefly
|
||||
|
||||
GOOGLE_MAPS_API_KEY=
|
||||
ANALYTICS_ID=
|
||||
SITE_OWNER=mail@example.com
|
||||
USE_ENCRYPTION=true
|
||||
|
||||
PUSHER_KEY=
|
||||
PUSHER_SECRET=
|
||||
PUSHER_APP_ID=
|
||||
|
||||
DEMO_USERNAME=
|
||||
DEMO_PASSWORD=
|
||||
|
5
.sandstorm/.gitattributes
vendored
Normal file
5
.sandstorm/.gitattributes
vendored
Normal file
@ -0,0 +1,5 @@
|
||||
|
||||
|
||||
# vagrant-spk creates shell scripts, which must end in \n, even on a \r\n system.
|
||||
*.sh text eol=lf
|
||||
|
5
.sandstorm/.gitignore
vendored
Normal file
5
.sandstorm/.gitignore
vendored
Normal file
@ -0,0 +1,5 @@
|
||||
|
||||
|
||||
# This file stores a list of sub-paths of .sandstorm/ that should be ignored by git.
|
||||
.vagrant
|
||||
|
103
.sandstorm/Vagrantfile
vendored
Normal file
103
.sandstorm/Vagrantfile
vendored
Normal file
@ -0,0 +1,103 @@
|
||||
# -*- mode: ruby -*-
|
||||
# vi: set ft=ruby :
|
||||
|
||||
# Guess at a reasonable name for the VM based on the folder vagrant-spk is
|
||||
# run from. The timestamp is there to avoid conflicts if you have multiple
|
||||
# folders with the same name.
|
||||
VM_NAME = File.basename(File.dirname(File.dirname(__FILE__))) + "_sandstorm_#{Time.now.utc.to_i}"
|
||||
|
||||
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
|
||||
VAGRANTFILE_API_VERSION = "2"
|
||||
|
||||
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
|
||||
# Base on the Sandstorm snapshots of the official Debian 8 (jessie) box.
|
||||
config.vm.box = "sandstorm/debian-jessie64"
|
||||
|
||||
if Vagrant.has_plugin?("vagrant-vbguest") then
|
||||
# vagrant-vbguest is a Vagrant plugin that upgrades
|
||||
# the version of VirtualBox Guest Additions within each
|
||||
# guest. If you have the vagrant-vbguest plugin, then it
|
||||
# needs to know how to compile kernel modules, etc., and so
|
||||
# we give it this hint about operating system type.
|
||||
config.vm.guest = "debian"
|
||||
end
|
||||
|
||||
# We forward port 6080, the Sandstorm web port, so that developers can
|
||||
# visit their sandstorm app from their browser as local.sandstorm.io:6080
|
||||
# (aka 127.0.0.1:6080).
|
||||
config.vm.network :forwarded_port, guest: 6080, host: 6080
|
||||
|
||||
# Use a shell script to "provision" the box. This installs Sandstorm using
|
||||
# the bundled installer.
|
||||
config.vm.provision "shell", inline: "sudo bash /opt/app/.sandstorm/global-setup.sh", keep_color: true
|
||||
# Then, do stack-specific and app-specific setup.
|
||||
config.vm.provision "shell", inline: "sudo bash /opt/app/.sandstorm/setup.sh", keep_color: true
|
||||
|
||||
# Shared folders are configured per-provider since vboxsf can't handle >4096 open files,
|
||||
# NFS requires privilege escalation every time you bring a VM up,
|
||||
# and 9p is only available on libvirt.
|
||||
|
||||
# Calculate the number of CPUs and the amount of RAM the system has,
|
||||
# in a platform-dependent way; further logic below.
|
||||
cpus = nil
|
||||
total_kB_ram = nil
|
||||
|
||||
host = RbConfig::CONFIG['host_os']
|
||||
if host =~ /darwin/
|
||||
cpus = `sysctl -n hw.ncpu`.to_i
|
||||
total_kB_ram = `sysctl -n hw.memsize`.to_i / 1024
|
||||
elsif host =~ /linux/
|
||||
cpus = `nproc`.to_i
|
||||
total_kB_ram = `grep MemTotal /proc/meminfo | awk '{print $2}'`.to_i
|
||||
elsif host =~ /mingw/
|
||||
# powershell may not be available on Windows XP and Vista, so wrap this in a rescue block
|
||||
begin
|
||||
cpus = `powershell -Command "(Get-WmiObject Win32_Processor -Property NumberOfLogicalProcessors | Select-Object -Property NumberOfLogicalProcessors | Measure-Object NumberOfLogicalProcessors -Sum).Sum"`.to_i
|
||||
total_kB_ram = `powershell -Command "Get-CimInstance -class cim_physicalmemory | % $_.Capacity}"`.to_i / 1024
|
||||
rescue
|
||||
end
|
||||
end
|
||||
# Use the same number of CPUs within Vagrant as the system, with 1
|
||||
# as a default.
|
||||
#
|
||||
# Use at least 512MB of RAM, and if the system has more than 2GB of
|
||||
# RAM, use 1/4 of the system RAM. This seems a reasonable compromise
|
||||
# between having the Vagrant guest operating system not run out of
|
||||
# RAM entirely (which it basically would if we went much lower than
|
||||
# 512MB) and also allowing it to use up a healthily large amount of
|
||||
# RAM so it can run faster on systems that can afford it.
|
||||
if cpus.nil? or cpus.zero?
|
||||
cpus = 1
|
||||
end
|
||||
if total_kB_ram.nil? or total_kB_ram < 2048000
|
||||
assign_ram_mb = 512
|
||||
else
|
||||
assign_ram_mb = (total_kB_ram / 1024 / 4)
|
||||
end
|
||||
# Actually apply these CPU/memory values to the providers.
|
||||
config.vm.provider :virtualbox do |vb, override|
|
||||
vb.cpus = cpus
|
||||
vb.memory = assign_ram_mb
|
||||
vb.name = VM_NAME
|
||||
vb.customize ["modifyvm", :id, "--nictype1", "Am79C973"]
|
||||
|
||||
# /opt/app and /host-dot-sandstorm are used by vagrant-spk
|
||||
override.vm.synced_folder "..", "/opt/app"
|
||||
override.vm.synced_folder ENV["HOME"] + "/.sandstorm", "/host-dot-sandstorm"
|
||||
# /vagrant is not used by vagrant-spk; we need this line so it gets disabled; if we removed the
|
||||
# line, vagrant would automatically insert a synced folder in /vagrant, which is not what we want.
|
||||
override.vm.synced_folder "..", "/vagrant", disabled: true
|
||||
end
|
||||
config.vm.provider :libvirt do |libvirt, override|
|
||||
libvirt.cpus = cpus
|
||||
libvirt.memory = assign_ram_mb
|
||||
libvirt.default_prefix = VM_NAME
|
||||
|
||||
# /opt/app and /host-dot-sandstorm are used by vagrant-spk
|
||||
override.vm.synced_folder "..", "/opt/app", type: "9p", accessmode: "passthrough"
|
||||
override.vm.synced_folder ENV["HOME"] + "/.sandstorm", "/host-dot-sandstorm", type: "9p", accessmode: "passthrough"
|
||||
# /vagrant is not used by vagrant-spk; we need this line so it gets disabled; if we removed the
|
||||
# line, vagrant would automatically insert a synced folder in /vagrant, which is not what we want.
|
||||
override.vm.synced_folder "..", "/vagrant", type: "9p", accessmode: "passthrough", disabled: true
|
||||
end
|
||||
end
|
21
.sandstorm/build.sh
Executable file
21
.sandstorm/build.sh
Executable file
@ -0,0 +1,21 @@
|
||||
#!/bin/bash
|
||||
# Checks if there's a composer.json, and if so, installs/runs composer.
|
||||
# Only runs when we connect the app to sandstorm (so once).
|
||||
set -euo pipefail
|
||||
|
||||
|
||||
|
||||
cd /opt/app
|
||||
|
||||
cp .env.sandstorm .env
|
||||
|
||||
if [ -f /opt/app/composer.json ] ; then
|
||||
if [ ! -f composer.phar ] ; then
|
||||
curl -sS https://getcomposer.org/installer | php
|
||||
fi
|
||||
php composer.phar install --no-dev --no-suggest
|
||||
fi
|
||||
|
||||
# link storage folder
|
||||
rm -rf /opt/app/storage
|
||||
ln -s /var/storage /opt/app
|
44
.sandstorm/global-setup.sh
Executable file
44
.sandstorm/global-setup.sh
Executable file
@ -0,0 +1,44 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
# Set options for curl. Since we only want to show errors from these curl commands, we also use
|
||||
# 'cat' to buffer the output; for more information:
|
||||
# https://github.com/sandstorm-io/vagrant-spk/issues/158
|
||||
|
||||
CURL_OPTS="--silent --show-error"
|
||||
echo localhost > /etc/hostname
|
||||
hostname localhost
|
||||
|
||||
# The following line copies stderr through stderr to cat without accidentally leaving it in the
|
||||
# output file. Be careful when changing. See: https://github.com/sandstorm-io/vagrant-spk/pull/159
|
||||
curl $CURL_OPTS https://install.sandstorm.io/ 2>&1 > /host-dot-sandstorm/caches/install.sh | cat
|
||||
|
||||
SANDSTORM_CURRENT_VERSION=$(curl $CURL_OPTS -f "https://install.sandstorm.io/dev?from=0&type=install")
|
||||
SANDSTORM_PACKAGE="sandstorm-$SANDSTORM_CURRENT_VERSION.tar.xz"
|
||||
if [[ ! -f /host-dot-sandstorm/caches/$SANDSTORM_PACKAGE ]] ; then
|
||||
echo -n "Downloading Sandstorm version ${SANDSTORM_CURRENT_VERSION}..."
|
||||
curl $CURL_OPTS --output "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE.partial" "https://dl.sandstorm.io/$SANDSTORM_PACKAGE" 2>&1 | cat
|
||||
mv "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE.partial" "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE"
|
||||
echo "...done."
|
||||
fi
|
||||
if [ ! -e /opt/sandstorm/latest/sandstorm ] ; then
|
||||
echo -n "Installing Sandstorm version ${SANDSTORM_CURRENT_VERSION}..."
|
||||
bash /host-dot-sandstorm/caches/install.sh -d -e "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE" >/dev/null
|
||||
echo "...done."
|
||||
fi
|
||||
modprobe ip_tables
|
||||
# Make the vagrant user part of the sandstorm group so that commands like
|
||||
# `spk dev` work.
|
||||
usermod -a -G 'sandstorm' 'vagrant'
|
||||
# Bind to all addresses, so the vagrant port-forward works.
|
||||
sudo sed --in-place='' \
|
||||
--expression='s/^BIND_IP=.*/BIND_IP=0.0.0.0/' \
|
||||
/opt/sandstorm/sandstorm.conf
|
||||
sudo service sandstorm restart
|
||||
# Enable apt-cacher-ng proxy to make things faster if one appears to be running on the gateway IP
|
||||
GATEWAY_IP=$(ip route | grep ^default | cut -d ' ' -f 3)
|
||||
if nc -z "$GATEWAY_IP" 3142 ; then
|
||||
echo "Acquire::http::Proxy \"http://$GATEWAY_IP:3142\";" > /etc/apt/apt.conf.d/80httpproxy
|
||||
fi
|
||||
# Configure apt to retry fetching things that fail to download.
|
||||
echo "APT::Acquire::Retries \"10\";" > /etc/apt/apt.conf.d/80sandstorm-retry
|
66
.sandstorm/launcher.sh
Executable file
66
.sandstorm/launcher.sh
Executable file
@ -0,0 +1,66 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Runs every time we create a new grain!
|
||||
|
||||
# Create a bunch of folders under the clean /var that php, nginx, and mysql expect to exist
|
||||
mkdir -p /var/lib/mysql
|
||||
mkdir -p /var/lib/nginx
|
||||
mkdir -p /var/lib/php/sessions/
|
||||
mkdir -p /var/log
|
||||
mkdir -p /var/log/mysql
|
||||
mkdir -p /var/log/nginx
|
||||
# Wipe /var/run, since pidfiles and socket files from previous launches should go away
|
||||
# TODO someday: I'd prefer a tmpfs for these.
|
||||
rm -rf /var/run
|
||||
mkdir -p /var/run
|
||||
rm -rf /var/tmp
|
||||
mkdir -p /var/tmp
|
||||
mkdir -p /var/run/mysqld
|
||||
|
||||
# make storage directories
|
||||
rm -rf /var/storage
|
||||
mkdir -p /var/storage/app/public
|
||||
mkdir -p /var/storage/build
|
||||
mkdir -p /var/storage/database
|
||||
mkdir -p /var/storage/debugbar
|
||||
mkdir -p /var/storage/export
|
||||
mkdir -p /var/storage/framework/cache
|
||||
mkdir -p /var/storage/framework/sessions
|
||||
mkdir -p /var/storage/framework/views
|
||||
mkdir -p /var/storage/logs
|
||||
mkdir -p /var/storage/upload
|
||||
|
||||
|
||||
# Ensure mysql tables created
|
||||
HOME=/etc/mysql /usr/bin/mysql_install_db --force
|
||||
|
||||
# Spawn mysqld, php
|
||||
HOME=/etc/mysql /usr/sbin/mysqld &
|
||||
|
||||
/usr/sbin/php-fpm7.0 --nodaemonize --fpm-config /etc/php/7.0/fpm/php-fpm.conf &
|
||||
|
||||
# Wait until mysql and php have bound their sockets, indicating readiness
|
||||
while [ ! -e /var/run/mysqld/mysqld.sock ] ; do
|
||||
echo "waiting for mysql to be available at /var/run/mysqld/mysqld.sock"
|
||||
sleep .5
|
||||
done
|
||||
while [ ! -e /var/run/php7.0-fpm.sock ] ; do
|
||||
echo "waiting for php7.0-fpm to be available at /var/run/php7.0-fpm.sock"
|
||||
sleep .5
|
||||
done
|
||||
|
||||
echo "Installing database.."
|
||||
# Install database for Firefly III
|
||||
echo "CREATE DATABASE IF NOT EXISTS firefly; GRANT ALL on firefly.* TO 'firefly'@'localhost' IDENTIFIED BY 'firefly';" | mysql -uroot
|
||||
echo "Done!"
|
||||
|
||||
#echo "Generate key..."
|
||||
#php /opt/app/artisan key:generate
|
||||
#echo "Done!"
|
||||
|
||||
echo "Migrating..."
|
||||
php /opt/app/artisan migrate:refresh --seed --force
|
||||
echo "Done!"
|
||||
|
||||
# Start nginx.
|
||||
/usr/sbin/nginx -c /opt/app/.sandstorm/service-config/nginx.conf -g "daemon off;"
|
1113
.sandstorm/sandstorm-files.list
Normal file
1113
.sandstorm/sandstorm-files.list
Normal file
File diff suppressed because it is too large
Load Diff
247
.sandstorm/sandstorm-pkgdef.capnp
Normal file
247
.sandstorm/sandstorm-pkgdef.capnp
Normal file
@ -0,0 +1,247 @@
|
||||
@0x9411e6c8b3c8a4b6;
|
||||
|
||||
using Spk = import "/sandstorm/package.capnp";
|
||||
# This imports:
|
||||
# $SANDSTORM_HOME/latest/usr/include/sandstorm/package.capnp
|
||||
# Check out that file to see the full, documented package definition format.
|
||||
|
||||
const pkgdef :Spk.PackageDefinition = (
|
||||
# The package definition. Note that the spk tool looks specifically for the
|
||||
# "pkgdef" constant.
|
||||
|
||||
id = "uws252ya9mep4t77tevn85333xzsgrpgth8q4y1rhknn1hammw70",
|
||||
# Your app ID is actually its public key. The private key was placed in
|
||||
# your keyring. All updates must be signed with the same key.
|
||||
|
||||
manifest = (
|
||||
# This manifest is included in your app package to tell Sandstorm
|
||||
# about your app.
|
||||
|
||||
appTitle = (defaultText = "Firefly III"),
|
||||
|
||||
appVersion = 0, # Increment this for every release.
|
||||
|
||||
appMarketingVersion = (defaultText = "3.4.3"),
|
||||
# Human-readable representation of appVersion. Should match the way you
|
||||
# identify versions of your app in documentation and marketing.
|
||||
|
||||
actions = [
|
||||
# Define your "new document" handlers here.
|
||||
( nounPhrase = (defaultText = "administration"),
|
||||
command = .myCommand
|
||||
# The command to run when starting for the first time. (".myCommand"
|
||||
# is just a constant defined at the bottom of the file.)
|
||||
)
|
||||
],
|
||||
|
||||
continueCommand = .myCommand,
|
||||
# This is the command called to start your app back up after it has been
|
||||
# shut down for inactivity. Here we're using the same command as for
|
||||
# starting a new instance, but you could use different commands for each
|
||||
# case.
|
||||
|
||||
metadata = (
|
||||
# Data which is not needed specifically to execute the app, but is useful
|
||||
# for purposes like marketing and display. These fields are documented at
|
||||
# https://docs.sandstorm.io/en/latest/developing/publishing-apps/#add-required-metadata
|
||||
# and (in deeper detail) in the sandstorm source code, in the Metadata section of
|
||||
# https://github.com/sandstorm-io/sandstorm/blob/master/src/sandstorm/package.capnp
|
||||
icons = (
|
||||
# Various icons to represent the app in various contexts.
|
||||
appGrid = (png = (dpi1x = embed "public/images/logo/firefly-iii-128.png")),
|
||||
grain = (png = (dpi1x = embed "public/images/logo/firefly-iii-24.png",
|
||||
dpi2x = embed "public/images/logo/firefly-iii-48.png")),
|
||||
market = (png = (dpi1x = embed "public/images/logo/firefly-iii-150.png"))
|
||||
),
|
||||
|
||||
website = "https://firefly-iii.github.io/",
|
||||
# This should be the app's main website url.
|
||||
|
||||
codeUrl = "https://github.com/firefly-iii/firefly-iii",
|
||||
# URL of the app's source code repository, e.g. a GitHub URL.
|
||||
# Required if you specify a license requiring redistributing code, but optional otherwise.
|
||||
|
||||
license = (openSource = void),
|
||||
# The license this package is distributed under. See
|
||||
# https://docs.sandstorm.io/en/latest/developing/publishing-apps/#license
|
||||
|
||||
categories = [productivity],
|
||||
# A list of categories/genres to which this app belongs, sorted with best fit first.
|
||||
# See the list of categories at
|
||||
# https://docs.sandstorm.io/en/latest/developing/publishing-apps/#categories
|
||||
|
||||
author = (
|
||||
# Fields relating to the author of this app.
|
||||
|
||||
contactEmail = "thegrumpydictator@gmail.com",
|
||||
# Email address to contact for any issues with this app. This includes end-user support
|
||||
# requests as well as app store administrator requests, so it is very important that this be a
|
||||
# valid address with someone paying attention to it.
|
||||
|
||||
#pgpSignature = embed "path/to/pgp-signature",
|
||||
# PGP signature attesting responsibility for the app ID. This is a binary-format detached
|
||||
# signature of the following ASCII message (not including the quotes, no newlines, and
|
||||
# replacing <app-id> with the standard base-32 text format of the app's ID):
|
||||
#
|
||||
# "I am the author of the Sandstorm.io app with the following ID: <app-id>"
|
||||
#
|
||||
# You can create a signature file using `gpg` like so:
|
||||
#
|
||||
# echo -n "I am the author of the Sandstorm.io app with the following ID: <app-id>" | gpg --sign > pgp-signature
|
||||
#
|
||||
# Further details including how to set up GPG and how to use keybase.io can be found
|
||||
# at https://docs.sandstorm.io/en/latest/developing/publishing-apps/#verify-your-identity
|
||||
|
||||
# upstreamAuthor = "Example App Team",
|
||||
# Name of the original primary author of this app, if it is different from the person who
|
||||
# produced the Sandstorm package. Setting this implies that the author connected to the PGP
|
||||
# signature only "packaged" the app for Sandstorm, rather than developing the app.
|
||||
# Remove this line if you consider yourself as the author of the app.
|
||||
),
|
||||
|
||||
#pgpKeyring = embed "path/to/pgp-keyring",
|
||||
# A keyring in GPG keyring format containing all public keys needed to verify PGP signatures in
|
||||
# this manifest (as of this writing, there is only one: `author.pgpSignature`).
|
||||
#
|
||||
# To generate a keyring containing just your public key, do:
|
||||
#
|
||||
# gpg --export <key-id> > keyring
|
||||
#
|
||||
# Where `<key-id>` is a PGP key ID or email address associated with the key.
|
||||
|
||||
#description = (defaultText = embed "path/to/description.md"),
|
||||
# The app's description in Github-flavored Markdown format, to be displayed e.g.
|
||||
# in an app store. Note that the Markdown is not permitted to contain HTML nor image tags (but
|
||||
# you can include a list of screenshots separately).
|
||||
|
||||
shortDescription = (defaultText = "Financial management"),
|
||||
# A very short (one-to-three words) description of what the app does. For example,
|
||||
# "Document editor", or "Notetaking", or "Email client". This will be displayed under the app
|
||||
# title in the grid view in the app market.
|
||||
|
||||
screenshots = [
|
||||
# Screenshots to use for marketing purposes. Examples below.
|
||||
# Sizes are given in device-independent pixels, so if you took these
|
||||
# screenshots on a Retina-style high DPI screen, divide each dimension by two.
|
||||
|
||||
#(width = 746, height = 795, jpeg = embed "path/to/screenshot-1.jpeg"),
|
||||
#(width = 640, height = 480, png = embed "path/to/screenshot-2.png"),
|
||||
],
|
||||
#changeLog = (defaultText = embed "path/to/sandstorm-specific/changelog.md"),
|
||||
# Documents the history of changes in Github-flavored markdown format (with the same restrictions
|
||||
# as govern `description`). We recommend formatting this with an H1 heading for each version
|
||||
# followed by a bullet list of changes.
|
||||
),
|
||||
),
|
||||
|
||||
sourceMap = (
|
||||
# Here we defined where to look for files to copy into your package. The
|
||||
# `spk dev` command actually figures out what files your app needs
|
||||
# automatically by running it on a FUSE filesystem. So, the mappings
|
||||
# here are only to tell it where to find files that the app wants.
|
||||
searchPath = [
|
||||
( sourcePath = "." ), # Search this directory first.
|
||||
( sourcePath = "/", # Then search the system root directory.
|
||||
hidePaths = [ "home", "proc", "sys",
|
||||
"etc/passwd", "etc/hosts", "etc/host.conf",
|
||||
"etc/nsswitch.conf", "etc/resolv.conf" ]
|
||||
# You probably don't want the app pulling files from these places,
|
||||
# so we hide them. Note that /dev, /var, and /tmp are implicitly
|
||||
# hidden because Sandstorm itself provides them.
|
||||
)
|
||||
]
|
||||
),
|
||||
|
||||
fileList = "sandstorm-files.list",
|
||||
# `spk dev` will write a list of all the files your app uses to this file.
|
||||
# You should review it later, before shipping your app.
|
||||
|
||||
alwaysInclude = [],
|
||||
# Fill this list with more names of files or directories that should be
|
||||
# included in your package, even if not listed in sandstorm-files.list.
|
||||
# Use this to force-include stuff that you know you need but which may
|
||||
# not have been detected as a dependency during `spk dev`. If you list
|
||||
# a directory here, its entire contents will be included recursively.
|
||||
|
||||
#bridgeConfig = (
|
||||
# # Used for integrating permissions and roles into the Sandstorm shell
|
||||
# # and for sandstorm-http-bridge to pass to your app.
|
||||
# # Uncomment this block and adjust the permissions and roles to make
|
||||
# # sense for your app.
|
||||
# # For more information, see high-level documentation at
|
||||
# # https://docs.sandstorm.io/en/latest/developing/auth/
|
||||
# # and advanced details in the "BridgeConfig" section of
|
||||
# # https://github.com/sandstorm-io/sandstorm/blob/master/src/sandstorm/package.capnp
|
||||
# viewInfo = (
|
||||
# # For details on the viewInfo field, consult "ViewInfo" in
|
||||
# # https://github.com/sandstorm-io/sandstorm/blob/master/src/sandstorm/grain.capnp
|
||||
#
|
||||
# permissions = [
|
||||
# # Permissions which a user may or may not possess. A user's current
|
||||
# # permissions are passed to the app as a comma-separated list of `name`
|
||||
# # fields in the X-Sandstorm-Permissions header with each request.
|
||||
# #
|
||||
# # IMPORTANT: only ever append to this list! Reordering or removing fields
|
||||
# # will change behavior and permissions for existing grains! To deprecate a
|
||||
# # permission, or for more information, see "PermissionDef" in
|
||||
# # https://github.com/sandstorm-io/sandstorm/blob/master/src/sandstorm/grain.capnp
|
||||
# (
|
||||
# name = "editor",
|
||||
# # Name of the permission, used as an identifier for the permission in cases where string
|
||||
# # names are preferred. Used in sandstorm-http-bridge's X-Sandstorm-Permissions HTTP header.
|
||||
#
|
||||
# title = (defaultText = "editor"),
|
||||
# # Display name of the permission, e.g. to display in a checklist of permissions
|
||||
# # that may be assigned when sharing.
|
||||
#
|
||||
# description = (defaultText = "grants ability to modify data"),
|
||||
# # Prose describing what this role means, suitable for a tool tip or similar help text.
|
||||
# ),
|
||||
# ],
|
||||
# roles = [
|
||||
# # Roles are logical collections of permissions. For instance, your app may have
|
||||
# # a "viewer" role and an "editor" role
|
||||
# (
|
||||
# title = (defaultText = "editor"),
|
||||
# # Name of the role. Shown in the Sandstorm UI to indicate which users have which roles.
|
||||
#
|
||||
# permissions = [true],
|
||||
# # An array indicating which permissions this role carries.
|
||||
# # It should be the same length as the permissions array in
|
||||
# # viewInfo, and the order of the lists must match.
|
||||
#
|
||||
# verbPhrase = (defaultText = "can make changes to the document"),
|
||||
# # Brief explanatory text to show in the sharing UI indicating
|
||||
# # what a user assigned this role will be able to do with the grain.
|
||||
#
|
||||
# description = (defaultText = "editors may view all site data and change settings."),
|
||||
# # Prose describing what this role means, suitable for a tool tip or similar help text.
|
||||
# ),
|
||||
# (
|
||||
# title = (defaultText = "viewer"),
|
||||
# permissions = [false],
|
||||
# verbPhrase = (defaultText = "can view the document"),
|
||||
# description = (defaultText = "viewers may view what other users have written."),
|
||||
# ),
|
||||
# ],
|
||||
# ),
|
||||
# #apiPath = "/api",
|
||||
# # Apps can export an API to the world. The API is to be used primarily by Javascript
|
||||
# # code and native apps, so it can't serve out regular HTML to browsers. If a request
|
||||
# # comes in to your app's API, sandstorm-http-bridge will prefix the request's path with
|
||||
# # this string, if specified.
|
||||
#),
|
||||
);
|
||||
|
||||
const myCommand :Spk.Manifest.Command = (
|
||||
# Here we define the command used to start up your server.
|
||||
argv = ["/sandstorm-http-bridge", "8000", "--", "/opt/app/.sandstorm/launcher.sh"],
|
||||
environ = [
|
||||
# Note that this defines the *entire* environment seen by your app.
|
||||
(key = "PATH", value = "/usr/local/bin:/usr/bin:/bin"),
|
||||
(key = "SANDSTORM", value = "1"),
|
||||
# Export SANDSTORM=1 into the environment, so that apps running within Sandstorm
|
||||
# can detect if $SANDSTORM="1" at runtime, switching UI and/or backend to use
|
||||
# the app's Sandstorm-specific integration code.
|
||||
]
|
||||
);
|
89
.sandstorm/service-config/mime.types
Normal file
89
.sandstorm/service-config/mime.types
Normal file
@ -0,0 +1,89 @@
|
||||
|
||||
types {
|
||||
text/html html htm shtml;
|
||||
text/css css;
|
||||
text/xml xml;
|
||||
image/gif gif;
|
||||
image/jpeg jpeg jpg;
|
||||
application/javascript js;
|
||||
application/atom+xml atom;
|
||||
application/rss+xml rss;
|
||||
|
||||
text/mathml mml;
|
||||
text/plain txt;
|
||||
text/vnd.sun.j2me.app-descriptor jad;
|
||||
text/vnd.wap.wml wml;
|
||||
text/x-component htc;
|
||||
|
||||
image/png png;
|
||||
image/tiff tif tiff;
|
||||
image/vnd.wap.wbmp wbmp;
|
||||
image/x-icon ico;
|
||||
image/x-jng jng;
|
||||
image/x-ms-bmp bmp;
|
||||
image/svg+xml svg svgz;
|
||||
image/webp webp;
|
||||
|
||||
application/font-woff woff;
|
||||
application/java-archive jar war ear;
|
||||
application/json json;
|
||||
application/mac-binhex40 hqx;
|
||||
application/msword doc;
|
||||
application/pdf pdf;
|
||||
application/postscript ps eps ai;
|
||||
application/rtf rtf;
|
||||
application/vnd.apple.mpegurl m3u8;
|
||||
application/vnd.ms-excel xls;
|
||||
application/vnd.ms-fontobject eot;
|
||||
application/vnd.ms-powerpoint ppt;
|
||||
application/vnd.wap.wmlc wmlc;
|
||||
application/vnd.google-earth.kml+xml kml;
|
||||
application/vnd.google-earth.kmz kmz;
|
||||
application/x-7z-compressed 7z;
|
||||
application/x-cocoa cco;
|
||||
application/x-java-archive-diff jardiff;
|
||||
application/x-java-jnlp-file jnlp;
|
||||
application/x-makeself run;
|
||||
application/x-perl pl pm;
|
||||
application/x-pilot prc pdb;
|
||||
application/x-rar-compressed rar;
|
||||
application/x-redhat-package-manager rpm;
|
||||
application/x-sea sea;
|
||||
application/x-shockwave-flash swf;
|
||||
application/x-stuffit sit;
|
||||
application/x-tcl tcl tk;
|
||||
application/x-x509-ca-cert der pem crt;
|
||||
application/x-xpinstall xpi;
|
||||
application/xhtml+xml xhtml;
|
||||
application/xspf+xml xspf;
|
||||
application/zip zip;
|
||||
|
||||
application/octet-stream bin exe dll;
|
||||
application/octet-stream deb;
|
||||
application/octet-stream dmg;
|
||||
application/octet-stream iso img;
|
||||
application/octet-stream msi msp msm;
|
||||
|
||||
application/vnd.openxmlformats-officedocument.wordprocessingml.document docx;
|
||||
application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx;
|
||||
application/vnd.openxmlformats-officedocument.presentationml.presentation pptx;
|
||||
|
||||
audio/midi mid midi kar;
|
||||
audio/mpeg mp3;
|
||||
audio/ogg ogg;
|
||||
audio/x-m4a m4a;
|
||||
audio/x-realaudio ra;
|
||||
|
||||
video/3gpp 3gpp 3gp;
|
||||
video/mp2t ts;
|
||||
video/mp4 mp4;
|
||||
video/mpeg mpeg mpg;
|
||||
video/quicktime mov;
|
||||
video/webm webm;
|
||||
video/x-flv flv;
|
||||
video/x-m4v m4v;
|
||||
video/x-mng mng;
|
||||
video/x-ms-asf asx asf;
|
||||
video/x-ms-wmv wmv;
|
||||
video/x-msvideo avi;
|
||||
}
|
87
.sandstorm/service-config/nginx.conf
Normal file
87
.sandstorm/service-config/nginx.conf
Normal file
@ -0,0 +1,87 @@
|
||||
worker_processes 4;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
events {
|
||||
worker_connections 768;
|
||||
# multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
# Basic Settings
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 2048;
|
||||
# server_names_hash_bucket_size 64;
|
||||
server_tokens off;
|
||||
server_name_in_redirect off;
|
||||
|
||||
include mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
# Logging
|
||||
access_log off;
|
||||
error_log stderr;
|
||||
|
||||
# Prevent nginx from adding compression; this interacts badly with Sandstorm
|
||||
# WebSession due to https://github.com/sandstorm-io/sandstorm/issues/289
|
||||
gzip off;
|
||||
|
||||
# Trust the sandstorm-http-bridge's X-Forwarded-Proto.
|
||||
map $http_x_forwarded_proto $fe_https {
|
||||
default "";
|
||||
https on;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 8000 default_server;
|
||||
listen [::]:8000 default_server ipv6only=on;
|
||||
|
||||
# Allow arbitrarily large bodies - Sandstorm can handle them, and requests
|
||||
# are authenticated already, so there's no reason for apps to add additional
|
||||
# limits by default.
|
||||
client_max_body_size 0;
|
||||
|
||||
server_name localhost;
|
||||
root /opt/app/public;
|
||||
location / {
|
||||
index index.php;
|
||||
try_files $uri $uri/ /index.php?$query_string;
|
||||
autoindex on;
|
||||
sendfile off;
|
||||
}
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
fastcgi_pass unix:/var/run/php7.0-fpm.sock;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
|
||||
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
|
||||
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
|
||||
fastcgi_param REQUEST_URI $request_uri;
|
||||
fastcgi_param DOCUMENT_URI $document_uri;
|
||||
fastcgi_param DOCUMENT_ROOT $document_root;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param HTTPS $fe_https if_not_empty;
|
||||
|
||||
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
|
||||
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
|
||||
|
||||
fastcgi_param REMOTE_ADDR $remote_addr;
|
||||
fastcgi_param REMOTE_PORT $remote_port;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
# PHP only, required if PHP was built with --enable-force-cgi-redirect
|
||||
#fastcgi_param REDIRECT_STATUS 200;
|
||||
}
|
||||
}
|
||||
}
|
61
.sandstorm/setup.sh
Executable file
61
.sandstorm/setup.sh
Executable file
@ -0,0 +1,61 @@
|
||||
#!/bin/bash
|
||||
|
||||
# When you change this file, you must take manual action. Read this doc:
|
||||
# - https://docs.sandstorm.io/en/latest/vagrant-spk/customizing/#setupsh
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
|
||||
# install packages so we can install apt-add-repository.
|
||||
apt-get update
|
||||
apt-get install -y python-software-properties software-properties-common
|
||||
|
||||
# actually add repository
|
||||
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys E9C74FEEA2098A6E
|
||||
add-apt-repository "deb http://packages.dotdeb.org jessie all"
|
||||
|
||||
# install packages.
|
||||
apt-get update
|
||||
apt-get install -y nginx php7.0-fpm php7.0-mysql php7.0-cli php7.0-curl git php7.0-dev php7.0-intl php7.0-dom php7.0-mbstring php7.0-bcmath mysql-server
|
||||
service nginx stop
|
||||
service php7.0-fpm stop
|
||||
service mysql stop
|
||||
systemctl disable nginx
|
||||
systemctl disable php7.0-fpm
|
||||
systemctl disable mysql
|
||||
# patch /etc/php/7.0/fpm/pool.d/www.conf to not change uid/gid to www-data
|
||||
sed --in-place='' \
|
||||
--expression='s/^listen.owner = www-data/;listen.owner = www-data/' \
|
||||
--expression='s/^listen.group = www-data/;listen.group = www-data/' \
|
||||
/etc/php/7.0/fpm/pool.d/www.conf
|
||||
# patch /etc/php/7.0/fpm/php-fpm.conf to not have a pidfile
|
||||
sed --in-place='' \
|
||||
--expression='s/^pid =/;pid =/' \
|
||||
/etc/php/7.0/fpm/php-fpm.conf
|
||||
|
||||
# move sock file to better dir:
|
||||
sed --in-place='' \
|
||||
--expression='s/^listen = \/run\/php\/php7.0-fpm.sock/listen = \/var\/run\/php7.0-fpm.sock/' \
|
||||
/etc/php/7.0/fpm/pool.d/www.conf
|
||||
|
||||
# patch /etc/php/7.0/fpm/pool.d/www.conf to no clear environment variables
|
||||
# so we can pass in SANDSTORM=1 to apps
|
||||
sed --in-place='' \
|
||||
--expression='s/^;clear_env = no/clear_env=no/' \
|
||||
/etc/php/7.0/fpm/pool.d/www.conf
|
||||
# patch mysql conf to not change uid, and to use /var/tmp over /tmp
|
||||
# for secure-file-priv see https://github.com/sandstorm-io/vagrant-spk/issues/195
|
||||
sed --in-place='' \
|
||||
--expression='s/^user\t\t= mysql/#user\t\t= mysql/' \
|
||||
--expression='s,^tmpdir\t\t= /tmp,tmpdir\t\t= /var/tmp,' \
|
||||
--expression='/\[mysqld]/ a\ secure-file-priv = ""\' \
|
||||
/etc/mysql/my.cnf
|
||||
# patch mysql conf to use smaller transaction logs to save disk space
|
||||
cat <<EOF > /etc/mysql/conf.d/sandstorm.cnf
|
||||
[mysqld]
|
||||
# Set the transaction log file to the minimum allowed size to save disk space.
|
||||
# innodb_log_file_size = 1048576
|
||||
# Set the main data file to grow by 1MB at a time, rather than 8MB at a time.
|
||||
innodb_autoextend_increment = 1
|
||||
EOF
|
1
.sandstorm/stack
Normal file
1
.sandstorm/stack
Normal file
@ -0,0 +1 @@
|
||||
lemp
|
BIN
public/images/logo/firefly-iii-128.png
Normal file
BIN
public/images/logo/firefly-iii-128.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 14 KiB |
BIN
public/images/logo/firefly-iii-150.png
Normal file
BIN
public/images/logo/firefly-iii-150.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 15 KiB |
BIN
public/images/logo/firefly-iii-24.png
Normal file
BIN
public/images/logo/firefly-iii-24.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 2.5 KiB |
BIN
public/images/logo/firefly-iii-48.png
Normal file
BIN
public/images/logo/firefly-iii-48.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 4.7 KiB |
Loading…
Reference in New Issue
Block a user