-
-
Notifications
You must be signed in to change notification settings - Fork 3
/
install-weblate
executable file
·221 lines (199 loc) · 7.55 KB
/
install-weblate
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
#!/bin/sh
set -e
# shellcheck disable=SC1091
. /etc/weblate-bootstrap
cd /tmp
# Install deps
apt-get update
apt-get install --no-install-recommends -y\
build-essential \
certbot \
curl \
cython3 \
fail2ban python3-pyinotify python3-systemd \
g++ \
gcc \
gettext \
gir1.2-pango-1.0 \
gir1.2-rsvg-2.0 \
git \
git-svn \
git-lfs \
gnupg \
libcairo2-dev \
libenchant-2-2 \
libfreetype6-dev \
libgirepository1.0-dev \
libjpeg-dev \
libldap2-dev \
libleptonica-dev \
libsasl2-dev \
libssl-dev \
libtesseract-dev \
libxml2-dev \
libxmlsec1-dev \
libxslt1-dev \
libyaml-dev \
libacl1-dev \
zlib1g-dev \
liblz4-dev \
libzstd-dev \
libxxhash-dev \
nginx \
openssh-client \
pkg-config \
postgresql-client \
python3-certbot-nginx \
python3-dev \
python3-gdbm \
python3-pip \
python3-virtualenv \
redis-server \
rsync \
subversion \
tesseract-ocr \
virtualenv \
uwsgi \
uwsgi-plugin-python3
# Install ruby deps for licesee
apt-get install -y \
ruby bundler cmake pkg-config git libssl-dev ruby-dev
# Add user
adduser weblate --disabled-password --gecos Weblate
usermod --append --groups adm weblate
WEBLATE_HOME=~weblate
# Install Weblate and deps
sudo -u weblate virtualenv --python=python3 "$WEBLATE_HOME/weblate-env"
sudo -u weblate "$WEBLATE_HOME/weblate-env/bin/pip" install "Weblate[all,zxcvbn]$WEBLATE_VERSION" wllegal
PYVER=$(python3 -c 'import sys; print("{}.{}".format(*sys.version_info[:2]))')
SETTINGS_PY="$WEBLATE_HOME/weblate-env/lib/python$PYVER/site-packages/weblate/settings.py"
# Configure Weblate
sudo -u weblate cp "$WEBLATE_HOME/weblate-env/lib/python$PYVER/site-packages/weblate/settings_example.py" "$SETTINGS_PY"
# shellcheck disable=SC1004
sed -i \
-e "s#^DATA_DIR.*#DATA_DIR = \"$WEBLATE_HOME/data\"#" \
-e 's#^ENABLE_HTTPS.*#ENABLE_HTTPS = True#' \
-e 's#^SERVER_EMAIL.*#SERVER_EMAIL = "[email protected]"#' \
-e 's#^DEFAULT_FROM_EMAIL.*#DEFAULT_FROM_EMAIL = "[email protected]"#' \
-e "s#^SECRET_KEY.*#SECRET_KEY = '$WEBLATE_SECRET'#" \
-e "s#^SITE_TITLE.*#SITE_TITLE = '$WEBLATE_TITLE'#" \
-e "s#^SITE_DOMAIN.*#SITE_DOMAIN = '$WEBLATE_DOMAIN'#" \
-e "s#^SENTRY_DSN.*#SENTRY_DSN = '$WEBLATE_SENTRY'#" \
-e "s#^SENTRY_ENVIRONMENT.*#SENTRY_ENVIRONMENT = SITE_DOMAIN#" \
-e "/HiredisParser/ D" \
-e "/SENTRY_DSN/ a \
SENTRY_TOKEN = '$WEBLATE_SENTRY_TOKEN'" \
-e "s#^ \"PASSWORD\":.*# \"PASSWORD\": '$POSTGRES_PASS',#" \
-e "s#.*[email protected].*# ('Michal Čihař', '[email protected]'),#" \
-e '/social_core.pipeline.social_auth.load_extra_data/ a \
"weblate.legal.pipeline.tos_confirm",' \
-e '/weblate.middleware.SecurityMiddleware/ a \
"weblate.legal.middleware.RequireTOSMiddleware",' \
-e '/weblate.gitexport/ a \
"wllegal",' \
-e '/weblate.gitexport/ a \
"weblate.legal",' \
-e 's#^MT_APERTIUM_APY.*#MT_APERTIUM_APY = "http://172.16.0.9:2737/"#' \
-e 's/^# MT_SERVICES/MT_SERVICES/' \
-e 's/^# "weblate.machinery.apertium./ "weblate.machinery.apertium./' \
-e 's/^# "weblate.machinery.weblatetm./ "weblate.machinery.weblatetm./' \
-e 's/^# "weblate.memory.machine/ "weblate.memory.machine/' \
-e 's/^DEBUG =.*/DEBUG = False/' \
-e 's/"admin.E408"/"admin.E408", "weblate.E012", "weblate.E013"/' \
-e 's/^REGISTRATION_OPEN =.*/REGISTRATION_OPEN = False/' \
-e 's/^REQUIRE_LOGIN =.*/REQUIRE_LOGIN = True/' \
-e 's/^COMPRESS_OFFLINE =.*/COMPRESS_OFFLINE = True/' \
-e 's/# "weblate.machinery.apertium.ApertiumAPYTranslation",/"weblate.machinery.apertium.ApertiumAPYTranslation",/' \
"$SETTINGS_PY"
cat <<EOT >> "$SETTINGS_PY"
# Hosted customization
ADMINS_CONTACT = ['[email protected]']
DEFAULT_COMMITER_EMAIL = '[email protected]'
DEFAULT_COMMITER_NAME = 'Hosted Weblate'
STATUS_URL = "https://status.weblate.org/"
GET_HELP_URL = "https://care.weblate.org/"
CONTACT_FORM = "from"
EOT
# Fill the database
sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate migrate
if [ -n "$WEBLATE_PASSWORD" ] ; then
sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate createadmin --username nijel --email [email protected] --name 'Michal Čihař' --password "$WEBLATE_PASSWORD"
else
sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate createadmin --username nijel --email [email protected] --name 'Michal Čihař'
fi
sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate collectstatic --noinput
sudo -u weblate $WEBLATE_HOME/weblate-env/bin/weblate compress --force
# Track deploy at Sentry
if ! grep -q "SENTRY_TOKEN = ''" "$SETTINGS_PY" ; then
sudo -u weblate "$WEBLATE_HOME/weblate-env/bin/weblate" sentry_deploy
fi
# Celery and uwsgi
cd "$WEBLATE_HOME/weblate-env/lib/python$PYVER/site-packages/weblate/examples/"
cp celery-weblate.logrotate /etc/logrotate.d/
cp celery-weblate.service /etc/systemd/system/
cp celery-weblate.conf /etc/default/celery-weblate
cp weblate.uwsgi.ini /etc/uwsgi/apps-available/weblate.ini
systemctl daemon-reload
systemctl enable celery-weblate.service
systemctl start celery-weblate.service
ln -s ../apps-available/weblate.ini /etc/uwsgi/apps-enabled/
systemctl restart uwsgi.service
# SSL cert
if [ "$1" != "--nocert" ] ; then
certbot --agree-tos --email [email protected] --redirect --no-eff-email -d "$WEBLATE_DOMAIN"
fi
# Enable http/2
sed -i -e 's/ssl;/ssl http2;/' -e 's/ssl ipv6only=on/ssl ipv6only=on http2/' /etc/nginx/sites-available/default
# Enable status locally
sed -i '/server_name _/a location = /nginx_status {\n stub_status;\n}' /etc/nginx/sites-available/default
# Enable compression for js/css
sed -i 's/^\t# gzip/\tgzip/' /etc/nginx/nginx.conf
# Hide server version
sed -i 's/# server_tokens off/server_tokens off/' /etc/nginx/nginx.conf
# Weblate nginx snippet
cat > /etc/nginx/snippets/weblate.conf <<EOT
location /static/ {
# DATA_DIR/static/
alias $WEBLATE_HOME/data/static/;
expires 30d;
}
location /media/ {
# DATA_DIR/media/
alias $WEBLATE_HOME/data/media/;
expires 30d;
}
location / {
include uwsgi_params;
# Needed for long running operations in admin interface
uwsgi_read_timeout 3600;
# Adjust based to uwsgi configuration:
uwsgi_pass unix:///run/uwsgi/app/weblate/socket;
# uwsgi_pass 127.0.0.1:8080;
}
client_max_body_size 20m;
error_page 500 502 504 /weblate_50x.html;
error_page 503 /weblate_503.html;
location = /weblate_503.html {
root $WEBLATE_HOME/weblate-env/lib/python$PYVER/site-packages/wllegal/templates;
internal;
}
location = /weblate_50x.html {
root $WEBLATE_HOME/weblate-env/lib/python$PYVER/site-packages/wllegal/templates;
internal;
}
access_log /var/log/nginx/access.log;
EOT
# Insert include after first server_name stanza
sed -i "0,/server_name $WEBLATE_DOMAIN.*/s//&\\ninclude snippets\/weblate.conf;/" /etc/nginx/sites-available/default
# Delete default location, replaced by snippet
sed -i ':a;N;$!ba;s/\(snippets\/weblate.conf;\)[^}]*}/\1/g' /etc/nginx/sites-available/default
systemctl enable nginx.service
systemctl restart nginx.service
# Licensee
apt install -y ruby-licensee
# Fail2ban
sudo -u weblate git clone https://github.com/WeblateOrg/fail2ban.git $WEBLATE_HOME/fail2ban
ln -s $WEBLATE_HOME/fail2ban/filter.d/* /etc/fail2ban/filter.d/
ln -s $WEBLATE_HOME/fail2ban/jail.d/* /etc/fail2ban/jail.d/
ln -s $WEBLATE_HOME/fail2ban/action.d/* /etc/fail2ban/action.d/
systemctl restart fail2ban.service