Initial commit

b9dec1e7 · Julian · b9dec1e7 · b9dec1e7 · b9dec1e7 · b9dec1e7
Commit b9dec1e7 authored 3 years ago by Julian
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+include:
+  - project: 'infra/packages/ci-utils'
+    ref: main
+    file: 'shared-ci.yml'
+  - local: 'gitlabci-version.yml'
+#  - project: 'infra/packages/ci-utils'
+#    ref: main
+#    file: 'debian-binary.yml'
+variables:
+  PACKAGE_NAME: rocketchat
+  UPSTREAM_GITHUB_PATH: RocketChat/Rocket.Chat
+autoupdate:
+  extends: .autoupdate:github:release-tags
+.build:binary:
+  extends: .build
+  image: registry.git.cccv.de/infra/packages/docker-images/meteor
+  script:
+  - wget -q "https://cdn-download.rocket.chat/build/rocket.chat-${UPSTREAM_VERSION}.tgz" -O rocketchat.tar.gz
+  - mkdir build
+  - tar -C build -xzf rocketchat.tar.gz
+  - cd build/bundle/programs/server && npm install && cd ../../../..
+  artifacts:
+    paths:
+    - build
+build:binary:bullseye:
+  extends: .build:binary
+package:apt:bullseye:
+  extends: .package:apt
+  dependencies:
+  - build:binary:bullseye
+  needs:
+  - build:binary:bullseye
+publish:apt:bullseye:
+  extends: .publish:apt
+  variables:
+    APTLY_DISTRO: bullseye
+  dependencies:
+  - package:apt:bullseye
+  needs:
+  - package:apt:bullseye
--- a/debian/control
+++ b/debian/control
+Source: rocketchat
+Section: javascript
+Priority: optional
+Maintainer: CCCV <it@cccv.de>
+Build-Depends:
+ debhelper-compat (= 12),
+Standards-Version: 4.5.0
+Homepage: https://git.cccv.de/infra/packages/rocketchat
+Vcs-Git: https://git.cccv.de/infra/packages/rocketchat.git
+Package: rocketchat
+Architecture: amd64
+Depends:
+  systemd,
+  nodejs (>= 12.0.0),
+Description: RocketChat Server
--- a/debian/install
+++ b/debian/install
+build/bundle /usr/share/rocketchat
+rocketchat.service /lib/systemd/system/
+rocketchat.conf /etc/
--- a/debian/postinst
+++ b/debian/postinst
+#!/bin/sh
+set -e
+case "$1" in
+	configure)
+		chmod 0640 /etc/rocketchat.conf
+		systemctl daemon-reload
+		systemctl enable rocketchat
+		systemctl restart rocketchat
+	;;
+	abort-upgrade|abort-remove|abort-deconfigure)
+	;;
+	*)
+		echo "postinst called with unknown argument \`$1'" >&2
+		exit 1
+	;;
+esac
+#DEBHELPER#
+exit 0
--- a/debian/rules
+++ b/debian/rules
+#!/usr/bin/make -f
+%:
+	dh $@
+# Some of the bundled npm packages contain shared objects for many different
+# architectures. This causes some helpers to fail.
+override_dh_strip_nondeterminism:
+override_dh_dwz:
+override_dh_strip:
+override_dh_makeshlibs:
+override_dh_shlibdeps:
+	true
--- a/gitlabci-version.yml
+++ b/gitlabci-version.yml
+variables:
+  UPSTREAM_VERSION: 4.2.0
--- a/rocketchat-follower@.service
+++ b/rocketchat-follower@.service
+[Unit]
+Description=RocketChat Server (follower, depending on main service)
+After=network.target
+Wants=network-online.target
+Wants=systemd-networkd-wait-online.service
+[Service]
+ExecStart=/usr/bin/node /usr/share/rocketchat/bundle/main.js
+Restart=on-failure
+RestartSec=10
+ExecReload=/bin/kill -USR1 $MAINPID
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=rocketchat
+EnvironmentFile=/etc/rocketchat.conf
+Environment=NODE_ENV=production
+Environment=DISABLE_PRESENCE_MONITOR=YES
+Environment=PORT=%I
+DynamicUser=true
+PrivateUsers=true
+CapabilityBoundingSet=
+NoNewPrivileges=true
+RemoveIPC=true
+LockPersonality=true
+ProtectControlGroups=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectClock=true
+ProtectHostname=true
+ProtectProc=noaccess
+RestrictRealtime=true
+RestrictSUIDSGID=true
+RestrictNamespaces=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+[Install]
+WantedBy=multi-user.target
--- a/rocketchat.conf
+++ b/rocketchat.conf
+BIND_IP=127.0.0.1
+# Overwritten with PORT for rocketchat-follower@<PORT>
+PORT=3000
+ROOT_URL=http://localhost
+MONGO_URL="mongodb://localhost:27017/rocketchat?replicaSet=rs01"
+MONGO_OPLOG_URL="mongodb://localhost:27017/local?replicaSet=rs01"
+# Overwritten with YES for rocketchat-follower@
+DISABLE_PRESENCE_MONITOR=NO
--- a/rocketchat.service
+++ b/rocketchat.service
+[Unit]
+Description=Web-based chat platform
+After=network.target
+Wants=network-online.target
+Wants=systemd-networkd-wait-online.service
+[Service]
+ExecStart=/usr/bin/node /usr/share/rocketchat/bundle/main.js
+Restart=on-failure
+RestartSec=10
+ExecReload=/bin/kill -USR1 $MAINPID
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=rocketchat
+EnvironmentFile=/etc/rocketchat.conf
+Environment=NODE_ENV=production
+DynamicUser=true
+PrivateUsers=true
+CapabilityBoundingSet=
+NoNewPrivileges=true
+RemoveIPC=true
+LockPersonality=true
+ProtectControlGroups=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectKernelLogs=true
+ProtectClock=true
+ProtectHostname=true
+ProtectProc=noaccess
+RestrictRealtime=true
+RestrictSUIDSGID=true
+RestrictNamespaces=true
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+ProtectSystem=strict
+ProtectHome=true
+PrivateTmp=true
+PrivateDevices=true
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+[Install]
+WantedBy=multi-user.target