Differences between revisions 27 and 41 (spanning 14 versions)
Revision 27 as of 2021-10-14 22:44:42
Size: 3743
Editor: Praveen A
Comment:
Revision 41 as of 2021-10-19 16:23:17
Size: 6221
Editor: Praveen A
Comment: recaptcha is currently disabled
Deletions are marked like this. Additions are marked like this.
Line 12: Line 12:
You will need a [[DebianUnstable]] machine with experimental repo enabled in sources.list. If you have to used Experimental before, see [[DebianExperimental]]
Line 13: Line 15:
{{{
$ sudo apt install nginx # need to figure out a way to avoid this
}}}

Note: If you choose to enabled ssl during installation, you need to get the certificates before you start installation and add these to `/etc/pupilfirst/ssl` as `<your fqdn>-bundle.pem` and `<your fqdn>.key`.

To generate ssl certificates with certbot run,
{{{
# apt install certbot
# certbot certonly --standalone -d <your fqdn> --agree-tos -m <your email> -n
}}}
This will generate the ssl certificates in `/etc/letsencrypt/live/<your fqdn>`. fullchain.pem and privkey.pem
from this directory should be copied to `/etc/pupilfirst/ssl` and renamed as indicated above.
Line 26: Line 41:
=== Further configurations ===
Line 38: Line 55:
 1. [[https://github.com/pupilfirst/pupilfirst/blob/master/example.env#L99 | Configure recaptcha keys]] - add these (or any other variable you like to set) to `/etc/pupilfirst/pupilfirst.env`  1. [[https://github.com/pupilfirst/pupilfirst/blob/master/example.env#L99 | Configure recaptcha keys]] - add these (or any other variable you like to set) to `/etc/pupilfirst/pupilfirst.env`. Recaptcha is currently disabled via a patch in `no-recaptcha` branch and this deb is served in the apt repo.
Line 40: Line 57:
== Current status ==
Upstream meta issue for tracking issues that need help from upstream - https://github.com/pupilfirst/pupilfirst/issues/797
=== Adding new users ===
Line 43: Line 59:
This needs a working mail server properly configured to send mails via sendmail command (or you can change `config.action_mailer.delivery_method` in `/usr/share/pupilfirst/config/environments/production.rb` to use postmark or another external smtp server). See https://github.com/diaspora/diaspora/blob/d4f92a8fae2bcc0eb716622cb471276d38e8e305/config/initializers/mailer_config.rb#L12 for example configuration.

Alternatively, you can add users using the admin login and then set passwords using rails console (same commands as setting admin password, juts replace admin email address with the users email address)

== Upstream issues ==

 * Upstream meta issue for tracking issues that need help from upstream - https://github.com/pupilfirst/pupilfirst/issues/797
 * Need help - make recaptcha optional https://github.com/pupilfirst/pupilfirst/issues/822
 * Need help - make postmark service optional https://github.com/pupilfirst/pupilfirst/issues/826

== Packaging status ==
=== Completed Tasks ===
Line 44: Line 72:
 1. Install rubygems dependencies (pull unpackaged gems from rubygems.org) - done  1. Install rubygems dependencies (pull only unpackaged gems from rubygems.org) - done
Line 52: Line 80:
 1. Configure nginx - done (todo: switch to unix socket)  1. Configure nginx - done
 1. Properly generate keys and remove hard coding - done (vapid keys and secret_key_base are now generated during installation)
 1. Setup debconf for choosing hostname - done (hostname is handled via debconf now)
 1. Remove hard coding of GEM_PATH (for other archs) - done

=== In progress or not started tasks ===
Line 54: Line 87:
 1. Properly generate keys and remove hard coding - in progress (vapid keys are now generated during installation, todo remove hardcoding of secret_key_base)
 1. Setup debconf for choosing hostname and https - in progress (hostname is handled via debconf now)
Line 57: Line 88:
 1. Switch nginx to use unix socket - not started
 1. Setup debconf for choosing https/lets encrypt - not started
 1. Figure out how to install nginx configuration before nginx is installed (currently nginx fails to start) - not started (this is possibly a scaleway specific issue as the default DNS entry is too big and nginx.conf needs an update to handle this)
 1. Install config directory in /etc - not started
 1. Allow choosing sendmail vs postmark via environment variables and send upstream pull request - not started (https://github.com/pupilfirst/pupilfirst/issues/826)

Pupilfirst (https://www.pupilfirst.com/) is a Free Software Learning Management system written in Ruby on Rails. Currently they only support deploying to heroku. This page will be used to keep track of packaging pupilfirst for Debian.

Experimental

You will need a DebianUnstable machine with experimental repo enabled in sources.list. If you have to used Experimental before, see DebianExperimental

Add personal repo of pupilfirst maintainer following https://people.debian.org/~praveen/pupilfirst/README

$ sudo apt install nginx # need to figure out a way to avoid this

Note: If you choose to enabled ssl during installation, you need to get the certificates before you start installation and add these to /etc/pupilfirst/ssl as <your fqdn>-bundle.pem and <your fqdn>.key.

To generate ssl certificates with certbot run,

# apt install certbot
# certbot certonly --standalone  -d <your fqdn> --agree-tos -m <your email> -n

This will generate the ssl certificates in /etc/letsencrypt/live/<your fqdn>. fullchain.pem and privkey.pem from this directory should be copied to /etc/pupilfirst/ssl and renamed as indicated above.

$ sudo apt install ruby-rails/experimental ruby-actioncable/experimental \
ruby-actionmailbox/experimental ruby-actionmailer/experimental \
ruby-actionpack/experimental ruby-actiontext/experimental \
ruby-actionview/experimental ruby-activejob/experimental ruby-activemodel/experimental \
ruby-activerecord/experimental ruby-activestorage/experimental \
ruby-activesupport/experimental ruby-railties/experimental \
ruby-tzinfo/experimental pupilfirst

Visit http://<your fqdn> on your browser to see the default page.

Further configurations

Start rails console,

$ set -a && . /etc/pupilfirst/pupilfirst.env && set +a
$ cd /usr/share/pupilfirst/
$ sudo -u pupilfirst -EH bundle exec rails console

If you don'tuse sudo, use su pupilfirst -s /bin/sh -c 'bundle exec rails console'

and follow upstream documentation to configure your instance

  1. Setup password for admin user

  2. Set a primary domain

  3. Configure recaptcha keys - add these (or any other variable you like to set) to /etc/pupilfirst/pupilfirst.env. Recaptcha is currently disabled via a patch in no-recaptcha branch and this deb is served in the apt repo.

Adding new users

This needs a working mail server properly configured to send mails via sendmail command (or you can change config.action_mailer.delivery_method in /usr/share/pupilfirst/config/environments/production.rb to use postmark or another external smtp server). See https://github.com/diaspora/diaspora/blob/d4f92a8fae2bcc0eb716622cb471276d38e8e305/config/initializers/mailer_config.rb#L12 for example configuration.

Alternatively, you can add users using the admin login and then set passwords using rails console (same commands as setting admin password, juts replace admin email address with the users email address)

Upstream issues

Packaging status

Completed Tasks

  1. Basic package template - done
  2. Install rubygems dependencies (pull only unpackaged gems from rubygems.org) - done
  3. Configure database - done (need to provide a working config/database.yml)
  4. Run database migrations - done
  5. Install node dependencies - done
  6. Precompile assets (includes webpacker) - done (needed to copy source tree to /var as symlinking some directories don't work)
  7. Start rails app - done (use local storage over amazon s3, create tmpfiles.d config for pids and sockets, need to disable https)
  8. Configure puma - done
  9. Configure systemd units - done
  10. Configure nginx - done
  11. Properly generate keys and remove hard coding - done (vapid keys and secret_key_base are now generated during installation)
  12. Setup debconf for choosing hostname - done (hostname is handled via debconf now)
  13. Remove hard coding of GEM_PATH (for other archs) - done

In progress or not started tasks

  1. Set admin password and add school - in progress (done manually, need upstream help to enable login via username/disable recaptcha)
  2. Use runuser instead of su in scripts - not started
  3. Switch nginx to use unix socket - not started
  4. Setup debconf for choosing https/lets encrypt - not started
  5. Figure out how to install nginx configuration before nginx is installed (currently nginx fails to start) - not started (this is possibly a scaleway specific issue as the default DNS entry is too big and nginx.conf needs an update to handle this)
  6. Install config directory in /etc - not started
  7. Allow choosing sendmail vs postmark via environment variables and send upstream pull request - not started (https://github.com/pupilfirst/pupilfirst/issues/826)

Testing the package

You can setup lxc, system nspawn or a virtual machine to install the package. Use /etc/hosts file of the host machine to map the container or virtual machine ip to a hostname and use this hostname for the pupilfirst service. You can visit the service using a browser on the host machine.