pin addl. pypi packages

Merge branch 'pr-apt-purge-fix'
fix: apt purge leaving pycache & warning systemd folder not empty
2026-04-21 14:37:35 -04:00 · 2026-04-16 11:58:56 -04:00 · 2026-04-16 11:57:25 -04:00 · 2026-04-14 12:14:13 -04:00 · 2026-04-14 12:09:54 -04:00 · 2026-04-09 02:01:06 -04:00
15 changed files with 185 additions and 2 deletions
@@ -1,3 +1,3 @@
 NAVIDROME_MUSIC_FOLDER="/opt/navidrome/music"
-BIND_ADDRESS="192.168.2.24"
+BIND_ADDRESS="0.0.0.0"
 BIND_PORT="5001"
@@ -3,3 +3,5 @@ setup.sh
 navidrome-upload.service
 .idea/
 .env
+/README.md
+__pycache__/
@@ -0,0 +1,47 @@
+[Unit]
+Description=Navidrome Music Uploader Service
+After=network.target,navidrome.service
+
+[Service]
+Type=simple
+User=navidrome-uploader
+Group=navidrome-uploader
+WorkingDirectory=/opt/navidrome-uploader
+Environment="PATH=/opt/navidrome-uploader/venv/bin"
+EnvironmentFile=/etc/default/navidrome-uploader/.env
+ExecStart=/opt/navidrome-uploader/venv/bin/gunicorn --no-control-socket -c gunicorn.conf.py main:app
+Restart=on-failure
+RestartSec=30
+
+NoNewPrivileges=yes
+CapabilityBoundingSet=
+AmbientCapabilities=
+
+ProtectSystem=strict
+ProtectHome=yes
+PrivateTmp=yes
+ReadWritePaths=/opt/navidrome-uploader /opt/navidrome/music
+InaccessiblePaths=/boot /mnt /media
+
+PrivateDevices=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectControlGroups=yes
+ProtectClock=yes
+ProtectHostname=yes
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+LockPersonality=yes
+
+SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
+
+PrivateNetwork=no
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+UMask=0027
+
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,18 @@
+navidrome-uploader (0.1.0-2) unstable; urgency=high
+
+  * Run pip install stage as navidrome-uploader user instead of root
+
+ -- Arian Nasr <arian@2ari.ca>  Tue, 14 Apr 2026 12:11:00 -0400
+
+navidrome-uploader (0.1.0-1) unstable; urgency=medium
+
+  * Disable gunicorn control socket in systemd service unit
+
+ -- Arian Nasr <arian@2ari.ca>  Thu, 09 Apr 2026 01:58:00 -0400
+
+navidrome-uploader (0.1.0) unstable; urgency=medium
+
+  * Add Debian packaging with systemd service integration and venv setup.
+
+ -- Arian Nasr <arian@2ari.ca>  Tue, 07 Apr 2026 12:00:00 +0000
+
@@ -0,0 +1,12 @@
+Source: navidrome-uploader
+Section: web
+Priority: optional
+Maintainer: Arian Nasr <arian@2ari.ca>
+Build-Depends: debhelper-compat (= 13)
+Standards-Version: 4.7.0
+Rules-Requires-Root: no
+
+Package: navidrome-uploader
+Architecture: all
+Depends: ${misc:Depends}, adduser, python3, python3-venv
+Description: Navidrome Web Upload Utility
@@ -0,0 +1,7 @@
+opt/navidrome-uploader
+opt/navidrome-uploader/templates
+opt/navidrome-uploader/static
+opt/navidrome-uploader/static/css
+opt/navidrome-uploader/static/js
+etc/default/navidrome-uploader
+
@@ -0,0 +1,9 @@
+main.py opt/navidrome-uploader/
+gunicorn.conf.py opt/navidrome-uploader/
+requirements.txt opt/navidrome-uploader/
+.env.example opt/navidrome-uploader/
+templates/* opt/navidrome-uploader/templates/
+static/css/* opt/navidrome-uploader/static/css/
+static/js/* opt/navidrome-uploader/static/js/
+contrib/navidrome-uploader.service lib/systemd/system/navidrome-uploader.service
+
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -e
+
+APP_DIR="/opt/navidrome-uploader"
+VENV_DIR="${APP_DIR}/venv"
+APP_USER="navidrome-uploader"
+
+case "$1" in
+  configure)
+    chown -R "$APP_USER:$APP_USER" "$APP_DIR"
+
+    runuser -u "$APP_USER" -- python3 -m venv "$VENV_DIR"
+    runuser -u "$APP_USER" -- "$VENV_DIR/bin/pip" install --no-cache-dir --upgrade pip
+    runuser -u "$APP_USER" -- "$VENV_DIR/bin/pip" install --no-cache-dir -r "$APP_DIR/requirements.txt"
+
+    if command -v systemctl >/dev/null 2>&1; then
+      systemctl daemon-reload || true
+      systemctl enable navidrome-uploader.service || true
+      systemctl restart navidrome-uploader.service || true
+    fi
+    ;;
+esac
+
+exit 0
+
+
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+if command -v systemctl > /dev/null 2>&1; then
+    systemctl daemon-reload || true
+fi
+
+if [ "$1" = "purge" ]; then
+    rm -rf /etc/default/navidrome-uploader
+    rm -rf /opt/navidrome-uploader/venv
+    rm -rf /opt/navidrome-uploader/__pycache__
+fi
+
+exit 0
+
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+
+if ! getent passwd navidrome-uploader > /dev/null 2>&1; then
+    printf "Creating navidrome-uploader user\n"
+    useradd --system --shell /usr/sbin/nologin --user-group navidrome-uploader
+fi
+
+exit 0
+
@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+    remove|deconfigure)
+        if command -v systemctl > /dev/null 2>&1; then
+            systemctl stop navidrome-uploader.service || true
+            systemctl disable navidrome-uploader.service || true
+        fi
+        ;;
+esac
+
+exit 0
+
@@ -0,0 +1,10 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@
+
+override_dh_install:
+	dh_install
+	install -d debian/navidrome-uploader/etc/default/navidrome-uploader
+	install -m 0640 .env.example debian/navidrome-uploader/etc/default/navidrome-uploader/.env
+
@@ -0,0 +1,2 @@
+3.0 (native)
+
@@ -0,0 +1,9 @@
+#!/bin/sh
+set -eu
+
+SCRIPT_DIR="$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)"
+PROJECT_ROOT="$(CDPATH= cd -- "${SCRIPT_DIR}/.." && pwd)"
+
+cd "${PROJECT_ROOT}"
+dpkg-buildpackage -us -uc -b
+
@@ -5,4 +5,6 @@ itsdangerous==2.2.0
 Jinja2==3.1.6
 MarkupSafe==3.0.3
 Werkzeug==3.1.8
-gunicorn==25.3.0
+gunicorn==25.3.0
+pip==26.0.1
+packaging==26.1
Author	SHA1	Message	Date
arian	1d3ae30cc9	pin addl. pypi packages	2026-04-21 14:37:35 -04:00
arian	8b30c88a6a	Merge branch 'pr-apt-purge-fix'	2026-04-16 11:58:56 -04:00
arian	0fc4717a05	fix: apt purge leaving pycache & warning systemd folder not empty	2026-04-16 11:57:25 -04:00
arian	2e68ad7323	v0.1.0-2 changelog	2026-04-14 12:14:13 -04:00
arian	792465dab2	run deb package pip install stage as navidrome-uploader user instead of root	2026-04-14 12:09:54 -04:00
arian	7f06ffe6d7	disable gunicorn control socket in service & patch notes	2026-04-09 02:01:06 -04:00
arian	9dc6aa8d04	tidying	2026-04-08 23:29:05 -04:00
arian	163a642f5a	Merge branch 'deb-packaging'	2026-04-08 23:21:57 -04:00
arian	2cc5945e1d	Merge branch 'deb-packaging-test' into deb-packaging	2026-04-08 23:20:16 -04:00
arian	8adbb87fc3	add navidrome music dir to service readwritepaths	2026-04-08 23:06:38 -04:00
arian	399544dc50	remove unused dependency	2026-04-08 05:51:54 -04:00
arian	822c3941fd	remove README.md	2026-04-07 03:22:25 -04:00
arian	210fb30059	test framework for deb building	2026-04-07 03:20:40 -04:00
arian	ebe75427af	change default .env bind address	2026-04-07 02:49:01 -04:00
arian	d0fe37033c	deb build framework	2026-04-07 02:43:39 -04:00
arian	8cdacba0d6	Merge remote-tracking branch 'origin/deb-packaging' into deb-packaging	2026-04-05 17:26:48 -04:00
arian	597a02a5ed	add preinstall script for deb package	2026-04-05 17:24:30 -04:00
arian	290730f413	Merge branch 'pr-systemd-service'	2026-04-05 17:22:40 -04:00
arian	5e553f9363	fix service readwrite path	2026-04-05 17:21:41 -04:00
arian	a4e896158d	add preinstall script for deb package	2026-04-05 17:19:31 -04:00
arian	e68d675f4b	Merge branch 'pr-systemd-service'	2026-04-05 17:07:24 -04:00
arian	f9ca5f299f	add systemd service file	2026-04-05 17:04:14 -04:00
arian	4b9728e814	Merge branch 'gunicorn-migration'	2026-04-04 16:33:46 -04:00