pin addl. pypi packages

Merge branch 'pr-apt-purge-fix'
fix: apt purge leaving pycache & warning systemd folder not empty
2026-04-21 14:37:35 -04:00 · 2026-04-16 11:58:56 -04:00 · 2026-04-16 11:57:25 -04:00 · 2026-04-14 12:14:13 -04:00 · 2026-04-14 12:09:54 -04:00 · 2026-04-09 02:01:06 -04:00
18 changed files with 210 additions and 10 deletions
@@ -0,0 +1,3 @@
+NAVIDROME_MUSIC_FOLDER="/opt/navidrome/music"
+BIND_ADDRESS="0.0.0.0"
+BIND_PORT="5001"
@@ -1,4 +1,7 @@
 venv/
 setup.sh
 navidrome-upload.service
-.idea/
+.idea/
+.env
+/README.md
+__pycache__/
@@ -0,0 +1,47 @@
+[Unit]
+Description=Navidrome Music Uploader Service
+After=network.target,navidrome.service
+
+[Service]
+Type=simple
+User=navidrome-uploader
+Group=navidrome-uploader
+WorkingDirectory=/opt/navidrome-uploader
+Environment="PATH=/opt/navidrome-uploader/venv/bin"
+EnvironmentFile=/etc/default/navidrome-uploader/.env
+ExecStart=/opt/navidrome-uploader/venv/bin/gunicorn --no-control-socket -c gunicorn.conf.py main:app
+Restart=on-failure
+RestartSec=30
+
+NoNewPrivileges=yes
+CapabilityBoundingSet=
+AmbientCapabilities=
+
+ProtectSystem=strict
+ProtectHome=yes
+PrivateTmp=yes
+ReadWritePaths=/opt/navidrome-uploader /opt/navidrome/music
+InaccessiblePaths=/boot /mnt /media
+
+PrivateDevices=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectControlGroups=yes
+ProtectClock=yes
+ProtectHostname=yes
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+LockPersonality=yes
+
+SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
+
+PrivateNetwork=no
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+UMask=0027
+
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,18 @@
+navidrome-uploader (0.1.0-2) unstable; urgency=high
+
+  * Run pip install stage as navidrome-uploader user instead of root
+
+ -- Arian Nasr <arian@2ari.ca>  Tue, 14 Apr 2026 12:11:00 -0400
+
+navidrome-uploader (0.1.0-1) unstable; urgency=medium
+
+  * Disable gunicorn control socket in systemd service unit
+
+ -- Arian Nasr <arian@2ari.ca>  Thu, 09 Apr 2026 01:58:00 -0400
+
+navidrome-uploader (0.1.0) unstable; urgency=medium
+
+  * Add Debian packaging with systemd service integration and venv setup.
+
+ -- Arian Nasr <arian@2ari.ca>  Tue, 07 Apr 2026 12:00:00 +0000
+
@@ -0,0 +1,12 @@
+Source: navidrome-uploader
+Section: web
+Priority: optional
+Maintainer: Arian Nasr <arian@2ari.ca>
+Build-Depends: debhelper-compat (= 13)
+Standards-Version: 4.7.0
+Rules-Requires-Root: no
+
+Package: navidrome-uploader
+Architecture: all
+Depends: ${misc:Depends}, adduser, python3, python3-venv
+Description: Navidrome Web Upload Utility
@@ -0,0 +1,7 @@
+opt/navidrome-uploader
+opt/navidrome-uploader/templates
+opt/navidrome-uploader/static
+opt/navidrome-uploader/static/css
+opt/navidrome-uploader/static/js
+etc/default/navidrome-uploader
+
@@ -0,0 +1,9 @@
+main.py opt/navidrome-uploader/
+gunicorn.conf.py opt/navidrome-uploader/
+requirements.txt opt/navidrome-uploader/
+.env.example opt/navidrome-uploader/
+templates/* opt/navidrome-uploader/templates/
+static/css/* opt/navidrome-uploader/static/css/
+static/js/* opt/navidrome-uploader/static/js/
+contrib/navidrome-uploader.service lib/systemd/system/navidrome-uploader.service
+
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -e
+
+APP_DIR="/opt/navidrome-uploader"
+VENV_DIR="${APP_DIR}/venv"
+APP_USER="navidrome-uploader"
+
+case "$1" in
+  configure)
+    chown -R "$APP_USER:$APP_USER" "$APP_DIR"
+
+    runuser -u "$APP_USER" -- python3 -m venv "$VENV_DIR"
+    runuser -u "$APP_USER" -- "$VENV_DIR/bin/pip" install --no-cache-dir --upgrade pip
+    runuser -u "$APP_USER" -- "$VENV_DIR/bin/pip" install --no-cache-dir -r "$APP_DIR/requirements.txt"
+
+    if command -v systemctl >/dev/null 2>&1; then
+      systemctl daemon-reload || true
+      systemctl enable navidrome-uploader.service || true
+      systemctl restart navidrome-uploader.service || true
+    fi
+    ;;
+esac
+
+exit 0
+
+
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+if command -v systemctl > /dev/null 2>&1; then
+    systemctl daemon-reload || true
+fi
+
+if [ "$1" = "purge" ]; then
+    rm -rf /etc/default/navidrome-uploader
+    rm -rf /opt/navidrome-uploader/venv
+    rm -rf /opt/navidrome-uploader/__pycache__
+fi
+
+exit 0
+
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+
+if ! getent passwd navidrome-uploader > /dev/null 2>&1; then
+    printf "Creating navidrome-uploader user\n"
+    useradd --system --shell /usr/sbin/nologin --user-group navidrome-uploader
+fi
+
+exit 0
+
@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+    remove|deconfigure)
+        if command -v systemctl > /dev/null 2>&1; then
+            systemctl stop navidrome-uploader.service || true
+            systemctl disable navidrome-uploader.service || true
+        fi
+        ;;
+esac
+
+exit 0
+
@@ -0,0 +1,10 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@
+
+override_dh_install:
+	dh_install
+	install -d debian/navidrome-uploader/etc/default/navidrome-uploader
+	install -m 0640 .env.example debian/navidrome-uploader/etc/default/navidrome-uploader/.env
+
@@ -0,0 +1,2 @@
+3.0 (native)
+
@@ -0,0 +1,16 @@
+# gunicorn.conf.py
+# Arian Nasr
+# April 4, 2026
+
+import os
+
+
+BIND_ADDRESS = os.environ.get('BIND_ADDRESS', '0.0.0.0')
+BIND_PORT = int(os.environ.get('BIND_PORT', 5001))
+
+bind = f"{BIND_ADDRESS}:{BIND_PORT}"
+workers = 2
+accesslog = "-" # Log to stdout
+errorlog = "-"  # Log to stderr
+
+# gunicorn -c gunicorn.conf.py main:app
@@ -6,7 +6,7 @@ import os
 from flask import Flask, request, render_template
 from werkzeug.utils import secure_filename

-UPLOAD_FOLDER = '/opt/navidrome/music'
+UPLOAD_FOLDER = os.environ.get('NAVIDROME_MUSIC_FOLDER', '/opt/navidrome/music')
 ALLOWED_EXTENSIONS = {'flac', 'mp3', 'wav'}

 app = Flask(__name__)
@@ -33,7 +33,3 @@ def upload_file():
        return render_template('success.html', success_message=f'{len(request.files)} file(s) uploaded successfully!'), 200

    return render_template('index.html'), 200
-
-
-if __name__ == '__main__':
-    app.run(host='192.168.2.24', port=5001, debug=False)
@@ -0,0 +1,9 @@
+#!/bin/sh
+set -eu
+
+SCRIPT_DIR="$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)"
+PROJECT_ROOT="$(CDPATH= cd -- "${SCRIPT_DIR}/.." && pwd)"
+
+cd "${PROJECT_ROOT}"
+dpkg-buildpackage -us -uc -b
+
@@ -1,7 +1,10 @@
 blinker==1.9.0
-click==8.3.1
+click==8.3.2
 Flask==3.1.3
 itsdangerous==2.2.0
 Jinja2==3.1.6
 MarkupSafe==3.0.3
-Werkzeug==3.1.6
+Werkzeug==3.1.8
+gunicorn==25.3.0
+pip==26.0.1
+packaging==26.1
@@ -11,7 +11,7 @@
 <body>
    <script>
        Dropzone.options.myDropzone = {
-            parallelUploads: 2,
+            parallelUploads: 4,
            uploadMultiple: true,
            acceptedFiles: 'audio/*'
        };
@@ -20,4 +20,4 @@
          class="dropzone"
          id="my-dropzone"></form>
 </body>
-</html>
+</html>
Author	SHA1	Message	Date
arian	1d3ae30cc9	pin addl. pypi packages	2026-04-21 14:37:35 -04:00
arian	8b30c88a6a	Merge branch 'pr-apt-purge-fix'	2026-04-16 11:58:56 -04:00
arian	0fc4717a05	fix: apt purge leaving pycache & warning systemd folder not empty	2026-04-16 11:57:25 -04:00
arian	2e68ad7323	v0.1.0-2 changelog	2026-04-14 12:14:13 -04:00
arian	792465dab2	run deb package pip install stage as navidrome-uploader user instead of root	2026-04-14 12:09:54 -04:00
arian	7f06ffe6d7	disable gunicorn control socket in service & patch notes	2026-04-09 02:01:06 -04:00
arian	9dc6aa8d04	tidying	2026-04-08 23:29:05 -04:00
arian	163a642f5a	Merge branch 'deb-packaging'	2026-04-08 23:21:57 -04:00
arian	2cc5945e1d	Merge branch 'deb-packaging-test' into deb-packaging	2026-04-08 23:20:16 -04:00
arian	8adbb87fc3	add navidrome music dir to service readwritepaths	2026-04-08 23:06:38 -04:00
arian	399544dc50	remove unused dependency	2026-04-08 05:51:54 -04:00
arian	822c3941fd	remove README.md	2026-04-07 03:22:25 -04:00
arian	210fb30059	test framework for deb building	2026-04-07 03:20:40 -04:00
arian	ebe75427af	change default .env bind address	2026-04-07 02:49:01 -04:00
arian	d0fe37033c	deb build framework	2026-04-07 02:43:39 -04:00
arian	8cdacba0d6	Merge remote-tracking branch 'origin/deb-packaging' into deb-packaging	2026-04-05 17:26:48 -04:00
arian	597a02a5ed	add preinstall script for deb package	2026-04-05 17:24:30 -04:00
arian	290730f413	Merge branch 'pr-systemd-service'	2026-04-05 17:22:40 -04:00
arian	5e553f9363	fix service readwrite path	2026-04-05 17:21:41 -04:00
arian	a4e896158d	add preinstall script for deb package	2026-04-05 17:19:31 -04:00
arian	e68d675f4b	Merge branch 'pr-systemd-service'	2026-04-05 17:07:24 -04:00
arian	f9ca5f299f	add systemd service file	2026-04-05 17:04:14 -04:00
arian	4b9728e814	Merge branch 'gunicorn-migration'	2026-04-04 16:33:46 -04:00
arian	a6a84d662b	deploy with gunicorn	2026-04-04 16:13:00 -04:00
arian	05d40b4bd8	bump click==8.3.2	2026-04-04 15:58:13 -04:00
arian	0f7fd55c7f	bump Werkzeug==3.1.8	2026-04-03 15:08:08 -04:00
arian	beb96580d4	Merge branch 'pr-ext-conf'	2026-03-28 10:18:56 -04:00
arian	524fc6ef54	mv conf vars external	2026-03-28 10:07:37 -04:00
arian	cdacbd9d8f	bump Werkzeug==3.1.7	2026-03-25 04:47:57 -04:00
arian	c4d18aa680	increase concurrent uploads	2026-03-15 17:36:19 -04:00
arian	7da1443d09	Merge branch 'pr-healthcheck'	2026-03-10 08:04:40 -04:00