Merge branch 'deb-packaging'

fix(debian): fix systemd path issue
chore(debian): v0.2.0 changelog added
2026-05-25 18:48:04 -04:00 · 2026-05-25 18:43:03 -04:00 · 2026-05-25 18:32:58 -04:00 · 2026-05-25 18:15:58 -04:00 · 2026-05-25 18:11:13 -04:00 · 2026-05-25 18:00:49 -04:00
22 changed files with 286 additions and 10 deletions
@@ -0,0 +1,3 @@
+NAVIDROME_MUSIC_FOLDER="/opt/navidrome/music"
+BIND_ADDRESS="0.0.0.0"
+BIND_PORT="5001"
@@ -1,4 +1,8 @@
 venv/
 setup.sh
 navidrome-upload.service
-.idea/
+.idea/
+.env
+/README.md
+__pycache__/
+*.deb
@@ -0,0 +1,29 @@
+# Navidome-Uploader Dockerfile for building .deb packages
+# Arian Nasr
+# May 9, 2026
+
+FROM debian:13-slim
+
+# Prevent interactive prompts
+ENV DEBIAN_FRONTEND=noninteractive
+
+RUN apt-get update && apt-get install -y \
+    build-essential \
+    debhelper \
+    devscripts \
+    fakeroot \
+    python3 \
+    python3-venv \
+    python3-pip \
+    python3-wheel \
+    && rm -rf /var/lib/apt/lists/*
+
+WORKDIR /build/src
+
+RUN mkdir -p /dist
+
+COPY . .
+
+RUN chmod +x release/build-deb.sh
+
+CMD ["sh", "-c", "./release/build-deb.sh && mv ../*.deb /dist/"]
@@ -0,0 +1,9 @@
+MIT License
+
+Copyright (c) 2026 Arian Nasr (arian-nasr) - arian@2ari.ca
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
@@ -0,0 +1,47 @@
+[Unit]
+Description=Navidrome Music Uploader Service
+After=network.target,navidrome.service
+
+[Service]
+Type=simple
+User=navidrome-uploader
+Group=navidrome-uploader
+WorkingDirectory=/opt/navidrome-uploader
+Environment="PATH=/opt/navidrome-uploader/venv/bin"
+EnvironmentFile=/etc/default/navidrome-uploader/.env
+ExecStart=/opt/navidrome-uploader/venv/bin/gunicorn --no-control-socket -c gunicorn.conf.py main:app
+Restart=on-failure
+RestartSec=30
+
+NoNewPrivileges=yes
+CapabilityBoundingSet=
+AmbientCapabilities=
+
+ProtectSystem=strict
+ProtectHome=yes
+PrivateTmp=yes
+ReadWritePaths=/opt/navidrome-uploader /opt/navidrome/music
+InaccessiblePaths=/boot /mnt /media
+
+PrivateDevices=yes
+ProtectKernelTunables=yes
+ProtectKernelModules=yes
+ProtectKernelLogs=yes
+ProtectControlGroups=yes
+ProtectClock=yes
+ProtectHostname=yes
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+LockPersonality=yes
+
+SystemCallFilter=@system-service
+SystemCallErrorNumber=EPERM
+
+PrivateNetwork=no
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+UMask=0027
+
+
+[Install]
+WantedBy=multi-user.target
@@ -0,0 +1,37 @@
+navidrome-uploader (0.2.0) unstable; urgency=medium
+
+  * Packaging:
+    - Bundle pip wheels during build for offline host installation
+    - Ensure debian build environment includes pip and wheel modules
+  * Docker:
+    - Implement containerized debian packaging automation scripts
+  * Security:
+    - Add MAX_CONTENT_LENGTH to prevent upload DoS vectors
+  * Bug Fixes:
+    - Fix apt purge leaving pycache and systemd directory remnants
+  * Frontend:
+    - Change Dropzone.js upstream source location
+  * Maintenance:
+    - Add the open source software MIT license
+    - Upstream package & dependency updates
+
+ -- Arian Nasr <arian@2ari.ca>  Mon, 25 May 2026 18:31:00 -0400
+
+navidrome-uploader (0.1.0-2) unstable; urgency=high
+
+  * Run pip install stage as navidrome-uploader user instead of root
+
+ -- Arian Nasr <arian@2ari.ca>  Tue, 14 Apr 2026 12:11:00 -0400
+
+navidrome-uploader (0.1.0-1) unstable; urgency=medium
+
+  * Disable gunicorn control socket in systemd service unit
+
+ -- Arian Nasr <arian@2ari.ca>  Thu, 09 Apr 2026 01:58:00 -0400
+
+navidrome-uploader (0.1.0) unstable; urgency=medium
+
+  * Add Debian packaging with systemd service integration and venv setup.
+
+ -- Arian Nasr <arian@2ari.ca>  Tue, 07 Apr 2026 12:00:00 +0000
+
@@ -0,0 +1,12 @@
+Source: navidrome-uploader
+Section: web
+Priority: optional
+Maintainer: Arian Nasr <arian@2ari.ca>
+Build-Depends: debhelper-compat (= 13)
+Standards-Version: 4.7.0
+Rules-Requires-Root: no
+
+Package: navidrome-uploader
+Architecture: all
+Depends: ${misc:Depends}, adduser, python3, python3-venv, python3-pip, python3-wheel
+Description: Navidrome Web Upload Utility
@@ -0,0 +1,7 @@
+opt/navidrome-uploader
+opt/navidrome-uploader/templates
+opt/navidrome-uploader/static
+opt/navidrome-uploader/static/css
+opt/navidrome-uploader/static/js
+etc/default/navidrome-uploader
+
@@ -0,0 +1,9 @@
+main.py opt/navidrome-uploader/
+gunicorn.conf.py opt/navidrome-uploader/
+requirements.txt opt/navidrome-uploader/
+.env.example opt/navidrome-uploader/
+templates/* opt/navidrome-uploader/templates/
+static/css/* opt/navidrome-uploader/static/css/
+static/js/* opt/navidrome-uploader/static/js/
+contrib/navidrome-uploader.service lib/systemd/system/
+debian/wheels/* opt/navidrome-uploader/wheels/
@@ -0,0 +1,26 @@
+#!/bin/sh
+set -e
+
+APP_DIR="/opt/navidrome-uploader"
+VENV_DIR="${APP_DIR}/venv"
+APP_USER="navidrome-uploader"
+
+case "$1" in
+  configure)
+    chown -R "$APP_USER:$APP_USER" "$APP_DIR"
+
+    runuser -u "$APP_USER" -- python3 -m venv "$VENV_DIR"
+
+    runuser -u "$APP_USER" -- "$VENV_DIR/bin/pip" install --no-cache-dir --no-index --find-links="$APP_DIR/wheels" -r "$APP_DIR/requirements.txt"
+
+    if command -v systemctl >/dev/null 2>&1; then
+      systemctl daemon-reload || true
+      systemctl enable navidrome-uploader.service || true
+      systemctl restart navidrome-uploader.service || true
+    fi
+    ;;
+esac
+
+exit 0
+
+
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+if command -v systemctl > /dev/null 2>&1; then
+    systemctl daemon-reload || true
+fi
+
+if [ "$1" = "purge" ]; then
+    rm -rf /etc/default/navidrome-uploader
+    rm -rf /opt/navidrome-uploader/venv
+    rm -rf /opt/navidrome-uploader/__pycache__
+fi
+
+exit 0
+
@@ -0,0 +1,10 @@
+#!/bin/sh
+set -e
+
+if ! getent passwd navidrome-uploader > /dev/null 2>&1; then
+    printf "Creating navidrome-uploader user\n"
+    useradd --system --shell /usr/sbin/nologin --user-group navidrome-uploader
+fi
+
+exit 0
+
@@ -0,0 +1,14 @@
+#!/bin/sh
+set -e
+
+case "$1" in
+    remove|deconfigure)
+        if command -v systemctl > /dev/null 2>&1; then
+            systemctl stop navidrome-uploader.service || true
+            systemctl disable navidrome-uploader.service || true
+        fi
+        ;;
+esac
+
+exit 0
+
@@ -0,0 +1,15 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@
+
+override_dh_auto_build:
+	dh_auto_build
+	mkdir -p debian/wheels
+	python3 -m pip wheel --no-cache-dir -r requirements.txt pip -w debian/wheels
+
+override_dh_install:
+	dh_install
+	install -d debian/navidrome-uploader/etc/default/navidrome-uploader
+	install -m 0640 .env.example debian/navidrome-uploader/etc/default/navidrome-uploader/.env
+
@@ -0,0 +1,2 @@
+3.0 (native)
+
@@ -0,0 +1,16 @@
+# gunicorn.conf.py
+# Arian Nasr
+# April 4, 2026
+
+import os
+
+
+BIND_ADDRESS = os.environ.get('BIND_ADDRESS', '0.0.0.0')
+BIND_PORT = int(os.environ.get('BIND_PORT', 5001))
+
+bind = f"{BIND_ADDRESS}:{BIND_PORT}"
+workers = 2
+accesslog = "-" # Log to stdout
+errorlog = "-"  # Log to stderr
+
+# gunicorn -c gunicorn.conf.py main:app
@@ -6,11 +6,13 @@ import os
 from flask import Flask, request, render_template
 from werkzeug.utils import secure_filename

-UPLOAD_FOLDER = '/opt/navidrome/music'
+UPLOAD_FOLDER = os.environ.get('NAVIDROME_MUSIC_FOLDER', '/opt/navidrome/music')
 ALLOWED_EXTENSIONS = {'flac', 'mp3', 'wav'}
+MAX_CONTENT_LENGTH = 500 * 1024 * 1024

 app = Flask(__name__)
 app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
+app.config['MAX_CONTENT_LENGTH'] = MAX_CONTENT_LENGTH

 def allowed_file(filename):
    return '.' in filename and \
@@ -33,7 +35,3 @@ def upload_file():
        return render_template('success.html', success_message=f'{len(request.files)} file(s) uploaded successfully!'), 200

    return render_template('index.html'), 200
-
-
-if __name__ == '__main__':
-    app.run(host='192.168.2.24', port=5001, debug=False)
@@ -0,0 +1,9 @@
+#!/bin/sh
+set -eu
+
+SCRIPT_DIR="$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)"
+PROJECT_ROOT="$(CDPATH= cd -- "${SCRIPT_DIR}/.." && pwd)"
+
+cd "${PROJECT_ROOT}"
+dpkg-buildpackage -us -uc -b
+
@@ -0,0 +1,11 @@
+#!/bin/sh
+set -eu
+
+SCRIPT_DIR="$(CDPATH= cd -- "$(dirname -- "$0")" && pwd)"
+PROJECT_ROOT="$(CDPATH= cd -- "${SCRIPT_DIR}/.." && pwd)"
+
+cd "${PROJECT_ROOT}"
+
+docker build --platform linux/amd64 -t uploader-builder -f Dockerfile.build .
+
+docker run --rm --platform linux/amd64 -v "$(pwd)/output:/dist" uploader-builder
@@ -1,7 +1,10 @@
 blinker==1.9.0
-click==8.3.1
+click==8.4.1
 Flask==3.1.3
 itsdangerous==2.2.0
 Jinja2==3.1.6
 MarkupSafe==3.0.3
-Werkzeug==3.1.6
+Werkzeug==3.1.8
+gunicorn==26.0.0
+pip==26.1.1
+packaging==26.2
@@ -11,7 +11,7 @@
 <body>
    <script>
        Dropzone.options.myDropzone = {
-            parallelUploads: 2,
+            parallelUploads: 4,
            uploadMultiple: true,
            acceptedFiles: 'audio/*'
        };
@@ -20,4 +20,4 @@
          class="dropzone"
          id="my-dropzone"></form>
 </body>
-</html>
+</html>
Author	SHA1	Message	Date
arian	f3743cc9c0	Merge branch 'deb-packaging'	2026-05-25 18:48:04 -04:00
arian	9cc751e694	fix(debian): fix systemd path issue	2026-05-25 18:43:03 -04:00
arian	df6a13f978	chore(debian): v0.2.0 changelog added	2026-05-25 18:32:58 -04:00
arian	58a8200968	fix(debian): added dependencies to deb-building Dockerfile for offline installation	2026-05-25 18:15:58 -04:00
arian	c7e04d931f	fix(debian): fix build dependencies for offline installation	2026-05-25 18:11:13 -04:00
arian	772c8e56ec	build(debian): offline pip dependency installation	2026-05-25 18:00:49 -04:00
arian	d8af833ce0	chore(deps): bump python dependencies	2026-05-25 17:40:12 -04:00
arian	b57dc7d81c	docs(license): add MIT license	2026-05-25 17:37:44 -04:00
arian	5fa95f0814	chore(deps): bump python dependencies Signed-off-by: Arian Nasr <arian@2ari.ca>	2026-05-20 15:44:49 -04:00
arian	a64da5ef51	build(docker): implement docker build automation script Signed-off-by: Arian Nasr <arian@2ari.ca>	2026-05-09 14:46:58 -04:00
arian	ec2dfb3491	Merge branch 'docker-build'	2026-05-09 14:38:38 -04:00
arian	3dec409169	build(docker): implement containerized debian packaging Signed-off-by: Arian Nasr <arian@2ari.ca>	2026-05-09 14:35:51 -04:00
arian	4130cc4269	chore(deps): bump gunicorn==26.0.0	2026-05-09 13:42:51 -04:00
arian	0893d21ded	perf(upload) add MAX_CONTENT_LENGTH to prevent DoS	2026-05-01 06:30:12 -04:00
arian	4278fd530d	chore: bump pip==26.1	2026-04-26 23:16:27 -04:00
arian	483b0fd7b0	bump packaging==26.2	2026-04-26 23:13:11 -04:00
arian	c7f2c99c6b	chore: bump click==8.3.3	2026-04-22 19:58:48 -04:00
arian	1d3ae30cc9	pin addl. pypi packages	2026-04-21 14:37:35 -04:00
arian	8b30c88a6a	Merge branch 'pr-apt-purge-fix'	2026-04-16 11:58:56 -04:00
arian	0fc4717a05	fix: apt purge leaving pycache & warning systemd folder not empty	2026-04-16 11:57:25 -04:00
arian	2e68ad7323	v0.1.0-2 changelog	2026-04-14 12:14:13 -04:00
arian	792465dab2	run deb package pip install stage as navidrome-uploader user instead of root	2026-04-14 12:09:54 -04:00
arian	7f06ffe6d7	disable gunicorn control socket in service & patch notes	2026-04-09 02:01:06 -04:00
arian	9dc6aa8d04	tidying	2026-04-08 23:29:05 -04:00
arian	163a642f5a	Merge branch 'deb-packaging'	2026-04-08 23:21:57 -04:00
arian	2cc5945e1d	Merge branch 'deb-packaging-test' into deb-packaging	2026-04-08 23:20:16 -04:00
arian	8adbb87fc3	add navidrome music dir to service readwritepaths	2026-04-08 23:06:38 -04:00
arian	399544dc50	remove unused dependency	2026-04-08 05:51:54 -04:00
arian	822c3941fd	remove README.md	2026-04-07 03:22:25 -04:00
arian	210fb30059	test framework for deb building	2026-04-07 03:20:40 -04:00
arian	ebe75427af	change default .env bind address	2026-04-07 02:49:01 -04:00
arian	d0fe37033c	deb build framework	2026-04-07 02:43:39 -04:00
arian	8cdacba0d6	Merge remote-tracking branch 'origin/deb-packaging' into deb-packaging	2026-04-05 17:26:48 -04:00
arian	597a02a5ed	add preinstall script for deb package	2026-04-05 17:24:30 -04:00
arian	290730f413	Merge branch 'pr-systemd-service'	2026-04-05 17:22:40 -04:00
arian	5e553f9363	fix service readwrite path	2026-04-05 17:21:41 -04:00
arian	a4e896158d	add preinstall script for deb package	2026-04-05 17:19:31 -04:00
arian	e68d675f4b	Merge branch 'pr-systemd-service'	2026-04-05 17:07:24 -04:00
arian	f9ca5f299f	add systemd service file	2026-04-05 17:04:14 -04:00
arian	4b9728e814	Merge branch 'gunicorn-migration'	2026-04-04 16:33:46 -04:00
arian	a6a84d662b	deploy with gunicorn	2026-04-04 16:13:00 -04:00
arian	05d40b4bd8	bump click==8.3.2	2026-04-04 15:58:13 -04:00
arian	0f7fd55c7f	bump Werkzeug==3.1.8	2026-04-03 15:08:08 -04:00
arian	beb96580d4	Merge branch 'pr-ext-conf'	2026-03-28 10:18:56 -04:00
arian	524fc6ef54	mv conf vars external	2026-03-28 10:07:37 -04:00
arian	cdacbd9d8f	bump Werkzeug==3.1.7	2026-03-25 04:47:57 -04:00
arian	c4d18aa680	increase concurrent uploads	2026-03-15 17:36:19 -04:00
arian	7da1443d09	Merge branch 'pr-healthcheck'	2026-03-10 08:04:40 -04:00