Welcome to Fredagscaféen's website repository. This repository contains the source code for the Fredagscaféen website, which is hosted at fredagscafeen.dk. It is maintained by the current voluntary webmaster of Fredagscaféen, but contributions and bug reports are always welcome.
Warning
A prerequisite here, is to have Python 3.8.10 installed and in PATH. Having this exact version ensures smooth compatibility with the dependencies and the server, working with and running that version. A tip is to install pyenv, which makes it easy to install the specific version, and toggle between versions.
After that, you are ready to follow the steps below:
- checkout project from vcs:
git clone git@github.com:fredagscafeen/web.git - setup virtual env:
python3 -mvenv ~/.cache/venvs/fredagscafeen-web - activate virtual env:
source ~/.cache/venvs/fredagscafeen-web/bin/activate - install
pip-tools:pip install pip-tools - install dependencies:
pip-sync requirements.txt dev-requirements.txt - install pre-commit hook:
pre-commit install
Installing the required psycopg2 package (PostgreSQL for Python) might require the pg_config binary,
which can be installed on Ubuntu with sudo apt install libpq-dev.
- migrate database:
./manage.py migrate - create superuser:
./manage.py createsuperuser - run server:
./manage.py runserver
git push- Build docker image and redeploy:
ssh ubuntu@fredagscafeen.dk 'cd web && git pull && docker compose build && docker compose up -d'
- ssh into server:
ssh ubuntu@fredagscafeen.dk - create superuser:
docker exec -it web_app_1 ./manage.py createsuperuser - login to admin interface: https://fredagscafeen.dk/admin/
- Generate a new ssh key:
ssh-keygen -t ed25519 -C github-action -f /tmp/github-action - Add the public key to the servers
~/.ssh/authorized_keysfile:ssh ubuntu@fredagscafeen.dk 'cat >> ~/.ssh/authorized_keys' < /tmp/github-action.pub - Add Github action secrets on https://github.com/organizations/fredagscafeen/settings/secrets/actions:
- Create the action secret
UPLOAD_SSH_KNOWN_HOSTScontaining the output of running:grep fredagscafeen.dk ~/.ssh/known_hosts - Create the action secret
UPLOAD_SSH_PRIVATE_KEYcontaining the output of running:cat /tmp/github-action - Make sure both
guidesandvedtægterrepos have access to these
- Create the action secret
Every time a tex file for a guide is updated, Github will recompile it and update the hosted PDF.
TODO: This needs to be updated.
+----------------------------------------------------+
| htlm5 server: |
| |
| autossh -N -M 2244 |
| -L 6631:localhost:631 |
| remoteprint@localhost |
| -p 2222 <-\ |
| -v | ssh |
| | |
| +-----------------------------------------|---+ |
| | dokku web instance: | | |
| | | |
| | | |
| | ssh -o StrictHostKeyChecking=no | |
| | -i media/id_rsa | |
| | remoteprint_relay@fredagscafeen.dk | |
| | -- | |
| | lpstat -h localhost:6631 -E -p | |
| | | |
| +---------------------------------------------+ |
+----------------------------------------------------+
^
|
|
(reverse ssh port-forwarding)
|
|
+----------------------------------------------+
| remote AU server: |
| |
| autossh -N -M 2233 |
| -R 2222:localhost:22 |
| remoteprint_relay@fredagscafeen.dk |
| -v |
| |
+----------------------------------------------+
apt install autossh cups
systemctl disable --now cups
systemctl disable --now cups-browsedOpen 3 terminal windows:
- One connected to the remote machine on AU's network (remote)
- One connected to htlm5 (htlm5)
- One connected to htlm5 and inside the dokku container:
dokku run fredagscafeen.dk bash(dokku)
Then run the following commands in order:
remote:
sudo useradd -m remoteprint
sudo mkhomedir_helper remoteprint
sudo -u remoteprint ssh-keygen
sudo cat /home/remoteprint/.ssh/id_rsa.pub # Key remotedokku:
mkdir media/ssh
ssh-keygen -f media/ssh/id_rsa
cat media/ssh/id_rsa.pub # Key clienthtlm5:
useradd -m remoteprint_relay
mkhomedir_helper remoteprint_relay
sudo -u remoteprint_relay ssh-keygen
cat /home/remoteprint_relay/.ssh/id_rsa.pub # Key relay
sudo -u remoteprint_relay sh -c 'echo "<Key remote>" >> /home/remoteprint_relay/.ssh/authorized_keys'
cat fredagscafeen-media/ssh/id_rsa.pub | sudo -u remoteprint_relay sh -c 'cat >> /home/remoteprint_relay/.ssh/authorized_keys'remote:
sudo -u remoteprint sh -c 'echo "<Key relay>" >> /home/remoteprint/.ssh/authorized_keys'Check that the remote can connect to the relay by running the following on the remote:
sudo -u remoteprint /usr/bin/autossh -N -M 2233 -R 2222:localhost:22 remoteprint_relay@fredagscafeen.dk -vCheck that we can connect to the relay and it can connect to the remote by running the following in dokku:
ssh -o StrictHostKeyChecking=no remoteprint_relay@fredagscafeen.dk -i media/ssh/id_rsa id
ssh -o StrictHostKeyChecking=no remoteprint_relay@fredagscafeen.dk -i media/ssh/id_rsa ssh remoteprint@localhost -p 2222 idStop the autossh command on the remote and create the file /etc/systemd/system/remoteprinter_autossh.service containing:
[Unit]
Description=Keeps a reverse tunnel to fredagscafeen.dk open
After=network-online.target
After=ssh.service
After=org.cups.cupsd.service
[Service]
ExecStart=/usr/bin/autossh -N -M 2233 -R 2222:localhost:22 remoteprint_relay@fredagscafeen.dk -v
Restart=on-failure
User=remoteprint
KillSignal=SIGINT
SendSIGKILL=no
Environment=AUTOSSH_GATETIME=0
[Install]
WantedBy=multi-user.targetThen start and enable the service on the remote:
sudo systemctl enable --now remoteprinter_autosshTest that we can forward port 6631 to the remote's port 631 and it works (run both command at the same time on remote):
sudo -u /usr/bin/autossh -N -M 2244 -L 6631:localhost:631 remoteprint@localhost -p 2222 -v
lpstat -h localhost:6631 -pCreate the file /etc/systemd/system/remoteprinter_cups_forward.service containing:
[Unit]
Description=Forwards port 6631 to port 631 of an AU machine
After=network-online.target
After=ssh.service
After=org.cups.cupsd.service
[Service]
ExecStart=/usr/bin/autossh -N -M 2244 -L 6631:localhost:631 remoteprint@localhost -p 2222 -v
Restart=on-failure
User=remoteprint_relay
KillSignal=SIGINT
SendSIGKILL=no
Environment=AUTOSSH_GATETIME=0
[Install]
WantedBy=multi-user.targetThen start and enable the service on the remote:
sudo systemctl enable --now remoteprinter_cups_forwardAdd the following at the bottom of /etc/ssh/sshd_config on the remote:
Match User remoteprint
AllowTcpForwarding yes
X11Forwarding no
PermitTunnel no
GatewayPorts no
AllowAgentForwarding no
PermitOpen localhost:631
ForceCommand echo 'This account can only be used for printing'Then reload sshd:
systemctl reload sshdThe printers should be installed on the remote machine and also be entered into the database.
- Auth
- Items
- Breweries
- BeerTypes
- Bartenders
- Is-Bartender
POST /api/auth/
{
"username": "...",
"password": "..."
}
{
"token": "...",
"permissions": [...]
}
GET /api/items/
[
{
"id": 871,
"created": "2017-06-02T13:13:49Z",
"name": "Semiskinned Occultist",
"description": "",
"country": "",
"priceInDKK": 25.0,
"abv": null,
"container": null,
"volumeInCentiliters": null,
"inStock": true,
"imageUrl": "",
"barcode": "",
"lastModified": "2017-06-02T13:14:53.756808Z",
"link": "",
"brewery": 16,
"type": null
},
...
]
GET /api/breweries/
[
{
"id": 1,
"name": "Aarhus Bryghus",
"description": "",
"website": ""
},
...
]
GET /api/beerTypes/
[
{
"id": 1,
"name": "Pilsner",
"description": "",
"link": ""
},
...
]
GET /api/bartenders/
[
{
"id": 45,
"name": "Alberte Herold Hansen",
"username": "alberte",
"isActiveBartender": true
},
...
]
GET /api/is-bartender//
true