feat(commentaire) : ajout de la partie système de isso

2025-06-24 17:01:01 +02:00 · 2025-06-24 17:01:01 +02:00 · e6c608eb76
commit e6c608eb76
parent 8d67017c79
5 changed files with 178 additions and 0 deletions
--- a/System/Isso/README.md
+++ b/System/Isso/README.md
@ -0,0 +1,37 @@
+# Installation
+
+## 1. Crée un dossier et un utilisateur
+sudo mkdir -p /opt/isso
+sudo useradd --system --home /opt/isso --shell /sbin/nologin isso
+
+## 2. Crée et active l’environnement
+cd /opt/isso
+sudo python3 -m venv venv
+sudo source venv/bin/activate
+sudo pip install --upgrade pip
+sudo pip install isso
+sudo pip install setuptools
+sudo pip install wheel
+
+## 3. Crée le fichier de config
+sudo touch /opt/isso/isso.conf
+sudo chown isso:isso /opt/isso/isso.conf
+
+## 4. Crée le service systemd
+sudo cp isso.service /etc/systemd/system/isso.service
+sudo systemctl daemon-reexec
+sudo systemctl daemon-reload
+sudo systemctl enable isso
+sudo systemctl start isso
+sudo systemctl status isso
+
+# Utilisation
+
+Modification dans le thème binario de :
+
+* themes/binario/layouts/partials/header.html -> ajout du script isso
+* themes/binario/layouts/partials/comments.html -> modification intégrale du fichier
+
+Ajout du fichier d'administration :
+
+/opt/isso/isso-admin.sh
--- a/System/Isso/isso-admin.sh
+++ b/System/Isso/isso-admin.sh
@ -0,0 +1,44 @@
+#!/bin/bash
+
+DB="/opt/isso/comments.db"
+
+echo -e "\nThreads existants :"
+sqlite3 "$DB" <<EOF
+.headers on
+.mode column
+SELECT id, uri FROM threads ORDER BY id;
+EOF
+
+read -p "ID du thread à modérer : " TID
+[ -z "$TID" ] && exit
+
+echo -e "\nCommentaires dans le thread #$TID :"
+sqlite3 "$DB" <<EOF
+.headers on
+.mode column
+SELECT id, mode, substr(text,1,60) AS preview
+FROM comments WHERE tid=$TID ORDER BY id DESC;
+EOF
+
+while true; do
+  echo
+  read -p "ID à modérer (ou vide pour quitter) : " CID
+  [ -z "$CID" ] && exit
+
+  echo "1. Approuver"
+  echo "2. Supprimer"
+  read -p "Choix : " CHOICE
+
+  case $CHOICE in
+    1)
+      sqlite3 "$DB" "UPDATE comments SET mode=1 WHERE id=$CID;"
+      echo "Commentaire $CID approuvé."
+      ;;
+    2)
+      sqlite3 "$DB" "DELETE FROM comments WHERE id=$CID;"
+      echo "Commentaire $CID supprimé."
+      ;;
+    *)
+      echo "Choix invalide."      ;;
+  esac
+done
--- a/System/Isso/isso.conf
+++ b/System/Isso/isso.conf
@ -0,0 +1,20 @@
+[general]
+dbpath = /opt/isso/comments.db
+host = https://fabnum-blog.peccini.fr
+max-age = 3600
+notify = false
+
+[server]
+listen = http://127.0.0.1:8181/
+
+[moderation]
+enabled = true
+
+[admin]
+enabled = true
+password = votremotdepasse
+
+[guard]
+enabled = true
+ratelimit = 2
+direct-reply = 3
--- a/System/isso.service
+++ b/System/isso.service
@ -0,0 +1,13 @@
+[Unit]
+Description=Isso comment server (venv)
+After=network.target
+
+[Service]
+User=isso
+Group=isso
+WorkingDirectory=/opt/isso
+ExecStart=/opt/isso/venv/bin/isso -c /opt/isso/isso.conf run
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
--- a/System/nginx.conf
+++ b/System/nginx.conf
@ -0,0 +1,64 @@
+server {
+    listen 443 ssl;
+    server_name fabnum-blog.peccini.fr;
+
+    root /var/www/FabNum_blog/public;
+    index index.html;
+
+	location ^~ /isso/ {
+	    proxy_pass http://127.0.0.1:8181/;
+	    proxy_set_header Host $host;
+	    proxy_set_header X-Forwarded-For $remote_addr;
+	}
+
+    # GZIP compression
+    gzip on;
+    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
+    gzip_min_length 1024;
+    gzip_vary on;
+
+    # Caching for static files
+    location ~* \.(js|css|png|jpg|jpeg|gif|ico|woff|woff2|ttf|svg|eot|mp4|webp)$ {
+        expires 30d;
+        add_header Cache-Control "public";
+    }
+
+    # No cache for HTML and feeds
+    location ~* \.(html|xml|json|rss)$ {
+        expires -1;
+        add_header Cache-Control "no-cache, no-store, must-revalidate";
+        add_header Pragma "no-cache";
+    }
+
+    # Main site
+    location / {
+        try_files $uri $uri/ =404;
+    }
+
+    # SSL settings
+    ssl_certificate /etc/letsencrypt/live/fabnum-blog.peccini.fr/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/fabnum-blog.peccini.fr/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+    }
+
+# Redirect www → non-www (HTTPS)
+server {
+    listen 443 ssl;
+    server_name www.fabnum-blog.peccini.fr;
+
+    return 301 https://fabnum-blog.peccini.fr$request_uri;
+
+    ssl_certificate /etc/letsencrypt/live/fabnum-blog.peccini.fr/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/fabnum-blog.peccini.fr/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+}
+
+# Redirect all HTTP → HTTPS (both www and non-www)
+server {
+    listen 80;
+    server_name fabnum-blog.peccini.fr www.fabnum-blog.peccini.fr;
+
+    return 301 https://fabnum-blog.peccini.fr$request_uri;
+}