From 4295ac6f1d18597d936539efc80844dc8ccad77e Mon Sep 17 00:00:00 2001
From: Benoit <forgejo@benoit.jp.net>
Date: Tue, 1 Oct 2024 20:49:20 +0900
Subject: [PATCH 1/4] Move jobs under cfg

---
 {jobs => cfg/jobs}/forgejo.run | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename {jobs => cfg/jobs}/forgejo.run (100%)

diff --git a/jobs/forgejo.run b/cfg/jobs/forgejo.run
similarity index 100%
rename from jobs/forgejo.run
rename to cfg/jobs/forgejo.run

From 8043668fa2db2a0075d7518366bf895dd0148124 Mon Sep 17 00:00:00 2001
From: Benoit <forgejo@benoit.jp.net>
Date: Tue, 1 Oct 2024 20:49:47 +0900
Subject: [PATCH 2/4] Init Navidrome job

---
 cfg/jobs/navidrome.run | 69 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 cfg/jobs/navidrome.run

diff --git a/cfg/jobs/navidrome.run b/cfg/jobs/navidrome.run
new file mode 100644
index 0000000..ffe1c42
--- /dev/null
+++ b/cfg/jobs/navidrome.run
@@ -0,0 +1,69 @@
+#!/bin/env bash
+# Upstream doc: https://www.navidrome.org/docs/installation/linux/
+set -euxo pipefail
+
+IMAGE="ubuntu/22.04/cloud"
+DIST="${IMAGE%%/*/*}"
+VER="${IMAGE#*/}"
+VER="${VER%/*}"
+VER="${VER//./-}"
+UPSTREAM_VER="0.50.2"
+UPSTREAM_VER_DASH="${UPSTREAM_VER//./-}"
+UPSTREAM_NAME="navidrome"
+SERIAL="5esh"
+CNAME="$UPSTREAM_NAME-$UPSTREAM_VER_DASH-$SERIAL-$DIST-$VER"
+ALIAS="$UPSTREAM_NAME-$UPSTREAM_VER-$SERIAL"
+
+cd $WORKSPACE
+incus launch images:$IMAGE $CNAME
+
+# Wait network
+sleep 5
+
+# Navidrome
+incus exec $CNAME -- mkdir /etc/esh
+incus exec $CNAME -- apt update
+incus exec $CNAME -- apt upgrade -y
+incus exec $CNAME -- apt install -y --no-install-recommends ffmpeg wget
+incus exec $CNAME -- useradd -m -s /sbin/nologin -d /var/lib/navidrome navidrome
+incus exec $CNAME -- install -d -o navidrome -g navidrome /opt/navidrome
+incus exec $CNAME -- wget "https://github.com/navidrome/navidrome/releases/download/v${UPSTREAM_VER}/navidrome_${UPSTREAM_VER}_linux_amd64.tar.gz" -O /tmp/Navidrome.tar.gz
+incus exec $CNAME -- tar -xvzf /tmp/Navidrome.tar.gz -C /opt/navidrome/
+incus exec $CNAME -- chown -R navidrome:navidrome /opt/navidrome
+incus file push navidrome.toml $CNAME/etc/esh/
+incus file push setup.sh $CNAME/usr/local/bin/
+incus file push navidrome.service $CNAME/etc/systemd/system/
+
+# Syncthing
+incus exec $CNAME -- apt install syncthing
+incus exec $CNAME -- cp /lib/systemd/system/syncthing\@.service /etc/systemd/system/
+incus exec $CNAME -- sed -i \
+  's/\(ExecStart=\/usr\/bin\/syncthing serve --no-browser --no-restart --logflags=0\)/\1 --gui-address=0.0.0.0:8384/' \
+  /etc/systemd/system/syncthing\@.service
+
+# Clean
+incus exec $CNAME -- \
+  rm -rf \
+  /etc/machine-id \
+  /var/cache/apt \
+  /var/log/journal
+
+# Publish
+incus stop $CNAME
+incus config metadata show $CNAME > metadata.yaml
+# Get the current Unix timestamp
+current_timestamp=$(date +%s)
+# Calculate expiry date as current timestamp + 1 week (604800 seconds)
+expiry_date=$(($current_timestamp + 604800))
+# Update metadata values
+sed -i \
+  -e "s/creation_date: .*/creation_date: $current_timestamp/" \
+  -e "s/expiry_date: .*/expiry_date: $expiry_date/" \
+  -e "s#description: .*#description: $UPSTREAM_NAME v$UPSTREAM_VER on $IMAGE release $SERIAL#" \
+  -e "s/name: .*/name: $CNAME/" \
+  -e "s/serial: .*/serial: $SERIAL/" \
+  metadata.yaml
+
+incus config metadata edit $CNAME < metadata.yaml
+incus publish $CNAME --alias $ALIAS --public
+incus rm $CNAME

From 1e0c8ebc9fe41e929d4f81d79d80810b3c3782cc Mon Sep 17 00:00:00 2001
From: Benoit <forgejo@benoit.jp.net>
Date: Tue, 1 Oct 2024 20:54:53 +0900
Subject: [PATCH 3/4] Add Navidrom assets

---
 run/navidrome/workspace/navidrome.service | 47 +++++++++++++++++++++++
 run/navidrome/workspace/navidrome.toml    |  2 +
 2 files changed, 49 insertions(+)
 create mode 100644 run/navidrome/workspace/navidrome.service
 create mode 100644 run/navidrome/workspace/navidrome.toml

diff --git a/run/navidrome/workspace/navidrome.service b/run/navidrome/workspace/navidrome.service
new file mode 100644
index 0000000..fd01ee2
--- /dev/null
+++ b/run/navidrome/workspace/navidrome.service
@@ -0,0 +1,47 @@
+[Unit]
+Description=Navidrome Music Server and Streamer compatible with Subsonic/Airsonic
+After=remote-fs.target network.target
+AssertPathExists=/var/lib/navidrome
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+User=navidrome
+Group=navidrome
+Type=simple
+ExecStart=/opt/navidrome/navidrome --configfile "/var/lib/navidrome/navidrome.toml"
+WorkingDirectory=/var/lib/navidrome
+TimeoutStopSec=20
+KillMode=process
+Restart=on-failure
+
+# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+DevicePolicy=closed
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+ReadWritePaths=/var/lib/navidrome
+
+# You can uncomment the following line if you're not using the jukebox This
+# will prevent navidrome from accessing any real (physical) devices
+PrivateDevices=yes
+
+# You can change the following line to `strict` instead of `full` if you don't
+# want navidrome to be able to write anything on your filesystem outside of
+# /var/lib/navidrome.
+ProtectSystem=strict
+
+# You can uncomment the following line if you don't have any media in /home/*.
+# This will prevent navidrome from ever reading/writing anything there.
+ProtectHome=true
+
+# You can customize some Navidrome config options by setting environment variables here. Ex:
+#Environment=ND_BASEURL="/navidrome"
diff --git a/run/navidrome/workspace/navidrome.toml b/run/navidrome/workspace/navidrome.toml
new file mode 100644
index 0000000..cc5e4f0
--- /dev/null
+++ b/run/navidrome/workspace/navidrome.toml
@@ -0,0 +1,2 @@
+# For more options, check doc: https://www.navidrome.org/docs/usage/configuration-options/#available-options
+MusicFolder = "/var/lib/music"

From e026eeac351bac00a70b01022fc374eb6eb056d3 Mon Sep 17 00:00:00 2001
From: Benoit <forgejo@benoit.jp.net>
Date: Tue, 1 Oct 2024 20:56:45 +0900
Subject: [PATCH 4/4] Bump navidrome to 0.53.3+ubuntu24.04

---
 cfg/jobs/navidrome.run | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/cfg/jobs/navidrome.run b/cfg/jobs/navidrome.run
index ffe1c42..8b25b1b 100644
--- a/cfg/jobs/navidrome.run
+++ b/cfg/jobs/navidrome.run
@@ -2,20 +2,20 @@
 # Upstream doc: https://www.navidrome.org/docs/installation/linux/
 set -euxo pipefail
 
-IMAGE="ubuntu/22.04/cloud"
-DIST="${IMAGE%%/*/*}"
+IMAGE="ubuntu/24.04"
+DIST="${IMAGE%%/*}"
 VER="${IMAGE#*/}"
 VER="${VER%/*}"
 VER="${VER//./-}"
-UPSTREAM_VER="0.50.2"
+UPSTREAM_VER="0.53.3"
 UPSTREAM_VER_DASH="${UPSTREAM_VER//./-}"
 UPSTREAM_NAME="navidrome"
-SERIAL="5esh"
+SERIAL="1benoitjpnet"
 CNAME="$UPSTREAM_NAME-$UPSTREAM_VER_DASH-$SERIAL-$DIST-$VER"
 ALIAS="$UPSTREAM_NAME-$UPSTREAM_VER-$SERIAL"
 
 cd $WORKSPACE
-incus launch images:$IMAGE $CNAME
+incus launch images:$IMAGE $CNAME --quiet
 
 # Wait network
 sleep 5