File default-settings.patch of Package gotosocial
From f0501d4226938cc9660d4f444dd05c94ec8e3202 Mon Sep 17 00:00:00 2001
From: "Sqx. Flann" <fl4nn+git@opensuse.org>
Date: Fri, 19 Sep 2025 15:32:32 +0200
Subject: [PATCH] Modify default paths to match packaging
---
example/apparmor/gotosocial | 44 +++++--------------------------------
example/config.yaml | 32 ++++++++++++++++-----------
example/gotosocial.service | 7 +++---
3 files changed, 29 insertions(+), 54 deletions(-)
diff --git a/example/apparmor/gotosocial b/example/apparmor/gotosocial
index 44192428c..b81bae94c 100644
--- a/example/apparmor/gotosocial
+++ b/example/apparmor/gotosocial
@@ -7,59 +7,27 @@ profile gotosocial flags=(attach_disconnected, mediate_deleted) {
include <abstractions/nameservice>
include <abstractions/user-tmp>
- # Allow common binary install paths.
- #
- # You can change or remove these depending on
- # where you've installed your GoToSocial binary.
- /gotosocial/gotosocial mrix,
- /usr/local/bin/gotosocial mrix,
- /usr/bin/gotosocial mrix,
/usr/sbin/gotosocial mrix,
- # Allow access to GoToSocial's storage and database paths.
- # Change these depending on your db + storage locations.
- owner /gotosocial/{,**} r,
- owner /gotosocial/db/* wk,
- owner /gotosocial/storage/** wk,
-
- # Embedded ffmpeg needs read
- # permission on /dev/urandom.
+ # Embedded ffmpeg needs read permission on /dev/urandom.
/dev/ r,
/dev/urandom r,
- # Temp dir access is needed for storing
- # files briefly during media processing.
- /tmp/ r,
- owner /tmp/* rwk,
-
# If running with GTS_WAZERO_COMPILATION_CACHE set,
# change + uncomment the below lines as appropriate:
- # owner /your/wazero/cache/directory/ r,
- # owner /your/wazero/cache/directory/** rwk,
+ owner /var/lib/gotosocial/.cache r,
+ owner /var/lib/gotosocial/.cache/** rwk,
# If you've enabled logging to syslog, allow GoToSocial
# to write logs by uncommenting the following line:
# /var/log/syslog w,
- # These directories are not currently used by any of
- # the recommended GoToSocial installation methods, but
- # may be used in the future and/or for custom installs.
- # Delete them if you prefer.
- owner /etc/gotosocial/{,**} r,
- owner /usr/local/etc/gotosocial/{,**} r,
- owner /usr/share/gotosocial/{,**} r,
- owner /usr/local/share/gotosocial/{,**} r,
- owner /usr/lib/gotosocial/{,**} r,
- owner /usr/lib/gotosocial/db/* wk,
- owner /usr/lib/gotosocial/storage/** wk,
- owner /usr/local/lib/gotosocial/{,**} r,
- owner /usr/local/lib/gotosocial/db/* wk,
- owner /usr/local/lib/gotosocial/storage/** wk,
+ /etc/gotosocial/{,**} r,
+ /usr/share/gotosocial/{,**} r,
owner /var/lib/gotosocial/{,**} r,
+ owner /var/lib/gotosocial/certs/** wk,
owner /var/lib/gotosocial/db/* wk,
owner /var/lib/gotosocial/storage/** wk,
- owner /opt/gotosocial/{,**} r,
- owner /run/gotosocial/{,**} r,
/etc/mime.types r,
/etc/services r,
diff --git a/example/config.yaml b/example/config.yaml
index 9eaa560fe..d025e0a02 100644
--- a/example/config.yaml
+++ b/example/config.yaml
@@ -57,8 +57,9 @@ log-format: "logfmt"
# documented on https://pkg.go.dev/time#pkg-constants.
#
# Examples: ["2006-01-02T15:04:05.000Z07:00", ""]
-# Default: "02/01/2006 15:04:05.000"
-log-timestamp-format: "02/01/2006 15:04:05.000"
+# Upstream Default: "02/01/2006 15:04:05.000"
+# openSUSE Default: ""
+log-timestamp-format: ""
# String. Application name to use internally.
# Examples: ["My Application","gotosocial"]
@@ -169,8 +170,9 @@ db-type: "sqlite"
# WARNING: :memory: should NOT BE USED except for testing purposes.
#
# Examples: ["localhost","my.db.host","127.0.0.1","192.111.39.110",":memory:", "sqlite.db"]
-# Default: ""
-db-address: "sqlite.db"
+# Upstream Default: "sqlite.db"
+# openSUSE Default: "/var/lib/gotosocial/db/sqlite.db"
+db-address: "/var/lib/gotosocial/db/sqlite.db"
# Int. Port for postgres database connection; ignored for sqlite.
# Examples: [5432, 1234, 6969]
@@ -272,7 +274,7 @@ db-sqlite-busy-timeout: "30m"
# String. Full Database connection string
#
# This connection string is only applicable for Postgres. When this field is defined, all other database related configuration field will be ignored. This field allow you to fine tune connection with Postgres
-#
+#
# Examples: ["postgres://user:pass@localhost/db?search_path=gotosocial", "postgres://user:pass@localhost:9999/db"]
# Default: ""
db-postgres-connection-string: ""
@@ -294,13 +296,15 @@ cache:
# String. Directory from which gotosocial will attempt to load html templates (.tmpl files).
# Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"]
-# Default: "./web/template/"
-web-template-base-dir: "./web/template/"
+# Upstream Default: "./web/template/"
+# openSUSE Default: "/etc/gotosocial/template/"
+web-template-base-dir: "/etc/gotosocial/template/"
# String. Directory from which gotosocial will attempt to serve static web assets (images, scripts).
# Examples: ["/some/absolute/path/", "./relative/path/", "../../some/weird/path/"]
-# Default: "./web/assets/"
-web-asset-base-dir: "./web/assets/"
+# Upstream Default: "./web/assets/"
+# openSUSE Default: "/usr/share/gotosocial/assets/"
+web-asset-base-dir: "/usr/share/gotosocial/assets/"
###########################
##### INSTANCE CONFIG #####
@@ -742,8 +746,9 @@ storage-backend: "local"
# this directory, and create new subdirectories and files within it.
# Only required when running with the local storage backend.
# Examples: ["/home/gotosocial/storage", "/opt/gotosocial/datastorage"]
-# Default: "/gotosocial/storage"
-storage-local-base-path: "/gotosocial/storage"
+# Upstream Default: "/gotosocial/storage"
+# openSUSE Default: "/var/lib/gotosocial/storage"
+storage-local-base-path: "/var/lib/gotosocial/storage"
# String. API endpoint of the S3 compatible service.
# Only required when running with the s3 storage backend.
@@ -905,8 +910,9 @@ letsencrypt-port: 80
# backup easier, but you might wish to move them elsewhere if they're also accessed by other services.
# In any case, make sure GoToSocial has permissions to write to / read from this directory.
# Examples: ["/home/gotosocial/storage/certs", "/acmecerts"]
-# Default: "/gotosocial/storage/certs"
-letsencrypt-cert-dir: "/gotosocial/storage/certs"
+# Upstream Default: "/gotosocial/storage/certs"
+# openSUSE Default: "/var/lib/gotosocial/certs"
+letsencrypt-cert-dir: "/var/lib/gotosocial/certs"
# String. Email address to use when registering LetsEncrypt certs.
# Most likely, this will be the email address of the instance administrator.
diff --git a/example/gotosocial.service b/example/gotosocial.service
index 48d14df8c..5c9135467 100644
--- a/example/gotosocial.service
+++ b/example/gotosocial.service
@@ -12,6 +12,7 @@ Group=gotosocial
Type=exec
Restart=on-failure
+AppArmorProfile=gotosocial
# For speedier restart times, you can uncomment the following Environment line to have GoToSocial cache compiled
# Wazero artifacts in the given directory between restarts, so that it doesn't need to compile on startup every time.
@@ -20,7 +21,7 @@ Restart=on-failure
# installed at "~/gotosocial" then change the value to "GTS_WAZERO_COMPILATION_CACHE=~/gotosocial/.cache".
#
# Whatever you do, make sure the dir exists and that the gotosocial user has permission to write + read from it.
-#Environment="GTS_WAZERO_COMPILATION_CACHE=/gotosocial/.cache"
+Environment="GTS_WAZERO_COMPILATION_CACHE=/var/lib/gotosocial/.cache"
# If you have set `metrics-enabled` to `true` in your GoToSocial config file, and you want
# to expose Prometheus metrics at localhost:9464/metrics, uncomment the following two lines:
@@ -28,8 +29,8 @@ Restart=on-failure
#Environment="OTEL_METRICS_PRODUCERS=prometheus"
# change if your path to the GoToSocial binary is different
-ExecStart=/gotosocial/gotosocial --config-path config.yaml server start
-WorkingDirectory=/gotosocial
+ExecStart=/usr/sbin/gotosocial --config-path /etc/gotosocial/config.yaml server start
+WorkingDirectory=/var/lib/gotosocial
# Sandboxing options to harden security
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
--
2.51.0
