diff --git a/check_process b/check_process index 28eddda..5482428 100755 --- a/check_process +++ b/check_process @@ -3,13 +3,11 @@ domain="domain.tld" path="/path" admin="john" - language="fr" is_public=1 password="1Strong-Password" - port="666" ; Checks pkg_linter=1 - setup_sub_dir=1 + setup_sub_dir=0 setup_root=1 setup_nourl=0 setup_private=1 @@ -17,7 +15,7 @@ upgrade=1 #upgrade=1 from_commit=CommitHash backup_restore=1 - multi_instance=1 + multi_instance=0 port_already_use=0 change_url=1 ;;; Options diff --git a/conf/AdGuardHome.yaml b/conf/AdGuardHome.yaml index be9f3c1..4651b48 100644 --- a/conf/AdGuardHome.yaml +++ b/conf/AdGuardHome.yaml @@ -1,16 +1,20 @@ bind_host: 0.0.0.0 bind_port: __PORT__ +beta_bind_port: 0 users: - name: __ADMIN__ password: __PASSWORD__ +auth_attempts: 5 +block_auth_min: 15 http_proxy: "" language: "" rlimit_nofile: 0 debug_pprof: false web_session_ttl: 720 dns: - bind_host: 0.0.0.0 - port: 53 + bind_hosts: + - 0.0.0.0 + port: __ADGUARD_PORT__ statistics_interval: 1 querylog_enabled: true querylog_file_enabled: true @@ -63,6 +67,9 @@ dns: cache_time: 30 rewrites: [] blocked_services: [] + local_domain_name: lan + resolve_clients: true + local_ptr_upstreams: [] tls: enabled: false server_name: "" @@ -70,6 +77,8 @@ tls: port_https: 443 port_dns_over_tls: 853 port_dns_over_quic: 784 + port_dnscrypt: 0 + dnscrypt_config_file: "" allow_unencrypted_doh: false strict_sni_check: false certificate_chain: "" @@ -115,4 +124,4 @@ log_max_size: 100 log_max_age: 3 log_file: "" verbose: false -schema_version: 7 \ No newline at end of file +schema_version: 10 \ No newline at end of file diff --git a/conf/nginx.conf b/conf/nginx.conf index 8a9f183..4575d7b 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,4 +1,4 @@ -location / { +location __PATH__/ { # Force usage of https if ($scheme = http) { diff --git a/scripts/_common.sh b/scripts/_common.sh index 764acf9..f15ea3d 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # dependencies used by the app -pkg_dependencies="bind9-host" +pkg_dependencies="python3-bcrypt" #================================================= # PERSONAL HELPERS diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..fd8eea8 --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,114 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +old_domain=$YNH_APP_OLD_DOMAIN +old_path=$YNH_APP_OLD_PATH + +new_domain=$YNH_APP_NEW_DOMAIN +new_path=$YNH_APP_NEW_PATH + +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 + +# Needed for helper "ynh_add_nginx_config" +final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +#================================================= +# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. + ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# CHECK WHICH PARTS SHOULD BE CHANGED +#================================================= + +change_domain=0 +if [ "$old_domain" != "$new_domain" ] +then + change_domain=1 +fi + +if [ "$old_path" != "$new_path" ] || [ "$new_path" != "/" ] +then + ynh_die --message="You must use a root domain" +fi + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="stop" + +#================================================= +# MODIFY URL IN NGINX CONF +#================================================= +ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 + +nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf + +# Change the domain for NGINX +if [ $change_domain -eq 1 ] +then + # Delete file checksum for the old conf file location + ynh_delete_file_checksum --file="$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" +fi + +#================================================= +# SPECIFIC MODIFICATIONS +#================================================= + +#================================================= +# GENERIC FINALISATION +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="start" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Change of URL completed for $app" --last \ No newline at end of file diff --git a/scripts/install b/scripts/install index 01944f5..ec2d9cd 100644 --- a/scripts/install +++ b/scripts/install @@ -49,6 +49,7 @@ ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=is_public --value=$is_public +ynh_app_setting_set --app=$app --key=admin --value=$admin #================================================= # FIND AND OPEN A PORT @@ -61,11 +62,25 @@ ynh_app_setting_set --app=$app --key=port --value=$port # Find an available port adguard_port=$(ynh_find_port --port=53) -ynh_app_setting_set --app=$app --key=port --value=$adguard_port +ynh_app_setting_set --app=$app --key=adguard_port --value=$adguard_port # Disable the port 53 for upnp ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $adguard_port +#================================================= +# INSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Installing dependencies..." --weight=1 + +# Define and install dependencies +ynh_install_app_dependencies $pkg_dependencies + +#================================================= +# CRYPT PASSWORD +#================================================= +password=$(python3 -c "import bcrypt; print(bcrypt.hashpw(b\"$password\", bcrypt.gensalt(rounds=10)).decode())") +ynh_app_setting_set --app=$app --key=password --value=$password + #================================================= # CREATE DEDICATED USER #================================================= @@ -84,8 +99,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_setup_source --dest_dir=$final_path --source_id="$architecture" chmod 750 "$final_path" -#chmod -R o-rwx "$final_path" -chown -R root: "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app: "$final_path" + +setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' $final_path/AdGuardHome #================================================= # NGINX CONFIGURATION @@ -101,10 +118,10 @@ ynh_add_nginx_config ynh_script_progression --message="Modifying a config file..." --weight=1 # Main config File -ynh_add_config --template="../conf/AdGuardHome.yaml" --destination="$final_path/AdGuardHome/AdGuardHome.yaml" +ynh_add_config --template="../conf/AdGuardHome.yaml" --destination="$final_path/AdGuardHome.yaml" -chmod 600 "$final_path/AdGuardHome/AdGuardHome.yaml" -chown -R root: "$final_path/AdGuardHome/AdGuardHome.yaml" +chmod 600 "$final_path/AdGuardHome.yaml" +chown -R $app: "$final_path/AdGuardHome.yaml" #================================================= # SETUP SYSTEMD diff --git a/scripts/remove b/scripts/remove index 7cda89d..873c0b8 100644 --- a/scripts/remove +++ b/scripts/remove @@ -42,6 +42,14 @@ ynh_script_progression --message="Stopping and removing the systemd service..." # Remove the dedicated systemd config ynh_remove_systemd_config +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_script_progression --message="Removing dependencies..." --weight=1 + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + #================================================= # REMOVE APP MAIN DIR #================================================= diff --git a/scripts/restore b/scripts/restore index 3872481..e658c53 100644 --- a/scripts/restore +++ b/scripts/restore @@ -41,7 +41,7 @@ test ! -d $final_path \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the NGINX configuration..." --time --weight=1 +ynh_script_progression --message="Restoring the NGINX configuration..." --weight=1 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" @@ -63,7 +63,9 @@ ynh_restore_file --origin_path="$final_path" # this will be treated as a security issue. chmod 750 "$final_path" chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chown -R $app: "$final_path" + +setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' $final_path/AdGuardHome #================================================= # SPECIFIC RESTORATION @@ -88,7 +90,7 @@ systemctl enable $app.service --quiet #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --description="Ads & trackers blocking DNS server" --log="/var/log/$app/$app.log" +yunohost service add $app --description="Ads & trackers blocking DNS server" #================================================= # START SYSTEMD SERVICE diff --git a/scripts/upgrade b/scripts/upgrade index a8b1304..80bda9c 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -19,9 +19,11 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) admin=$(ynh_app_setting_get --app=$app --key=admin) +password=$(ynh_app_setting_get --app=$app --key=password) final_path=$(ynh_app_setting_get --app=$app --key=final_path) -language=$(ynh_app_setting_get --app=$app --key=language) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) +port=$(ynh_app_setting_get --app=$app --key=port) +adguard_port=$(ynh_app_setting_get --app=$app --key=adguard_port) +architecture=$(ynh_detect_arch) #================================================= # CHECK VERSION @@ -50,7 +52,10 @@ ynh_abort_if_errors #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="stop" + +# Disable the port 53 for upnp +ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $adguard_port #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -81,12 +86,14 @@ then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" + ynh_setup_source --dest_dir=$final_path --source_id="$architecture" fi chmod 750 "$final_path" chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chown -R $app: "$final_path" + +setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' $final_path/AdGuardHome #================================================= # NGINX CONFIGURATION @@ -96,6 +103,13 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --weight=1 + +ynh_install_app_dependencies $pkg_dependencies + #================================================= # UPDATE A CONFIG FILE #================================================= @@ -120,7 +134,7 @@ ynh_add_systemd_config #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --description="Ads & trackers blocking DNS server" --log="/var/log/$app/$app.log" +yunohost service add $app --description="Ads & trackers blocking DNS server" #================================================= # START SYSTEMD SERVICE