diff --git a/check_process b/check_process index 0cbeae3..e22be27 100644 --- a/check_process +++ b/check_process @@ -1,16 +1,11 @@ -# See here for more informations -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - path="/" (PATH) - is_public=1 (PUBLIC|public=1|private=0) -# password="pass" -# nextclouddomain="domain.tld" - port="9980" (PORT) + domain="domain.tld" + path="/" + is_public=1 + password="password-srtong" + admin="domain.tld" + ; Checks pkg_linter=1 setup_sub_dir=0 @@ -21,22 +16,7 @@ upgrade=1 backup_restore=1 multi_instance=1 - incorrect_path=1 - port_already_use=0 change_url=0 -;;; Levels - Level 1=auto - Level 2=auto - Level 3=auto -# Level 4: - Level 4=1 (This app supports the Nextcloud LDAP auth) -# Level 5: - Level 5=auto - Level 6=auto - Level 7=auto - Level 8=0 - Level 9=0 - Level 10=0 ;;; Options Email= Notification=none diff --git a/conf/AdGuardHome.yaml b/conf/AdGuardHome.yaml index 29b29cb..5880639 100644 --- a/conf/AdGuardHome.yaml +++ b/conf/AdGuardHome.yaml @@ -1,8 +1,8 @@ bind_host: 0.0.0.0 bind_port: 3000 users: -- name: __USER__ - password: __PWD__ +- name: __ADMIN__ + password: __PASSWORD__ http_proxy: "" language: "" rlimit_nofile: 0 diff --git a/scripts/_common.sh b/scripts/_common.sh index c1339b7..dcd503f 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # dependencies used by the app -pkg_dependencies="" +pkg_dependencies="libcap2-bin libaprutil1" #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index 3791b2c..449164c 100644 --- a/scripts/install +++ b/scripts/install @@ -54,11 +54,12 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=is_public --value=$is_public -#============================================== -# INSTALL DEPS -#============================================== +#================================================= +# INSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Installing dependencies..." --weight=9 -ynh_install_app_dependencies libcap2-bin libaprutil1 +ynh_install_app_dependencies $pkg_dependencies #================================================= # FIND AND OPEN A PORT diff --git a/scripts/restore b/scripts/restore index 144f42e..c430756 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -24,22 +24,22 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app="$app" --key=domain) -path_url=$(ynh_app_setting_get --app="$app" --key=path) -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= ynh_script_progression --message="Validating restoration parameters..." --time --weight=1 -ynh_webpath_available --domain="$domain" --path_url="$path_url" \ +ynh_webpath_available --domain=$domain --path_url=$path_url \ || ynh_die --message="Path not available: ${domain}${path_url}" -test ! -d "$final_path" \ +test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " #================================================= @@ -47,9 +47,18 @@ test ! -d "$final_path" \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the NGINX configuration..." --time --weight=1 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -57,43 +66,49 @@ ynh_script_progression --message="Restoring the app main directory..." --time -- ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username="$app" +# this will be treated as a security issue. +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # SPECIFIC RESTORATION +#================================================= +# REINSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Reinstalling dependencies..." --time --weight=1 + +# Define and install dependencies +ynh_install_app_dependencies $pkg_dependencies + #================================================= # RESTORE SYSTEMD #================================================= ynh_script_progression --message="Restoring the systemd configuration..." --time --weight=1 ynh_restore_file --origin_path="/etc/systemd/system/$app.service" -systemctl enable "$app".service +systemctl enable $app.service --quiet #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 -yunohost service add "$app" --description "Adguard media system" --log "/var/log/$app/$app.log" +yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --time --weight=1 -ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" #================================================= # GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading nginx web server and php-fpm..." --time --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index c2b10ac..acff4ac 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,52 +1,186 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# See comments in install script -app=$YNH_APP_INSTANCE_NAME -final_path=/opt/yunohost/$app -date=$(date +%Y.%m.%d_%H-%M-%S) - -# Source YunoHost helpers +source _common.sh source /usr/share/yunohost/helpers -cp -a /opt/yunohost/"$app"/AdGuardHome.yaml /opt/yunohost/"$app"/AdGuardHome.yaml."$date".bak +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --time --weight=1 + +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +admin=$(ynh_app_setting_get --app=$app --key=admin) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +language=$(ynh_app_setting_get --app=$app --key=language) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) + +#================================================= +# CHECK VERSION +#================================================= + +### This helper will compare the version of the currently installed app and the version of the upstream package. +### $upgrade_type can have 2 different values +### - UPGRADE_APP if the upstream app version has changed +### - UPGRADE_PACKAGE if only the YunoHost package has changed +### ynh_check_app_version_changed will stop the upgrade if the app is up to date. +### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. +upgrade_type=$(ynh_check_app_version_changed) + +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --time --weight=1 + +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 + +# +# N.B. : the followings setting migrations snippets are provided as *EXAMPLES* +# of what you may want to do in some cases (e.g. a setting was not defined on +# some legacy installs and you therefore want to initiaze stuff during upgrade) +# + +# If db_name doesn't exist, create it +#if [ -z "$db_name" ]; then +# db_name=$(ynh_sanitize_dbid --db_name=$app) +# ynh_app_setting_set --app=$app --key=db_name --value=$db_name +#fi + +# If final_path doesn't exist, create it +#if [ -z "$final_path" ]; then +# final_path=/var/www/$app +# ynh_app_setting_set --app=$app --key=final_path --value=$final_path +#fi + +### If nobody installed your app before 4.1, +### then you may safely remove these lines + +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + +if ! ynh_permission_exists --permission="admin"; then + # Create the required permissions + ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin +fi + +# Create a permission if needed +if ! ynh_permission_exists --permission="api"; then + ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" +fi + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_app_setting_set "$app" final_path "$final_path" +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --time --weight=1 -# Download, check integrity, uncompress and patch the source from app-[arch].src -case $(uname -m) in - x86_64) ynh_setup_source "$final_path" "app-amd64" ;; - aarch64) ynh_setup_source "$final_path" "app-arm64" ;; - armv7l) ynh_setup_source "$final_path" "app-arm" ;; - *) ynh_die "Unknown arch" ;; -esac + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path" +fi + +# FIXME: this should be managed by the core in the future +# Here, as a packager, you may have to tweak the ownerhsip/permissions +# such that the appropriate users (e.g. maybe www-data) can access +# files in some cases. +# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - +# this will be treated as a security issue. +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Upgrading NGINX web server configuration..." --time --weight=1 -# Create a dedicated nginx config -#ynh_add_nginx_config +# Create a dedicated NGINX config +ynh_add_nginx_config #================================================= -# UPGRADE CONFIG +# UPDATE A CONFIG FILE #================================================= -#cp -a ../conf/loolwsd.xml /etc/loolwsd -#ynh_replace_string "__NEXTCLOUDDOMAIN__" "$nextcloud_domain" "/etc/loolwsd/loolwsd.xml" -#ynh_replace_string "__PASSWORD__" "$password" "/etc/loolwsd/loolwsd.xml" -#systemctl restart loolwsd +ynh_script_progression --message="Updating a configuration file..." --time --weight=1 -# If app is public, add url to SSOWat conf as skipped_uris -#if [[ $is_public -eq 1 ]]; then - # See install script -# ynh_app_setting_set "$app" unprotected_uris "/" -#fi +# Main config File +ynh_add_config --template="../conf/AdGuardHome.yaml" --destination="$final_path/AdGuardHome.yaml" -# Start Adguard service -systemctl restart adguard +chmod 600 "$final_path/AdGuardHome.yaml" +chown -R $app "$final_path/AdGuardHome.yaml" + +#================================================= +# SETUP SYSTEMD +#================================================= +ynh_script_progression --message="Upgrading systemd configuration..." --time --weight=1 + +# Create a dedicated systemd config +ynh_add_systemd_config + +#================================================= +# INTEGRATE SERVICE IN YUNOHOST +#================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 + +yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --time --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Upgrade of $app completed" --time --last