#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # CHECK VERSION #================================================= upgrade_type=$(ynh_check_app_version_changed) #================================================= # STANDARD UPGRADE STEPS #================================================= # STOP SYSTEMD SERVICE #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 ynh_systemd_action --service_name="$app" --action="stop" #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # if the port 53 is not open, open it, it's mandatory to use AGH if ! yunohost firewall list | grep -q " 53$"; then ynh_print_info --message="Opening port 53..." ynh_exec_warn_less yunohost firewall allow Both 53 fi if [ -z "${expose_port_53:-}" ] && [ "${expose_port_53:-}" = true ]; then expose_port_53="true" ynh_app_setting_set --app="$app" --key=expose_port_53 --value="$expose_port_53" elif [ -n "${expose_port_53:-}" ] || [ "${expose_port_53:-}" = false ]; then expose_port_53="false" ynh_app_setting_set --app="$app" --key=expose_port_53 --value="$expose_port_53" fi if [ -z "${dns_over_https:-}" ] && [ "${dns_over_https:-}" = true ]; then dns_over_https="true" ynh_app_setting_set --app="$app" --key=dns_over_https --value=$dns_over_https # no need to open the ports, as they were opened at the 'Provisioning ports' step ynh_print_info --message="DoH and DoQ ports are open." elif [ -n "${dns_over_https:-}" ] || [ "${dns_over_https:-}" = false ]; then dns_over_https="false" ynh_app_setting_set --app="$app" --key=dns_over_https --value=$dns_over_https # if dns_over_https is false, we need to close ports, # as they were opened at the 'Provisioning ports' step ynh_print_info --message="Closing DoH and DoQ ports..." ynh_exec_warn_less yunohost firewall disallow Both "$port_dns_over_http" --no-reload ynh_exec_warn_less yunohost firewall disallow UDP "$port_dns_over_quic" fi # about all those 'ynh_write_var_in_file': # AGH modifies by itself the config file when an user modifies it using the front-end # so if we're using 'ynh_add_config' to process the config file, each # regeneration of the config would break the user's changes :/ (yeah ik...) # maybe one day we'll use python3 -c "import yaml" in place of this shit, but not today # fill the 'tls:' section of the AGH configuration if necessary if grep -q "certificate_path: \"\"" "$install_dir/AdGuardHome.yaml" || grep -q "private_key_path: \"\"" "$install_dir/AdGuardHome.yaml" || grep -q "server_name: \"\"" "$install_dir/AdGuardHome.yaml"; then ynh_write_var_in_file --file="$install_dir/AdGuardHome.yaml" --key="enabled" --after="tls:" --value="$dns_over_https" ynh_write_var_in_file --file="$install_dir/AdGuardHome.yaml" --key="server_name" --value="$domain" ynh_write_var_in_file --file="$install_dir/AdGuardHome.yaml" --key="allow_unencrypted_doh" --value="true" ynh_write_var_in_file --file="$install_dir/AdGuardHome.yaml" --key="certificate_path" --value="/etc/yunohost/certs/$domain/crt.pem" ynh_write_var_in_file --file="$install_dir/AdGuardHome.yaml" --key="private_key_path" --value="/etc/yunohost/certs/$domain/key.pem" fi # check if one of 'port_https:', 'port_dns_over_tls:' or 'port_dns_over_quic:' uses the default setting if grep -q "port_https: 443" "$install_dir/AdGuardHome.yaml" || grep -q "port_dns_over_tls: 853" "$install_dir/AdGuardHome.yaml" || grep -q "port_dns_over_quic: 784" "$install_dir/AdGuardHome.yaml"; then # if so: mandatory replacement for them # (because the final user can't easily know the ports used by the package) ynh_write_var_in_file --file="$install_dir/AdGuardHome.yaml" --key="port_https" --value="$port_internal_https" ynh_write_var_in_file --file="$install_dir/AdGuardHome.yaml" --key="port_dns_over_tls" --value="$port_dns_over_http" ynh_write_var_in_file --file="$install_dir/AdGuardHome.yaml" --key="port_dns_over_quic" --value="$port_dns_over_quic" fi # remove setting no longer required ynh_app_setting_delete --app="$app" --key=port_adguard if [ -z "${new_password:-}" ]; then ynh_app_setting_set --app="$app" --key=new_password --value="" fi #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" fi chmod -R o-rwx "$install_dir" chown -R "$app:$app" "$install_dir" setcap 'CAP_NET_BIND_SERVICE=+eip CAP_NET_RAW=+eip' "$install_dir/AdGuardHome" #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config # Create a dedicated systemd config ynh_add_systemd_config # declare needs_exposed_ports according to real user need if [ "$dns_over_https" == "true" ] && [ "$expose_port_53" == "true" ]; then yunohost service add "$app" --description="Ads & trackers blocking DNS server" --needs_exposed_ports "53" "$port_dns_over_http" "$port_dns_over_quic" elif [ "$dns_over_https" == "true" ]; then yunohost service add "$app" --description="Ads & trackers blocking DNS server" --needs_exposed_ports "$port_dns_over_http" "$port_dns_over_quic" elif [ "$expose_port_53" == "true" ]; then yunohost service add "$app" --description="Ads & trackers blocking DNS server" --needs_exposed_ports "53" else yunohost service add "$app" --description="Ads & trackers blocking DNS server" fi #================================================= # SPECIFIC UPGRADE #================================================= # adding the adguardhome dedicated user to the 'ssl-cert' group to permit the # use of the Let's Encrypt certs for DOT/DOQ usermod -a -G ssl-cert "$app" #================================================= # UPDATE A CONFIG FILE #================================================= ynh_script_progression --message="Updating a configuration file..." --weight=1 # get the name of the network interface in IPv4 and IPv6 ipv4_interface="$(get_network_interface 4)" ipv6_interface="$(get_network_interface 6)" # get IPv4 for the AGH config file # the 'sed' is used to get rid of the network prefix ('/24' for example) and the router IP ipv4_addr=$(process_ips "$(ip -4 address show "$ipv4_interface" 2> /dev/null | grep inet | sed 's&/.*&&')") # get IPv6 for the AGH config file # the 'sed' is used to get rid of the network prefix ('/64' for example) ipv6_addr=$(process_ips "$(ip -6 address show "$ipv6_interface" 2> /dev/null | grep inet | sed 's&/.*&&')") # update the IP adresses in the AGH config file update_agh_ip_config chmod 600 "$install_dir/AdGuardHome.yaml" chown -R "$app:$app" "$install_dir/AdGuardHome.yaml" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name="$app" --action="restart" --log_path="systemd" #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Upgrade of $app completed" --last