#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= ynh_clean_setup () { ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= # Retrieve arguments domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC ad_user=$YNH_APP_ARG_AD_USER ad_password=$YNH_APP_ARG_AD_PASSWORD ### If it's a multi-instance app, meaning it can be installed several times independently ### The id of the app as stated in the manifest is available as $YNH_APP_ID ### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) ### The app instance name is available as $YNH_APP_INSTANCE_NAME ### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample ### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 ### - ynhexample__{N} for the subsequent installations, with N=3,4, ... ### The app instance name is probably what interests you most, since this is ### guaranteed to be unique. This is a good unique identifier to define installation path, ### db names, ... app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". ### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" final_path=/opt/yunohost/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" # Normalize the url path syntax path_url=$(ynh_normalize_url_path "$path_url") # Check web path availability ynh_webpath_available "$domain" "$path_url" # Register (book) web path ynh_webpath_register "$app" "$domain" "$path_url" #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_app_setting_set "$app" domain "$domain" ynh_app_setting_set "$app" path "$path_url" ynh_app_setting_set "$app" is_public "$is_public" #============================================== # INSTALL DEPS #============================================== ynh_install_app_dependencies libcap2-bin libaprutil1 #================================================= # FIND AND OPEN A PORT #================================================= ### Use these lines if you have to open a port for the application ### `ynh_find_port` will find the first available port starting from the given port. ### If you're not using these lines: ### - Remove the section "CLOSE A PORT" in the remove script # Find a free port port=$(ynh_find_port 53) #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_app_setting_set "$app" final_path "$final_path" # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source "$final_path" #================================================= # GENERATE PASSWORD #================================================= # Check SHA1 #if ! sha1sum -c ../conf/htpasswd.checksum &> /dev/null # then # echo "htpasswd Integrity Error" # exit # else # echo "htpasswd Integrity Success" #fi #================================================= # MODIFY A CONFIG FILE #================================================= chmod +x ../conf/htpasswd password_gen=$(../conf/htpasswd -B -n -b "$ad_user" "$ad_password" | sed "s/"$ad_user"://") ynh_replace_string "__FINALPATH__" "$final_path" "../conf/systemd.service" ynh_replace_string "__USER__" "$ad_user" "../conf/AdGuardHome.yaml" ynh_replace_string "__PWD__" "$password_gen" "../conf/AdGuardHome.yaml" #================================================= # SETUP SYSTEMD #================================================= ynh_add_systemd_config systemctl enable "$app".service #============================================== # INSTALL ADGUARD #============================================== #setcap CAP_NET_BIND_SERVICE=+eip .$final_path/AdGuardHome #================================================= # NGINX CONFIGURATION #================================================= # Create a dedicated nginx config ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= # Create a system user #ynh_system_user_create $app #================================================= # MODIFY A CONFIG FILE #================================================= cp -a ../conf/AdGuardHome.yaml "$final_path"/AdGuardHome.yaml #================================================= # STORE THE CONFIG FILE CHECKSUM #================================================= ### `ynh_store_file_checksum` is used to store the checksum of a file. ### That way, during the upgrade script, by using `ynh_backup_if_checksum_is_different`, ### you can make a backup of this file before modifying it again if the admin had modified it. # Calculate and store the config file checksum into the app settings #ynh_store_file_checksum "$final_path/AdGuardHome.yaml" #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= ### For security reason, any app should set the permissions to root: before anything else. ### Then, if write authorization is needed, any access should be given only to directories ### that really need such authorization. # Set permissions to app files chown -R root: "$final_path" #================================================= # SETUP SSOWAT #================================================= # If app is public, add url to SSOWat conf as skipped_uris if [ "$is_public" -eq 1 ]; then # unprotected_uris allows SSO credentials to be passed anyway. ynh_app_setting_set "$app" unprotected_uris "/" fi # Reload services systemctl reload nginx systemctl stop dnsmasq.service systemctl disable dnsmasq.service systemctl start "$app".service