#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= ynh_clean_setup () { ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC is_signup=$YNH_APP_ARG_IS_SIGNUP app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." --weight=1 ### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". ### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app" final_path=/opt/yunohost/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Only on / directory if [ "$path_url" != "/" ]; then ynh_die "Only / is allowed" fi # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=is_signup --value=$is_signup #================================================= # STANDARD MODIFICATIONS #================================================= # FIND AND OPEN A PORT #================================================= ynh_script_progression --message="Finding an available port..." --weight=1 # Find an available port port=$(ynh_find_port --port=8008) ynh_app_setting_set --app=$app --key=port --value=$port # Optional: Expose this port publicly # (N.B.: you only need to do this if the app actually needs to expose the port publicly. # If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !) # Open the port # ynh_script_progression --message="Configuring firewall..." --weight=1 # ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port #================================================= # INSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Installing dependencies..." --weight=4 ynh_install_nodejs --nodejs_version=$NODEJS_VERSION ynh_use_nodejs #================================================= # CHECK AND CREATE FINAL_PATH #================================================= ynh_script_progression --message="Setting up and create final app path..." --weight=1 ynh_app_setting_set $app final_path $final_path # Download, check integrity, uncompress and patch the source from app.src # ynh_setup_source --dest_dir="$final_path" # Create final_path mkdir -p "$final_path" #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=1 ### `ynh_add_nginx_config` will use the file conf/nginx.conf # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Configuring a systemd service..." --weight=1 ynh_replace_string --match_string="__NODEJS_PATH__" --replace_string="$nodejs_path" --target_file="../conf/systemd.service" ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service" # Create a dedicated systemd config ynh_add_systemd_config #================================================= # DEFINE ARMADIETTO OPTIONS & CREATE DIRECTORY FOR DATA #================================================= ynh_script_progression --message="Configuring armadietto options..." --weight=1 # Define armadietto module path modulepath="$node_version_path/$nodejs_version/lib/node_modules/armadietto/lib" # Define app's data directory datadir="/home/yunohost.app/${app}/storage" # Create app folders mkdir -p "$datadir" cp -f ../conf/server.js "$final_path/server.js" ynh_replace_string --match_string="__MODULE_PATH__" --replace_string="$modulepath" --target_file="$final_path/server.js" ynh_replace_string --match_string="__DATADIR__" --replace_string="$datadir" --target_file="$final_path/server.js" ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/server.js" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/server.js" ynh_replace_string --match_string="__SIGNUP__" --replace_string="$is_signup" --target_file="$final_path/server.js" #================================================= # INSTALL ARMADIETTO #================================================= ynh_script_progression --message="Install armadietto with npm..." --weight=1 cd $final_path npm -g i armadietto ynh_script_progression --message="Armadietto installed..." --weight=1 #================================================= # GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate #================================================= # SECURE FILES AND DIRECTORIES #================================================= ynh_script_progression --message="Secure files and directories" --weight=1 # Set permissions to app files chown -R $app:$app "$final_path" chmod 0700 $datadir && chown $app:$app $datadir #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" #================================================= # SETUP FAIL2BAN #================================================= # ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 # Create a dedicated Fail2Ban config # ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 # Make app public if necessary if [ $is_public -eq 1 ] then # Everyone can access the app. # The "main" permission is automatically created before the install script. ynh_permission_update --permission="main" --add="visitors" fi ### N.B. : the following extra permissions only make sense if your app ### does have for example an admin interface or an API. # Only the admin can access the admin panel of the app (if the app has an admin panel) # ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin # Everyone can access the API part # We don't want to display the tile in the SSO so we put --show_tile="false" # And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true" # ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload #================================================= # START ARMADIETTO #================================================= ynh_script_progression --message="Start armadietto web server..." --weight=1 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed" --last