From eda7fea4854de7c69691e002e1e1e96b0a57f763 Mon Sep 17 00:00:00 2001 From: eric_G <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 4 Feb 2024 15:51:52 +0100 Subject: [PATCH] Testing (#91) * 0.9.3 * Auto-update README * Update baikal.yaml * Php (#74) * set php * Fix * Update upgrade * Auto-update README * cleaning * Update manifest.json * Auto-update README * Update manifest.json * Update upgrade * remove old link * Auto-update README * Update nginx.conf * Update upgrade * fix * Auto-update README * Update upgrade * Update check_process * Update manifest.json * Auto-update README * Update baikal.yaml * Update upgrade (#83) * Version 2 (#79) * v2 * v2 * fix * Update manifest.toml * fix * Auto-update README * fix * Auto-update README * Update manifest.toml * Update manifest.toml * Update manifest.toml * Update upgrade * cleaning * Update manifest.toml * Update upgrade * Auto-update README * Update manifest.toml * Auto-update README * Update install --------- Co-authored-by: yunohost-bot * cleaning * Auto-update README * Update manifest.toml * Update manifest.toml * Auto-update README * Update manifest.toml * rename 'app' -> 'main' (#89) 'main' is the new default source_id. This re-enables the extra sources and the patch, which in turn re-enables the LDAP authentication. * Auto-update README * Update manifest.toml * Auto-update README * Update manifest.toml * Auto-update README * cleaning * Add fail2ban (#92) * fail2ban for LDAP authentication errors * fix log file path * fix regex * cleaning --------- Co-authored-by: ericgaspar * Add explaining help text So far it is not obvious that the app needs to be set to public for CalDAV/CardDAV clients to work. * Update install: typo... * Update upgrade: typo again * enable anonymous access by default (#95) --------- Co-authored-by: yunohost-bot Co-authored-by: Toromtomtom Co-authored-by: Tom Warnke Co-authored-by: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> --- README.md | 2 +- README_fr.md | 2 +- conf/baikal.yaml | 2 +- manifest.toml | 16 ++++++++-------- scripts/backup | 7 +++++++ scripts/install | 16 ++++++++++++---- scripts/remove | 4 ++-- scripts/restore | 6 ++++-- scripts/upgrade | 13 ++++++++----- 9 files changed, 44 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 4a1e36b..06b644d 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Baïkal is a lightweight CalDAV+CardDAV server. It offers an extensive web interface with easy management of users, address books and calendars. It is fast and simple to install and only needs a basic PHP capable server. The data are stored in a MySQL database. Baïkal allows to seamlessly access your contacts and calendars from every device. It is compatible with iOS, macOS, DAVx5 on Android, Mozilla Thunderbird and every other CalDAV and CardDAV capable application. Protect your privacy by hosting calendars and contacts yourself with Baïkal. -**Shipped version:** 0.9.3~ynh5 +**Shipped version:** 0.9.4~ynh1 **Demo:** https://demo.yunohost.org/baikal/admin/ diff --git a/README_fr.md b/README_fr.md index 59e0983..7ef7513 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,7 +18,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Baïkal est un serveur léger CalDAV+CardDAV. Il offre une interface Web étendue avec une gestion facile des utilisateurs, des carnets d'adresses et des calendriers. Il est rapide et simple à installer et ne nécessite qu'un serveur de base. Les données sont stockées dans une base de données MySQL. Baïkal permet d'accéder de manière transparente à vos contacts et calendriers depuis n'importe quel appareil. Il est compatible avec iOS, macOS, DAVx5 sur Android, Mozilla Thunderbird et toutes les autres applications compatibles CalDAV et CardDAV. Protégez votre vie privée en hébergeant vous-même des calendriers et contacts avec Baïkal. -**Version incluse :** 0.9.3~ynh5 +**Version incluse :** 0.9.4~ynh1 **Démo :** https://demo.yunohost.org/baikal/admin/ diff --git a/conf/baikal.yaml b/conf/baikal.yaml index ae18af5..726399c 100644 --- a/conf/baikal.yaml +++ b/conf/baikal.yaml @@ -1,5 +1,5 @@ system: - configured_version: '0.9.3' + configured_version: '0.9.4' timezone: '__TIMEZONE__' card_enabled: true cal_enabled: true diff --git a/manifest.toml b/manifest.toml index 9108602..5d8237c 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Baïkal" description.en = "Lightweight CalDAV and CardDAV server" description.fr = "Serveur CalDAV et CardDAV léger" -version = "0.9.3~ynh5" +version = "0.9.4~ynh1" maintainers = [] @@ -21,8 +21,11 @@ code = "https://github.com/sabre-io/Baikal" yunohost = ">= 11.2" architectures = "all" multi_instance = false + ldap = true + sso = false + disk = "50M" ram.build = "100M" ram.runtime = "50M" @@ -35,17 +38,13 @@ ram.runtime = "50M" type = "path" default = "/baikal" - [install.init_main_permission] - type = "group" - default = "all_users" - [install.password] type = "password" [resources] [resources.sources.main] - url = "https://github.com/sabre-io/Baikal/releases/download/0.9.3/baikal-0.9.3.zip" - sha256 = "d36955ce2e60a03875cf33ad793ddcecfae52096af39de1f2bf709de9f16cb5e" + url = "https://github.com/sabre-io/Baikal/releases/download/0.9.4/baikal-0.9.4.zip" + sha256 = "47a23aa06bc82504e0f216ea81328d9fa00c9c9d9f178d5487ce8960e941e58e" autoupdate.strategy = "latest_github_tag" [resources.system_user] @@ -54,9 +53,10 @@ ram.runtime = "50M" [resources.permissions] main.url = "/" + main.allowed = "visitors" main.auth_header = false admin.url = "/admin" - admin.allowed= "admins" + admin.allowed = "admins" admin.show_tile = false [resources.apt] diff --git a/scripts/backup b/scripts/backup index 214b288..04eed75 100644 --- a/scripts/backup +++ b/scripts/backup @@ -33,6 +33,13 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" + #================================================= # BACKUP THE MYSQL DATABASE #================================================= diff --git a/scripts/install b/scripts/install index cb8c8a9..d9ba7fc 100644 --- a/scripts/install +++ b/scripts/install @@ -41,7 +41,6 @@ ynh_app_setting_set --app=$app --key=password_hash --value="$password_hash" #================================================= ynh_script_progression --message="Setting up source files..." --weight=8 -# Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" chmod -R o-rwx "$install_dir" @@ -52,12 +51,21 @@ chown -R $app:www-data "$install_dir" #================================================= ynh_script_progression --message="Adding system configurations related to $app..." --weight=1 -# Create a dedicated PHP-FPM config ynh_add_fpm_config -# Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Configuring fail2ban..." --weight=1 + +# Create the logfile, required before configuring fail2ban +touch "/var/log/nginx/${domain}-error.log" + +# Create a dedicated fail2ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: ' + #================================================= # SPECIFIC SETUP #================================================= @@ -74,7 +82,7 @@ ynh_script_progression --message="Adding a configuration file..." --weight=1 path=${path%/} -ynh_add_config --template="../conf/baikal.yaml" --destination="$install_dir/config/baikal.yaml" +ynh_add_config --template="baikal.yaml" --destination="$install_dir/config/baikal.yaml" chown $app: "$install_dir/config/baikal.yaml" chmod 640 "$install_dir/config/baikal.yaml" diff --git a/scripts/remove b/scripts/remove index 61db822..8d28c8c 100644 --- a/scripts/remove +++ b/scripts/remove @@ -14,12 +14,12 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 -# Remove the dedicated NGINX config ynh_remove_nginx_config -# Remove the dedicated PHP-FPM config ynh_remove_fpm_config +ynh_remove_fail2ban_config + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 8f4c828..77daf9b 100644 --- a/scripts/restore +++ b/scripts/restore @@ -45,14 +45,16 @@ ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./ #================================================= # RESTORE SYSTEM CONFIGURATIONS #================================================= -# RESTORE THE PHP-FPM CONFIGURATION -#================================================= ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 4be4cb8..b3ea522 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -23,7 +23,6 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=3 - # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" --keep="config/baikal.yaml" fi @@ -31,16 +30,20 @@ chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" #================================================= -# PHP-FPM CONFIGURATION +# SYSTEM CONFIGURATION #================================================= ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2 -# Create a dedicated PHP-FPM config ynh_add_fpm_config -# Create a dedicated NGINX config ynh_add_nginx_config +# Create the logfile, required before configuring fail2ban +touch "/var/log/nginx/${domain}-error.log" + +# Create a dedicated fail2ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex='"PHP message: user \(name stripped-out\) authentication failure for Baikal" while reading response header from upstream, client: ' + #================================================= # SPECIFIC UPGRADE #================================================= @@ -55,7 +58,7 @@ then timezone=$(cat /etc/timezone) path=${path%/} - ynh_add_config --template="../conf/baikal.yaml" --destination="$install_dir/config/baikal.yaml" + ynh_add_config --template="baikal.yaml" --destination="$install_dir/config/baikal.yaml" chown $app: "$install_dir/config/baikal.yaml" chmod 640 "$install_dir/config/baikal.yaml" fi