bonfire_ynh/scripts/install

#!/bin/bash

#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================

source _common.sh
source /usr/share/yunohost/helpers

#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=1

# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$install_dir"

chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"

#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1

# Create a dedicated NGINX config
ynh_add_nginx_config

#=================================================
# SPECIFIC SETUP
#=================================================
# Configuration files
#=================================================

config="$install_dir/.config"
env_file="$install_dir/.env"

export MIX_ENV=prod FLAVOUR=classic

ynh_exec_warn_less just config
# generate secrets
ynh_replace_string --match_string="SECRET_KEY_BASE=you-should-put-a-secure-string-here" --replace_string="SECRET_KEY_BASE=$(openssl rand -base64 128)" --target_file="$env_file"
ynh_replace_string --match_string="SIGNING_SALT=you-should-put-a-different-secure-string-here" --replace_string="SIGNING_SALT=$(openssl rand -base64 128)" --target_file="$env_file"
ynh_replace_string --match_string="ENCRYPTION_SALT=you-should-put-yet-another-secure-string-here" --replace_string="ENCRYPTION_SALT=$(openssl rand -base64 128)" --target_file="$env_file"

# Configure server ports
ynh_replace_string --match_string="HOSTNAME=localhost" --replace_string="HOSTNAME=$domain" --target_file="$env_file"
# TODO : mail service ?
ynh_replace_string --match_string="SERVER_PORT=4000" --replace_string="SERVER_PORT^=$port" --target_file="$env_file"
ynh_replace_string --match_string="PUBLIC_PORT=4000" --replace_string="PUBLIC_PORT=443" --target_file="$env_file"

# TODO : Configure S3 - with proper Yunohost question during installation
# UPLOADS_S3_BUCKET=
# UPLOADS_S3_ACCESS_KEY_ID=
# UPLOADS_S3_SECRET_ACCESS_KEY=

# max file upload size
UPLOAD_LIMIT="${media_upload_size:0:2}000000" # convert the MB argument in bytes

#=================================================
# Configure the release
#=================================================
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix deps.get --only prod

ynh_exec_warn_less just js-deps-get
ynh_exec_warn_less just assets-prepare
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix phx.digest

# create an elexir release
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix release

#=================================================
# Run the release
#=================================================
release_folder="$install_dir/_build/prod/rel/bonfire/"

# Database created before, let's run the migrations
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "$release_folder/bin/bonfire eval 'EctoSparkles.Migrator.migrate()'"

# start bonfire as a daemon
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc  "$release_folder/bin/bonfire start daemon"

#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=1

### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
### Use this helper only if there is effectively a log file for this app.
### If you're not using this helper:
###		- Remove the section "BACKUP LOGROTATE" in the backup script
###		- Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
###		- As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
###		- And the section "SETUP LOGROTATE" in the upgrade script

# Use logrotate to manage application logfile(s)
ynh_use_logrotate

#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring Fail2Ban..." --weight=1

# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"

#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1

# Make app public if necessary
if [ $is_public -eq 1 ]
then
	# Everyone can access the app.
	# The "main" permission is automatically created before the install script.
	ynh_permission_update --permission="main" --add="visitors"
fi

### N.B. : the following extra permissions only make sense if your app
### does have for example an admin interface or an API.

# Only the admin can access the admin panel of the app (if the app has an admin panel)
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin

# Everyone can access the API part
# We don't want to display the tile in the SSO so we put --show_tile="false"
# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true"
ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"

#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1

ynh_systemd_action --service_name=nginx --action=reload

#=================================================
# END OF SCRIPT
#=================================================

ynh_script_progression --message="Installation of $app completed" --last
Initial release, first try… 2023-01-14 16:41:14 +01:00			`#!/bin/bash`

			`#=================================================`
			`# GENERIC START`
			`#=================================================`
			`# IMPORT GENERIC HELPERS`
			`#=================================================`

			`source _common.sh`
			`source /usr/share/yunohost/helpers`

			`#=================================================`
			`# DOWNLOAD, CHECK AND UNPACK SOURCE`
			`#=================================================`
			`ynh_script_progression --message="Setting up source files..." --weight=1`

			`# Download, check integrity, uncompress and patch the source from app.src`
package v2 : install_dir instead of final_path 2023-02-05 18:14:48 +01:00			`ynh_setup_source --dest_dir="$install_dir"`
Initial release, first try… 2023-01-14 16:41:14 +01:00
package v2 : install_dir instead of final_path 2023-02-05 18:14:48 +01:00			`chmod -R o-rwx "$install_dir"`
			`chown -R $app:www-data "$install_dir"`
Initial release, first try… 2023-01-14 16:41:14 +01:00
			`#=================================================`
			`# NGINX CONFIGURATION`
			`#=================================================`
			`ynh_script_progression --message="Configuring NGINX web server..." --weight=1`

			`# Create a dedicated NGINX config`
			`ynh_add_nginx_config`

			`#=================================================`
			`# SPECIFIC SETUP`
			`#=================================================`
			`# Configuration files`
			`#=================================================`

package v2 : install_dir instead of final_path 2023-02-05 18:14:48 +01:00			`config="$install_dir/.config"`
			`env_file="$install_dir/.env"`
Initial release, first try… 2023-01-14 16:41:14 +01:00
			`export MIX_ENV=prod FLAVOUR=classic`

Just executable rights 2023-01-14 17:40:01 +01:00			`ynh_exec_warn_less just config`
Initial release, first try… 2023-01-14 16:41:14 +01:00			`# generate secrets`
Generate secrets + add S3 template (for later use) 2023-02-05 13:20:36 +01:00			`ynh_replace_string --match_string="SECRET_KEY_BASE=you-should-put-a-secure-string-here" --replace_string="SECRET_KEY_BASE=$(openssl rand -base64 128)" --target_file="$env_file"`
			`ynh_replace_string --match_string="SIGNING_SALT=you-should-put-a-different-secure-string-here" --replace_string="SIGNING_SALT=$(openssl rand -base64 128)" --target_file="$env_file"`
			`ynh_replace_string --match_string="ENCRYPTION_SALT=you-should-put-yet-another-secure-string-here" --replace_string="ENCRYPTION_SALT=$(openssl rand -base64 128)" --target_file="$env_file"`
Initial release, first try… 2023-01-14 16:41:14 +01:00
Generate secrets + add S3 template (for later use) 2023-02-05 13:20:36 +01:00			`# Configure server ports`
Initial release, first try… 2023-01-14 16:41:14 +01:00			`ynh_replace_string --match_string="HOSTNAME=localhost" --replace_string="HOSTNAME=$domain" --target_file="$env_file"`
			`# TODO : mail service ?`
			`ynh_replace_string --match_string="SERVER_PORT=4000" --replace_string="SERVER_PORT^=$port" --target_file="$env_file"`
			`ynh_replace_string --match_string="PUBLIC_PORT=4000" --replace_string="PUBLIC_PORT=443" --target_file="$env_file"`
Generate secrets + add S3 template (for later use) 2023-02-05 13:20:36 +01:00
Initial release, first try… 2023-01-14 16:41:14 +01:00			`# TODO : Configure S3 - with proper Yunohost question during installation`
Generate secrets + add S3 template (for later use) 2023-02-05 13:20:36 +01:00			`# UPLOADS_S3_BUCKET=`
			`# UPLOADS_S3_ACCESS_KEY_ID=`
			`# UPLOADS_S3_SECRET_ACCESS_KEY=`

Add media upload size parameter 2023-02-05 13:35:59 +01:00			`# max file upload size`
			`UPLOAD_LIMIT="${media_upload_size:0:2}000000" # convert the MB argument in bytes`
Initial release, first try… 2023-01-14 16:41:14 +01:00
			`#=================================================`
			`# Configure the release`
			`#=================================================`
			`ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix deps.get --only prod`

Just executable rights 2023-01-14 17:40:01 +01:00			`ynh_exec_warn_less just js-deps-get`
			`ynh_exec_warn_less just assets-prepare`
Initial release, first try… 2023-01-14 16:41:14 +01:00			`ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix phx.digest`

			`# create an elexir release`
			`ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix release`

			`#=================================================`
			`# Run the release`
			`#=================================================`
package v2 : install_dir instead of final_path 2023-02-05 18:14:48 +01:00			`release_folder="$install_dir/_build/prod/rel/bonfire/"`
Initial release, first try… 2023-01-14 16:41:14 +01:00
			`# Database created before, let's run the migrations`
			`ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "$release_folder/bin/bonfire eval 'EctoSparkles.Migrator.migrate()'"`

			`# start bonfire as a daemon`
			`ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "$release_folder/bin/bonfire start daemon"`

			`#=================================================`
			`# GENERIC FINALIZATION`
			`#=================================================`
			`# SETUP LOGROTATE`
			`#=================================================`
			`ynh_script_progression --message="Configuring log rotation..." --weight=1`

			### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
			`### Use this helper only if there is effectively a log file for this app.`
			`### If you're not using this helper:`
			`### - Remove the section "BACKUP LOGROTATE" in the backup script`
			`### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script`
			`### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script`
			`### - And the section "SETUP LOGROTATE" in the upgrade script`

			`# Use logrotate to manage application logfile(s)`
			`ynh_use_logrotate`

			`#=================================================`
			`# SETUP FAIL2BAN`
			`#=================================================`
			`ynh_script_progression --message="Configuring Fail2Ban..." --weight=1`

			`# Create a dedicated Fail2Ban config`
			`ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"`

			`#=================================================`
			`# SETUP SSOWAT`
			`#=================================================`
			`ynh_script_progression --message="Configuring permissions..." --weight=1`

			`# Make app public if necessary`
			`if [ $is_public -eq 1 ]`
			`then`
			`# Everyone can access the app.`
			`# The "main" permission is automatically created before the install script.`
			`ynh_permission_update --permission="main" --add="visitors"`
			`fi`

			`### N.B. : the following extra permissions only make sense if your app`
			`### does have for example an admin interface or an API.`

			`# Only the admin can access the admin panel of the app (if the app has an admin panel)`
			`ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin`

			`# Everyone can access the API part`
			`# We don't want to display the tile in the SSO so we put --show_tile="false"`
			`# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true"`
			`ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"`

			`#=================================================`
			`# RELOAD NGINX`
			`#=================================================`
			`ynh_script_progression --message="Reloading NGINX web server..." --weight=1`

			`ynh_systemd_action --service_name=nginx --action=reload`

			`#=================================================`
			`# END OF SCRIPT`
			`#=================================================`

			`ynh_script_progression --message="Installation of $app completed" --last`