diff --git a/README.md b/README.md index 270770c..040bf1e 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Federated social networking server built on ActivityPub open protocol -**Shipped version:** 0.1~ynh1 +**Shipped version:** 0.9.8-beta.26~ynh2 **Demo:** https://playground.bonfire.cafe/ ## Documentation and resources @@ -27,7 +27,7 @@ Federated social networking server built on ActivityPub open protocol * Official user documentation: * Official admin documentation: * Upstream app code repository: -* YunoHost documentation for this app: +* YunoHost Store: * Report a bug: ## Developer info diff --git a/README_fr.md b/README_fr.md index 4f87b28..32e4c56 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,7 +18,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPub -**Version incluse :** 0.1~ynh1 +**Version incluse :** 0.9.8-beta.26~ynh2 **Démo :** https://playground.bonfire.cafe/ ## Documentations et ressources @@ -27,7 +27,7 @@ Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPu * Documentation officielle utilisateur : * Documentation officielle de l’admin : * Dépôt de code officiel de l’app : -* Documentation YunoHost pour cette app : +* YunoHost Store: * Signaler un bug : ## Informations pour les développeurs diff --git a/conf/.env b/conf/.env new file mode 100644 index 0000000..0c1fcbd --- /dev/null +++ b/conf/.env @@ -0,0 +1,84 @@ +MIX_ENV=prod +FLAVOUR=classic + +WITH_DOCKER=no + +## OTHER CONFIG ## +# server domain name: +HOSTNAME=__DOMAIN__ +# server port: +SERVER_PORT=__PORT__ +# port your visitors will access (typically 80 or 443, will be different than SERVER_PORT only if using a reverse proxy) +PUBLIC_PORT=443 +# hostname and port of meili search index +SEARCH_MEILI_INSTANCE=http://localhost:7700 +# require an email address to be invited before being able to sign up +INVITE_ONLY=true + +# uncomment in order to NOT automatically change the database schema when you upgrade the app +# DISABLE_DB_AUTOMIGRATION=true +# max file upload size (default is 20 meg) +UPLOAD_LIMIT=__MEDIA_UPLOAD_SIZE__ +# ==================================== +# You should not have to edit any of the following ones: +POSTGRES_HOST=localhost +LANG=en_US.UTF-8 +LANGUAGE=en_US.UTF-8 +REPLACE_OS_VARS=true +LIVEVIEW_ENABLED=true +POSTGRES_USER=__APP__ +POSTGRES_DB=__APP__ +ACME_AGREE=true +SHOW_DEBUG_IN_DEV=true +# PLUG_SERVER=bandit +## SECRETS ## +# make sure you change everything to your own secrets! +# and do not check this into git or any public host + +# for sessions/cookies, you can generate strings for these by running: just secrets +SECRET_KEY_BASE=__SECRET_KEY_BASE__ +SIGNING_SALT=__SIGNING_SALT__ +ENCRYPTION_SALT=__ENCRYPTION_SALT__ + +# database access +POSTGRES_PASSWORD=__DB_PWD__ + +# password for the search index +MEILI_MASTER_KEY=__MEILI_MASTER_KEY__ + +# what service to use for sending out emails (eg. smtp, mailgun, none) NOTE: you should also set the corresponding keys in secrets section +MAIL_BACKEND=smtp +MAIL_DOMAIN=__DOMAIN__ +MAIL_PASSWORD=__MAIL_PWD__ +MAIL_USER=__APP__ +MAIL_SERVER=__DOMAIN__ +MAIL_PORT=587 + +# TODO : Configure S3 - with proper Yunohost question during installation +# Uploads +# UPLOADS_S3_BUCKET= +# UPLOADS_S3_ACCESS_KEY_ID= +# UPLOADS_S3_SECRET_ACCESS_KEY= + +# telemetry API keys +# SENTRY_DSN= +OTEL_ENABLED=0 +# OTEL_HONEYCOMB_API_KEY= +# OTEL_LIGHTSEP_API_KEY= + +# default admin user if you generate seed data +SEEDS_USER=root + +# backend stuff +ERLANG_COOKIE=bonfire_cookie + +# Bonfire extensions configs +WEB_PUSH_SUBJECT=mailto:__APP__@__DOMAIN__ +WEB_PUSH_PUBLIC_KEY= +WEB_PUSH_PRIVATE_KEY= +GEOLOCATE_OPENCAGEDATA= +MAPBOX_API_KEY=pk.eyJ1IjoibWF5ZWwiLCJhIjoiY2tlMmxzNXF5MGFpaDJ0bzR2M29id2EzOCJ9.QsmjD-zypsE0_wonLGCYlA +GITHUB_TOKEN= +TX_TOKEN= + +## END OF SECRETS ## diff --git a/conf/nginx.conf b/conf/nginx.conf index 9782b91..2670423 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,9 +1,27 @@ -#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location @app_upstream { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_pass http://127.0.0.1:__PORT__; + proxy_redirect off; + proxy_read_timeout 240s; +} + location __PATH__/ { - # Path to source - alias __FINALPATH__/; + root /var/www/bonfire/_build/prod/rel/bonfire/lib/bonfire-0.9.8-classic-beta.26/priv/static; + + index index.html; # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; + + + try_files $uri $uri.html $uri/index.html $uri/ @app_upstream; + } diff --git a/conf/systemd.service b/conf/systemd.service new file mode 100644 index 0000000..67de51f --- /dev/null +++ b/conf/systemd.service @@ -0,0 +1,52 @@ +[Unit] +Description=Bonfire daemon +After=network.target + +[Service] +Type=simple +User=__APP__ +Group=__APP__ +WorkingDirectory=__INSTALL_DIR__/ +Environment=NODE_ENV=production +Environment="__YNH_NODE_LOAD_PATH__" +ExecStart=just cmd __INSTALL_DIR__/_build/prod/rel/bonfire/bin/bonfire start daemon +StandardOutput=append:/var/log/__APP__/__APP__.log +StandardError=inherit + +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + +[Install] +WantedBy=multi-user.target + diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..e69de29 diff --git a/manifest.toml b/manifest.toml index d47c23b..f803f86 100644 --- a/manifest.toml +++ b/manifest.toml @@ -2,10 +2,8 @@ packaging_format = 2 id = "bonfire" name = "Bonfire" -description.en = "Federated social networking server built on ActivityPub open protocol" -description.fr = "Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPub" -version = "0.1~ynh1" +version = "0.9.8-beta.26~ynh2" maintainers = ["Lapineige"] @@ -27,16 +25,15 @@ multi_instance = false architectures = "all" ldap = false sso = false -disk = "1000M" -# FIXME: replace with an **estimate** minimum disk and RAM requirements. e.g. 20M, 400M, 1G, ... -ram.build = "500M" +disk = "2000M" +ram.build = "1500M" ram.runtime = "500M" [install] [install.domain] type = "domain" - ask.en = "The domain name to use. Bonfire will be installed at its root path (/). This can't be changed." - ask.fr = "Nom de domaine à utiliser. Bonfire sera installé à sa racine (/). Cela ne pourra pas être changé." + help.en = "The domain name to use. Bonfire will be installed at its root path (/). This can't be changed." + help.fr = "Nom de domaine à utiliser. Bonfire sera installé à sa racine (/). Cela ne pourra pas être changé." [install.is_public] type = "boolean" @@ -51,7 +48,7 @@ ram.runtime = "500M" [install.language] ask.en = "Choose the application language" ask.fr = "Choisissez la langue de l'application" - type = "string" + type = "select" choices = ["fr", "en"] default = "fr" @@ -64,7 +61,9 @@ ram.runtime = "500M" type = "password" [install.media_upload_size] - type = "string" + ask.en = "Choose the maximum size of the media uploaded. Can be changed later." + ask.fr = "Choisissez la taille maximale des médias mis en ligne. Peut-être modifié ultérieurement." + type = "select" choices = [ "1MB", "2MB", @@ -74,12 +73,11 @@ ram.runtime = "500M" "20MB", "35MB", "50MB", + "70MB", "100MB", "150MB" ] - default = "20MB" - ask.en = "Maximum size of the media uploaded. Can be changed later." - ask.fr = "Taille maximale des médias mis en ligne. Peut-être modifié ultérieurement." + default = "35MB" [resources] @@ -91,18 +89,57 @@ ram.runtime = "500M" [resources.sources] [resources.sources.main] - url = "https://github.com/bonfire-networks/bonfire-app/archive/refs/tags/v0.4.0-beta.43.tar.gz" - sha256 = "0c1b78f153c67e3b56f91a72a013e854bd87a03fbacdf3846ed1ab10a5d21a0f" + url = "https://github.com/bonfire-networks/bonfire-app/archive/289ad2d8b57a2ce9a7ce609f000b1ac5d887e7a0.tar.gz" + sha256 = "5b79032647f9fd95465692d1de48839359dfa532a72c727f76bf03a1b68e8cdd" [resources.ports] - + + [resources.system_user] + allow_email = true + [resources.install_dir] [resources.permissions] main.url = "/" + [resources.apt] - packages = "postgresql" + packages = "erlang-dev erlang-parsetools erlang-os-mon erlang-tools erlang-xmerl postgresql npm node-postcss" + + ##### (this part is optional and corresponds to the legacy ynh_install_extra_app_dependencies helper) + + ### Yarn dependency (correct version) + extras.yarn.repo = "deb https://dl.yarnpkg.com/debian/ stable main" + extras.yarn.key = "https://dl.yarnpkg.com/debian/pubkey.gpg" + extras.yarn.packages = ["yarn"] + + + ### Elixir 13 dependency - instead of v15 for now + extras.elixir13.repo = "deb https://packages.erlang-solutions.com/debian bullseye contrib" + extras.elixir13.key = "https://packages.erlang-solutions.com/debian/erlang_solutions.asc" + extras.elixir13.packages = ["elixir"] + ### Elixir 15 dependency + # Bulleyes comes with v1.10 instead of v1.15 that is required + # ynh_install_extra_app_dependencies --repo="https://packages.erlang-solutions.com/debian bullseye contrib" --package="elixir-lang" --key='https://packages.erlang-solutions.com/debian/erlang_solutions.asc' + # v15 is not available in default repo. RabbitMQ repo should be used (https://elixir-lang.org/install.html). No debian simple syntax. TODO later, using the simple syntax for now + # erlang 26, for elixir v1.15 + #extras.elixir15.repo = "deb https://ppa.launchpadcontent.net/rabbitmq/rabbitmq-erlang/ubuntu jammy main" + #extras.elixir15.key = "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xb279943d2a549531e144b875f77f1eda57ebb1cc" + #extras.elixir15.packages = ["elixir"] + # exlang-dev -> https://github.com/elixir-lang/ex_doc/pull/1442/files # Debian default package is newer (enough), don't use this custom repo + ### Elixir 15 with mise + #extras.mise.repo = "deb https://mise.jdx.dev/deb stable main" + #extras.mise.key = "https://mise.jdx.dev/gpg-key.pub" + #extras.mise.packages = ["mise"] + + ### just dependency + # TODO : this is unsafe and should be dealt with in a better way. + # There is currently no proper way to install it simply on Debian 11 https://github.com/casey/just#packages + # only works for x86, we need to switch to the other option with makedeb package ? + extras.just.repo = "deb https://proget.makedeb.org prebuilt-mpr bullseye" + extras.just.key = "https://proget.makedeb.org/debian-feeds/prebuilt-mpr.pub" + extras.just.packages = ["just"] + [resources.database] type = "postgresql" diff --git a/scripts/_common.sh b/scripts/_common.sh index 944a65e..9195d57 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,6 +4,8 @@ # COMMON VARIABLES #================================================= +nodejs_version=18 + #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup new file mode 100644 index 0000000..69055c4 --- /dev/null +++ b/scripts/backup @@ -0,0 +1,41 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# DECLARE DATA AND CONF FILES TO BACKUP +#================================================= +ynh_print_info --message="Declaring files to be backed up..." + +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= + +ynh_backup --src_path="$install_dir" + +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# BACKUP THE POSTGRESQL DATABASE +#================================================= +ynh_print_info --message="Backing up the PostgreSQL database..." + +ynh_psql_dump_db --database="$db_name" > db.sql + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/install b/scripts/install index d164e57..13d202b 100644 --- a/scripts/install +++ b/scripts/install @@ -9,130 +9,22 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH -is_public=$YNH_APP_ARG_IS_PUBLIC -language=$YNH_APP_ARG_LANGUAGE -admin=$YNH_APP_ARG_ADMIN -password=$YNH_APP_ARG_PASSWORD - -media_upload_size=$YNH_APP_ARG_MEDIA_UPLOAD_SIZE - -### If it's a multi-instance app, meaning it can be installed several times independently -### The id of the app as stated in the manifest is available as $YNH_APP_ID -### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...) -### The app instance name is available as $YNH_APP_INSTANCE_NAME -### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -### - ynhexample__{N} for the subsequent installations, with N=3,4... -### The app instance name is probably what interests you most, since this is -### guaranteed to be unique. This is a good unique identifier to define installation path, -### db names... -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -### About --weight and --time -### ynh_script_progression will show to your final users the progression of each scripts. -### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script. -### --time is a packager option, it will show you the execution time since the previous call. -### This option is implied when running in CI_package_check, you can manually add it if you are manually testing the app. -### Use the execution time displayed in the CI report or by adding --time to the command, to estimate the weight of a step. -### A common way to do it is to set a weight equal to the execution time in second +1. -### The execution time is given for the durationt since the previous call. So the weight should be applied to this previous call. -ynh_script_progression --message="Validating installation parameters..." --weight=1 - -### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". -### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app" -test ! -e "$install_dir" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url - -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -ynh_script_progression --message="Storing installation settings..." --weight=1 - -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=language --value=$language -ynh_app_setting_set --app=$app --key=admin --value=$admin -ynh_app_setting_set --app=$app --key=media_upload_size --value=$media_upload_size - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." --weight=1 - -### Use these lines if you have to open a port for the application -### `ynh_find_port` will find the first available port starting from the given port. -### If you're not using these lines: -### - Remove the section "CLOSE A PORT" in the remove script - -# Find an available port -port=$(ynh_find_port --port=8095) -ynh_app_setting_set --app=$app --key=port --value=$port - -# Optional: Expose this port publicly -# (N.B.: you only need to do this if the app actually needs to expose the port publicly. -# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !) - -# Open the port -# ynh_script_progression --message="Configuring firewall..." --weight=1 -# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port - #================================================= # INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Installing dependencies..." --weight=1 +ynh_script_progression --message="Installing nodejs..." -ynh_install_app_dependencies $pkg_dependencies - -# ynh_script_progression --message="Installing extra dependencies…" --weight=1 - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username=$app --home_dir="$install_dir" +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version +ynh_use_nodejs #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 -### `ynh_setup_source` is used to install an app from a zip or tar.gz file, -### downloaded from an upstream source, like a git repository. -### `ynh_setup_source` use the file conf/app.src - -ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. -chmod 750 "$install_dir" chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" @@ -141,124 +33,86 @@ chown -R $app:www-data "$install_dir" #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=1 -### `ynh_add_nginx_config` will use the file conf/nginx.conf - # Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# ADD A CONFIGURATION +#================================================= +## Generate secrets and other config values +secret_key_base=$(ynh_string_random --length=50) +signing_salt=$(ynh_string_random --length=50) +encryption_salt=$(ynh_string_random --length=50) +# search +meili_master_key=$(ynh_string_random --length=50) +# max file upload size +MEDIA_UPLOAD_SIZE="${media_upload_size//[!0-9]/}000000" + +ynh_script_progression --message="Adding a configuration file..." --weight=1 + +ynh_add_config --template="../conf/.env" --destination="$install_dir/.env" +ynh_store_file_checksum --file="$install_dir/.env" + +chmod 400 "$install_dir/.env" +chown $app:$app "$install_dir/.env" + #================================================= # SPECIFIC SETUP #================================================= -# Configuration files -#================================================= -config="$install_dir/.config" -env_file="$install_dir/.env" +source $install_dir/.env +export WITH_DOCKER=no # or source .env ? # Using this for now -export MIX_ENV=prod FLAVOUR=classic - -ynh_exec_warn_less just config -# generate secrets -ynh_replace_string --match_string="SECRET_KEY_BASE=you-should-put-a-secure-string-here" --replace_string="SECRET_KEY_BASE=$(openssl rand -base64 128)" --target_file="$env_file" -ynh_replace_string --match_string="SIGNING_SALT=you-should-put-a-different-secure-string-here" --replace_string="SIGNING_SALT=$(openssl rand -base64 128)" --target_file="$env_file" -ynh_replace_string --match_string="ENCRYPTION_SALT=you-should-put-yet-another-secure-string-here" --replace_string="ENCRYPTION_SALT=$(openssl rand -base64 128)" --target_file="$env_file" - -# Configure server ports -ynh_replace_string --match_string="HOSTNAME=localhost" --replace_string="HOSTNAME=$domain" --target_file="$env_file" -# TODO : mail service ? -ynh_replace_string --match_string="SERVER_PORT=4000" --replace_string="SERVER_PORT^=$port" --target_file="$env_file" -ynh_replace_string --match_string="PUBLIC_PORT=4000" --replace_string="PUBLIC_PORT=443" --target_file="$env_file" - -# TODO : Configure S3 - with proper Yunohost question during installation -# UPLOADS_S3_BUCKET= -# UPLOADS_S3_ACCESS_KEY_ID= -# UPLOADS_S3_SECRET_ACCESS_KEY= - -# max file upload size -UPLOAD_LIMIT="${media_upload_size:0:2}000000" # convert the MB argument in bytes +ynh_script_progression --message="Configuring Bonfire release..." --weight=1 +cd $install_dir +#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "mise plugin add erlang https://github.com/asdf-vm/asdf-erlang.git" # add erlang as source +#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "mise install" # install Elixir +ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH mix local.hex --force" # install Hex in non-interractive way +ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just config-basic" +#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just mix bonfire.deps .update" #================================================= -# Configure the release +# Building the release #================================================= -ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix deps.get --only prod - -ynh_exec_warn_less just js-deps-get -ynh_exec_warn_less just assets-prepare -ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix phx.digest - -# create an elexir release -ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix release +ynh_script_progression --message="Building Bonfire release... (This will take a long time)" --weight=1 +export TERM=linux # why is that not defined ? +export TERMINFO=/etc/terminfo +### DONT USE GLOBAL NPM INSTALL +ynh_replace_string --match_string="npm install --global" --replace_string="npm install" --target_file="$install_dir/justfile" +ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just rel-build" #================================================= -# Run the release +# START SYSTEMD SERVICE - Run the release #================================================= -release_folder="$install_dir/_build/prod/rel/bonfire/" +release_folder="_build/prod/rel/bonfire" -# Database created before, let's run the migrations -ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "$release_folder/bin/bonfire eval 'EctoSparkles.Migrator.migrate()'" +### Not running the migration, they are done on startup anyway +#ynh_script_progression --message="Running database migrations..." --weight=1 +## Database created before, let's run the migrations +#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no just cmd $release_folder/bin/bonfire eval 'EctoSparkles.Migrator.migrate()'" -# start bonfire as a daemon -ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "$release_folder/bin/bonfire start daemon" +#ynh_script_progression --message="Starting Bonfire..." --weight=1 +#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no just cmd $release_folder/bin/bonfire start" -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Configuring log rotation..." --weight=1 - -### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. -### Use this helper only if there is effectively a log file for this app. -### If you're not using this helper: -### - Remove the section "BACKUP LOGROTATE" in the backup script -### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script -### - And the section "SETUP LOGROTATE" in the upgrade script +mkdir -p "/var/log/$app" +chown -R $app:$app "/var/log/$app" # Use logrotate to manage application logfile(s) ynh_use_logrotate -#================================================= -# SETUP FAIL2BAN -#================================================= -ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 +# Create a dedicated systemd config +ynh_add_systemd_config -# Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" +yunohost service add $app --description="Bonfire daemon" --log="/var/log/$app/$app.log" -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 +ynh_script_progression --message="Starting Bonfire daemon service..." --weight=1 -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" -fi - -### N.B. : the following extra permissions only make sense if your app -### does have for example an admin interface or an API. - -# Only the admin can access the admin panel of the app (if the app has an admin panel) -ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin - -# Everyone can access the API part -# We don't want to display the tile in the SSO so we put --show_tile="false" -# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true" -ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload +# Start a systemd service +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="[info] Running Bonfire.Web.Endpoint" #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" --last +ynh_script_progression --message="Installation of $app completed" --weight=1 +ynh_script_progression --message="Now you need to sign-up, the first account will automatically be admin." --last diff --git a/scripts/remove b/scripts/remove index f4c45c6..35decdd 100644 --- a/scripts/remove +++ b/scripts/remove @@ -9,128 +9,37 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -port=$(ynh_app_setting_get --app=$app --key=port) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) - - #================================================= # REMOVE DEDICATED USER #================================================= -ynh_script_progression --message="Stop Bonfire..." --weight=1 +ynh_script_progression --message="Stoping Bonfire..." --weight=1 -# start bonfire as a daemon +# stop bonfire daemon "$release_folder/bin/bonfire stop" -#================================================= -# STANDARD REMOVE -#================================================= -# REMOVE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Removing logrotate configuration..." --weight=1 - -# Remove the app-specific logrotate config -ynh_remove_logrotate #================================================= -# REMOVE THE POSTGRESQL DATABASE +# REMOVE SYSTEM CONFIGURATIONS SERVICE #================================================= -ynh_script_progression --message="Removing the PostgreSQL database..." --weight=1 +ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 -# Remove a database if it exists, along with the associated user -ynh_psql_remove_db --db_user=$db_user --db_name=$db_name - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." --weight=1 - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - -#================================================= -# REMOVE DATA DIR -#================================================= - -# Remove the data directory if --purge option is used -if [ "${YNH_APP_PURGE:-0}" -eq 1 ] +# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) +if ynh_exec_warn_less yunohost service status $app >/dev/null then - ynh_script_progression --message="Removing app data directory..." --weight=1 - ynh_secure_remove --file="$datadir" + ynh_script_progression --message="Removing $app service integration..." --weight=1 + yunohost service remove $app fi -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= +ynh_remove_systemd_config ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=1 - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - -#================================================= -# CLOSE A PORT -#================================================= - -if yunohost firewall list | grep -q "\- $port$" -then - ynh_script_progression --message="Closing port $port..." --weight=1 - ynh_exec_warn_less yunohost firewall disallow TCP $port -fi - -#================================================= -# REMOVE FAIL2BAN CONFIGURATION -#================================================= -ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1 - -# Remove the dedicated Fail2Ban config -ynh_remove_fail2ban_config - -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE VARIOUS FILES -#================================================= -ynh_script_progression --message="Removing various files..." --weight=1 - -# Remove a cron file -ynh_secure_remove --file="/etc/cron.d/$app" - -# Remove a directory securely -ynh_secure_remove --file="/etc/$app" - -# Remove the log files +ynh_remove_logrotate ynh_secure_remove --file="/var/log/$app" -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= - -ynh_script_progression --message="Removing the dedicated system user..." --weight=1 - -# Delete a system user -ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore new file mode 100644 index 0000000..868ff95 --- /dev/null +++ b/scripts/restore @@ -0,0 +1,67 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= +ynh_script_progression --message="Restoring the app main directory..." --weight=1 + +ynh_restore_file --origin_path="$install_dir" + +chown -R $app:www-data "$install_dir" + +#================================================= +# RESTORE THE POSTGRESQL DATABASE +#================================================= +ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1 + +ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql + +#================================================= +# RESTORE SYSTEM CONFIGURATIONS +#================================================= +ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 + +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" + +ynh_restore_file --origin_path="/etc/systemd/system/$app.service" +systemctl enable $app.service --quiet + +mkdir -p "/var/log/$app" +chown -R $app:$app "/var/log/$app" +ynh_restore_file --origin_path="/etc/logrotate.d/$app" + +yunohost service add $app --description="Bonfire daemon" --log="/var/log/$app/$app.log" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting Bonfire daemon service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="[info] Running Bonfire.Web.Endpoint" + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE +#================================================= +ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade new file mode 100644 index 0000000..66c276c --- /dev/null +++ b/scripts/upgrade @@ -0,0 +1,90 @@ +#!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +upgrade_type=$(ynh_check_app_version_changed) + +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." + +ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" + +#================================================= +# "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...) +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --weight=1 + + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$install_dir" +fi + +chown -R $app:www-data "$install_dir" + +#================================================= +# Building the release +#================================================= +ynh_script_progression --message="Building Bonfire release... (This will take a long time)" --weight=1 +export TERM=linux # why is that not defined ? +export TERMINFO=/etc/terminfo +### DONT USE GLOBAL NPM INSTALL +ynh_replace_string --match_string="npm install --global" --replace_string="npm install" --target_file="$install_dir/justfile" +ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just rel-build" + +#================================================= +# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...) +#================================================= +# UPDATE A CONFIG FILE +#================================================= +ynh_script_progression --message="Updating a configuration file... (this will remove any manual change you could have made before)" --weight=1 + +ynh_add_config --template=".env" --destination="$install_dir/.env" + +chmod 400 "$install_dir/.env" +chown $app:$app "$install_dir/.env" + +#================================================= +# REAPPLY SYSTEM CONFIGURATIONS + Run the service +#================================================= +ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1 + +# Create a dedicated NGINX config +ynh_add_nginx_config + +# Create a dedicated systemd config +ynh_add_systemd_config + +mkdir -p "/var/log/$app" +chown -R $app:$app "/var/log/$app" + +# Use logrotate to manage app-specific logfile(s) +ynh_use_logrotate --non-append + +# Create a dedicated systemd config +ynh_add_systemd_config + +yunohost service add $app --description="Bonfire daemon" --log="/var/log/$app/$app.log" + +ynh_script_progression --message="Starting Bonfire daemon service..." --weight=1 + +# Start a systemd service +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="[info] Running Bonfire.Web.Endpoint" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Upgrade of $app completed" --last