diff --git a/README.md b/README.md
index 270770c..040bf1e 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
Federated social networking server built on ActivityPub open protocol
-**Shipped version:** 0.1~ynh1
+**Shipped version:** 0.9.8-beta.26~ynh2
**Demo:** https://playground.bonfire.cafe/
## Documentation and resources
@@ -27,7 +27,7 @@ Federated social networking server built on ActivityPub open protocol
* Official user documentation:
* Official admin documentation:
* Upstream app code repository:
-* YunoHost documentation for this app:
+* YunoHost Store:
* Report a bug:
## Developer info
diff --git a/README_fr.md b/README_fr.md
index 4f87b28..32e4c56 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -18,7 +18,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPub
-**Version incluse :** 0.1~ynh1
+**Version incluse :** 0.9.8-beta.26~ynh2
**Démo :** https://playground.bonfire.cafe/
## Documentations et ressources
@@ -27,7 +27,7 @@ Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPu
* Documentation officielle utilisateur :
* Documentation officielle de l’admin :
* Dépôt de code officiel de l’app :
-* Documentation YunoHost pour cette app :
+* YunoHost Store:
* Signaler un bug :
## Informations pour les développeurs
diff --git a/conf/.env b/conf/.env
new file mode 100644
index 0000000..0c1fcbd
--- /dev/null
+++ b/conf/.env
@@ -0,0 +1,84 @@
+MIX_ENV=prod
+FLAVOUR=classic
+
+WITH_DOCKER=no
+
+## OTHER CONFIG ##
+# server domain name:
+HOSTNAME=__DOMAIN__
+# server port:
+SERVER_PORT=__PORT__
+# port your visitors will access (typically 80 or 443, will be different than SERVER_PORT only if using a reverse proxy)
+PUBLIC_PORT=443
+# hostname and port of meili search index
+SEARCH_MEILI_INSTANCE=http://localhost:7700
+# require an email address to be invited before being able to sign up
+INVITE_ONLY=true
+
+# uncomment in order to NOT automatically change the database schema when you upgrade the app
+# DISABLE_DB_AUTOMIGRATION=true
+# max file upload size (default is 20 meg)
+UPLOAD_LIMIT=__MEDIA_UPLOAD_SIZE__
+# ====================================
+# You should not have to edit any of the following ones:
+POSTGRES_HOST=localhost
+LANG=en_US.UTF-8
+LANGUAGE=en_US.UTF-8
+REPLACE_OS_VARS=true
+LIVEVIEW_ENABLED=true
+POSTGRES_USER=__APP__
+POSTGRES_DB=__APP__
+ACME_AGREE=true
+SHOW_DEBUG_IN_DEV=true
+# PLUG_SERVER=bandit
+## SECRETS ##
+# make sure you change everything to your own secrets!
+# and do not check this into git or any public host
+
+# for sessions/cookies, you can generate strings for these by running: just secrets
+SECRET_KEY_BASE=__SECRET_KEY_BASE__
+SIGNING_SALT=__SIGNING_SALT__
+ENCRYPTION_SALT=__ENCRYPTION_SALT__
+
+# database access
+POSTGRES_PASSWORD=__DB_PWD__
+
+# password for the search index
+MEILI_MASTER_KEY=__MEILI_MASTER_KEY__
+
+# what service to use for sending out emails (eg. smtp, mailgun, none) NOTE: you should also set the corresponding keys in secrets section
+MAIL_BACKEND=smtp
+MAIL_DOMAIN=__DOMAIN__
+MAIL_PASSWORD=__MAIL_PWD__
+MAIL_USER=__APP__
+MAIL_SERVER=__DOMAIN__
+MAIL_PORT=587
+
+# TODO : Configure S3 - with proper Yunohost question during installation
+# Uploads
+# UPLOADS_S3_BUCKET=
+# UPLOADS_S3_ACCESS_KEY_ID=
+# UPLOADS_S3_SECRET_ACCESS_KEY=
+
+# telemetry API keys
+# SENTRY_DSN=
+OTEL_ENABLED=0
+# OTEL_HONEYCOMB_API_KEY=
+# OTEL_LIGHTSEP_API_KEY=
+
+# default admin user if you generate seed data
+SEEDS_USER=root
+
+# backend stuff
+ERLANG_COOKIE=bonfire_cookie
+
+# Bonfire extensions configs
+WEB_PUSH_SUBJECT=mailto:__APP__@__DOMAIN__
+WEB_PUSH_PUBLIC_KEY=
+WEB_PUSH_PRIVATE_KEY=
+GEOLOCATE_OPENCAGEDATA=
+MAPBOX_API_KEY=pk.eyJ1IjoibWF5ZWwiLCJhIjoiY2tlMmxzNXF5MGFpaDJ0bzR2M29id2EzOCJ9.QsmjD-zypsE0_wonLGCYlA
+GITHUB_TOKEN=
+TX_TOKEN=
+
+## END OF SECRETS ##
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 9782b91..2670423 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,9 +1,27 @@
-#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
+location @app_upstream {
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header Host $host;
+
+ proxy_http_version 1.1;
+ proxy_set_header Upgrade $http_upgrade;
+ proxy_set_header Connection "upgrade";
+
+ proxy_pass http://127.0.0.1:__PORT__;
+ proxy_redirect off;
+ proxy_read_timeout 240s;
+}
+
location __PATH__/ {
- # Path to source
- alias __FINALPATH__/;
+ root /var/www/bonfire/_build/prod/rel/bonfire/lib/bonfire-0.9.8-classic-beta.26/priv/static;
+
+ index index.html;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
+
+
+ try_files $uri $uri.html $uri/index.html $uri/ @app_upstream;
+
}
diff --git a/conf/systemd.service b/conf/systemd.service
new file mode 100644
index 0000000..67de51f
--- /dev/null
+++ b/conf/systemd.service
@@ -0,0 +1,52 @@
+[Unit]
+Description=Bonfire daemon
+After=network.target
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+WorkingDirectory=__INSTALL_DIR__/
+Environment=NODE_ENV=production
+Environment="__YNH_NODE_LOAD_PATH__"
+ExecStart=just cmd __INSTALL_DIR__/_build/prod/rel/bonfire/bin/bonfire start daemon
+StandardOutput=append:/var/log/__APP__/__APP__.log
+StandardError=inherit
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectClock=yes
+ProtectHostname=yes
+ProtectProc=invisible
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallArchitectures=native
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
+
+[Install]
+WantedBy=multi-user.target
+
diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md
new file mode 100644
index 0000000..e69de29
diff --git a/manifest.toml b/manifest.toml
index d47c23b..f803f86 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -2,10 +2,8 @@ packaging_format = 2
id = "bonfire"
name = "Bonfire"
-description.en = "Federated social networking server built on ActivityPub open protocol"
-description.fr = "Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPub"
-version = "0.1~ynh1"
+version = "0.9.8-beta.26~ynh2"
maintainers = ["Lapineige"]
@@ -27,16 +25,15 @@ multi_instance = false
architectures = "all"
ldap = false
sso = false
-disk = "1000M"
-# FIXME: replace with an **estimate** minimum disk and RAM requirements. e.g. 20M, 400M, 1G, ...
-ram.build = "500M"
+disk = "2000M"
+ram.build = "1500M"
ram.runtime = "500M"
[install]
[install.domain]
type = "domain"
- ask.en = "The domain name to use. Bonfire will be installed at its root path (/). This can't be changed."
- ask.fr = "Nom de domaine à utiliser. Bonfire sera installé à sa racine (/). Cela ne pourra pas être changé."
+ help.en = "The domain name to use. Bonfire will be installed at its root path (/). This can't be changed."
+ help.fr = "Nom de domaine à utiliser. Bonfire sera installé à sa racine (/). Cela ne pourra pas être changé."
[install.is_public]
type = "boolean"
@@ -51,7 +48,7 @@ ram.runtime = "500M"
[install.language]
ask.en = "Choose the application language"
ask.fr = "Choisissez la langue de l'application"
- type = "string"
+ type = "select"
choices = ["fr", "en"]
default = "fr"
@@ -64,7 +61,9 @@ ram.runtime = "500M"
type = "password"
[install.media_upload_size]
- type = "string"
+ ask.en = "Choose the maximum size of the media uploaded. Can be changed later."
+ ask.fr = "Choisissez la taille maximale des médias mis en ligne. Peut-être modifié ultérieurement."
+ type = "select"
choices = [
"1MB",
"2MB",
@@ -74,12 +73,11 @@ ram.runtime = "500M"
"20MB",
"35MB",
"50MB",
+ "70MB",
"100MB",
"150MB"
]
- default = "20MB"
- ask.en = "Maximum size of the media uploaded. Can be changed later."
- ask.fr = "Taille maximale des médias mis en ligne. Peut-être modifié ultérieurement."
+ default = "35MB"
[resources]
@@ -91,18 +89,57 @@ ram.runtime = "500M"
[resources.sources]
[resources.sources.main]
- url = "https://github.com/bonfire-networks/bonfire-app/archive/refs/tags/v0.4.0-beta.43.tar.gz"
- sha256 = "0c1b78f153c67e3b56f91a72a013e854bd87a03fbacdf3846ed1ab10a5d21a0f"
+ url = "https://github.com/bonfire-networks/bonfire-app/archive/289ad2d8b57a2ce9a7ce609f000b1ac5d887e7a0.tar.gz"
+ sha256 = "5b79032647f9fd95465692d1de48839359dfa532a72c727f76bf03a1b68e8cdd"
[resources.ports]
-
+
+ [resources.system_user]
+ allow_email = true
+
[resources.install_dir]
[resources.permissions]
main.url = "/"
+
[resources.apt]
- packages = "postgresql"
+ packages = "erlang-dev erlang-parsetools erlang-os-mon erlang-tools erlang-xmerl postgresql npm node-postcss"
+
+ ##### (this part is optional and corresponds to the legacy ynh_install_extra_app_dependencies helper)
+
+ ### Yarn dependency (correct version)
+ extras.yarn.repo = "deb https://dl.yarnpkg.com/debian/ stable main"
+ extras.yarn.key = "https://dl.yarnpkg.com/debian/pubkey.gpg"
+ extras.yarn.packages = ["yarn"]
+
+
+ ### Elixir 13 dependency - instead of v15 for now
+ extras.elixir13.repo = "deb https://packages.erlang-solutions.com/debian bullseye contrib"
+ extras.elixir13.key = "https://packages.erlang-solutions.com/debian/erlang_solutions.asc"
+ extras.elixir13.packages = ["elixir"]
+ ### Elixir 15 dependency
+ # Bulleyes comes with v1.10 instead of v1.15 that is required
+ # ynh_install_extra_app_dependencies --repo="https://packages.erlang-solutions.com/debian bullseye contrib" --package="elixir-lang" --key='https://packages.erlang-solutions.com/debian/erlang_solutions.asc'
+ # v15 is not available in default repo. RabbitMQ repo should be used (https://elixir-lang.org/install.html). No debian simple syntax. TODO later, using the simple syntax for now
+ # erlang 26, for elixir v1.15
+ #extras.elixir15.repo = "deb https://ppa.launchpadcontent.net/rabbitmq/rabbitmq-erlang/ubuntu jammy main"
+ #extras.elixir15.key = "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xb279943d2a549531e144b875f77f1eda57ebb1cc"
+ #extras.elixir15.packages = ["elixir"]
+ # exlang-dev -> https://github.com/elixir-lang/ex_doc/pull/1442/files # Debian default package is newer (enough), don't use this custom repo
+ ### Elixir 15 with mise
+ #extras.mise.repo = "deb https://mise.jdx.dev/deb stable main"
+ #extras.mise.key = "https://mise.jdx.dev/gpg-key.pub"
+ #extras.mise.packages = ["mise"]
+
+ ### just dependency
+ # TODO : this is unsafe and should be dealt with in a better way.
+ # There is currently no proper way to install it simply on Debian 11 https://github.com/casey/just#packages
+ # only works for x86, we need to switch to the other option with makedeb package ?
+ extras.just.repo = "deb https://proget.makedeb.org prebuilt-mpr bullseye"
+ extras.just.key = "https://proget.makedeb.org/debian-feeds/prebuilt-mpr.pub"
+ extras.just.packages = ["just"]
+
[resources.database]
type = "postgresql"
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 944a65e..9195d57 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -4,6 +4,8 @@
# COMMON VARIABLES
#=================================================
+nodejs_version=18
+
#=================================================
# PERSONAL HELPERS
#=================================================
diff --git a/scripts/backup b/scripts/backup
new file mode 100644
index 0000000..69055c4
--- /dev/null
+++ b/scripts/backup
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
+source ../settings/scripts/_common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# DECLARE DATA AND CONF FILES TO BACKUP
+#=================================================
+ynh_print_info --message="Declaring files to be backed up..."
+
+#=================================================
+# BACKUP THE APP MAIN DIR
+#=================================================
+
+ynh_backup --src_path="$install_dir"
+
+#=================================================
+# BACKUP THE NGINX CONFIGURATION
+#=================================================
+
+ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
+
+#=================================================
+# BACKUP THE POSTGRESQL DATABASE
+#=================================================
+ynh_print_info --message="Backing up the PostgreSQL database..."
+
+ynh_psql_dump_db --database="$db_name" > db.sql
+
+#=================================================
+# END OF SCRIPT
+#=================================================
+
+ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
diff --git a/scripts/install b/scripts/install
index d164e57..13d202b 100644
--- a/scripts/install
+++ b/scripts/install
@@ -9,130 +9,22 @@
source _common.sh
source /usr/share/yunohost/helpers
-#=================================================
-# MANAGE SCRIPT FAILURE
-#=================================================
-
-# Exit if an error occurs during the execution of the script
-ynh_abort_if_errors
-
-#=================================================
-# RETRIEVE ARGUMENTS FROM THE MANIFEST
-#=================================================
-
-domain=$YNH_APP_ARG_DOMAIN
-path_url=$YNH_APP_ARG_PATH
-is_public=$YNH_APP_ARG_IS_PUBLIC
-language=$YNH_APP_ARG_LANGUAGE
-admin=$YNH_APP_ARG_ADMIN
-password=$YNH_APP_ARG_PASSWORD
-
-media_upload_size=$YNH_APP_ARG_MEDIA_UPLOAD_SIZE
-
-### If it's a multi-instance app, meaning it can be installed several times independently
-### The id of the app as stated in the manifest is available as $YNH_APP_ID
-### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...)
-### The app instance name is available as $YNH_APP_INSTANCE_NAME
-### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
-### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
-### - ynhexample__{N} for the subsequent installations, with N=3,4...
-### The app instance name is probably what interests you most, since this is
-### guaranteed to be unique. This is a good unique identifier to define installation path,
-### db names...
-app=$YNH_APP_INSTANCE_NAME
-
-#=================================================
-# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
-#=================================================
-### About --weight and --time
-### ynh_script_progression will show to your final users the progression of each scripts.
-### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script.
-### --time is a packager option, it will show you the execution time since the previous call.
-### This option is implied when running in CI_package_check, you can manually add it if you are manually testing the app.
-### Use the execution time displayed in the CI report or by adding --time to the command, to estimate the weight of a step.
-### A common way to do it is to set a weight equal to the execution time in second +1.
-### The execution time is given for the durationt since the previous call. So the weight should be applied to this previous call.
-ynh_script_progression --message="Validating installation parameters..." --weight=1
-
-### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
-### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app"
-test ! -e "$install_dir" || ynh_die --message="This path already contains a folder"
-
-# Register (book) web path
-ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
-
-#=================================================
-# STORE SETTINGS FROM MANIFEST
-#=================================================
-ynh_script_progression --message="Storing installation settings..." --weight=1
-
-ynh_app_setting_set --app=$app --key=domain --value=$domain
-ynh_app_setting_set --app=$app --key=path --value=$path_url
-ynh_app_setting_set --app=$app --key=language --value=$language
-ynh_app_setting_set --app=$app --key=admin --value=$admin
-ynh_app_setting_set --app=$app --key=media_upload_size --value=$media_upload_size
-
-#=================================================
-# STANDARD MODIFICATIONS
-#=================================================
-# FIND AND OPEN A PORT
-#=================================================
-ynh_script_progression --message="Finding an available port..." --weight=1
-
-### Use these lines if you have to open a port for the application
-### `ynh_find_port` will find the first available port starting from the given port.
-### If you're not using these lines:
-### - Remove the section "CLOSE A PORT" in the remove script
-
-# Find an available port
-port=$(ynh_find_port --port=8095)
-ynh_app_setting_set --app=$app --key=port --value=$port
-
-# Optional: Expose this port publicly
-# (N.B.: you only need to do this if the app actually needs to expose the port publicly.
-# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !)
-
-# Open the port
-# ynh_script_progression --message="Configuring firewall..." --weight=1
-# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
-
#=================================================
# INSTALL DEPENDENCIES
#=================================================
-ynh_script_progression --message="Installing dependencies..." --weight=1
+ynh_script_progression --message="Installing nodejs..."
-ynh_install_app_dependencies $pkg_dependencies
-
-# ynh_script_progression --message="Installing extra dependencies…" --weight=1
-
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Configuring system user..." --weight=1
-
-# Create a system user
-ynh_system_user_create --username=$app --home_dir="$install_dir"
+ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
+ynh_use_nodejs
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=1
-### `ynh_setup_source` is used to install an app from a zip or tar.gz file,
-### downloaded from an upstream source, like a git repository.
-### `ynh_setup_source` use the file conf/app.src
-
-ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$install_dir"
-# FIXME: this should be managed by the core in the future
-# Here, as a packager, you may have to tweak the ownerhsip/permissions
-# such that the appropriate users (e.g. maybe www-data) can access
-# files in some cases.
-# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
-# this will be treated as a security issue.
-chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
@@ -141,124 +33,86 @@ chown -R $app:www-data "$install_dir"
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
-### `ynh_add_nginx_config` will use the file conf/nginx.conf
-
# Create a dedicated NGINX config
ynh_add_nginx_config
+#=================================================
+# ADD A CONFIGURATION
+#=================================================
+## Generate secrets and other config values
+secret_key_base=$(ynh_string_random --length=50)
+signing_salt=$(ynh_string_random --length=50)
+encryption_salt=$(ynh_string_random --length=50)
+# search
+meili_master_key=$(ynh_string_random --length=50)
+# max file upload size
+MEDIA_UPLOAD_SIZE="${media_upload_size//[!0-9]/}000000"
+
+ynh_script_progression --message="Adding a configuration file..." --weight=1
+
+ynh_add_config --template="../conf/.env" --destination="$install_dir/.env"
+ynh_store_file_checksum --file="$install_dir/.env"
+
+chmod 400 "$install_dir/.env"
+chown $app:$app "$install_dir/.env"
+
#=================================================
# SPECIFIC SETUP
#=================================================
-# Configuration files
-#=================================================
-config="$install_dir/.config"
-env_file="$install_dir/.env"
+source $install_dir/.env
+export WITH_DOCKER=no # or source .env ? # Using this for now
-export MIX_ENV=prod FLAVOUR=classic
-
-ynh_exec_warn_less just config
-# generate secrets
-ynh_replace_string --match_string="SECRET_KEY_BASE=you-should-put-a-secure-string-here" --replace_string="SECRET_KEY_BASE=$(openssl rand -base64 128)" --target_file="$env_file"
-ynh_replace_string --match_string="SIGNING_SALT=you-should-put-a-different-secure-string-here" --replace_string="SIGNING_SALT=$(openssl rand -base64 128)" --target_file="$env_file"
-ynh_replace_string --match_string="ENCRYPTION_SALT=you-should-put-yet-another-secure-string-here" --replace_string="ENCRYPTION_SALT=$(openssl rand -base64 128)" --target_file="$env_file"
-
-# Configure server ports
-ynh_replace_string --match_string="HOSTNAME=localhost" --replace_string="HOSTNAME=$domain" --target_file="$env_file"
-# TODO : mail service ?
-ynh_replace_string --match_string="SERVER_PORT=4000" --replace_string="SERVER_PORT^=$port" --target_file="$env_file"
-ynh_replace_string --match_string="PUBLIC_PORT=4000" --replace_string="PUBLIC_PORT=443" --target_file="$env_file"
-
-# TODO : Configure S3 - with proper Yunohost question during installation
-# UPLOADS_S3_BUCKET=
-# UPLOADS_S3_ACCESS_KEY_ID=
-# UPLOADS_S3_SECRET_ACCESS_KEY=
-
-# max file upload size
-UPLOAD_LIMIT="${media_upload_size:0:2}000000" # convert the MB argument in bytes
+ynh_script_progression --message="Configuring Bonfire release..." --weight=1
+cd $install_dir
+#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "mise plugin add erlang https://github.com/asdf-vm/asdf-erlang.git" # add erlang as source
+#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "mise install" # install Elixir
+ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH mix local.hex --force" # install Hex in non-interractive way
+ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just config-basic"
+#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just mix bonfire.deps .update"
#=================================================
-# Configure the release
+# Building the release
#=================================================
-ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix deps.get --only prod
-
-ynh_exec_warn_less just js-deps-get
-ynh_exec_warn_less just assets-prepare
-ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix phx.digest
-
-# create an elexir release
-ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix release
+ynh_script_progression --message="Building Bonfire release... (This will take a long time)" --weight=1
+export TERM=linux # why is that not defined ?
+export TERMINFO=/etc/terminfo
+### DONT USE GLOBAL NPM INSTALL
+ynh_replace_string --match_string="npm install --global" --replace_string="npm install" --target_file="$install_dir/justfile"
+ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just rel-build"
#=================================================
-# Run the release
+# START SYSTEMD SERVICE - Run the release
#=================================================
-release_folder="$install_dir/_build/prod/rel/bonfire/"
+release_folder="_build/prod/rel/bonfire"
-# Database created before, let's run the migrations
-ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "$release_folder/bin/bonfire eval 'EctoSparkles.Migrator.migrate()'"
+### Not running the migration, they are done on startup anyway
+#ynh_script_progression --message="Running database migrations..." --weight=1
+## Database created before, let's run the migrations
+#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no just cmd $release_folder/bin/bonfire eval 'EctoSparkles.Migrator.migrate()'"
-# start bonfire as a daemon
-ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "$release_folder/bin/bonfire start daemon"
+#ynh_script_progression --message="Starting Bonfire..." --weight=1
+#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no just cmd $release_folder/bin/bonfire start"
-#=================================================
-# GENERIC FINALIZATION
-#=================================================
-# SETUP LOGROTATE
-#=================================================
-ynh_script_progression --message="Configuring log rotation..." --weight=1
-
-### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
-### Use this helper only if there is effectively a log file for this app.
-### If you're not using this helper:
-### - Remove the section "BACKUP LOGROTATE" in the backup script
-### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
-### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
-### - And the section "SETUP LOGROTATE" in the upgrade script
+mkdir -p "/var/log/$app"
+chown -R $app:$app "/var/log/$app"
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
-#=================================================
-# SETUP FAIL2BAN
-#=================================================
-ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
+# Create a dedicated systemd config
+ynh_add_systemd_config
-# Create a dedicated Fail2Ban config
-ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
+yunohost service add $app --description="Bonfire daemon" --log="/var/log/$app/$app.log"
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Configuring permissions..." --weight=1
+ynh_script_progression --message="Starting Bonfire daemon service..." --weight=1
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
- # Everyone can access the app.
- # The "main" permission is automatically created before the install script.
- ynh_permission_update --permission="main" --add="visitors"
-fi
-
-### N.B. : the following extra permissions only make sense if your app
-### does have for example an admin interface or an API.
-
-# Only the admin can access the admin panel of the app (if the app has an admin panel)
-ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
-
-# Everyone can access the API part
-# We don't want to display the tile in the SSO so we put --show_tile="false"
-# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true"
-ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
-
-#=================================================
-# RELOAD NGINX
-#=================================================
-ynh_script_progression --message="Reloading NGINX web server..." --weight=1
-
-ynh_systemd_action --service_name=nginx --action=reload
+# Start a systemd service
+ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="[info] Running Bonfire.Web.Endpoint"
#=================================================
# END OF SCRIPT
#=================================================
-ynh_script_progression --message="Installation of $app completed" --last
+ynh_script_progression --message="Installation of $app completed" --weight=1
+ynh_script_progression --message="Now you need to sign-up, the first account will automatically be admin." --last
diff --git a/scripts/remove b/scripts/remove
index f4c45c6..35decdd 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -9,128 +9,37 @@
source _common.sh
source /usr/share/yunohost/helpers
-#=================================================
-# LOAD SETTINGS
-#=================================================
-ynh_script_progression --message="Loading installation settings..." --weight=1
-
-app=$YNH_APP_INSTANCE_NAME
-
-domain=$(ynh_app_setting_get --app=$app --key=domain)
-port=$(ynh_app_setting_get --app=$app --key=port)
-db_name=$(ynh_app_setting_get --app=$app --key=db_name)
-db_user=$db_name
-final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-datadir=$(ynh_app_setting_get --app=$app --key=datadir)
-
-
#=================================================
# REMOVE DEDICATED USER
#=================================================
-ynh_script_progression --message="Stop Bonfire..." --weight=1
+ynh_script_progression --message="Stoping Bonfire..." --weight=1
-# start bonfire as a daemon
+# stop bonfire daemon
"$release_folder/bin/bonfire stop"
-#=================================================
-# STANDARD REMOVE
-#=================================================
-# REMOVE LOGROTATE CONFIGURATION
-#=================================================
-ynh_script_progression --message="Removing logrotate configuration..." --weight=1
-
-# Remove the app-specific logrotate config
-ynh_remove_logrotate
#=================================================
-# REMOVE THE POSTGRESQL DATABASE
+# REMOVE SYSTEM CONFIGURATIONS SERVICE
#=================================================
-ynh_script_progression --message="Removing the PostgreSQL database..." --weight=1
+ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
-# Remove a database if it exists, along with the associated user
-ynh_psql_remove_db --db_user=$db_user --db_name=$db_name
-
-#=================================================
-# REMOVE APP MAIN DIR
-#=================================================
-ynh_script_progression --message="Removing app main directory..." --weight=1
-
-# Remove the app directory securely
-ynh_secure_remove --file="$final_path"
-
-#=================================================
-# REMOVE DATA DIR
-#=================================================
-
-# Remove the data directory if --purge option is used
-if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
+# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
+if ynh_exec_warn_less yunohost service status $app >/dev/null
then
- ynh_script_progression --message="Removing app data directory..." --weight=1
- ynh_secure_remove --file="$datadir"
+ ynh_script_progression --message="Removing $app service integration..." --weight=1
+ yunohost service remove $app
fi
-#=================================================
-# REMOVE NGINX CONFIGURATION
-#=================================================
+ynh_remove_systemd_config
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
# Remove the dedicated NGINX config
ynh_remove_nginx_config
-#=================================================
-# REMOVE DEPENDENCIES
-#=================================================
-ynh_script_progression --message="Removing dependencies..." --weight=1
-
-# Remove metapackage and its dependencies
-ynh_remove_app_dependencies
-
-#=================================================
-# CLOSE A PORT
-#=================================================
-
-if yunohost firewall list | grep -q "\- $port$"
-then
- ynh_script_progression --message="Closing port $port..." --weight=1
- ynh_exec_warn_less yunohost firewall disallow TCP $port
-fi
-
-#=================================================
-# REMOVE FAIL2BAN CONFIGURATION
-#=================================================
-ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1
-
-# Remove the dedicated Fail2Ban config
-ynh_remove_fail2ban_config
-
-#=================================================
-# SPECIFIC REMOVE
-#=================================================
-# REMOVE VARIOUS FILES
-#=================================================
-ynh_script_progression --message="Removing various files..." --weight=1
-
-# Remove a cron file
-ynh_secure_remove --file="/etc/cron.d/$app"
-
-# Remove a directory securely
-ynh_secure_remove --file="/etc/$app"
-
-# Remove the log files
+ynh_remove_logrotate
ynh_secure_remove --file="/var/log/$app"
-#=================================================
-# GENERIC FINALIZATION
-#=================================================
-# REMOVE DEDICATED USER
-#=================================================
-
-ynh_script_progression --message="Removing the dedicated system user..." --weight=1
-
-# Delete a system user
-ynh_system_user_delete --username=$app
-
#=================================================
# END OF SCRIPT
#=================================================
diff --git a/scripts/restore b/scripts/restore
new file mode 100644
index 0000000..868ff95
--- /dev/null
+++ b/scripts/restore
@@ -0,0 +1,67 @@
+#!/bin/bash
+
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
+source ../settings/scripts/_common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# RESTORE THE APP MAIN DIR
+#=================================================
+ynh_script_progression --message="Restoring the app main directory..." --weight=1
+
+ynh_restore_file --origin_path="$install_dir"
+
+chown -R $app:www-data "$install_dir"
+
+#=================================================
+# RESTORE THE POSTGRESQL DATABASE
+#=================================================
+ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1
+
+ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
+
+#=================================================
+# RESTORE SYSTEM CONFIGURATIONS
+#=================================================
+ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
+
+ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
+
+ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
+systemctl enable $app.service --quiet
+
+mkdir -p "/var/log/$app"
+chown -R $app:$app "/var/log/$app"
+ynh_restore_file --origin_path="/etc/logrotate.d/$app"
+
+yunohost service add $app --description="Bonfire daemon" --log="/var/log/$app/$app.log"
+
+#=================================================
+# START SYSTEMD SERVICE
+#=================================================
+ynh_script_progression --message="Starting Bonfire daemon service..." --weight=1
+
+ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="[info] Running Bonfire.Web.Endpoint"
+
+ynh_systemd_action --service_name=nginx --action=reload
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE
+#=================================================
+ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1
+
+ynh_systemd_action --service_name=nginx --action=reload
+
+#=================================================
+# END OF SCRIPT
+#=================================================
+
+ynh_script_progression --message="Restoration completed for $app" --last
diff --git a/scripts/upgrade b/scripts/upgrade
new file mode 100644
index 0000000..66c276c
--- /dev/null
+++ b/scripts/upgrade
@@ -0,0 +1,90 @@
+#!/bin/bash
+
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
+source /usr/share/yunohost/helpers
+
+upgrade_type=$(ynh_check_app_version_changed)
+
+#=================================================
+# STOP SYSTEMD SERVICE
+#=================================================
+ynh_script_progression --message="Stopping a systemd service..."
+
+ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
+
+#=================================================
+# "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...)
+#=================================================
+# DOWNLOAD, CHECK AND UNPACK SOURCE
+#=================================================
+
+if [ "$upgrade_type" == "UPGRADE_APP" ]
+then
+ ynh_script_progression --message="Upgrading source files..." --weight=1
+
+ # Download, check integrity, uncompress and patch the source from app.src
+ ynh_setup_source --dest_dir="$install_dir"
+fi
+
+chown -R $app:www-data "$install_dir"
+
+#=================================================
+# Building the release
+#=================================================
+ynh_script_progression --message="Building Bonfire release... (This will take a long time)" --weight=1
+export TERM=linux # why is that not defined ?
+export TERMINFO=/etc/terminfo
+### DONT USE GLOBAL NPM INSTALL
+ynh_replace_string --match_string="npm install --global" --replace_string="npm install" --target_file="$install_dir/justfile"
+ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just rel-build"
+
+#=================================================
+# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...)
+#=================================================
+# UPDATE A CONFIG FILE
+#=================================================
+ynh_script_progression --message="Updating a configuration file... (this will remove any manual change you could have made before)" --weight=1
+
+ynh_add_config --template=".env" --destination="$install_dir/.env"
+
+chmod 400 "$install_dir/.env"
+chown $app:$app "$install_dir/.env"
+
+#=================================================
+# REAPPLY SYSTEM CONFIGURATIONS + Run the service
+#=================================================
+ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1
+
+# Create a dedicated NGINX config
+ynh_add_nginx_config
+
+# Create a dedicated systemd config
+ynh_add_systemd_config
+
+mkdir -p "/var/log/$app"
+chown -R $app:$app "/var/log/$app"
+
+# Use logrotate to manage app-specific logfile(s)
+ynh_use_logrotate --non-append
+
+# Create a dedicated systemd config
+ynh_add_systemd_config
+
+yunohost service add $app --description="Bonfire daemon" --log="/var/log/$app/$app.log"
+
+ynh_script_progression --message="Starting Bonfire daemon service..." --weight=1
+
+# Start a systemd service
+ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="[info] Running Bonfire.Web.Endpoint"
+
+#=================================================
+# END OF SCRIPT
+#=================================================
+
+ynh_script_progression --message="Upgrade of $app completed" --last