1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/bonfire_ynh.git synced 2024-09-03 18:16:01 +02:00

Merge pull request #2 from YunoHost-Apps/cleaning

Cleaning
This commit is contained in:
lapineige 2024-01-26 16:38:38 +01:00 committed by GitHub
commit 23299efba2
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 482 additions and 328 deletions

View file

@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
Federated social networking server built on ActivityPub open protocol Federated social networking server built on ActivityPub open protocol
**Shipped version:** 0.1~ynh1 **Shipped version:** 0.9.8-beta.26~ynh2
**Demo:** https://playground.bonfire.cafe/ **Demo:** https://playground.bonfire.cafe/
## Documentation and resources ## Documentation and resources
@ -27,7 +27,7 @@ Federated social networking server built on ActivityPub open protocol
* Official user documentation: <https://bonfirenetworks.org/docs/> * Official user documentation: <https://bonfirenetworks.org/docs/>
* Official admin documentation: <https://bonfirenetworks.org/docs/> * Official admin documentation: <https://bonfirenetworks.org/docs/>
* Upstream app code repository: <https://github.com/bonfire-networks/bonfire-app> * Upstream app code repository: <https://github.com/bonfire-networks/bonfire-app>
* YunoHost documentation for this app: <https://yunohost.org/app_bonfire> * YunoHost Store: <https://apps.yunohost.org/app/bonfire>
* Report a bug: <https://github.com/YunoHost-Apps/bonfire_ynh/issues> * Report a bug: <https://github.com/YunoHost-Apps/bonfire_ynh/issues>
## Developer info ## Developer info

View file

@ -18,7 +18,7 @@ Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPub Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPub
**Version incluse :** 0.1~ynh1 **Version incluse :** 0.9.8-beta.26~ynh2
**Démo :** https://playground.bonfire.cafe/ **Démo :** https://playground.bonfire.cafe/
## Documentations et ressources ## Documentations et ressources
@ -27,7 +27,7 @@ Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPu
* Documentation officielle utilisateur : <https://bonfirenetworks.org/docs/> * Documentation officielle utilisateur : <https://bonfirenetworks.org/docs/>
* Documentation officielle de ladmin : <https://bonfirenetworks.org/docs/> * Documentation officielle de ladmin : <https://bonfirenetworks.org/docs/>
* Dépôt de code officiel de lapp : <https://github.com/bonfire-networks/bonfire-app> * Dépôt de code officiel de lapp : <https://github.com/bonfire-networks/bonfire-app>
* Documentation YunoHost pour cette app : <https://yunohost.org/app_bonfire> * YunoHost Store: <https://apps.yunohost.org/app/bonfire>
* Signaler un bug : <https://github.com/YunoHost-Apps/bonfire_ynh/issues> * Signaler un bug : <https://github.com/YunoHost-Apps/bonfire_ynh/issues>
## Informations pour les développeurs ## Informations pour les développeurs

84
conf/.env Normal file
View file

@ -0,0 +1,84 @@
MIX_ENV=prod
FLAVOUR=classic
WITH_DOCKER=no
## OTHER CONFIG ##
# server domain name:
HOSTNAME=__DOMAIN__
# server port:
SERVER_PORT=__PORT__
# port your visitors will access (typically 80 or 443, will be different than SERVER_PORT only if using a reverse proxy)
PUBLIC_PORT=443
# hostname and port of meili search index
SEARCH_MEILI_INSTANCE=http://localhost:7700
# require an email address to be invited before being able to sign up
INVITE_ONLY=true
# uncomment in order to NOT automatically change the database schema when you upgrade the app
# DISABLE_DB_AUTOMIGRATION=true
# max file upload size (default is 20 meg)
UPLOAD_LIMIT=__MEDIA_UPLOAD_SIZE__
# ====================================
# You should not have to edit any of the following ones:
POSTGRES_HOST=localhost
LANG=en_US.UTF-8
LANGUAGE=en_US.UTF-8
REPLACE_OS_VARS=true
LIVEVIEW_ENABLED=true
POSTGRES_USER=__APP__
POSTGRES_DB=__APP__
ACME_AGREE=true
SHOW_DEBUG_IN_DEV=true
# PLUG_SERVER=bandit
## SECRETS ##
# make sure you change everything to your own secrets!
# and do not check this into git or any public host
# for sessions/cookies, you can generate strings for these by running: just secrets
SECRET_KEY_BASE=__SECRET_KEY_BASE__
SIGNING_SALT=__SIGNING_SALT__
ENCRYPTION_SALT=__ENCRYPTION_SALT__
# database access
POSTGRES_PASSWORD=__DB_PWD__
# password for the search index
MEILI_MASTER_KEY=__MEILI_MASTER_KEY__
# what service to use for sending out emails (eg. smtp, mailgun, none) NOTE: you should also set the corresponding keys in secrets section
MAIL_BACKEND=smtp
MAIL_DOMAIN=__DOMAIN__
MAIL_PASSWORD=__MAIL_PWD__
MAIL_USER=__APP__
MAIL_SERVER=__DOMAIN__
MAIL_PORT=587
# TODO : Configure S3 - with proper Yunohost question during installation
# Uploads
# UPLOADS_S3_BUCKET=
# UPLOADS_S3_ACCESS_KEY_ID=
# UPLOADS_S3_SECRET_ACCESS_KEY=
# telemetry API keys
# SENTRY_DSN=
OTEL_ENABLED=0
# OTEL_HONEYCOMB_API_KEY=
# OTEL_LIGHTSEP_API_KEY=
# default admin user if you generate seed data
SEEDS_USER=root
# backend stuff
ERLANG_COOKIE=bonfire_cookie
# Bonfire extensions configs
WEB_PUSH_SUBJECT=mailto:__APP__@__DOMAIN__
WEB_PUSH_PUBLIC_KEY=
WEB_PUSH_PRIVATE_KEY=
GEOLOCATE_OPENCAGEDATA=
MAPBOX_API_KEY=pk.eyJ1IjoibWF5ZWwiLCJhIjoiY2tlMmxzNXF5MGFpaDJ0bzR2M29id2EzOCJ9.QsmjD-zypsE0_wonLGCYlA
GITHUB_TOKEN=
TX_TOKEN=
## END OF SECRETS ##

View file

@ -1,9 +1,27 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location @app_upstream {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:__PORT__;
proxy_redirect off;
proxy_read_timeout 240s;
}
location __PATH__/ { location __PATH__/ {
# Path to source root /var/www/bonfire/_build/prod/rel/bonfire/lib/bonfire-0.9.8-classic-beta.26/priv/static;
alias __FINALPATH__/;
index index.html;
# Include SSOWAT user panel. # Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc; include conf.d/yunohost_panel.conf.inc;
try_files $uri $uri.html $uri/index.html $uri/ @app_upstream;
} }

52
conf/systemd.service Normal file
View file

@ -0,0 +1,52 @@
[Unit]
Description=Bonfire daemon
After=network.target
[Service]
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__INSTALL_DIR__/
Environment=NODE_ENV=production
Environment="__YNH_NODE_LOAD_PATH__"
ExecStart=just cmd __INSTALL_DIR__/_build/prod/rel/bonfire/bin/bonfire start daemon
StandardOutput=append:/var/log/__APP__/__APP__.log
StandardError=inherit
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectClock=yes
ProtectHostname=yes
ProtectProc=invisible
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

0
doc/DESCRIPTION.md Normal file
View file

View file

@ -2,10 +2,8 @@ packaging_format = 2
id = "bonfire" id = "bonfire"
name = "Bonfire" name = "Bonfire"
description.en = "Federated social networking server built on ActivityPub open protocol"
description.fr = "Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPub"
version = "0.1~ynh1" version = "0.9.8-beta.26~ynh2"
maintainers = ["Lapineige"] maintainers = ["Lapineige"]
@ -27,16 +25,15 @@ multi_instance = false
architectures = "all" architectures = "all"
ldap = false ldap = false
sso = false sso = false
disk = "1000M" disk = "2000M"
# FIXME: replace with an **estimate** minimum disk and RAM requirements. e.g. 20M, 400M, 1G, ... ram.build = "1500M"
ram.build = "500M"
ram.runtime = "500M" ram.runtime = "500M"
[install] [install]
[install.domain] [install.domain]
type = "domain" type = "domain"
ask.en = "The domain name to use. Bonfire will be installed at its root path (/). This can't be changed." help.en = "The domain name to use. Bonfire will be installed at its root path (/). This can't be changed."
ask.fr = "Nom de domaine à utiliser. Bonfire sera installé à sa racine (/). Cela ne pourra pas être changé." help.fr = "Nom de domaine à utiliser. Bonfire sera installé à sa racine (/). Cela ne pourra pas être changé."
[install.is_public] [install.is_public]
type = "boolean" type = "boolean"
@ -51,7 +48,7 @@ ram.runtime = "500M"
[install.language] [install.language]
ask.en = "Choose the application language" ask.en = "Choose the application language"
ask.fr = "Choisissez la langue de l'application" ask.fr = "Choisissez la langue de l'application"
type = "string" type = "select"
choices = ["fr", "en"] choices = ["fr", "en"]
default = "fr" default = "fr"
@ -64,7 +61,9 @@ ram.runtime = "500M"
type = "password" type = "password"
[install.media_upload_size] [install.media_upload_size]
type = "string" ask.en = "Choose the maximum size of the media uploaded. Can be changed later."
ask.fr = "Choisissez la taille maximale des médias mis en ligne. Peut-être modifié ultérieurement."
type = "select"
choices = [ choices = [
"1MB", "1MB",
"2MB", "2MB",
@ -74,12 +73,11 @@ ram.runtime = "500M"
"20MB", "20MB",
"35MB", "35MB",
"50MB", "50MB",
"70MB",
"100MB", "100MB",
"150MB" "150MB"
] ]
default = "20MB" default = "35MB"
ask.en = "Maximum size of the media uploaded. Can be changed later."
ask.fr = "Taille maximale des médias mis en ligne. Peut-être modifié ultérieurement."
[resources] [resources]
@ -91,18 +89,57 @@ ram.runtime = "500M"
[resources.sources] [resources.sources]
[resources.sources.main] [resources.sources.main]
url = "https://github.com/bonfire-networks/bonfire-app/archive/refs/tags/v0.4.0-beta.43.tar.gz" url = "https://github.com/bonfire-networks/bonfire-app/archive/289ad2d8b57a2ce9a7ce609f000b1ac5d887e7a0.tar.gz"
sha256 = "0c1b78f153c67e3b56f91a72a013e854bd87a03fbacdf3846ed1ab10a5d21a0f" sha256 = "5b79032647f9fd95465692d1de48839359dfa532a72c727f76bf03a1b68e8cdd"
[resources.ports] [resources.ports]
[resources.system_user]
allow_email = true
[resources.install_dir] [resources.install_dir]
[resources.permissions] [resources.permissions]
main.url = "/" main.url = "/"
[resources.apt] [resources.apt]
packages = "postgresql" packages = "erlang-dev erlang-parsetools erlang-os-mon erlang-tools erlang-xmerl postgresql npm node-postcss"
##### (this part is optional and corresponds to the legacy ynh_install_extra_app_dependencies helper)
### Yarn dependency (correct version)
extras.yarn.repo = "deb https://dl.yarnpkg.com/debian/ stable main"
extras.yarn.key = "https://dl.yarnpkg.com/debian/pubkey.gpg"
extras.yarn.packages = ["yarn"]
### Elixir 13 dependency - instead of v15 for now
extras.elixir13.repo = "deb https://packages.erlang-solutions.com/debian bullseye contrib"
extras.elixir13.key = "https://packages.erlang-solutions.com/debian/erlang_solutions.asc"
extras.elixir13.packages = ["elixir"]
### Elixir 15 dependency
# Bulleyes comes with v1.10 instead of v1.15 that is required
# ynh_install_extra_app_dependencies --repo="https://packages.erlang-solutions.com/debian bullseye contrib" --package="elixir-lang" --key='https://packages.erlang-solutions.com/debian/erlang_solutions.asc'
# v15 is not available in default repo. RabbitMQ repo should be used (https://elixir-lang.org/install.html). No debian simple syntax. TODO later, using the simple syntax for now
# erlang 26, for elixir v1.15
#extras.elixir15.repo = "deb https://ppa.launchpadcontent.net/rabbitmq/rabbitmq-erlang/ubuntu jammy main"
#extras.elixir15.key = "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xb279943d2a549531e144b875f77f1eda57ebb1cc"
#extras.elixir15.packages = ["elixir"]
# exlang-dev -> https://github.com/elixir-lang/ex_doc/pull/1442/files # Debian default package is newer (enough), don't use this custom repo
### Elixir 15 with mise
#extras.mise.repo = "deb https://mise.jdx.dev/deb stable main"
#extras.mise.key = "https://mise.jdx.dev/gpg-key.pub"
#extras.mise.packages = ["mise"]
### just dependency
# TODO : this is unsafe and should be dealt with in a better way.
# There is currently no proper way to install it simply on Debian 11 https://github.com/casey/just#packages
# only works for x86, we need to switch to the other option with makedeb package ?
extras.just.repo = "deb https://proget.makedeb.org prebuilt-mpr bullseye"
extras.just.key = "https://proget.makedeb.org/debian-feeds/prebuilt-mpr.pub"
extras.just.packages = ["just"]
[resources.database] [resources.database]
type = "postgresql" type = "postgresql"

View file

@ -4,6 +4,8 @@
# COMMON VARIABLES # COMMON VARIABLES
#================================================= #=================================================
nodejs_version=18
#================================================= #=================================================
# PERSONAL HELPERS # PERSONAL HELPERS
#================================================= #=================================================

41
scripts/backup Normal file
View file

@ -0,0 +1,41 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
ynh_print_info --message="Declaring files to be backed up..."
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup --src_path="$install_dir"
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP THE POSTGRESQL DATABASE
#=================================================
ynh_print_info --message="Backing up the PostgreSQL database..."
ynh_psql_dump_db --database="$db_name" > db.sql
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."

View file

@ -9,130 +9,22 @@
source _common.sh source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
language=$YNH_APP_ARG_LANGUAGE
admin=$YNH_APP_ARG_ADMIN
password=$YNH_APP_ARG_PASSWORD
media_upload_size=$YNH_APP_ARG_MEDIA_UPLOAD_SIZE
### If it's a multi-instance app, meaning it can be installed several times independently
### The id of the app as stated in the manifest is available as $YNH_APP_ID
### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...)
### The app instance name is available as $YNH_APP_INSTANCE_NAME
### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
### - ynhexample__{N} for the subsequent installations, with N=3,4...
### The app instance name is probably what interests you most, since this is
### guaranteed to be unique. This is a good unique identifier to define installation path,
### db names...
app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
### About --weight and --time
### ynh_script_progression will show to your final users the progression of each scripts.
### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script.
### --time is a packager option, it will show you the execution time since the previous call.
### This option is implied when running in CI_package_check, you can manually add it if you are manually testing the app.
### Use the execution time displayed in the CI report or by adding --time to the command, to estimate the weight of a step.
### A common way to do it is to set a weight equal to the execution time in second +1.
### The execution time is given for the durationt since the previous call. So the weight should be applied to this previous call.
ynh_script_progression --message="Validating installation parameters..." --weight=1
### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app"
test ! -e "$install_dir" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=language --value=$language
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=media_upload_size --value=$media_upload_size
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding an available port..." --weight=1
### Use these lines if you have to open a port for the application
### `ynh_find_port` will find the first available port starting from the given port.
### If you're not using these lines:
### - Remove the section "CLOSE A PORT" in the remove script
# Find an available port
port=$(ynh_find_port --port=8095)
ynh_app_setting_set --app=$app --key=port --value=$port
# Optional: Expose this port publicly
# (N.B.: you only need to do this if the app actually needs to expose the port publicly.
# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !)
# Open the port
# ynh_script_progression --message="Configuring firewall..." --weight=1
# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
#================================================= #=================================================
# INSTALL DEPENDENCIES # INSTALL DEPENDENCIES
#================================================= #=================================================
ynh_script_progression --message="Installing dependencies..." --weight=1 ynh_script_progression --message="Installing nodejs..."
ynh_install_app_dependencies $pkg_dependencies ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
ynh_use_nodejs
# ynh_script_progression --message="Installing extra dependencies…" --weight=1
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user
ynh_system_user_create --username=$app --home_dir="$install_dir"
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
ynh_script_progression --message="Setting up source files..." --weight=1 ynh_script_progression --message="Setting up source files..." --weight=1
### `ynh_setup_source` is used to install an app from a zip or tar.gz file,
### downloaded from an upstream source, like a git repository.
### `ynh_setup_source` use the file conf/app.src
ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$install_dir" ynh_setup_source --dest_dir="$install_dir"
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir" chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir" chown -R $app:www-data "$install_dir"
@ -141,124 +33,86 @@ chown -R $app:www-data "$install_dir"
#================================================= #=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1 ynh_script_progression --message="Configuring NGINX web server..." --weight=1
### `ynh_add_nginx_config` will use the file conf/nginx.conf
# Create a dedicated NGINX config # Create a dedicated NGINX config
ynh_add_nginx_config ynh_add_nginx_config
#=================================================
# ADD A CONFIGURATION
#=================================================
## Generate secrets and other config values
secret_key_base=$(ynh_string_random --length=50)
signing_salt=$(ynh_string_random --length=50)
encryption_salt=$(ynh_string_random --length=50)
# search
meili_master_key=$(ynh_string_random --length=50)
# max file upload size
MEDIA_UPLOAD_SIZE="${media_upload_size//[!0-9]/}000000"
ynh_script_progression --message="Adding a configuration file..." --weight=1
ynh_add_config --template="../conf/.env" --destination="$install_dir/.env"
ynh_store_file_checksum --file="$install_dir/.env"
chmod 400 "$install_dir/.env"
chown $app:$app "$install_dir/.env"
#================================================= #=================================================
# SPECIFIC SETUP # SPECIFIC SETUP
#================================================= #=================================================
# Configuration files
#=================================================
config="$install_dir/.config" source $install_dir/.env
env_file="$install_dir/.env" export WITH_DOCKER=no # or source .env ? # Using this for now
export MIX_ENV=prod FLAVOUR=classic ynh_script_progression --message="Configuring Bonfire release..." --weight=1
cd $install_dir
ynh_exec_warn_less just config #ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "mise plugin add erlang https://github.com/asdf-vm/asdf-erlang.git" # add erlang as source
# generate secrets #ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "mise install" # install Elixir
ynh_replace_string --match_string="SECRET_KEY_BASE=you-should-put-a-secure-string-here" --replace_string="SECRET_KEY_BASE=$(openssl rand -base64 128)" --target_file="$env_file" ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH mix local.hex --force" # install Hex in non-interractive way
ynh_replace_string --match_string="SIGNING_SALT=you-should-put-a-different-secure-string-here" --replace_string="SIGNING_SALT=$(openssl rand -base64 128)" --target_file="$env_file" ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just config-basic"
ynh_replace_string --match_string="ENCRYPTION_SALT=you-should-put-yet-another-secure-string-here" --replace_string="ENCRYPTION_SALT=$(openssl rand -base64 128)" --target_file="$env_file" #ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just mix bonfire.deps .update"
# Configure server ports
ynh_replace_string --match_string="HOSTNAME=localhost" --replace_string="HOSTNAME=$domain" --target_file="$env_file"
# TODO : mail service ?
ynh_replace_string --match_string="SERVER_PORT=4000" --replace_string="SERVER_PORT^=$port" --target_file="$env_file"
ynh_replace_string --match_string="PUBLIC_PORT=4000" --replace_string="PUBLIC_PORT=443" --target_file="$env_file"
# TODO : Configure S3 - with proper Yunohost question during installation
# UPLOADS_S3_BUCKET=
# UPLOADS_S3_ACCESS_KEY_ID=
# UPLOADS_S3_SECRET_ACCESS_KEY=
# max file upload size
UPLOAD_LIMIT="${media_upload_size:0:2}000000" # convert the MB argument in bytes
#================================================= #=================================================
# Configure the release # Building the release
#================================================= #=================================================
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix deps.get --only prod ynh_script_progression --message="Building Bonfire release... (This will take a long time)" --weight=1
export TERM=linux # why is that not defined ?
ynh_exec_warn_less just js-deps-get export TERMINFO=/etc/terminfo
ynh_exec_warn_less just assets-prepare ### DONT USE GLOBAL NPM INSTALL
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix phx.digest ynh_replace_string --match_string="npm install --global" --replace_string="npm install" --target_file="$install_dir/justfile"
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just rel-build"
# create an elexir release
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix release
#================================================= #=================================================
# Run the release # START SYSTEMD SERVICE - Run the release
#================================================= #=================================================
release_folder="$install_dir/_build/prod/rel/bonfire/" release_folder="_build/prod/rel/bonfire"
# Database created before, let's run the migrations ### Not running the migration, they are done on startup anyway
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "$release_folder/bin/bonfire eval 'EctoSparkles.Migrator.migrate()'" #ynh_script_progression --message="Running database migrations..." --weight=1
## Database created before, let's run the migrations
#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no just cmd $release_folder/bin/bonfire eval 'EctoSparkles.Migrator.migrate()'"
# start bonfire as a daemon #ynh_script_progression --message="Starting Bonfire..." --weight=1
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "$release_folder/bin/bonfire start daemon" #ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no just cmd $release_folder/bin/bonfire start"
#================================================= mkdir -p "/var/log/$app"
# GENERIC FINALIZATION chown -R $app:$app "/var/log/$app"
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=1
### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
### Use this helper only if there is effectively a log file for this app.
### If you're not using this helper:
### - Remove the section "BACKUP LOGROTATE" in the backup script
### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
### - And the section "SETUP LOGROTATE" in the upgrade script
# Use logrotate to manage application logfile(s) # Use logrotate to manage application logfile(s)
ynh_use_logrotate ynh_use_logrotate
#================================================= # Create a dedicated systemd config
# SETUP FAIL2BAN ynh_add_systemd_config
#=================================================
ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
# Create a dedicated Fail2Ban config yunohost service add $app --description="Bonfire daemon" --log="/var/log/$app/$app.log"
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
#================================================= ynh_script_progression --message="Starting Bonfire daemon service..." --weight=1
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1
# Make app public if necessary # Start a systemd service
if [ $is_public -eq 1 ] ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="[info] Running Bonfire.Web.Endpoint"
then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors"
fi
### N.B. : the following extra permissions only make sense if your app
### does have for example an admin interface or an API.
# Only the admin can access the admin panel of the app (if the app has an admin panel)
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
# Everyone can access the API part
# We don't want to display the tile in the SSO so we put --show_tile="false"
# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true"
ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_script_progression --message="Installation of $app completed" --last ynh_script_progression --message="Installation of $app completed" --weight=1
ynh_script_progression --message="Now you need to sign-up, the first account will automatically be admin." --last

View file

@ -9,128 +9,37 @@
source _common.sh source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
port=$(ynh_app_setting_get --app=$app --key=port)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#================================================= #=================================================
# REMOVE DEDICATED USER # REMOVE DEDICATED USER
#================================================= #=================================================
ynh_script_progression --message="Stop Bonfire..." --weight=1 ynh_script_progression --message="Stoping Bonfire..." --weight=1
# start bonfire as a daemon # stop bonfire daemon
"$release_folder/bin/bonfire stop" "$release_folder/bin/bonfire stop"
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..." --weight=1
# Remove the app-specific logrotate config
ynh_remove_logrotate
#================================================= #=================================================
# REMOVE THE POSTGRESQL DATABASE # REMOVE SYSTEM CONFIGURATIONS SERVICE
#================================================= #=================================================
ynh_script_progression --message="Removing the PostgreSQL database..." --weight=1 ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
# Remove a database if it exists, along with the associated user # Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
ynh_psql_remove_db --db_user=$db_user --db_name=$db_name if ynh_exec_warn_less yunohost service status $app >/dev/null
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..." --weight=1
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE DATA DIR
#=================================================
# Remove the data directory if --purge option is used
if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
then then
ynh_script_progression --message="Removing app data directory..." --weight=1 ynh_script_progression --message="Removing $app service integration..." --weight=1
ynh_secure_remove --file="$datadir" yunohost service remove $app
fi fi
#================================================= ynh_remove_systemd_config
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
# Remove the dedicated NGINX config # Remove the dedicated NGINX config
ynh_remove_nginx_config ynh_remove_nginx_config
#================================================= ynh_remove_logrotate
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
# CLOSE A PORT
#=================================================
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $port..." --weight=1
ynh_exec_warn_less yunohost firewall disallow TCP $port
fi
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1
# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config
#=================================================
# SPECIFIC REMOVE
#=================================================
# REMOVE VARIOUS FILES
#=================================================
ynh_script_progression --message="Removing various files..." --weight=1
# Remove a cron file
ynh_secure_remove --file="/etc/cron.d/$app"
# Remove a directory securely
ynh_secure_remove --file="/etc/$app"
# Remove the log files
ynh_secure_remove --file="/var/log/$app" ynh_secure_remove --file="/var/log/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..." --weight=1
# Delete a system user
ynh_system_user_delete --username=$app
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

67
scripts/restore Normal file
View file

@ -0,0 +1,67 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_restore_file --origin_path="$install_dir"
chown -R $app:www-data "$install_dir"
#=================================================
# RESTORE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1
ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
#=================================================
# RESTORE SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet
mkdir -p "/var/log/$app"
chown -R $app:$app "/var/log/$app"
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
yunohost service add $app --description="Bonfire daemon" --log="/var/log/$app/$app.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting Bonfire daemon service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="[info] Running Bonfire.Web.Endpoint"
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE
#=================================================
ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --last

90
scripts/upgrade Normal file
View file

@ -0,0 +1,90 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
#=================================================
# "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...)
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..." --weight=1
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$install_dir"
fi
chown -R $app:www-data "$install_dir"
#=================================================
# Building the release
#=================================================
ynh_script_progression --message="Building Bonfire release... (This will take a long time)" --weight=1
export TERM=linux # why is that not defined ?
export TERMINFO=/etc/terminfo
### DONT USE GLOBAL NPM INSTALL
ynh_replace_string --match_string="npm install --global" --replace_string="npm install" --target_file="$install_dir/justfile"
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just rel-build"
#=================================================
# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...)
#=================================================
# UPDATE A CONFIG FILE
#=================================================
ynh_script_progression --message="Updating a configuration file... (this will remove any manual change you could have made before)" --weight=1
ynh_add_config --template=".env" --destination="$install_dir/.env"
chmod 400 "$install_dir/.env"
chown $app:$app "$install_dir/.env"
#=================================================
# REAPPLY SYSTEM CONFIGURATIONS + Run the service
#=================================================
ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
# Create a dedicated systemd config
ynh_add_systemd_config
mkdir -p "/var/log/$app"
chown -R $app:$app "/var/log/$app"
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
# Create a dedicated systemd config
ynh_add_systemd_config
yunohost service add $app --description="Bonfire daemon" --log="/var/log/$app/$app.log"
ynh_script_progression --message="Starting Bonfire daemon service..." --weight=1
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="[info] Running Bonfire.Web.Endpoint"
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last