mirror of
https://github.com/YunoHost-Apps/bonfire_ynh.git
synced 2024-09-03 18:16:01 +02:00
commit
23299efba2
13 changed files with 482 additions and 328 deletions
|
@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
|
||||||
|
|
||||||
Federated social networking server built on ActivityPub open protocol
|
Federated social networking server built on ActivityPub open protocol
|
||||||
|
|
||||||
**Shipped version:** 0.1~ynh1
|
**Shipped version:** 0.9.8-beta.26~ynh2
|
||||||
|
|
||||||
**Demo:** https://playground.bonfire.cafe/
|
**Demo:** https://playground.bonfire.cafe/
|
||||||
## Documentation and resources
|
## Documentation and resources
|
||||||
|
@ -27,7 +27,7 @@ Federated social networking server built on ActivityPub open protocol
|
||||||
* Official user documentation: <https://bonfirenetworks.org/docs/>
|
* Official user documentation: <https://bonfirenetworks.org/docs/>
|
||||||
* Official admin documentation: <https://bonfirenetworks.org/docs/>
|
* Official admin documentation: <https://bonfirenetworks.org/docs/>
|
||||||
* Upstream app code repository: <https://github.com/bonfire-networks/bonfire-app>
|
* Upstream app code repository: <https://github.com/bonfire-networks/bonfire-app>
|
||||||
* YunoHost documentation for this app: <https://yunohost.org/app_bonfire>
|
* YunoHost Store: <https://apps.yunohost.org/app/bonfire>
|
||||||
* Report a bug: <https://github.com/YunoHost-Apps/bonfire_ynh/issues>
|
* Report a bug: <https://github.com/YunoHost-Apps/bonfire_ynh/issues>
|
||||||
|
|
||||||
## Developer info
|
## Developer info
|
||||||
|
|
|
@ -18,7 +18,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
|
||||||
|
|
||||||
Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPub
|
Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPub
|
||||||
|
|
||||||
**Version incluse :** 0.1~ynh1
|
**Version incluse :** 0.9.8-beta.26~ynh2
|
||||||
|
|
||||||
**Démo :** https://playground.bonfire.cafe/
|
**Démo :** https://playground.bonfire.cafe/
|
||||||
## Documentations et ressources
|
## Documentations et ressources
|
||||||
|
@ -27,7 +27,7 @@ Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPu
|
||||||
* Documentation officielle utilisateur : <https://bonfirenetworks.org/docs/>
|
* Documentation officielle utilisateur : <https://bonfirenetworks.org/docs/>
|
||||||
* Documentation officielle de l’admin : <https://bonfirenetworks.org/docs/>
|
* Documentation officielle de l’admin : <https://bonfirenetworks.org/docs/>
|
||||||
* Dépôt de code officiel de l’app : <https://github.com/bonfire-networks/bonfire-app>
|
* Dépôt de code officiel de l’app : <https://github.com/bonfire-networks/bonfire-app>
|
||||||
* Documentation YunoHost pour cette app : <https://yunohost.org/app_bonfire>
|
* YunoHost Store: <https://apps.yunohost.org/app/bonfire>
|
||||||
* Signaler un bug : <https://github.com/YunoHost-Apps/bonfire_ynh/issues>
|
* Signaler un bug : <https://github.com/YunoHost-Apps/bonfire_ynh/issues>
|
||||||
|
|
||||||
## Informations pour les développeurs
|
## Informations pour les développeurs
|
||||||
|
|
84
conf/.env
Normal file
84
conf/.env
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
MIX_ENV=prod
|
||||||
|
FLAVOUR=classic
|
||||||
|
|
||||||
|
WITH_DOCKER=no
|
||||||
|
|
||||||
|
## OTHER CONFIG ##
|
||||||
|
# server domain name:
|
||||||
|
HOSTNAME=__DOMAIN__
|
||||||
|
# server port:
|
||||||
|
SERVER_PORT=__PORT__
|
||||||
|
# port your visitors will access (typically 80 or 443, will be different than SERVER_PORT only if using a reverse proxy)
|
||||||
|
PUBLIC_PORT=443
|
||||||
|
# hostname and port of meili search index
|
||||||
|
SEARCH_MEILI_INSTANCE=http://localhost:7700
|
||||||
|
# require an email address to be invited before being able to sign up
|
||||||
|
INVITE_ONLY=true
|
||||||
|
|
||||||
|
# uncomment in order to NOT automatically change the database schema when you upgrade the app
|
||||||
|
# DISABLE_DB_AUTOMIGRATION=true
|
||||||
|
# max file upload size (default is 20 meg)
|
||||||
|
UPLOAD_LIMIT=__MEDIA_UPLOAD_SIZE__
|
||||||
|
# ====================================
|
||||||
|
# You should not have to edit any of the following ones:
|
||||||
|
POSTGRES_HOST=localhost
|
||||||
|
LANG=en_US.UTF-8
|
||||||
|
LANGUAGE=en_US.UTF-8
|
||||||
|
REPLACE_OS_VARS=true
|
||||||
|
LIVEVIEW_ENABLED=true
|
||||||
|
POSTGRES_USER=__APP__
|
||||||
|
POSTGRES_DB=__APP__
|
||||||
|
ACME_AGREE=true
|
||||||
|
SHOW_DEBUG_IN_DEV=true
|
||||||
|
# PLUG_SERVER=bandit
|
||||||
|
## SECRETS ##
|
||||||
|
# make sure you change everything to your own secrets!
|
||||||
|
# and do not check this into git or any public host
|
||||||
|
|
||||||
|
# for sessions/cookies, you can generate strings for these by running: just secrets
|
||||||
|
SECRET_KEY_BASE=__SECRET_KEY_BASE__
|
||||||
|
SIGNING_SALT=__SIGNING_SALT__
|
||||||
|
ENCRYPTION_SALT=__ENCRYPTION_SALT__
|
||||||
|
|
||||||
|
# database access
|
||||||
|
POSTGRES_PASSWORD=__DB_PWD__
|
||||||
|
|
||||||
|
# password for the search index
|
||||||
|
MEILI_MASTER_KEY=__MEILI_MASTER_KEY__
|
||||||
|
|
||||||
|
# what service to use for sending out emails (eg. smtp, mailgun, none) NOTE: you should also set the corresponding keys in secrets section
|
||||||
|
MAIL_BACKEND=smtp
|
||||||
|
MAIL_DOMAIN=__DOMAIN__
|
||||||
|
MAIL_PASSWORD=__MAIL_PWD__
|
||||||
|
MAIL_USER=__APP__
|
||||||
|
MAIL_SERVER=__DOMAIN__
|
||||||
|
MAIL_PORT=587
|
||||||
|
|
||||||
|
# TODO : Configure S3 - with proper Yunohost question during installation
|
||||||
|
# Uploads
|
||||||
|
# UPLOADS_S3_BUCKET=
|
||||||
|
# UPLOADS_S3_ACCESS_KEY_ID=
|
||||||
|
# UPLOADS_S3_SECRET_ACCESS_KEY=
|
||||||
|
|
||||||
|
# telemetry API keys
|
||||||
|
# SENTRY_DSN=
|
||||||
|
OTEL_ENABLED=0
|
||||||
|
# OTEL_HONEYCOMB_API_KEY=
|
||||||
|
# OTEL_LIGHTSEP_API_KEY=
|
||||||
|
|
||||||
|
# default admin user if you generate seed data
|
||||||
|
SEEDS_USER=root
|
||||||
|
|
||||||
|
# backend stuff
|
||||||
|
ERLANG_COOKIE=bonfire_cookie
|
||||||
|
|
||||||
|
# Bonfire extensions configs
|
||||||
|
WEB_PUSH_SUBJECT=mailto:__APP__@__DOMAIN__
|
||||||
|
WEB_PUSH_PUBLIC_KEY=
|
||||||
|
WEB_PUSH_PRIVATE_KEY=
|
||||||
|
GEOLOCATE_OPENCAGEDATA=
|
||||||
|
MAPBOX_API_KEY=pk.eyJ1IjoibWF5ZWwiLCJhIjoiY2tlMmxzNXF5MGFpaDJ0bzR2M29id2EzOCJ9.QsmjD-zypsE0_wonLGCYlA
|
||||||
|
GITHUB_TOKEN=
|
||||||
|
TX_TOKEN=
|
||||||
|
|
||||||
|
## END OF SECRETS ##
|
|
@ -1,9 +1,27 @@
|
||||||
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
|
location @app_upstream {
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
|
||||||
|
proxy_pass http://127.0.0.1:__PORT__;
|
||||||
|
proxy_redirect off;
|
||||||
|
proxy_read_timeout 240s;
|
||||||
|
}
|
||||||
|
|
||||||
location __PATH__/ {
|
location __PATH__/ {
|
||||||
|
|
||||||
# Path to source
|
root /var/www/bonfire/_build/prod/rel/bonfire/lib/bonfire-0.9.8-classic-beta.26/priv/static;
|
||||||
alias __FINALPATH__/;
|
|
||||||
|
index index.html;
|
||||||
|
|
||||||
# Include SSOWAT user panel.
|
# Include SSOWAT user panel.
|
||||||
include conf.d/yunohost_panel.conf.inc;
|
include conf.d/yunohost_panel.conf.inc;
|
||||||
|
|
||||||
|
|
||||||
|
try_files $uri $uri.html $uri/index.html $uri/ @app_upstream;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
52
conf/systemd.service
Normal file
52
conf/systemd.service
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Bonfire daemon
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User=__APP__
|
||||||
|
Group=__APP__
|
||||||
|
WorkingDirectory=__INSTALL_DIR__/
|
||||||
|
Environment=NODE_ENV=production
|
||||||
|
Environment="__YNH_NODE_LOAD_PATH__"
|
||||||
|
ExecStart=just cmd __INSTALL_DIR__/_build/prod/rel/bonfire/bin/bonfire start daemon
|
||||||
|
StandardOutput=append:/var/log/__APP__/__APP__.log
|
||||||
|
StandardError=inherit
|
||||||
|
|
||||||
|
# Sandboxing options to harden security
|
||||||
|
# Depending on specificities of your service/app, you may need to tweak these
|
||||||
|
# .. but this should be a good baseline
|
||||||
|
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||||
|
NoNewPrivileges=yes
|
||||||
|
PrivateTmp=yes
|
||||||
|
PrivateDevices=yes
|
||||||
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
||||||
|
RestrictNamespaces=yes
|
||||||
|
RestrictRealtime=yes
|
||||||
|
DevicePolicy=closed
|
||||||
|
ProtectClock=yes
|
||||||
|
ProtectHostname=yes
|
||||||
|
ProtectProc=invisible
|
||||||
|
ProtectSystem=full
|
||||||
|
ProtectControlGroups=yes
|
||||||
|
ProtectKernelModules=yes
|
||||||
|
ProtectKernelTunables=yes
|
||||||
|
LockPersonality=yes
|
||||||
|
SystemCallArchitectures=native
|
||||||
|
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
|
||||||
|
|
||||||
|
# Denying access to capabilities that should not be relevant for webapps
|
||||||
|
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||||
|
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||||
|
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||||
|
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||||
|
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||||
|
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||||
|
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
0
doc/DESCRIPTION.md
Normal file
0
doc/DESCRIPTION.md
Normal file
|
@ -2,10 +2,8 @@ packaging_format = 2
|
||||||
|
|
||||||
id = "bonfire"
|
id = "bonfire"
|
||||||
name = "Bonfire"
|
name = "Bonfire"
|
||||||
description.en = "Federated social networking server built on ActivityPub open protocol"
|
|
||||||
description.fr = "Serveur de réseautage social fédéré basé sur le protocole ouvert ActivityPub"
|
|
||||||
|
|
||||||
version = "0.1~ynh1"
|
version = "0.9.8-beta.26~ynh2"
|
||||||
|
|
||||||
maintainers = ["Lapineige"]
|
maintainers = ["Lapineige"]
|
||||||
|
|
||||||
|
@ -27,16 +25,15 @@ multi_instance = false
|
||||||
architectures = "all"
|
architectures = "all"
|
||||||
ldap = false
|
ldap = false
|
||||||
sso = false
|
sso = false
|
||||||
disk = "1000M"
|
disk = "2000M"
|
||||||
# FIXME: replace with an **estimate** minimum disk and RAM requirements. e.g. 20M, 400M, 1G, ...
|
ram.build = "1500M"
|
||||||
ram.build = "500M"
|
|
||||||
ram.runtime = "500M"
|
ram.runtime = "500M"
|
||||||
|
|
||||||
[install]
|
[install]
|
||||||
[install.domain]
|
[install.domain]
|
||||||
type = "domain"
|
type = "domain"
|
||||||
ask.en = "The domain name to use. Bonfire will be installed at its root path (/). This can't be changed."
|
help.en = "The domain name to use. Bonfire will be installed at its root path (/). This can't be changed."
|
||||||
ask.fr = "Nom de domaine à utiliser. Bonfire sera installé à sa racine (/). Cela ne pourra pas être changé."
|
help.fr = "Nom de domaine à utiliser. Bonfire sera installé à sa racine (/). Cela ne pourra pas être changé."
|
||||||
|
|
||||||
[install.is_public]
|
[install.is_public]
|
||||||
type = "boolean"
|
type = "boolean"
|
||||||
|
@ -51,7 +48,7 @@ ram.runtime = "500M"
|
||||||
[install.language]
|
[install.language]
|
||||||
ask.en = "Choose the application language"
|
ask.en = "Choose the application language"
|
||||||
ask.fr = "Choisissez la langue de l'application"
|
ask.fr = "Choisissez la langue de l'application"
|
||||||
type = "string"
|
type = "select"
|
||||||
choices = ["fr", "en"]
|
choices = ["fr", "en"]
|
||||||
default = "fr"
|
default = "fr"
|
||||||
|
|
||||||
|
@ -64,7 +61,9 @@ ram.runtime = "500M"
|
||||||
type = "password"
|
type = "password"
|
||||||
|
|
||||||
[install.media_upload_size]
|
[install.media_upload_size]
|
||||||
type = "string"
|
ask.en = "Choose the maximum size of the media uploaded. Can be changed later."
|
||||||
|
ask.fr = "Choisissez la taille maximale des médias mis en ligne. Peut-être modifié ultérieurement."
|
||||||
|
type = "select"
|
||||||
choices = [
|
choices = [
|
||||||
"1MB",
|
"1MB",
|
||||||
"2MB",
|
"2MB",
|
||||||
|
@ -74,12 +73,11 @@ ram.runtime = "500M"
|
||||||
"20MB",
|
"20MB",
|
||||||
"35MB",
|
"35MB",
|
||||||
"50MB",
|
"50MB",
|
||||||
|
"70MB",
|
||||||
"100MB",
|
"100MB",
|
||||||
"150MB"
|
"150MB"
|
||||||
]
|
]
|
||||||
default = "20MB"
|
default = "35MB"
|
||||||
ask.en = "Maximum size of the media uploaded. Can be changed later."
|
|
||||||
ask.fr = "Taille maximale des médias mis en ligne. Peut-être modifié ultérieurement."
|
|
||||||
|
|
||||||
[resources]
|
[resources]
|
||||||
|
|
||||||
|
@ -91,18 +89,57 @@ ram.runtime = "500M"
|
||||||
[resources.sources]
|
[resources.sources]
|
||||||
|
|
||||||
[resources.sources.main]
|
[resources.sources.main]
|
||||||
url = "https://github.com/bonfire-networks/bonfire-app/archive/refs/tags/v0.4.0-beta.43.tar.gz"
|
url = "https://github.com/bonfire-networks/bonfire-app/archive/289ad2d8b57a2ce9a7ce609f000b1ac5d887e7a0.tar.gz"
|
||||||
sha256 = "0c1b78f153c67e3b56f91a72a013e854bd87a03fbacdf3846ed1ab10a5d21a0f"
|
sha256 = "5b79032647f9fd95465692d1de48839359dfa532a72c727f76bf03a1b68e8cdd"
|
||||||
|
|
||||||
[resources.ports]
|
[resources.ports]
|
||||||
|
|
||||||
|
[resources.system_user]
|
||||||
|
allow_email = true
|
||||||
|
|
||||||
[resources.install_dir]
|
[resources.install_dir]
|
||||||
|
|
||||||
[resources.permissions]
|
[resources.permissions]
|
||||||
main.url = "/"
|
main.url = "/"
|
||||||
|
|
||||||
|
|
||||||
[resources.apt]
|
[resources.apt]
|
||||||
packages = "postgresql"
|
packages = "erlang-dev erlang-parsetools erlang-os-mon erlang-tools erlang-xmerl postgresql npm node-postcss"
|
||||||
|
|
||||||
|
##### (this part is optional and corresponds to the legacy ynh_install_extra_app_dependencies helper)
|
||||||
|
|
||||||
|
### Yarn dependency (correct version)
|
||||||
|
extras.yarn.repo = "deb https://dl.yarnpkg.com/debian/ stable main"
|
||||||
|
extras.yarn.key = "https://dl.yarnpkg.com/debian/pubkey.gpg"
|
||||||
|
extras.yarn.packages = ["yarn"]
|
||||||
|
|
||||||
|
|
||||||
|
### Elixir 13 dependency - instead of v15 for now
|
||||||
|
extras.elixir13.repo = "deb https://packages.erlang-solutions.com/debian bullseye contrib"
|
||||||
|
extras.elixir13.key = "https://packages.erlang-solutions.com/debian/erlang_solutions.asc"
|
||||||
|
extras.elixir13.packages = ["elixir"]
|
||||||
|
### Elixir 15 dependency
|
||||||
|
# Bulleyes comes with v1.10 instead of v1.15 that is required
|
||||||
|
# ynh_install_extra_app_dependencies --repo="https://packages.erlang-solutions.com/debian bullseye contrib" --package="elixir-lang" --key='https://packages.erlang-solutions.com/debian/erlang_solutions.asc'
|
||||||
|
# v15 is not available in default repo. RabbitMQ repo should be used (https://elixir-lang.org/install.html). No debian simple syntax. TODO later, using the simple syntax for now
|
||||||
|
# erlang 26, for elixir v1.15
|
||||||
|
#extras.elixir15.repo = "deb https://ppa.launchpadcontent.net/rabbitmq/rabbitmq-erlang/ubuntu jammy main"
|
||||||
|
#extras.elixir15.key = "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xb279943d2a549531e144b875f77f1eda57ebb1cc"
|
||||||
|
#extras.elixir15.packages = ["elixir"]
|
||||||
|
# exlang-dev -> https://github.com/elixir-lang/ex_doc/pull/1442/files # Debian default package is newer (enough), don't use this custom repo
|
||||||
|
### Elixir 15 with mise
|
||||||
|
#extras.mise.repo = "deb https://mise.jdx.dev/deb stable main"
|
||||||
|
#extras.mise.key = "https://mise.jdx.dev/gpg-key.pub"
|
||||||
|
#extras.mise.packages = ["mise"]
|
||||||
|
|
||||||
|
### just dependency
|
||||||
|
# TODO : this is unsafe and should be dealt with in a better way.
|
||||||
|
# There is currently no proper way to install it simply on Debian 11 https://github.com/casey/just#packages
|
||||||
|
# only works for x86, we need to switch to the other option with makedeb package ?
|
||||||
|
extras.just.repo = "deb https://proget.makedeb.org prebuilt-mpr bullseye"
|
||||||
|
extras.just.key = "https://proget.makedeb.org/debian-feeds/prebuilt-mpr.pub"
|
||||||
|
extras.just.packages = ["just"]
|
||||||
|
|
||||||
|
|
||||||
[resources.database]
|
[resources.database]
|
||||||
type = "postgresql"
|
type = "postgresql"
|
||||||
|
|
|
@ -4,6 +4,8 @@
|
||||||
# COMMON VARIABLES
|
# COMMON VARIABLES
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
|
nodejs_version=18
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# PERSONAL HELPERS
|
# PERSONAL HELPERS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
41
scripts/backup
Normal file
41
scripts/backup
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC START
|
||||||
|
#=================================================
|
||||||
|
# IMPORT GENERIC HELPERS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
|
||||||
|
source ../settings/scripts/_common.sh
|
||||||
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# DECLARE DATA AND CONF FILES TO BACKUP
|
||||||
|
#=================================================
|
||||||
|
ynh_print_info --message="Declaring files to be backed up..."
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# BACKUP THE APP MAIN DIR
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_backup --src_path="$install_dir"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# BACKUP THE NGINX CONFIGURATION
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# BACKUP THE POSTGRESQL DATABASE
|
||||||
|
#=================================================
|
||||||
|
ynh_print_info --message="Backing up the PostgreSQL database..."
|
||||||
|
|
||||||
|
ynh_psql_dump_db --database="$db_name" > db.sql
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# END OF SCRIPT
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
|
260
scripts/install
260
scripts/install
|
@ -9,130 +9,22 @@
|
||||||
source _common.sh
|
source _common.sh
|
||||||
source /usr/share/yunohost/helpers
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# MANAGE SCRIPT FAILURE
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Exit if an error occurs during the execution of the script
|
|
||||||
ynh_abort_if_errors
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
domain=$YNH_APP_ARG_DOMAIN
|
|
||||||
path_url=$YNH_APP_ARG_PATH
|
|
||||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
|
||||||
language=$YNH_APP_ARG_LANGUAGE
|
|
||||||
admin=$YNH_APP_ARG_ADMIN
|
|
||||||
password=$YNH_APP_ARG_PASSWORD
|
|
||||||
|
|
||||||
media_upload_size=$YNH_APP_ARG_MEDIA_UPLOAD_SIZE
|
|
||||||
|
|
||||||
### If it's a multi-instance app, meaning it can be installed several times independently
|
|
||||||
### The id of the app as stated in the manifest is available as $YNH_APP_ID
|
|
||||||
### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...)
|
|
||||||
### The app instance name is available as $YNH_APP_INSTANCE_NAME
|
|
||||||
### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
|
|
||||||
### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
|
|
||||||
### - ynhexample__{N} for the subsequent installations, with N=3,4...
|
|
||||||
### The app instance name is probably what interests you most, since this is
|
|
||||||
### guaranteed to be unique. This is a good unique identifier to define installation path,
|
|
||||||
### db names...
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
|
||||||
#=================================================
|
|
||||||
### About --weight and --time
|
|
||||||
### ynh_script_progression will show to your final users the progression of each scripts.
|
|
||||||
### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script.
|
|
||||||
### --time is a packager option, it will show you the execution time since the previous call.
|
|
||||||
### This option is implied when running in CI_package_check, you can manually add it if you are manually testing the app.
|
|
||||||
### Use the execution time displayed in the CI report or by adding --time to the command, to estimate the weight of a step.
|
|
||||||
### A common way to do it is to set a weight equal to the execution time in second +1.
|
|
||||||
### The execution time is given for the durationt since the previous call. So the weight should be applied to this previous call.
|
|
||||||
ynh_script_progression --message="Validating installation parameters..." --weight=1
|
|
||||||
|
|
||||||
### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
|
|
||||||
### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app"
|
|
||||||
test ! -e "$install_dir" || ynh_die --message="This path already contains a folder"
|
|
||||||
|
|
||||||
# Register (book) web path
|
|
||||||
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# STORE SETTINGS FROM MANIFEST
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Storing installation settings..." --weight=1
|
|
||||||
|
|
||||||
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
|
||||||
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
|
||||||
ynh_app_setting_set --app=$app --key=language --value=$language
|
|
||||||
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
|
||||||
ynh_app_setting_set --app=$app --key=media_upload_size --value=$media_upload_size
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# STANDARD MODIFICATIONS
|
|
||||||
#=================================================
|
|
||||||
# FIND AND OPEN A PORT
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Finding an available port..." --weight=1
|
|
||||||
|
|
||||||
### Use these lines if you have to open a port for the application
|
|
||||||
### `ynh_find_port` will find the first available port starting from the given port.
|
|
||||||
### If you're not using these lines:
|
|
||||||
### - Remove the section "CLOSE A PORT" in the remove script
|
|
||||||
|
|
||||||
# Find an available port
|
|
||||||
port=$(ynh_find_port --port=8095)
|
|
||||||
ynh_app_setting_set --app=$app --key=port --value=$port
|
|
||||||
|
|
||||||
# Optional: Expose this port publicly
|
|
||||||
# (N.B.: you only need to do this if the app actually needs to expose the port publicly.
|
|
||||||
# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !)
|
|
||||||
|
|
||||||
# Open the port
|
|
||||||
# ynh_script_progression --message="Configuring firewall..." --weight=1
|
|
||||||
# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# INSTALL DEPENDENCIES
|
# INSTALL DEPENDENCIES
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Installing dependencies..." --weight=1
|
ynh_script_progression --message="Installing nodejs..."
|
||||||
|
|
||||||
ynh_install_app_dependencies $pkg_dependencies
|
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
|
||||||
|
ynh_use_nodejs
|
||||||
# ynh_script_progression --message="Installing extra dependencies…" --weight=1
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CREATE DEDICATED USER
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Configuring system user..." --weight=1
|
|
||||||
|
|
||||||
# Create a system user
|
|
||||||
ynh_system_user_create --username=$app --home_dir="$install_dir"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Setting up source files..." --weight=1
|
ynh_script_progression --message="Setting up source files..." --weight=1
|
||||||
|
|
||||||
### `ynh_setup_source` is used to install an app from a zip or tar.gz file,
|
|
||||||
### downloaded from an upstream source, like a git repository.
|
|
||||||
### `ynh_setup_source` use the file conf/app.src
|
|
||||||
|
|
||||||
ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir
|
|
||||||
# Download, check integrity, uncompress and patch the source from app.src
|
# Download, check integrity, uncompress and patch the source from app.src
|
||||||
ynh_setup_source --dest_dir="$install_dir"
|
ynh_setup_source --dest_dir="$install_dir"
|
||||||
|
|
||||||
# FIXME: this should be managed by the core in the future
|
|
||||||
# Here, as a packager, you may have to tweak the ownerhsip/permissions
|
|
||||||
# such that the appropriate users (e.g. maybe www-data) can access
|
|
||||||
# files in some cases.
|
|
||||||
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
|
|
||||||
# this will be treated as a security issue.
|
|
||||||
chmod 750 "$install_dir"
|
|
||||||
chmod -R o-rwx "$install_dir"
|
chmod -R o-rwx "$install_dir"
|
||||||
chown -R $app:www-data "$install_dir"
|
chown -R $app:www-data "$install_dir"
|
||||||
|
|
||||||
|
@ -141,124 +33,86 @@ chown -R $app:www-data "$install_dir"
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
|
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
|
||||||
|
|
||||||
### `ynh_add_nginx_config` will use the file conf/nginx.conf
|
|
||||||
|
|
||||||
# Create a dedicated NGINX config
|
# Create a dedicated NGINX config
|
||||||
ynh_add_nginx_config
|
ynh_add_nginx_config
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# ADD A CONFIGURATION
|
||||||
|
#=================================================
|
||||||
|
## Generate secrets and other config values
|
||||||
|
secret_key_base=$(ynh_string_random --length=50)
|
||||||
|
signing_salt=$(ynh_string_random --length=50)
|
||||||
|
encryption_salt=$(ynh_string_random --length=50)
|
||||||
|
# search
|
||||||
|
meili_master_key=$(ynh_string_random --length=50)
|
||||||
|
# max file upload size
|
||||||
|
MEDIA_UPLOAD_SIZE="${media_upload_size//[!0-9]/}000000"
|
||||||
|
|
||||||
|
ynh_script_progression --message="Adding a configuration file..." --weight=1
|
||||||
|
|
||||||
|
ynh_add_config --template="../conf/.env" --destination="$install_dir/.env"
|
||||||
|
ynh_store_file_checksum --file="$install_dir/.env"
|
||||||
|
|
||||||
|
chmod 400 "$install_dir/.env"
|
||||||
|
chown $app:$app "$install_dir/.env"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SPECIFIC SETUP
|
# SPECIFIC SETUP
|
||||||
#=================================================
|
#=================================================
|
||||||
# Configuration files
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
config="$install_dir/.config"
|
source $install_dir/.env
|
||||||
env_file="$install_dir/.env"
|
export WITH_DOCKER=no # or source .env ? # Using this for now
|
||||||
|
|
||||||
export MIX_ENV=prod FLAVOUR=classic
|
ynh_script_progression --message="Configuring Bonfire release..." --weight=1
|
||||||
|
cd $install_dir
|
||||||
ynh_exec_warn_less just config
|
#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "mise plugin add erlang https://github.com/asdf-vm/asdf-erlang.git" # add erlang as source
|
||||||
# generate secrets
|
#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "mise install" # install Elixir
|
||||||
ynh_replace_string --match_string="SECRET_KEY_BASE=you-should-put-a-secure-string-here" --replace_string="SECRET_KEY_BASE=$(openssl rand -base64 128)" --target_file="$env_file"
|
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH mix local.hex --force" # install Hex in non-interractive way
|
||||||
ynh_replace_string --match_string="SIGNING_SALT=you-should-put-a-different-secure-string-here" --replace_string="SIGNING_SALT=$(openssl rand -base64 128)" --target_file="$env_file"
|
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just config-basic"
|
||||||
ynh_replace_string --match_string="ENCRYPTION_SALT=you-should-put-yet-another-secure-string-here" --replace_string="ENCRYPTION_SALT=$(openssl rand -base64 128)" --target_file="$env_file"
|
#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just mix bonfire.deps .update"
|
||||||
|
|
||||||
# Configure server ports
|
|
||||||
ynh_replace_string --match_string="HOSTNAME=localhost" --replace_string="HOSTNAME=$domain" --target_file="$env_file"
|
|
||||||
# TODO : mail service ?
|
|
||||||
ynh_replace_string --match_string="SERVER_PORT=4000" --replace_string="SERVER_PORT^=$port" --target_file="$env_file"
|
|
||||||
ynh_replace_string --match_string="PUBLIC_PORT=4000" --replace_string="PUBLIC_PORT=443" --target_file="$env_file"
|
|
||||||
|
|
||||||
# TODO : Configure S3 - with proper Yunohost question during installation
|
|
||||||
# UPLOADS_S3_BUCKET=
|
|
||||||
# UPLOADS_S3_ACCESS_KEY_ID=
|
|
||||||
# UPLOADS_S3_SECRET_ACCESS_KEY=
|
|
||||||
|
|
||||||
# max file upload size
|
|
||||||
UPLOAD_LIMIT="${media_upload_size:0:2}000000" # convert the MB argument in bytes
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# Configure the release
|
# Building the release
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix deps.get --only prod
|
ynh_script_progression --message="Building Bonfire release... (This will take a long time)" --weight=1
|
||||||
|
export TERM=linux # why is that not defined ?
|
||||||
ynh_exec_warn_less just js-deps-get
|
export TERMINFO=/etc/terminfo
|
||||||
ynh_exec_warn_less just assets-prepare
|
### DONT USE GLOBAL NPM INSTALL
|
||||||
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix phx.digest
|
ynh_replace_string --match_string="npm install --global" --replace_string="npm install" --target_file="$install_dir/justfile"
|
||||||
|
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just rel-build"
|
||||||
# create an elexir release
|
|
||||||
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc mix release
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# Run the release
|
# START SYSTEMD SERVICE - Run the release
|
||||||
#=================================================
|
#=================================================
|
||||||
release_folder="$install_dir/_build/prod/rel/bonfire/"
|
release_folder="_build/prod/rel/bonfire"
|
||||||
|
|
||||||
# Database created before, let's run the migrations
|
### Not running the migration, they are done on startup anyway
|
||||||
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "$release_folder/bin/bonfire eval 'EctoSparkles.Migrator.migrate()'"
|
#ynh_script_progression --message="Running database migrations..." --weight=1
|
||||||
|
## Database created before, let's run the migrations
|
||||||
|
#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no just cmd $release_folder/bin/bonfire eval 'EctoSparkles.Migrator.migrate()'"
|
||||||
|
|
||||||
# start bonfire as a daemon
|
#ynh_script_progression --message="Starting Bonfire..." --weight=1
|
||||||
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "$release_folder/bin/bonfire start daemon"
|
#ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no just cmd $release_folder/bin/bonfire start"
|
||||||
|
|
||||||
#=================================================
|
mkdir -p "/var/log/$app"
|
||||||
# GENERIC FINALIZATION
|
chown -R $app:$app "/var/log/$app"
|
||||||
#=================================================
|
|
||||||
# SETUP LOGROTATE
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Configuring log rotation..." --weight=1
|
|
||||||
|
|
||||||
### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
|
|
||||||
### Use this helper only if there is effectively a log file for this app.
|
|
||||||
### If you're not using this helper:
|
|
||||||
### - Remove the section "BACKUP LOGROTATE" in the backup script
|
|
||||||
### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
|
|
||||||
### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
|
|
||||||
### - And the section "SETUP LOGROTATE" in the upgrade script
|
|
||||||
|
|
||||||
# Use logrotate to manage application logfile(s)
|
# Use logrotate to manage application logfile(s)
|
||||||
ynh_use_logrotate
|
ynh_use_logrotate
|
||||||
|
|
||||||
#=================================================
|
# Create a dedicated systemd config
|
||||||
# SETUP FAIL2BAN
|
ynh_add_systemd_config
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
|
|
||||||
|
|
||||||
# Create a dedicated Fail2Ban config
|
yunohost service add $app --description="Bonfire daemon" --log="/var/log/$app/$app.log"
|
||||||
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
|
|
||||||
|
|
||||||
#=================================================
|
ynh_script_progression --message="Starting Bonfire daemon service..." --weight=1
|
||||||
# SETUP SSOWAT
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Configuring permissions..." --weight=1
|
|
||||||
|
|
||||||
# Make app public if necessary
|
# Start a systemd service
|
||||||
if [ $is_public -eq 1 ]
|
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="[info] Running Bonfire.Web.Endpoint"
|
||||||
then
|
|
||||||
# Everyone can access the app.
|
|
||||||
# The "main" permission is automatically created before the install script.
|
|
||||||
ynh_permission_update --permission="main" --add="visitors"
|
|
||||||
fi
|
|
||||||
|
|
||||||
### N.B. : the following extra permissions only make sense if your app
|
|
||||||
### does have for example an admin interface or an API.
|
|
||||||
|
|
||||||
# Only the admin can access the admin panel of the app (if the app has an admin panel)
|
|
||||||
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
|
|
||||||
|
|
||||||
# Everyone can access the API part
|
|
||||||
# We don't want to display the tile in the SSO so we put --show_tile="false"
|
|
||||||
# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true"
|
|
||||||
ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# RELOAD NGINX
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
|
|
||||||
|
|
||||||
ynh_systemd_action --service_name=nginx --action=reload
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# END OF SCRIPT
|
# END OF SCRIPT
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
ynh_script_progression --message="Installation of $app completed" --last
|
ynh_script_progression --message="Installation of $app completed" --weight=1
|
||||||
|
ynh_script_progression --message="Now you need to sign-up, the first account will automatically be admin." --last
|
||||||
|
|
111
scripts/remove
111
scripts/remove
|
@ -9,128 +9,37 @@
|
||||||
source _common.sh
|
source _common.sh
|
||||||
source /usr/share/yunohost/helpers
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# LOAD SETTINGS
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Loading installation settings..." --weight=1
|
|
||||||
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
|
||||||
|
|
||||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|
||||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
|
||||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
|
||||||
db_user=$db_name
|
|
||||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
|
||||||
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
|
|
||||||
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# REMOVE DEDICATED USER
|
# REMOVE DEDICATED USER
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Stop Bonfire..." --weight=1
|
ynh_script_progression --message="Stoping Bonfire..." --weight=1
|
||||||
|
|
||||||
# start bonfire as a daemon
|
# stop bonfire daemon
|
||||||
"$release_folder/bin/bonfire stop"
|
"$release_folder/bin/bonfire stop"
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# STANDARD REMOVE
|
|
||||||
#=================================================
|
|
||||||
# REMOVE LOGROTATE CONFIGURATION
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing logrotate configuration..." --weight=1
|
|
||||||
|
|
||||||
# Remove the app-specific logrotate config
|
|
||||||
ynh_remove_logrotate
|
|
||||||
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# REMOVE THE POSTGRESQL DATABASE
|
# REMOVE SYSTEM CONFIGURATIONS SERVICE
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Removing the PostgreSQL database..." --weight=1
|
ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
|
||||||
|
|
||||||
# Remove a database if it exists, along with the associated user
|
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
|
||||||
ynh_psql_remove_db --db_user=$db_user --db_name=$db_name
|
if ynh_exec_warn_less yunohost service status $app >/dev/null
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REMOVE APP MAIN DIR
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing app main directory..." --weight=1
|
|
||||||
|
|
||||||
# Remove the app directory securely
|
|
||||||
ynh_secure_remove --file="$final_path"
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REMOVE DATA DIR
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Remove the data directory if --purge option is used
|
|
||||||
if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
|
|
||||||
then
|
then
|
||||||
ynh_script_progression --message="Removing app data directory..." --weight=1
|
ynh_script_progression --message="Removing $app service integration..." --weight=1
|
||||||
ynh_secure_remove --file="$datadir"
|
yunohost service remove $app
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
ynh_remove_systemd_config
|
||||||
# REMOVE NGINX CONFIGURATION
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
|
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
|
||||||
|
|
||||||
# Remove the dedicated NGINX config
|
# Remove the dedicated NGINX config
|
||||||
ynh_remove_nginx_config
|
ynh_remove_nginx_config
|
||||||
|
|
||||||
#=================================================
|
ynh_remove_logrotate
|
||||||
# REMOVE DEPENDENCIES
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing dependencies..." --weight=1
|
|
||||||
|
|
||||||
# Remove metapackage and its dependencies
|
|
||||||
ynh_remove_app_dependencies
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CLOSE A PORT
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
if yunohost firewall list | grep -q "\- $port$"
|
|
||||||
then
|
|
||||||
ynh_script_progression --message="Closing port $port..." --weight=1
|
|
||||||
ynh_exec_warn_less yunohost firewall disallow TCP $port
|
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REMOVE FAIL2BAN CONFIGURATION
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1
|
|
||||||
|
|
||||||
# Remove the dedicated Fail2Ban config
|
|
||||||
ynh_remove_fail2ban_config
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SPECIFIC REMOVE
|
|
||||||
#=================================================
|
|
||||||
# REMOVE VARIOUS FILES
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing various files..." --weight=1
|
|
||||||
|
|
||||||
# Remove a cron file
|
|
||||||
ynh_secure_remove --file="/etc/cron.d/$app"
|
|
||||||
|
|
||||||
# Remove a directory securely
|
|
||||||
ynh_secure_remove --file="/etc/$app"
|
|
||||||
|
|
||||||
# Remove the log files
|
|
||||||
ynh_secure_remove --file="/var/log/$app"
|
ynh_secure_remove --file="/var/log/$app"
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# GENERIC FINALIZATION
|
|
||||||
#=================================================
|
|
||||||
# REMOVE DEDICATED USER
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
ynh_script_progression --message="Removing the dedicated system user..." --weight=1
|
|
||||||
|
|
||||||
# Delete a system user
|
|
||||||
ynh_system_user_delete --username=$app
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# END OF SCRIPT
|
# END OF SCRIPT
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
67
scripts/restore
Normal file
67
scripts/restore
Normal file
|
@ -0,0 +1,67 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC START
|
||||||
|
#=================================================
|
||||||
|
# IMPORT GENERIC HELPERS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
|
||||||
|
source ../settings/scripts/_common.sh
|
||||||
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RESTORE THE APP MAIN DIR
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Restoring the app main directory..." --weight=1
|
||||||
|
|
||||||
|
ynh_restore_file --origin_path="$install_dir"
|
||||||
|
|
||||||
|
chown -R $app:www-data "$install_dir"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RESTORE THE POSTGRESQL DATABASE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1
|
||||||
|
|
||||||
|
ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RESTORE SYSTEM CONFIGURATIONS
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
|
||||||
|
|
||||||
|
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||||
|
|
||||||
|
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
|
||||||
|
systemctl enable $app.service --quiet
|
||||||
|
|
||||||
|
mkdir -p "/var/log/$app"
|
||||||
|
chown -R $app:$app "/var/log/$app"
|
||||||
|
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
|
||||||
|
|
||||||
|
yunohost service add $app --description="Bonfire daemon" --log="/var/log/$app/$app.log"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# START SYSTEMD SERVICE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Starting Bonfire daemon service..." --weight=1
|
||||||
|
|
||||||
|
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="[info] Running Bonfire.Web.Endpoint"
|
||||||
|
|
||||||
|
ynh_systemd_action --service_name=nginx --action=reload
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC FINALIZATION
|
||||||
|
#=================================================
|
||||||
|
# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1
|
||||||
|
|
||||||
|
ynh_systemd_action --service_name=nginx --action=reload
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# END OF SCRIPT
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_script_progression --message="Restoration completed for $app" --last
|
90
scripts/upgrade
Normal file
90
scripts/upgrade
Normal file
|
@ -0,0 +1,90 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC START
|
||||||
|
#=================================================
|
||||||
|
# IMPORT GENERIC HELPERS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
source _common.sh
|
||||||
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
|
upgrade_type=$(ynh_check_app_version_changed)
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# STOP SYSTEMD SERVICE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Stopping a systemd service..."
|
||||||
|
|
||||||
|
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...)
|
||||||
|
#=================================================
|
||||||
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
||||||
|
then
|
||||||
|
ynh_script_progression --message="Upgrading source files..." --weight=1
|
||||||
|
|
||||||
|
# Download, check integrity, uncompress and patch the source from app.src
|
||||||
|
ynh_setup_source --dest_dir="$install_dir"
|
||||||
|
fi
|
||||||
|
|
||||||
|
chown -R $app:www-data "$install_dir"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# Building the release
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Building Bonfire release... (This will take a long time)" --weight=1
|
||||||
|
export TERM=linux # why is that not defined ?
|
||||||
|
export TERMINFO=/etc/terminfo
|
||||||
|
### DONT USE GLOBAL NPM INSTALL
|
||||||
|
ynh_replace_string --match_string="npm install --global" --replace_string="npm install" --target_file="$install_dir/justfile"
|
||||||
|
ynh_exec_warn_less ynh_exec_as $app -s $SHELL -lc "WITH_DOCKER=no $ynh_node_load_PATH just rel-build"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...)
|
||||||
|
#=================================================
|
||||||
|
# UPDATE A CONFIG FILE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Updating a configuration file... (this will remove any manual change you could have made before)" --weight=1
|
||||||
|
|
||||||
|
ynh_add_config --template=".env" --destination="$install_dir/.env"
|
||||||
|
|
||||||
|
chmod 400 "$install_dir/.env"
|
||||||
|
chown $app:$app "$install_dir/.env"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# REAPPLY SYSTEM CONFIGURATIONS + Run the service
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1
|
||||||
|
|
||||||
|
# Create a dedicated NGINX config
|
||||||
|
ynh_add_nginx_config
|
||||||
|
|
||||||
|
# Create a dedicated systemd config
|
||||||
|
ynh_add_systemd_config
|
||||||
|
|
||||||
|
mkdir -p "/var/log/$app"
|
||||||
|
chown -R $app:$app "/var/log/$app"
|
||||||
|
|
||||||
|
# Use logrotate to manage app-specific logfile(s)
|
||||||
|
ynh_use_logrotate --non-append
|
||||||
|
|
||||||
|
# Create a dedicated systemd config
|
||||||
|
ynh_add_systemd_config
|
||||||
|
|
||||||
|
yunohost service add $app --description="Bonfire daemon" --log="/var/log/$app/$app.log"
|
||||||
|
|
||||||
|
ynh_script_progression --message="Starting Bonfire daemon service..." --weight=1
|
||||||
|
|
||||||
|
# Start a systemd service
|
||||||
|
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="[info] Running Bonfire.Web.Endpoint"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# END OF SCRIPT
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_script_progression --message="Upgrade of $app completed" --last
|
Loading…
Add table
Reference in a new issue