1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/bookstack_ynh.git synced 2024-09-03 18:16:02 +02:00

Admin ldap (#51)

Define admin during install
    Add LDAP
    Add config panel
This commit is contained in:
Éric Gaspar 2022-02-01 14:30:36 +01:00 committed by GitHub
parent d356606f0d
commit 78125512e6
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 225 additions and 28 deletions

View file

@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
BookStack is an opinionated wiki system that provides a pleasant and simple out of the box experience. New users to an instance should find the experience intuitive and only basic word-processing skills should be required to get involved in creating content on BookStack. The platform should provide advanced power features to those that desire it but they should not interfere with the core simple user experience.
**Shipped version:** 21.12.3~ynh1
**Shipped version:** 21.12.4~ynh1
**Demo:** https://demo.bookstackapp.com
@ -30,9 +30,12 @@ BookStack is an opinionated wiki system that provides a pleasant and simple out
## Configuration
For the first time Login, use the default credentials `admin@admin.com` and `password`. You should change these details immediately after logging in for the first time.
BookStack uses LDAP authentication by default.
* How to configure this app: From an admin panel, a plain file with SSH, or any other way.
You can switch to standard authentication in the webadmin -> bookstack -> config panel setting
For the first time Login with standard authentication, use the default credentials `admin@admin.com` and `password`. You should change these details immediately after logging in for the first time.
* How to configure this app: From an admin panel, a plain file with SSH, or config panel.
## Documentation and resources

View file

@ -14,7 +14,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
BookStack is an opinionated wiki system that provides a pleasant and simple out of the box experience. New users to an instance should find the experience intuitive and only basic word-processing skills should be required to get involved in creating content on BookStack. The platform should provide advanced power features to those that desire it but they should not interfere with the core simple user experience.
**Version incluse :** 21.12.3~ynh1
**Version incluse :** 21.12.4~ynh1
**Démo :** https://demo.bookstackapp.com
@ -24,9 +24,7 @@ BookStack is an opinionated wiki system that provides a pleasant and simple out
## Avertissements / informations importantes
## Configuration
Login using the default admin details `admin@admin.com` with a password of `password`. You should change these details immediately after logging in for the first time.
## Documentations et ressources

View file

@ -2,6 +2,8 @@
; Manifest
domain="domain.tld"
path="/path"
admin="john"
password="1Strong-Password"
language="fr"
is_public=1
; Checks
@ -12,7 +14,6 @@
setup_private=1
setup_public=1
upgrade=1
#Testing
upgrade=1 from_commit=aaa9c9534b01a210989aceb4ad4d2b9c585be6df
backup_restore=1
multi_instance=0

View file

@ -45,11 +45,11 @@ MAIL_FROM=bookstack@__DOMAIN__
MAIL_HOST=localhost
MAIL_PORT=25
MAIL_USERNAME=bookstack
MAIL_PASSWORD="__MAIL_PWD__"
MAIL_PASSWORD=__MAIL_PWD__
MAIL_ENCRYPTION=null
# General auth
AUTH_METHOD=standard
AUTH_METHOD=__AUTH_METHOD__
# LDAP authentication configuration
# Refer to https://www.bookstackapp.com/docs/admin/ldap-auth/
@ -57,7 +57,7 @@ LDAP_SERVER=ldap://127.0.0.1:389
LDAP_BASE_DN=ou=users,dc=yunohost,dc=org
LDAP_DN=false
LDAP_PASS=false
LDAP_USER_FILTER=(&(|(objectclass=posixAccount))(uid={{username}})(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))
LDAP_USER_FILTER=(&(uid=${user}))
LDAP_VERSION=3
LDAP_TLS_INSECURE=false
LDAP_ID_ATTRIBUTE=uid
@ -76,3 +76,11 @@ REDIS_SERVERS=127.0.0.1:6379:__REDIS_DB__
# Storage system to use
# Can be 'local', 'local_secure' or 's3'
STORAGE_TYPE=local
# Default item listing view
# Used for public visitors and user's without a preference
# Can be 'list' or 'grid'
APP_VIEWS_BOOKS=list
APP_VIEWS_BOOKSHELVES=grid

View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/BookStackApp/BookStack/archive/refs/tags/v21.12.3.tar.gz
SOURCE_SUM=c6182009052069b62e1c70307bc030cc22439ef1da29baf6a315690093693557
SOURCE_URL=https://github.com/BookStackApp/BookStack/archive/refs/tags/v21.12.4.tar.gz
SOURCE_SUM=3af6ee1dbcdcd519dc2e42b277c845678162154f7f15d37457d62e6e8f7eea5a
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true

35
config_panel.toml Normal file
View file

@ -0,0 +1,35 @@
version = "1.0"
[main]
name = "Bookstack configuration"
[main.auth_config]
name = "Athentication configuration"
[main.auth_config.auth_method]
ask = "General auth"
choices = ["standard", "ldap"]
default = "ldap"
help = "Select an authentication method to connect to BookStack."
bind = "AUTH_METHOD:__FINALPATH__/.env"
[main.php_fpm_config]
name = "PHP-FPM configuration"
[main.php_fpm_config.fpm_footprint]
ask = "Memory footprint of the service?"
choices = ["low", "medium", "high", "specific"]
default = "low"
help = "low <= 20Mb per pool. medium between 20Mb and 40Mb per pool. high > 40Mb per pool.<br>Use specific to set a value with the following option."
[main.php_fpm_config.free_footprint]
ask = "Memory footprint of the service?"
type = "number"
default = "0"
help = "Free field to specify exactly the footprint in Mb if you don't want to use one of the three previous values."
[main.php_fpm_config.fpm_usage]
ask = "Expected usage of the service?"
choices = ["low", "medium", "high"]
default = "low"
help = "low: Personal usage, behind the SSO. No RAM footprint when not used, but the impact on the processor can be high if many users are using the service.<br>medium: Low usage, few people or/and publicly accessible. Low RAM footprint, medium processor footprint when used.<br>high: High usage, frequently visited website. High RAM footprint, but lower on processor usage and quickly responding."

View file

@ -1,5 +1,8 @@
## Configuration
For the first time Login, use the default credentials `admin@admin.com` and `password`. You should change these details immediately after logging in for the first time.
BookStack uses LDAP authentication by default.
* How to configure this app: From an admin panel, a plain file with SSH, or any other way.
You can switch to standard authentication in the webadmin -> bookstack -> config panel setting
For the first time Login with standard authentication, use the default credentials `admin@admin.com` and `password`. You should change these details immediately after logging in for the first time.
* How to configure this app: From an admin panel, a plain file with SSH, or config panel.

View file

@ -1,3 +1 @@
## Configuration
Login using the default admin details `admin@admin.com` with a password of `password`. You should change these details immediately after logging in for the first time.

View file

@ -6,7 +6,7 @@
"en": "Platform to create documentation/wiki content",
"fr": "Plateforme pour créer du contenu de documentation/wiki"
},
"version": "21.12.3~ynh1",
"version": "21.12.4~ynh1",
"url": "https://www.bookstackapp.com/",
"upstream": {
"license": "MIT",
@ -26,7 +26,7 @@
"multi_instance": false,
"services": [
"nginx",
"php7.3-fpm",
"php8.0-fpm",
"mysql"
],
"arguments": {
@ -40,6 +40,14 @@
"example": "/bookstack",
"default": "/bookstack"
},
{
"name": "admin",
"type": "user"
},
{
"name": "password",
"type": "password"
},
{
"name": "language",
"type": "string",

95
scripts/config Normal file
View file

@ -0,0 +1,95 @@
#!/bin/bash
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
current_fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
#=================================================
# SPECIFIC GETTERS FOR TOML SHORT KEY
#=================================================
get__fpm_footprint() {
# Free footprint value for php-fpm
# Check if current_fpm_footprint is an integer
if [ "$current_fpm_footprint" -eq "$current_fpm_footprint" ] 2> /dev/null
then
echo "specific"
else
echo "$current_fpm_footprint"
fi
}
get__free_footprint() {
# Free footprint value for php-fpm
# Check if current_fpm_footprint is an integer
if [ "$current_fpm_footprint" -eq "$current_fpm_footprint" ] 2> /dev/null
then
# If current_fpm_footprint is an integer, that's a numeric value for the footprint
echo "$current_fpm_footprint"
else
echo "0"
fi
}
#=================================================
# SPECIFIC SETTERS FOR TOML SHORT KEYS
#=================================================
set__fpm_footprint() {
if [ "$fpm_footprint" != "specific" ]
then
ynh_app_setting_set --app=$app --key=fpm_footprint --value="$fpm_footprint"
fi
}
set__free_footprint() {
if [ "$fpm_footprint" == "specific" ]
then
ynh_app_setting_set --app=$app --key=fpm_footprint --value="$free_footprint"
fi
}
#=================================================
# GENERIC FINALIZATION
#=================================================
ynh_app_config_validate() {
_ynh_app_config_validate
if [ "${changed[fpm_usage]}" == "true" ] || [ "${changed[fpm_footprint]}" == "true" ] || [ "${changed[free_footprint]}" == "true" ]; then
# If fpm_footprint is set to 'specific', use $free_footprint value.
if [ "$fpm_footprint" == "specific" ]
then
fpm_footprint=$free_footprint
fi
if [ "$fpm_footprint" == "0" ]
then
ynh_print_err --message="When selecting 'specific', you have to set a footprint value into the field below."
exit 0
fi
fi
}
ynh_app_config_apply() {
_ynh_app_config_apply
ynh_add_fpm_config --phpversion=$phpversion --usage=$fpm_usage --footprint=$fpm_footprint
}
ynh_app_config_run $1

View file

@ -28,9 +28,14 @@ phpversion=$YNH_PHP_VERSION
timezone="$(cat /etc/timezone)"
redis_db=$(ynh_redis_get_free_db)
mail_pwd=$(ynh_string_random --length=12)
admin=$YNH_APP_ARG_ADMIN
email=$(ynh_user_get_info --username=$admin --key=mail)
password=$YNH_APP_ARG_PASSWORD
app=$YNH_APP_INSTANCE_NAME
auth_method="ldap"
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
@ -50,7 +55,9 @@ ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=language --value=$language
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=redis_db --value=$redis_db
ynh_app_setting_set --app=$app --key=auth_method --value=$auth_method
#=================================================
# INSTALL DEPENDENCIES
@ -86,11 +93,6 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
# Set permissions to app files
chmod 755 $final_path
chmod -R o-rwx $final_path
chown -R $app:www-data $final_path
#=================================================
# NGINX CONFIGURATION
#=================================================
@ -105,7 +107,7 @@ ynh_add_nginx_config
ynh_script_progression --message="Configuring PHP-FPM..." --weight=2
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
ynh_add_fpm_config --usage=low --footprint=low
#=================================================
# INSTALL LYCHEE WITH COMPOSER
@ -133,8 +135,15 @@ ynh_script_progression --message="Install BookStack" --weight=5
pushd $final_path
php$phpversion artisan key:generate --no-interaction --force
php$phpversion artisan migrate --no-interaction --force
php$phpversion artisan bookstack:create-admin --email="$email" --name="$admin" --external-auth-id="$admin"
popd
# Set permissions to app files
chmod 755 $final_path
chmod -R o-rwx $final_path
chown -R $app:www-data $final_path
chown $app:$app $final_path/.env
#=================================================
# SETUP SSOWAT
#=================================================

View file

@ -29,6 +29,9 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
phpversion=$YNH_PHP_VERSION
fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
@ -80,6 +83,9 @@ ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=5
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
# Recreate a dedicated php-fpm config
ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint --phpversion=$phpversion
#=================================================
# RESTORE THE MYSQL DATABASE
#=================================================

View file

@ -24,9 +24,14 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
phpversion=$YNH_PHP_VERSION
timezone="$(cat /etc/timezone)"
redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
mail_pwd=$(ynh_string_random --length=12)
fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
auth_method=$(ynh_app_setting_get --app=$app --key=auth_method)
#=================================================
# CHECK VERSION
#=================================================
@ -52,6 +57,24 @@ ynh_abort_if_errors
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
# If fpm_footprint doesn't exist, create it
if [ -z "$fpm_footprint" ]; then
fpm_footprint=low
ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint
fi
# If fpm_usage doesn't exist, create it
if [ -z "$fpm_usage" ]; then
fpm_usage=low
ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage
fi
# If auth_method doesn't exist, create it
if [ -z "$auth_method" ]; then
auth_method="standard"
ynh_app_setting_set --app=$app --key=auth_method --value=$auth_method
fi
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
@ -76,7 +99,7 @@ then
ynh_script_progression --message="Upgrading source files..." --weight=1
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path" --keep="$final_path/.env $final_path/public/uploads $final_path/storage/uploads"
ynh_setup_source --dest_dir="$final_path" --keep="$final_path/public/uploads $final_path/storage/uploads"
fi
#=================================================
@ -100,7 +123,7 @@ ynh_install_app_dependencies $pkg_dependencies
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint
#=================================================
# INSTALL LYCHEE WITH COMPOSER
@ -108,7 +131,17 @@ ynh_add_fpm_config
ynh_script_progression --message="Installing BookStack with Composer..." --weight=5
# Install composer
ynh_install_composer --install_args="--no-dev"
ynh_install_composer --phpversion=$phpversion --workdir=$final_path --install_args="--no-dev"
#=================================================
# MODIFY A CONFIG FILE
#=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
app_url_domain="https://$domain${path_url%/}"
ynh_add_config --template=../conf/.env.example --destination=$final_path/.env
chmod 600 $final_path/.env
#=================================================
# FINAL BOOKSTACK INSTALL
@ -126,7 +159,7 @@ popd
chmod 755 $final_path
chmod -R o-rwx $final_path
chown -R $app:www-data $final_path
#chmod 600 $final_path/.env
chown $app:$app $final_path/.env
#=================================================
# RELOAD NGINX