diff --git a/ALL_README.md b/ALL_README.md index 77b7509..a01b345 100644 --- a/ALL_README.md +++ b/ALL_README.md @@ -4,3 +4,4 @@ - [Irakurri README euskaraz](README_eu.md) - [Lire le README en français](README_fr.md) - [Le o README en galego](README_gl.md) +- [阅读中文(简体)的 README](README_zh_Hans.md) diff --git a/README_zh_Hans.md b/README_zh_Hans.md new file mode 100644 index 0000000..0c1b8a6 --- /dev/null +++ b/README_zh_Hans.md @@ -0,0 +1,48 @@ + + +# YunoHost 上的 BorgWarehouse + +[![集成程度](https://dash.yunohost.org/integration/borgwarehouse.svg)](https://dash.yunohost.org/appci/app/borgwarehouse) ![工作状态](https://ci-apps.yunohost.org/ci/badges/borgwarehouse.status.svg) ![维护状态](https://ci-apps.yunohost.org/ci/badges/borgwarehouse.maintain.svg) + +[![使用 YunoHost 安装 BorgWarehouse](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=borgwarehouse) + +*[阅读此 README 的其它语言版本。](./ALL_README.md)* + +> *通过此软件包,您可以在 YunoHost 服务器上快速、简单地安装 BorgWarehouse。* +> *如果您还没有 YunoHost,请参阅[指南](https://yunohost.org/install)了解如何安装它。* + +## 概况 + +BorgWarhouse is a fast and modern WebUI for a BorgBackup's central repository server. + + +**分发版本:** 2.2.1~ynh1 + +## 截图 + +![BorgWarehouse 的截图](./doc/screenshots/screenshot.png) + +## 文档与资源 + +- 官方应用网站: +- 官方管理文档: +- 上游应用代码库: +- YunoHost 商店: +- 报告 bug: + +## 开发者信息 + +请向 [`testing` 分支](https://github.com/YunoHost-Apps/borgwarehouse_ynh/tree/testing) 发送拉取请求。 + +如要尝试 `testing` 分支,请这样操作: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/borgwarehouse_ynh/tree/testing --debug +或 +sudo yunohost app upgrade borgwarehouse -u https://github.com/YunoHost-Apps/borgwarehouse_ynh/tree/testing --debug +``` + +**有关应用打包的更多信息:** diff --git a/conf/.env b/conf/.env index 53534b7..979ae75 100644 --- a/conf/.env +++ b/conf/.env @@ -2,6 +2,10 @@ NEXTAUTH_URL=https://__DOMAIN__ NEXTAUTH_SECRET='__SECRET__' CRONJOB_KEY='__CRON_KEY__' + +# Base directory +home=/home/yunohost.app/__APP__ + # Wizard's variables UNIX_USER=__APP__ FQDN=__DOMAIN__ @@ -9,6 +13,7 @@ SSH_SERVER_PORT=__SSH_PORT__ SSH_SERVER_FINGERPRINT_RSA=__RSA_KEY__ SSH_SERVER_FINGERPRINT_ED25519=__ED25519_KEY__ SSH_SERVER_FINGERPRINT_ECDSA=__ECDSA_KEY__ + # SMTP's variables MAIL_SMTP_FROM=borgwarehouse@__MAIN_DOMAIN__ MAIL_SMTP_HOST=__MAIN_DOMAIN__ @@ -16,5 +21,6 @@ MAIL_SMTP_PORT=25 MAIL_SMTP_LOGIN=__APP__ MAIL_SMTP_PWD=__MAIL_PWD__ MAIL_REJECT_SELFSIGNED_TLS=true + # Disable NextJS telemetry NEXT_TELEMETRY_DISABLED=1 \ No newline at end of file diff --git a/conf/systemd.service b/conf/systemd.service index 9360a93..cf70664 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,45 +7,11 @@ After=network.target Type=simple User=__APP__ Group=__APP__ -Environment="PATH=__ENV_PATH__" -WorkingDirectory=__INSTALL_DIR__/app +Environment="__YNH_NODE_LOAD_PATH__" +WorkingDirectory=/home/yunohost.app/__APP__/app Environment=PORT=__PORT__ ExecStart=__YNH_NPM__ run start Restart=on-failure -# Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline -# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html -NoNewPrivileges=yes -PrivateTmp=yes -PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK -RestrictNamespaces=yes -RestrictRealtime=yes -DevicePolicy=closed -ProtectClock=yes -ProtectHostname=yes -ProtectProc=invisible -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -LockPersonality=yes -SystemCallArchitectures=native -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged - -# Denying access to capabilities that should not be relevant for webapps -# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html -CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD -CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE -CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT -CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK -CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM -CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG -CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE -CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG - [Install] WantedBy=multi-user.target diff --git a/manifest.toml b/manifest.toml index b899617..d01e949 100644 --- a/manifest.toml +++ b/manifest.toml @@ -49,6 +49,8 @@ ram.runtime = "50M" [resources.system_user] allow_email = true + allow_ssh = true + home = "/home/yunohost.app/__APP__" [resources.install_dir] diff --git a/scripts/backup b/scripts/backup index a07766f..4d90835 100755 --- a/scripts/backup +++ b/scripts/backup @@ -19,7 +19,14 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$install_dir" +ynh_backup --src_path="/home/yunohost.app/$app/app" +ynh_backup --src_path="/home/yunohost.app/$app/.ssh" + +#================================================= +# BACKUP THE REPOS DIRECTORY +#================================================= + +ynh_backup --src_path="/home/yunohost.app/$app/repos" --is_big #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/change_url b/scripts/change_url index 43b84fb..8157cf0 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -30,10 +30,10 @@ ynh_change_url_nginx_config #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -ynh_add_config --template=".env" --destination="$install_dir/app/.env.local" +ynh_add_config --template=".env" --destination="/home/yunohost.app/$app/app/.env.local" -chmod 400 "$install_dir/app/.env.local" -chown $app:$app "$install_dir/app/.env.local" +chmod 400 "/home/yunohost.app/$app/app/.env.local" +chown $app:$app "/home/yunohost.app/$app/app/.env.local" #================================================= # GENERIC FINALISATION diff --git a/scripts/install b/scripts/install index cf8db0d..0bf997c 100755 --- a/scripts/install +++ b/scripts/install @@ -35,15 +35,21 @@ ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 +mkdir "/home/yunohost.app/$app" && chmod 700 "/home/yunohost.app/$app" + # Download, check integrity, uncompress and patch the source from manifest.toml -ynh_setup_source --dest_dir="$install_dir/app" +ynh_setup_source --dest_dir="/home/yunohost.app/$app/app" -mkdir $install_dir/.ssh && chmod 700 $install_dir/.ssh -touch $install_dir/.ssh/authorized_keys && chmod 600 $install_dir/.ssh/authorized_keys -mkdir $install_dir/repos && chmod 700 $install_dir/repos +chmod 700 "/home/yunohost.app/$app" -chown -R $app:www-data "$install_dir" -chmod 700 $install_dir/app/helpers/shells/* +mkdir "/home/yunohost.app/$app/.ssh" && chmod 700 "/home/yunohost.app/$app/.ssh" +touch "/home/yunohost.app/$app/.ssh/authorized_keys" && chmod 600 "/home/yunohost.app/$app/.ssh/authorized_keys" + +chmod 700 "/home/yunohost.app/$app/app/helpers/shells/"* + +mkdir "/home/yunohost.app/$app/repos" && chmod 700 "/home/yunohost.app/$app/repos" + +chown -R $app:www-data "/home/yunohost.app/$app" #================================================= # SYSTEM CONFIGURATION @@ -52,10 +58,9 @@ ynh_script_progression --message="Adding system configurations related to $app.. ynh_add_nginx_config -env_path="$PATH" ynh_add_systemd_config -ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" +ynh_add_config --template="cron" --destination="/etc/cron.d/$app" chown root: "/etc/cron.d/$app" chmod 644 "/etc/cron.d/$app" @@ -68,17 +73,17 @@ yunohost service add $app --description="WebUI for BorgBackup" --log="/var/log/$ #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -ynh_add_config --template=".env" --destination="$install_dir/app/.env.local" +ynh_add_config --template=".env" --destination="/home/yunohost.app/$app/app/.env.local" -chmod 400 "$install_dir/app/.env.local" -chown $app:$app "$install_dir/app/.env.local" +chmod 400 "/home/yunohost.app/$app/app/.env.local" +chown $app:$app "/home/yunohost.app/$app/app/.env.local" #================================================= # INSTALL BORGWARHOUSE #================================================= ynh_script_progression --message="Installing $app..." --weight=10 -pushd $install_dir/app +pushd /home/yunohost.app/$app/app ynh_use_nodejs ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm ci ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH NODE_ENV=production $ynh_npm run build diff --git a/scripts/remove b/scripts/remove index 3ec7dc4..ce16d7a 100755 --- a/scripts/remove +++ b/scripts/remove @@ -31,6 +31,8 @@ ynh_remove_nodejs ynh_secure_remove --file="/etc/cron.d/$app" +ynh_secure_remove --file="/home/yunohost.app/$app" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 5c7b30d..10a0863 100755 --- a/scripts/restore +++ b/scripts/restore @@ -15,9 +15,17 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_restore_file --origin_path="$install_dir" +mkdir -p "/home/yunohost.app/$app" && chmod 700 "/home/yunohost.app/$app" -chown -R $app:www-data "$install_dir" +ynh_restore_file --origin_path="/home/yunohost.app/$app/app" +ynh_restore_file --origin_path="/home/yunohost.app/$app/.ssh" + +ynh_restore_file --origin_path="/home/yunohost.app/$app/repos" --not_mandatory + +chmod -R 700 "/home/yunohost.app/$app" +chmod 600 "/home/yunohost.app/$app/.ssh/authorized_keys" + +chown -R $app:www-data "/home/yunohost.app/$app" #================================================= # REINSTALL DEPENDENCIES diff --git a/scripts/upgrade b/scripts/upgrade index 9c56584..d609955 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -37,10 +37,10 @@ then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from manifest.toml - ynh_setup_source --dest_dir="$install_dir" --keep="app/.env.local app/config/users.json app/config/repo.json" + ynh_setup_source --dest_dir="/home/yunohost.app/$app/app" --keep="app/.env.local app/config/users.json app/config/repo.json" fi -chown -R $app:www-data "$install_dir" +chown -R $app:www-data "/home/yunohost.app/$app/app" #================================================= # REAPPLY SYSTEM CONFIGURATIONS @@ -49,7 +49,6 @@ ynh_script_progression --message="Upgrading system configurations related to $ap ynh_add_nginx_config -env_path="$PATH" ynh_add_systemd_config yunohost service add $app --description="WebUI for BorgBackup" --log="/var/log/$app/$app.log" @@ -61,10 +60,10 @@ yunohost service add $app --description="WebUI for BorgBackup" --log="/var/log/$ #================================================= ynh_script_progression --message="Updating a configuration file..." --weight=1 -ynh_add_config --template=".env" --destination="$install_dir/app/.env.local" +ynh_add_config --template=".env" --destination="/home/yunohost.app/$app/app/.env.local" -chmod 400 "$install_dir/app/.env.local" -chown $app:$app "$install_dir/app/.env.local" +chmod 400 "/home/yunohost.app/$app/app/.env.local" +chown $app:$app "/home/yunohost.app/$app/app/.env.local" #================================================= # START SYSTEMD SERVICE