From dcd9e268ff0570ecb7d96b7afea0cf8da889795b Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 17 Oct 2023 10:14:04 +0000 Subject: [PATCH 01/24] Auto-update README --- README.md | 68 ++++++++++++---------------------------------------- README_fr.md | 64 +++++++++++++++---------------------------------- 2 files changed, 34 insertions(+), 98 deletions(-) diff --git a/README.md b/README.md index 8cf224e..d81af7c 100644 --- a/README.md +++ b/README.md @@ -1,85 +1,47 @@ -# Packaging an app, starting from this example - -* Copy this app before working on it, using the ['Use this template'](https://github.com/YunoHost/example_ynh/generate) button on the Github repo. -* Edit the `manifest.toml` with app specific info. -* Edit the `install`, `upgrade`, `remove`, `backup` and `restore` scripts, and any relevant conf files in `conf/`. - * Using the [script helpers documentation.](https://yunohost.org/packaging_apps_helpers) -* Edit the `change_url` and `config` scripts too, or remove them if you have no use of them -* Add a `LICENSE` file for the package. NB: this LICENSE file is not meant to necessarily be the LICENSE of the upstream app - it is only the LICENSE you want this package's code to published with ;). We recommend to use [the AGPL-3](https://www.gnu.org/licenses/agpl-3.0.txt). -* Edit `doc/DISCLAIMER*.md` -* The `README.md` files are to be automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator - ---- -# Example app for YunoHost +# BorgWarehouse for YunoHost -[![Integration level](https://dash.yunohost.org/integration/example.svg)](https://dash.yunohost.org/appci/app/example) ![Working status](https://ci-apps.yunohost.org/ci/badges/example.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/example.maintain.svg) -[![Install Example app with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=example) +[![Integration level](https://dash.yunohost.org/integration/borgwarehouse.svg)](https://dash.yunohost.org/appci/app/borgwarehouse) ![Working status](https://ci-apps.yunohost.org/ci/badges/borgwarehouse.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/borgwarehouse.maintain.svg) + +[![Install BorgWarehouse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=borgwarehouse) *[Lire ce readme en français.](./README_fr.md)* -> *This package allows you to install Example app quickly and simply on a YunoHost server. +> *This package allows you to install BorgWarehouse quickly and simply on a YunoHost server. If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* ## Overview -Some long and extensive description of what the app is and does, lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. - -### Features - -- Ut enim ad minim veniam, quis nostrud exercitation ullamco ; -- Laboris nisi ut aliquip ex ea commodo consequat ; -- Duis aute irure dolor in reprehenderit in voluptate ; -- Velit esse cillum dolore eu fugiat nulla pariatur ; -- Excepteur sint occaecat cupidatat non proident, sunt in culpa." +This is a dummy description of this app features -**Shipped version:** 1.0~ynh1 - -**Demo:** https://demo.example.com +**Shipped version:** 2.0.0~ynh1 ## Screenshots -![Screenshot of Example app](./doc/screenshots/example.jpg) - -## Disclaimers / important information - -* Any known limitations, constrains or stuff not working, such as (but not limited to): - * requiring a full dedicated domain ? - * architectures not supported ? - * not-working single-sign on or LDAP integration ? - * the app requires an important amount of RAM / disk / .. to install or to work properly - * etc... - -* Other infos that people should be aware of, such as: - * any specific step to perform after installing (such as manually finishing the install, specific admin credentials, ...) - * how to configure / administrate the application if it ain't obvious - * upgrade process / specificities / things to be aware of ? - * security considerations ? +![Screenshot of BorgWarehouse](./doc/screenshots/screenshot.png) ## Documentation and resources -* Official app website: -* Official user documentation: -* Official admin documentation: -* Upstream app code repository: -* YunoHost documentation for this app: -* Report a bug: +* Official app website: +* Official admin documentation: +* Upstream app code repository: +* Report a bug: ## Developer info -Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/example_ynh/tree/testing). +Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/borgwarehouse_ynh/tree/testing). To try the testing branch, please proceed like that. ``` bash -sudo yunohost app install https://github.com/YunoHost-Apps/example_ynh/tree/testing --debug +sudo yunohost app install https://github.com/YunoHost-Apps/borgwarehouse_ynh/tree/testing --debug or -sudo yunohost app upgrade example -u https://github.com/YunoHost-Apps/example_ynh/tree/testing --debug +sudo yunohost app upgrade borgwarehouse -u https://github.com/YunoHost-Apps/borgwarehouse_ynh/tree/testing --debug ``` **More info regarding app packaging:** diff --git a/README_fr.md b/README_fr.md index 4da6fb7..dbe8ffc 100644 --- a/README_fr.md +++ b/README_fr.md @@ -3,71 +3,45 @@ N.B.: This README was automatically generated by https://github.com/YunoHost/app It shall NOT be edited by hand. --> -# Exemple d'app pour YunoHost +# BorgWarehouse pour YunoHost -[![Niveau d'intégration](https://dash.yunohost.org/integration/example.svg)](https://dash.yunohost.org/appci/app/example) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/example.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/example.maintain.svg) -[![Installer Example app avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=example) +[![Niveau d’intégration](https://dash.yunohost.org/integration/borgwarehouse.svg)](https://dash.yunohost.org/appci/app/borgwarehouse) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/borgwarehouse.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/borgwarehouse.maintain.svg) + +[![Installer BorgWarehouse avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=borgwarehouse) *[Read this readme in english.](./README.md)* -> *Ce package vous permet d'installer Example app rapidement et simplement sur un serveur YunoHost. -Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* +> *Ce package vous permet d’installer BorgWarehouse rapidement et simplement sur un serveur YunoHost. +Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l’installer et en profiter.* -## Vue d'ensemble +## Vue d’ensemble -Some long and extensive description of what the app is and does, lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. - -### Features - -- Ut enim ad minim veniam, quis nostrud exercitation ullamco ; -- Laboris nisi ut aliquip ex ea commodo consequat ; -- Duis aute irure dolor in reprehenderit in voluptate ; -- Velit esse cillum dolore eu fugiat nulla pariatur ; -- Excepteur sint occaecat cupidatat non proident, sunt in culpa." +Ceci est une fausse description des fonctionalités de l'app -**Version incluse :** 1.0~ynh1 +**Version incluse :** 2.0.0~ynh1 -**Démo :** https://demo.example.com +## Captures d’écran -## Captures d'écran - -![Capture d'écran de Example app](./doc/screenshots/example.jpg) - -## Avertissements / informations importantes - -* Any known limitations, constrains or stuff not working, such as (but not limited to): - * requiring a full dedicated domain ? - * architectures not supported ? - * not-working single-sign on or LDAP integration ? - * the app requires an important amount of RAM / disk / .. to install or to work properly - * etc... - -* Other infos that people should be aware of, such as: - * any specific step to perform after installing (such as manually finishing the install, specific admin credentials, ...) - * how to configure / administrate the application if it ain't obvious - * upgrade process / specificities / things to be aware of ? - * security considerations ? +![Capture d’écran de BorgWarehouse](./doc/screenshots/screenshot.png) ## Documentations et ressources -* Site officiel de l'app : -* Documentation officielle utilisateur : -* Documentation officielle de l'admin : -* Dépôt de code officiel de l'app : -* Documentation YunoHost pour cette app : -* Signaler un bug : +* Site officiel de l’app : +* Documentation officielle de l’admin : +* Dépôt de code officiel de l’app : +* Signaler un bug : ## Informations pour les développeurs -Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/example_ynh/tree/testing). +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/borgwarehouse_ynh/tree/testing). Pour essayer la branche testing, procédez comme suit. ``` bash -sudo yunohost app install https://github.com/YunoHost-Apps/example_ynh/tree/testing --debug +sudo yunohost app install https://github.com/YunoHost-Apps/borgwarehouse_ynh/tree/testing --debug ou -sudo yunohost app upgrade example -u https://github.com/YunoHost-Apps/example_ynh/tree/testing --debug +sudo yunohost app upgrade borgwarehouse -u https://github.com/YunoHost-Apps/borgwarehouse_ynh/tree/testing --debug ``` -**Plus d'infos sur le packaging d'applications :** +**Plus d’infos sur le packaging d’applications :** \ No newline at end of file From c325e46ed565103cc87af0b2804f12c98488b1c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 12:16:29 +0200 Subject: [PATCH 02/24] cleaning --- doc/DESCRIPTION.md | 2 +- doc/DESCRIPTION_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index 3f2e57a..a02019b 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -1 +1 @@ -This is a dummy description of this app features +BorgWarhouse is a fast and modern WebUI for a BorgBackup's central repository server. diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md index 13f4b64..3d9a28f 100644 --- a/doc/DESCRIPTION_fr.md +++ b/doc/DESCRIPTION_fr.md @@ -1 +1 @@ -Ceci est une fausse description des fonctionalités de l'app +BorgWarhouse est une interface Web rapide et moderne pour BorgBackup. \ No newline at end of file From d50fa9788c94079b95510d898177ce7d8475e449 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 17 Oct 2023 10:16:35 +0000 Subject: [PATCH 03/24] Auto-update README --- README.md | 2 +- README_fr.md | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d81af7c..10554cd 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview -This is a dummy description of this app features +BorgWarhouse is a fast and modern WebUI for a BorgBackup's central repository server. **Shipped version:** 2.0.0~ynh1 diff --git a/README_fr.md b/README_fr.md index dbe8ffc..e66a089 100644 --- a/README_fr.md +++ b/README_fr.md @@ -16,8 +16,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po ## Vue d’ensemble -Ceci est une fausse description des fonctionalités de l'app - +BorgWarhouse est une interface Web rapide et moderne pour BorgBackup. **Version incluse :** 2.0.0~ynh1 From aae2e19b942eaa19076a44d5a64d52e933c8f39e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 12:18:31 +0200 Subject: [PATCH 04/24] cleaning --- scripts/backup | 45 --------------------------------------------- scripts/change_url | 14 +++++++++----- scripts/install | 2 +- scripts/upgrade | 2 +- 4 files changed, 11 insertions(+), 52 deletions(-) diff --git a/scripts/backup b/scripts/backup index 010f6c5..a07766f 100755 --- a/scripts/backup +++ b/scripts/backup @@ -15,51 +15,18 @@ source /usr/share/yunohost/helpers #================================================= ynh_print_info --message="Declaring files to be backed up..." -### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs -### to be backuped and not an actual copy of any file. The actual backup that -### creates and fills the archive with the files happens in the core after this -### script is called. Hence ynh_backups calls take basically 0 seconds to run. - #================================================= # BACKUP THE APP MAIN DIR #================================================= ynh_backup --src_path="$install_dir" -#================================================= -# BACKUP THE DATA DIR -#================================================= - -# Only relevant if there is a "data_dir" resource for this app -ynh_backup --src_path="$data_dir" --is_big - #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# BACKUP THE PHP-FPM CONFIGURATION -#================================================= - -ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" - -#================================================= -# BACKUP FAIL2BAN CONFIGURATION -#================================================= - -ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" - -#================================================= -# SPECIFIC BACKUP -#================================================= -# BACKUP LOGROTATE -#================================================= - -ynh_backup --src_path="/etc/logrotate.d/$app" - #================================================= # BACKUP SYSTEMD #================================================= @@ -72,18 +39,6 @@ ynh_backup --src_path="/etc/systemd/system/$app.service" ynh_backup --src_path="/etc/cron.d/$app" -ynh_backup --src_path="/etc/$app/" - -#================================================= -# BACKUP THE MYSQL DATABASE -#================================================= -ynh_print_info --message="Backing up the MySQL database..." - -### (However, things like MySQL dumps *do* take some time to run, though the -### copy of the generated dump to the archive still happens later) - -ynh_mysql_dump_db --database="$db_name" > db.sql - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/change_url b/scripts/change_url index f0964a6..e14a009 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -16,7 +16,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" #================================================= # MODIFY URL IN NGINX CONF @@ -26,10 +26,14 @@ ynh_script_progression --message="Updating NGINX web server configuration..." -- ynh_change_url_nginx_config #================================================= -# SPECIFIC MODIFICATIONS -#================================================= -# ... +# ADD A CONFIGURATION #================================================= +ynh_script_progression --message="Adding a configuration file..." --weight=1 + +ynh_add_config --template=".env" --destination="$install_dir/.env.local" + +chmod 400 "$install_dir/.env.local" +chown $app:$app "$install_dir/.env.local" #================================================= # GENERIC FINALISATION @@ -38,7 +42,7 @@ ynh_change_url_nginx_config #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 0e0624b..b6529a2 100755 --- a/scripts/install +++ b/scripts/install @@ -52,7 +52,7 @@ ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" chown root: "/etc/cron.d/$app" chmod 644 "/etc/cron.d/$app" -yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" +yunohost service add $app --description="WebUI for BorgBackup" --log="/var/log/$app/$app.log" #================================================= # APP INITIAL CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index b028cd7..d769a70 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -43,7 +43,7 @@ ynh_add_nginx_config ynh_add_systemd_config -yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" +yunohost service add $app --description="WebUI for BorgBackup" --log="/var/log/$app/$app.log" #================================================= # RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...) From 1ac6ca60cf7c5326edce506124f93d04616b1e95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 12:18:37 +0200 Subject: [PATCH 05/24] Update restore --- scripts/restore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/restore b/scripts/restore index 72400ab..96a2b22 100755 --- a/scripts/restore +++ b/scripts/restore @@ -34,7 +34,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet -yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" +yunohost service add $app --description="WebUI for BorgBackup" --log="/var/log/$app/$app.log" ynh_restore_file --origin_path="/etc/cron.d/$app" From 584f9cb549785c9221b08ab5120559c6fe0ec28f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 12:21:52 +0200 Subject: [PATCH 06/24] cleaning --- conf/.env | 4 ++-- scripts/_common.sh | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/conf/.env b/conf/.env index f95d36b..2957ef8 100644 --- a/conf/.env +++ b/conf/.env @@ -10,8 +10,8 @@ SSH_SERVER_FINGERPRINT_RSA=__RSA_KEY__ SSH_SERVER_FINGERPRINT_ED25519=__ED25519_KEY__ SSH_SERVER_FINGERPRINT_ECDSA=__ECDSA_KEY__ # SMTP's variables -MAIL_SMTP_FROM=borgwarehouse@__DOMAIN__ -MAIL_SMTP_HOST=localhost +MAIL_SMTP_FROM=borgwarehouse@__MAIN_DOMAIN__ +MAIL_SMTP_HOST=__MAIN_DOMAIN__ MAIL_SMTP_PORT=25 MAIL_SMTP_LOGIN=__APP__ MAIL_SMTP_PWD=__MAIL_PWD__ diff --git a/scripts/_common.sh b/scripts/_common.sh index b4d1a2f..b1923cd 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -6,6 +6,7 @@ nodejs_version=18 ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") +main_domain=$(cat /etc/yunohost/current_host) rsa_key=$(ssh-keygen -lf /etc/ssh/ssh_host_rsa_key | awk '{print $2}') ed25519_key=$(ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key | awk '{print $2}') From e219d9779b9c457da9e70936db3e1909a99f5741 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:06:32 +0200 Subject: [PATCH 07/24] Update install --- scripts/install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index b6529a2..74b2a26 100755 --- a/scripts/install +++ b/scripts/install @@ -9,8 +9,8 @@ source _common.sh source /usr/share/yunohost/helpers -secret=$(ynh_string_random --length=32 | base64) -cron_key=$(ynh_string_random --length=32 | base64) +secret=$(openssl rand -base64 32) +cron_key=$(openssl rand -base64 32) #================================================= # INSTALL DEPENDENCIES From a1c62bd9037031669e044407ce1a0c16f1c324a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:09:49 +0200 Subject: [PATCH 08/24] cleaning --- scripts/install | 2 +- scripts/restore | 5 +---- scripts/upgrade | 4 ++-- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/scripts/install b/scripts/install index 74b2a26..a4e0cc7 100755 --- a/scripts/install +++ b/scripts/install @@ -85,7 +85,7 @@ popd ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index 96a2b22..d922fe4 100755 --- a/scripts/restore +++ b/scripts/restore @@ -17,9 +17,6 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" -# $install_dir will automatically be initialized with some decent -# permissions by default ... however, you may need to recursively reapply -# ownership to all files such as after the ynh_setup_source step chown -R $app:www-data "$install_dir" #================================================= @@ -46,7 +43,7 @@ ynh_restore_file --origin_path="/etc/cron.d/$app" ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 # Typically you only have either $app or php-fpm but not both at the same time... -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index d769a70..9b4663c 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -16,7 +16,7 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" #================================================= # "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...) @@ -62,7 +62,7 @@ chown $app:$app "$install_dir/.env.local" #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" #================================================= # END OF SCRIPT From 9faca372f393d7e82c2742e027abfc831e803409 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:19:16 +0200 Subject: [PATCH 09/24] Update .env --- conf/.env | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/.env b/conf/.env index 2957ef8..53534b7 100644 --- a/conf/.env +++ b/conf/.env @@ -1,7 +1,7 @@ # Application's variables NEXTAUTH_URL=https://__DOMAIN__ -NEXTAUTH_SECRET=__SECRET__ -CRONJOB_KEY=__CRON_KEY__ +NEXTAUTH_SECRET='__SECRET__' +CRONJOB_KEY='__CRON_KEY__' # Wizard's variables UNIX_USER=__APP__ FQDN=__DOMAIN__ From 9b39c580f66589d39f3da475e456a93274a2b7e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:22:21 +0200 Subject: [PATCH 10/24] fix --- scripts/install | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index a4e0cc7..b0045d5 100755 --- a/scripts/install +++ b/scripts/install @@ -28,12 +28,11 @@ ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version ynh_script_progression --message="Setting up source files..." --weight=1 # Download, check integrity, uncompress and patch the source from manifest.toml -ynh_setup_source --dest_dir="$install_dir" +ynh_setup_source --dest_dir="$install_dir/app" mkdir $install_dir/.ssh && chmod 700 $install_dir/.ssh touch $install_dir/.ssh/authorized_keys && chmod 600 $install_dir/.ssh/authorized_keys mkdir $install_dir/repos && chmod 700 $install_dir/repos -mkdir $install_dir/app chown -R $app:www-data "$install_dir" @@ -71,7 +70,7 @@ chown $app:$app "$install_dir/.env.local" #================================================= ynh_script_progression --message="Installing $app..." --weight=10 -pushd $install_dir/app +pushd $install_dir/app/ ynh_use_nodejs ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm ci ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH NODE_ENV=production $ynh_npm run build From 51ad41e9088e7a8281fb3b0ecdc0d06d5f366c45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:24:52 +0200 Subject: [PATCH 11/24] Update install --- scripts/install | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index b0045d5..d059cce 100755 --- a/scripts/install +++ b/scripts/install @@ -60,10 +60,10 @@ yunohost service add $app --description="WebUI for BorgBackup" --log="/var/log/$ #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -ynh_add_config --template=".env" --destination="$install_dir/.env.local" +ynh_add_config --template=".env" --destination="$install_dir/app/.env.local" -chmod 400 "$install_dir/.env.local" -chown $app:$app "$install_dir/.env.local" +chmod 400 "$install_dir/app/.env.local" +chown $app:$app "$install_dir/app/.env.local" #================================================= # INSTALL BORGWARHOUSE From 86e43e76313dee9ca50ca246bfd728a476e85823 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:26:14 +0200 Subject: [PATCH 12/24] Update install --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index d059cce..4c90895 100755 --- a/scripts/install +++ b/scripts/install @@ -70,7 +70,7 @@ chown $app:$app "$install_dir/app/.env.local" #================================================= ynh_script_progression --message="Installing $app..." --weight=10 -pushd $install_dir/app/ +pushd $install_dir/app ynh_use_nodejs ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm ci ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH NODE_ENV=production $ynh_npm run build From 604333d7664621bbe0968d2463600ad33070076d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:28:09 +0200 Subject: [PATCH 13/24] fix --- scripts/install | 2 -- scripts/upgrade | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index 4c90895..edcb55e 100755 --- a/scripts/install +++ b/scripts/install @@ -41,10 +41,8 @@ chown -R $app:www-data "$install_dir" #================================================= ynh_script_progression --message="Adding system configurations related to $app..." --weight=1 -# Create a dedicated NGINX config using the conf/nginx.conf template ynh_add_nginx_config -# Create a dedicated systemd config ynh_add_systemd_config ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" diff --git a/scripts/upgrade b/scripts/upgrade index 9b4663c..4c76ef9 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -29,7 +29,7 @@ then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from manifest.toml - ynh_setup_source --dest_dir="$install_dir" --keep=".env.local config/users.json config/repo.json" + ynh_setup_source --dest_dir="$install_dir" --keep="app/.env.local config/users.json config/repo.json" fi chown -R $app:www-data "$install_dir" From 84aeaf7028fec4a90e2aa629c903f3278d6bf6d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:31:59 +0200 Subject: [PATCH 14/24] Update upgrade --- scripts/upgrade | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 4c76ef9..0d98f37 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -52,10 +52,10 @@ yunohost service add $app --description="WebUI for BorgBackup" --log="/var/log/$ #================================================= ynh_script_progression --message="Updating a configuration file..." --weight=1 -ynh_add_config --template=".env" --destination="$install_dir/.env.local" +ynh_add_config --template=".env" --destination="$install_dir/app/.env.local" -chmod 400 "$install_dir/.env.local" -chown $app:$app "$install_dir/.env.local" +chmod 400 "$install_dir/app/.env.local" +chown $app:$app "$install_dir/app/.env.local" #================================================= # START SYSTEMD SERVICE From 0239e07257b114509d3c740fb409c4690f13efe4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:34:15 +0200 Subject: [PATCH 15/24] Update install --- scripts/install | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install b/scripts/install index edcb55e..c17cae6 100755 --- a/scripts/install +++ b/scripts/install @@ -35,6 +35,7 @@ touch $install_dir/.ssh/authorized_keys && chmod 600 $install_dir/.ssh/authorize mkdir $install_dir/repos && chmod 700 $install_dir/repos chown -R $app:www-data "$install_dir" +chmod 700 $install_dir/app/helpers/shells/* #================================================= # SYSTEM CONFIGURATION From 6210130bef52d9d786b0d141a79239992906a951 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:36:15 +0200 Subject: [PATCH 16/24] Update systemd.service --- conf/systemd.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/systemd.service b/conf/systemd.service index 832f576..a0cc819 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,7 +7,7 @@ After=network.target Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=__INSTALL_DIR__/ +WorkingDirectory=__INSTALL_DIR__/app Environment=PORT=__PORT__ ExecStart=__YNH_NPM__ run start Restart=on-failure From 783745f42ae573f24024ae43ac6e413cb2587445 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 13:58:46 +0200 Subject: [PATCH 17/24] fix --- conf/systemd.service | 1 + scripts/install | 1 + scripts/upgrade | 1 + tests.toml | 6 +++++- 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/conf/systemd.service b/conf/systemd.service index a0cc819..90a6f03 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,6 +7,7 @@ After=network.target Type=simple User=__APP__ Group=__APP__ +Environment="PATH=__ENV_PATH__" WorkingDirectory=__INSTALL_DIR__/app Environment=PORT=__PORT__ ExecStart=__YNH_NPM__ run start diff --git a/scripts/install b/scripts/install index c17cae6..c11b056 100755 --- a/scripts/install +++ b/scripts/install @@ -44,6 +44,7 @@ ynh_script_progression --message="Adding system configurations related to $app.. ynh_add_nginx_config +env_path="$PATH" ynh_add_systemd_config ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" diff --git a/scripts/upgrade b/scripts/upgrade index 0d98f37..401a2bd 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -41,6 +41,7 @@ ynh_script_progression --message="Upgrading system configurations related to $ap ynh_add_nginx_config +env_path="$PATH" ynh_add_systemd_config yunohost service add $app --description="WebUI for BorgBackup" --log="/var/log/$app/$app.log" diff --git a/tests.toml b/tests.toml index c298fc9..0a1acf6 100644 --- a/tests.toml +++ b/tests.toml @@ -4,4 +4,8 @@ test_format = 1.0 [default] - \ No newline at end of file + # ------------ + # Tests to run + # ------------ + + exclude = ["install.subdir"] \ No newline at end of file From 820a2d4504095ab450ded357fd2999c602435ba7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 14:07:00 +0200 Subject: [PATCH 18/24] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index e4ecd83..6beb1dd 100644 --- a/manifest.toml +++ b/manifest.toml @@ -27,7 +27,7 @@ ldap = false sso = false disk = "50M" -ram.build = "50M" +ram.build = "700M" ram.runtime = "50M" [install] From a7484ecaaced5a730e4ca36b531c3b28f79b0092 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 14:08:01 +0200 Subject: [PATCH 19/24] fix --- manifest.toml | 1 - scripts/upgrade | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/manifest.toml b/manifest.toml index 6beb1dd..27675af 100644 --- a/manifest.toml +++ b/manifest.toml @@ -45,7 +45,6 @@ ram.runtime = "50M" [resources.sources.main] url = "https://github.com/Ravinou/borgwarehouse/archive/refs/tags/v2.0.0.tar.gz" sha256 = "73e5bed688e58a29485d1c1fd5834c83eed1fba0bb52289f6d6f1ea4e2284180" - autoupdate.strategy = "latest_github_tag" [resources.system_user] diff --git a/scripts/upgrade b/scripts/upgrade index 401a2bd..54acbf2 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -29,7 +29,7 @@ then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from manifest.toml - ynh_setup_source --dest_dir="$install_dir" --keep="app/.env.local config/users.json config/repo.json" + ynh_setup_source --dest_dir="$install_dir" --keep="app/.env.local app/config/users.json app/config/repo.json" fi chown -R $app:www-data "$install_dir" From 8a6af4505477d55f018d8445141565ddbdc27d40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 14:09:48 +0200 Subject: [PATCH 20/24] fix --- scripts/remove | 4 ++-- scripts/restore | 9 ++++++++- scripts/upgrade | 8 ++++++++ 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/scripts/remove b/scripts/remove index b89ef85..3ec7dc4 100755 --- a/scripts/remove +++ b/scripts/remove @@ -16,8 +16,6 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 -# This should be a symetric version of what happens in the install script - # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status $app >/dev/null then @@ -29,6 +27,8 @@ ynh_remove_systemd_config ynh_remove_nginx_config +ynh_remove_nodejs + ynh_secure_remove --file="/etc/cron.d/$app" #================================================= diff --git a/scripts/restore b/scripts/restore index d922fe4..5c7b30d 100755 --- a/scripts/restore +++ b/scripts/restore @@ -19,6 +19,14 @@ ynh_restore_file --origin_path="$install_dir" chown -R $app:www-data "$install_dir" +#================================================= +# REINSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Reinstalling dependencies..." --weight=7 + +# Install Nodejs +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version + #================================================= # RESTORE SYSTEM CONFIGURATIONS #================================================= @@ -42,7 +50,6 @@ ynh_restore_file --origin_path="/etc/cron.d/$app" #================================================= ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 -# Typically you only have either $app or php-fpm but not both at the same time... ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index 54acbf2..9c56584 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -11,6 +11,14 @@ source /usr/share/yunohost/helpers upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --weight=5 + +# Install Nodejs +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version + #================================================= # STOP SYSTEMD SERVICE #================================================= From e376ec94cf511e949378f16fade88a0738ce5e33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 14:10:18 +0200 Subject: [PATCH 21/24] Update change_url --- scripts/change_url | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/change_url b/scripts/change_url index e14a009..43b84fb 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -30,10 +30,10 @@ ynh_change_url_nginx_config #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -ynh_add_config --template=".env" --destination="$install_dir/.env.local" +ynh_add_config --template=".env" --destination="$install_dir/app/.env.local" -chmod 400 "$install_dir/.env.local" -chown $app:$app "$install_dir/.env.local" +chmod 400 "$install_dir/app/.env.local" +chown $app:$app "$install_dir/app/.env.local" #================================================= # GENERIC FINALISATION From 0035608f83635ae8976bcada01064f89f65b7e41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 14:20:49 +0200 Subject: [PATCH 22/24] Update install --- scripts/install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index c11b056..6d8c5eb 100755 --- a/scripts/install +++ b/scripts/install @@ -9,8 +9,8 @@ source _common.sh source /usr/share/yunohost/helpers -secret=$(openssl rand -base64 32) -cron_key=$(openssl rand -base64 32) +secret=$(ynh_string_random --length=32) +cron_key=$(ynh_string_random --length=32) #================================================= # INSTALL DEPENDENCIES From 4079467b9b08706b80485f72afbffd65726c4817 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 14:21:26 +0200 Subject: [PATCH 23/24] Update systemd.service --- conf/systemd.service | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/conf/systemd.service b/conf/systemd.service index 90a6f03..9360a93 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -13,5 +13,39 @@ Environment=PORT=__PORT__ ExecStart=__YNH_NPM__ run start Restart=on-failure +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target From 305169b16473f768e58f81f2396198a3d3223fba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 17 Oct 2023 14:41:29 +0200 Subject: [PATCH 24/24] Update install --- scripts/install | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/install b/scripts/install index 6d8c5eb..cf8db0d 100755 --- a/scripts/install +++ b/scripts/install @@ -12,6 +12,14 @@ source /usr/share/yunohost/helpers secret=$(ynh_string_random --length=32) cron_key=$(ynh_string_random --length=32) +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= +ynh_script_progression --message="Storing installation settings..." --weight=1 + +ynh_app_setting_set --app=$app --key=secret --value=$secret +ynh_app_setting_set --app=$app --key=cron_key --value=$cron_key + #================================================= # INSTALL DEPENDENCIES #=================================================