1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/borgwarehouse_ynh.git synced 2024-09-03 18:16:17 +02:00

Merge pull request #1 from YunoHost-Apps/testing

Testing
This commit is contained in:
eric_G 2023-10-17 15:05:05 +02:00 committed by GitHub
commit 7aac972330
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
15 changed files with 106 additions and 89 deletions

View file

@ -16,7 +16,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
## Overview ## Overview
This is a dummy description of this app features BorgWarhouse is a fast and modern WebUI for a BorgBackup's central repository server.
**Shipped version:** 2.0.0~ynh1 **Shipped version:** 2.0.0~ynh1

View file

@ -16,8 +16,7 @@ Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
## Vue densemble ## Vue densemble
Ceci est une fausse description des fonctionalités de l'app BorgWarhouse est une interface Web rapide et moderne pour BorgBackup.
**Version incluse :** 2.0.0~ynh1 **Version incluse :** 2.0.0~ynh1

View file

@ -1,7 +1,7 @@
# Application's variables # Application's variables
NEXTAUTH_URL=https://__DOMAIN__ NEXTAUTH_URL=https://__DOMAIN__
NEXTAUTH_SECRET=__SECRET__ NEXTAUTH_SECRET='__SECRET__'
CRONJOB_KEY=__CRON_KEY__ CRONJOB_KEY='__CRON_KEY__'
# Wizard's variables # Wizard's variables
UNIX_USER=__APP__ UNIX_USER=__APP__
FQDN=__DOMAIN__ FQDN=__DOMAIN__
@ -10,8 +10,8 @@ SSH_SERVER_FINGERPRINT_RSA=__RSA_KEY__
SSH_SERVER_FINGERPRINT_ED25519=__ED25519_KEY__ SSH_SERVER_FINGERPRINT_ED25519=__ED25519_KEY__
SSH_SERVER_FINGERPRINT_ECDSA=__ECDSA_KEY__ SSH_SERVER_FINGERPRINT_ECDSA=__ECDSA_KEY__
# SMTP's variables # SMTP's variables
MAIL_SMTP_FROM=borgwarehouse@__DOMAIN__ MAIL_SMTP_FROM=borgwarehouse@__MAIN_DOMAIN__
MAIL_SMTP_HOST=localhost MAIL_SMTP_HOST=__MAIN_DOMAIN__
MAIL_SMTP_PORT=25 MAIL_SMTP_PORT=25
MAIL_SMTP_LOGIN=__APP__ MAIL_SMTP_LOGIN=__APP__
MAIL_SMTP_PWD=__MAIL_PWD__ MAIL_SMTP_PWD=__MAIL_PWD__

View file

@ -7,10 +7,45 @@ After=network.target
Type=simple Type=simple
User=__APP__ User=__APP__
Group=__APP__ Group=__APP__
WorkingDirectory=__INSTALL_DIR__/ Environment="PATH=__ENV_PATH__"
WorkingDirectory=__INSTALL_DIR__/app
Environment=PORT=__PORT__ Environment=PORT=__PORT__
ExecStart=__YNH_NPM__ run start ExecStart=__YNH_NPM__ run start
Restart=on-failure Restart=on-failure
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectClock=yes
ProtectHostname=yes
ProtectProc=invisible
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -1 +1 @@
This is a dummy description of this app features BorgWarhouse is a fast and modern WebUI for a BorgBackup's central repository server.

View file

@ -1 +1 @@
Ceci est une fausse description des fonctionalités de l'app BorgWarhouse est une interface Web rapide et moderne pour BorgBackup.

View file

@ -27,7 +27,7 @@ ldap = false
sso = false sso = false
disk = "50M" disk = "50M"
ram.build = "50M" ram.build = "700M"
ram.runtime = "50M" ram.runtime = "50M"
[install] [install]
@ -45,7 +45,6 @@ ram.runtime = "50M"
[resources.sources.main] [resources.sources.main]
url = "https://github.com/Ravinou/borgwarehouse/archive/refs/tags/v2.0.0.tar.gz" url = "https://github.com/Ravinou/borgwarehouse/archive/refs/tags/v2.0.0.tar.gz"
sha256 = "73e5bed688e58a29485d1c1fd5834c83eed1fba0bb52289f6d6f1ea4e2284180" sha256 = "73e5bed688e58a29485d1c1fd5834c83eed1fba0bb52289f6d6f1ea4e2284180"
autoupdate.strategy = "latest_github_tag" autoupdate.strategy = "latest_github_tag"
[resources.system_user] [resources.system_user]

View file

@ -6,6 +6,7 @@
nodejs_version=18 nodejs_version=18
ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+")
main_domain=$(cat /etc/yunohost/current_host)
rsa_key=$(ssh-keygen -lf /etc/ssh/ssh_host_rsa_key | awk '{print $2}') rsa_key=$(ssh-keygen -lf /etc/ssh/ssh_host_rsa_key | awk '{print $2}')
ed25519_key=$(ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key | awk '{print $2}') ed25519_key=$(ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key | awk '{print $2}')

View file

@ -15,51 +15,18 @@ source /usr/share/yunohost/helpers
#================================================= #=================================================
ynh_print_info --message="Declaring files to be backed up..." ynh_print_info --message="Declaring files to be backed up..."
### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs
### to be backuped and not an actual copy of any file. The actual backup that
### creates and fills the archive with the files happens in the core after this
### script is called. Hence ynh_backups calls take basically 0 seconds to run.
#================================================= #=================================================
# BACKUP THE APP MAIN DIR # BACKUP THE APP MAIN DIR
#================================================= #=================================================
ynh_backup --src_path="$install_dir" ynh_backup --src_path="$install_dir"
#=================================================
# BACKUP THE DATA DIR
#=================================================
# Only relevant if there is a "data_dir" resource for this app
ynh_backup --src_path="$data_dir" --is_big
#================================================= #=================================================
# BACKUP THE NGINX CONFIGURATION # BACKUP THE NGINX CONFIGURATION
#================================================= #=================================================
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP THE PHP-FPM CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP LOGROTATE
#=================================================
ynh_backup --src_path="/etc/logrotate.d/$app"
#================================================= #=================================================
# BACKUP SYSTEMD # BACKUP SYSTEMD
#================================================= #=================================================
@ -72,18 +39,6 @@ ynh_backup --src_path="/etc/systemd/system/$app.service"
ynh_backup --src_path="/etc/cron.d/$app" ynh_backup --src_path="/etc/cron.d/$app"
ynh_backup --src_path="/etc/$app/"
#=================================================
# BACKUP THE MYSQL DATABASE
#=================================================
ynh_print_info --message="Backing up the MySQL database..."
### (However, things like MySQL dumps *do* take some time to run, though the
### copy of the generated dump to the archive still happens later)
ynh_mysql_dump_db --database="$db_name" > db.sql
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

View file

@ -16,7 +16,7 @@ source /usr/share/yunohost/helpers
#================================================= #=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1 ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
#================================================= #=================================================
# MODIFY URL IN NGINX CONF # MODIFY URL IN NGINX CONF
@ -26,10 +26,14 @@ ynh_script_progression --message="Updating NGINX web server configuration..." --
ynh_change_url_nginx_config ynh_change_url_nginx_config
#================================================= #=================================================
# SPECIFIC MODIFICATIONS # ADD A CONFIGURATION
#=================================================
# ...
#================================================= #=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
ynh_add_config --template=".env" --destination="$install_dir/app/.env.local"
chmod 400 "$install_dir/app/.env.local"
chown $app:$app "$install_dir/app/.env.local"
#================================================= #=================================================
# GENERIC FINALISATION # GENERIC FINALISATION
@ -38,7 +42,7 @@ ynh_change_url_nginx_config
#================================================= #=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

View file

@ -9,8 +9,16 @@
source _common.sh source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
secret=$(ynh_string_random --length=32 | base64) secret=$(ynh_string_random --length=32)
cron_key=$(ynh_string_random --length=32 | base64) cron_key=$(ynh_string_random --length=32)
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=secret --value=$secret
ynh_app_setting_set --app=$app --key=cron_key --value=$cron_key
#================================================= #=================================================
# INSTALL DEPENDENCIES # INSTALL DEPENDENCIES
@ -28,31 +36,30 @@ ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
ynh_script_progression --message="Setting up source files..." --weight=1 ynh_script_progression --message="Setting up source files..." --weight=1
# Download, check integrity, uncompress and patch the source from manifest.toml # Download, check integrity, uncompress and patch the source from manifest.toml
ynh_setup_source --dest_dir="$install_dir" ynh_setup_source --dest_dir="$install_dir/app"
mkdir $install_dir/.ssh && chmod 700 $install_dir/.ssh mkdir $install_dir/.ssh && chmod 700 $install_dir/.ssh
touch $install_dir/.ssh/authorized_keys && chmod 600 $install_dir/.ssh/authorized_keys touch $install_dir/.ssh/authorized_keys && chmod 600 $install_dir/.ssh/authorized_keys
mkdir $install_dir/repos && chmod 700 $install_dir/repos mkdir $install_dir/repos && chmod 700 $install_dir/repos
mkdir $install_dir/app
chown -R $app:www-data "$install_dir" chown -R $app:www-data "$install_dir"
chmod 700 $install_dir/app/helpers/shells/*
#================================================= #=================================================
# SYSTEM CONFIGURATION # SYSTEM CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Adding system configurations related to $app..." --weight=1 ynh_script_progression --message="Adding system configurations related to $app..." --weight=1
# Create a dedicated NGINX config using the conf/nginx.conf template
ynh_add_nginx_config ynh_add_nginx_config
# Create a dedicated systemd config env_path="$PATH"
ynh_add_systemd_config ynh_add_systemd_config
ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app"
chown root: "/etc/cron.d/$app" chown root: "/etc/cron.d/$app"
chmod 644 "/etc/cron.d/$app" chmod 644 "/etc/cron.d/$app"
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" yunohost service add $app --description="WebUI for BorgBackup" --log="/var/log/$app/$app.log"
#================================================= #=================================================
# APP INITIAL CONFIGURATION # APP INITIAL CONFIGURATION
@ -61,10 +68,10 @@ yunohost service add $app --description="A short description of the app" --log="
#================================================= #=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1 ynh_script_progression --message="Adding a configuration file..." --weight=1
ynh_add_config --template=".env" --destination="$install_dir/.env.local" ynh_add_config --template=".env" --destination="$install_dir/app/.env.local"
chmod 400 "$install_dir/.env.local" chmod 400 "$install_dir/app/.env.local"
chown $app:$app "$install_dir/.env.local" chown $app:$app "$install_dir/app/.env.local"
#================================================= #=================================================
# INSTALL BORGWARHOUSE # INSTALL BORGWARHOUSE
@ -85,7 +92,7 @@ popd
ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_script_progression --message="Starting a systemd service..." --weight=1
# Start a systemd service # Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

View file

@ -16,8 +16,6 @@ source /usr/share/yunohost/helpers
#================================================= #=================================================
ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
# This should be a symetric version of what happens in the install script
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) # Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null if ynh_exec_warn_less yunohost service status $app >/dev/null
then then
@ -29,6 +27,8 @@ ynh_remove_systemd_config
ynh_remove_nginx_config ynh_remove_nginx_config
ynh_remove_nodejs
ynh_secure_remove --file="/etc/cron.d/$app" ynh_secure_remove --file="/etc/cron.d/$app"
#================================================= #=================================================

View file

@ -17,11 +17,16 @@ ynh_script_progression --message="Restoring the app main directory..." --weight=
ynh_restore_file --origin_path="$install_dir" ynh_restore_file --origin_path="$install_dir"
# $install_dir will automatically be initialized with some decent
# permissions by default ... however, you may need to recursively reapply
# ownership to all files such as after the ynh_setup_source step
chown -R $app:www-data "$install_dir" chown -R $app:www-data "$install_dir"
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=7
# Install Nodejs
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
#================================================= #=================================================
# RESTORE SYSTEM CONFIGURATIONS # RESTORE SYSTEM CONFIGURATIONS
#================================================= #=================================================
@ -34,7 +39,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore_file --origin_path="/etc/systemd/system/$app.service" ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet systemctl enable $app.service --quiet
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" yunohost service add $app --description="WebUI for BorgBackup" --log="/var/log/$app/$app.log"
ynh_restore_file --origin_path="/etc/cron.d/$app" ynh_restore_file --origin_path="/etc/cron.d/$app"
@ -45,8 +50,7 @@ ynh_restore_file --origin_path="/etc/cron.d/$app"
#================================================= #=================================================
ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1
# Typically you only have either $app or php-fpm but not both at the same time... ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=nginx --action=reload ynh_systemd_action --service_name=nginx --action=reload

View file

@ -11,12 +11,20 @@ source /usr/share/yunohost/helpers
upgrade_type=$(ynh_check_app_version_changed) upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=5
# Install Nodejs
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
#================================================= #=================================================
# STOP SYSTEMD SERVICE # STOP SYSTEMD SERVICE
#================================================= #=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1 ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
#================================================= #=================================================
# "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...) # "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...)
@ -29,7 +37,7 @@ then
ynh_script_progression --message="Upgrading source files..." --weight=1 ynh_script_progression --message="Upgrading source files..." --weight=1
# Download, check integrity, uncompress and patch the source from manifest.toml # Download, check integrity, uncompress and patch the source from manifest.toml
ynh_setup_source --dest_dir="$install_dir" --keep=".env.local config/users.json config/repo.json" ynh_setup_source --dest_dir="$install_dir" --keep="app/.env.local app/config/users.json app/config/repo.json"
fi fi
chown -R $app:www-data "$install_dir" chown -R $app:www-data "$install_dir"
@ -41,9 +49,10 @@ ynh_script_progression --message="Upgrading system configurations related to $ap
ynh_add_nginx_config ynh_add_nginx_config
env_path="$PATH"
ynh_add_systemd_config ynh_add_systemd_config
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" yunohost service add $app --description="WebUI for BorgBackup" --log="/var/log/$app/$app.log"
#================================================= #=================================================
# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...) # RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...)
@ -52,17 +61,17 @@ yunohost service add $app --description="A short description of the app" --log="
#================================================= #=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1 ynh_script_progression --message="Updating a configuration file..." --weight=1
ynh_add_config --template=".env" --destination="$install_dir/.env.local" ynh_add_config --template=".env" --destination="$install_dir/app/.env.local"
chmod 400 "$install_dir/.env.local" chmod 400 "$install_dir/app/.env.local"
chown $app:$app "$install_dir/.env.local" chown $app:$app "$install_dir/app/.env.local"
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
#================================================= #=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

View file

@ -4,4 +4,8 @@ test_format = 1.0
[default] [default]
# ------------
# Tests to run
# ------------
exclude = ["install.subdir"]