Merge pull request #9 from dkoukoul/master

Renamed admin.md to ADMIN.md and updated an API call in install script
2024-09-03 18:16:29 +02:00 · 2024-01-10 10:22:27 +02:00 · 2024-01-10 10:22:27 +02:00 · 9af3faec33
commit 9af3faec33
parent b788a78972 f2fe71e8bc
3 changed files with 20 additions and 36 deletions
--- a/conf/systemd.service
+++ b/conf/systemd.service
@ -3,8 +3,8 @@ Description=Cjdns: Encrypted IPv6 network
 After=network.target cjdns.service
 [Service]
-User=__APP__
+User=root
-Group=__APP__
+Group=root
 WorkingDirectory=__INSTALL_DIR__/
 ExecStart=/bin/bash -c '__INSTALL_DIR__/cjdroute < __INSTALL_DIR__/cjdroute.conf'
 KillMode=process
@ -16,12 +16,9 @@ Restart=no
 # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
 NoNewPrivileges=yes
 PrivateTmp=yes
 PrivateDevices=yes
 RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
 RestrictNamespaces=yes
 RestrictRealtime=yes
 DevicePolicy=closed
 ProtectClock=yes
 ProtectHostname=yes
 ProtectProc=invisible
 ProtectSystem=full
@ -30,7 +27,6 @@ ProtectKernelModules=yes
 ProtectKernelTunables=yes
 LockPersonality=yes
 SystemCallArchitectures=native
 SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
@ -41,7 +37,7 @@ CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
 CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
 CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
 CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
-CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_NET_RAW
 CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
 [Install]
--- a/doc/ADMIN.md
+++ b/doc/ADMIN.md
@ -1,30 +1,7 @@
 # Setup your website on cjdns network
-1. Install YunoHost by following the detailed instructions provided [here](link-to-instructions).
+1. From the Applications menu, first install wordpress and then "cjdns". 
-2. Once the installation is complete, log in as an administrator at `yunohost.local`. Perform a system update, which may take some time.
+2. Obtain your cjdns IPv6 address by navigating to Tools -> Logs -> Click on "Install the 'cjdns' app." Your IPv6 address should be displayed in the log.
-3. Return to `yunohost.local` after the update and navigate to the Applications menu. Click on Install, search for "wordpress," select it, and proceed with the installation.
+3. Reboot your YunoHost server to make the tun device available. Navigate to Tools->Shutdown and click Reboot.
-4. In the Applications menu, search for "cjdns" and install it. If it does not appear due to not being published yet. You can sideload it by pasting the following URL: `https://github.com/dkoukoul/cjdns_ynh` into the "Install custom app" section.
+4. Navigate to Tools -> Yunohost Settings -> Security, and under NGINX, disable "Force HTTPS." Click Save to apply the changes.
-5. Obtain your cjdns IPv6 address by navigating to Tools -> Logs -> Click on "Install the 'cjdns' app." Your IPv6 address should be displayed in the log.
+5. Finally edit `/etc/nginx/conf.d/[your-domain].conf`, add your cjdns-ipv6 to the list of `server_name`. 
 6. Reboot your YunoHost server to make the tun device available. Navigate to Tools->Shutdown and click Reboot.
 7. Navigate to Tools -> Yunohost Settings -> Security, and under NGINX, disable "Force HTTPS." Click Save to apply the changes.
 8. Edit `/etc/nginx/conf.d/[your-domain].conf`, add your cjdns-ipv6 to the list of `server_name`. 
 9. Finally, to allow public access for cjdns requests to your new wordpress site you can do the following:
   1.  SSH into your yunoHost server
   2.  Copy current sso configuration file to persistent: `cp /etc/ssowat/conf.json /etc/ssowat/conf.json.persistent`
   3.  Then edit the persistent file: `nano /etc/ssowat/conf.json.persistent`
   4.  Change `public` to `true` and add this line under the `wordpress.main uris` section: `"re:^.fc.*"`. Remember to add a trailing “,” to the above entry. For example:
 ```json
 "wordpress.main": {
    "auth_header": true,
    "label": "WordPress",
    "public": true,
    "show_tile": true,
    "uris": [
        "example.nohost.me/blog",
        "re:^.fc.*"
    ],
    "use_remote_user_var_in_nginx_conf": false,
    "users": []
 }
 ``````
--- a/scripts/install
+++ b/scripts/install
@ -39,7 +39,7 @@ jq '.noBackground = 1' $install_dir/cjdroute.conf > $install_dir/cjdroute.conf.t
 #=================================================
 ynh_script_progression --message="Getting cjdns peers..." --weight=1
 # Fetch the JSON data
-json=$(curl -s https://vpn.anode.co/api/0.3/vpn/cjdns/peeringlines/)
+json=$(curl -s -A "ynh" https://vpn.anode.co/api/0.4/vpn/cjdns/peeringlines/)
 echo "Got peering lines"
 length=$(echo $json | jq '. | length')
@ -96,6 +96,17 @@ ynh_script_progression --message="Launching cjdns service..." --weight=1
 # Start a systemd service
 ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
 #=================================================
 # MAKE WORDPRESS AVAILABLE ON CJDNS
 #=================================================
 yunohost tools shell -c "from yunohost.permission import permission_url; permission_url('wordpress.main', add_url=['re:^.fc.*'])"
 #=================================================
 # MAKE WORDPRESS AVAILABLE ON CJDNS
 #=================================================
 yunohost tools shell -c "from yunohost.permission import permission_url; permission_url('wordpress.main', add_url=['re:^.fc.*'])"
 #=================================================
 # END OF SCRIPT