diff --git a/scripts/install b/scripts/install index 6308596..cae7881 100644 --- a/scripts/install +++ b/scripts/install @@ -1,37 +1,64 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# This is a multi-instance app, meaning it can be installed several times independently -# The id of the app as stated in the manifest is available as $YNH_APP_ID -# The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) -# The app instance name is available as $YNH_APP_INSTANCE_NAME -# - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -# - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -# - ynhexample__{N} for the subsequent installations, with N=3,4, ... -# The app instance name is probably what you are interested the most, since this is -# guaranteed to be unique. This is a good unique identifier to define installation path, -# db names, ... -app=$YNH_APP_INSTANCE_NAME +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= # Retrieve arguments domain=$YNH_APP_ARG_DOMAIN -is_public=$YNH_APP_ARG_IS_PUBLIC password=$YNH_APP_ARG_PASSWORD nextcloud_domain=$YNH_APP_ARG_NEXTCLOUDDOMAIN -# Source YunoHost helpers -source /usr/share/yunohost/helpers -source _common.sh +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= +### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". +### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" +final_path=/opt/yunohost/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" -# Save app settings -ynh_app_setting_set "$app" is_public "$is_public" +# Check web path availability +ynh_webpath_available $domain +# Register (book) web path +ynh_webpath_register $app $domain -# Check domain/path availability -sudo yunohost app checkurl "${domain}" -a "$app" \ - || ynh_die "Path not available: ${domain}" +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= + +ynh_app_setting_set $app domain $domain +ynh_app_setting_set $app password $password +ynh_app_setting_set $app nextcloud_domain $nextcloud_domain + +#================================================= +# FIND AND OPEN A PORT +#================================================= + +### Use these lines if you have to open a port for the application +### `ynh_find_port` will find the first available port starting from the given port. +### If you're not using these lines: +### - Remove the section "CLOSE A PORT" in the remove script # Find a free port port=$(ynh_find_port 9980) @@ -39,9 +66,13 @@ port=$(ynh_find_port 9980) yunohost firewall allow --no-upnp TCP $port 2>&1 ynh_app_setting_set $app port $port +#=============================================== +# ADD COLLABORA REPOSITORY +#=============================================== apt-get -yy install apt-transport-https apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 0C54D189F4BA284D + if [ "$(lsb_release --codename --short)" != "jessie" ]; then echo 'deb https://collaboraoffice.com/repos/CollaboraOnline/CODE-debian8 ./' | sudo tee -a /etc/apt/sources.list.d/collabora.list else @@ -49,9 +80,11 @@ else echo 'deb https://collaboraoffice.com/repos/CollaboraOnline/CODE-debian9 ./' | sudo tee -a /etc/apt/sources.list.d/collabora.list fi -sudo apt-get update -sudo apt-get install -yy loolwsd code-brand - +#============================================== +# INSTALL COLLABORA +#============================================== +ynh_package_update +ynh_install_app_dependencies loolwsd code-brand #================================================= # NGINX CONFIGURATION @@ -67,12 +100,6 @@ ynh_add_nginx_config # Create a system user ynh_system_user_create $app -#================================================= -# SPECIFIC SETUP -#================================================= -# ... -#================================================= - #================================================= # MODIFY A CONFIG FILE #================================================= @@ -81,21 +108,41 @@ ynh_replace_string "__NEXTCLOUDDOMAIN__" "$nextcloud_domain" "/etc/loolwsd/loolw ynh_replace_string "__PASSWORD__" "$password" "/etc/loolwsd/loolwsd.xml" systemctl start loolwsd + #================================================= -# SETUP SYSTEMD +# STORE THE CONFIG FILE CHECKSUM #================================================= -# Create a dedicated systemd config -#ynh_add_systemd_config +### `ynh_store_file_checksum` is used to store the checksum of a file. +### That way, during the upgrade script, by using `ynh_backup_if_checksum_is_different`, +### you can make a backup of this file before modifying it again if the admin had modified it. + +# Calculate and store the config file checksum into the app settings +ynh_store_file_checksum "/etc/loolwsd/loolwsd.xml" -# If app is public, add url to SSOWat conf as skipped_uris -if [[ $is_public -eq 1 ]]; then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set "$app" unprotected_uris "/" -fi +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +### For security reason, any app should set the permissions to root: before anything else. +### Then, if write authorization is needed, any access should be given only to directories +### that really need such authorization. + +# Set permissions to app files +chown -R root: /etc/loolwsd + + +#================================================= +# SETUP SSOWAT +#================================================= + +# unprotected_uris allows SSO credentials to be passed anyway. +ynh_app_setting_set $app unprotected_uris "/" # Reload services systemctl restart loolwsd -systemctl restart nginx +systemctl reload nginx