Working install (front and back building + config v0)

conf/back.env

@@ -0,0 +1,2 @@
+FRONTEND_URL=http://__DOMAIN__/__PATH__
+DATABASE_URL=postgres://__DB_USER__:__DB_PWD__/__DB__NAME__

conf/crabfit-back.service

@@ -0,0 +1,50 @@
+[Unit]
+Description=Crabfit Rust backend
+After=network.target postgresql.service
+PartOf=__APP__.target
+
+[Service]
+Type=simple
+User=__APP__
+Group=__APP__
+WorkingDirectory=__INSTALL_DIR__/api
+StandardOutput=append:/var/log/__APP__/__APP__-back.log
+StandardError=inherit
+ExecStart=__INSTALL_DIR__/api/target/release/crabfit-api
+
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectClock=yes
+ProtectHostname=yes
+ProtectProc=invisible
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallArchitectures=native
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
+
+[Install]
+WantedBy=multi-user.target

conf/crabfit-front.service

@@ -1,15 +1,16 @@
 [Unit]
-Description=Small description of the service
+Description=Crabfit NodeJS frontend
 After=network.target
+PartOf=__APP__.target
 
 [Service]
 Type=simple
 User=__APP__
 Group=__APP__
-WorkingDirectory=__INSTALL_DIR__/
-ExecStart=__INSTALL_DIR__/script
-StandardOutput=append:/var/log/__APP__/__APP__.log
+WorkingDirectory=__INSTALL_DIR__/frontend
+StandardOutput=append:/var/log/__APP__/__APP__-front.log
 StandardError=inherit
+ExecStart=__YNH_NPM__ run start
 
 # Sandboxing options to harden security
 # Depending on specificities of your service/app, you may need to tweak these

conf/crabfit.target

@@ -0,0 +1,6 @@
+[Unit]
+Description=Crabfit (__APP__)
+Wants=__APP__-front.service __APP__-back.service
+
+[Install]
+WantedBy=multi-user.target

conf/front.env

@@ -0,0 +1,3 @@
+NEXT_PUBLIC_API_URL=http://__DOMAIN__/api
+NEXT_TELEMETRY_DISABLED=1
+NODE_ENV=production

conf/nginx.conf

@@ -1,28 +1,30 @@
 #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
 location __PATH__/ {
 
-  # Path to source
-  alias __INSTALL_DIR__/;
+  proxy_pass          http://127.0.0.1:__PORT__;
+  proxy_set_header    Host $host;
 
-### Example PHP configuration (remove it if not used)
-  index index.php;
+  proxy_set_header    X-Forwarded-Ssl on;
+  proxy_set_header    X-Forwarded-Proto https;
+  proxy_set_header    X-Forwarded-Scheme https;
 
-  # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
-  #client_max_body_size 50M;
-
-  try_files $uri $uri/ index.php;
-  location ~ [^/]\.php(/|$) {
-    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-    fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
-
-    fastcgi_index index.php;
-    include fastcgi_params;
-    fastcgi_param REMOTE_USER $remote_user;
-    fastcgi_param PATH_INFO $fastcgi_path_info;
-    fastcgi_param SCRIPT_FILENAME $request_filename;
-  }
-### End of PHP configuration part
+  proxy_buffering     off;
 
   # Include SSOWAT user panel.
-  include conf.d/yunohost_panel.conf.inc;
+  # include conf.d/yunohost_panel.conf.inc;
+}
+
+location __PATH__/api {
+
+  proxy_pass          http://127.0.0.1:__PORT_API__;
+  proxy_set_header    Host $host;
+
+  proxy_set_header    X-Forwarded-Ssl on;
+  proxy_set_header    X-Forwarded-Proto https;
+  proxy_set_header    X-Forwarded-Scheme https;
+
+  proxy_buffering     off;
+
+  # Include SSOWAT user panel.
+  # include conf.d/yunohost_panel.conf.inc;
 }

manifest.toml

@@ -1,54 +1,42 @@
 packaging_format = 2
 
-id = "example"
-name = "Example app"
-description.en = "Explain in *a few (10~15) words* the purpose of the app or what it actually does (it is meant to give a rough idea to users browsing a catalog of 100+ apps)"
-description.fr = "Expliquez en *quelques* (10~15) mots l'utilité de l'app ou ce qu'elle fait (l'objectif est de donner une idée grossière pour des utilisateurs qui naviguent dans un catalogue de 100+ apps)"
+id = "crabfit"
+name = "Crab Fit"
+description.en = "Enter your availability to find a time that works for everyone! "
+description.fr = "Trouver un temps correspondant à tout le monde en rentrant vos disponibilités"
 
 version = "1.0~ynh1"
 
-maintainers = ["johndoe"]
+maintainers = ["limaanto"]
 
 [upstream]
-# NB: Only the "license" key is mandatory. Remove entries for which there's no relevant data
-license = "free"
-website = "https://example.com"
-demo = "https://demo.example.com"
-admindoc = "https://yunohost.org/packaging_apps"
-userdoc = "https://yunohost.org/apps"
-code = "https://some.forge.com/example/example"
-# FIXME: optional but recommended if relevant, this is meant to contain the Common Platform Enumeration, which is sort of a standard id for applications defined by the NIST. In particular, YunoHost may use this is in the future to easily track CVE (=security reports) related to apps. The CPE may be obtained by searching here: https://nvd.nist.gov/products/cpe/search. For example, for Nextcloud, the CPE is 'cpe:2.3:a:nextcloud:nextcloud' (no need to include the version number)
-cpe = "???"
-# FIXME: optional but recommended (or remove if irrelevant / not applicable). This is meant to be an URL where people can financially support this app, especially when its development is based on volunteers and/or financed by its community. YunoHost may later advertise it in the webadmin.
-fund = "???"
+license = "GPLv3"
+website = "https://crab.fit"
+demo = "https://crab.fit"
+#FIXME: Find where these two values will end up
+#admindoc = "https://yunohost.org/packaging_apps"
+#userdoc = "https://yunohost.org/apps"
+code = "https://github.com/GRA0007/crab.fit"
 
 [integration]
 yunohost = ">= 11.1.21"
-# FIXME: can be replaced by a list of supported archs using the dpkg --print-architecture nomenclature (amd64/i386/armhf/arm64), for example: ["amd64", "i386"]
 architectures = "all"
 multi_instance = true
-# FIXME: replace with true, false, or "not_relevant". Not to confuse with the "sso" key: the "ldap" key corresponds to wether or not a user *can* login on the app using its YunoHost credentials.
-ldap = "?"
-# FIXME: replace with true, false, or "not_relevant". Not to confuse with the "ldap" key: the "sso" key corresponds to wether or not a user is *automatically logged-in* on the app when logged-in on the YunoHost portal.
-sso = "?"
-# FIXME: replace with an **estimate** minimum disk and RAM requirements. e.g. 20M, 400M, 1G...
-disk = "50M"
-ram.build = "50M"
-ram.runtime = "50M"
+ldap = false
+sso = false
+disk = "500M"
+ram.build = "100M"
+ram.runtime = "100M"
 
 [install]
     [install.domain]
-    # this is a generic question - ask strings are automatically handled by YunoHost's core
     type = "domain"
 
     [install.path]
-    # this is a generic question - ask strings are automatically handled by YunoHost's core
     type = "path"
-    default = "/example"
+    default = "/crab"
 
     [install.init_main_permission]
-    # this is a generic question - ask strings are automatically handled by YunoHost's core
-    # This won't be saved as setting and will instead be used to initialize the SSOwat permission
     type = "group"
     default = "visitors"
 
@@ -59,61 +47,24 @@ ram.runtime = "50M"
     choices = ["fr", "en"]
     default = "fr"
 
-    [install.admin]
-    # this is a generic question - ask strings are automatically handled by YunoHost's core
-    type = "user"
-
-    [install.password]
-    # this is a generic question - ask strings are automatically handled by YunoHost's core
-    # Note that user-provided passwords questions are not automatically saved as setting
-    help.en = "Use the help field to add an information for the admin about this question."
-    help.fr = "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question."
-    type = "password"
-
 [resources]
-    # See the packaging documentation for the full set
-    # of explanation regarding the behavior and properties for each of those
-
     [resources.sources]
-
         [resources.sources.main]
-        # This will pre-fetch the asset which can then be deployed during the install/upgrade scripts with :
-        #    ynh_setup_source --dest_dir="$install_dir"
-        # You can also define other assets than "main" and add --source_id="foobar" in the previous command
-        url = "https://github.com/foo/bar/archive/refs/tags/v1.2.3.tar.gz"
-        sha256 = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef"
-
-        # These infos are used by https://github.com/YunoHost/apps/blob/master/tools/autoupdate_app_sources/autoupdate_app_sources.py
-        # to auto-update the previous asset urls and sha256sum + manifest version
-        # assuming the upstream's code repo is on github and relies on tags or releases
-        # See the 'sources' resource documentation for more details
-
-        # autoupdate.strategy = "latest_github_tag"
+        # No releases currently exist in the repo, looking forward to improving that
+        url = "https://github.com/GRA0007/crab.fit/archive/628f9eefc300bf1ed3d6cc3323332c2ed9b8a350.zip"
+        sha256 = "cc87276d26242a90f32f1462319f0cff35c576f6c438cc20e68601f26701b33b"
 
     [resources.system_user]
-    # This will provision/deprovision a unix system user
-
     [resources.install_dir]
-    # This will create/remove the install dir as /var/www/$app
-    # and store the corresponding setting $install_dir
-
-    [resources.data_dir]
-    # This will create/remove the data dir as /home/yunohost.app/$app
-    # and store the corresponding setting $data_dir
-
     [resources.permissions]
-    # This will configure SSOwat permission for $domain/$path/
-    # The initial allowed group of user is configured via the init_main_permission question (public=visitors, private=all_users)
     main.url = "/"
 
     [resources.ports]
-    # This will pick a random port for reverse-proxying and store it as the $port setting
+    main.default = 3000
+    api.default = 3001
 
     [resources.apt]
-    # This will automatically install/uninstall the following apt packages
-    # and implicitly define the $phpversion setting as 8.0 (if phpX.Y-foobar dependencies are listed)
-    packages = "deb1, deb2, php8.0-foo, php8.0-bar"
+    packages = "postgresql pkg-config"
 
     [resources.database]
-    # This will automatically provision/deprovison a MySQL DB and store the corresponding credentials in settings $db_user, $db_name, $db_pwd
-    type = "mysql"
+    type = "postgresql"

scripts/_common.sh

@@ -3,6 +3,7 @@
 #=================================================
 # COMMON VARIABLES
 #=================================================
+export nodejs_version="18"
 
 #=================================================
 # PERSONAL HELPERS

scripts/install

@@ -9,27 +9,6 @@
 source _common.sh
 source /usr/share/yunohost/helpers
 
-# Install parameters are automatically saved as settings
-#
-# Settings are automatically loaded as bash variables
-# in every app script context, therefore typically these will exist:
-# - $domain
-# - $path
-# - $language
-# ... etc
-#
-# Resources defined in the manifest are provisioned prior to this script
-# and corresponding settings are also available, such as:
-# - $install_dir
-# - $port
-# - $db_name
-# ...
-
-#
-# $app is the app id (i.e. 'example' for first install, 
-# or 'example__2', '__3', ... for multi-instance installs)
-#
-
 #=================================================
 # APP "BUILD" (DEPLOYING SOURCES, VENV, COMPILING ETC)
 #=================================================
@@ -37,159 +16,92 @@ source /usr/share/yunohost/helpers
 #=================================================
 ynh_script_progression --message="Setting up source files..." --weight=1
 
-### `ynh_setup_source` is used to install an app from a zip or tar.gz file,
-### downloaded from an upstream source, like a git repository.
-### `ynh_setup_source` use the file conf/app.src
-
 # Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source --dest_dir="$install_dir"
-
-# $install_dir will automatically be initialized with some decent 
-# permission by default ... however, you may need to recursively reapply
-# ownership to all files such as after the ynh_setup_source step
 chown -R $app:www-data "$install_dir"
 
+ynh_install_nodejs --nodejs_version=$nodejs_version
+ynh_use_nodejs
+
 #=================================================
 # SYSTEM CONFIGURATION
 #=================================================
 ynh_script_progression --message="Adding system configurations related to $app..." --weight=1
 
-### `ynh_add_fpm_config` is used to set up a PHP config.
-### You can remove it if your app doesn't use PHP.
-### `ynh_add_fpm_config` will use the files conf/php-fpm.conf
-### If you're not using these lines:
-###		- You can remove these files in conf/.
-###		- Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script
-###		- Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script
-###		- As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script
-###		  with the reload at the end of the script.
-###		- And the section "PHP-FPM CONFIGURATION" in the upgrade script
-
-# Create a dedicated PHP-FPM config using the conf/php-fpm.conf or conf/extra_php-fpm.conf
-ynh_add_fpm_config
-
 # Create a dedicated NGINX config using the conf/nginx.conf template
-ynh_add_nginx_config
-
-### `ynh_systemd_config` is used to configure a systemd script for an app.
-### It can be used for apps that use sysvinit (with adaptation) or systemd.
-### Have a look at the app to be sure this app needs a systemd script.
-### `ynh_systemd_config` will use the file conf/systemd.service
-### If you're not using these lines:
-###		- You can remove those files in conf/.
-###		- Remove the section "BACKUP SYSTEMD" in the backup script
-###		- Remove also the section "STOP AND REMOVE SERVICE" in the remove script
-###		- As well as the section "RESTORE SYSTEMD" in the restore script
-###		- And the section "SETUP SYSTEMD" in the upgrade script
+ynh_add_config --template="../conf/crabfit.target" --destination="/etc/systemd/system/$app.target"
 
 # Create a dedicated systemd config
-ynh_add_systemd_config
+ynh_add_systemd_config --service="${app}-front" --template="crabfit-front.service"
+ynh_add_systemd_config --service="${app}-back" --template="crabfit-back.service"
 
-### `yunohost service add` integrates a service in YunoHost. It then gets
-### displayed in the admin interface and through the others `yunohost service` commands.
-### (N.B.: this line only makes sense if the app adds a service to the system!)
-### If you're not using these lines:
-###		- You can remove these files in conf/.
-###		- Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script
-###		- As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script
-###		- And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script
+yunohost service add "${app}-front" --description="Crabfit NodeJS Frontend" --log="/var/log/$app/${app}-front.log"
+yunohost service add "${app}-back" --description="Crabfit Rust Backend" --log="/var/log/$app/${app}-back.log"
 
-yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
-
-### Additional options starting with 3.8:
-###
-### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed
-###                               which will then be checked by YunoHost's diagnosis system
-###                               (N.B. DO NOT USE THIS is the port is only internal!!!)
-###
-### --test_status "some command"  a custom command to check the status of the service
-###                               (only relevant if 'systemctl status' doesn't do a good job)
-###
-### --test_conf "some command"    some command similar to "nginx -t" that validates the conf of the service
-###
-### Re-calling 'yunohost service add' during the upgrade script is the right way
-### to proceed if you later realize that you need to enable some flags that
-### weren't enabled on old installs (be careful it'll override the existing
-### service though so you should re-provide all relevant flags when doing so)
-
-### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
-### Use this helper only if there is effectively a log file for this app.
-### If you're not using this helper:
-###		- Remove the section "BACKUP LOGROTATE" in the backup script
-###		- Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
-###		- As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
-###		- And the section "SETUP LOGROTATE" in the upgrade script
-
-# Use logrotate to manage application logfile(s)
 ynh_use_logrotate
 
-# Create a dedicated Fail2Ban config
-ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
+#=================================================
+# ADD CONFIGURATIONS
+#=================================================
+ynh_script_progression --message="Adding configuration files..." --weight=1
+
+# Replace the default .env.local with our own
+rm $install_dir/frontend/.env.local
+ynh_add_config --template="../conf/front.env" --destination="$install_dir/frontend/.env.local"
+chmod 400 "$install_dir/frontend/.env.local"
+chown $app:$app "$install_dir/frontend/.env.local"
+
+ynh_add_config --template="../conf/back.env" --destination="$install_dir/api/.env"
+chmod 400 "$install_dir/api/.env"
+chown $app:$app "$install_dir/api/.env"
 
 #=================================================
-# APP INITIAL CONFIGURATION
+# BUILD BACKEND
 #=================================================
-# ADD A CONFIGURATION
-#=================================================
-ynh_script_progression --message="Adding a configuration file..." --weight=1
+ynh_script_progression --message="Building crabfit backend..." --weight=1
 
-### You can add specific configuration files.
-###
-### Typically, put your template conf file in ../conf/your_config_file
-### The template may contain strings such as __FOO__ or __FOO_BAR__,
-### which will automatically be replaced by the values of $foo and $foo_bar
-###
-### ynh_add_config will also keep track of the config file's checksum,
-### which later during upgrade may allow to automatically backup the config file
-### if it's found that the file was manually modified
-###
-### Check the documentation of `ynh_add_config` for more info.
+# The cargo version packaged with debian (currently 11) is too old and results in errors..
+# Thus the latest version is manually installed alongside the application for the moment
+pushd $install_dir/api
+	curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs > rustup.sh
+	ynh_exec_warn_less ynh_exec_as "$app" \
+		RUSTUP_HOME=$install_dir/api/.rustup \
+		CARGO_HOME=$install_dir/api/.cargo \
+		sh rustup.sh -y -q --no-modify-path --default-toolchain=stable
+	export PATH="$PATH:$install_dir/.cargo/bin"
+	ynh_exec_warn_less ynh_exec_as "$app" \
+		RUSTUP_HOME=$install_dir/api/.rustup \
+		CARGO_HOME=$install_dir/api/.cargo \
+		$install_dir/api/.cargo/bin/cargo build --release #--features sql-adaptor
 
-ynh_add_config --template="some_config_file" --destination="$install_dir/some_config_file"
-
-# FIXME: this should be handled by the core in the future
-# You may need to use chmod 600 instead of 400,
-# for example if the app is expected to be able to modify its own config
-chmod 400 "$install_dir/some_config_file"
-chown $app:$app "$install_dir/some_config_file"
-
-### For more complex cases where you want to replace stuff using regexes,
-### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
-### When doing so, you also need to manually call ynh_store_file_checksum
-###
-### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$install_dir/some_config_file"
-### ynh_store_file_checksum --file="$install_dir/some_config_file"
+	# Remove build files and rustup
+# 	cp -af "$install_dir/api/target/release/crabfit-api" "$install_dir/api/api"
+# 	ynh_secure_remove --file="$final_path/build"
+	ynh_secure_remove --file="$install_dir/api/.cargo"
+	ynh_secure_remove --file="$install_dir/api/.rustup"
+popd
 
 #=================================================
-# SETUP APPLICATION WITH CURL
+# BUILD FRONTEND
 #=================================================
-
-### Use these lines only if the app installation needs to be finalized through
-### web forms. We generally don't want to ask the final user,
-### so we're going to use curl to automatically fill the fields and submit the
-### forms.
-
-# Installation with curl
-ynh_script_progression --message="Finalizing installation..." --weight=1
-ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
+ynh_script_progression --message="Building crabfit frontend..." --weight=1
+pushd $install_dir/frontend
+	ynh_exec_warn_less ynh_exec_as "$app" $nodejs_path/corepack enable
+	ynh_exec_warn_less ynh_exec_as "$app" $nodejs_path/yarn install --production --frozen-lockfile
+	ynh_exec_warn_less ynh_exec_as "$app" $ynh_npm run build
+popd
 
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
-ynh_script_progression --message="Starting a systemd service..." --weight=1
-
-### `ynh_systemd_action` is used to start a systemd service for an app.
-### Only needed if you have configure a systemd service
-### If you're not using these lines:
-###		- Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script
-###		- As well as the section "START SYSTEMD SERVICE" in the restore script
-###		- As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script
-###		- And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script
+ynh_script_progression --message="Starting systemd services..." --weight=1
 
 # Start a systemd service
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+# Changed the log path to systemd accoding to what funkwhale_ynh does but dunno why
+ynh_systemd_action --service_name="${app}-front" --action="start" --log_path="systemd"
+ynh_systemd_action --service_name="${app}-back" --action="start" --log_path="systemd"
 
 #=================================================
 # END OF SCRIPT