1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/cryptpad_ynh.git synced 2024-09-03 18:26:14 +02:00

Merge pull request #202 from YunoHost-Apps/systemd

5.6.0
This commit is contained in:
eric_G 2024-01-12 19:39:40 +01:00 committed by GitHub
commit 536ea9aa0c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 215 additions and 103 deletions

View file

@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored.
**Shipped version:** 5.3.0~ynh1
**Shipped version:** 5.6.0~ynh1
**Demo:** https://cryptpad.fr/

View file

@ -18,7 +18,7 @@ Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
CryptPad est une suite de collaboration chiffrée de bout en bout et open source. Il est conçu pour permettre la collaboration, en synchronisant les modifications apportées aux documents en temps réel. Étant donné que toutes les données sont chiffrées, le service et ses administrateurs n'ont aucun moyen de voir le contenu modifié et stocké.
**Version incluse :** 5.3.0~ynh1
**Version incluse :** 5.6.0~ynh1
**Démo :** https://cryptpad.fr/

View file

@ -1,3 +1,7 @@
// SPDX-FileCopyrightText: 2023 XWiki CryptPad Team <contact@cryptpad.org> and contributors
//
// SPDX-License-Identifier: AGPL-3.0-or-later
/* globals module */
/* DISCLAIMER:
@ -11,7 +15,7 @@
Support requests for such setups should be directed to their authors.
If you're having difficulty difficulty configuring your instance
we suggest that you join the project's IRC/Matrix channel.
we suggest that you join the project's Matrix channel.
If you don't have any difficulty configuring your instance and you'd like to
support us for the work that went into making it pain-free we are quite happy
@ -45,21 +49,13 @@ module.exports = {
* In such a case this should be also handled by NGINX, as documented in
* cryptpad/docs/example.nginx.conf (see the $main_domain variable)
*
* Note: you may provide multiple origins for the purpose of accessing
* a development instance via different URLs, like so:
* httpUnsafeOrigin: 'http://127.0.0.1:3000/ http://localhost:3000/',
*
* Such configuration is not recommended for production instances,
* as the development team does not actively test such configuration
* and it may have unintended consequences in practice.
*
*/
httpUnsafeOrigin: 'https://__DOMAIN__',
/* httpSafeOrigin is the URL that is used for the 'sandbox' described above.
* If you're testing or developing with CryptPad on your local machine then
* it is appropriate to leave this blank. The default behaviour is to serve
* the main domain over port 3000 and to serve the content over port 3001.
* the main domain over port 3000 and to serve the sandbox content over port 3001.
*
* This is not appropriate in a production environment where invasive networks
* may filter traffic going over abnormal ports.
@ -70,14 +66,17 @@ module.exports = {
* This value corresponds to the $sandbox_domain variable
* in the example nginx file.
*
* Note that in order for the sandboxing system to be effective
* httpSafeOrigin must be different from httpUnsafeOrigin.
*
* CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS.
*/
httpSafeOrigin: "https://__SANDBOXDOMAIN__",
/* httpAddress specifies the address on which the nodejs server
* should be accessible. By default it will listen on 127.0.0.1
* (IPv4 localhost on most systems). If you want it to listen on
* all addresses, including IPv6, set this to '::'.
* should be accessible. By default it will listen on localhost
* (IPv4 & IPv6 if enabled). If you want it to listen on
* a specific address, specify it here. e.g '192.168.0.1'
*
*/
httpAddress: '::',
@ -97,6 +96,19 @@ module.exports = {
*/
httpSafePort: __PORT_PORTI__,
/* Websockets need to be exposed on a separate port from the rest of
* the platform's HTTP traffic. Port 3003 is used by default.
* You can change this to a different port if it is in use by a
* different service, but under most circumstances you can leave this
* commented and it will work.
*
* In production environments, your reverse proxy (usually NGINX)
* will need to forward websocket traffic (/cryptpad_websocket)
* to this port.
*
*/
// websocketPort: 3003,
/* CryptPad will launch a child process for every core available
* in order to perform CPU-intensive tasks in parallel.
* Some host environments may have a very large number of cores available
@ -105,6 +117,28 @@ module.exports = {
*/
// maxWorkers: 4,
/* =====================
* Sessions
* ===================== */
/* Accounts can be protected with an OTP (One Time Password) system
* to add a second authentication layer. Such accounts use a session
* with a given lifetime after which they are logged out and need
* to be re-authenticated. You can configure the lifetime of these
* sessions here.
*
* defaults to 7 days
*/
//otpSessionExpiration: 7*24, // hours
/* Registered users can be forced to protect their account
* with a Multi-factor Authentication (MFA) tool like a TOTP
* authenticator application.
*
* defaults to false
*/
//enforceMFA: false,
/* =====================
* Admin
* ===================== */
@ -115,12 +149,17 @@ module.exports = {
* To give access to the admin panel to a user account, just add their public signing
* key, which can be found on the settings page for registered users.
* Entries should be strings separated by a comma.
* adminKeys: [
* "[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",
* "[cryptpad-user2@my.awesome.website/jA-9c5iNuG7SyxzGCjwJXVnk5NPfAOO8fQuQ0dC83RE=]",
* ]
*
*/
/*
adminKeys: [
"[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",
],
*/
/* CryptPad's administration panel includes a "support" tab
* wherein administrators with a secret key can view messages

View file

@ -4,67 +4,147 @@ set $allowed_origins "https://${sandbox_domain}";
set $api_domain "__DOMAIN__";
set $files_domain "__DOMAIN__";
ssl_ecdh_curve secp384r1;
more_set_headers "Access-Control-Allow-Origin: '${allowed_origins}'";
more_set_headers "X-XSS-Protection: 1; mode=block";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}";
more_set_headers "Access-Control-Allow-Credentials: true";
# more_set_headers "X-Frame-Options: SAMEORIGIN";
# Enable SharedArrayBuffer in Firefox (for .xlsx export)
more_set_headers "Cross-Origin-Resource-Policy: cross-origin";
more_set_headers "Cross-Origin-Embedder-Policy: require-corp";
# Insert the path to your CryptPad repository root here
root __INSTALL_DIR__/;
index index.html;
error_page 404 /customize.dist/404.html;
if ($uri ~ ^(\/|.*\/|.*\.html)$) {
set $cacheControl no-cache;
}
# any static assets loaded with "ver=" in their URL will be cached for a year
if ($args ~ ver=) {
set $cacheControl max-age=31536000;
}
# This rule overrides the above caching directive and makes things somewhat less efficient.
# We had inverted them as an optimization, but Safari 16 introduced a bug that interpreted
# some important headers incorrectly when loading these files from cache.
# This is why we can't have nice things :(
if ($uri ~ ^(\/|.*\/|.*\.html)$) {
set $cacheControl no-cache;
}
# Will not set any header if it is emptystring
more_set_headers "Cache-Control: $cacheControl";
# CSS can be dynamically set inline, loaded from the same domain, or from $main_domain
set $styleSrc "'unsafe-inline' 'self' https://${main_domain}";
# connect-src restricts URLs which can be loaded using script interfaces
# if you have configured your instance to use a dedicated $files_domain or $api_domain
# you will need to add them below as: https://${files_domain} and https://${api_domain}
set $connectSrc "'self' https://${main_domain} blob: wss://${api_domain} https://${sandbox_domain}";
# fonts can be loaded from data-URLs or the main domain
set $fontSrc "'self' data: https://${main_domain}";
# images can be loaded from anywhere, though we'd like to deprecate this as it allows the use of images for tracking
set $imgSrc "'self' data: blob: https://${main_domain}";
# frame-src specifies valid sources for nested browsing contexts.
# this prevents loading any iframes from anywhere other than the sandbox domain
set $frameSrc "'self' https://${sandbox_domain} blob:";
# specifies valid sources for loading media using video or audio
set $mediaSrc "blob:";
# defines valid sources for webworkers and nested browser contexts
# deprecated in favour of worker-src and frame-src
set $childSrc "https://${main_domain}";
# specifies valid sources for Worker, SharedWorker, or ServiceWorker scripts.
# supercedes child-src but is unfortunately not yet universally supported.
set $workerSrc "'self'";
# script-src specifies valid sources for javascript, including inline handlers
set $scriptSrc "'self' resource: https://${main_domain}";
# frame-ancestors specifies which origins can embed your CryptPad instance
# this must include 'self' and your main domain (over HTTPS) in order for CryptPad to work
# if you have enabled remote embedding via the admin panel then this must be more permissive.
# note: cryptpad.fr permits web pages served via https: and vector: (element desktop app)
set $frameAncestors "'self' https://${main_domain}";
# set $frameAncestors "'self' https: vector:";
set $unsafe 0;
# the following assets are loaded via the sandbox domain
# they unfortunately still require exceptions to the sandboxing to work correctly.
if ($uri ~ ^\/(sheet|doc|presentation)\/inner.html.*$) { set $unsafe 1; }
if ($uri ~ ^\/common\/onlyoffice\/.*\/.*\.html.*$) { set $unsafe 1; }
# everything except the sandbox domain is a privileged scope, as they might be used to handle keys
if ($host != $sandbox_domain) { set $unsafe 0; }
# this iframe is an exception. Office file formats are converted outside of the sandboxed scope
# because of bugs in Chromium-based browsers that incorrectly ignore headers that are supposed to enable
# the use of some modern APIs that we require when javascript is run in a cross-origin context.
# We've applied other sandboxing techniques to mitigate the risk of running WebAssembly in this privileged scope
if ($uri ~ ^\/unsafeiframe\/inner\.html.*$) { set $unsafe 1; }
# privileged contexts allow a few more rights than unprivileged contexts, though limits are still applied
if ($unsafe) {
set $scriptSrc "'self' 'unsafe-eval' 'unsafe-inline' resource: https://${main_domain}";
}
# Finally, set all the rules you composed above.
more_set_headers "Content-Security-Policy: default-src 'none'; child-src $childSrc; worker-src $workerSrc; media-src $mediaSrc; style-src $styleSrc; script-src $scriptSrc; connect-src $connectSrc; font-src $fontSrc; img-src $imgSrc; frame-src $frameSrc; frame-ancestors $frameAncestors";
location ^~ /cryptpad_websocket {
proxy_pass http://127.0.0.1:__PORT__;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# WebSocket support (nginx 1.4)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
}
location ^~ /customize.dist/ {
# This is needed in order to prevent infinite recursion between /customize/ and the root
}
# try to load customizeable content via /customize/ and fall back to the default content
# located at /customize.dist/
# This is what allows you to override behaviour.
location ^~ /customize/ {
rewrite ^/customize/(.*)$ $1 break;
try_files /customize/$uri /customize.dist/$uri;
}
# /api/config is loaded once per page load and is used to retrieve
# the caching variable which is applied to every other resource
# which is loaded during that session.
location ~ ^/api/.*$ {
proxy_pass http://127.0.0.1:__PORT__;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_hide_header Cross-Origin-Resource-Policy;
# These settings prevent both NGINX and the API server
# from setting the same headers and creating duplicates
proxy_hide_header "Cross-Origin-Resource-Policy";
more_set_headers "Cross-Origin-Resource-Policy: cross-origin";
proxy_hide_header Cross-Origin-Embedder-Policy;
proxy_hide_header "Cross-Origin-Embedder-Policy";
more_set_headers "Cross-Origin-Embedder-Policy: require-corp";
}
location ^~ /blob/ {
# Requests for blobs and blocks are now proxied to the API server
# This simplifies NGINX path configuration in the event they are being hosted in a non-standard location
# or with odd unexpected permissions. Serving blobs in this manner also means that it will be possible to
# enforce access control for them, though this is not yet implemented.
# Access control (via TOTP 2FA) has been added to blocks, so they can be handled with the same directives.
location ~ ^/(blob|block)/.*$ {
if ($request_method = 'OPTIONS') {
more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}";
more_set_headers "Access-Control-Allow-Credentials: true";
more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'";
more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range";
more_set_headers "Access-Control-Max-Age: 1728000";
@ -72,20 +152,23 @@ location ^~ /blob/ {
more_set_headers "Content-Length: 0";
return 204;
}
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "Cache-Control: max-age=31536000'";
more_set_headers "Access-Control-Allow-Origin: ${allowed_origins}";
more_set_headers "Access-Control-Allow-Methods: 'GET, POST, OPTIONS'";
more_set_headers "Access-Control-Allow-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length";
more_set_headers "Access-Control-Expose-Headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range,Content-Length";
try_files $uri =404;
# Since we are proxying to the API server these headers can get duplicated
# so we hide them
proxy_hide_header 'X-Content-Type-Options';
proxy_hide_header 'Access-Control-Allow-Origin';
proxy_hide_header 'Permissions-Policy';
proxy_hide_header 'X-XSS-Protection';
proxy_hide_header 'Cross-Origin-Resource-Policy';
proxy_hide_header 'Cross-Origin-Embedder-Policy';
proxy_pass http://127.0.0.1:__PORT__;
}
location ^~ /block/ {
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "Cache-Control: max-age=0";
try_files $uri =404;
}
location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report|convert|checkup)$ {
# The nodejs server has some built-in forwarding rules to prevent
# URLs like /pad from resulting in a 404. This simply adds a trailing slash
# to a variety of applications.
location ~ ^/(register|login|recovery|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams|calendar|presentation|doc|form|report|convert|checkup|diagram)$ {
rewrite ^(.*)$ $1/ redirect;
}
# Finally, serve anything the above exceptions don't govern.
try_files /customize/www/$uri /customize/www/$uri/index.html /www/$uri /www/$uri/index.html /customize/$uri;

View file

@ -1,5 +1,5 @@
[Unit]
Description=CryptPad: Zero Knowledge realtime collaborative editor.
Description=CryptPad: Zero Knowledge realtime collaborative editor
After=syslog.target network.target
[Service]
@ -11,6 +11,10 @@ Environment=PATH=__ENV_PATH__
Environment=NODE_ENV=production
ExecStart=__YNH_NPM__ start
Restart=always
RestartSec=2
StandardOutput=journal
StandardError=journal+console
LimitNOFILE=1000000
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these

View file

@ -1,9 +1,9 @@
We have added the mandatory sandbox domain for you but you still need to configure your DNS and generate Let's Encrypt Certificates for it !!
We have added the mandatory sandbox domain for you but you still need to configure your DNS and generate Let's Encrypt Certificates for it!
Once CryptPad is installed, create an account via the Register button on the home page. To make this account an instance administrator:
1. Copy the public key found in User Menu (avatar at the top right) > Settings > Account > Public Signing Key
2. Paste this key in `/var/www/cryptpad/config/config.js` in the following array (uncomment and replace the placeholder):
2. Paste this key in `__INSTALL_DIR__/config/config.js` in the following array (uncomment and replace the placeholder):
```
adminKeys: [
"[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",

View file

@ -5,7 +5,7 @@ Nous avons ajouté le domaine obligatoire sandbox pour vous mais vous devez enco
Une fois CryptPad installé, créez un compte via le bouton S'inscrire sur la page d'accueil. Pour faire de ce compte un administrateur d'instance :
1. Copiez la clé publique trouvée dans le menu utilisateur (avatar en haut à droite) > Paramètres > Compte > Clé de signature publique
2. Collez cette clé dans `/var/www/cryptpad/config/config.js` dans le tableau suivant (décommentez et remplacez l'espace réservé) :
2. Collez cette clé dans `__INSTALL_DIR__/config/config.js` dans le tableau suivant (décommentez et remplacez l'espace réservé) :
```
adminKeys: [
"[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",

View file

@ -7,7 +7,7 @@ Once CryptPad is installed, create an account via the Sign Up button on the home
To make this account an instance administrator:
1. Copy the public key found in User Menu (avatar at the top right) > Settings > Account > Public Signing Key
2. Paste this key in `/var/www/cryptpad/config/config.js` in the following array (uncomment and replace the placeholder):
2. Paste this key in `__INSTALL_DIR__/config/config.js` in the following array (uncomment and replace the placeholder):
```
adminKeys: [

View file

@ -3,7 +3,7 @@ If not already done, then you can please open CryptPad domain: https://__DOMAIN_
Create an account via the Register button on the home page. To make this account an instance administrator:
1. Copy the public key found in User Menu (avatar at the top right) > Settings > Account > Public Signing Key
2. Paste this key in /var/www/cryptpad/config/config.js in the following array (uncomment and replace the placeholder):
2. Paste this key in `__INSTALL_DIR__/config/config.js in the following array (uncomment and replace the placeholder):
adminKeys: [
"[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",
],

Binary file not shown.

Before

Width:  |  Height:  |  Size: 116 KiB

After

Width:  |  Height:  |  Size: 125 KiB

View file

@ -5,7 +5,7 @@ name = "CryptPad"
description.en = "Zero Knowledge realtime collaborative office suite"
description.fr = "Suite bureautique chiffrée pour la collaboration en temps réel"
version = "5.3.0~ynh1"
version = "5.6.0~ynh1"
maintainers = ["ddataa"]
@ -22,8 +22,11 @@ fund = "https://opencollective.com/cryptpad/contribute?language=fr"
yunohost = ">= 11.2"
architectures = "all"
multi_instance = false
ldap = false
sso = false
disk = "50M"
ram.build = "350M"
ram.runtime = "50M"
@ -45,8 +48,8 @@ ram.runtime = "50M"
[resources]
[resources.sources.main]
url = "https://github.com/xwiki-labs/cryptpad/archive/refs/tags/5.3.0.tar.gz"
sha256 = "470e75203e7080d19482bacf6216c50ec13070fc7d0ff2e4fc855f57668fb919"
url = "https://github.com/xwiki-labs/cryptpad/archive/refs/tags/5.6.0.tar.gz"
sha256 = "85a1b1781df750e250402fb095125e58b329feab4e542abb57fd886a616a0cfb"
autoupdate.strategy = "latest_github_tag"
[resources.ports]

View file

@ -4,7 +4,7 @@
# COMMON VARIABLES
#=================================================
nodejs_version="16.14.2"
nodejs_version="20"
#=================================================
# PERSONAL HELPERS

View file

@ -16,7 +16,7 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
#=================================================
# MODIFY URL IN NGINX CONF
@ -32,7 +32,7 @@ ynh_change_url_nginx_config
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="server available"
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
#=================================================
# END OF SCRIPT

View file

@ -34,7 +34,7 @@ fi
ynh_app_setting_set --app=$app --key=sandboxdomain --value=$sandboxdomain
ynh_script_progression --message="Setting up sandobx domain : $sandboxdomain" --weight=1
ynh_script_progression --message="Setting up sandbox domain: $sandboxdomain" --weight=1
# We don't test that in CI
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
@ -77,9 +77,9 @@ yunohost service add $app --description="Zero Knowledge realtime collaborative e
#=================================================
# ADD A CONFIGURATION
#=================================================
ynh_script_progression --message="Adding a configuration file..."
ynh_script_progression --message="Adding a configuration file..." --weight=1
ynh_add_config --template="../conf/config.js" --destination="$install_dir/config/config.js"
ynh_add_config --template="config.js" --destination="$install_dir/config/config.js"
chmod 600 "$install_dir/config/config.js"
chown $app "$install_dir/config/config.js"
@ -87,15 +87,13 @@ chown $app "$install_dir/config/config.js"
#=================================================
# INSTALL CRYPTPAD
#=================================================
ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60
ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=30
pushd "$install_dir"
ynh_use_nodejs
ynh_exec_warn_less npm install --allow-root
ynh_exec_warn_less npm install -g bower
ynh_exec_warn_less bower install --allow-root
ynh_exec_warn_less bower update --allow-root
ynh_exec_warn_less npm run build
ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm ci
ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run install:components
ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run build
popd
#=================================================

View file

@ -16,24 +16,16 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app service integration..." --weight=3
yunohost service remove $app
fi
# Remove the dedicated systemd config
ynh_remove_systemd_config
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=3
ynh_remove_nodejs
#=================================================
@ -56,12 +48,12 @@ if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
sandboxdomain=sandbox-$domain
fi
ynh_script_progression --message="Removing sandbox domain : $sandboxdomain" --weight=1
ynh_script_progression --message="Removing sandbox domain: $sandboxdomain" --weight=1
if yunohost domain list | grep -q $sandboxdomain
then #if domain exist we remove it
then # if domain exist we remove it
yunohost domain remove $sandboxdomain
# we clean the nginx configuration we added
# we clean the NGINX configuration we added
ynh_secure_remove --file="/etc/nginx/conf.d/$sandboxdomain.d/"
fi
fi

View file

@ -6,7 +6,6 @@
# IMPORT GENERIC HELPERS
#=================================================
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
@ -56,7 +55,7 @@ yunohost service add $app --description="Zero Knowledge realtime collaborative e
#=================================================
ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="server available"
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
ynh_systemd_action --service_name=nginx --action=reload

View file

@ -29,7 +29,7 @@ upgrade_type=$(ynh_check_app_version_changed)
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
@ -39,7 +39,6 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..." --weight=1
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$install_dir" #--keep="config/config.js"
chmod -R o-rwx "$install_dir"
@ -69,7 +68,7 @@ if [[ $domain == *".local" ]]; then
sandboxdomain=sandbox-$domain
fi
ynh_script_progression --message="Setting up sandobx domain: $sandboxdomain" --weight=1
ynh_script_progression --message="Setting up sandbox domain: $sandboxdomain" --weight=1
# We don't test that in CI
if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
@ -80,6 +79,13 @@ if ! [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
fi
fi
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=6
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
#=================================================
# NGINX CONFIGURATION
#=================================================
@ -89,30 +95,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
ynh_add_nginx_config
env_path="$PATH"
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=6
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
#=================================================
# INSTALL CRYPTPAD
#=================================================
ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60
pushd "$install_dir"
ynh_exec_warn_less npm install --allow-root
ynh_exec_warn_less npm install -g bower
ynh_exec_warn_less bower update --allow-root
ynh_exec_warn_less npm i
ynh_exec_warn_less npm run build
popd
#=================================================
# CREATE SYSTEMD SERVICE
#=================================================
# Create a dedicated systemd config
ynh_add_systemd_config
yunohost service add $app --description="Zero Knowledge realtime collaborative editor" --log="/var/log/$app/$app.log"
@ -122,17 +104,29 @@ yunohost service add $app --description="Zero Knowledge realtime collaborative e
#=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1
ynh_add_config --template="../conf/config.js" --destination="$install_dir/config/config.js"
ynh_add_config --template="config.js" --destination="$install_dir/config/config.js"
chmod 600 "$install_dir/config/config.js"
chown $app "$install_dir/config/config.js"
#=================================================
# INSTALL CRYPTPAD
#=================================================
ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=30
pushd "$install_dir"
ynh_use_nodejs
ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm ci
ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run install:components
ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH $ynh_npm run build
popd
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="server available"
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"
#=================================================
# COPY NGINX CONF IN SANDBOX DOMAIN

View file

@ -6,6 +6,6 @@ test_format = 1.0
# Commits to test upgrade from
# -------------------------------
test_upgrade_from.2a54cd03.name = "Upgrade from 4.10.0"
test_upgrade_from.1e360398.name = "Upgrade from 4.12.0"
test_upgrade_from.7a024ca1.name = "Upgrade from 5.3.0"