1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dato_ynh.git synced 2024-09-03 18:16:33 +02:00
dato_ynh/scripts/install

285 lines
11 KiB
Text
Raw Normal View History

2021-03-11 00:34:24 +01:00
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
# to handle ynh_systemd_action problems
ynh_clean_check_starting
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
app=$YNH_APP_INSTANCE_NAME
domain=$YNH_APP_ARG_DOMAIN
path_url="/" # not customizable, so not using: path_url=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
# autosynchronization variables
autosynchronize=$YNH_APP_ARG_AUTOSYNCHRONIZE
couch_url=$YNH_APP_ARG_COUCH_URL
couch_admin_name=$YNH_APP_ARG_COUCH_ADMIN_NAME
couch_admin_password=$YNH_APP_ARG_COUCH_ADMIN_PASSWORD
couch_datoadmin_name=$YNH_APP_ARG_COUCH_DATOADMIN_NAME
couch_datoadmin_password=$YNH_APP_ARG_COUCH_DATOADMIN_PASSWORD
admin_email=$YNH_APP_ARG_ADMIN_EMAIL
# make sure autosynchronize variable is a boolean
if [[
"$autosynchronize" == "true" ||
"$autosynchronize" == "yes" ||
"$autosynchronize" == "1"
]] && [[ "$couch_url" != "none" ]]
then
autosynchronize=true
else
autosynchronize=false
fi
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=1
# dato provides an internal webserver, setup it's installation path
final_path=/opt/yunohost/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=admin_email --value=$admin_email
ynh_app_setting_set --app=$app --key=autosynchronize --value=$autosynchronize
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
ynh_app_setting_set --app=$app --key=couch_url --value=$couch_url
ynh_app_setting_set --app=$app --key=couch_admin_name --value=$couch_admin_name
ynh_app_setting_set --app=$app --key=couch_admin_password --value=$couch_admin_password
ynh_app_setting_set --app=$app --key=admin_email --value=$admin_email
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding an available port..." --weight=1
# Find an available port
port=$(ynh_find_port --port=9559)
ynh_app_setting_set --app=$app --key=port --value=$port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=6
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# INSTALL NODEJS
#=================================================
ynh_script_progression --message="Installing NodeJS..." --weight=15
ynh_install_nodejs --nodejs_version=$nodejs_version
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=2
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from conf/app.src
ynh_setup_source --dest_dir="$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user
ynh_system_user_create --username=$app --home_dir=$final_path
#=================================================
# SPECIFIC SETUP
#=================================================
# BUILD NODE DEPENDENCIES
#=================================================
ynh_script_progression --message="Building node dependencies..." --weight=90
chown -R "$app":"$app" $final_path
pushd "$final_path"
ynh_use_nodejs
sudo -u $app env $ynh_node_load_PATH npm install --loglevel warn
# ynh_exec_as $app PATH="$nodejs_path:$PATH" "$nodejs_path/npm" install --loglevel warn
popd
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Configuring a systemd service..." --weight=2
# Create a dedicated systemd config
ynh_add_systemd_config --others_var="ynh_node_load_PATH"
#=================================================
# GENERATE CONFIG FILES
#=================================================
ynh_script_progression --message="Generating dato config files..." --weight=3
dato_setup_config_files
#=================================================
# CUSTOMIZE SETUP FOR AUTOSYNCHRONIZATION
#=================================================
if [[ $autosynchronize == true ]]; then
#=================================================
# CUSTOMIZE COUCHDB SETTINGS
#=================================================
ynh_script_progression --message="Customizing couch config..." --weight=2
# make sure that couchdb has CORS enabled and that it accepts requests from dato domain
ynh_add_config --template="../conf/couch.ini" --destination="/opt/couchdb/etc/local.d/$app.ini"
#=================================================
# SETUP A COUCHDB DATO ADMIN USER
#=================================================
ynh_script_progression --message="Setting up admin user in couch..." --weight=2
# figure out couch url with password
couch_pw_url=$(echo "$couch_url" | sed -En "s+^https?://+https://$couch_admin_name:$couch_admin_password@+p")
# add admin user to couch users database
curlResult=$(curl -X PUT "$couch_pw_url/_users/org.couchdb.user:$couch_datoadmin_name" \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d "{\"name\": \"$couch_datoadmin_name\", \"password\": \"$couch_datoadmin_password\", \"roles\": [\"dato-admin\"], \"type\": \"user\"}" 2> /dev/null)
# display error message if there was an error creating dato admin user in couch
if [[ $curlResult != '{"ok":true,'* ]]; then
ynh_print_err --message="There was an error creating the dato admin user for in couch. You will probably have to do it manually (check the last section of this page for instructions: https://squeak.eauchat.org/apps/dato/?setups)."
ynh_print_err --message="Here is the error message from couchdb:"
ynh_print_err --message="$curlResult"
2021-03-11 00:34:24 +01:00
ynh_print_err --message="Please make sure that your couchdb instance is accessible from the url you provided, with a proper SSL certificate (not a self-signed one), otherwise you will not be able to login to dato!"
ynh_print_err --message="$curlResult"
fi
fi
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
### For security reason, any app should set the permissions to root: before anything else.
### Then, if write authorization is needed, any access should be given only to directories
### that really need such authorization.
# Set permissions to app files
chown -R "$app":"$app" $final_path
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=1
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add $app --description="Data storage with a convenient and flexible interface" --log="/var/log/$app/$app.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting dato app service and building pages..." --weight=60
2021-03-11 00:34:24 +01:00
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="electrode server listening on port"
#=================================================
# SETUP FAIL2BAN
#=================================================
# ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
#
# if [[ $autosynchronize == true ]]; then
# # Create a dedicated Fail2Ban config
# ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
# fi
#
# TODO: would be nice to setup fail2ban, but don't know how to make it work to check logs from systemd
# tried `--logpath="systemd"` but didn't work
# if enabled, should also enable corresponding parts in remove, restore, backup and upgrade scripts
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors"
fi
# TODO: could consider using the following to further protect the admin panel with additional yunohost login
# # Only the admin can access the admin panel of the app (if the app has an admin panel)
# ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
# # Everyone can access to the api part
# # We don't want to display the tile in the sso so we put --show_tile="false"
# # And we don't want that the YunoHost Admin can remove visitors group to this permission, so we put --protected="true"
# ynh_permission_create --permission="api" --url "/api" --allowed="visitors" --show_tile="false" --protected="true"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=2
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --last