#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= ynh_clean_setup () { # to handle ynh_systemd_action problems ynh_clean_check_starting ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= app=$YNH_APP_INSTANCE_NAME domain=$YNH_APP_ARG_DOMAIN path_url="/" # not customizable, so not using: path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC # autosynchronization variables autosynchronize=$YNH_APP_ARG_AUTOSYNCHRONIZE couch_url=$YNH_APP_ARG_COUCH_URL couch_admin_name=$YNH_APP_ARG_COUCH_ADMIN_NAME couch_admin_password=$YNH_APP_ARG_COUCH_ADMIN_PASSWORD couch_datoadmin_name=$YNH_APP_ARG_COUCH_DATOADMIN_NAME couch_datoadmin_password=$YNH_APP_ARG_COUCH_DATOADMIN_PASSWORD admin_email=$YNH_APP_ARG_ADMIN_EMAIL # make sure autosynchronize variable is a boolean if [[ "$autosynchronize" == "true" || "$autosynchronize" == "yes" || "$autosynchronize" == "1" ]] && [[ "$couch_url" != "none" ]] then autosynchronize=true else autosynchronize=false fi #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." --weight=1 # dato provides an internal webserver, setup it's installation path final_path=/opt/yunohost/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=admin_email --value=$admin_email ynh_app_setting_set --app=$app --key=autosynchronize --value=$autosynchronize ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=couch_url --value=$couch_url ynh_app_setting_set --app=$app --key=couch_admin_name --value=$couch_admin_name ynh_app_setting_set --app=$app --key=couch_admin_password --value=$couch_admin_password ynh_app_setting_set --app=$app --key=admin_email --value=$admin_email #================================================= # STANDARD MODIFICATIONS #================================================= # FIND AND OPEN A PORT #================================================= ynh_script_progression --message="Finding an available port..." --weight=1 # Find an available port port=$(ynh_find_port --port=9559) ynh_app_setting_set --app=$app --key=port --value=$port #================================================= # INSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Installing dependencies..." --weight=6 ynh_install_app_dependencies $pkg_dependencies #================================================= # INSTALL NODEJS #================================================= ynh_script_progression --message="Installing NodeJS..." --weight=15 ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=2 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from conf/app.src ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # SPECIFIC SETUP #================================================= # BUILD NODE DEPENDENCIES #================================================= ynh_script_progression --message="Building node dependencies..." --weight=90 chown -R "$app":"$app" $final_path pushd "$final_path" ynh_use_nodejs sudo -u $app env $ynh_node_load_PATH npm install --loglevel warn # ynh_exec_as $app PATH="$nodejs_path:$PATH" "$nodejs_path/npm" install --loglevel warn popd #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Configuring a systemd service..." --weight=2 # Create a dedicated systemd config ynh_add_systemd_config --others_var="ynh_node_load_PATH" #================================================= # GENERATE CONFIG FILES #================================================= ynh_script_progression --message="Generating dato config files..." --weight=3 dato_setup_config_files #================================================= # STORE THE CONFIG FILES CHECKSUM #================================================= ynh_script_progression --message="Storing config files checksums..." --weight=2 # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="$final_path/config/public.js" ynh_store_file_checksum --file="$final_path/config/private.js" #================================================= # CUSTOMIZE SETUP FOR AUTOSYNCHRONIZATION #================================================= if [[ $autosynchronize == true ]]; then #================================================= # CUSTOMIZE COUCHDB SETTINGS #================================================= ynh_script_progression --message="Customizing couch config..." --weight=2 # make sure that couchdb has CORS enabled and that it accepts requests from dato domain ynh_add_config --template="../conf/couch.ini" --destination="/opt/couchdb/etc/local.d/$app.ini" ynh_store_file_checksum --file="/opt/couchdb/etc/local.d/$app.ini" #================================================= # SETUP A COUCHDB DATO ADMIN USER #================================================= ynh_script_progression --message="Setting up admin user in couch..." --weight=2 # figure out couch url with password couch_pw_url=$(echo "$couch_url" | sed -En "s+^https?://+https://$couch_admin_name:$couch_admin_password@+p") # add admin user to couch users database curlResult=$(curl -X PUT "$couch_pw_url/_users/org.couchdb.user:$couch_datoadmin_name" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d "{\"name\": \"$couch_datoadmin_name\", \"password\": \"$couch_datoadmin_password\", \"roles\": [\"dato-admin\"], \"type\": \"user\"}" 2> /dev/null) # display error message if there was an error creating dato admin user in couch if [[ $curlResult != '{"ok":true,'* ]]; then ynh_print_err --message="There was an error creating the dato admin user for in couch. You will probably have to do it manually (check the last section of this page for instructions: https://squeak.eauchat.org/apps/dato/?setups)." ynh_print_err --message="Here is the error message from couchdb:" ynh_print_err --message="$curlResult" ynh_print_err --message="Please make sure that your couchdb instance is accessible from the url you provided, with a proper SSL certificate (not a self-signed one), otherwise you will not be able to login to dato!" ynh_print_err --message="$curlResult" fi fi #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= ### For security reason, any app should set the permissions to root: before anything else. ### Then, if write authorization is needed, any access should be given only to directories ### that really need such authorization. # Set permissions to app files chown -R "$app":"$app" $final_path #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 yunohost service add $app --description="Data storage with a convenient and flexible interface" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting dato app service and building pages..." --weight=60 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="electrode server listening on port" #================================================= # SETUP FAIL2BAN #================================================= # ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 # # if [[ $autosynchronize == true ]]; then # # Create a dedicated Fail2Ban config # ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" # fi # # TODO: would be nice to setup fail2ban, but don't know how to make it work to check logs from systemd # tried `--logpath="systemd"` but didn't work # if enabled, should also enable corresponding parts in remove, restore, backup and upgrade scripts #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 # Make app public if necessary if [ $is_public -eq 1 ] then # Everyone can access the app. # The "main" permission is automatically created before the install script. ynh_permission_update --permission="main" --add="visitors" fi # TODO: could consider using the following to further protect the admin panel with additional yunohost login # # Only the admin can access the admin panel of the app (if the app has an admin panel) # ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin # # Everyone can access to the api part # # We don't want to display the tile in the sso so we put --show_tile="false" # # And we don't want that the YunoHost Admin can remove visitors group to this permission, so we put --protected="true" # ynh_permission_create --permission="api" --url "/api" --allowed="visitors" --show_tile="false" --protected="true" #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." --weight=2 ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed" --last