#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= ynh_clean_setup () { ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN path_url="/" # not customizable, so not using: path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME # autosynchronization variables autosynchronize=$YNH_APP_ARG_AUTOSYNCHRONIZE couch_url=$YNH_APP_ARG_COUCH_URL couch_admin_name=$YNH_APP_ARG_COUCH_ADMIN_NAME couch_admin_password=$YNH_APP_ARG_COUCH_ADMIN_PASSWORD couch_datoadmin_name=$YNH_APP_ARG_COUCH_DATOADMIN_NAME couch_datoadmin_password=$YNH_APP_ARG_COUCH_DATOADMIN_PASSWORD admin_email=$YNH_APP_ARG_ADMIN_EMAIL # make sure autosynchronize variable is a boolean if [[ "$autosynchronize" == "true" || "$autosynchronize" == "yes" || "$autosynchronize" == "1" ]] && [[ "$couch_url" != "none" ]] then autosynchronize=true else autosynchronize=false fi #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." --weight=1 # dato provides an internal webserver, setup it's installation path final_path=/opt/yunohost/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=admin_email --value=$admin_email ynh_app_setting_set --app=$app --key=autosynchronize --value=$autosynchronize ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=couch_url --value=$couch_url ynh_app_setting_set --app=$app --key=couch_admin_name --value=$couch_admin_name ynh_app_setting_set --app=$app --key=couch_admin_password --value=$couch_admin_password ynh_app_setting_set --app=$app --key=admin_email --value=$admin_email #================================================= # STANDARD MODIFICATIONS #================================================= # FIND AND OPEN A PORT #================================================= ynh_script_progression --message="Finding an available port..." --weight=1 # Find an available port port=$(ynh_find_port --port=9559) ynh_app_setting_set --app=$app --key=port --value=$port #================================================= # INSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Installing dependencies..." --weight=6 ynh_install_app_dependencies $pkg_dependencies ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=2 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # SPECIFIC SETUP #================================================= # BUILD NODE DEPENDENCIES #================================================= ynh_script_progression --message="Building node dependencies..." --weight=90 chown -R "$app":"$app" $final_path pushd "$final_path" ynh_use_nodejs sudo -u $app env $ynh_node_load_PATH npm install --loglevel warn # ynh_exec_as $app PATH="$nodejs_path:$PATH" "$nodejs_path/npm" install --loglevel warn popd #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Configuring a systemd service..." --weight=2 # Create a dedicated systemd config ynh_add_systemd_config #================================================= # GENERATE CONFIG FILES #================================================= ynh_script_progression --message="Generating dato config files..." --weight=3 dato_setup_config_files #================================================= # CUSTOMIZE SETUP FOR AUTOSYNCHRONIZATION #================================================= if [[ $autosynchronize == true ]]; then #================================================= # CUSTOMIZE COUCHDB SETTINGS #================================================= ynh_script_progression --message="Customizing couch config..." --weight=2 # make sure that couchdb has CORS enabled and that it accepts requests from dato domain ynh_add_config --template="../conf/couch.ini" --destination="/opt/couchdb/etc/local.d/$app.ini" # restart couchdb service so that it takes into consideration the changes yunohost service restart couchdb #================================================= # SETUP A COUCHDB DATO ADMIN USER #================================================= ynh_script_progression --message="Setting up admin user in couch..." --weight=2 # figure out couch url with password couch_pw_url=$(echo "$couch_url" | sed -En "s+^https?://+https://$couch_admin_name:$couch_admin_password@+p") # add admin user to couch users database addDatoAdmin_curlResult=$(curl -X PUT "$couch_pw_url/_users/org.couchdb.user:$couch_datoadmin_name" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d "{\"name\": \"$couch_datoadmin_name\", \"password\": \"$couch_datoadmin_password\", \"roles\": [\"dato-admin\"], \"type\": \"user\"}" 2> /dev/null) # display error message if there was an error creating dato admin user in couch if [[ $addDatoAdmin_curlResult != '{"ok":true'* ]]; then ynh_print_err --message="There was an error creating the dato admin user for in couch. You will probably have to do it manually (check the last section of this page for instructions: https://squeak.eauchat.org/apps/dato/?setups)." ynh_print_err --message="Here is the error message from couchdb:" ynh_print_err --message="$addDatoAdmin_curlResult" ynh_print_err --message="Please make sure that your couchdb instance is accessible from the url you provided, with a proper SSL certificate (not a self-signed one), otherwise you will not be able to login to dato!" fi # modify _users db _security document usersSecDoc=$(curl -X GET "$couch_pw_url/_users/_security") usersSecDocModified=$(echo $usersSecDoc | jq '.members.roles += ["dato", "dato-admin"]') usersSecDocChange_curlResult=$(curl -X PUT "$couch_pw_url/_users/_security" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d "$usersSecDocModified" 2> /dev/null) # display error message if there was an error modifying _users db _security document if [[ $usersSecDocChange_curlResult != '{"ok":true'* ]]; then ynh_print_err --message="There was an error enabling dato users to access their user profile in couch. You will have to do it manually (check the 'Configure couchdb so that it accepts requests from dato' section in the following page for instructions: https://squeak.eauchat.org/apps/dato/?setups)." ynh_print_err --message="Here is the error message from couchdb:" ynh_print_err --message="$usersSecDocChange_curlResult" fi fi #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Set permissions to app files (let dato write right only to what it needs to modify) chown -R root: $final_path [ -d "$final_path/dist" ] || mkdir "$final_path/dist" chown -R $app:$app $final_path/dist $final_path/global $final_path/config #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 yunohost service add $app --description="Data storage with a convenient and flexible interface" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=60 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="electrode server listening on port" --timeout=600 #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 # Make app public if necessary if [ $is_public -eq 1 ] then # Everyone can access the app. # The "main" permission is automatically created before the install script. ynh_permission_update --permission="main" --add="visitors" fi # TODO: could consider using the following to further protect the admin panel with additional yunohost login # # Only the admin can access the admin panel of the app (if the app has an admin panel) # ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin # # Everyone can access to the api part # # We don't want to display the tile in the sso so we put --show_tile="false" # # And we don't want that the YunoHost Admin can remove visitors group to this permission, so we put --protected="true" # ynh_permission_create --permission="api" --url "/api" --allowed="visitors" --show_tile="false" --protected="true" #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." --weight=2 ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed" --last