YunoHost-Apps/dex_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/dex_ynh.git synced 2024-09-03 18:26:22 +02:00
Code Issues Activity Actions

Merge pull request #41 from YunoHost-Apps/version-2

Browse source 
Version 2
This commit is contained in:
Limezy 2024-01-10 12:42:41 +07:00 committed by GitHub
commit e5f11cba85
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 196 additions and 689 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
README.md
View file

@ -25,31 +25,17 @@ This YunoHost package will install Dex and setup a canonical OpenID Connect prov
- Interfaced with YunoHost's LDAP server
**Shipped version:** 2.37.0~ynh1
**Shipped version:** 2.37.0~ynh2
## Screenshots
![Screenshot of Dex](./doc/screenshots/Dex_screenshot.png)
## Disclaimers / important information
### Known limitations:
* Only tested on x86 architectures
* Dex only allows you to setup one OpenID Connect app at a time
* However, it's a working multi-instance app, so you can install it more than once
* Dex is only an OIDC provider, and user management will depend on the app using it as an OIDC provider
### To be used carefully:
* Changing URL will work but will require some settings change in the app using Dex as an OIDC provider
* Going to the URL will only let you see a "This is where Dex is installed." message
## Documentation and resources
* Official app website: <https://dexidp.io>
* Official admin documentation: <https://dexidp.io/docs/>
* Upstream app code repository: <https://github.com/dexidp/dex>
* Upstream app code repository: <https://github.com/YunoHost-Apps/dex_ynh>
* YunoHost Store: <https://apps.yunohost.org/app/dex>
* Report a bug: <https://github.com/YunoHost-Apps/dex_ynh/issues>

29
README_fr.md
View file

@ -16,40 +16,25 @@ Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
## Vue densemble
Dex is an identity service that uses OpenID Connect to drive authentication for other apps.
This YunoHost package will install Dex and setup a canonical OpenID Connect provider for your YunoHost instance, based on the LDAP user base, that can then be used as an authentification server for other YunoHost apps.
Dex est un service d'identité qui utilise OpenID Connect pour piloter l'authentification d'autres applications.
Ce package YunoHost installera Dex et configurera un fournisseur canonique OpenID Connect pour votre instance YunoHost, basé sur la base d'utilisateurs LDAP, qui pourra ensuite être utilisé comme serveur d'authentification pour d'autres applications YunoHost.
### Features
### Caractéristiques
- Fully working OpenID Connect authentification flow
- Interfaced with YunoHost's LDAP server
- Flux d'authentification OpenID Connect entièrement fonctionnel
- Interfacé avec le serveur LDAP de YunoHost
**Version incluse :** 2.37.0~ynh1
**Version incluse :** 2.37.0~ynh2
## Captures décran
![Capture décran de Dex](./doc/screenshots/Dex_screenshot.png)
## Avertissements / informations importantes
### Known limitations:
* Only tested on x86 architectures
* Dex only allows you to setup one OpenID Connect app at a time
* However, it's a working multi-instance app, so you can install it more than once
* Dex is only an OIDC provider, and user management will depend on the app using it as an OIDC provider
### To be used carefully:
* Changing URL will work but will require some settings change in the app using Dex as an OIDC provider
* Going to the URL will only let you see a "This is where Dex is installed." message
## Documentations et ressources
* Site officiel de lapp : <https://dexidp.io>
* Documentation officielle de ladmin : <https://dexidp.io/docs/>
* Dépôt de code officiel de lapp : <https://github.com/dexidp/dex>
* Dépôt de code officiel de lapp : <https://github.com/YunoHost-Apps/dex_ynh>
* YunoHost Store: <https://apps.yunohost.org/app/dex>
* Signaler un bug : <https://github.com/YunoHost-Apps/dex_ynh/issues>

26
check_process
View file

@ -1,26 +0,0 @@
# See here for more information
# https://github.com/YunoHost/package_check#syntax-check_process-file
# Move this file from check_process.default to check_process when you have filled it.
;; Test complet
; Manifest
domain="domain.tld"
path="/path"
OIDC_name="Outline"
OIDC_secret="secret"
OIDC_callback="domain.tld/callback"
; Checks
pkg_linter=1
setup_sub_dir=1
setup_root=1
setup_nourl=0
setup_public=1
upgrade=1
backup_restore=1
multi_instance=1
port_already_use=0
change_url=1
;;; Options
Email=
Notification=none

6
conf/app.src
View file

@ -1,6 +0,0 @@
SOURCE_URL=https://github.com/dexidp/dex/archive/refs/tags/v2.37.0.tar.gz
SOURCE_SUM=5140ecccac260855f375a40bb20120e644418d8e314c63667b0ee3e4ceace99f
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_EXTRACT=true
SOURCE_IN_SUBDIR=true

10
conf/config.yaml
View file

@ -1,5 +1,5 @@
# LDAP connector + Yunohost setup + staticClient as per manifest.json
issuer: https://__DOMAIN____PATH_URL__
issuer: https://__DOMAIN____PATH__
storage:
type: sqlite3
config:
@ -47,8 +47,8 @@ connectors:
# Unfortunately the api is too complex to be used here
# As a consequence we have to setup client as staticClient, which means we will need one Dex instance per client app
staticClients:
- id: __OIDC_NAME__
- id: __NAME__
redirectURIs:
- https://__OIDC_CALLBACK__
name: __OIDC_NAME__
secret: __OIDC_SECRET__
- https://__CALLBACK__
name: __NAME__
secret: __SECRET__

5
conf/nginx.conf
View file

@ -7,10 +7,6 @@ location ~ __PATH__/$ {
location ~ __PATH__/.+ {
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
proxy_pass http://127.0.0.1:__PORT__;
proxy_redirect off;
proxy_set_header Host $host;
@ -21,5 +17,4 @@ location ~ __PATH__/.+ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

4
conf/systemd.service
View file

@ -6,8 +6,8 @@ After=network.target
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__/
ExecStart=__FINALPATH__/bin/dex serve config.yaml
WorkingDirectory=__INSTALL_DIR__/
ExecStart=__INSTALL_DIR__/bin/dex serve config.yaml
StandardOutput=append:/var/log/__APP__/__APP__.log
StandardError=inherit

1
doc/DISCLAIMER.md → doc/ADMIN.md
View file

@ -1,6 +1,5 @@
### Known limitations:
* Only tested on x86 architectures
* Dex only allows you to setup one OpenID Connect app at a time
* However, it's a working multi-instance app, so you can install it more than once
* Dex is only an OIDC provider, and user management will depend on the app using it as an OIDC provider

10
doc/ADMIN_fr.md Normal file
View file

@ -0,0 +1,10 @@
### Limitations connues :
* Dex vous permet uniquement de configurer une seule application OpenID Connect à la fois
* Cependant, il s'agit d'une application multi-instance fonctionnelle, vous pouvez donc l'installer plusieurs fois
* Dex est uniquement un fournisseur OIDC et la gestion des utilisateurs dépendra de l'application qui l'utilise en tant que fournisseur OIDC.
### À utiliser avec précaution :
* La modification de l'URL fonctionnera mais nécessitera certains changements de paramètres dans l'application en utilisant Dex comme fournisseur OIDC.
* Accéder à l'URL ne vous permettra de voir qu'un message : "This is where Dex is installed.".

7
doc/DESCRIPTION_fr.md Normal file
View file

@ -0,0 +1,7 @@
Dex est un service d'identité qui utilise OpenID Connect pour piloter l'authentification d'autres applications.
Ce package YunoHost installera Dex et configurera un fournisseur canonique OpenID Connect pour votre instance YunoHost, basé sur la base d'utilisateurs LDAP, qui pourra ensuite être utilisé comme serveur d'authentification pour d'autres applications YunoHost.
### Caractéristiques
- Flux d'authentification OpenID Connect entièrement fonctionnel
- Interfacé avec le serveur LDAP de YunoHost

59
manifest.json
View file

@ -1,59 +0,0 @@
{
"name": "Dex",
"id": "dex",
"packaging_format": 1,
"description": {
"en": "OpenID Connect Provider based on YunoHost LDAP server",
"fr": "Connecteur OpenID basé sur le serveur LDAP YunoHost"
},
"version": "2.37.0~ynh1",
"url": "https://github.com/YunoHost-Apps/dex_ynh",
"upstream": {
"license": "Apache-2.0",
"website": "https://dexidp.io",
"demo": "",
"admindoc": "https://dexidp.io/docs/",
"userdoc": "",
"code": "https://github.com/dexidp/dex"
},
"license": "Apache-2.0",
"maintainer": {
"name": "Limezy"
},
"requirements": {
"yunohost": ">= 11.0.9"
},
"multi_instance": true,
"services": [
"nginx"
],
"arguments": {
"install": [
{
"name": "domain",
"type": "domain"
},
{
"name": "path",
"type": "path",
"example": "/dex",
"default": "/dex"
},
{
"name": "OIDC_name",
"type": "string",
"ask": "Name of the app you want to connect to the OIDC auth flow"
},
{
"name": "OIDC_secret",
"type": "string",
"ask": "OIDC secret of the app you want to connect to the OIDC auth flow"
},
{
"name": "OIDC_callback",
"type": "string",
"ask": "Callback URI required by the app you want to connect to the OIDC auth flow"
}
]
}
}

74
manifest.toml Normal file
View file

@ -0,0 +1,74 @@
packaging_format = 2
id = "dex"
name = "Dex"
description.en = "OpenID Connect Provider based on YunoHost LDAP server"
description.fr = "Connecteur OpenID basé sur le serveur LDAP YunoHost"
version = "2.37.0~ynh2"
maintainers = ["Limezy"]
[upstream]
license = "Apache-2.0"
website = "https://dexidp.io"
admindoc = "https://dexidp.io/docs/"
code = "https://github.com/YunoHost-Apps/dex_ynh"
[integration]
yunohost = ">= 11.2"
architectures = ["amd64"]
multi_instance = true
ldap = true
sso = false
disk = "50M"
ram.build = "700M"
ram.runtime = "50M"
[install]
[install.domain]
type = "domain"
[install.path]
type = "path"
default = "/dex"
[install.name]
ask.en = "Name of the app you want to connect to the OIDC auth flow"
ask.fr = "Nom de l'application que vous souhaitez connecter au flux d'authentification OIDC"
type = "string"
[install.secret]
ask.en = "OIDC secret of the app you want to connect to the OIDC auth flow"
ask.fr = "Secret OIDC de l'application que vous souhaitez connecter au flux d'authentification OIDC"
type = "string"
[install.callback]
ask.en = "Callback URI required by the app you want to connect to the OIDC auth flow"
ask.fr = "URI de rappel requis par l'application que vous souhaitez connecter au flux d'authentification OIDC"
type = "string"
[resources]
[resources.sources]
[resources.sources.main]
url = "https://github.com/dexidp/dex/archive/refs/tags/v2.37.0.tar.gz"
sha256 = "5140ecccac260855f375a40bb20120e644418d8e314c63667b0ee3e4ceace99f"
autoupdate.strategy = "latest_github_tag"
[resources.system_user]
[resources.install_dir]
[resources.permissions]
main.url = "/"
main.show_tile = false
main.allowed = "visitors"
[resources.ports]
main.default = 5556

4
scripts/_common.sh
View file

@ -4,9 +4,7 @@
# COMMON VARIABLES
#=================================================
# dependencies used by the app
GO_VERSION="1.19"
GO_VERSION="1.20"
#=================================================
# PERSONAL HELPERS

36
scripts/backup
View file

@ -10,32 +10,6 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
oidc_name=$(ynh_app_setting_get --app=$app --key=oidc_name)
oidc_secret=$(ynh_app_setting_get --app=$app --key=oidc_secret)
oidc_callback=$(ynh_app_setting_get --app=$app --key=oidc_callback)
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
@ -45,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..."
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup --src_path="$final_path"
ynh_backup --src_path="$install_dir"
#=================================================
# BACKUP THE NGINX CONFIGURATION
@ -53,14 +27,6 @@ ynh_backup --src_path="$final_path"
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
#ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
#ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================

97
scripts/change_url
View file

@ -9,63 +9,6 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
old_domain=$YNH_APP_OLD_DOMAIN
old_path=$YNH_APP_OLD_PATH
new_domain=$YNH_APP_NEW_DOMAIN
new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
oidc_name=$(ynh_app_setting_get --app=$app --key=oidc_name)
oidc_secret=$(ynh_app_setting_get --app=$app --key=oidc_secret)
oidc_callback=$(ynh_app_setting_get --app=$app --key=oidc_callback)
#=================================================
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK WHICH PARTS SHOULD BE CHANGED
#=================================================
change_domain=0
if [ "$old_domain" != "$new_domain" ]
then
change_domain=1
fi
change_path=0
if [ "$old_path" != "$new_path" ]
then
change_path=1
fi
#=================================================
# STANDARD MODIFICATIONS
#=================================================
@ -80,43 +23,14 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app
#=================================================
ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
ynh_change_url_nginx_config
# Change the path in the NGINX config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original NGINX config file if modified
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
# Set global variables for NGINX helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated NGINX config
ynh_add_nginx_config
fi
# Change the domain for NGINX
if [ $change_domain -eq 1 ]
then
# Delete file checksum for the old conf file location
ynh_delete_file_checksum --file="$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
#=================================================
# SPECIFIC MODIFICATIONS
#=================================================
# MODIFY URL IN YAML CONF
#=================================================
# Make a backup of the original YAML config file if modified
ynh_backup_if_checksum_is_different --file="$final_path/config.yaml"
# Set global variables for YAML helper
domain="$new_domain"
path_url="$new_path"
# Create a dedicated YAML config
ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml"
ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml"
#=================================================
# GENERIC FINALISATION
@ -127,13 +41,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================

158
scripts/install
View file

@ -10,159 +10,64 @@ source _common.sh
source ynh_install_go
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
is_public=1
oidc_name=$YNH_APP_ARG_OIDC_NAME
oidc_secret=$YNH_APP_ARG_OIDC_SECRET
oidc_callback=$YNH_APP_ARG_OIDC_CALLBACK
app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=1
final_path=/opt/yunohost/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=oidc_name --value=$oidc_name
ynh_app_setting_set --app=$app --key=oidc_secret --value=$oidc_secret
ynh_app_setting_set --app=$app --key=oidc_callback --value=$oidc_callback
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding an available port..." --weight=1
# Find an available port
port=$(ynh_find_port --port=5556)
ynh_app_setting_set --app=$app --key=port --value=$port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
# ynh_script_progression --message="Installing dependencies..." --weight=1
# ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=1
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
ynh_setup_source --dest_dir="$install_dir"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
#=================================================
# SPECIFIC SETUP
#=================================================
# BUILDING SOURCES AND SETTING UP THE SERVER
#=================================================
ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6
ynh_exec_warn_less ynh_install_go --go_version=$GO_VERSION
pushd "$final_path"
pushd "$install_dir"
# Setup go exe and environnement
ynh_use_go
export GOPATH="$final_path/go"
export GOCACHE="$final_path/go/.cache"
export GOPATH="$install_dir/go"
export GOCACHE="$install_dir/go/.cache"
# Build server from source
make build 2>&1
ynh_secure_remove --file="$final_path/go"
ynh_secure_remove --file="$install_dir/go"
popd
ynh_remove_go
# Setup a nice Yunohost logo
cp ../sources/logo_dark.png "$final_path/web/themes/dark/logo.png"
cp ../sources/logo_light.png "$final_path/web/themes/light/logo.png"
# Setup a nice YunoHost logo
cp ../sources/logo_dark.png "$install_dir/web/themes/dark/logo.png"
cp ../sources/logo_light.png "$install_dir/web/themes/light/logo.png"
#=================================================
# ADD A CONFIGURATION
#=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml"
ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml"
chmod 400 "$final_path/config.yaml"
chown $app:$app "$final_path/config.yaml"
chmod 400 "$install_dir/config.yaml"
chown $app:$app "$install_dir/config.yaml"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Configuring a systemd service..." --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
ynh_add_systemd_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=1
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add $app --description="OpenID Connect Provider" --log="/var/log/$app/$app.log"
#=================================================
@ -173,37 +78,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# SETUP FAIL2BAN
#=================================================
#ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
# Create a dedicated Fail2Ban config
#ynh_add_fail2ban_config --logpath="/var/log/dex/dex.log" --failregex="ldap: invalid password for user"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors"
fi
ynh_permission_update --permission="main" --show_tile=false
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================

94
scripts/remove
View file

@ -9,126 +9,34 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
oidc_name=$(ynh_app_setting_get --app=$app --key=oidc_name)
oidc_secret=$(ynh_app_setting_get --app=$app --key=oidc_secret)
oidc_callback=$(ynh_app_setting_get --app=$app --key=oidc_callback)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
#=================================================
ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app service integration..." --weight=1
yunohost service remove $app
fi
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
# Remove the dedicated systemd config
ynh_remove_systemd_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..." --weight=1
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..." --weight=1
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE DATA DIR
#=================================================
# Remove the data directory if --purge option is used
if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
then
ynh_script_progression --message="Removing app data directory..." --weight=1
ynh_secure_remove --file="$datadir"
fi
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE DEPENDENCIES
#=================================================
# ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies
# ynh_remove_app_dependencies
#=================================================
# CLOSE A PORT
#=================================================
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $port..." --weight=1
ynh_exec_warn_less yunohost firewall disallow TCP $port
fi
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
#ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1
# Remove the dedicated Fail2Ban config
#ynh_remove_fail2ban_config
#=================================================
# SPECIFIC REMOVE
#=================================================
# REMOVE VARIOUS FILES
#=================================================
ynh_script_progression --message="Removing various files..." --weight=1
# Remove a directory securely
ynh_secure_remove --file="/etc/$app"
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..." --weight=1
# Delete a system user
ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT
#=================================================

100
scripts/restore
View file

@ -10,126 +10,40 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
#### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
oidc_name=$(ynh_app_setting_get --app=$app --key=oidc_name)
oidc_secret=$(ynh_app_setting_get --app=$app --key=oidc_secret)
oidc_callback=$(ynh_app_setting_get --app=$app --key=oidc_callback)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=1
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_restore_file --origin_path="$final_path"
ynh_restore_file --origin_path="$install_dir"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# RESTORE FAIL2BAN CONFIGURATION
#=================================================
#ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1
#ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
#ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
#ynh_systemd_action --action=restart --service_name=fail2ban
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
# ynh_script_progression --message="Reinstalling dependencies..." --weight=1
# Define and install dependencies
# ynh_install_app_dependencies $pkg_dependencies
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
#=================================================
# RESTORE SYSTEMD
#=================================================
ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1
mkdir -p /var/log/$app
chown -R $app:root /var/log/$app
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add $app --description="OpenID Connect Provider" --log="/var/log/$app/$app.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================

118
scripts/upgrade
View file

@ -10,41 +10,12 @@ source _common.sh
source ynh_install_go
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
oidc_name=$(ynh_app_setting_get --app=$app --key=oidc_name)
oidc_secret=$(ynh_app_setting_get --app=$app --key=oidc_secret)
oidc_callback=$(ynh_app_setting_get --app=$app --key=oidc_callback)
#=================================================
# CHECK VERSION
#=================================================
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
@ -55,12 +26,27 @@ ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
#=================================================
# CREATE DEDICATED USER
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
if [ -z "${name:-}" ]; then
name=$oidc_name
ynh_app_setting_set --app=$app --key=name --value=$name
ynh_app_setting_delete --app=$app --key=oidc_name
fi
if [ -z "${secret:-}" ]; then
secret=$oidc_secret
ynh_app_setting_set --app=$app --key=secret --value=$secret
ynh_app_setting_delete --app=$app --key=oidc_secret
fi
if [ -z "${callback:-}" ]; then
callback=$oidc_callback
ynh_app_setting_set --app=$app --key=callback --value=$callback
ynh_app_setting_delete --app=$app --key=oidc_callback
fi
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
@ -71,80 +57,61 @@ then
ynh_script_progression --message="Upgrading source files..." --weight=1
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
ynh_setup_source --dest_dir="$install_dir" --keep="config.yaml"
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
#=================================================
# SPECIFIC UPGRADE
#=================================================
# BUILDING SOURCES AND SETTING UP THE SERVER
#=================================================
ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6
ynh_exec_warn_less ynh_install_go --go_version=$GO_VERSION
pushd "$final_path"
pushd "$install_dir"
# Setup go exe and environnement
ynh_use_go
export GOPATH="$final_path/go"
export GOCACHE="$final_path/go/.cache"
export GOPATH="$install_dir/go"
export GOCACHE="$install_dir/go/.cache"
# Build server from source
make build 2>&1
ynh_secure_remove --file="$final_path/go"
ynh_secure_remove --file="$install_dir/go"
popd
ynh_remove_go
# Setup a nice Yunohost logo
cp ../sources/logo_dark.png "$final_path/web/themes/dark/logo.png"
cp ../sources/logo_light.png "$final_path/web/themes/light/logo.png"
cp ../sources/logo_dark.png "$install_dir/web/themes/dark/logo.png"
cp ../sources/logo_light.png "$install_dir/web/themes/light/logo.png"
#=================================================
# UPDATE A CONFIG FILE
#=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1
ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml"
ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml"
chmod 400 "$final_path/config.yaml"
chown $app:$app "$final_path/config.yaml"
chmod 400 "$install_dir/config.yaml"
chown $app:$app "$install_dir/config.yaml"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add $app --description="OpenID Connect Provider" --log="/var/log/$app/$app.log"
#=================================================
@ -154,21 +121,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# UPGRADE FAIL2BAN
#=================================================
#ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=1
# Create a dedicated Fail2Ban config
#ynh_add_fail2ban_config --logpath="/var/log/dex/dex.log" --failregex="ldap: invalid password for user"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================

6
scripts/ynh_install_go
View file

@ -30,14 +30,14 @@ export GOENV_ROOT="$goenv_install_dir"
# However, $PATH is duplicated into $go_path to outlast any manipulation of $PATH
# You can use the variable `$ynh_go_load_path` to quickly load your Go version
# in $PATH for an usage into a separate script.
# Exemple: $ynh_go_load_path $final_path/script_that_use_gem.sh`
# Exemple: $ynh_go_load_path $install_dir/script_that_use_gem.sh`
#
#
# Finally, to start a Go service with the correct version, 2 solutions
# Either the app is dependent of Go or gem, but does not called it directly.
# In such situation, you need to load PATH
# `Environment="__YNH_GO_LOAD_PATH__"`
# `ExecStart=__FINALPATH__/my_app`
# `ExecStart=__INSTALL_DIR__/my_app`
# You will replace __YNH_GO_LOAD_PATH__ with $ynh_go_load_path
#
# Or Go start the app directly, then you don't need to load the PATH variable
@ -72,7 +72,7 @@ ynh_use_go () {
ynh_go_load_path="PATH=$PATH"
# Sets the local application-specific Go version
pushd $final_path
pushd $install_dir
$goenv_install_dir/bin/goenv local $go_version
popd
}

23
tests.toml Normal file
View file

@ -0,0 +1,23 @@
test_format = 1.0
[default]
# ------------
# Tests to run
# ------------
exclude = ["install.private"] # The test IDs to be used in only/exclude statements are: install.root, install.subdir, install.nourl, install.multi, backup_restore, upgrade, upgrade.someCommitId change_url
# -------------------------------
# Default args to use for install
# -------------------------------
args.name = "Outline"
args.secret = "secret"
args.callback = "domain.tld/callback"
# -------------------------------
# Commits to test upgrade from
# -------------------------------
test_upgrade_from.1381d7d0fbbfb9609e047f8476f113d17e95e233.name = "Upgrade from 2.37.0"