#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= ynh_clean_setup () { ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC admin=$YNH_APP_ARG_ADMIN app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then : else # Check memory requirements check_memory_requirements fi #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin #================================================= # STANDARD MODIFICATIONS #================================================= # INSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Installing dependencies..." ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $build_pkg_dependencies ynh_exec_warn_less ynh_install_ruby --ruby_version=$ruby_version #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." # Create a system user ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell #================================================= # CREATE A POSTGRESQL DATABASE #================================================= ynh_script_progression --message="Creating a PostgreSQL database..." db_name=$(ynh_sanitize_dbid --db_name=$app) db_user=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_psql_test_if_first_run ynh_psql_setup_db --db_user=$db_user --db_name=$db_name # Set extensions ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS hstore;" --database=$db_name ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pg_trgm;" --database=$db_name db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." # Specific actions on ARM architecture if [ -n "$(uname -m | grep arm)" ] ; then # Unapply commit cf9b4a789b855b5199e98a13424e409854a8e848 that breaks ARM # compatibility by pointing to a recent libv8 version # This is due to this libv8 issue (https://github.com/cowboyd/libv8/issues/261) # that prevents it from being compiled on ARM hence no binary gem is available yet cp ../sources/patches_arm/* ../sources/patches fi ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" # Install LDAP plugin mkdir -p "$final_path/plugins/discourse-ldap-auth" ynh_setup_source --dest_dir="$final_path/plugins/discourse-ldap-auth" --source_id=ldap-auth chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated NGINX config ynh_add_nginx_config # Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191 if [ "$path_url" != "/" ] ; then ynh_replace_string --match_string='$proxy_add_x_forwarded_for' --replace_string='$http_your_original_ip_header' --target_file="/etc/nginx/conf.d/$domain.d/$app.conf" fi ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # SPECIFIC SETUP #================================================= # ADD A CONFIGURATION #================================================= ynh_script_progression --message="Adding a configuration file..." admin_mail=$(ynh_user_get_info --username=$admin --key=mail) redis_db=$(ynh_redis_get_free_db) ynh_app_setting_set --app="$app" --key=redis_db --value="$redis_db" relative_url_root=${path_url%/} ynh_add_config --template="../conf/discourse_defaults.conf" --destination="$final_path/config/discourse.conf" ynh_add_config --template="../conf/settings.yml" --destination="$final_path/plugins/discourse-ldap-auth/config/settings.yml" # Disable svgo worker echo "svgo: false" > $final_path/.image_optim.yml #================================================= # SETUP UNICORN, A RUBY SERVER #================================================= ynh_script_progression --message="Setting up Unicorn..." # Set a secret value secret="$(ynh_string_random)" ynh_add_config --template="../conf/secrets.yml" --destination="$final_path/config/secrets.yml" pushd "$final_path" ynh_use_ruby # Install bundler, a gems installer ynh_gem install bundler # Install without documentation ynh_exec_as $app echo "gem: --no-ri --no-rdoc" >> "$final_path/.gemrc" popd # Specific actions on ARM architecture if [ -n "$(uname -m | grep arm)" ] ; then # Define the platform specifically to retrieve binaries # for libv8 because it currently doesn't compile on ARM devices exec_login_as $app bin/bundle config specific_platform arm-linux fi # Install dependencies exec_login_as $app bin/bundle config set path 'vendor/bundle' exec_login_as $app bin/bundle config set with 'development' exec_login_as $app MAKEFLAGS=-j2 bin/bundle install --jobs 2 # On ARM architecture, replace bundled libpsl by system native libpsl # because the provided binary isn't compatible if [ -n "$(uname -m | grep arm)" ] ; then (cd $final_path/vendor/bundle/ruby/*/gems/mini_suffix-*/vendor rm libpsl.so ln -s $(ldconfig -p | grep libpsl | awk 'END {print $NF}') libpsl.so) fi #================================================= # PREPARE THE DATABASE #================================================= ynh_script_progression --message="Preparing the database..." ynh_exec_warn_less exec_login_as $app RAILS_ENV=production bin/rake db:migrate ynh_exec_warn_less exec_login_as $app RAILS_ENV=production bin/rake assets:precompile ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies ynh_package_autoremove #================================================= # POPULATE THE DATABASE #================================================= ynh_script_progression --message="Populating the database..." #Set default data (especially to have correct image URLs for subfolder install) ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name <<< "INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('title', 1, 'YunoHost Forum', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('site_description', 1, 'YunoHost Forum', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('contact_email', 14, '$admin_mail', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('contact_url', 1, '$domain$path_url', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('site_contact_username', 15, '$admin', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('logo_url', 1, '${path_url%/}/images/d-logo-sketch.png', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('long_polling_base_url', 1, '${path_url%/}/', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('logo_small_url', 1, '${path_url%/}/images/d-logo-sketch-small.png', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('favicon_url', 1, '${path_url%/}/images/default-favicon.ico', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('apple_touch_icon_url', 1, '${path_url%/}/images/default-apple-touch-icon.png', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('wizard_enabled', 5, 'f', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('force_https', 5, 't', 'NOW()', 'NOW()'); " #================================================= # CREATE DISCOURSE ADMIN USER #================================================= ynh_script_progression --message="Creating Discourse admin user..." # Create a random password admin_pwd=$(ynh_string_random) exec_login_as $app RAILS_ENV=production bin/rake admin:create <<< "$admin_mail $admin_pwd $admin_pwd y " #================================================= # CONFIGURE PLUGINS #================================================= ynh_script_progression --message="Configuring plugins..." # Patch ldap-auth plugin dependency (omniauth-ldap) to fix it when using domain subfolder # (Can only do that now because we are patching dependencies which have just been downloaded) # Patch applied: https://github.com/omniauth/omniauth-ldap/pull/16 (cd $final_path/plugins/discourse-ldap-auth/gems/${ruby_version}/gems/omniauth-ldap*/ patch -p1 < $YNH_CWD/../conf/ldap-auth-fix-subfolder.patch) #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Configuring a systemd service..." # We assume for the moment that ARM devices are only dual core, so # we restrict the number of workers to 2 (the default is 3) if [ -n "$(uname -m | grep arm)" ] ; then additional_env="UNICORN_WORKERS=2" unicorn_workers=2 else additional_env="" unicorn_workers=3 fi ynh_app_setting_set --app=$app --key=unicorn_workers --value=$unicorn_workers libjemalloc="$(ldconfig -p | grep libjemalloc | awk 'END {print $NF}')" ynh_add_systemd_config #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= ynh_script_progression --message="Securing files and directories..." # Add a pids and socket directory for the systemd script. mkdir -p "$final_path/tmp/pids" mkdir "$final_path/tmp/sockets" # Create specific folders and links for subfolder compatibility # (see: https://meta.discourse.org/t/subfolder-support-with-docker/30507) ( cd $final_path mkdir -p "public/forum" cd public/forum && ln -s ../uploads && ln -s ../backups ) chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." # Use logrotate to manage application logfile(s) ynh_use_logrotate --logfile="$final_path/log/unicorn.stderr.log" ynh_use_logrotate --logfile="$final_path/log/unicorn.stdout.log" ynh_use_logrotate --logfile="$final_path/log/production.log" #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add $app --log "$final_path/log/unicorn.stderr.log" "$final_path/log/unicorn.stdout.log" "$final_path/log/production.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready" #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring permissions..." # Make app public if necessary if [ $is_public -eq 1 ] then # Everyone can access the app. # The "main" permission is automatically created before the install script. ynh_permission_update --permission="main" --add="visitors" fi #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed"