#!/bin/bash # # Common variables # pkg_dependencies="ruby-zip libssl-dev libyaml-dev libcurl4-openssl-dev ruby gem libapr1-dev libxslt1-dev checkinstall libxml2-dev ruby-dev vim libmagickwand-dev imagemagick postgresql postgresql-server-dev-all" # Execute a command as another user # usage: exec_as USER COMMAND [ARG ...] exec_as() { local user=$1 shift 1 if [[ $user = $(whoami) ]]; then eval "$@" else sudo -u "$user" "$@" fi } #================================================= # POSTGRES HELPERS #================================================= ynh_psql_test_if_first_run() { if [ -f /etc/yunohost/psql ]; then echo "PostgreSQL is already installed, no need to create master password" else pgsql=$(ynh_string_random) pg_hba="" echo "$pgsql" >> /etc/yunohost/psql if [ -e /etc/postgresql/9.4/ ] then pg_hba=/etc/postgresql/9.4/main/pg_hba.conf elif [ -e /etc/postgresql/9.6/ ] then pg_hba=/etc/postgresql/9.6/main/pg_hba.conf else ynh_die "postgresql shoud be 9.4 or 9.6" fi systemctl start postgresql su --command="psql -c\"ALTER user postgres WITH PASSWORD '${pgsql}'\"" postgres # we can't use peer since YunoHost create users with nologin sed -i '/local\s*all\s*all\s*peer/i \ local all all password' "$pg_hba" systemctl enable postgresql systemctl reload postgresql fi } # Open a connection as a user # # example: ynh_psql_connect_as 'user' 'pass' <<< "UPDATE ...;" # example: ynh_psql_connect_as 'user' 'pass' < /path/to/file.sql # # usage: ynh_psql_connect_as user pwd [db] # | arg: user - the user name to connect as # | arg: pwd - the user password # | arg: db - the database to connect to ynh_psql_connect_as() { user="$1" pwd="$2" db="$3" su --command="PGUSER=\"${user}\" PGPASSWORD=\"${pwd}\" psql \"${db}\"" postgres } # # Execute a command as root user # # usage: ynh_psql_execute_as_root sql [db] # | arg: sql - the SQL command to execute # | arg: db - the database to connect to ynh_psql_execute_as_root () { sql="$1" su --command="psql" postgres <<< "$sql" } # Execute a command from a file as root user # # usage: ynh_psql_execute_file_as_root file [db] # | arg: file - the file containing SQL commands # | arg: db - the database to connect to ynh_psql_execute_file_as_root() { file="$1" db="$2" su -c "psql $db" postgres < "$file" } # Create a database, an user and its password. Then store the password in the app's config # # After executing this helper, the password of the created database will be available in $db_pwd # It will also be stored as "psqlpwd" into the app settings. # # usage: ynh_psql_setup_db user name [pwd] # | arg: user - Owner of the database # | arg: name - Name of the database # | arg: pwd - Password of the database. If not given, a password will be generated ynh_psql_setup_db () { db_user="$1" app="$1" db_name="$2" new_db_pwd=$(ynh_string_random) # Generate a random password # If $3 is not given, use new_db_pwd instead for db_pwd. db_pwd="${3:-$new_db_pwd}" ynh_psql_create_db "$db_name" "$db_user" "$db_pwd" # Create the database ynh_app_setting_set "$app" psqlpwd "$db_pwd" # Store the password in the app's config } # Create a database and grant optionnaly privilegies to a user # # usage: ynh_psql_create_db db [user [pwd]] # | arg: db - the database name to create # | arg: user - the user to grant privilegies # | arg: pwd - the user password ynh_psql_create_db() { db="$1" user="$2" pwd="$3" ynh_psql_create_user "$user" "$pwd" su --command="createdb --owner=\"${user}\" \"${db}\"" postgres } # Drop a database # # usage: ynh_psql_drop_db db # | arg: db - the database name to drop # | arg: user - the user to drop ynh_psql_remove_db() { db="$1" user="$2" # Force disconnections from the database (https://dba.stackexchange.com/a/11895) ynh_psql_execute_as_root "UPDATE pg_database SET datallowconn = 'false' WHERE datname = '${db}';" ynh_psql_execute_as_root "SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE datname = '${db}';" su --command="dropdb \"${db}\"" postgres ynh_psql_drop_user "${user}" } # Dump a database # # example: ynh_psql_dump_db 'roundcube' > ./dump.sql # # usage: ynh_psql_dump_db db # | arg: db - the database name to dump # | ret: the psqldump output ynh_psql_dump_db() { db="$1" su --command="pg_dump \"${db}\"" postgres } # Create a user # # usage: ynh_psql_create_user user pwd [host] # | arg: user - the user name to create ynh_psql_create_user() { user="$1" pwd="$2" su --command="psql -c\"CREATE USER ${user} WITH PASSWORD '${pwd}'\"" postgres } # Drop a user # # usage: ynh_psql_drop_user user # | arg: user - the user name to drop ynh_psql_drop_user() { user="$1" su --command="dropuser \"${user}\"" postgres } # ============= FUTURE YUNOHOST HELPERS ============= # Create a dedicated fail2ban config (jail and filter conf files) # # usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]] # | arg: log_file - Log file to be checked by fail2ban # | arg: failregex - Failregex to be looked for by fail2ban # | arg: max_retry - Maximum number of retries allowed before banning IP address - default: 3 # | arg: ports - Ports blocked for a banned IP address - default: http,https ynh_add_fail2ban_config () { # Process parameters logpath=$1 failregex=$2 max_retry=${3:-3} ports=${4:-http,https} test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing." test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing." finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf" finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf" ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1 ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1 cat > $finalfail2banjailconf < $finalfail2banfilterconf <&2 echo "WARNING${fail2ban_error#*WARNING}" >&2 fi } # Remove the dedicated fail2ban config (jail and filter conf files) # # usage: ynh_remove_fail2ban_config ynh_remove_fail2ban_config () { ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf" ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf" systemctl restart fail2ban } # Delete a file checksum from the app settings # # $app should be defined when calling this helper # # usage: ynh_remove_file_checksum file # | arg: file - The file for which the checksum will be deleted ynh_delete_file_checksum () { local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' ynh_app_setting_delete $app $checksum_setting_name } ynh_clean_check_starting_systemd () { # Stop the execution of tail. kill -s 15 $pid_tail 2>&1 ynh_secure_remove "$templog" 2>&1 } # Start or restart a service and follow its booting # # usage: ynh_check_starting_systemd "Line to match" [Service name] [Timeout] # # | arg: Line to match - The line to find in the log to attest the service have finished to boot. # | arg: Service name # | arg: Timeout - The maximum time to wait before ending the watching. Defaut 300 seconds. ynh_check_starting_systemd () { local line_to_match="$1" local service_name="${2:-$app}" local timeout=${3:-300} echo "Starting of $service_name" >&2 systemctl stop $service_name local templog="$(mktemp)" # Follow the starting of the app in its log journalctl -u $service_name -f > "$templog" & # Get the PID of the tail command local pid_tail=$! systemctl start $service_name local i=0 for i in `seq 1 $timeout` do # Read the log until the sentence is found, that means the app finished starting. Or run until the timeout if grep --quiet "$line_to_match" "$templog" then echo "The service $service_name has correctly started." >&2 break fi echo -n "." >&2 sleep 1 done if [ $i -eq $timeout ] then echo "The service $service_name didn't fully started before the timeout." >&2 fi echo "" ynh_clean_check_starting_systemd }