#!/bin/bash shopt -s extglob # sets extended pattern matching options in the bash shell #================================================= # GENERIC STARTING #================================================= # IMPORT GENERIC HELPERS #================================================= source /usr/share/yunohost/helpers source _common.sh #================================================= # MANAGE SCRIPT FAILURE #================================================= ynh_clean_setup () { # Clean remainings not handled by remove script ynh_clean_check_starting } ynh_abort_if_errors # Stop script if an error is detected #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= # Retrieve app id app=$YNH_APP_INSTANCE_NAME # Retrieve arguments domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= path_url=$(ynh_normalize_url_path $path_url) # Check and normalize path final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" # Check web path availability ynh_webpath_available $domain $path_url # Register (book) web path ynh_webpath_register $app $domain $path_url # Check memory requirements check_memory_requirements #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_app_setting_set $app admin "$admin" ynh_app_setting_set $app is_public "$is_public" ynh_app_setting_set $app final_path $final_path #================================================= # STANDARD MODIFICATIONS #================================================= # INSTALL DEPENDENCIES #================================================= ynh_install_app_dependencies "$pkg_dependencies" #================================================= # CREATE DEDICATED USER #================================================= # Create a system user allowing login ynh_system_user_create $app $final_path 1 #================================================= # CREATE A POSTGRES DATABASE #================================================= db_name=$(ynh_sanitize_dbid $app) db_pwd=$(ynh_string_random) ynh_app_setting_set $app db_name $db_name ynh_app_setting_set $app db_pwd $db_pwd ynh_psql_test_if_first_run ynh_psql_create_db $db_name $db_name $db_pwd # Set extensions ynh_psql_execute_as_root "\connect $db_name CREATE EXTENSION IF NOT EXISTS hstore; CREATE EXTENSION IF NOT EXISTS pg_trgm;" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source "$final_path" # Install LDAP plugin mkdir -p "$final_path/plugins/discourse-ldap-auth" ynh_setup_source "$final_path/plugins/discourse-ldap-auth" ldap-auth #================================================= # INSTALL RUBY #================================================= ynh_install_ruby $RUBY_VERSION #================================================= # NGINX CONFIGURATION #================================================= # Create a dedicated nginx config ynh_add_nginx_config # Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191 if [ "$path_url" != "/" ] ; then ynh_replace_string '$proxy_add_x_forwarded_for' '$http_your_original_ip_header' "/etc/nginx/conf.d/$domain.d/$app.conf" fi ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # SPECIFIC SETUP #================================================= #================================================= # CONFIGURE DISCOURSE #================================================= # Configure database discourse_config_file="$final_path/config/discourse.conf" cp $final_path/config/discourse_defaults.conf $discourse_config_file ynh_replace_string "db_name = discourse" "db_name = $db_name" "$discourse_config_file" ynh_replace_string "db_username = discourse" "db_username = $db_name" "$discourse_config_file" ynh_replace_string "db_password =" "db_password = $db_pwd" "$discourse_config_file" # Configure hostname ynh_replace_string "hostname = \"www.example.com\"" "hostname = \"$domain\"" "$discourse_config_file" ynh_replace_string "relative_url_root =" "relative_url_root = ${path_url%/}" "$discourse_config_file" # Serve static assets (i.e. images, js, etc.) ynh_replace_string "serve_static_assets = false" "serve_static_assets = true" "$discourse_config_file" # Don't show miniprofiler ynh_replace_string "load_mini_profiler = true" "load_mini_profiler = false" "$discourse_config_file" # Configure e-mail server admin_mail=$(ynh_user_get_info "$admin" mail) ynh_replace_string "developer_emails =" "developer_emails = $admin_mail" "$discourse_config_file" ynh_replace_string "smtp_address =" "smtp_address = localhost" "$discourse_config_file" ynh_replace_string "smtp_domain =" "smtp_domain = $domain" "$discourse_config_file" ynh_replace_string "smtp_enable_start_tls = true" "smtp_enable_start_tls = false" "$discourse_config_file" # Configure redis redis_db=$(ynh_redis_get_free_db) ynh_app_setting_set "$app" redis_db "$redis_db" ynh_replace_string "redis_db = 0" "redis_db = $redis_db" "$discourse_config_file" # Don't notify on new versions (handled by the YunoHost package) ynh_replace_string "new_version_emails = true" "new_version_emails = false" "$discourse_config_file" # Calculate and store the config file checksum ynh_store_file_checksum "$discourse_config_file" # Configure LDAP plugin ldap_config_file="$final_path/plugins/discourse-ldap-auth/config/settings.yml" ynh_replace_string "adfs.example.com" "localhost" "$ldap_config_file" ynh_replace_string "dc=example,dc=com" "ou=users,dc=yunohost,dc=org" "$ldap_config_file" ynh_replace_string "sAMAccountName" "uid" "$ldap_config_file" ynh_store_file_checksum "$ldap_config_file" # Disable svgo worker echo "svgo: false" > $final_path/.image_optim.yml #================================================= # SETUP UNICORN, A RUBY SERVER #================================================= unicorn_config_file="$final_path/config/unicorn.conf.rb" # Use socket connection ynh_replace_string 'listen (ENV\["UNICORN_PORT"\] || 3000).to_i' '# listen (ENV["UNICORN_PORT"] || 3000).to_i' "$unicorn_config_file" ynh_replace_string '# listen "#{discourse_path}/tmp/sockets/unicorn.sock"' 'listen "#{discourse_path}/tmp/sockets/unicorn.sock"' "$unicorn_config_file" # Calculate and store the config file checksum ynh_store_file_checksum "$unicorn_config_file" # Set a secret value cp ../conf/secrets.yml "$final_path/config/secrets.yml" ynh_replace_string "__SECRET__" "$(ynh_string_random)" "$final_path/config/secrets.yml" # Calculate and store the config file checksum ynh_store_file_checksum "$final_path/config/secrets.yml" # Set permissions to app files chown -R $app: $final_path (cd "$final_path" # Install bundler, a gems installer gem install bundler # Install without documentation exec_as $app echo "gem: --no-ri --no-rdoc" >> "$final_path/.gemrc") # Specific actions on ARM architecture if [ -n "$(uname -m | grep arm)" ] ; then # Define the platform specifically to retrieve binaries # for libv8 because it currently doesn't compile on ARM devices exec_login_as $app bundle config specific_platform arm-linux # Unapply commit cf9b4a789b855b5199e98a13424e409854a8e848 that breaks ARM # compatibility by pointing to a recent libv8 version # This is due to this libv8 issue (https://github.com/cowboyd/libv8/issues/261) # that prevents it from being compiled on ARM hence no binary gem is available yet (cd $final_path wget https://github.com/discourse/discourse/commit/cf9b4a789b855b5199e98a13424e409854a8e848.diff -O libv8-patch.diff patch -R -p1 < libv8-patch.diff rm libv8-patch.diff) fi # Install dependencies exec_login_as $app MAKEFLAGS=-j2 bundle install --jobs 2 --path vendor/bundle --with development # On ARM architecture, replace bundled libpsl by system native libpsl # because the provided binary isn't compatible if [ -n "$(uname -m | grep arm)" ] ; then (cd $final_path/vendor/bundle/ruby/*/gems/mini_suffix-*/vendor rm libpsl.so ln -s $(ldconfig -p | grep libpsl | awk 'END {print $NF}') libpsl.so) fi #================================================= # PREPARE THE DATABASE #================================================= rake_exec="exec_login_as $app RAILS_ENV=production bin/rake" $rake_exec db:migrate $rake_exec assets:precompile #================================================= # POPULATE THE DATABASE #================================================= #Set default data (especially to have correct image URLs for subfolder install) ynh_psql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('title', 1, 'YunoHost Forum', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('site_description', 1, 'YunoHost Forum', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('contact_email', 14, '$admin_mail', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('contact_url', 1, '$domain$path_url', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('site_contact_username', 15, '$admin', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('logo_url', 1, '${path_url%/}/images/d-logo-sketch.png', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('long_polling_base_url', 1, '${path_url%/}/', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('logo_small_url', 1, '${path_url%/}/images/d-logo-sketch-small.png', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('favicon_url', 1, '${path_url%/}/images/default-favicon.ico', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('apple_touch_icon_url', 1, '${path_url%/}/images/default-apple-touch-icon.png', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('wizard_enabled', 5, 'f', 'NOW()', 'NOW()'); INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('force_https', 5, 't', 'NOW()', 'NOW()'); " #================================================= # FIX INITIAL POSTS LINKS FOR SUBFOLDER INSTALL #================================================= if [ "$path_url" != "/" ] ; then exec_login_as $app RAILS_ENV=production bundle exec script/discourse remap /images/welcome/ $path_url/images/welcome/ <<< "YES " fi #================================================= # CREATE ADMIN USER #================================================= # Create a random password admin_pwd=$(ynh_string_random) $rake_exec admin:create <<< "$admin_mail $admin_pwd $admin_pwd y " #================================================= # CONFIGURE PLUGINS #================================================= # Patch ldap-auth plugin dependency (omniauth-ldap) to fix it when using domain subfolder # (Can only do that now because we are patching dependencies which have just been downloaded) # Patch applied: https://github.com/omniauth/omniauth-ldap/pull/16 (cd $final_path/plugins/discourse-ldap-auth/gems/*/gems/omniauth-ldap*/ patch -p1 < $YNH_CWD/../conf/ldap-auth-fix-subfolder.patch) #================================================= # SETUP SYSTEMD #================================================= ynh_replace_string "__RBENVROOT__" "$RBENV_ROOT" "../conf/systemd.service" # We assume for the moment that ARM devices are only dual core, so # we restrict the number of workers to 2 (the default is 3) if [ -n "$(uname -m | grep arm)" ] ; then additional_env="UNICORN_WORKERS=2" unicorn_workers=2 else additional_env="" unicorn_workers=3 fi ynh_replace_string "__ADDITIONAL_ENV__" "$additional_env" "../conf/systemd.service" ynh_replace_string "__LIBJEMALLOC__" "$(ldconfig -p | grep libjemalloc | awk 'END {print $NF}')" "../conf/systemd.service" ynh_add_systemd_config #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Add a pids and socket directory for the systemd script. mkdir -p "$final_path/tmp/pids" mkdir "$final_path/tmp/sockets" # Set permissions to app files chown -R $app: $final_path # Restrict rights to log directory (needed by logrotate) chmod g-w $final_path/log #================================================= # SETUP LOGROTATE #================================================= # Use logrotate to manage application logfile(s) ynh_use_logrotate "$final_path/log/unicorn.stderr.log" ynh_use_logrotate "$final_path/log/unicorn.stdout.log" ynh_use_logrotate "$final_path/log/production.log" #================================================= # ADVERTISE SERVICE IN ADMIN PANEL #================================================= yunohost service add $app --log "$final_path/log/unicorn.stderr.log" "$final_path/log/unicorn.stdout.log" "$final_path/log/production.log" #================================================= # SETUP SSOWAT #================================================= # If app is public, add url to SSOWat conf as skipped_uris if [ $is_public -eq 1 ]; then # unprotected_uris allows SSO credentials to be passed anyway. ynh_app_setting_set "$app" skipped_uris "/" fi #================================================= # RELOAD NGINX #================================================= systemctl reload nginx #================================================= # START UNICORN #================================================= # Wait for discourse to be fully started ynh_check_starting "INFO -- : worker=$((unicorn_workers-1)) ready" "$final_path/log/unicorn.stderr.log" "240" "$app"