mirror of
https://github.com/YunoHost-Apps/discourse_ynh.git
synced 2024-09-03 18:26:18 +02:00
372 lines
16 KiB
Bash
372 lines
16 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source _common.sh
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# MANAGE SCRIPT FAILURE
|
|
#=================================================
|
|
|
|
ynh_clean_setup () {
|
|
# Clean remainings not handled by remove script
|
|
ynh_clean_check_starting
|
|
}
|
|
# Exit if an error occurs during the execution of the script
|
|
ynh_abort_if_errors
|
|
|
|
#=================================================
|
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
|
#=================================================
|
|
|
|
domain=$YNH_APP_ARG_DOMAIN
|
|
path_url=$YNH_APP_ARG_PATH
|
|
admin=$YNH_APP_ARG_ADMIN
|
|
is_public=$YNH_APP_ARG_IS_PUBLIC
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
|
|
#=================================================
|
|
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
|
#=================================================
|
|
ynh_script_progression --message="Validating installation parameters..."
|
|
|
|
final_path=/var/www/$app
|
|
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
|
|
|
|
# Register (book) web path
|
|
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
|
|
|
|
# Check memory requirements
|
|
check_memory_requirements
|
|
|
|
#=================================================
|
|
# STORE SETTINGS FROM MANIFEST
|
|
#=================================================
|
|
ynh_script_progression --message="Storing installation settings..."
|
|
|
|
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
|
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
|
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
|
|
|
#=================================================
|
|
# STANDARD MODIFICATIONS
|
|
#=================================================
|
|
# INSTALL DEPENDENCIES
|
|
#=================================================
|
|
ynh_script_progression --message="Installing dependencies..."
|
|
|
|
ynh_install_app_dependencies $pkg_dependencies
|
|
ynh_install_ruby --ruby_version=$RUBY_VERSION
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring system user..."
|
|
|
|
# Create a system user
|
|
ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell
|
|
|
|
#=================================================
|
|
# CREATE A POSTGRESQL DATABASE
|
|
#=================================================
|
|
ynh_script_progression --message="Creating a PostgreSQL database..."
|
|
|
|
db_name=$(ynh_sanitize_dbid --db_name=$app)
|
|
db_user=$db_name
|
|
db_pwd=$(ynh_string_random)
|
|
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
|
|
ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
|
|
ynh_psql_test_if_first_run
|
|
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
|
|
# Set extensions
|
|
ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS hstore;" --database=$db_name
|
|
ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pg_trgm;" --database=$db_name
|
|
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
ynh_script_progression --message="Setting up source files..."
|
|
|
|
# Specific actions on ARM architecture
|
|
if [ -n "$(uname -m | grep arm)" ] ; then
|
|
# Unapply commit cf9b4a789b855b5199e98a13424e409854a8e848 that breaks ARM
|
|
# compatibility by pointing to a recent libv8 version
|
|
# This is due to this libv8 issue (https://github.com/cowboyd/libv8/issues/261)
|
|
# that prevents it from being compiled on ARM hence no binary gem is available yet
|
|
cp ../sources/patches_arm/* ../sources/patches
|
|
fi
|
|
|
|
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
|
# Download, check integrity, uncompress and patch the source from app.src
|
|
ynh_setup_source --dest_dir="$final_path"
|
|
|
|
# Install LDAP plugin
|
|
mkdir -p "$final_path/plugins/discourse-ldap-auth"
|
|
ynh_setup_source --dest_dir="$final_path/plugins/discourse-ldap-auth" --source_id=ldap-auth
|
|
|
|
chmod 750 "$final_path"
|
|
chmod -R o-rwx "$final_path"
|
|
chown -R $app:www-data "$final_path"
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring NGINX web server..."
|
|
|
|
# Create a dedicated NGINX config
|
|
ynh_add_nginx_config
|
|
|
|
# Reference: https://meta.discourse.org/t/subfolder-support-with-docker/30507?u=falco&source_topic_id=54191
|
|
if [ "$path_url" != "/" ] ; then
|
|
ynh_replace_string --match_string='$proxy_add_x_forwarded_for' --replace_string='$http_your_original_ip_header' --target_file="/etc/nginx/conf.d/$domain.d/$app.conf"
|
|
fi
|
|
ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
|
|
|
|
#=================================================
|
|
# SPECIFIC SETUP
|
|
#=================================================
|
|
# CONFIGURE DISCOURSE
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring Discourse..."
|
|
|
|
# Configure database
|
|
discourse_config_file="$final_path/config/discourse.conf"
|
|
cp $final_path/config/discourse_defaults.conf $discourse_config_file
|
|
ynh_replace_string --match_string="db_name = discourse" --replace_string="db_name = $db_name" --target_file="$discourse_config_file"
|
|
ynh_replace_string --match_string="db_username = discourse" --replace_string="db_username = $db_name" --target_file="$discourse_config_file"
|
|
ynh_replace_string --match_string="db_password =" --replace_string="db_password = $db_pwd" --target_file="$discourse_config_file"
|
|
|
|
# Configure hostname
|
|
ynh_replace_string --match_string="hostname = \"www.example.com\"" --replace_string="hostname = \"$domain\"" --target_file="$discourse_config_file"
|
|
ynh_replace_string --match_string="relative_url_root =" --replace_string="relative_url_root = ${path_url%/}" --target_file="$discourse_config_file"
|
|
|
|
# Serve static assets (i.e. images, js, etc.)
|
|
ynh_replace_string --match_string="serve_static_assets = false" --replace_string="serve_static_assets = true" --target_file="$discourse_config_file"
|
|
|
|
# Don't show miniprofiler
|
|
ynh_replace_string --match_string="load_mini_profiler = true" --replace_string="load_mini_profiler = false" --target_file="$discourse_config_file"
|
|
|
|
# Configure e-mail server
|
|
admin_mail=$(ynh_user_get_info "$admin" mail)
|
|
ynh_replace_string --match_string="developer_emails =" --replace_string="developer_emails = $admin_mail" --target_file="$discourse_config_file"
|
|
ynh_replace_string --match_string="smtp_address =" --replace_string="smtp_address = localhost" --target_file="$discourse_config_file"
|
|
ynh_replace_string --match_string="smtp_domain =" --replace_string="smtp_domain = $domain" --target_file="$discourse_config_file"
|
|
ynh_replace_string --match_string="smtp_enable_start_tls = true" --replace_string="smtp_enable_start_tls = false" --target_file="$discourse_config_file"
|
|
|
|
# Configure redis
|
|
redis_db=$(ynh_redis_get_free_db)
|
|
ynh_app_setting_set --app="$app" --key=redis_db --value="$redis_db"
|
|
ynh_replace_string --match_string="redis_db = 0" --replace_string="redis_db = $redis_db" --target_file="$discourse_config_file"
|
|
|
|
# Don't notify on new versions (handled by the YunoHost package)
|
|
ynh_replace_string --match_string="new_version_emails = true" --replace_string="new_version_emails = false" --target_file="$discourse_config_file"
|
|
|
|
# Calculate and store the config file checksum
|
|
ynh_store_file_checksum --file="$discourse_config_file"
|
|
|
|
# Configure LDAP plugin
|
|
ldap_config_file="$final_path/plugins/discourse-ldap-auth/config/settings.yml"
|
|
ynh_replace_string --match_string="adfs.example.com" --replace_string="localhost" --target_file="$ldap_config_file"
|
|
ynh_replace_string --match_string="dc=example,dc=com" --replace_string="ou=users,dc=yunohost,dc=org" --target_file="$ldap_config_file"
|
|
ynh_replace_string --match_string="sAMAccountName" --replace_string="uid" --target_file="$ldap_config_file"
|
|
ynh_store_file_checksum --file="$ldap_config_file"
|
|
|
|
# Disable svgo worker
|
|
echo "svgo: false" > $final_path/.image_optim.yml
|
|
|
|
#=================================================
|
|
# SETUP UNICORN, A RUBY SERVER
|
|
#=================================================
|
|
ynh_script_progression --message="Setting up Unicorn..."
|
|
|
|
# Set a secret value
|
|
secret="$(ynh_string_random)"
|
|
ynh_add_config --template="../conf/secrets.yml" --destination="$final_path/config/secrets.yml"
|
|
|
|
# Set permissions to app files
|
|
chown -R $app: $final_path
|
|
|
|
pushd "$final_path"
|
|
ynh_use_ruby
|
|
# Install bundler, a gems installer
|
|
ynh_gem install bundler
|
|
# Install without documentation
|
|
exec_as $app echo "gem: --no-ri --no-rdoc" >> "$final_path/.gemrc"
|
|
popd
|
|
|
|
# Specific actions on ARM architecture
|
|
if [ -n "$(uname -m | grep arm)" ] ; then
|
|
# Define the platform specifically to retrieve binaries
|
|
# for libv8 because it currently doesn't compile on ARM devices
|
|
exec_login_as $app bin/bundle config specific_platform arm-linux
|
|
fi
|
|
|
|
# Install dependencies
|
|
exec_login_as $app bin/bundle config set path 'vendor/bundle'
|
|
exec_login_as $app bin/bundle config set with 'development'
|
|
exec_login_as $app MAKEFLAGS=-j2 bin/bundle install --jobs 2
|
|
|
|
# On ARM architecture, replace bundled libpsl by system native libpsl
|
|
# because the provided binary isn't compatible
|
|
if [ -n "$(uname -m | grep arm)" ] ; then
|
|
(cd $final_path/vendor/bundle/ruby/*/gems/mini_suffix-*/vendor
|
|
rm libpsl.so
|
|
ln -s $(ldconfig -p | grep libpsl | awk 'END {print $NF}') libpsl.so)
|
|
fi
|
|
|
|
#=================================================
|
|
# PREPARE THE DATABASE
|
|
#=================================================
|
|
ynh_script_progression --message="Preparing the database..."
|
|
|
|
rake_exec="exec_login_as $app RAILS_ENV=production bin/rake"
|
|
ynh_exec_warn_less $rake_exec db:migrate
|
|
ynh_exec_warn_less $rake_exec assets:precompile
|
|
|
|
#=================================================
|
|
# POPULATE THE DATABASE
|
|
#=================================================
|
|
ynh_script_progression --message="Populating the database..."
|
|
|
|
#Set default data (especially to have correct image URLs for subfolder install)
|
|
ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name <<< "INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('title', 1, 'YunoHost Forum', 'NOW()', 'NOW()');
|
|
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('site_description', 1, 'YunoHost Forum', 'NOW()', 'NOW()');
|
|
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('contact_email', 14, '$admin_mail', 'NOW()', 'NOW()');
|
|
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('contact_url', 1, '$domain$path_url', 'NOW()', 'NOW()');
|
|
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('site_contact_username', 15, '$admin', 'NOW()', 'NOW()');
|
|
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('logo_url', 1, '${path_url%/}/images/d-logo-sketch.png', 'NOW()', 'NOW()');
|
|
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('long_polling_base_url', 1, '${path_url%/}/', 'NOW()', 'NOW()');
|
|
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('logo_small_url', 1, '${path_url%/}/images/d-logo-sketch-small.png', 'NOW()', 'NOW()');
|
|
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('favicon_url', 1, '${path_url%/}/images/default-favicon.ico', 'NOW()', 'NOW()');
|
|
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('apple_touch_icon_url', 1, '${path_url%/}/images/default-apple-touch-icon.png', 'NOW()', 'NOW()');
|
|
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('wizard_enabled', 5, 'f', 'NOW()', 'NOW()');
|
|
INSERT INTO site_settings (name, data_type, value, created_at, updated_at) VALUES ('force_https', 5, 't', 'NOW()', 'NOW()');
|
|
"
|
|
|
|
#=================================================
|
|
# CREATE DISCOURSE ADMIN USER
|
|
#=================================================
|
|
ynh_script_progression --message="Creating Discourse admin user..."
|
|
|
|
# Create a random password
|
|
admin_pwd=$(ynh_string_random)
|
|
$rake_exec admin:create <<< "$admin_mail
|
|
$admin_pwd
|
|
$admin_pwd
|
|
y
|
|
"
|
|
|
|
#=================================================
|
|
# CONFIGURE PLUGINS
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring plugins..."
|
|
|
|
# Patch ldap-auth plugin dependency (omniauth-ldap) to fix it when using domain subfolder
|
|
# (Can only do that now because we are patching dependencies which have just been downloaded)
|
|
# Patch applied: https://github.com/omniauth/omniauth-ldap/pull/16
|
|
(cd $final_path/plugins/discourse-ldap-auth/gems/${RUBY_VERSION}/gems/omniauth-ldap*/
|
|
patch -p1 < $YNH_CWD/../conf/ldap-auth-fix-subfolder.patch)
|
|
|
|
#=================================================
|
|
# SETUP SYSTEMD
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring a systemd service..."
|
|
|
|
ynh_replace_string --match_string="__RBENV_ROOT__" --replace_string="$RBENV_ROOT" --target_file="../conf/systemd.service"
|
|
|
|
# We assume for the moment that ARM devices are only dual core, so
|
|
# we restrict the number of workers to 2 (the default is 3)
|
|
if [ -n "$(uname -m | grep arm)" ] ; then
|
|
additional_env="UNICORN_WORKERS=2"
|
|
unicorn_workers=2
|
|
else
|
|
additional_env=""
|
|
unicorn_workers=3
|
|
fi
|
|
ynh_app_setting_set --app=$app --key=unicorn_workers --value=$unicorn_workers
|
|
|
|
ynh_replace_string --match_string="__ADDITIONAL_ENV__" --replace_string="$additional_env" --target_file="../conf/systemd.service"
|
|
ynh_replace_string --match_string="__LIBJEMALLOC__" --replace_string="$(ldconfig -p | grep libjemalloc | awk 'END {print $NF}')" --target_file="../conf/systemd.service"
|
|
ynh_add_systemd_config
|
|
|
|
#=================================================
|
|
# GENERIC FINALIZATION
|
|
#=================================================
|
|
# SECURE FILES AND DIRECTORIES
|
|
#=================================================
|
|
ynh_script_progression --message="Securing files and directories..."
|
|
|
|
# Add a pids and socket directory for the systemd script.
|
|
mkdir -p "$final_path/tmp/pids"
|
|
mkdir "$final_path/tmp/sockets"
|
|
|
|
# Create specific folders and links for subfolder compatibility
|
|
# (see: https://meta.discourse.org/t/subfolder-support-with-docker/30507)
|
|
(
|
|
cd $final_path
|
|
mkdir -p "public/forum"
|
|
cd public/forum && ln -s ../uploads && ln -s ../backups
|
|
)
|
|
|
|
# Set permissions to app files
|
|
chown -R $app: $final_path
|
|
|
|
# Restrict rights to log directory (needed by logrotate)
|
|
chmod g-w $final_path/log
|
|
|
|
#=================================================
|
|
# SETUP LOGROTATE
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring log rotation..."
|
|
|
|
# Use logrotate to manage application logfile(s)
|
|
ynh_use_logrotate --logfile="$final_path/log/unicorn.stderr.log"
|
|
ynh_use_logrotate --logfile="$final_path/log/unicorn.stdout.log"
|
|
ynh_use_logrotate --logfile="$final_path/log/production.log"
|
|
|
|
#=================================================
|
|
# INTEGRATE SERVICE IN YUNOHOST
|
|
#=================================================
|
|
ynh_script_progression --message="Integrating service in YunoHost..."
|
|
|
|
yunohost service add $app --log "$final_path/log/unicorn.stderr.log" "$final_path/log/unicorn.stdout.log" "$final_path/log/production.log"
|
|
|
|
#=================================================
|
|
# START SYSTEMD SERVICE
|
|
#=================================================
|
|
ynh_script_progression --message="Starting a systemd service..."
|
|
|
|
# Start a systemd service
|
|
ynh_systemd_action --service_name=$app --action="start" --log_path="$final_path/log/unicorn.stderr.log" --line_match="INFO -- : worker=$((unicorn_workers-1)) ready"
|
|
|
|
#=================================================
|
|
# SETUP SSOWAT
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring permissions..."
|
|
|
|
# Make app public if necessary
|
|
if [ $is_public -eq 1 ]
|
|
then
|
|
# Everyone can access the app.
|
|
# The "main" permission is automatically created before the install script.
|
|
ynh_permission_update --permission="main" --add="visitors"
|
|
fi
|
|
|
|
#=================================================
|
|
# RELOAD NGINX
|
|
#=================================================
|
|
ynh_script_progression --message="Reloading NGINX web server..."
|
|
|
|
ynh_systemd_action --service_name=nginx --action=reload
|
|
|
|
#=================================================
|
|
# END OF SCRIPT
|
|
#=================================================
|
|
|
|
ynh_script_progression --message="Installation of $app completed"
|