YunoHost-Apps/domoticz_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/domoticz_ynh.git synced 2024-09-03 18:26:17 +02:00
Code Issues Activity Actions

Set mqtt permission

Browse source
This commit is contained in:
Krakinou 2024-01-21 16:55:58 +01:00
parent c0b5a5b6d4
commit 535e9a0e21
6 changed files with 24 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/PRE_INSTALL.md
View file

@ -1,4 +1,6 @@
## Mosquitto Broker ## Mosquitto Broker
During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), may be installed at the same time as Domoticz. It's an optional setting: during install if you set the same domain as your main app domain, it won't be installed. During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), may be installed at the same time as Domoticz.
This broker requires a dedicated domain or subdomain to work (ex: mqtt.your.domain.tld) : creating this domain prior installation is a prerequisite. This broker requires a dedicated domain or subdomain to work (ex: mqtt.your.domain.tld) : creating this domain prior installation is a prerequisite.
It's an optional setting: during install if you set, for the MQTT domain, the same domain as your main app domain or enter an empty domain, the broker won't be installed.

4
doc/PRE_INSTALL_fr.md
View file

@ -1,4 +1,6 @@
## Broker MQTT Mosquitto ## Broker MQTT Mosquitto
À l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), peut être installé en même temps que Domoticz. Il est optionnel et si vous indiquez lors de l'installation le même domaine que le domaine principal, il ne sera pas installé. À l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), peut être installé en même temps que Domoticz.
Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant. Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant.
Il est optionnel et si vous indiquez lors de l'installation un domaine vide ou le même domaine que le domaine principal pour le domaine MQTT, le broker ne sera pas installé.

15
manifest.toml
View file

@ -43,11 +43,15 @@ ram.runtime = "50M"
type = "group" type = "group"
default = "all_users" default = "all_users"
# [install.init_mqtt_domain_permission]
# type="group"
# default="visitor"
[install.mqtt_domain] [install.mqtt_domain]
ask.fr = "Domaine MQTT" ask.fr = "Domaine MQTT"
ask.en = "MQTT domain" ask.en = "MQTT domain"
help.fr = "Domaine pour le serveur MQTT. Remettez le domaine principal si vous ne souhaitez pas l'utiliser. Lire la documentation pour plus d'informations" help.fr = "Domaine pour le serveur MQTT. Remettez le domaine principal ou à vide si vous ne souhaitez pas l'utiliser. Lire la documentation pour plus d'informations"
help.en = "MQTT server domain. Set the main domain if you don't wish to use it. See the doc for more info" help.en = "MQTT server domain. Set blank or the main domain if you don't wish to use it. See the doc for more info"
type = "domain" type = "domain"
optional = true optional = true
@ -77,10 +81,15 @@ ram.runtime = "50M"
main.url = "/" main.url = "/"
main.auth_header = false main.auth_header = false
api.url = "/_api/__APP_" api.url = "__DOMAIN__/api_/__APP__"
api.show_tile = false api.show_tile = false
api.allowed = "visitors" api.allowed = "visitors"
#Permission will be removed by the install script if not needed
mqtt.url = "__MQTT_DOMAIN__/"
mqtt.show_tile = false
mqtt.allowed = "visitors"
[resources.ports] [resources.ports]
main.default = 8080 main.default = 8080
#to be checked if it can become conditionnal #to be checked if it can become conditionnal

8
scripts/install
View file

@ -160,8 +160,6 @@ fi
# Create a dedicated Fail2Ban config # Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from <HOST>.*$" --max_retry=5 ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from <HOST>.*$" --max_retry=5
#Not required in 2023.1 anymore
#ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation"
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
@ -169,10 +167,8 @@ ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed logi
ynh_script_progression --message="Configuring permissions..." ynh_script_progression --message="Configuring permissions..."
#API & MQTT should stay publicly accessible. #If no MQTT have been set, we delete the mqtt permission.
#ynh_permission_create --permission="domoticz_API" --label="api" --url="$domain$api_path" --allowed="visitors" --show_tile="false" --protected="true" [[ "$domain" == "$mqtt_domain" ]] && ynh_permission_delete --permission="mqtt"
[[ "$domain" != "$mqtt_domain" ]] && ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

2
scripts/remove
View file

@ -23,8 +23,6 @@ if [ "$domain" != "$mqtt_domain" ]; then
ynh_secure_remove --file="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf" ynh_secure_remove --file="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf"
yunohost tools regen-conf postfix yunohost tools regen-conf postfix
ynh_secure_remove --file="/var/log/mosquitto" ynh_secure_remove --file="/var/log/mosquitto"
fi fi
ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 ynh_script_progression --message="Removing system configurations related to $app..." --weight=1

14
scripts/upgrade
View file

@ -61,15 +61,6 @@ if [[ -z "${mqtt_domain+x}" ]]; then
ynh_app_setting_set --app="$app" --key=mqtt_domain --value="$mqtt_domain" ynh_app_setting_set --app="$app" --key=mqtt_domain --value="$mqtt_domain"
fi fi
# Create the permission "domoticz_MQTT" only if it doesn't exist.
if [ "$domain" != "$mqtt_domain" ]; then
if ! ynh_permission_exists --permission="domoticz_MQTT"
then
# API Authorization with dedicated URL
ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true"
fi
fi
#remove unwanted log folder #remove unwanted log folder
if [ -d "/var/log/$app/$app" ]; then if [ -d "/var/log/$app/$app" ]; then
ynh_secure_remove "/var/log/$app/$app" ynh_secure_remove "/var/log/$app/$app"
@ -131,6 +122,9 @@ if [ "$domain" != "$mqtt_domain" ]; then
ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app" ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app"
fi fi
else
#If no MQTT have been set, we delete the mqtt permission.
[[ "$domain" == "$mqtt_domain" ]] && ynh_permission_delete --permission="mqtt"
fi fi
#================================================= #=================================================
@ -190,8 +184,6 @@ fi
# Create a dedicated Fail2Ban config # Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from <HOST>.*$" --max_retry=5 ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from <HOST>.*$" --max_retry=5
#not required in 2023.1 anymore
#ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation"
#================================================= #=================================================
# INTEGRATE SERVICE IN YUNOHOST # INTEGRATE SERVICE IN YUNOHOST