From 535e9a0e213d032680da0d6fd94629296b7ac5f7 Mon Sep 17 00:00:00 2001 From: Krakinou Date: Sun, 21 Jan 2024 16:55:58 +0100 Subject: [PATCH 1/8] Set mqtt permission --- doc/PRE_INSTALL.md | 4 +++- doc/PRE_INSTALL_fr.md | 4 +++- manifest.toml | 17 +++++++++++++---- scripts/install | 8 ++------ scripts/remove | 2 -- scripts/upgrade | 14 +++----------- 6 files changed, 24 insertions(+), 25 deletions(-) diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md index aca87ed..ef94d9d 100644 --- a/doc/PRE_INSTALL.md +++ b/doc/PRE_INSTALL.md @@ -1,4 +1,6 @@ ## Mosquitto Broker -During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), may be installed at the same time as Domoticz. It's an optional setting: during install if you set the same domain as your main app domain, it won't be installed. +During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), may be installed at the same time as Domoticz. This broker requires a dedicated domain or subdomain to work (ex: mqtt.your.domain.tld) : creating this domain prior installation is a prerequisite. +It's an optional setting: during install if you set, for the MQTT domain, the same domain as your main app domain or enter an empty domain, the broker won't be installed. + diff --git a/doc/PRE_INSTALL_fr.md b/doc/PRE_INSTALL_fr.md index 3a91d2a..16c2e80 100644 --- a/doc/PRE_INSTALL_fr.md +++ b/doc/PRE_INSTALL_fr.md @@ -1,4 +1,6 @@ ## Broker MQTT Mosquitto -À l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), peut être installé en même temps que Domoticz. Il est optionnel et si vous indiquez lors de l'installation le même domaine que le domaine principal, il ne sera pas installé. +À l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), peut être installé en même temps que Domoticz. Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant. +Il est optionnel et si vous indiquez lors de l'installation un domaine vide ou le même domaine que le domaine principal pour le domaine MQTT, le broker ne sera pas installé. + diff --git a/manifest.toml b/manifest.toml index b6b38db..c61c673 100644 --- a/manifest.toml +++ b/manifest.toml @@ -43,11 +43,15 @@ ram.runtime = "50M" type = "group" default = "all_users" +# [install.init_mqtt_domain_permission] +# type="group" +# default="visitor" + [install.mqtt_domain] ask.fr = "Domaine MQTT" ask.en = "MQTT domain" - help.fr = "Domaine pour le serveur MQTT. Remettez le domaine principal si vous ne souhaitez pas l'utiliser. Lire la documentation pour plus d'informations" - help.en = "MQTT server domain. Set the main domain if you don't wish to use it. See the doc for more info" + help.fr = "Domaine pour le serveur MQTT. Remettez le domaine principal ou à vide si vous ne souhaitez pas l'utiliser. Lire la documentation pour plus d'informations" + help.en = "MQTT server domain. Set blank or the main domain if you don't wish to use it. See the doc for more info" type = "domain" optional = true @@ -75,12 +79,17 @@ ram.runtime = "50M" [resources.permissions] main.url = "/" - main.auth_header=false + main.auth_header = false - api.url = "/_api/__APP_" + api.url = "__DOMAIN__/api_/__APP__" api.show_tile = false api.allowed = "visitors" + #Permission will be removed by the install script if not needed + mqtt.url = "__MQTT_DOMAIN__/" + mqtt.show_tile = false + mqtt.allowed = "visitors" + [resources.ports] main.default = 8080 #to be checked if it can become conditionnal diff --git a/scripts/install b/scripts/install index 51ea914..4755042 100755 --- a/scripts/install +++ b/scripts/install @@ -160,8 +160,6 @@ fi # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from .*$" --max_retry=5 -#Not required in 2023.1 anymore -#ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation" #================================================= # SETUP SSOWAT @@ -169,10 +167,8 @@ ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed logi ynh_script_progression --message="Configuring permissions..." -#API & MQTT should stay publicly accessible. -#ynh_permission_create --permission="domoticz_API" --label="api" --url="$domain$api_path" --allowed="visitors" --show_tile="false" --protected="true" -[[ "$domain" != "$mqtt_domain" ]] && ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true" - +#If no MQTT have been set, we delete the mqtt permission. +[[ "$domain" == "$mqtt_domain" ]] && ynh_permission_delete --permission="mqtt" #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 699fc6c..357cb48 100755 --- a/scripts/remove +++ b/scripts/remove @@ -23,8 +23,6 @@ if [ "$domain" != "$mqtt_domain" ]; then ynh_secure_remove --file="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf" yunohost tools regen-conf postfix ynh_secure_remove --file="/var/log/mosquitto" - - fi ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 diff --git a/scripts/upgrade b/scripts/upgrade index 8e0ff75..4ec90c2 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -61,15 +61,6 @@ if [[ -z "${mqtt_domain+x}" ]]; then ynh_app_setting_set --app="$app" --key=mqtt_domain --value="$mqtt_domain" fi -# Create the permission "domoticz_MQTT" only if it doesn't exist. -if [ "$domain" != "$mqtt_domain" ]; then - if ! ynh_permission_exists --permission="domoticz_MQTT" - then - # API Authorization with dedicated URL - ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true" - fi -fi - #remove unwanted log folder if [ -d "/var/log/$app/$app" ]; then ynh_secure_remove "/var/log/$app/$app" @@ -131,6 +122,9 @@ if [ "$domain" != "$mqtt_domain" ]; then ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app" fi +else + #If no MQTT have been set, we delete the mqtt permission. + [[ "$domain" == "$mqtt_domain" ]] && ynh_permission_delete --permission="mqtt" fi #================================================= @@ -190,8 +184,6 @@ fi # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from .*$" --max_retry=5 -#not required in 2023.1 anymore -#ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation" #================================================= # INTEGRATE SERVICE IN YUNOHOST From 35ba0f6aa23be22ba4cbf1d0179cb5a5a9f055c0 Mon Sep 17 00:00:00 2001 From: Krakinou Date: Sun, 21 Jan 2024 16:56:13 +0100 Subject: [PATCH 2/8] cleaning unused variables --- scripts/change_url | 4 ---- 1 file changed, 4 deletions(-) diff --git a/scripts/change_url b/scripts/change_url index f24f08e..49a869c 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -14,11 +14,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Loading installation settings..." -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) old_api=$(ynh_app_setting_get --app=$app --key=api_path) - if [ "$new_path" == "/" ]; then new_api=/api_/$app else From 1c5730f6abd06335b3558549f0bcbd7740630fa3 Mon Sep 17 00:00:00 2001 From: Krakinou Date: Sun, 21 Jan 2024 17:03:09 +0100 Subject: [PATCH 3/8] cleaning --- manifest.toml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/manifest.toml b/manifest.toml index c61c673..05ea90e 100644 --- a/manifest.toml +++ b/manifest.toml @@ -43,10 +43,6 @@ ram.runtime = "50M" type = "group" default = "all_users" -# [install.init_mqtt_domain_permission] -# type="group" -# default="visitor" - [install.mqtt_domain] ask.fr = "Domaine MQTT" ask.en = "MQTT domain" From 76b51ec84084968a721a5e67094db7119e112dfb Mon Sep 17 00:00:00 2001 From: Krakinou Date: Sun, 21 Jan 2024 17:11:51 +0100 Subject: [PATCH 4/8] Standardize permission management --- scripts/install | 12 +++--------- scripts/restore | 3 +++ scripts/upgrade | 2 +- 3 files changed, 7 insertions(+), 10 deletions(-) diff --git a/scripts/install b/scripts/install index 4755042..e19734e 100755 --- a/scripts/install +++ b/scripts/install @@ -84,6 +84,9 @@ if [ "$domain" != "$mqtt_domain" ]; then mosquitto_passwd -U "/etc/mosquitto/conf.d/"$app"_credentials" ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app" +else + #If no MQTT have been set, we delete the mqtt permission. + ynh_permission_delete --permission="mqtt" fi @@ -161,15 +164,6 @@ fi # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from .*$" --max_retry=5 -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." - - -#If no MQTT have been set, we delete the mqtt permission. -[[ "$domain" == "$mqtt_domain" ]] && ynh_permission_delete --permission="mqtt" - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 96056d2..e5c2de0 100755 --- a/scripts/restore +++ b/scripts/restore @@ -70,6 +70,9 @@ chown -R "$app":"$app" "$install_dir" if [ "$domain" != "$mqtt_domain" ]; then ynh_script_progression --message="Reinstalling up mosquitto..." --weight=5 ynh_restore_file --origin_path="/etc/mosquitto/conf.d" --not_mandatory +else + #If no MQTT have been set, we delete the mqtt permission. + ynh_permission_delete --permission="mqtt" fi #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 4ec90c2..ee61431 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -124,7 +124,7 @@ if [ "$domain" != "$mqtt_domain" ]; then fi else #If no MQTT have been set, we delete the mqtt permission. - [[ "$domain" == "$mqtt_domain" ]] && ynh_permission_delete --permission="mqtt" + ynh_permission_delete --permission="mqtt" fi #================================================= From 301eebe417075110addc9307c017f967a3d49ad0 Mon Sep 17 00:00:00 2001 From: Krakinou Date: Sun, 21 Jan 2024 17:19:29 +0100 Subject: [PATCH 5/8] Update documentation --- doc/ADMIN.md | 1 + doc/ADMIN_fr.md | 1 + doc/DESCRIPTION.md | 2 +- doc/DESCRIPTION_fr.md | 2 +- 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/doc/ADMIN.md b/doc/ADMIN.md index 8fe3921..65fc151 100644 --- a/doc/ADMIN.md +++ b/doc/ADMIN.md @@ -4,6 +4,7 @@ During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), is installed at the same time as Domoticz. This broker requires a dedicated domain or subdomain to work (ex : mqtt.your.domain.tld): creating this domain prior installation is a prerequisite +You may also install the [Mosquitto package](https://github.com/YunoHost-Apps/mosquitto_ynh) without using the one provided by domoticz_ynh. #### Adding in Domoticz diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md index b437195..db729cc 100644 --- a/doc/ADMIN_fr.md +++ b/doc/ADMIN_fr.md @@ -4,6 +4,7 @@ À l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), est installé en même temps que Domoticz. Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant. +Vous pouvez également installer le [package pour Mosquitto](https://github.com/YunoHost-Apps/mosquitto_ynh) sans utiliser celui de domoticz_ynh. #### Ajout dans Domoticz diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index 0df7708..2acb4ce 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -12,5 +12,5 @@ For example this system can be used with: * And more... -The MQTT broker Mosquitto is integrated into the package and requires its own domain or subdomain. It's an optional setting: during install if you set the same domain as your main app domain, it won't be installed. +The MQTT broker Mosquitto is integrated into the package and requires its own domain or subdomain. It's an optional setting. You may also install the [Mosquitto package](https://github.com/YunoHost-Apps/mosquitto_ynh) without using the one provided by domoticz_ynh. \ No newline at end of file diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md index 5d030f0..8fce85a 100644 --- a/doc/DESCRIPTION_fr.md +++ b/doc/DESCRIPTION_fr.md @@ -11,7 +11,7 @@ Il peut par exemple être utilisé avec : * des voltmètres * Et bien d'autres -Le broker MQTT Mosquitto est intégré au package et nécessite un sous-domaine ou un domaine distinct. Il est optionnel : si vous indiquez lors de l'installation le même domaine que le domaine principal, il ne sera pas installé. +Le broker MQTT Mosquitto est intégré au package et nécessite un sous-domaine ou un domaine distinct. Il est optionnel. Vous pouvez également installer le [package pour Mosquitto](https://github.com/YunoHost-Apps/mosquitto_ynh) sans utiliser celui de domoticz_ynh. From 2298904b97d898e0f4c8da4d6cbbcf457800a51b Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 21 Jan 2024 16:19:33 +0000 Subject: [PATCH 6/8] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5e2288f..5d40560 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ For example this system can be used with: * And more... -The MQTT broker Mosquitto is integrated into the package and requires its own domain or subdomain. It's an optional setting: during install if you set the same domain as your main app domain, it won't be installed. +The MQTT broker Mosquitto is integrated into the package and requires its own domain or subdomain. It's an optional setting. You may also install the [Mosquitto package](https://github.com/YunoHost-Apps/mosquitto_ynh) without using the one provided by domoticz_ynh. **Shipped version:** 2024.2~ynh1 diff --git a/README_fr.md b/README_fr.md index 2b0373b..9bac8bd 100644 --- a/README_fr.md +++ b/README_fr.md @@ -29,7 +29,7 @@ Il peut par exemple être utilisé avec : * des voltmètres * Et bien d'autres -Le broker MQTT Mosquitto est intégré au package et nécessite un sous-domaine ou un domaine distinct. Il est optionnel : si vous indiquez lors de l'installation le même domaine que le domaine principal, il ne sera pas installé. +Le broker MQTT Mosquitto est intégré au package et nécessite un sous-domaine ou un domaine distinct. Il est optionnel. Vous pouvez également installer le [package pour Mosquitto](https://github.com/YunoHost-Apps/mosquitto_ynh) sans utiliser celui de domoticz_ynh. From 7b50a54c539792c44d06043161f0bab3ee48fbb0 Mon Sep 17 00:00:00 2001 From: Krakinou Date: Sun, 21 Jan 2024 18:20:41 +0100 Subject: [PATCH 7/8] Warning before upgrade from 2020.2~ynh8 --- doc/PRE_UPGRADE.d/2023.1~ynh1.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/doc/PRE_UPGRADE.d/2023.1~ynh1.md b/doc/PRE_UPGRADE.d/2023.1~ynh1.md index 626ee01..bb8bb96 100644 --- a/doc/PRE_UPGRADE.d/2023.1~ynh1.md +++ b/doc/PRE_UPGRADE.d/2023.1~ynh1.md @@ -1,3 +1,9 @@ +### +BEWARE! If you did not activate the Mosquitto Broker within this package, please run following command prior to upgrade: +````yunohost app setting $app mqtt_domain -v your.$app.domain.tld```` +Failure to do so may break the app. +If you did activate the Mosquitto broker, you can proceed safely. + ###Changelog - Move to packaging v2 - From now on, upgrade of the upstream app will not be handled into the app anymore: a new package version will be published for a new Domoticz version. Internal upgrade is disabled (although you may still use the command line) From 88ba1909ee311083f4153bf01aed7a479efc98ca Mon Sep 17 00:00:00 2001 From: Krakinou Date: Sun, 21 Jan 2024 18:21:40 +0100 Subject: [PATCH 8/8] Add manual command prior upgrade --- tests.toml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests.toml b/tests.toml index 3aa3a03..7a6e53f 100644 --- a/tests.toml +++ b/tests.toml @@ -8,6 +8,11 @@ test_format = 1.0 yunohost domain add mqtt.domain.tld """ + preupgrade = """ + set -euxo pipefail + yunohost app setting domoticz mqtt_domain -v sub.domain.tld + """ + args.mqtt_domain="sub.domain.tld" test_upgrade_from.a96510c.name = "2024.2" test_upgrade_from.a96510c.args.mqtt_domain="sub.domain.tld"