diff --git a/README.md b/README.md index 40a1b9b..5d40560 100644 --- a/README.md +++ b/README.md @@ -27,124 +27,18 @@ For example this system can be used with: * Temperature Sensors * Pulse Meters * Voltage / AD Meters -* And more ... +* And more... -**Shipped version:** Always the last stable one. The last compiled version is retrieved from [this directory](https://releases.domoticz.com/releases/?dir=./release) during install. -Once installed, **updates from the uptream app are managed from within the app**. Yunohost upgrade script will only upgrade the Yunohost package. +The MQTT broker Mosquitto is integrated into the package and requires its own domain or subdomain. It's an optional setting. +You may also install the [Mosquitto package](https://github.com/YunoHost-Apps/mosquitto_ynh) without using the one provided by domoticz_ynh. -The MQTT broker mosquitto is integrated into the package. It requires its own domain or subdomain. It's an optional setting: during install if you set the same domaine as your main app domain, it won't be installed. +**Shipped version:** 2024.2~ynh1 -## Configuration +## Screenshots -### Broker Mosquitto - -During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), is installed at the same time as Domoticz. The installed version is the one from the official project repo and not from Debian ones. -This broker requires a dedicated domain or subdomain to work (ex : mqtt.your.domain.tld) : creating this domain prior installation is a prerequisite - -#### Adding in domoticz - -To use mosquitto, you need to customize the communication between domoticz and the broker by following the [domoticz documentation](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto), part *Add hardware "MQTT Client Gateway"*. -User and password are automatically generated during installation, you may retrieve them with -```` -sudo yunohost app setting domoticz mqtt_user -sudo yunohost app setting domoticz mqtt_pwd -```` - -#### Publish/Subscribe - -By default, mosquitto will listen on 2 ports: -- 1883 on localhost using mqtt protocol -- 8883 using websocket protocol. Nginx redirect external port 443 to this internal port. - -Hence, To publish/subscribe on a topic from the outside, you have to use a software supporting websocket protocol (ex : paho python library). - -#### Mosquitto_pub et mosquitto_sub - -These 2 tools do not support websocket protocol, only direct mqtt: base settings will not allow communication from an outside device. -If you're using them directly from your server, this kind of syntax should work: -```` -mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }' -```` -In the same way: -```` -mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out' -```` - -If you wish to open direct mqtt protocol from an outside device, you'll need to: -- open port 1883 on Yunohost firewall (**Attention, security risk**) -- Allows IP addresses in mosquitto configuration for this listener -- Set the tls setting in mosquitto configuration by giving access to crt.pem and key.pem from your mqtt domain by setting respective certfile et keyfile variables. **This is mandatory to ensure a secure connection.** - -#### Upgrade from version without mosquitto -If you have package ynh3 or below, mosquitto is not installed by default. -If you have chosen to not set a domain during initial installation also. -So, if you need to activate mosquitto in retrospect, do following actions: -1. Create a domain or a subdomain (for example : 'mqtt.your.domain.tld') -2. Connect to your server in command line -3. Type following command : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld` -4. Upgrade domoticz to last package. -If you're already on the last package version, use the following command : `yunohost app upgrade domoticz --force` - -## Configuration - -### Sensors, language and this kind of stuff -Main configuration of the app take place inside the app itself. - -### Zwave management -If you're using zwave devices, install mosquitto along domoticz and give a try to [zwave-JS-UI package](https://github.com/YunoHost-Apps/zwave-js-ui_ynh). -Once installed, just follow instructions from the [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI) - -### Access and API -By default, access for the [JSON API](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) is allowed on following path `/yourdomain.tld/api_/domoticzpath`. -So if you access domoticz via https://mydomainname.tld/domoticz, use the following webpath for the api : `/mydomainname.tld/api_/domoticz/json.htm?yourapicommand` - -By default, only sensor updates and switch toogle are authorized. To authorized a new command, you have to manually update the nginx config file : -```` -sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf -```` -Then edit the following block by adding the regex of the command you want to allow: -```` - #set the list of authorized json command here in regex format - #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's - #By default, sensors updates and toggle switch are authorized - if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$) { - set $api "1"; - } -```` -For example, to add the json command to retrieve the status of a device (/json.htm?type=devices&rid=IDX),modify the line as this: -```` - if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) { - set $api "1"; - } -```` - -All IPv4 addresses within the local network (192.168.0.0/24) and *all IPv6* addresses are authorized as API. -As far as I know, there is no way to filter for IPv6 address on local network : You may remove the authorization by removing or commenting this line in `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`: -```` -allow ::/1; -```` -This will authorized only IPv4 within local network to access your domoticz API. -You may add individual IPv6 address in the same way. - -**Shipped version:** 2020.2~ynh8 -## Disclaimers / important information - - -## Limitations - -* No user management nor LDAP integration This function is [not planned to be implemented into the app](https://github.com/domoticz/domoticz/issues/838), hence it's not planned into the package neither. -* Backup cannot be restored on a different machine type (arm, x86...) as compiled sources are different - -## Security consideration - -Although you may activate a login page on the application (either from the *Setup/Settings/System/Website protection* menu or from the *Setup/More Options/Edit Users* menu), it doesn't seems to be very reliable and secure so far (version 2022.2 at the time of writing). Work is ongoing to strengthen the security ([see here](https://www.domoticz.com/wiki/Security)) in future version but is not yet released. - -### recommandation - -It seems advisable to not make the app publicly available outside of the yunohost sso (public = yes at install or setting the domoticz permission to 'visitors' in the admin panel). If for any reason you need to, I recommend the following: - - Activate the website protection/user management (with login page instead of Basic-auth) - - In *Setup/Settings/System/Local Networks (no username/password)* enter the address of the nginx proxy (should be "::1;127.0.0.1" in any standard Yunohost installation) so that the Fail2ban settings is active (see last lines of [this wiki](https://www.domoticz.com/wiki/WebServer_Proxy) +![Screenshot of Domoticz](./doc/screenshots/domoticz_Switches_screen.png) +![Screenshot of Domoticz](./doc/screenshots/domoticz_floorplan_machineon.png) ## Documentation and resources @@ -152,7 +46,7 @@ It seems advisable to not make the app publicly available outside of the yunohos * Official user documentation: * Official admin documentation: * Upstream app code repository: -* YunoHost documentation for this app: +* YunoHost Store: * Report a bug: ## Developer info diff --git a/README_fr.md b/README_fr.md index 236c72b..9bac8bd 100644 --- a/README_fr.md +++ b/README_fr.md @@ -29,129 +29,26 @@ Il peut par exemple être utilisé avec : * des voltmètres * Et bien d'autres -**Version incluse :** Toujours la dernière version stable. La dernière version compilée est récupérée dans [ce répertoire](https://releases.domoticz.com/releases/?dir=./release) lors de l'installation. -Une fois installée, **les mises à jour de l'application sont gérées depuis les menus de l'application elle même**. Le script de mise à jour Yunohost mettra uniquement à jour de nouvelles version du package. - -Le broker MQTT mosquitto est intégré au package et nécessite un sous-domaine ou un domaine distinct. Il est optionnel et si vous indiquez lors de l'installation le même domaine que le domaine principal, il ne sera pas installé. - -## Configuration - -### Broker MQTT Mosquitto - -A l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), est installé en même temps que Domoticz. La version installée est celle du dépot officiel du projet, et non des dépots Debian. -Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant. - -#### Ajout dans domoticz - -Pour pouvoir l'utiliser, vous devez paramétrer la communication avec entre domoticz et le broker en suivant la [documentation de domoticz](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto) dans la partie *Add hardware "MQTT Client Gateway"* -Les users et mot de passe du broker sont automatiquement générés lors de l'installation. Vous pouvez les récupérer avec -```` -sudo yunohost app setting domoticz mqtt_user -sudo yunohost app setting domoticz mqtt_pwd -```` - -#### Publier/souscrire - -Par défaut, mosquitto va écouter sur 2 ports: -- Le 1883 sur localhost en protocole mqtt -- Le 8883 en protocole websocket. Nginx redirige le port 443 externe vers ce port en interne. -Pour publier/souscrire sur un topic depuis l'exterieur, vous devez donc utiliser un programme supportant le protocole websocket (ex : la bibliothèque python paho).: - -#### Mosquitto_pub et mosquitto_sub - -Ces deux programmes ne supportent pas le protocole websocket mais uniquement le mqtt : le paramétrage de base ne vous autorise donc pas à les utiliser pour communiquer depuis un client externe. -Si vous les utilisez directement depuis votre serveur, ce genre de syntaxe devrait marcher: -```` -mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }' -```` -De la même manière:c -```` -mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out' -```` -Si vous souhaitez ouvrir le protocole mqtt depuis l'extérieur afin de pouvoir les utiliser depuis un autre serveur, il vous faudra: -- ouvrir le port 1883 sur le firewall Yunohost (**Attention, risque de sécurité**) -- autoriser les adresses IP souhaitées dans la configuration de mosquitto pour ce listener -- paramétrer le tls dans la configuration de mosquitto en donnant accès au crt.pem et key.pem de votre domaine mqtt en les paramétrant respectivement avec les variables certfile et keyfile. **Ceci est obligatoire pour sécuriser la connexion.** +Le broker MQTT Mosquitto est intégré au package et nécessite un sous-domaine ou un domaine distinct. Il est optionnel. +Vous pouvez également installer le [package pour Mosquitto](https://github.com/YunoHost-Apps/mosquitto_ynh) sans utiliser celui de domoticz_ynh. -#### Mise à jour depuis les versions n'ayant pas mosquittoo -Si vous êtes sur le package ynh3 ou inférieur, mosquitto n'est pas installé par défaut. -De même si vous avez choisi de ne pas indiquer de domaine pour mosquitto lors de l'installation initiale. -Pour pouvoir l'installer après coup, faites les actions suivantes: -1. créez un domaine ou sous-domaine pour recevoir les informations (par exemple : 'mqtt.your.domain.tld') -2. connecter vous en ligne de commande à votre serveur -3. taper la commande suivante : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld` -4. Procédez à la mise à jour. -Si vous êtes déjà sur la dernière version, utiliser la commmande suivante : `yunohost app upgrade domoticz --force` +**Version incluse :** 2024.2~ynh1 +## Captures d’écran -### Senseurs, langue et ce genre de choses -Toute la configuration de l'application a lieu dans l'application elle même +![Capture d’écran de Domoticz](./doc/screenshots/domoticz_Switches_screen.png) +![Capture d’écran de Domoticz](./doc/screenshots/domoticz_floorplan_machineon.png) -### Gestion du Zwave -Si vous utilisez des équipements zwave, installez mosquitto en plus de domoticz et essayez le [package zwave-JS-UI](https://github.com/YunoHost-Apps/zwave-js-ui_ynh). -Une fois installé, suivez simplement les indications du [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI) - -### Accès et API -Par défaut, l'accès aux [API JSON](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) est autorisé sur cette URL `/votredomaine.tld/api_/chemindedomoticz`. -Donc, si vous accédez à domoticz par https://votredomaine.tld/domoticz, utilisez le chemin suivant pour l'api: `/votredomaine.tld/api_/domoticz/json.htm?votrecommandeapi` - -Par défaut, seule la mise à jour de senseur et les interrupteurs sont autorisés. Pour autoriser une nouvelle commande, vous devez manuellement éditer le fichier de configuration nginx : -```` -sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf -```` -Puis éditer le bloc suivant en y ajoutant le regex de la commmande à autoriser : -```` - #set the list of authorized json command here in regex format - #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's - #By default, sensors updates and toggle switch are authorized - if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$) { - set $api "1"; - } -```` -Par exemple, pour ajouter la commmande json pour retrouver le statut d'un équipement (/json.htm?type=devices&rid=IDX),il faut modifier la ligne comme ceci: -```` - if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) { - set $api "1"; - } -```` - -Toutes les adresses IPv4 du réseau local (192.168.0.0/24) et toutes les adresses IPv6 sont autorisées pour l'API. -A ma connaissance, il n'y a pas moyen d'effectuer un filtre pour les adresses IPv6 sur le réseau local, vous pouvez donc retirer leur autorisation en enlevant ou en commentant la ligne suivante dans `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`: -```` -allow ::/1; -```` -Ceci autorisera seulement les adresses IPv4 local a accéder aux API de domoticz. -Vous pouvez ajouter des adresses IPv6 de la même façon. - - -**Version incluse :** 2020.2~ynh8 -## Avertissements / informations importantes - - -## Limitations - -* Pas de gestion d'utilisateurs ni d'intégration LDAP. L'application ne [prévoit pas de gérer les utilisateurs par LDAP](https://github.com/domoticz/domoticz/issues/838), donc le package non plus. -* Un backup ne peut pas être restauré sur un type de machine différente de celle d'origine (x86, arm...) car les sources compilées sont différentes - -## A propos de la sécurité - -Bien que vous pouviez activer une page de connexion dans l'application (soit depuis le menu *Configuration/Paramètres/Système/Sécurité* ou depuis *Configuration/Plus d'options/Gérer les utilisateurs*), les fonctionnalités ne semblent pas très avancées ni safe pour l'instant (version 2022.2 au moment d'écrire). Un travail a été entrepris pour renforcer la sécurité ([voir ici](https://www.domoticz.com/wiki/Security)) dans les versions futures mais n'a pas encore été released. - -### recommandations - -Il semble conseillé de ne pas rendre l'application publique en dehors du sso yunohost (public = oui à l'installation ou mettre la permission domoticz à 'Visiteurs' dans le panel d'administration Yunohost). Si pour quelques raisons que ce soit, vous deviez le faire, je vous recommande: - - d'activer la sécurité de connexion à domoticz (plutot avec la login page qu'avec la basic-auth) - - Dans *Configuration/Système/Réseaux Locaux (pas d'authentification)* d'entrer les adresses du proxy nginx (cela devrait être "::1;127.0.0.1" dans une installation Yunohost Standard) afin que Fail2ban puisse bloquer les tentatives de connexions (voir les dernières lignes de [ce wiki](https://www.domoticz.com/wiki/WebServer_Proxy) ## Documentations et ressources * Site officiel de l’app : * Documentation officielle utilisateur : * Documentation officielle de l’admin : * Dépôt de code officiel de l’app : -* Documentation YunoHost pour cette app : +* YunoHost Store: * Signaler un bug : ## Informations pour les développeurs diff --git a/check_process b/check_process deleted file mode 100644 index 46b58c6..0000000 --- a/check_process +++ /dev/null @@ -1,54 +0,0 @@ -;; Test avec Mosquitto - ; pre-install - set -euxo pipefail - yunohost domain add mqtt.domain.tld - ; pre-upgrade - set -euxo pipefail - yunohost app setting domoticz mqtt_domain -v mqtt.domain.tld - ; Manifest - domain="domain.tld" (DOMAIN) - path="/domoticz" (PATH) - is_public=1 (PUBLIC|public=1|private=0) - mqtt_domain="mqtt.domain.tld" - ; Checks - pkg_linter=1 - setup_sub_dir=1 - setup_root=1 - setup_private=1 - setup_public=1 - upgrade=1 - upgrade=1 from_commit=048ae59a016755b0829a4e8f3ed5d0dbbd1b826b - backup_restore=1 - port_already_use=1 - change_url=1 -;;; Options -Email=nicolas@aubonalbanais.ovh -Notification=none -;;; Upgrade options - ; commit=048ae59a016755b0829a4e8f3ed5d0dbbd1b826b - name=Package ynh3 - -##;; Test sans Mosquitto -## ; Manifest -## domain="domain.tld" (DOMAIN) -## path="/domoticz" (PATH) -## is_public=1 (PUBLIC|public=1|private=0) -## mqtt_domain="sub.domain.tld" -## ; Checks -## pkg_linter=0 -## setup_sub_dir=1 -## setup_root=1 -## setup_private=1 -## setup_public=1 -## upgrade=1 -## upgrade=1 from_commit=048ae59a016755b0829a4e8f3ed5d0dbbd1b826b -## backup_restore=1 -## port_already_use=1 -## change_url=1 -##;;; Options -##Email=nicolas@aubonalbanais.ovh -##Notification=none -##;;; Upgrade options -## ; commit=048ae59a016755b0829a4e8f3ed5d0dbbd1b826b -## name=Package ynh3 - diff --git a/conf/app.src.default b/conf/app.src.default deleted file mode 100644 index 79ebb78..0000000 --- a/conf/app.src.default +++ /dev/null @@ -1,5 +0,0 @@ -SOURCE_URL=http://www.domoticz.com/download.php?channel=release&type=release&system=__OS__&machine=__MACH__ -SOURCE_SUM=__SHA256__ -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=false diff --git a/conf/domoticz_mosquitto.conf b/conf/domoticz_mosquitto.conf index fbf5e45..95e7326 100644 --- a/conf/domoticz_mosquitto.conf +++ b/conf/domoticz_mosquitto.conf @@ -1,9 +1,9 @@ log_timestamp_format %Y-%m-%dT%H:%M:%S -listener __MQTT_PORT__ 127.0.0.1 -listener __MQTT_PORT__ ::1 +listener __PORT_MQTT__ 127.0.0.1 +listener __PORT_MQTT__ ::1 -listener __MQTT_WEBSOCKET_PORT__ +listener __PORT_MQTT_WEBSOCKET__ protocol websockets allow_anonymous false diff --git a/conf/mqtt_nginx.conf b/conf/mqtt_nginx.conf index 912b649..d4c489a 100644 --- a/conf/mqtt_nginx.conf +++ b/conf/mqtt_nginx.conf @@ -2,7 +2,7 @@ location / { #Settings for mqtt server from outside proxy_http_version 1.1; - proxy_pass http://localhost:__MQTT_WEBSOCKET_PORT__; + proxy_pass http://localhost:__PORT_MQTT_WEBSOCKET__; proxy_read_timeout 90; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/conf/sudoer b/conf/sudoer deleted file mode 100644 index 09e5800..0000000 --- a/conf/sudoer +++ /dev/null @@ -1,14 +0,0 @@ -# -# This file MUST be edited with the 'visudo' command as root. -# -# Use 'visudo -f /etc/sudoers.d/domoticz' to do so. -# -# See the man page for details on how to write a sudoers file. - -#This file allow domoticz user to restart the service while upgrading the application with the upstream internal updater - -#alias for command to restart service (will be used during upgrade) -Cmnd_Alias RESTART_CMD = /sbin/service __APP__.sh restart - -#authorized app user to run restart command -__APP__ ALL=(ALL) NOPASSWD: RESTART_CMD \ No newline at end of file diff --git a/conf/systemd.service b/conf/systemd.service index b1d2abe..253309c 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -5,17 +5,14 @@ After=network.target [Service] User=__APP__ Group=__APP__ -ExecStart=__FINALPATH__/domoticz -www __PORT__ -sslwww 0 -log /var/log/__APP__/__APP__.log -loglevel normal,status,error -WorkingDirectory=__FINALPATH__/ -PermissionsStartOnly=true -ExecStartPre=setcap 'cap_net_bind_service=+ep cap_net_raw=+eip' __FINALPATH__/domoticz +ExecStart=__INSTALL_DIR__/domoticz -www __PORT__ -sslwww 0 -log /var/log/__APP__/__APP__.log -loglevel normal,status,error +WorkingDirectory=__INSTALL_DIR__/ +ExecStartPre=+setcap 'cap_net_bind_service=+ep cap_net_raw=+eip' __INSTALL_DIR__/domoticz Restart=on-failure RestartSec=1m #StandardOutput=null # Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html NoNewPrivileges=yes PrivateTmp=yes diff --git a/doc/ADMIN.md b/doc/ADMIN.md new file mode 100644 index 0000000..65fc151 --- /dev/null +++ b/doc/ADMIN.md @@ -0,0 +1,95 @@ +## Configuration + +### Broker Mosquitto + +During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), is installed at the same time as Domoticz. +This broker requires a dedicated domain or subdomain to work (ex : mqtt.your.domain.tld): creating this domain prior installation is a prerequisite +You may also install the [Mosquitto package](https://github.com/YunoHost-Apps/mosquitto_ynh) without using the one provided by domoticz_ynh. + +#### Adding in Domoticz + +To use Mosquitto, you need to customize the communication between Domoticz and the broker by following the [domoticz documentation](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto), part *Add hardware "MQTT Client Gateway"*. +User and password are automatically generated during installation, you may retrieve them with +```` +sudo yunohost app setting domoticz mqtt_user +sudo yunohost app setting domoticz mqtt_pwd +```` + +#### Publish/Subscribe + +By default, mosquitto will listen on 2 ports: +- 1883 on localhost using MQTT protocol +- 8883 using websocket protocol. NGINX redirect external port 443 to this internal port. + +Hence, To publish/subscribe on a topic from the outside, you have to use a software supporting websocket protocol (ex : paho Python library). + +#### Mosquitto_pub et mosquitto_sub + +These 2 tools do not support websocket protocol, only direct mqtt: base settings will not allow communication from an outside device. +If you're using them directly from your server, this kind of syntax should work: +```` +mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }' +```` +In the same way: +```` +mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out' +```` + +If you wish to open direct mqtt protocol from an outside device, you'll need to: +- open port 1883 on YunoHost firewall (**Attention, security risk**) +- Allows IP addresses in Mosquitto configuration for this listener +- Set the tls setting in Mosquitto configuration by giving access to crt.pem and key.pem from your mqtt domain by setting respective certfile et keyfile variables. **This is mandatory to ensure a secure connection.** + +#### Upgrade from version without Mosquitto +If you have package 2020.2~ynh3 or below or if you have chosen to not set a domain during initial installation, Mosquitto is not installed by default. +If you need to activate mosquitto in retrospect, do following actions: +1. Create a domain or a subdomain (for example: 'mqtt.your.domain.tld') +2. Connect to your server in command line +3. Type following command : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld` +4. Upgrade Domoticz to last package. +If you're already on the last package version, use the following command: `yunohost app upgrade domoticz --force` + +## Configuration + +### Sensors, language and this kind of stuff +Main configuration of the app take place inside the app itself. + +### Zwave management +If you're using Zwave devices, install Mosquitto along Domoticz and give a try to [zwave-JS-UI package](https://github.com/YunoHost-Apps/zwave-js-ui_ynh). +Once installed, just follow instructions from the [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI) + +### Access and API +By default, access for the [JSON API](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) is allowed on following path `/yourdomain.tld/api_/domoticzpath`. +So if you access Domoticz via https://mydomainname.tld/domoticz, use the following webpath for the API: `/mydomainname.tld/api_/domoticz/json.htm?yourapicommand` + +By default, only sensor updates and switch toogle are authorized. To authorized a new command, you have to manually update the NGINX config file: +```` +sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf +```` +Then edit the following block by adding the regex of the command you want to allow: +```` + #set the list of authorized json command here in regex format + #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's + #By default, sensors updates and toggle switch are authorized + if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$) { + set $api "1"; + } +```` +For example, to add the JSON command to retrieve the status of a device (/json.htm?type=devices&rid=IDX),modify the line as this: +```` + if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) { + set $api "1"; + } +```` + +All IPv4 addresses within the local network (192.168.0.0/24) and *all IPv6* addresses are authorized as API. +As far as I know, there is no way to filter for IPv6 address on local network: You may remove the authorization by removing or commenting this line in `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`: +```` +allow ::/1; +```` +This will authorized only IPv4 within local network to access your Domoticz API. +You may add individual IPv6 address in the same way. + +## Limitations + +* Backup cannot be restored on a different machine type (arm, x86...) as compiled sources are different \ No newline at end of file diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md new file mode 100644 index 0000000..db729cc --- /dev/null +++ b/doc/ADMIN_fr.md @@ -0,0 +1,96 @@ +## Configuration + +### Broker MQTT Mosquitto + +À l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), est installé en même temps que Domoticz. +Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant. +Vous pouvez également installer le [package pour Mosquitto](https://github.com/YunoHost-Apps/mosquitto_ynh) sans utiliser celui de domoticz_ynh. + +#### Ajout dans Domoticz + +Pour pouvoir l'utiliser, vous devez paramétrer la communication avec entre Domoticz et le broker en suivant la [documentation de Domoticz](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto) dans la partie *Add hardware "MQTT Client Gateway"* +Les users et mot de passe du broker sont automatiquement générés lors de l'installation. Vous pouvez les récupérer avec +```` +sudo yunohost app setting domoticz mqtt_user +sudo yunohost app setting domoticz mqtt_pwd +```` + +#### Publier/souscrire + +Par défaut, Mosquitto va écouter sur 2 ports : +- Le 1883 sur localhost en protocole MQTT +- Le 8883 en protocole websocket. NGINX redirige le port 443 externe vers ce port en interne. +Pour publier/souscrire sur un topic depuis l'exterieur, vous devez donc utiliser un programme supportant le protocole websocket (ex : la bibliothèque Python paho). + +#### Mosquitto_pub et mosquitto_sub + +Ces deux programmes ne supportent pas le protocole websocket mais uniquement le MQTT : le paramétrage de base ne vous autorise donc pas à les utiliser pour communiquer depuis un client externe. +Si vous les utilisez directement depuis votre serveur, ce genre de syntaxe devrait marcher : +```` +mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }' +```` +De la même manière:c +```` +mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out' +```` +Si vous souhaitez ouvrir le protocole MQTT depuis l'extérieur afin de pouvoir les utiliser depuis un autre serveur, il vous faudra: +- ouvrir le port 1883 sur le firewall YunoHost (**Attention, risque de sécurité**) +- autoriser les adresses IP souhaitées dans la configuration de mosquitto pour ce listener +- paramétrer le tls dans la configuration de mosquitto en donnant accès au crt.pem et key.pem de votre domaine MQTT en les paramétrant respectivement avec les variables certfile et keyfile. **Ceci est obligatoire pour sécuriser la connexion.** + + + + +#### Mise à jour depuis les versions n'ayant pas Mosquitto +Si vous êtes sur le package 2020.2~ynh3 ou inférieur, Mosquitto n'est pas installé par défaut. +De même si vous avez choisi de ne pas indiquer de domaine pour Mosquitto lors de l'installation initiale. +Pour pouvoir l'installer après coup, faites les actions suivantes : +1. créez un domaine ou sous-domaine pour recevoir les informations (par exemple : 'mqtt.your.domain.tld') +2. connecter vous en ligne de commande à votre serveur +3. taper la commande suivante : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld` +4. Procédez à la mise à jour. +Si vous êtes déjà sur la dernière version, utiliser la commmande suivante : `yunohost app upgrade domoticz --force` + + +### Senseurs, langue et ce genre de choses +Toute la configuration de l'application a lieu dans l'application elle même + +### Gestion du Zwave +Si vous utilisez des équipements Zwave, installez mosquitto en plus de Domoticz et essayez le [package zwave-JS-UI](https://github.com/YunoHost-Apps/zwave-js-ui_ynh). +Une fois installé, suivez simplement les indications du [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI) + +### Accès et API +Par défaut, l'accès aux [API JSON](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) est autorisé sur cette URL `/votredomaine.tld/api_/chemindedomoticz`. +Donc, si vous accédez à Domoticz par https://votredomaine.tld/domoticz, utilisez le chemin suivant pour l'API: `/votredomaine.tld/api_/domoticz/json.htm?votrecommandeapi` + +Par défaut, seule la mise à jour de senseur et les interrupteurs sont autorisés. Pour autoriser une nouvelle commande, vous devez manuellement éditer le fichier de configuration NGINX : +```` +sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf +```` +Puis éditer le bloc suivant en y ajoutant le regex de la commmande à autoriser : +```` + #set the list of authorized json command here in regex format + #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's + #By default, sensors updates and toggle switch are authorized + if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$) { + set $api "1"; + } +```` +Par exemple, pour ajouter la commmande JSON pour retrouver le statut d'un équipement (/json.htm?type=devices&rid=IDX),il faut modifier la ligne comme ceci : +```` + if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) { + set $api "1"; + } +```` + +Toutes les adresses IPv4 du réseau local (192.168.0.0/24) et toutes les adresses IPv6 sont autorisées pour l'API. +À ma connaissance, il n'y a pas moyen d'effectuer un filtre pour les adresses IPv6 sur le réseau local, vous pouvez donc retirer leur autorisation en enlevant ou en commentant la ligne suivante dans `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`: +```` +allow ::/1; +```` +Ceci autorisera seulement les adresses IPv4 local a accéder aux API de Domoticz. +Vous pouvez ajouter des adresses IPv6 de la même façon. + +## Limitations + +* Un backup ne peut pas être restauré sur un type de machine différente de celle d'origine (x86, arm...) car les sources compilées sont différentes diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index 215178f..2acb4ce 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -9,102 +9,8 @@ For example this system can be used with: * Temperature Sensors * Pulse Meters * Voltage / AD Meters -* And more ... +* And more... -**Shipped version:** Always the last stable one. The last compiled version is retrieved from [this directory](https://releases.domoticz.com/releases/?dir=./release) during install. -Once installed, **updates from the uptream app are managed from within the app**. Yunohost upgrade script will only upgrade the Yunohost package. - -The MQTT broker mosquitto is integrated into the package. It requires its own domain or subdomain. It's an optional setting: during install if you set the same domaine as your main app domain, it won't be installed. - -## Configuration - -### Broker Mosquitto - -During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), is installed at the same time as Domoticz. The installed version is the one from the official project repo and not from Debian ones. -This broker requires a dedicated domain or subdomain to work (ex : mqtt.your.domain.tld) : creating this domain prior installation is a prerequisite - -#### Adding in domoticz - -To use mosquitto, you need to customize the communication between domoticz and the broker by following the [domoticz documentation](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto), part *Add hardware "MQTT Client Gateway"*. -User and password are automatically generated during installation, you may retrieve them with -```` -sudo yunohost app setting domoticz mqtt_user -sudo yunohost app setting domoticz mqtt_pwd -```` - -#### Publish/Subscribe - -By default, mosquitto will listen on 2 ports: -- 1883 on localhost using mqtt protocol -- 8883 using websocket protocol. Nginx redirect external port 443 to this internal port. - -Hence, To publish/subscribe on a topic from the outside, you have to use a software supporting websocket protocol (ex : paho python library). - -#### Mosquitto_pub et mosquitto_sub - -These 2 tools do not support websocket protocol, only direct mqtt: base settings will not allow communication from an outside device. -If you're using them directly from your server, this kind of syntax should work: -```` -mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }' -```` -In the same way: -```` -mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out' -```` - -If you wish to open direct mqtt protocol from an outside device, you'll need to: -- open port 1883 on Yunohost firewall (**Attention, security risk**) -- Allows IP addresses in mosquitto configuration for this listener -- Set the tls setting in mosquitto configuration by giving access to crt.pem and key.pem from your mqtt domain by setting respective certfile et keyfile variables. **This is mandatory to ensure a secure connection.** - -#### Upgrade from version without mosquitto -If you have package ynh3 or below, mosquitto is not installed by default. -If you have chosen to not set a domain during initial installation also. -So, if you need to activate mosquitto in retrospect, do following actions: -1. Create a domain or a subdomain (for example : 'mqtt.your.domain.tld') -2. Connect to your server in command line -3. Type following command : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld` -4. Upgrade domoticz to last package. -If you're already on the last package version, use the following command : `yunohost app upgrade domoticz --force` - -## Configuration - -### Sensors, language and this kind of stuff -Main configuration of the app take place inside the app itself. - -### Zwave management -If you're using zwave devices, install mosquitto along domoticz and give a try to [zwave-JS-UI package](https://github.com/YunoHost-Apps/zwave-js-ui_ynh). -Once installed, just follow instructions from the [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI) - -### Access and API -By default, access for the [JSON API](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) is allowed on following path `/yourdomain.tld/api_/domoticzpath`. -So if you access domoticz via https://mydomainname.tld/domoticz, use the following webpath for the api : `/mydomainname.tld/api_/domoticz/json.htm?yourapicommand` - -By default, only sensor updates and switch toogle are authorized. To authorized a new command, you have to manually update the nginx config file : -```` -sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf -```` -Then edit the following block by adding the regex of the command you want to allow: -```` - #set the list of authorized json command here in regex format - #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's - #By default, sensors updates and toggle switch are authorized - if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$) { - set $api "1"; - } -```` -For example, to add the json command to retrieve the status of a device (/json.htm?type=devices&rid=IDX),modify the line as this: -```` - if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) { - set $api "1"; - } -```` - -All IPv4 addresses within the local network (192.168.0.0/24) and *all IPv6* addresses are authorized as API. -As far as I know, there is no way to filter for IPv6 address on local network : You may remove the authorization by removing or commenting this line in `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`: -```` -allow ::/1; -```` -This will authorized only IPv4 within local network to access your domoticz API. -You may add individual IPv6 address in the same way. \ No newline at end of file +The MQTT broker Mosquitto is integrated into the package and requires its own domain or subdomain. It's an optional setting. +You may also install the [Mosquitto package](https://github.com/YunoHost-Apps/mosquitto_ynh) without using the one provided by domoticz_ynh. \ No newline at end of file diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md index f87a128..8fce85a 100644 --- a/doc/DESCRIPTION_fr.md +++ b/doc/DESCRIPTION_fr.md @@ -11,99 +11,7 @@ Il peut par exemple être utilisé avec : * des voltmètres * Et bien d'autres -**Version incluse :** Toujours la dernière version stable. La dernière version compilée est récupérée dans [ce répertoire](https://releases.domoticz.com/releases/?dir=./release) lors de l'installation. -Une fois installée, **les mises à jour de l'application sont gérées depuis les menus de l'application elle même**. Le script de mise à jour Yunohost mettra uniquement à jour de nouvelles version du package. - -Le broker MQTT mosquitto est intégré au package et nécessite un sous-domaine ou un domaine distinct. Il est optionnel et si vous indiquez lors de l'installation le même domaine que le domaine principal, il ne sera pas installé. - -## Configuration - -### Broker MQTT Mosquitto - -A l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), est installé en même temps que Domoticz. La version installée est celle du dépot officiel du projet, et non des dépots Debian. -Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant. - -#### Ajout dans domoticz - -Pour pouvoir l'utiliser, vous devez paramétrer la communication avec entre domoticz et le broker en suivant la [documentation de domoticz](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto) dans la partie *Add hardware "MQTT Client Gateway"* -Les users et mot de passe du broker sont automatiquement générés lors de l'installation. Vous pouvez les récupérer avec -```` -sudo yunohost app setting domoticz mqtt_user -sudo yunohost app setting domoticz mqtt_pwd -```` - -#### Publier/souscrire - -Par défaut, mosquitto va écouter sur 2 ports: -- Le 1883 sur localhost en protocole mqtt -- Le 8883 en protocole websocket. Nginx redirige le port 443 externe vers ce port en interne. -Pour publier/souscrire sur un topic depuis l'exterieur, vous devez donc utiliser un programme supportant le protocole websocket (ex : la bibliothèque python paho).: - -#### Mosquitto_pub et mosquitto_sub - -Ces deux programmes ne supportent pas le protocole websocket mais uniquement le mqtt : le paramétrage de base ne vous autorise donc pas à les utiliser pour communiquer depuis un client externe. -Si vous les utilisez directement depuis votre serveur, ce genre de syntaxe devrait marcher: -```` -mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }' -```` -De la même manière:c -```` -mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out' -```` -Si vous souhaitez ouvrir le protocole mqtt depuis l'extérieur afin de pouvoir les utiliser depuis un autre serveur, il vous faudra: -- ouvrir le port 1883 sur le firewall Yunohost (**Attention, risque de sécurité**) -- autoriser les adresses IP souhaitées dans la configuration de mosquitto pour ce listener -- paramétrer le tls dans la configuration de mosquitto en donnant accès au crt.pem et key.pem de votre domaine mqtt en les paramétrant respectivement avec les variables certfile et keyfile. **Ceci est obligatoire pour sécuriser la connexion.** +Le broker MQTT Mosquitto est intégré au package et nécessite un sous-domaine ou un domaine distinct. Il est optionnel. +Vous pouvez également installer le [package pour Mosquitto](https://github.com/YunoHost-Apps/mosquitto_ynh) sans utiliser celui de domoticz_ynh. - - -#### Mise à jour depuis les versions n'ayant pas mosquittoo -Si vous êtes sur le package ynh3 ou inférieur, mosquitto n'est pas installé par défaut. -De même si vous avez choisi de ne pas indiquer de domaine pour mosquitto lors de l'installation initiale. -Pour pouvoir l'installer après coup, faites les actions suivantes: -1. créez un domaine ou sous-domaine pour recevoir les informations (par exemple : 'mqtt.your.domain.tld') -2. connecter vous en ligne de commande à votre serveur -3. taper la commande suivante : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld` -4. Procédez à la mise à jour. -Si vous êtes déjà sur la dernière version, utiliser la commmande suivante : `yunohost app upgrade domoticz --force` - - -### Senseurs, langue et ce genre de choses -Toute la configuration de l'application a lieu dans l'application elle même - -### Gestion du Zwave -Si vous utilisez des équipements zwave, installez mosquitto en plus de domoticz et essayez le [package zwave-JS-UI](https://github.com/YunoHost-Apps/zwave-js-ui_ynh). -Une fois installé, suivez simplement les indications du [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI) - -### Accès et API -Par défaut, l'accès aux [API JSON](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) est autorisé sur cette URL `/votredomaine.tld/api_/chemindedomoticz`. -Donc, si vous accédez à domoticz par https://votredomaine.tld/domoticz, utilisez le chemin suivant pour l'api: `/votredomaine.tld/api_/domoticz/json.htm?votrecommandeapi` - -Par défaut, seule la mise à jour de senseur et les interrupteurs sont autorisés. Pour autoriser une nouvelle commande, vous devez manuellement éditer le fichier de configuration nginx : -```` -sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf -```` -Puis éditer le bloc suivant en y ajoutant le regex de la commmande à autoriser : -```` - #set the list of authorized json command here in regex format - #you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's - #By default, sensors updates and toggle switch are authorized - if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$) { - set $api "1"; - } -```` -Par exemple, pour ajouter la commmande json pour retrouver le statut d'un équipement (/json.htm?type=devices&rid=IDX),il faut modifier la ligne comme ceci: -```` - if ( $args ~* type=command¶m=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command¶m=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) { - set $api "1"; - } -```` - -Toutes les adresses IPv4 du réseau local (192.168.0.0/24) et toutes les adresses IPv6 sont autorisées pour l'API. -A ma connaissance, il n'y a pas moyen d'effectuer un filtre pour les adresses IPv6 sur le réseau local, vous pouvez donc retirer leur autorisation en enlevant ou en commentant la ligne suivante dans `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`: -```` -allow ::/1; -```` -Ceci autorisera seulement les adresses IPv4 local a accéder aux API de domoticz. -Vous pouvez ajouter des adresses IPv6 de la même façon. diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md deleted file mode 100644 index 66a8856..0000000 --- a/doc/DISCLAIMER.md +++ /dev/null @@ -1,15 +0,0 @@ - -## Limitations - -* No user management nor LDAP integration This function is [not planned to be implemented into the app](https://github.com/domoticz/domoticz/issues/838), hence it's not planned into the package neither. -* Backup cannot be restored on a different machine type (arm, x86...) as compiled sources are different - -## Security consideration - -Although you may activate a login page on the application (either from the *Setup/Settings/System/Website protection* menu or from the *Setup/More Options/Edit Users* menu), it doesn't seems to be very reliable and secure so far (version 2022.2 at the time of writing). Work is ongoing to strengthen the security ([see here](https://www.domoticz.com/wiki/Security)) in future version but is not yet released. - -### recommandation - -It seems advisable to not make the app publicly available outside of the yunohost sso (public = yes at install or setting the domoticz permission to 'visitors' in the admin panel). If for any reason you need to, I recommend the following: - - Activate the website protection/user management (with login page instead of Basic-auth) - - In *Setup/Settings/System/Local Networks (no username/password)* enter the address of the nginx proxy (should be "::1;127.0.0.1" in any standard Yunohost installation) so that the Fail2ban settings is active (see last lines of [this wiki](https://www.domoticz.com/wiki/WebServer_Proxy) diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md deleted file mode 100644 index baca40c..0000000 --- a/doc/DISCLAIMER_fr.md +++ /dev/null @@ -1,15 +0,0 @@ - -## Limitations - -* Pas de gestion d'utilisateurs ni d'intégration LDAP. L'application ne [prévoit pas de gérer les utilisateurs par LDAP](https://github.com/domoticz/domoticz/issues/838), donc le package non plus. -* Un backup ne peut pas être restauré sur un type de machine différente de celle d'origine (x86, arm...) car les sources compilées sont différentes - -## A propos de la sécurité - -Bien que vous pouviez activer une page de connexion dans l'application (soit depuis le menu *Configuration/Paramètres/Système/Sécurité* ou depuis *Configuration/Plus d'options/Gérer les utilisateurs*), les fonctionnalités ne semblent pas très avancées ni safe pour l'instant (version 2022.2 au moment d'écrire). Un travail a été entrepris pour renforcer la sécurité ([voir ici](https://www.domoticz.com/wiki/Security)) dans les versions futures mais n'a pas encore été released. - -### recommandations - -Il semble conseillé de ne pas rendre l'application publique en dehors du sso yunohost (public = oui à l'installation ou mettre la permission domoticz à 'Visiteurs' dans le panel d'administration Yunohost). Si pour quelques raisons que ce soit, vous deviez le faire, je vous recommande: - - d'activer la sécurité de connexion à domoticz (plutot avec la login page qu'avec la basic-auth) - - Dans *Configuration/Système/Réseaux Locaux (pas d'authentification)* d'entrer les adresses du proxy nginx (cela devrait être "::1;127.0.0.1" dans une installation Yunohost Standard) afin que Fail2ban puisse bloquer les tentatives de connexions (voir les dernières lignes de [ce wiki](https://www.domoticz.com/wiki/WebServer_Proxy) \ No newline at end of file diff --git a/doc/POST_INSTALL_fr.md b/doc/POST_INSTALL_fr.md new file mode 100644 index 0000000..51236ed --- /dev/null +++ b/doc/POST_INSTALL_fr.md @@ -0,0 +1,8 @@ +### Première connexion + +L'utilisateur *admin* et le mot de passe *domoticz* vous permettront d'accéder au système. Il est bien évidemment recommandé de les modifier immédiatement. +Les users et mot de passe du broker Mosquitto sont automatiquement générés lors de l'installation. Vous pouvez les récupérer avec +```` +sudo yunohost app setting domoticz mqtt_user +sudo yunohost app setting domoticz mqtt_pwd +```` diff --git a/doc/POST_INTALL.md b/doc/POST_INTALL.md new file mode 100644 index 0000000..b0751fb --- /dev/null +++ b/doc/POST_INTALL.md @@ -0,0 +1,8 @@ +### Initial access + +User *admin* with password *domoticz* allow you to access the system. Of course, you should change them immediately. +User and password for Mosquitto broker are automatically generated during installation, you may retrieve them with +```` +sudo yunohost app setting domoticz mqtt_user +sudo yunohost app setting domoticz mqtt_pwd +```` diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md new file mode 100644 index 0000000..ef94d9d --- /dev/null +++ b/doc/PRE_INSTALL.md @@ -0,0 +1,6 @@ +## Mosquitto Broker + +During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), may be installed at the same time as Domoticz. +This broker requires a dedicated domain or subdomain to work (ex: mqtt.your.domain.tld) : creating this domain prior installation is a prerequisite. +It's an optional setting: during install if you set, for the MQTT domain, the same domain as your main app domain or enter an empty domain, the broker won't be installed. + diff --git a/doc/PRE_INSTALL_fr.md b/doc/PRE_INSTALL_fr.md new file mode 100644 index 0000000..16c2e80 --- /dev/null +++ b/doc/PRE_INSTALL_fr.md @@ -0,0 +1,6 @@ +## Broker MQTT Mosquitto + +À l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), peut être installé en même temps que Domoticz. +Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant. +Il est optionnel et si vous indiquez lors de l'installation un domaine vide ou le même domaine que le domaine principal pour le domaine MQTT, le broker ne sera pas installé. + diff --git a/doc/PRE_UPGRADE.d/2023.1~ynh1.md b/doc/PRE_UPGRADE.d/2023.1~ynh1.md new file mode 100644 index 0000000..bb8bb96 --- /dev/null +++ b/doc/PRE_UPGRADE.d/2023.1~ynh1.md @@ -0,0 +1,10 @@ +### +BEWARE! If you did not activate the Mosquitto Broker within this package, please run following command prior to upgrade: +````yunohost app setting $app mqtt_domain -v your.$app.domain.tld```` +Failure to do so may break the app. +If you did activate the Mosquitto broker, you can proceed safely. + +###Changelog +- Move to packaging v2 +- From now on, upgrade of the upstream app will not be handled into the app anymore: a new package version will be published for a new Domoticz version. Internal upgrade is disabled (although you may still use the command line) +- Upgrade to 2024.2 \ No newline at end of file diff --git a/doc/screenshots/domoticz_Switches_screen.png b/doc/screenshots/domoticz_Switches_screen.png new file mode 100644 index 0000000..96380b9 Binary files /dev/null and b/doc/screenshots/domoticz_Switches_screen.png differ diff --git a/doc/screenshots/domoticz_floorplan_machineon.png b/doc/screenshots/domoticz_floorplan_machineon.png new file mode 100644 index 0000000..e4d90ba Binary files /dev/null and b/doc/screenshots/domoticz_floorplan_machineon.png differ diff --git a/manifest.json b/manifest.json deleted file mode 100644 index e4c7b96..0000000 --- a/manifest.json +++ /dev/null @@ -1,68 +0,0 @@ -{ - "name": "Domoticz", - "id": "domoticz", - "packaging_format": 1, - "description": { - "en": "Home automation system that lets you monitor and configure miscellaneous devices", - "fr": "Logiciel de domotique qui vous permet de configurer un grand nombre d'appareils" - }, - "version": "2020.2~ynh8", - "url": "https://www.domoticz.com", - "upstream": { - "license": "GPL-3.0-or-later", - "website": "https://domoticz.com/", - "admindoc": "https://www.domoticz.com/wiki/Main_Page", - "userdoc": "https://www.domoticz.com/DomoticzManual.pdf", - "code": "https://github.com/domoticz/domoticz", - "cpe": "cpe:2.3:a:domoticz:domoticz" - }, - "license": "GPL-3.0-or-later", - "maintainer": { - "name": "Krakinou", - "email": "misterl56@hotmail.com" - }, - "requirements": { - "yunohost": ">= 11.0.0" - }, - "multi_instance": false, - "services": [ - "nginx" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "path", - "type": "path", - "example": "/domoticz", - "default": "/domoticz" - }, - { - "name": "is_public", - "type": "boolean", - "default": false, - "help": { - "fr": "Attention, cette application n'a pas de gestion d'utilisateur par défaut, si vous la mettez public, n importe qui y aura accès!", - "en": "Beware, there is no user management by default. If it's set as public, anyone will have access!" - } - }, - { - "name": "mqtt_domain", - "type": "domain", - "ask": { - "fr": "Domaine MQTT", - "en": "MQTT domain" - }, - "example": "mqtt.your.domain.com", - "optional": true, - "help": { - "fr": "Domaine pour le serveur MQTT. Remettez le domaine principal si vous ne souhaitez pas l'utiliser. Lire la documentation pour plus d'informations", - "en": "MQTT server domain. Set the main domain if you don't wish to use it. See the doc for more info" - } - } - ] - } -} \ No newline at end of file diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..05ea90e --- /dev/null +++ b/manifest.toml @@ -0,0 +1,99 @@ +packaging_format = 2 + +id = "domoticz" +name = "Domoticz" +description.en = "Lightweight Home Automation System" +description.fr = "Système domotique léger" + +version = "2024.2~ynh1" + +maintainers = ["Krakinou"] + +[upstream] +license = "GPL-3.0-or-later" +website = "https://domoticz.com/" +admindoc = "https://www.domoticz.com/wiki/Main_Page" +userdoc = "https://www.domoticz.com/DomoticzManual.pdf" +code = "https://github.com/domoticz/domoticz" +cpe = "cpe:2.3:a:domoticz:domoticz" +fund = "https://www.paypal.com/donate?token=rF_gUybGmQGia_jzLfu3vkeXRqYLRV-v-BxCTylrTsEN4mB-nDdSVQhg3a-I9LkiqORq70Gtxbo6rq3r&locale.x=US" + +[integration] +yunohost = ">= 11.2" +architectures = [ "amd64", "armhf", "arm64" ] +multi_instance = false + +ldap = false + +sso = false + +disk = "100M" +ram.build = "150M" +ram.runtime = "50M" + +[install] + [install.domain] + type = "domain" + + [install.path] + type = "path" + default = "/domoticz" + + [install.init_main_permission] + type = "group" + default = "all_users" + + [install.mqtt_domain] + ask.fr = "Domaine MQTT" + ask.en = "MQTT domain" + help.fr = "Domaine pour le serveur MQTT. Remettez le domaine principal ou à vide si vous ne souhaitez pas l'utiliser. Lire la documentation pour plus d'informations" + help.en = "MQTT server domain. Set blank or the main domain if you don't wish to use it. See the doc for more info" + type = "domain" + optional = true + +[resources] + [resources.sources.main] + arm64.url = "https://github.com/domoticz/domoticz/releases/download/2024.2/domoticz_linux_2024.2_aarch64.tgz" + arm64.sha256 = "d0ee6660c1c05c2949bfbe669de0029795f5974a5f00b6818c0aefba944b3fd6" + armhf.url = "https://github.com/domoticz/domoticz/releases/download/2024.2/domoticz_linux_2024.2_armv7l.tgz" + armhf.sha256 = "23eb3f4d2c818761773a45282b054f2707808005643ceba10a386cb1cf93db0a" + amd64.url = "https://github.com/domoticz/domoticz/releases/download/2024.2/domoticz_linux_2024.2_x86_64.tgz" + amd64.sha256 = "0f973af6dcadef17d75ac7372dfc2f0a87bd0fabca8db04348fe34bd1d0180e2" + format="tar.gz" + in_subdir=false + extract=true + + autoupdate.strategy = "latest_github_release" + + autoupdate.asset.arm64 = "*_aarch64.tgz" + autoupdate.asset.amd64 = "*_x86_64.tgz" + autoupdate.asset.armhf = "*_armhf.tgz" + + [resources.system_user] + + [resources.install_dir] + + [resources.permissions] + main.url = "/" + main.auth_header = false + + api.url = "__DOMAIN__/api_/__APP__" + api.show_tile = false + api.allowed = "visitors" + + #Permission will be removed by the install script if not needed + mqtt.url = "__MQTT_DOMAIN__/" + mqtt.show_tile = false + mqtt.allowed = "visitors" + + [resources.ports] + main.default = 8080 + #to be checked if it can become conditionnal + #ports will always be provisionned... don't know if it's an issue... + mqtt.default = 1883 + mqtt_websocket.default = 8883 + + [resources.apt] + packages = "libudev-dev, python3-dev, libcurl4, libusb-0.1-4" + packages_from_raw_bash = '''if [ "$mqtt_domain" != "$domain" ]; then echo mosquitto mosquitto-clients; fi''' + diff --git a/scripts/_common.sh b/scripts/_common.sh index abc64c6..fc1c768 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,39 +4,10 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app -#python3-dev required as per https://www.domoticz.com/forum/viewtopic.php?f=65&t=16116&p=119747 -#mosquitto and mosquitto-clients are required for mqtt -#other dependencies are from standard install script... seems quite useles... -pkg_dependencies="libudev-dev python3-dev" -extra_pkg_dependencies="mosquitto mosquitto-clients" - -default_mqtt_port=1883 -default_mqtt_websocket_port=8883 - -#ALL FOLLOWING LINE FROM THE upstream bash installation script -DEBIAN_ID=$(grep -oP '(?<=^ID=).+' /etc/*-release | tr -d '"') -DEBIAN_VERSION=$(grep -oP '(?<=^VERSION_ID=).+' /etc/*-release | tr -d '"') -if test ${DEBIAN_VERSION} -lt 10 -then - add_dep="libcurl3" -else - add_dep="libcurl4 libusb-0.1-4" -fi; -pkg_dependencies="$pkg_dependencies $add_dep" - lowercase(){ echo "$1" | sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/" } -os=`lowercase \`uname -s\`` -mach=`uname -m` -if [ ${mach} = "armv6l" ] -then - mach="armv7l" -fi -sha256=$(wget -qO- https://releases.domoticz.com/releases/release/domoticz_${os}_${mach}.tgz.sha256sum | sed 's/ update.tgz//' | sed 's/ domoticz_linux_x86_64.tgz//') - #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index ff2c423..c30f632 100755 --- a/scripts/backup +++ b/scripts/backup @@ -10,27 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) -mqtt_domain=$(ynh_app_setting_get --app=$app --key=mqtt_domain) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -40,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE NGINX CONFIGURATION @@ -48,7 +27,7 @@ ynh_backup --src_path="$final_path" ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/api_"$app".conf" -[[ ! -z "$mqtt_domain" ]] && ynh_backup --src_path="/etc/nginx/conf.d/$mqtt_domain.d/mqtt_$app.conf" --not_mandatory +[[ "$domain" != "$mqtt_domain" ]] && ynh_backup --src_path="/etc/nginx/conf.d/$mqtt_domain.d/mqtt_$app.conf" --not_mandatory #================================================= # SPECIFIC BACKUP @@ -75,8 +54,7 @@ ynh_backup --src_path="/etc/systemd/system/$app.service" # BACKUP VARIOUS FILES #================================================= -ynh_backup --src_path="/etc/sudoers.d/$app" -[[ ! -z "$mqtt_domain" ]] && ynh_backup --src_path="/etc/mosquitto/conf.d" --not_mandatory +[[ "$domain" != "$mqtt_domain" ]] && ynh_backup --src_path="/etc/mosquitto/conf.d" --not_mandatory ynh_backup --src_path="/usr/share/yunohost/hooks/conf_regen/95-nginx_domoticz" diff --git a/scripts/change_url b/scripts/change_url index 10691c2..49a869c 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -9,53 +9,18 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH - -new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH - -app=$YNH_APP_INSTANCE_NAME - #================================================= # LOAD SETTINGS #================================================= ynh_script_progression --message="Loading installation settings..." -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) old_api=$(ynh_app_setting_get --app=$app --key=api_path) - if [ "$new_path" == "/" ]; then new_api=/api_/$app else new_api=/api_$new_path fi - -#================================================= -# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - ynh_clean_check_starting - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # CHECK WHICH PARTS SHOULD BE CHANGED #================================================= @@ -86,17 +51,18 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Updating NGINX web server configuration..." -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf -nginx_api_conf_path=/etc/nginx/conf.d/$old_domain.d/api_$app.conf +old_nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf +old_nginx_api_conf_path=/etc/nginx/conf.d/$old_domain.d/api_$app.conf # Change the path in the NGINX config file if [ $change_path -eq 1 ] then # Make a backup of the original NGINX config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" + ynh_backup_if_checksum_is_different --file="$old_nginx_conf_path" # Set global variables for NGINX helper domain="$old_domain" path_url="$new_path" + path="$new_path" api_path="$new_api" # Create a dedicated NGINX config ynh_add_nginx_config @@ -106,10 +72,11 @@ fi if [ $change_domain -eq 1 ] then # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + ynh_delete_file_checksum --file="$old_nginx_conf_path" + ynh_delete_file_checksum --file="$old_nginx_api_conf_path" + mv $old_nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf ynh_replace_string --match_string="/etc/nginx/conf.d/$old_domain.d/" --replace_string="/etc/nginx/conf.d/$new_domain.d/" --target_file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - mv $nginx_api_conf_path /etc/nginx/conf.d/$new_domain.d/api_$app.conf + mv $old_nginx_api_conf_path /etc/nginx/conf.d/$new_domain.d/api_$app.conf # Store file checksum for the new config file location ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/api_$app.conf" @@ -125,7 +92,7 @@ ynh_script_progression --message="Upgrading SSOwat configuration..." # If the app is private, API should stays publicly accessible. ynh_app_setting_delete --app=$app --key="api_path" ynh_app_setting_set --app=$app --key="api_path" --value=$new_api -ynh_permission_url --permission domoticz_API --url "$new_domain$new_api" +ynh_permission_url --permission api --url "$new_domain$new_api" #================================================= # GENERIC FINALISATION diff --git a/scripts/install b/scripts/install index 329b42e..e19734e 100755 --- a/scripts/install +++ b/scripts/install @@ -10,103 +10,33 @@ source _common.sh source /usr/share/yunohost/helpers #================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -domain="$YNH_APP_ARG_DOMAIN" -path_url="$YNH_APP_ARG_PATH" -is_public="$YNH_APP_ARG_IS_PUBLIC" -mqtt_domain="$YNH_APP_ARG_MQTT_DOMAIN" - -app="$YNH_APP_INSTANCE_NAME" - -#Set dedicated variables -if [ "$path_url" == "/" ]; then - api_path=/api_/"$app" -else - api_path=/api_"$path_url" -fi -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." - -final_path=/opt/yunohost/"$app" -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -ynh_webpath_register --app="$app" --domain="$domain" --path_url="$path_url" -#impossible de booker plusieurs webpath -#if [ ! -z $mqtt_domain ]; then -# ynh_webpath_register --app=mqtt_$app --domain=$mqtt_domain --path_url="/" -#fi - -if [ "$domain" == "$mqtt_domain" ]; then - mqtt_domain="" -fi - -#================================================= -# STORE SETTINGS FROM MANIFEST +# STORE SETTINGS #================================================= ynh_script_progression --message="Storing installation settings..." -ynh_app_setting_set --app="$app" --key=domain --value="$domain" -ynh_app_setting_set --app="$app" --key=path --value="$path_url" - #Will be used in restore script to check that we're restoring on the same OS/Board type -ynh_app_setting_set --app="$app" --key=OS --value="$os" +OS=`lowercase \`uname -s\`` +mach=`uname -m` + +ynh_app_setting_set --app="$app" --key=OS --value="$OS" ynh_app_setting_set --app="$app" --key=mach --value="$mach" -#path used by api & mqtt to read/update domoticz +#path used by api to read/update domoticz +#Set dedicated variables +if [ "$path" == "/" ]; then + api_path=/api_/"$app" +else + api_path=/api_"$path" +fi ynh_app_setting_set --app="$app" --key=api_path --value="$api_path" -[[ ! -z "$mqtt_domain" ]] && ynh_app_setting_set --app="$app" --key=mqtt_domain --value="$mqtt_domain" - #================================================= # STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding available port..." - -# Find an available port -port=$(ynh_find_port --port=8080) -ynh_app_setting_set --app="$app" --key=port --value="$port" - -if [ ! -z "$mqtt_domain" ]; then - ynh_script_progression --message="Finding available ports for Mosquitto..." - mqtt_port=$(ynh_find_port --port="$default_mqtt_port") - ynh_app_setting_set --app="$app" --key=mqtt_port --value="$mqtt_port" - - mqtt_websocket_port=$(ynh_find_port --port="$default_mqtt_websocket_port") - ynh_app_setting_set --app="$app" --key=mqtt_websocket_port --value="$mqtt_websocket_port" -fi - -#================================================= -# INSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Installing dependencies..." --weight=15 - -ynh_install_app_dependencies "$pkg_dependencies" - #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." -# Create a system user -ynh_system_user_create --username="$app" --home_dir="$final_path" - #allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus if grep dialout -q < /etc/group; then usermod -a -G dialout "$app" @@ -118,44 +48,31 @@ if grep gpio -q < /etc/group; then usermod -a -G gpio "$app" fi -#allow app user to restart service on startup -ynh_add_config --template="../conf/sudoer" --destination="/etc/sudoers.d/$app" -chmod 440 /etc/sudoers.d/"$app" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=5 -ynh_app_setting_set --app="$app" --key=final_path --value="$final_path" # Download, check integrity, uncompress and patch the source from app.src -# Create an app.src for the correct version of domoticz -# match string are fulfilled in _common.sh via the upstream bash installation script -ynh_add_config --template="../conf/app.src.default" --destination="../conf/app.src" - -ynh_setup_source --dest_dir="$final_path" +ynh_setup_source --dest_dir="$install_dir" #Create the database file -if [ ! -f "$final_path"/domoticz.db ]; then - touch "$final_path"/domoticz.db - chmod 640 "$final_path"/domoticz.db +if [ ! -f "$install_dir"/domoticz.db ]; then + touch "$install_dir"/domoticz.db + chmod 640 "$install_dir"/domoticz.db fi -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R "$app":"$app" "$final_path" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R "$app":"$app" "$install_dir" #================================================= # SET MOSQUITTO SETTINGS #================================================= -if [ ! -z "$mqtt_domain" ]; then +if [ "$domain" != "$mqtt_domain" ]; then ynh_script_progression --message="Setting up mosquitto..." --weight=5 - - #Installing packages - ynh_install_extra_app_dependencies --repo="deb https://repo.mosquitto.org/debian buster main" --package="$extra_pkg_dependencies" --key="http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key" - #Setting up conf file for access ynh_add_config --template="../conf/domoticz_mosquitto.conf" --destination="/etc/mosquitto/conf.d/"$app"_mosquitto.conf" chmod 644 /etc/mosquitto/conf.d/"$app"_mosquitto.conf @@ -163,10 +80,13 @@ if [ ! -z "$mqtt_domain" ]; then #Setting up user&pwd for mqtt access ynh_app_setting_set --app="$app" --key=mqtt_user --value=$(ynh_string_random --length=8) ynh_app_setting_set --app="$app" --key=mqtt_pwd --value=$(ynh_string_random) - echo $(ynh_app_setting_get --app="$app" --key=mqtt_user):$(ynh_app_setting_get --app="$app" --key=mqtt_pwd) > "/etc/mosquitto/conf.d/"$app"_credentials" + echo $(ynh_app_setting_get --app="$app" --key=mqtt_user):$(ynh_app_setting_get --app="$app" --key=mqtt_pwd) > "/etc/mosquitto/conf.d/"$app"_credentials" mosquitto_passwd -U "/etc/mosquitto/conf.d/"$app"_credentials" ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app" +else + #If no MQTT have been set, we delete the mqtt permission. + ynh_permission_delete --permission="mqtt" fi @@ -175,11 +95,10 @@ fi #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=2 -[[ ! -z "$mqtt_domain" ]] && ynh_add_config --template="../conf/mqtt_nginx.conf" --destination="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf" +[[ "$domain" != "$mqtt_domain" ]] && ynh_add_config --template="../conf/mqtt_nginx.conf" --destination="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf" #Set Hook for nginx domain cp -R ../sources/hooks/conf_regen/95-nginx_domoticz /usr/share/yunohost/hooks/conf_regen/ -yunohost tools regen-conf nginx # Create a dedicated NGINX config ynh_add_config --template="api_nginx.conf" --destination="/etc/nginx/conf.d/"$domain".d/api_"$app".conf" @@ -208,7 +127,7 @@ chown -R domoticz: /var/log/"$app" # Use logrotate to manage application logfile(s) ynh_use_logrotate -[[ ! -z "$mqtt_domain" ]] && ynh_use_logrotate --logfile="/var/log/mosquitto" +[[ "$domain" != "$mqtt_domain" ]] && ynh_use_logrotate --logfile="/var/log/mosquitto" #================================================= # INTEGRATE SERVICE IN YUNOHOST @@ -216,7 +135,7 @@ ynh_use_logrotate ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add "$app" --description="Domotique open sources" --log="/var/log/$app/$app.log" -[[ ! -z "$mqtt_domain" ]] && yunohost service add mosquitto --description="Serveur MQTT pour domoticz" --log="/var/log/mosquitto/mosquitto.log" +[[ "$domain" != "$mqtt_domain" ]] && yunohost service add mosquitto --description="Serveur MQTT pour domoticz" --log="/var/log/mosquitto/mosquitto.log" #================================================= @@ -228,7 +147,7 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name="$app" --action="start" #Restarting mosquitto to take changes into account -[[ ! -z "$mqtt_domain" ]] && ynh_systemd_action --service_name=mosquitto --action="restart" +[[ "$domain" != "$mqtt_domain" ]] && ynh_systemd_action --service_name=mosquitto --action="restart" #================================================= # SETUP FAIL2BAN @@ -244,36 +163,6 @@ fi # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from .*$" --max_retry=5 -ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation" - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." - -# Make app public if necessary -if [ "$is_public" -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" - -fi - -#remove the authentication header preventing login from 2023.2 and 11.2.3 onward -ynh_permission_url --permission="main" --auth_header=false - -#API & MQTT should stay publicly accessible. -ynh_permission_create --permission="domoticz_API" --label="api" --url="$domain$api_path" --allowed="visitors" --show_tile="false" --protected="true" -[[ ! -z "$mqtt_domain" ]] && ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true" - - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 9304492..357cb48 100755 --- a/scripts/remove +++ b/scripts/remove @@ -9,126 +9,43 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app="$YNH_APP_INSTANCE_NAME" - -domain=$(ynh_app_setting_get --app="$app" --key=domain) -port=$(ynh_app_setting_get --app="$app" --key=port) -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) -mqtt_domain=$(ynh_app_setting_get --app="$app" --key=mqtt_domain) - #================================================= # STANDARD REMOVE #================================================= # REMOVE SERVICE INTEGRATION IN YUNOHOST #================================================= -# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) +if [ "$domain" != "$mqtt_domain" ]; then + ynh_script_progression --message="Removing system configurations related to Mosquitto..." --weight=1 + yunohost service remove mosquitto + ynh_secure_remove --file="/etc/mosquitto/conf.d" + ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/95-nginx_domoticz" + ynh_secure_remove --file="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf" + yunohost tools regen-conf postfix + ynh_secure_remove --file="/var/log/mosquitto" +fi + +ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 if ynh_exec_warn_less yunohost service status "$app" >/dev/null then ynh_script_progression --message="Removing $app service integration..." yunohost service remove "$app" - [[ ! -z "$mqtt_domain" ]] && yunohost service remove mosquitto fi -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." - # Remove the dedicated systemd config ynh_remove_systemd_config - -#================================================= -# CLOSE A PORT -#================================================= - -if yunohost firewall list | grep -q "\- $port$" -then - ynh_script_progression --message="Closing port $port..." --weight=1 - ynh_exec_warn_less yunohost firewall disallow TCP "$port" -fi - -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=3 - -# Remove metapackage and its dependencies -[[ ! -z "$mqtt_domain" ]] && ynh_secure_remove --file="/etc/mosquitto/conf.d" -ynh_remove_app_dependencies - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." --weight=3 - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." - -#remove hook for mqtt nginx -ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/95-nginx_domoticz" -yunohost tools regen-conf postfix - - -# Remove the dedicated NGINX config -[[ ! -z "$mqtt_domain" ]] && ynh_secure_remove --file="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf" - ynh_secure_remove --file="/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ynh_remove_nginx_config -#================================================= -# REMOVE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Removing logrotate configuration..." - -# Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# REMOVE FAIL2BAN CONFIGURATION -#================================================= -ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=8 - -# Remove the dedicated Fail2Ban config ynh_remove_fail2ban_config -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE VARIOUS FILES -#================================================= -ynh_script_progression --message="Removing various files..." - -# Remove the log files ynh_secure_remove --file="/var/log/$app" -[[ ! -z "$mqtt_domain" ]] && ynh_secure_remove --file="/var/log/mosquitto" - -#Delete the sudoer file -ynh_secure_remove --file="/etc/sudoers.d/$app" - -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." - -# Delete a system user -ynh_system_user_delete --username="$app" #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --last +ynh_script_progression --message="Removal of $app completed" --last \ No newline at end of file diff --git a/scripts/restore b/scripts/restore index d6e51db..e5c2de0 100755 --- a/scripts/restore +++ b/scripts/restore @@ -10,43 +10,23 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= +current_os=`lowercase \`uname -s\`` +current_mach=`uname -m` -ynh_clean_setup () { - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app="$YNH_APP_INSTANCE_NAME" - -domain=$(ynh_app_setting_get --app="$app" --key=domain) -path_url=$(ynh_app_setting_get --app="$app" --key=path) -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) -backup_OS=$(ynh_app_setting_get --app="$app" --key=OS) -backup_mach=$(ynh_app_setting_get --app="$app" --key=mach) -mqtt_domain=$(ynh_app_setting_get --app="$app" --key=mqtt_domain) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_script_progression --message="Validating restoration parameters..." -test ! -d "$final_path" \ - || ynh_die --message="There is already a directory: $final_path " #As we are downloading compiled binaries for each system, we have to check if the restore occurs #on the same system type. If we are restoring on another system type it won't work and in that #case we must go through a reinstall process. -test "$backup_OS" = "$os" \ - || ynh_die --message="Cannot restore : previous OS is $backup_OS, current OS is $OS, please reinstall" -test "$backup_mach" = "$mach" \ - || ynh_die --message="Cannot restore : previous machine type is $backup_mach, current machine type is $MACH, please reinstall" +test "$OS" = "$current_os" \ + || ynh_die --message="Cannot restore : previous OS is $OS, current OS is $current_os, please reinstall" +test "$mach" = "$current_mach" \ + || ynh_die --message="Cannot restore : previous machine type is $mach, current machine type is $current_mach, please reinstall" + +ynh_app_setting_set --app="$app" --key=OS --value="$current_os" +ynh_app_setting_set --app="$app" --key=mach --value="$current_mach" #================================================= # STANDARD RESTORATION STEPS @@ -62,11 +42,6 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$mqtt_domain.d/mqtt_$app.conf" #================================================= # RECREATE THE DEDICATED USER #================================================= -ynh_script_progression --message="Recreating the dedicated system user..." - -# Create the dedicated user (if not existing) -ynh_system_user_create --username="$app" --home_dir="$final_path" - #allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus if grep dialout -q < /etc/group; then usermod -a -G dialout "$app" @@ -78,40 +53,26 @@ if grep gpio -q < /etc/group; then usermod -a -G gpio "$app" fi -#Restore user authorization to restart server -ynh_restore_file --origin_path="/etc/sudoers.d/$app" - #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=5 -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R "$app":"$app" "$final_path" - -#================================================= -# SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Reinstalling dependencies..." --weight=5 - -# Define and install dependencies -ynh_install_app_dependencies "$pkg_dependencies" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R "$app":"$app" "$install_dir" #================================================= # SET MOSQUITTO SETTINGS #================================================= -if [ ! -z "$mqtt_domain" ]; then +if [ "$domain" != "$mqtt_domain" ]; then ynh_script_progression --message="Reinstalling up mosquitto..." --weight=5 - - #Installing packages - ynh_install_extra_app_dependencies --repo="deb https://repo.mosquitto.org/debian buster main" --package="$extra_pkg_dependencies" --key="http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key" - #reinstalling settings ynh_restore_file --origin_path="/etc/mosquitto/conf.d" --not_mandatory +else + #If no MQTT have been set, we delete the mqtt permission. + ynh_permission_delete --permission="mqtt" fi #================================================= @@ -128,7 +89,7 @@ systemctl enable "$app".service --quiet ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add "$app" --description="Domotique open sources" --log="/var/log/$app/$app.log" -[[ ! -z "$mqtt_domain" ]] && yunohost service add mosquitto --description="Serveur MQTT pour domoticz" --log="/var/log/mosquitto/mosquitto.log" +[[ "$domain" != "$mqtt_domain" ]] && yunohost service add mosquitto --description="Serveur MQTT pour domoticz" --log="/var/log/mosquitto/mosquitto.log" #================================================= @@ -139,7 +100,7 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" #Restarting mosquitto to take changes into account -[[ ! -z "$mqtt_domain" ]] && ynh_systemd_action --service_name=mosquitto --action="restart" +[[ "$domain" != "$mqtt_domain" ]] && ynh_systemd_action --service_name=mosquitto --action="restart" #================================================= # RESTORE THE LOGROTATE CONFIGURATION @@ -157,7 +118,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app" ynh_script_progression --message="Restoring various files..." ynh_restore_file --origin_path="/usr/share/yunohost/hooks/conf_regen/95-nginx_domoticz" -yunohost tools regen-conf postfix +#yunohost tools regen-conf postfix #================================================= # RESTORE THE FAIL2BAN CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index aaf89e4..ee61431 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,9 +1,5 @@ #!/bin/bash -version_gt() { - test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; -} - #================================================= # GENERIC START #================================================= @@ -13,24 +9,6 @@ version_gt() { source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app="$YNH_APP_INSTANCE_NAME" - -domain=$(ynh_app_setting_get --app="$app" --key=domain) -path_url=$(ynh_app_setting_get --app="$app" --key=path) -final_path=$(ynh_app_setting_get --app="$app" --key=final_path) -port=$(ynh_app_setting_get --app="$app" --key=port) -current_OS=$(ynh_app_setting_get --app="$app" --key=OS) -current_mach=$(ynh_app_setting_get --app="$app" --key=mach) -api_path=$(ynh_app_setting_get --app="$app" --key=api_path) -mqtt_domain=$(ynh_app_setting_get --app="$app" --key=mqtt_domain) -mqtt_port=$(ynh_app_setting_get --app="$app" --key=mqtt_port) -mqtt_websocket_port=$(ynh_app_setting_get --app="$app" --key=mqtt_websocket_port) - #================================================= # CHECK VERSION #================================================= @@ -38,35 +16,6 @@ ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." - -# Ugly hack so that previous version backup script from "https://github.com/anubister/domoticz_ynh" works : -# It creates a dummy file in /etc/cron.d so that the backup do not fail. -current_upstream_version=$(ynh_app_upstream_version --manifest="/etc/yunohost/apps/$app/manifest.json") -current_package_version=$(ynh_app_package_version --manifest="/etc/yunohost/apps/$app/manifest.json") -if version_gt "4.9701" "$current_upstream_version" && version_gt "2" "$current_package_version" ; then - touch /etc/cron.d/"$app" -fi - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - ynh_clean_check_starting - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} - -#remove ugly hack -if [ -f /etc/cron.d/"$app" ]; then - rm /etc/cron.d/"$app" -fi - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -82,69 +31,34 @@ ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$a ynh_script_progression --message="Ensuring downward compatibility..." #Store OS and machine (to be used in restore script) -if [ -z "$current_OS" ]; then - ynh_app_setting_set --app="$app" --key=OS --value="$OS" +if [ -z "${OS:+x}" ]; then + ynh_app_setting_-set --app="$app" --key=OS --value=`lowercase \`uname -s\`` fi -if [ -z "$current_mach" ]; then - ynh_app_setting_set --app="$app" --key=mach --value="$MACH" +if [ -z "${mach:+x}" ]; then + mach=`uname -m` + ynh_app_setting_set --app="$app" --key=mach --value="$mach" fi -# If final_path doesn't exist, create it -if [ -z "$final_path" ]; then - final_path=/var/www/"$app" - ynh_app_setting_set --app="$app" --key=final_path --value="$final_path" +#sudoer file for restarting is not required anymore (from 2023.1~ynh1) as upgrade is managed by the Yunohost Package +if [ -f /etc/sudoers.d/domoticz ]; then + rm /etc/sudoers.d/domoticz fi #Create a dedicated path for the api access if [ -z "$api_path" ]; then - if [ "$path_url" == "/" ]; then + if [ "$path" == "/" ]; then api_path=/api_/"$app" else - api_path=/api_"$path_url" + api_path=/api_"$path" fi ynh_app_setting_set --app="$app" --key=api_path --value="$api_path" fi -#Create a dedicated path for the mqtt access -if [ -z "$mqtt_domain" ]; then - ynh_print_info --message="Mosquitto, a mqtt server, can now be installed during upgrade, pleaser refer to package documentation to activate it" -fi - -#Port to listen for MQTT internal -if [[ -z "$mqtt_port" && ! -z "$mqtt_domain" ]]; then - mqtt_port=$(ynh_find_port --port="$default_mqtt_port") - ynh_app_setting_set --app="$app" --key=mqtt_port --value="$mqtt_port" -fi - -#Port to listen for MQTT websocket -if [[ -z "$mqtt_websocket_port" && ! -z "$mqtt_domain" ]]; then - mqtt_websocket_port=$(ynh_find_port --port="$default_mqtt_websocket_port") - ynh_app_setting_set --app="$app" --key=mqtt_websocket_port --value="$mqtt_websocket_port" -fi - - -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app="$app" --key=is_public -fi - -# Create the permission "domoticz_API" only if it doesn't exist. -if ! ynh_permission_exists --permission="domoticz_API" -then - # API Authorization with dedicated URL - ynh_permission_create --permission="domoticz_API" --label="api" --url="$domain$api_path" --allowed="visitors" --show_tile="false" --protected="true" - -fi - -# Create the permission "domoticz_MQTT" only if it doesn't exist. -if [ ! -z "$mqtt_domain" ]; then - if ! ynh_permission_exists --permission="domoticz_MQTT" - then - # API Authorization with dedicated URL - ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true" - fi +#Previous version did not have settings stored and +#variable may not be bound. +if [[ -z "${mqtt_domain+x}" ]]; then + mqtt_domain="$domain" + ynh_app_setting_set --app="$app" --key=mqtt_domain --value="$mqtt_domain" fi #remove unwanted log folder @@ -152,16 +66,11 @@ if [ -d "/var/log/$app/$app" ]; then ynh_secure_remove "/var/log/$app/$app" fi -#remove the authentication header preventing login from 2023.2 and 11.2.3 onward -ynh_permission_url --permission="main" --auth_header=false #================================================= # CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username="$app" --home_dir="$final_path" +ynh_script_progression --message="Checking dedicated user permissions..." #allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus if grep dialout -q < /etc/group; then @@ -174,10 +83,6 @@ if grep gpio -q < /etc/group; then usermod -a -G gpio "$app" fi -#allow app user to restart service on startup -ynh_add_config --template="../conf/sudoer" --destination="/etc/sudoers.d/$app" -chmod 440 /etc/sudoers.d/"$app" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -185,30 +90,24 @@ chmod 440 /etc/sudoers.d/"$app" if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=15 - - # Download, check integrity, uncompress and patch the source from app.src - ynh_add_config --template="../conf/app.src.default" --destination="../conf/app.src" - ynh_setup_source --dest_dir="$final_path" + ynh_setup_source --dest_dir="$install_dir" #Create the database file - if [ ! -f "$final_path"/domoticz.db ]; then - touch "$final_path"/domoticz.db - chmod 644 "$final_path"/domoticz.db + if [ ! -f "$install_dir"/domoticz.db ]; then + touch "$install_dir"/domoticz.db + chmod 644 "$install_dir"/domoticz.db fi fi -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R "$app":"$app" "$final_path" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R "$app":"$app" "$install_dir" #================================================= # SET MOSQUITTO SETTINGS #================================================= -if [ ! -z "$mqtt_domain" ]; then +if [ "$domain" != "$mqtt_domain" ]; then ynh_script_progression --message="Setting up mosquitto..." --weight=5 - #Installing packages - ynh_install_extra_app_dependencies --repo="deb https://repo.mosquitto.org/debian buster main" --package="$extra_pkg_dependencies" --key="http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key" - #Setting up conf file for access if [ ! -f "/etc/mosquitto/conf.d/"$app"_mosquitto.conf" ] then @@ -223,6 +122,9 @@ if [ ! -z "$mqtt_domain" ]; then ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app" fi +else + #If no MQTT have been set, we delete the mqtt permission. + ynh_permission_delete --permission="mqtt" fi #================================================= @@ -230,11 +132,10 @@ fi #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." -[[ ! -z "$mqtt_domain" ]] && ynh_add_config --template="../conf/mqtt_nginx.conf" --destination="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf" +[[ "$domain" != "$mqtt_domain" ]] && ynh_add_config --template="../conf/mqtt_nginx.conf" --destination="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf" #Set Hook for nginx domain cp -R ../sources/hooks/conf_regen/95-nginx_domoticz /usr/share/yunohost/hooks/conf_regen/ -yunohost tools regen-conf nginx # Create a dedicated NGINX config if [[ ! -f "/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ]] @@ -245,13 +146,6 @@ then fi ynh_add_nginx_config -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=5 - -ynh_install_app_dependencies "$pkg_dependencies" - #================================================= # SPECIFIC UPGRADE #================================================= @@ -290,14 +184,14 @@ fi # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from .*$" --max_retry=5 -ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation" + #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add "$app" --description="Domotique open sources" --log="/var/log/$app/$app.log" -[[ ! -z "$mqtt_domain" ]] && yunohost service add mosquitto --description="Serveur MQTT pour domoticz" --log="/var/log/mosquitto/mosquitto.log" +[[ "$domain" != "$mqtt_domain" ]] && yunohost service add mosquitto --description="Serveur MQTT pour domoticz" --log="/var/log/mosquitto/mosquitto.log" #================================================= @@ -308,14 +202,7 @@ ynh_script_progression --message="Starting a systemd service..." --weight=3 ynh_systemd_action --service_name="$app" --action="start" #Restarting mosquitto to take changes from /etc/mosquitto/conf.d/*.conf into account -[[ ! -z "$mqtt_domain" ]] && ynh_systemd_action --service_name=mosquitto --action="restart" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload +[[ "$domain" != "$mqtt_domain" ]] && ynh_systemd_action --service_name=mosquitto --action="restart" #================================================= # END OF SCRIPT diff --git a/sources/patches/app-index.html.patch b/sources/patches/app-index.html.patch new file mode 100644 index 0000000..f23c0cc --- /dev/null +++ b/sources/patches/app-index.html.patch @@ -0,0 +1,32 @@ +--- a/www/index.html 2023-02-26 22:22:14.971932399 +0100 ++++ b/www/index.html 2023-02-26 22:27:12.926431427 +0100 +@@ -170,14 +170,15 @@ + } + + function ShowUpdateNotification(Revision, SystemName, DownloadURL) { +- var msgtxt=$.t('A new version of Domoticz is Available!...'); ++ ++ var msgtxt=$.t('A new version of Domoticz is Available, please wait for the Yunohost Package!...'); + msgtxt+='
' + $.t('Version') + ': ' + Revision + ', ' + $.t('Latest Changes') + ': ' + $.t('Click Here') + ''; +- if (SystemName=="windows") { ++ + generate_noty('success', msgtxt, false); + } + +@@ -1330,8 +1331,8 @@ +
  • Devices
    • +
  • Settings
    • +
  • +-
  • Update Domoticz
    • +-
  • Check for Update
    • ++ +
  • + More options +
      diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..7a6e53f --- /dev/null +++ b/tests.toml @@ -0,0 +1,57 @@ +test_format = 1.0 + +#without Mosquitto +[default] +#Adding domain even if not used : snapshot are reused and may require domain to work + preinstall = """ + set -euxo pipefail + yunohost domain add mqtt.domain.tld + """ + + preupgrade = """ + set -euxo pipefail + yunohost app setting domoticz mqtt_domain -v sub.domain.tld + """ + + args.mqtt_domain="sub.domain.tld" + test_upgrade_from.a96510c.name = "2024.2" + test_upgrade_from.a96510c.args.mqtt_domain="sub.domain.tld" + test_upgrade_from.a96510c.args.domain="sub.domain.tld" + test_upgrade_from.a96510c.args.path="/domoticz" +# exclude = ["package_linter", "install.root", "install.subdir", "install.private", "install.multi", "backup_restore", "upgrade", "upgrade.a96510c", "change_url"] + +[With_Mosquitto_upgrade_with_mosquitto] + preinstall = """ + set -euxo pipefail + yunohost domain add mqtt.domain.tld + """ + + args.mqtt_domain="mqtt.domain.tld" + + exclude = ["package_linter"] + + test_upgrade_from.a96510c.name = "2024.2 with mosquitto" + test_upgrade_from.a96510c.args.mqtt_domain="mqtt.domain.tld" + test_upgrade_from.a96510c.args.domain="sub.domain.tld" + test_upgrade_from.a96510c.args.path="/domoticz" + +[Without_Mosquitto_upgrade_with_mosquitto] + preinstall = """ + set -euxo pipefail + yunohost domain add mqtt.domain.tld + """ + + preupgrade = """ + set -euxo pipefail + yunohost app setting domoticz mqtt_domain -v mqtt.domain.tld + """ + + args.mqtt_domain="sub.domain.tld" + only = ["upgrade","upgrade.a96510c"] + +# exclude = ["package_linter", "install.root", "install.subdir", "install.private", "install.multi", "backup_restore", "change_url"] + + test_upgrade_from.a96510c.name = "2024.2 without mosquitto" + test_upgrade_from.a96510c.args.mqtt_domain="sub.domain.tld" + test_upgrade_from.a96510c.args.domain="sub.domain.tld" + test_upgrade_from.a96510c.args.path="/domoticz" \ No newline at end of file