1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/domoticz_ynh.git synced 2024-09-03 18:26:17 +02:00

Merge pull request #18 from YunoHost-Apps/convertv2

Convert to v2
This commit is contained in:
Krakinou 2024-01-21 23:42:46 +01:00 committed by GitHub
commit dfb4319859
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
32 changed files with 547 additions and 1129 deletions

122
README.md
View file

@ -27,124 +27,18 @@ For example this system can be used with:
* Temperature Sensors * Temperature Sensors
* Pulse Meters * Pulse Meters
* Voltage / AD Meters * Voltage / AD Meters
* And more ... * And more...
**Shipped version:** Always the last stable one. The last compiled version is retrieved from [this directory](https://releases.domoticz.com/releases/?dir=./release) during install. The MQTT broker Mosquitto is integrated into the package and requires its own domain or subdomain. It's an optional setting.
Once installed, **updates from the uptream app are managed from within the app**. Yunohost upgrade script will only upgrade the Yunohost package. You may also install the [Mosquitto package](https://github.com/YunoHost-Apps/mosquitto_ynh) without using the one provided by domoticz_ynh.
The MQTT broker mosquitto is integrated into the package. It requires its own domain or subdomain. It's an optional setting: during install if you set the same domaine as your main app domain, it won't be installed. **Shipped version:** 2024.2~ynh1
## Configuration ## Screenshots
### Broker Mosquitto ![Screenshot of Domoticz](./doc/screenshots/domoticz_Switches_screen.png)
![Screenshot of Domoticz](./doc/screenshots/domoticz_floorplan_machineon.png)
During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), is installed at the same time as Domoticz. The installed version is the one from the official project repo and not from Debian ones.
This broker requires a dedicated domain or subdomain to work (ex : mqtt.your.domain.tld) : creating this domain prior installation is a prerequisite
#### Adding in domoticz
To use mosquitto, you need to customize the communication between domoticz and the broker by following the [domoticz documentation](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto), part *Add hardware "MQTT Client Gateway"*.
User and password are automatically generated during installation, you may retrieve them with
````
sudo yunohost app setting domoticz mqtt_user
sudo yunohost app setting domoticz mqtt_pwd
````
#### Publish/Subscribe
By default, mosquitto will listen on 2 ports:
- 1883 on localhost using mqtt protocol
- 8883 using websocket protocol. Nginx redirect external port 443 to this internal port.
Hence, To publish/subscribe on a topic from the outside, you have to use a software supporting websocket protocol (ex : paho python library).
#### Mosquitto_pub et mosquitto_sub
These 2 tools do not support websocket protocol, only direct mqtt: base settings will not allow communication from an outside device.
If you're using them directly from your server, this kind of syntax should work:
````
mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }'
````
In the same way:
````
mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out'
````
If you wish to open direct mqtt protocol from an outside device, you'll need to:
- open port 1883 on Yunohost firewall (**Attention, security risk**)
- Allows IP addresses in mosquitto configuration for this listener
- Set the tls setting in mosquitto configuration by giving access to crt.pem and key.pem from your mqtt domain by setting respective certfile et keyfile variables. **This is mandatory to ensure a secure connection.**
#### Upgrade from version without mosquitto
If you have package ynh3 or below, mosquitto is not installed by default.
If you have chosen to not set a domain during initial installation also.
So, if you need to activate mosquitto in retrospect, do following actions:
1. Create a domain or a subdomain (for example : 'mqtt.your.domain.tld')
2. Connect to your server in command line
3. Type following command : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld`
4. Upgrade domoticz to last package.
If you're already on the last package version, use the following command : `yunohost app upgrade domoticz --force`
## Configuration
### Sensors, language and this kind of stuff
Main configuration of the app take place inside the app itself.
### Zwave management
If you're using zwave devices, install mosquitto along domoticz and give a try to [zwave-JS-UI package](https://github.com/YunoHost-Apps/zwave-js-ui_ynh).
Once installed, just follow instructions from the [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI)
### Access and API
By default, access for the [JSON API](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) is allowed on following path `/yourdomain.tld/api_/domoticzpath`.
So if you access domoticz via https://mydomainname.tld/domoticz, use the following webpath for the api : `/mydomainname.tld/api_/domoticz/json.htm?yourapicommand`
By default, only sensor updates and switch toogle are authorized. To authorized a new command, you have to manually update the nginx config file :
````
sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf
````
Then edit the following block by adding the regex of the command you want to allow:
````
#set the list of authorized json command here in regex format
#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
#By default, sensors updates and toggle switch are authorized
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
set $api "1";
}
````
For example, to add the json command to retrieve the status of a device (/json.htm?type=devices&rid=IDX),modify the line as this:
````
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) {
set $api "1";
}
````
All IPv4 addresses within the local network (192.168.0.0/24) and *all IPv6* addresses are authorized as API.
As far as I know, there is no way to filter for IPv6 address on local network : You may remove the authorization by removing or commenting this line in `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`:
````
allow ::/1;
````
This will authorized only IPv4 within local network to access your domoticz API.
You may add individual IPv6 address in the same way.
**Shipped version:** 2020.2~ynh8
## Disclaimers / important information
## Limitations
* No user management nor LDAP integration This function is [not planned to be implemented into the app](https://github.com/domoticz/domoticz/issues/838), hence it's not planned into the package neither.
* Backup cannot be restored on a different machine type (arm, x86...) as compiled sources are different
## Security consideration
Although you may activate a login page on the application (either from the *Setup/Settings/System/Website protection* menu or from the *Setup/More Options/Edit Users* menu), it doesn't seems to be very reliable and secure so far (version 2022.2 at the time of writing). Work is ongoing to strengthen the security ([see here](https://www.domoticz.com/wiki/Security)) in future version but is not yet released.
### recommandation
It seems advisable to not make the app publicly available outside of the yunohost sso (public = yes at install or setting the domoticz permission to 'visitors' in the admin panel). If for any reason you need to, I recommend the following:
- Activate the website protection/user management (with login page instead of Basic-auth)
- In *Setup/Settings/System/Local Networks (no username/password)* enter the address of the nginx proxy (should be "::1;127.0.0.1" in any standard Yunohost installation) so that the Fail2ban settings is active (see last lines of [this wiki](https://www.domoticz.com/wiki/WebServer_Proxy)
## Documentation and resources ## Documentation and resources
@ -152,7 +46,7 @@ It seems advisable to not make the app publicly available outside of the yunohos
* Official user documentation: <https://www.domoticz.com/DomoticzManual.pdf> * Official user documentation: <https://www.domoticz.com/DomoticzManual.pdf>
* Official admin documentation: <https://www.domoticz.com/wiki/Main_Page> * Official admin documentation: <https://www.domoticz.com/wiki/Main_Page>
* Upstream app code repository: <https://github.com/domoticz/domoticz> * Upstream app code repository: <https://github.com/domoticz/domoticz>
* YunoHost documentation for this app: <https://yunohost.org/app_domoticz> * YunoHost Store: <https://apps.yunohost.org/app/domoticz>
* Report a bug: <https://github.com/YunoHost-Apps/domoticz_ynh/issues> * Report a bug: <https://github.com/YunoHost-Apps/domoticz_ynh/issues>
## Developer info ## Developer info

View file

@ -29,129 +29,26 @@ Il peut par exemple être utilisé avec :
* des voltmètres * des voltmètres
* Et bien d'autres * Et bien d'autres
**Version incluse :** Toujours la dernière version stable. La dernière version compilée est récupérée dans [ce répertoire](https://releases.domoticz.com/releases/?dir=./release) lors de l'installation. Le broker MQTT Mosquitto est intégré au package et nécessite un sous-domaine ou un domaine distinct. Il est optionnel.
Une fois installée, **les mises à jour de l'application sont gérées depuis les menus de l'application elle même**. Le script de mise à jour Yunohost mettra uniquement à jour de nouvelles version du package. Vous pouvez également installer le [package pour Mosquitto](https://github.com/YunoHost-Apps/mosquitto_ynh) sans utiliser celui de domoticz_ynh.
Le broker MQTT mosquitto est intégré au package et nécessite un sous-domaine ou un domaine distinct. Il est optionnel et si vous indiquez lors de l'installation le même domaine que le domaine principal, il ne sera pas installé.
## Configuration
### Broker MQTT Mosquitto
A l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), est installé en même temps que Domoticz. La version installée est celle du dépot officiel du projet, et non des dépots Debian.
Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant.
#### Ajout dans domoticz
Pour pouvoir l'utiliser, vous devez paramétrer la communication avec entre domoticz et le broker en suivant la [documentation de domoticz](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto) dans la partie *Add hardware "MQTT Client Gateway"*
Les users et mot de passe du broker sont automatiquement générés lors de l'installation. Vous pouvez les récupérer avec
````
sudo yunohost app setting domoticz mqtt_user
sudo yunohost app setting domoticz mqtt_pwd
````
#### Publier/souscrire
Par défaut, mosquitto va écouter sur 2 ports:
- Le 1883 sur localhost en protocole mqtt
- Le 8883 en protocole websocket. Nginx redirige le port 443 externe vers ce port en interne.
Pour publier/souscrire sur un topic depuis l'exterieur, vous devez donc utiliser un programme supportant le protocole websocket (ex : la bibliothèque python paho).:
#### Mosquitto_pub et mosquitto_sub
Ces deux programmes ne supportent pas le protocole websocket mais uniquement le mqtt : le paramétrage de base ne vous autorise donc pas à les utiliser pour communiquer depuis un client externe.
Si vous les utilisez directement depuis votre serveur, ce genre de syntaxe devrait marcher:
````
mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }'
````
De la même manière:c
````
mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out'
````
Si vous souhaitez ouvrir le protocole mqtt depuis l'extérieur afin de pouvoir les utiliser depuis un autre serveur, il vous faudra:
- ouvrir le port 1883 sur le firewall Yunohost (**Attention, risque de sécurité**)
- autoriser les adresses IP souhaitées dans la configuration de mosquitto pour ce listener
- paramétrer le tls dans la configuration de mosquitto en donnant accès au crt.pem et key.pem de votre domaine mqtt en les paramétrant respectivement avec les variables certfile et keyfile. **Ceci est obligatoire pour sécuriser la connexion.**
#### Mise à jour depuis les versions n'ayant pas mosquittoo **Version incluse :** 2024.2~ynh1
Si vous êtes sur le package ynh3 ou inférieur, mosquitto n'est pas installé par défaut.
De même si vous avez choisi de ne pas indiquer de domaine pour mosquitto lors de l'installation initiale.
Pour pouvoir l'installer après coup, faites les actions suivantes:
1. créez un domaine ou sous-domaine pour recevoir les informations (par exemple : 'mqtt.your.domain.tld')
2. connecter vous en ligne de commande à votre serveur
3. taper la commande suivante : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld`
4. Procédez à la mise à jour.
Si vous êtes déjà sur la dernière version, utiliser la commmande suivante : `yunohost app upgrade domoticz --force`
## Captures décran
### Senseurs, langue et ce genre de choses ![Capture décran de Domoticz](./doc/screenshots/domoticz_Switches_screen.png)
Toute la configuration de l'application a lieu dans l'application elle même ![Capture décran de Domoticz](./doc/screenshots/domoticz_floorplan_machineon.png)
### Gestion du Zwave
Si vous utilisez des équipements zwave, installez mosquitto en plus de domoticz et essayez le [package zwave-JS-UI](https://github.com/YunoHost-Apps/zwave-js-ui_ynh).
Une fois installé, suivez simplement les indications du [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI)
### Accès et API
Par défaut, l'accès aux [API JSON](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) est autorisé sur cette URL `/votredomaine.tld/api_/chemindedomoticz`.
Donc, si vous accédez à domoticz par https://votredomaine.tld/domoticz, utilisez le chemin suivant pour l'api: `/votredomaine.tld/api_/domoticz/json.htm?votrecommandeapi`
Par défaut, seule la mise à jour de senseur et les interrupteurs sont autorisés. Pour autoriser une nouvelle commande, vous devez manuellement éditer le fichier de configuration nginx :
````
sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf
````
Puis éditer le bloc suivant en y ajoutant le regex de la commmande à autoriser :
````
#set the list of authorized json command here in regex format
#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
#By default, sensors updates and toggle switch are authorized
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
set $api "1";
}
````
Par exemple, pour ajouter la commmande json pour retrouver le statut d'un équipement (/json.htm?type=devices&rid=IDX),il faut modifier la ligne comme ceci:
````
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) {
set $api "1";
}
````
Toutes les adresses IPv4 du réseau local (192.168.0.0/24) et toutes les adresses IPv6 sont autorisées pour l'API.
A ma connaissance, il n'y a pas moyen d'effectuer un filtre pour les adresses IPv6 sur le réseau local, vous pouvez donc retirer leur autorisation en enlevant ou en commentant la ligne suivante dans `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`:
````
allow ::/1;
````
Ceci autorisera seulement les adresses IPv4 local a accéder aux API de domoticz.
Vous pouvez ajouter des adresses IPv6 de la même façon.
**Version incluse :** 2020.2~ynh8
## Avertissements / informations importantes
## Limitations
* Pas de gestion d'utilisateurs ni d'intégration LDAP. L'application ne [prévoit pas de gérer les utilisateurs par LDAP](https://github.com/domoticz/domoticz/issues/838), donc le package non plus.
* Un backup ne peut pas être restauré sur un type de machine différente de celle d'origine (x86, arm...) car les sources compilées sont différentes
## A propos de la sécurité
Bien que vous pouviez activer une page de connexion dans l'application (soit depuis le menu *Configuration/Paramètres/Système/Sécurité* ou depuis *Configuration/Plus d'options/Gérer les utilisateurs*), les fonctionnalités ne semblent pas très avancées ni safe pour l'instant (version 2022.2 au moment d'écrire). Un travail a été entrepris pour renforcer la sécurité ([voir ici](https://www.domoticz.com/wiki/Security)) dans les versions futures mais n'a pas encore été released.
### recommandations
Il semble conseillé de ne pas rendre l'application publique en dehors du sso yunohost (public = oui à l'installation ou mettre la permission domoticz à 'Visiteurs' dans le panel d'administration Yunohost). Si pour quelques raisons que ce soit, vous deviez le faire, je vous recommande:
- d'activer la sécurité de connexion à domoticz (plutot avec la login page qu'avec la basic-auth)
- Dans *Configuration/Système/Réseaux Locaux (pas d'authentification)* d'entrer les adresses du proxy nginx (cela devrait être "::1;127.0.0.1" dans une installation Yunohost Standard) afin que Fail2ban puisse bloquer les tentatives de connexions (voir les dernières lignes de [ce wiki](https://www.domoticz.com/wiki/WebServer_Proxy)
## Documentations et ressources ## Documentations et ressources
* Site officiel de lapp : <https://domoticz.com/> * Site officiel de lapp : <https://domoticz.com/>
* Documentation officielle utilisateur : <https://www.domoticz.com/DomoticzManual.pdf> * Documentation officielle utilisateur : <https://www.domoticz.com/DomoticzManual.pdf>
* Documentation officielle de ladmin : <https://www.domoticz.com/wiki/Main_Page> * Documentation officielle de ladmin : <https://www.domoticz.com/wiki/Main_Page>
* Dépôt de code officiel de lapp : <https://github.com/domoticz/domoticz> * Dépôt de code officiel de lapp : <https://github.com/domoticz/domoticz>
* Documentation YunoHost pour cette app : <https://yunohost.org/app_domoticz> * YunoHost Store: <https://apps.yunohost.org/app/domoticz>
* Signaler un bug : <https://github.com/YunoHost-Apps/domoticz_ynh/issues> * Signaler un bug : <https://github.com/YunoHost-Apps/domoticz_ynh/issues>
## Informations pour les développeurs ## Informations pour les développeurs

View file

@ -1,54 +0,0 @@
;; Test avec Mosquitto
; pre-install
set -euxo pipefail
yunohost domain add mqtt.domain.tld
; pre-upgrade
set -euxo pipefail
yunohost app setting domoticz mqtt_domain -v mqtt.domain.tld
; Manifest
domain="domain.tld" (DOMAIN)
path="/domoticz" (PATH)
is_public=1 (PUBLIC|public=1|private=0)
mqtt_domain="mqtt.domain.tld"
; Checks
pkg_linter=1
setup_sub_dir=1
setup_root=1
setup_private=1
setup_public=1
upgrade=1
upgrade=1 from_commit=048ae59a016755b0829a4e8f3ed5d0dbbd1b826b
backup_restore=1
port_already_use=1
change_url=1
;;; Options
Email=nicolas@aubonalbanais.ovh
Notification=none
;;; Upgrade options
; commit=048ae59a016755b0829a4e8f3ed5d0dbbd1b826b
name=Package ynh3
##;; Test sans Mosquitto
## ; Manifest
## domain="domain.tld" (DOMAIN)
## path="/domoticz" (PATH)
## is_public=1 (PUBLIC|public=1|private=0)
## mqtt_domain="sub.domain.tld"
## ; Checks
## pkg_linter=0
## setup_sub_dir=1
## setup_root=1
## setup_private=1
## setup_public=1
## upgrade=1
## upgrade=1 from_commit=048ae59a016755b0829a4e8f3ed5d0dbbd1b826b
## backup_restore=1
## port_already_use=1
## change_url=1
##;;; Options
##Email=nicolas@aubonalbanais.ovh
##Notification=none
##;;; Upgrade options
## ; commit=048ae59a016755b0829a4e8f3ed5d0dbbd1b826b
## name=Package ynh3

View file

@ -1,5 +0,0 @@
SOURCE_URL=http://www.domoticz.com/download.php?channel=release&type=release&system=__OS__&machine=__MACH__
SOURCE_SUM=__SHA256__
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=false

View file

@ -1,9 +1,9 @@
log_timestamp_format %Y-%m-%dT%H:%M:%S log_timestamp_format %Y-%m-%dT%H:%M:%S
listener __MQTT_PORT__ 127.0.0.1 listener __PORT_MQTT__ 127.0.0.1
listener __MQTT_PORT__ ::1 listener __PORT_MQTT__ ::1
listener __MQTT_WEBSOCKET_PORT__ listener __PORT_MQTT_WEBSOCKET__
protocol websockets protocol websockets
allow_anonymous false allow_anonymous false

View file

@ -2,7 +2,7 @@ location / {
#Settings for mqtt server from outside #Settings for mqtt server from outside
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_pass http://localhost:__MQTT_WEBSOCKET_PORT__; proxy_pass http://localhost:__PORT_MQTT_WEBSOCKET__;
proxy_read_timeout 90; proxy_read_timeout 90;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";

View file

@ -1,14 +0,0 @@
#
# This file MUST be edited with the 'visudo' command as root.
#
# Use 'visudo -f /etc/sudoers.d/domoticz' to do so.
#
# See the man page for details on how to write a sudoers file.
#This file allow domoticz user to restart the service while upgrading the application with the upstream internal updater
#alias for command to restart service (will be used during upgrade)
Cmnd_Alias RESTART_CMD = /sbin/service __APP__.sh restart
#authorized app user to run restart command
__APP__ ALL=(ALL) NOPASSWD: RESTART_CMD

View file

@ -5,17 +5,14 @@ After=network.target
[Service] [Service]
User=__APP__ User=__APP__
Group=__APP__ Group=__APP__
ExecStart=__FINALPATH__/domoticz -www __PORT__ -sslwww 0 -log /var/log/__APP__/__APP__.log -loglevel normal,status,error ExecStart=__INSTALL_DIR__/domoticz -www __PORT__ -sslwww 0 -log /var/log/__APP__/__APP__.log -loglevel normal,status,error
WorkingDirectory=__FINALPATH__/ WorkingDirectory=__INSTALL_DIR__/
PermissionsStartOnly=true ExecStartPre=+setcap 'cap_net_bind_service=+ep cap_net_raw=+eip' __INSTALL_DIR__/domoticz
ExecStartPre=setcap 'cap_net_bind_service=+ep cap_net_raw=+eip' __FINALPATH__/domoticz
Restart=on-failure Restart=on-failure
RestartSec=1m RestartSec=1m
#StandardOutput=null #StandardOutput=null
# Sandboxing options to harden security # Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes NoNewPrivileges=yes
PrivateTmp=yes PrivateTmp=yes

95
doc/ADMIN.md Normal file
View file

@ -0,0 +1,95 @@
## Configuration
### Broker Mosquitto
During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), is installed at the same time as Domoticz.
This broker requires a dedicated domain or subdomain to work (ex : mqtt.your.domain.tld): creating this domain prior installation is a prerequisite
You may also install the [Mosquitto package](https://github.com/YunoHost-Apps/mosquitto_ynh) without using the one provided by domoticz_ynh.
#### Adding in Domoticz
To use Mosquitto, you need to customize the communication between Domoticz and the broker by following the [domoticz documentation](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto), part *Add hardware "MQTT Client Gateway"*.
User and password are automatically generated during installation, you may retrieve them with
````
sudo yunohost app setting domoticz mqtt_user
sudo yunohost app setting domoticz mqtt_pwd
````
#### Publish/Subscribe
By default, mosquitto will listen on 2 ports:
- 1883 on localhost using MQTT protocol
- 8883 using websocket protocol. NGINX redirect external port 443 to this internal port.
Hence, To publish/subscribe on a topic from the outside, you have to use a software supporting websocket protocol (ex : paho Python library).
#### Mosquitto_pub et mosquitto_sub
These 2 tools do not support websocket protocol, only direct mqtt: base settings will not allow communication from an outside device.
If you're using them directly from your server, this kind of syntax should work:
````
mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }'
````
In the same way:
````
mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out'
````
If you wish to open direct mqtt protocol from an outside device, you'll need to:
- open port 1883 on YunoHost firewall (**Attention, security risk**)
- Allows IP addresses in Mosquitto configuration for this listener
- Set the tls setting in Mosquitto configuration by giving access to crt.pem and key.pem from your mqtt domain by setting respective certfile et keyfile variables. **This is mandatory to ensure a secure connection.**
#### Upgrade from version without Mosquitto
If you have package 2020.2~ynh3 or below or if you have chosen to not set a domain during initial installation, Mosquitto is not installed by default.
If you need to activate mosquitto in retrospect, do following actions:
1. Create a domain or a subdomain (for example: 'mqtt.your.domain.tld')
2. Connect to your server in command line
3. Type following command : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld`
4. Upgrade Domoticz to last package.
If you're already on the last package version, use the following command: `yunohost app upgrade domoticz --force`
## Configuration
### Sensors, language and this kind of stuff
Main configuration of the app take place inside the app itself.
### Zwave management
If you're using Zwave devices, install Mosquitto along Domoticz and give a try to [zwave-JS-UI package](https://github.com/YunoHost-Apps/zwave-js-ui_ynh).
Once installed, just follow instructions from the [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI)
### Access and API
By default, access for the [JSON API](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) is allowed on following path `/yourdomain.tld/api_/domoticzpath`.
So if you access Domoticz via https://mydomainname.tld/domoticz, use the following webpath for the API: `/mydomainname.tld/api_/domoticz/json.htm?yourapicommand`
By default, only sensor updates and switch toogle are authorized. To authorized a new command, you have to manually update the NGINX config file:
````
sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf
````
Then edit the following block by adding the regex of the command you want to allow:
````
#set the list of authorized json command here in regex format
#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
#By default, sensors updates and toggle switch are authorized
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
set $api "1";
}
````
For example, to add the JSON command to retrieve the status of a device (/json.htm?type=devices&rid=IDX),modify the line as this:
````
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) {
set $api "1";
}
````
All IPv4 addresses within the local network (192.168.0.0/24) and *all IPv6* addresses are authorized as API.
As far as I know, there is no way to filter for IPv6 address on local network: You may remove the authorization by removing or commenting this line in `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`:
````
allow ::/1;
````
This will authorized only IPv4 within local network to access your Domoticz API.
You may add individual IPv6 address in the same way.
## Limitations
* Backup cannot be restored on a different machine type (arm, x86...) as compiled sources are different

96
doc/ADMIN_fr.md Normal file
View file

@ -0,0 +1,96 @@
## Configuration
### Broker MQTT Mosquitto
À l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), est installé en même temps que Domoticz.
Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant.
Vous pouvez également installer le [package pour Mosquitto](https://github.com/YunoHost-Apps/mosquitto_ynh) sans utiliser celui de domoticz_ynh.
#### Ajout dans Domoticz
Pour pouvoir l'utiliser, vous devez paramétrer la communication avec entre Domoticz et le broker en suivant la [documentation de Domoticz](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto) dans la partie *Add hardware "MQTT Client Gateway"*
Les users et mot de passe du broker sont automatiquement générés lors de l'installation. Vous pouvez les récupérer avec
````
sudo yunohost app setting domoticz mqtt_user
sudo yunohost app setting domoticz mqtt_pwd
````
#### Publier/souscrire
Par défaut, Mosquitto va écouter sur 2 ports :
- Le 1883 sur localhost en protocole MQTT
- Le 8883 en protocole websocket. NGINX redirige le port 443 externe vers ce port en interne.
Pour publier/souscrire sur un topic depuis l'exterieur, vous devez donc utiliser un programme supportant le protocole websocket (ex : la bibliothèque Python paho).
#### Mosquitto_pub et mosquitto_sub
Ces deux programmes ne supportent pas le protocole websocket mais uniquement le MQTT : le paramétrage de base ne vous autorise donc pas à les utiliser pour communiquer depuis un client externe.
Si vous les utilisez directement depuis votre serveur, ce genre de syntaxe devrait marcher :
````
mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }'
````
De la même manière:c
````
mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out'
````
Si vous souhaitez ouvrir le protocole MQTT depuis l'extérieur afin de pouvoir les utiliser depuis un autre serveur, il vous faudra:
- ouvrir le port 1883 sur le firewall YunoHost (**Attention, risque de sécurité**)
- autoriser les adresses IP souhaitées dans la configuration de mosquitto pour ce listener
- paramétrer le tls dans la configuration de mosquitto en donnant accès au crt.pem et key.pem de votre domaine MQTT en les paramétrant respectivement avec les variables certfile et keyfile. **Ceci est obligatoire pour sécuriser la connexion.**
#### Mise à jour depuis les versions n'ayant pas Mosquitto
Si vous êtes sur le package 2020.2~ynh3 ou inférieur, Mosquitto n'est pas installé par défaut.
De même si vous avez choisi de ne pas indiquer de domaine pour Mosquitto lors de l'installation initiale.
Pour pouvoir l'installer après coup, faites les actions suivantes :
1. créez un domaine ou sous-domaine pour recevoir les informations (par exemple : 'mqtt.your.domain.tld')
2. connecter vous en ligne de commande à votre serveur
3. taper la commande suivante : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld`
4. Procédez à la mise à jour.
Si vous êtes déjà sur la dernière version, utiliser la commmande suivante : `yunohost app upgrade domoticz --force`
### Senseurs, langue et ce genre de choses
Toute la configuration de l'application a lieu dans l'application elle même
### Gestion du Zwave
Si vous utilisez des équipements Zwave, installez mosquitto en plus de Domoticz et essayez le [package zwave-JS-UI](https://github.com/YunoHost-Apps/zwave-js-ui_ynh).
Une fois installé, suivez simplement les indications du [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI)
### Accès et API
Par défaut, l'accès aux [API JSON](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) est autorisé sur cette URL `/votredomaine.tld/api_/chemindedomoticz`.
Donc, si vous accédez à Domoticz par https://votredomaine.tld/domoticz, utilisez le chemin suivant pour l'API: `/votredomaine.tld/api_/domoticz/json.htm?votrecommandeapi`
Par défaut, seule la mise à jour de senseur et les interrupteurs sont autorisés. Pour autoriser une nouvelle commande, vous devez manuellement éditer le fichier de configuration NGINX :
````
sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf
````
Puis éditer le bloc suivant en y ajoutant le regex de la commmande à autoriser :
````
#set the list of authorized json command here in regex format
#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
#By default, sensors updates and toggle switch are authorized
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
set $api "1";
}
````
Par exemple, pour ajouter la commmande JSON pour retrouver le statut d'un équipement (/json.htm?type=devices&rid=IDX),il faut modifier la ligne comme ceci :
````
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) {
set $api "1";
}
````
Toutes les adresses IPv4 du réseau local (192.168.0.0/24) et toutes les adresses IPv6 sont autorisées pour l'API.
À ma connaissance, il n'y a pas moyen d'effectuer un filtre pour les adresses IPv6 sur le réseau local, vous pouvez donc retirer leur autorisation en enlevant ou en commentant la ligne suivante dans `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`:
````
allow ::/1;
````
Ceci autorisera seulement les adresses IPv4 local a accéder aux API de Domoticz.
Vous pouvez ajouter des adresses IPv6 de la même façon.
## Limitations
* Un backup ne peut pas être restauré sur un type de machine différente de celle d'origine (x86, arm...) car les sources compilées sont différentes

View file

@ -9,102 +9,8 @@ For example this system can be used with:
* Temperature Sensors * Temperature Sensors
* Pulse Meters * Pulse Meters
* Voltage / AD Meters * Voltage / AD Meters
* And more ... * And more...
**Shipped version:** Always the last stable one. The last compiled version is retrieved from [this directory](https://releases.domoticz.com/releases/?dir=./release) during install. The MQTT broker Mosquitto is integrated into the package and requires its own domain or subdomain. It's an optional setting.
Once installed, **updates from the uptream app are managed from within the app**. Yunohost upgrade script will only upgrade the Yunohost package. You may also install the [Mosquitto package](https://github.com/YunoHost-Apps/mosquitto_ynh) without using the one provided by domoticz_ynh.
The MQTT broker mosquitto is integrated into the package. It requires its own domain or subdomain. It's an optional setting: during install if you set the same domaine as your main app domain, it won't be installed.
## Configuration
### Broker Mosquitto
During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), is installed at the same time as Domoticz. The installed version is the one from the official project repo and not from Debian ones.
This broker requires a dedicated domain or subdomain to work (ex : mqtt.your.domain.tld) : creating this domain prior installation is a prerequisite
#### Adding in domoticz
To use mosquitto, you need to customize the communication between domoticz and the broker by following the [domoticz documentation](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto), part *Add hardware "MQTT Client Gateway"*.
User and password are automatically generated during installation, you may retrieve them with
````
sudo yunohost app setting domoticz mqtt_user
sudo yunohost app setting domoticz mqtt_pwd
````
#### Publish/Subscribe
By default, mosquitto will listen on 2 ports:
- 1883 on localhost using mqtt protocol
- 8883 using websocket protocol. Nginx redirect external port 443 to this internal port.
Hence, To publish/subscribe on a topic from the outside, you have to use a software supporting websocket protocol (ex : paho python library).
#### Mosquitto_pub et mosquitto_sub
These 2 tools do not support websocket protocol, only direct mqtt: base settings will not allow communication from an outside device.
If you're using them directly from your server, this kind of syntax should work:
````
mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }'
````
In the same way:
````
mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out'
````
If you wish to open direct mqtt protocol from an outside device, you'll need to:
- open port 1883 on Yunohost firewall (**Attention, security risk**)
- Allows IP addresses in mosquitto configuration for this listener
- Set the tls setting in mosquitto configuration by giving access to crt.pem and key.pem from your mqtt domain by setting respective certfile et keyfile variables. **This is mandatory to ensure a secure connection.**
#### Upgrade from version without mosquitto
If you have package ynh3 or below, mosquitto is not installed by default.
If you have chosen to not set a domain during initial installation also.
So, if you need to activate mosquitto in retrospect, do following actions:
1. Create a domain or a subdomain (for example : 'mqtt.your.domain.tld')
2. Connect to your server in command line
3. Type following command : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld`
4. Upgrade domoticz to last package.
If you're already on the last package version, use the following command : `yunohost app upgrade domoticz --force`
## Configuration
### Sensors, language and this kind of stuff
Main configuration of the app take place inside the app itself.
### Zwave management
If you're using zwave devices, install mosquitto along domoticz and give a try to [zwave-JS-UI package](https://github.com/YunoHost-Apps/zwave-js-ui_ynh).
Once installed, just follow instructions from the [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI)
### Access and API
By default, access for the [JSON API](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) is allowed on following path `/yourdomain.tld/api_/domoticzpath`.
So if you access domoticz via https://mydomainname.tld/domoticz, use the following webpath for the api : `/mydomainname.tld/api_/domoticz/json.htm?yourapicommand`
By default, only sensor updates and switch toogle are authorized. To authorized a new command, you have to manually update the nginx config file :
````
sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf
````
Then edit the following block by adding the regex of the command you want to allow:
````
#set the list of authorized json command here in regex format
#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
#By default, sensors updates and toggle switch are authorized
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
set $api "1";
}
````
For example, to add the json command to retrieve the status of a device (/json.htm?type=devices&rid=IDX),modify the line as this:
````
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) {
set $api "1";
}
````
All IPv4 addresses within the local network (192.168.0.0/24) and *all IPv6* addresses are authorized as API.
As far as I know, there is no way to filter for IPv6 address on local network : You may remove the authorization by removing or commenting this line in `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`:
````
allow ::/1;
````
This will authorized only IPv4 within local network to access your domoticz API.
You may add individual IPv6 address in the same way.

View file

@ -11,99 +11,7 @@ Il peut par exemple être utilisé avec :
* des voltmètres * des voltmètres
* Et bien d'autres * Et bien d'autres
**Version incluse :** Toujours la dernière version stable. La dernière version compilée est récupérée dans [ce répertoire](https://releases.domoticz.com/releases/?dir=./release) lors de l'installation. Le broker MQTT Mosquitto est intégré au package et nécessite un sous-domaine ou un domaine distinct. Il est optionnel.
Une fois installée, **les mises à jour de l'application sont gérées depuis les menus de l'application elle même**. Le script de mise à jour Yunohost mettra uniquement à jour de nouvelles version du package. Vous pouvez également installer le [package pour Mosquitto](https://github.com/YunoHost-Apps/mosquitto_ynh) sans utiliser celui de domoticz_ynh.
Le broker MQTT mosquitto est intégré au package et nécessite un sous-domaine ou un domaine distinct. Il est optionnel et si vous indiquez lors de l'installation le même domaine que le domaine principal, il ne sera pas installé.
## Configuration
### Broker MQTT Mosquitto
A l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), est installé en même temps que Domoticz. La version installée est celle du dépot officiel du projet, et non des dépots Debian.
Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant.
#### Ajout dans domoticz
Pour pouvoir l'utiliser, vous devez paramétrer la communication avec entre domoticz et le broker en suivant la [documentation de domoticz](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto) dans la partie *Add hardware "MQTT Client Gateway"*
Les users et mot de passe du broker sont automatiquement générés lors de l'installation. Vous pouvez les récupérer avec
````
sudo yunohost app setting domoticz mqtt_user
sudo yunohost app setting domoticz mqtt_pwd
````
#### Publier/souscrire
Par défaut, mosquitto va écouter sur 2 ports:
- Le 1883 sur localhost en protocole mqtt
- Le 8883 en protocole websocket. Nginx redirige le port 443 externe vers ce port en interne.
Pour publier/souscrire sur un topic depuis l'exterieur, vous devez donc utiliser un programme supportant le protocole websocket (ex : la bibliothèque python paho).:
#### Mosquitto_pub et mosquitto_sub
Ces deux programmes ne supportent pas le protocole websocket mais uniquement le mqtt : le paramétrage de base ne vous autorise donc pas à les utiliser pour communiquer depuis un client externe.
Si vous les utilisez directement depuis votre serveur, ce genre de syntaxe devrait marcher:
````
mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }'
````
De la même manière:c
````
mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out'
````
Si vous souhaitez ouvrir le protocole mqtt depuis l'extérieur afin de pouvoir les utiliser depuis un autre serveur, il vous faudra:
- ouvrir le port 1883 sur le firewall Yunohost (**Attention, risque de sécurité**)
- autoriser les adresses IP souhaitées dans la configuration de mosquitto pour ce listener
- paramétrer le tls dans la configuration de mosquitto en donnant accès au crt.pem et key.pem de votre domaine mqtt en les paramétrant respectivement avec les variables certfile et keyfile. **Ceci est obligatoire pour sécuriser la connexion.**
#### Mise à jour depuis les versions n'ayant pas mosquittoo
Si vous êtes sur le package ynh3 ou inférieur, mosquitto n'est pas installé par défaut.
De même si vous avez choisi de ne pas indiquer de domaine pour mosquitto lors de l'installation initiale.
Pour pouvoir l'installer après coup, faites les actions suivantes:
1. créez un domaine ou sous-domaine pour recevoir les informations (par exemple : 'mqtt.your.domain.tld')
2. connecter vous en ligne de commande à votre serveur
3. taper la commande suivante : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld`
4. Procédez à la mise à jour.
Si vous êtes déjà sur la dernière version, utiliser la commmande suivante : `yunohost app upgrade domoticz --force`
### Senseurs, langue et ce genre de choses
Toute la configuration de l'application a lieu dans l'application elle même
### Gestion du Zwave
Si vous utilisez des équipements zwave, installez mosquitto en plus de domoticz et essayez le [package zwave-JS-UI](https://github.com/YunoHost-Apps/zwave-js-ui_ynh).
Une fois installé, suivez simplement les indications du [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI)
### Accès et API
Par défaut, l'accès aux [API JSON](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) est autorisé sur cette URL `/votredomaine.tld/api_/chemindedomoticz`.
Donc, si vous accédez à domoticz par https://votredomaine.tld/domoticz, utilisez le chemin suivant pour l'api: `/votredomaine.tld/api_/domoticz/json.htm?votrecommandeapi`
Par défaut, seule la mise à jour de senseur et les interrupteurs sont autorisés. Pour autoriser une nouvelle commande, vous devez manuellement éditer le fichier de configuration nginx :
````
sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf
````
Puis éditer le bloc suivant en y ajoutant le regex de la commmande à autoriser :
````
#set the list of authorized json command here in regex format
#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
#By default, sensors updates and toggle switch are authorized
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
set $api "1";
}
````
Par exemple, pour ajouter la commmande json pour retrouver le statut d'un équipement (/json.htm?type=devices&rid=IDX),il faut modifier la ligne comme ceci:
````
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) {
set $api "1";
}
````
Toutes les adresses IPv4 du réseau local (192.168.0.0/24) et toutes les adresses IPv6 sont autorisées pour l'API.
A ma connaissance, il n'y a pas moyen d'effectuer un filtre pour les adresses IPv6 sur le réseau local, vous pouvez donc retirer leur autorisation en enlevant ou en commentant la ligne suivante dans `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`:
````
allow ::/1;
````
Ceci autorisera seulement les adresses IPv4 local a accéder aux API de domoticz.
Vous pouvez ajouter des adresses IPv6 de la même façon.

View file

@ -1,15 +0,0 @@
## Limitations
* No user management nor LDAP integration This function is [not planned to be implemented into the app](https://github.com/domoticz/domoticz/issues/838), hence it's not planned into the package neither.
* Backup cannot be restored on a different machine type (arm, x86...) as compiled sources are different
## Security consideration
Although you may activate a login page on the application (either from the *Setup/Settings/System/Website protection* menu or from the *Setup/More Options/Edit Users* menu), it doesn't seems to be very reliable and secure so far (version 2022.2 at the time of writing). Work is ongoing to strengthen the security ([see here](https://www.domoticz.com/wiki/Security)) in future version but is not yet released.
### recommandation
It seems advisable to not make the app publicly available outside of the yunohost sso (public = yes at install or setting the domoticz permission to 'visitors' in the admin panel). If for any reason you need to, I recommend the following:
- Activate the website protection/user management (with login page instead of Basic-auth)
- In *Setup/Settings/System/Local Networks (no username/password)* enter the address of the nginx proxy (should be "::1;127.0.0.1" in any standard Yunohost installation) so that the Fail2ban settings is active (see last lines of [this wiki](https://www.domoticz.com/wiki/WebServer_Proxy)

View file

@ -1,15 +0,0 @@
## Limitations
* Pas de gestion d'utilisateurs ni d'intégration LDAP. L'application ne [prévoit pas de gérer les utilisateurs par LDAP](https://github.com/domoticz/domoticz/issues/838), donc le package non plus.
* Un backup ne peut pas être restauré sur un type de machine différente de celle d'origine (x86, arm...) car les sources compilées sont différentes
## A propos de la sécurité
Bien que vous pouviez activer une page de connexion dans l'application (soit depuis le menu *Configuration/Paramètres/Système/Sécurité* ou depuis *Configuration/Plus d'options/Gérer les utilisateurs*), les fonctionnalités ne semblent pas très avancées ni safe pour l'instant (version 2022.2 au moment d'écrire). Un travail a été entrepris pour renforcer la sécurité ([voir ici](https://www.domoticz.com/wiki/Security)) dans les versions futures mais n'a pas encore été released.
### recommandations
Il semble conseillé de ne pas rendre l'application publique en dehors du sso yunohost (public = oui à l'installation ou mettre la permission domoticz à 'Visiteurs' dans le panel d'administration Yunohost). Si pour quelques raisons que ce soit, vous deviez le faire, je vous recommande:
- d'activer la sécurité de connexion à domoticz (plutot avec la login page qu'avec la basic-auth)
- Dans *Configuration/Système/Réseaux Locaux (pas d'authentification)* d'entrer les adresses du proxy nginx (cela devrait être "::1;127.0.0.1" dans une installation Yunohost Standard) afin que Fail2ban puisse bloquer les tentatives de connexions (voir les dernières lignes de [ce wiki](https://www.domoticz.com/wiki/WebServer_Proxy)

8
doc/POST_INSTALL_fr.md Normal file
View file

@ -0,0 +1,8 @@
### Première connexion
L'utilisateur *admin* et le mot de passe *domoticz* vous permettront d'accéder au système. Il est bien évidemment recommandé de les modifier immédiatement.
Les users et mot de passe du broker Mosquitto sont automatiquement générés lors de l'installation. Vous pouvez les récupérer avec
````
sudo yunohost app setting domoticz mqtt_user
sudo yunohost app setting domoticz mqtt_pwd
````

8
doc/POST_INTALL.md Normal file
View file

@ -0,0 +1,8 @@
### Initial access
User *admin* with password *domoticz* allow you to access the system. Of course, you should change them immediately.
User and password for Mosquitto broker are automatically generated during installation, you may retrieve them with
````
sudo yunohost app setting domoticz mqtt_user
sudo yunohost app setting domoticz mqtt_pwd
````

6
doc/PRE_INSTALL.md Normal file
View file

@ -0,0 +1,6 @@
## Mosquitto Broker
During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), may be installed at the same time as Domoticz.
This broker requires a dedicated domain or subdomain to work (ex: mqtt.your.domain.tld) : creating this domain prior installation is a prerequisite.
It's an optional setting: during install if you set, for the MQTT domain, the same domain as your main app domain or enter an empty domain, the broker won't be installed.

6
doc/PRE_INSTALL_fr.md Normal file
View file

@ -0,0 +1,6 @@
## Broker MQTT Mosquitto
À l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), peut être installé en même temps que Domoticz.
Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant.
Il est optionnel et si vous indiquez lors de l'installation un domaine vide ou le même domaine que le domaine principal pour le domaine MQTT, le broker ne sera pas installé.

View file

@ -0,0 +1,10 @@
###
BEWARE! If you did not activate the Mosquitto Broker within this package, please run following command prior to upgrade:
````yunohost app setting $app mqtt_domain -v your.$app.domain.tld````
Failure to do so may break the app.
If you did activate the Mosquitto broker, you can proceed safely.
###Changelog
- Move to packaging v2
- From now on, upgrade of the upstream app will not be handled into the app anymore: a new package version will be published for a new Domoticz version. Internal upgrade is disabled (although you may still use the command line)
- Upgrade to 2024.2

Binary file not shown.

After

Width:  |  Height:  |  Size: 66 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 401 KiB

View file

@ -1,68 +0,0 @@
{
"name": "Domoticz",
"id": "domoticz",
"packaging_format": 1,
"description": {
"en": "Home automation system that lets you monitor and configure miscellaneous devices",
"fr": "Logiciel de domotique qui vous permet de configurer un grand nombre d'appareils"
},
"version": "2020.2~ynh8",
"url": "https://www.domoticz.com",
"upstream": {
"license": "GPL-3.0-or-later",
"website": "https://domoticz.com/",
"admindoc": "https://www.domoticz.com/wiki/Main_Page",
"userdoc": "https://www.domoticz.com/DomoticzManual.pdf",
"code": "https://github.com/domoticz/domoticz",
"cpe": "cpe:2.3:a:domoticz:domoticz"
},
"license": "GPL-3.0-or-later",
"maintainer": {
"name": "Krakinou",
"email": "misterl56@hotmail.com"
},
"requirements": {
"yunohost": ">= 11.0.0"
},
"multi_instance": false,
"services": [
"nginx"
],
"arguments": {
"install": [
{
"name": "domain",
"type": "domain"
},
{
"name": "path",
"type": "path",
"example": "/domoticz",
"default": "/domoticz"
},
{
"name": "is_public",
"type": "boolean",
"default": false,
"help": {
"fr": "Attention, cette application n'a pas de gestion d'utilisateur par défaut, si vous la mettez public, n importe qui y aura accès!",
"en": "Beware, there is no user management by default. If it's set as public, anyone will have access!"
}
},
{
"name": "mqtt_domain",
"type": "domain",
"ask": {
"fr": "Domaine MQTT",
"en": "MQTT domain"
},
"example": "mqtt.your.domain.com",
"optional": true,
"help": {
"fr": "Domaine pour le serveur MQTT. Remettez le domaine principal si vous ne souhaitez pas l'utiliser. Lire la documentation pour plus d'informations",
"en": "MQTT server domain. Set the main domain if you don't wish to use it. See the doc for more info"
}
}
]
}
}

99
manifest.toml Normal file
View file

@ -0,0 +1,99 @@
packaging_format = 2
id = "domoticz"
name = "Domoticz"
description.en = "Lightweight Home Automation System"
description.fr = "Système domotique léger"
version = "2024.2~ynh1"
maintainers = ["Krakinou"]
[upstream]
license = "GPL-3.0-or-later"
website = "https://domoticz.com/"
admindoc = "https://www.domoticz.com/wiki/Main_Page"
userdoc = "https://www.domoticz.com/DomoticzManual.pdf"
code = "https://github.com/domoticz/domoticz"
cpe = "cpe:2.3:a:domoticz:domoticz"
fund = "https://www.paypal.com/donate?token=rF_gUybGmQGia_jzLfu3vkeXRqYLRV-v-BxCTylrTsEN4mB-nDdSVQhg3a-I9LkiqORq70Gtxbo6rq3r&locale.x=US"
[integration]
yunohost = ">= 11.2"
architectures = [ "amd64", "armhf", "arm64" ]
multi_instance = false
ldap = false
sso = false
disk = "100M"
ram.build = "150M"
ram.runtime = "50M"
[install]
[install.domain]
type = "domain"
[install.path]
type = "path"
default = "/domoticz"
[install.init_main_permission]
type = "group"
default = "all_users"
[install.mqtt_domain]
ask.fr = "Domaine MQTT"
ask.en = "MQTT domain"
help.fr = "Domaine pour le serveur MQTT. Remettez le domaine principal ou à vide si vous ne souhaitez pas l'utiliser. Lire la documentation pour plus d'informations"
help.en = "MQTT server domain. Set blank or the main domain if you don't wish to use it. See the doc for more info"
type = "domain"
optional = true
[resources]
[resources.sources.main]
arm64.url = "https://github.com/domoticz/domoticz/releases/download/2024.2/domoticz_linux_2024.2_aarch64.tgz"
arm64.sha256 = "d0ee6660c1c05c2949bfbe669de0029795f5974a5f00b6818c0aefba944b3fd6"
armhf.url = "https://github.com/domoticz/domoticz/releases/download/2024.2/domoticz_linux_2024.2_armv7l.tgz"
armhf.sha256 = "23eb3f4d2c818761773a45282b054f2707808005643ceba10a386cb1cf93db0a"
amd64.url = "https://github.com/domoticz/domoticz/releases/download/2024.2/domoticz_linux_2024.2_x86_64.tgz"
amd64.sha256 = "0f973af6dcadef17d75ac7372dfc2f0a87bd0fabca8db04348fe34bd1d0180e2"
format="tar.gz"
in_subdir=false
extract=true
autoupdate.strategy = "latest_github_release"
autoupdate.asset.arm64 = "*_aarch64.tgz"
autoupdate.asset.amd64 = "*_x86_64.tgz"
autoupdate.asset.armhf = "*_armhf.tgz"
[resources.system_user]
[resources.install_dir]
[resources.permissions]
main.url = "/"
main.auth_header = false
api.url = "__DOMAIN__/api_/__APP__"
api.show_tile = false
api.allowed = "visitors"
#Permission will be removed by the install script if not needed
mqtt.url = "__MQTT_DOMAIN__/"
mqtt.show_tile = false
mqtt.allowed = "visitors"
[resources.ports]
main.default = 8080
#to be checked if it can become conditionnal
#ports will always be provisionned... don't know if it's an issue...
mqtt.default = 1883
mqtt_websocket.default = 8883
[resources.apt]
packages = "libudev-dev, python3-dev, libcurl4, libusb-0.1-4"
packages_from_raw_bash = '''if [ "$mqtt_domain" != "$domain" ]; then echo mosquitto mosquitto-clients; fi'''

View file

@ -4,39 +4,10 @@
# COMMON VARIABLES # COMMON VARIABLES
#================================================= #=================================================
# dependencies used by the app
#python3-dev required as per https://www.domoticz.com/forum/viewtopic.php?f=65&t=16116&p=119747
#mosquitto and mosquitto-clients are required for mqtt
#other dependencies are from standard install script... seems quite useles...
pkg_dependencies="libudev-dev python3-dev"
extra_pkg_dependencies="mosquitto mosquitto-clients"
default_mqtt_port=1883
default_mqtt_websocket_port=8883
#ALL FOLLOWING LINE FROM THE upstream bash installation script
DEBIAN_ID=$(grep -oP '(?<=^ID=).+' /etc/*-release | tr -d '"')
DEBIAN_VERSION=$(grep -oP '(?<=^VERSION_ID=).+' /etc/*-release | tr -d '"')
if test ${DEBIAN_VERSION} -lt 10
then
add_dep="libcurl3"
else
add_dep="libcurl4 libusb-0.1-4"
fi;
pkg_dependencies="$pkg_dependencies $add_dep"
lowercase(){ lowercase(){
echo "$1" | sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/" echo "$1" | sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/"
} }
os=`lowercase \`uname -s\``
mach=`uname -m`
if [ ${mach} = "armv6l" ]
then
mach="armv7l"
fi
sha256=$(wget -qO- https://releases.domoticz.com/releases/release/domoticz_${os}_${mach}.tgz.sha256sum | sed 's/ update.tgz//' | sed 's/ domoticz_linux_x86_64.tgz//')
#================================================= #=================================================
# PERSONAL HELPERS # PERSONAL HELPERS
#================================================= #=================================================

View file

@ -10,27 +10,6 @@
source ../settings/scripts/_common.sh source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
mqtt_domain=$(ynh_app_setting_get --app=$app --key=mqtt_domain)
#================================================= #=================================================
# DECLARE DATA AND CONF FILES TO BACKUP # DECLARE DATA AND CONF FILES TO BACKUP
#================================================= #=================================================
@ -40,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..."
# BACKUP THE APP MAIN DIR # BACKUP THE APP MAIN DIR
#================================================= #=================================================
ynh_backup --src_path="$final_path" ynh_backup --src_path="$install_dir"
#================================================= #=================================================
# BACKUP THE NGINX CONFIGURATION # BACKUP THE NGINX CONFIGURATION
@ -48,7 +27,7 @@ ynh_backup --src_path="$final_path"
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/api_"$app".conf" ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/api_"$app".conf"
[[ ! -z "$mqtt_domain" ]] && ynh_backup --src_path="/etc/nginx/conf.d/$mqtt_domain.d/mqtt_$app.conf" --not_mandatory [[ "$domain" != "$mqtt_domain" ]] && ynh_backup --src_path="/etc/nginx/conf.d/$mqtt_domain.d/mqtt_$app.conf" --not_mandatory
#================================================= #=================================================
# SPECIFIC BACKUP # SPECIFIC BACKUP
@ -75,8 +54,7 @@ ynh_backup --src_path="/etc/systemd/system/$app.service"
# BACKUP VARIOUS FILES # BACKUP VARIOUS FILES
#================================================= #=================================================
ynh_backup --src_path="/etc/sudoers.d/$app" [[ "$domain" != "$mqtt_domain" ]] && ynh_backup --src_path="/etc/mosquitto/conf.d" --not_mandatory
[[ ! -z "$mqtt_domain" ]] && ynh_backup --src_path="/etc/mosquitto/conf.d" --not_mandatory
ynh_backup --src_path="/usr/share/yunohost/hooks/conf_regen/95-nginx_domoticz" ynh_backup --src_path="/usr/share/yunohost/hooks/conf_regen/95-nginx_domoticz"

View file

@ -9,53 +9,18 @@
source _common.sh source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
old_domain=$YNH_APP_OLD_DOMAIN
old_path=$YNH_APP_OLD_PATH
new_domain=$YNH_APP_NEW_DOMAIN
new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
#================================================= #=================================================
# LOAD SETTINGS # LOAD SETTINGS
#================================================= #=================================================
ynh_script_progression --message="Loading installation settings..." ynh_script_progression --message="Loading installation settings..."
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
old_api=$(ynh_app_setting_get --app=$app --key=api_path) old_api=$(ynh_app_setting_get --app=$app --key=api_path)
if [ "$new_path" == "/" ]; then if [ "$new_path" == "/" ]; then
new_api=/api_/$app new_api=/api_/$app
else else
new_api=/api_$new_path new_api=/api_$new_path
fi fi
#=================================================
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#================================================= #=================================================
# CHECK WHICH PARTS SHOULD BE CHANGED # CHECK WHICH PARTS SHOULD BE CHANGED
#================================================= #=================================================
@ -86,17 +51,18 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app
#================================================= #=================================================
ynh_script_progression --message="Updating NGINX web server configuration..." ynh_script_progression --message="Updating NGINX web server configuration..."
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf old_nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
nginx_api_conf_path=/etc/nginx/conf.d/$old_domain.d/api_$app.conf old_nginx_api_conf_path=/etc/nginx/conf.d/$old_domain.d/api_$app.conf
# Change the path in the NGINX config file # Change the path in the NGINX config file
if [ $change_path -eq 1 ] if [ $change_path -eq 1 ]
then then
# Make a backup of the original NGINX config file if modified # Make a backup of the original NGINX config file if modified
ynh_backup_if_checksum_is_different --file="$nginx_conf_path" ynh_backup_if_checksum_is_different --file="$old_nginx_conf_path"
# Set global variables for NGINX helper # Set global variables for NGINX helper
domain="$old_domain" domain="$old_domain"
path_url="$new_path" path_url="$new_path"
path="$new_path"
api_path="$new_api" api_path="$new_api"
# Create a dedicated NGINX config # Create a dedicated NGINX config
ynh_add_nginx_config ynh_add_nginx_config
@ -106,10 +72,11 @@ fi
if [ $change_domain -eq 1 ] if [ $change_domain -eq 1 ]
then then
# Delete file checksum for the old conf file location # Delete file checksum for the old conf file location
ynh_delete_file_checksum --file="$nginx_conf_path" ynh_delete_file_checksum --file="$old_nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf ynh_delete_file_checksum --file="$old_nginx_api_conf_path"
mv $old_nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
ynh_replace_string --match_string="/etc/nginx/conf.d/$old_domain.d/" --replace_string="/etc/nginx/conf.d/$new_domain.d/" --target_file="/etc/nginx/conf.d/$new_domain.d/$app.conf" ynh_replace_string --match_string="/etc/nginx/conf.d/$old_domain.d/" --replace_string="/etc/nginx/conf.d/$new_domain.d/" --target_file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
mv $nginx_api_conf_path /etc/nginx/conf.d/$new_domain.d/api_$app.conf mv $old_nginx_api_conf_path /etc/nginx/conf.d/$new_domain.d/api_$app.conf
# Store file checksum for the new config file location # Store file checksum for the new config file location
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/api_$app.conf" ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/api_$app.conf"
@ -125,7 +92,7 @@ ynh_script_progression --message="Upgrading SSOwat configuration..."
# If the app is private, API should stays publicly accessible. # If the app is private, API should stays publicly accessible.
ynh_app_setting_delete --app=$app --key="api_path" ynh_app_setting_delete --app=$app --key="api_path"
ynh_app_setting_set --app=$app --key="api_path" --value=$new_api ynh_app_setting_set --app=$app --key="api_path" --value=$new_api
ynh_permission_url --permission domoticz_API --url "$new_domain$new_api" ynh_permission_url --permission api --url "$new_domain$new_api"
#================================================= #=================================================
# GENERIC FINALISATION # GENERIC FINALISATION

View file

@ -10,103 +10,33 @@ source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#================================================= #=================================================
# MANAGE SCRIPT FAILURE # STORE SETTINGS
#=================================================
ynh_clean_setup () {
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain="$YNH_APP_ARG_DOMAIN"
path_url="$YNH_APP_ARG_PATH"
is_public="$YNH_APP_ARG_IS_PUBLIC"
mqtt_domain="$YNH_APP_ARG_MQTT_DOMAIN"
app="$YNH_APP_INSTANCE_NAME"
#Set dedicated variables
if [ "$path_url" == "/" ]; then
api_path=/api_/"$app"
else
api_path=/api_"$path_url"
fi
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..."
final_path=/opt/yunohost/"$app"
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app="$app" --domain="$domain" --path_url="$path_url"
#impossible de booker plusieurs webpath
#if [ ! -z $mqtt_domain ]; then
# ynh_webpath_register --app=mqtt_$app --domain=$mqtt_domain --path_url="/"
#fi
if [ "$domain" == "$mqtt_domain" ]; then
mqtt_domain=""
fi
#=================================================
# STORE SETTINGS FROM MANIFEST
#================================================= #=================================================
ynh_script_progression --message="Storing installation settings..." ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set --app="$app" --key=domain --value="$domain"
ynh_app_setting_set --app="$app" --key=path --value="$path_url"
#Will be used in restore script to check that we're restoring on the same OS/Board type #Will be used in restore script to check that we're restoring on the same OS/Board type
ynh_app_setting_set --app="$app" --key=OS --value="$os" OS=`lowercase \`uname -s\``
mach=`uname -m`
ynh_app_setting_set --app="$app" --key=OS --value="$OS"
ynh_app_setting_set --app="$app" --key=mach --value="$mach" ynh_app_setting_set --app="$app" --key=mach --value="$mach"
#path used by api & mqtt to read/update domoticz #path used by api to read/update domoticz
#Set dedicated variables
if [ "$path" == "/" ]; then
api_path=/api_/"$app"
else
api_path=/api_"$path"
fi
ynh_app_setting_set --app="$app" --key=api_path --value="$api_path" ynh_app_setting_set --app="$app" --key=api_path --value="$api_path"
[[ ! -z "$mqtt_domain" ]] && ynh_app_setting_set --app="$app" --key=mqtt_domain --value="$mqtt_domain"
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding available port..."
# Find an available port
port=$(ynh_find_port --port=8080)
ynh_app_setting_set --app="$app" --key=port --value="$port"
if [ ! -z "$mqtt_domain" ]; then
ynh_script_progression --message="Finding available ports for Mosquitto..."
mqtt_port=$(ynh_find_port --port="$default_mqtt_port")
ynh_app_setting_set --app="$app" --key=mqtt_port --value="$mqtt_port"
mqtt_websocket_port=$(ynh_find_port --port="$default_mqtt_websocket_port")
ynh_app_setting_set --app="$app" --key=mqtt_websocket_port --value="$mqtt_websocket_port"
fi
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=15
ynh_install_app_dependencies "$pkg_dependencies"
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
#================================================= #=================================================
ynh_script_progression --message="Configuring system user..." ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username="$app" --home_dir="$final_path"
#allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus #allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus
if grep dialout -q < /etc/group; then if grep dialout -q < /etc/group; then
usermod -a -G dialout "$app" usermod -a -G dialout "$app"
@ -118,44 +48,31 @@ if grep gpio -q < /etc/group; then
usermod -a -G gpio "$app" usermod -a -G gpio "$app"
fi fi
#allow app user to restart service on startup
ynh_add_config --template="../conf/sudoer" --destination="/etc/sudoers.d/$app"
chmod 440 /etc/sudoers.d/"$app"
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
ynh_script_progression --message="Setting up source files..." --weight=5 ynh_script_progression --message="Setting up source files..." --weight=5
ynh_app_setting_set --app="$app" --key=final_path --value="$final_path"
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
# Create an app.src for the correct version of domoticz ynh_setup_source --dest_dir="$install_dir"
# match string are fulfilled in _common.sh via the upstream bash installation script
ynh_add_config --template="../conf/app.src.default" --destination="../conf/app.src"
ynh_setup_source --dest_dir="$final_path"
#Create the database file #Create the database file
if [ ! -f "$final_path"/domoticz.db ]; then if [ ! -f "$install_dir"/domoticz.db ]; then
touch "$final_path"/domoticz.db touch "$install_dir"/domoticz.db
chmod 640 "$final_path"/domoticz.db chmod 640 "$install_dir"/domoticz.db
fi fi
chmod 750 "$final_path" chmod 750 "$install_dir"
chmod -R o-rwx "$final_path" chmod -R o-rwx "$install_dir"
chown -R "$app":"$app" "$final_path" chown -R "$app":"$app" "$install_dir"
#================================================= #=================================================
# SET MOSQUITTO SETTINGS # SET MOSQUITTO SETTINGS
#================================================= #=================================================
if [ ! -z "$mqtt_domain" ]; then if [ "$domain" != "$mqtt_domain" ]; then
ynh_script_progression --message="Setting up mosquitto..." --weight=5 ynh_script_progression --message="Setting up mosquitto..." --weight=5
#Installing packages
ynh_install_extra_app_dependencies --repo="deb https://repo.mosquitto.org/debian buster main" --package="$extra_pkg_dependencies" --key="http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key"
#Setting up conf file for access #Setting up conf file for access
ynh_add_config --template="../conf/domoticz_mosquitto.conf" --destination="/etc/mosquitto/conf.d/"$app"_mosquitto.conf" ynh_add_config --template="../conf/domoticz_mosquitto.conf" --destination="/etc/mosquitto/conf.d/"$app"_mosquitto.conf"
chmod 644 /etc/mosquitto/conf.d/"$app"_mosquitto.conf chmod 644 /etc/mosquitto/conf.d/"$app"_mosquitto.conf
@ -163,10 +80,13 @@ if [ ! -z "$mqtt_domain" ]; then
#Setting up user&pwd for mqtt access #Setting up user&pwd for mqtt access
ynh_app_setting_set --app="$app" --key=mqtt_user --value=$(ynh_string_random --length=8) ynh_app_setting_set --app="$app" --key=mqtt_user --value=$(ynh_string_random --length=8)
ynh_app_setting_set --app="$app" --key=mqtt_pwd --value=$(ynh_string_random) ynh_app_setting_set --app="$app" --key=mqtt_pwd --value=$(ynh_string_random)
echo $(ynh_app_setting_get --app="$app" --key=mqtt_user):$(ynh_app_setting_get --app="$app" --key=mqtt_pwd) > "/etc/mosquitto/conf.d/"$app"_credentials" echo $(ynh_app_setting_get --app="$app" --key=mqtt_user):$(ynh_app_setting_get --app="$app" --key=mqtt_pwd) > "/etc/mosquitto/conf.d/"$app"_credentials"
mosquitto_passwd -U "/etc/mosquitto/conf.d/"$app"_credentials" mosquitto_passwd -U "/etc/mosquitto/conf.d/"$app"_credentials"
ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app" ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app"
else
#If no MQTT have been set, we delete the mqtt permission.
ynh_permission_delete --permission="mqtt"
fi fi
@ -175,11 +95,10 @@ fi
#================================================= #=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=2 ynh_script_progression --message="Configuring NGINX web server..." --weight=2
[[ ! -z "$mqtt_domain" ]] && ynh_add_config --template="../conf/mqtt_nginx.conf" --destination="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf" [[ "$domain" != "$mqtt_domain" ]] && ynh_add_config --template="../conf/mqtt_nginx.conf" --destination="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf"
#Set Hook for nginx domain #Set Hook for nginx domain
cp -R ../sources/hooks/conf_regen/95-nginx_domoticz /usr/share/yunohost/hooks/conf_regen/ cp -R ../sources/hooks/conf_regen/95-nginx_domoticz /usr/share/yunohost/hooks/conf_regen/
yunohost tools regen-conf nginx
# Create a dedicated NGINX config # Create a dedicated NGINX config
ynh_add_config --template="api_nginx.conf" --destination="/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ynh_add_config --template="api_nginx.conf" --destination="/etc/nginx/conf.d/"$domain".d/api_"$app".conf"
@ -208,7 +127,7 @@ chown -R domoticz: /var/log/"$app"
# Use logrotate to manage application logfile(s) # Use logrotate to manage application logfile(s)
ynh_use_logrotate ynh_use_logrotate
[[ ! -z "$mqtt_domain" ]] && ynh_use_logrotate --logfile="/var/log/mosquitto" [[ "$domain" != "$mqtt_domain" ]] && ynh_use_logrotate --logfile="/var/log/mosquitto"
#================================================= #=================================================
# INTEGRATE SERVICE IN YUNOHOST # INTEGRATE SERVICE IN YUNOHOST
@ -216,7 +135,7 @@ ynh_use_logrotate
ynh_script_progression --message="Integrating service in YunoHost..." ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add "$app" --description="Domotique open sources" --log="/var/log/$app/$app.log" yunohost service add "$app" --description="Domotique open sources" --log="/var/log/$app/$app.log"
[[ ! -z "$mqtt_domain" ]] && yunohost service add mosquitto --description="Serveur MQTT pour domoticz" --log="/var/log/mosquitto/mosquitto.log" [[ "$domain" != "$mqtt_domain" ]] && yunohost service add mosquitto --description="Serveur MQTT pour domoticz" --log="/var/log/mosquitto/mosquitto.log"
#================================================= #=================================================
@ -228,7 +147,7 @@ ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name="$app" --action="start" ynh_systemd_action --service_name="$app" --action="start"
#Restarting mosquitto to take changes into account #Restarting mosquitto to take changes into account
[[ ! -z "$mqtt_domain" ]] && ynh_systemd_action --service_name=mosquitto --action="restart" [[ "$domain" != "$mqtt_domain" ]] && ynh_systemd_action --service_name=mosquitto --action="restart"
#================================================= #=================================================
# SETUP FAIL2BAN # SETUP FAIL2BAN
@ -244,36 +163,6 @@ fi
# Create a dedicated Fail2Ban config # Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from <HOST>.*$" --max_retry=5 ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from <HOST>.*$" --max_retry=5
ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..."
# Make app public if necessary
if [ "$is_public" -eq 1 ]
then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors"
fi
#remove the authentication header preventing login from 2023.2 and 11.2.3 onward
ynh_permission_url --permission="main" --auth_header=false
#API & MQTT should stay publicly accessible.
ynh_permission_create --permission="domoticz_API" --label="api" --url="$domain$api_path" --allowed="visitors" --show_tile="false" --protected="true"
[[ ! -z "$mqtt_domain" ]] && ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

View file

@ -9,126 +9,43 @@
source _common.sh source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
app="$YNH_APP_INSTANCE_NAME"
domain=$(ynh_app_setting_get --app="$app" --key=domain)
port=$(ynh_app_setting_get --app="$app" --key=port)
final_path=$(ynh_app_setting_get --app="$app" --key=final_path)
mqtt_domain=$(ynh_app_setting_get --app="$app" --key=mqtt_domain)
#================================================= #=================================================
# STANDARD REMOVE # STANDARD REMOVE
#================================================= #=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST # REMOVE SERVICE INTEGRATION IN YUNOHOST
#================================================= #=================================================
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if [ "$domain" != "$mqtt_domain" ]; then
ynh_script_progression --message="Removing system configurations related to Mosquitto..." --weight=1
yunohost service remove mosquitto
ynh_secure_remove --file="/etc/mosquitto/conf.d"
ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/95-nginx_domoticz"
ynh_secure_remove --file="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf"
yunohost tools regen-conf postfix
ynh_secure_remove --file="/var/log/mosquitto"
fi
ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
if ynh_exec_warn_less yunohost service status "$app" >/dev/null if ynh_exec_warn_less yunohost service status "$app" >/dev/null
then then
ynh_script_progression --message="Removing $app service integration..." ynh_script_progression --message="Removing $app service integration..."
yunohost service remove "$app" yunohost service remove "$app"
[[ ! -z "$mqtt_domain" ]] && yunohost service remove mosquitto
fi fi
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
ynh_script_progression --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config # Remove the dedicated systemd config
ynh_remove_systemd_config ynh_remove_systemd_config
#=================================================
# CLOSE A PORT
#=================================================
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $port..." --weight=1
ynh_exec_warn_less yunohost firewall disallow TCP "$port"
fi
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=3
# Remove metapackage and its dependencies
[[ ! -z "$mqtt_domain" ]] && ynh_secure_remove --file="/etc/mosquitto/conf.d"
ynh_remove_app_dependencies
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..." --weight=3
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..."
#remove hook for mqtt nginx
ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/95-nginx_domoticz"
yunohost tools regen-conf postfix
# Remove the dedicated NGINX config
[[ ! -z "$mqtt_domain" ]] && ynh_secure_remove --file="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf"
ynh_secure_remove --file="/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ynh_secure_remove --file="/etc/nginx/conf.d/"$domain".d/api_"$app".conf"
ynh_remove_nginx_config ynh_remove_nginx_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..."
# Remove the app-specific logrotate config
ynh_remove_logrotate ynh_remove_logrotate
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=8
# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config ynh_remove_fail2ban_config
#=================================================
# SPECIFIC REMOVE
#=================================================
# REMOVE VARIOUS FILES
#=================================================
ynh_script_progression --message="Removing various files..."
# Remove the log files
ynh_secure_remove --file="/var/log/$app" ynh_secure_remove --file="/var/log/$app"
[[ ! -z "$mqtt_domain" ]] && ynh_secure_remove --file="/var/log/mosquitto"
#Delete the sudoer file
ynh_secure_remove --file="/etc/sudoers.d/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..."
# Delete a system user
ynh_system_user_delete --username="$app"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_script_progression --message="Removal of $app completed" --last ynh_script_progression --message="Removal of $app completed" --last

View file

@ -10,43 +10,23 @@
source ../settings/scripts/_common.sh source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#================================================= current_os=`lowercase \`uname -s\``
# MANAGE SCRIPT FAILURE current_mach=`uname -m`
#=================================================
ynh_clean_setup () {
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
app="$YNH_APP_INSTANCE_NAME"
domain=$(ynh_app_setting_get --app="$app" --key=domain)
path_url=$(ynh_app_setting_get --app="$app" --key=path)
final_path=$(ynh_app_setting_get --app="$app" --key=final_path)
backup_OS=$(ynh_app_setting_get --app="$app" --key=OS)
backup_mach=$(ynh_app_setting_get --app="$app" --key=mach)
mqtt_domain=$(ynh_app_setting_get --app="$app" --key=mqtt_domain)
#================================================= #=================================================
# CHECK IF THE APP CAN BE RESTORED # CHECK IF THE APP CAN BE RESTORED
#================================================= #=================================================
ynh_script_progression --message="Validating restoration parameters..."
test ! -d "$final_path" \
|| ynh_die --message="There is already a directory: $final_path "
#As we are downloading compiled binaries for each system, we have to check if the restore occurs #As we are downloading compiled binaries for each system, we have to check if the restore occurs
#on the same system type. If we are restoring on another system type it won't work and in that #on the same system type. If we are restoring on another system type it won't work and in that
#case we must go through a reinstall process. #case we must go through a reinstall process.
test "$backup_OS" = "$os" \ test "$OS" = "$current_os" \
|| ynh_die --message="Cannot restore : previous OS is $backup_OS, current OS is $OS, please reinstall" || ynh_die --message="Cannot restore : previous OS is $OS, current OS is $current_os, please reinstall"
test "$backup_mach" = "$mach" \ test "$mach" = "$current_mach" \
|| ynh_die --message="Cannot restore : previous machine type is $backup_mach, current machine type is $MACH, please reinstall" || ynh_die --message="Cannot restore : previous machine type is $mach, current machine type is $current_mach, please reinstall"
ynh_app_setting_set --app="$app" --key=OS --value="$current_os"
ynh_app_setting_set --app="$app" --key=mach --value="$current_mach"
#================================================= #=================================================
# STANDARD RESTORATION STEPS # STANDARD RESTORATION STEPS
@ -62,11 +42,6 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$mqtt_domain.d/mqtt_$app.conf"
#================================================= #=================================================
# RECREATE THE DEDICATED USER # RECREATE THE DEDICATED USER
#================================================= #=================================================
ynh_script_progression --message="Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create --username="$app" --home_dir="$final_path"
#allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus #allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus
if grep dialout -q < /etc/group; then if grep dialout -q < /etc/group; then
usermod -a -G dialout "$app" usermod -a -G dialout "$app"
@ -78,40 +53,26 @@ if grep gpio -q < /etc/group; then
usermod -a -G gpio "$app" usermod -a -G gpio "$app"
fi fi
#Restore user authorization to restart server
ynh_restore_file --origin_path="/etc/sudoers.d/$app"
#================================================= #=================================================
# RESTORE THE APP MAIN DIR # RESTORE THE APP MAIN DIR
#================================================= #=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=5 ynh_script_progression --message="Restoring the app main directory..." --weight=5
ynh_restore_file --origin_path="$final_path" ynh_restore_file --origin_path="$install_dir"
chmod 750 "$final_path" chmod 750 "$install_dir"
chmod -R o-rwx "$final_path" chmod -R o-rwx "$install_dir"
chown -R "$app":"$app" "$final_path" chown -R "$app":"$app" "$install_dir"
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=5
# Define and install dependencies
ynh_install_app_dependencies "$pkg_dependencies"
#================================================= #=================================================
# SET MOSQUITTO SETTINGS # SET MOSQUITTO SETTINGS
#================================================= #=================================================
if [ ! -z "$mqtt_domain" ]; then if [ "$domain" != "$mqtt_domain" ]; then
ynh_script_progression --message="Reinstalling up mosquitto..." --weight=5 ynh_script_progression --message="Reinstalling up mosquitto..." --weight=5
#Installing packages
ynh_install_extra_app_dependencies --repo="deb https://repo.mosquitto.org/debian buster main" --package="$extra_pkg_dependencies" --key="http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key"
#reinstalling settings
ynh_restore_file --origin_path="/etc/mosquitto/conf.d" --not_mandatory ynh_restore_file --origin_path="/etc/mosquitto/conf.d" --not_mandatory
else
#If no MQTT have been set, we delete the mqtt permission.
ynh_permission_delete --permission="mqtt"
fi fi
#================================================= #=================================================
@ -128,7 +89,7 @@ systemctl enable "$app".service --quiet
ynh_script_progression --message="Integrating service in YunoHost..." ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add "$app" --description="Domotique open sources" --log="/var/log/$app/$app.log" yunohost service add "$app" --description="Domotique open sources" --log="/var/log/$app/$app.log"
[[ ! -z "$mqtt_domain" ]] && yunohost service add mosquitto --description="Serveur MQTT pour domoticz" --log="/var/log/mosquitto/mosquitto.log" [[ "$domain" != "$mqtt_domain" ]] && yunohost service add mosquitto --description="Serveur MQTT pour domoticz" --log="/var/log/mosquitto/mosquitto.log"
#================================================= #=================================================
@ -139,7 +100,7 @@ ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log"
#Restarting mosquitto to take changes into account #Restarting mosquitto to take changes into account
[[ ! -z "$mqtt_domain" ]] && ynh_systemd_action --service_name=mosquitto --action="restart" [[ "$domain" != "$mqtt_domain" ]] && ynh_systemd_action --service_name=mosquitto --action="restart"
#================================================= #=================================================
# RESTORE THE LOGROTATE CONFIGURATION # RESTORE THE LOGROTATE CONFIGURATION
@ -157,7 +118,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app"
ynh_script_progression --message="Restoring various files..." ynh_script_progression --message="Restoring various files..."
ynh_restore_file --origin_path="/usr/share/yunohost/hooks/conf_regen/95-nginx_domoticz" ynh_restore_file --origin_path="/usr/share/yunohost/hooks/conf_regen/95-nginx_domoticz"
yunohost tools regen-conf postfix #yunohost tools regen-conf postfix
#================================================= #=================================================
# RESTORE THE FAIL2BAN CONFIGURATION # RESTORE THE FAIL2BAN CONFIGURATION

View file

@ -1,9 +1,5 @@
#!/bin/bash #!/bin/bash
version_gt() {
test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1";
}
#================================================= #=================================================
# GENERIC START # GENERIC START
#================================================= #=================================================
@ -13,24 +9,6 @@ version_gt() {
source _common.sh source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
app="$YNH_APP_INSTANCE_NAME"
domain=$(ynh_app_setting_get --app="$app" --key=domain)
path_url=$(ynh_app_setting_get --app="$app" --key=path)
final_path=$(ynh_app_setting_get --app="$app" --key=final_path)
port=$(ynh_app_setting_get --app="$app" --key=port)
current_OS=$(ynh_app_setting_get --app="$app" --key=OS)
current_mach=$(ynh_app_setting_get --app="$app" --key=mach)
api_path=$(ynh_app_setting_get --app="$app" --key=api_path)
mqtt_domain=$(ynh_app_setting_get --app="$app" --key=mqtt_domain)
mqtt_port=$(ynh_app_setting_get --app="$app" --key=mqtt_port)
mqtt_websocket_port=$(ynh_app_setting_get --app="$app" --key=mqtt_websocket_port)
#================================================= #=================================================
# CHECK VERSION # CHECK VERSION
#================================================= #=================================================
@ -38,35 +16,6 @@ ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed) upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
# Ugly hack so that previous version backup script from "https://github.com/anubister/domoticz_ynh" works :
# It creates a dummy file in /etc/cron.d so that the backup do not fail.
current_upstream_version=$(ynh_app_upstream_version --manifest="/etc/yunohost/apps/$app/manifest.json")
current_package_version=$(ynh_app_package_version --manifest="/etc/yunohost/apps/$app/manifest.json")
if version_gt "4.9701" "$current_upstream_version" && version_gt "2" "$current_package_version" ; then
touch /etc/cron.d/"$app"
fi
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
#remove ugly hack
if [ -f /etc/cron.d/"$app" ]; then
rm /etc/cron.d/"$app"
fi
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#================================================= #=================================================
# STANDARD UPGRADE STEPS # STANDARD UPGRADE STEPS
#================================================= #=================================================
@ -82,69 +31,34 @@ ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$a
ynh_script_progression --message="Ensuring downward compatibility..." ynh_script_progression --message="Ensuring downward compatibility..."
#Store OS and machine (to be used in restore script) #Store OS and machine (to be used in restore script)
if [ -z "$current_OS" ]; then if [ -z "${OS:+x}" ]; then
ynh_app_setting_set --app="$app" --key=OS --value="$OS" ynh_app_setting_-set --app="$app" --key=OS --value=`lowercase \`uname -s\``
fi fi
if [ -z "$current_mach" ]; then if [ -z "${mach:+x}" ]; then
ynh_app_setting_set --app="$app" --key=mach --value="$MACH" mach=`uname -m`
ynh_app_setting_set --app="$app" --key=mach --value="$mach"
fi fi
# If final_path doesn't exist, create it #sudoer file for restarting is not required anymore (from 2023.1~ynh1) as upgrade is managed by the Yunohost Package
if [ -z "$final_path" ]; then if [ -f /etc/sudoers.d/domoticz ]; then
final_path=/var/www/"$app" rm /etc/sudoers.d/domoticz
ynh_app_setting_set --app="$app" --key=final_path --value="$final_path"
fi fi
#Create a dedicated path for the api access #Create a dedicated path for the api access
if [ -z "$api_path" ]; then if [ -z "$api_path" ]; then
if [ "$path_url" == "/" ]; then if [ "$path" == "/" ]; then
api_path=/api_/"$app" api_path=/api_/"$app"
else else
api_path=/api_"$path_url" api_path=/api_"$path"
fi fi
ynh_app_setting_set --app="$app" --key=api_path --value="$api_path" ynh_app_setting_set --app="$app" --key=api_path --value="$api_path"
fi fi
#Create a dedicated path for the mqtt access #Previous version did not have settings stored and
if [ -z "$mqtt_domain" ]; then #variable may not be bound.
ynh_print_info --message="Mosquitto, a mqtt server, can now be installed during upgrade, pleaser refer to package documentation to activate it" if [[ -z "${mqtt_domain+x}" ]]; then
fi mqtt_domain="$domain"
ynh_app_setting_set --app="$app" --key=mqtt_domain --value="$mqtt_domain"
#Port to listen for MQTT internal
if [[ -z "$mqtt_port" && ! -z "$mqtt_domain" ]]; then
mqtt_port=$(ynh_find_port --port="$default_mqtt_port")
ynh_app_setting_set --app="$app" --key=mqtt_port --value="$mqtt_port"
fi
#Port to listen for MQTT websocket
if [[ -z "$mqtt_websocket_port" && ! -z "$mqtt_domain" ]]; then
mqtt_websocket_port=$(ynh_find_port --port="$default_mqtt_websocket_port")
ynh_app_setting_set --app="$app" --key=mqtt_websocket_port --value="$mqtt_websocket_port"
fi
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app="$app" --key=is_public
fi
# Create the permission "domoticz_API" only if it doesn't exist.
if ! ynh_permission_exists --permission="domoticz_API"
then
# API Authorization with dedicated URL
ynh_permission_create --permission="domoticz_API" --label="api" --url="$domain$api_path" --allowed="visitors" --show_tile="false" --protected="true"
fi
# Create the permission "domoticz_MQTT" only if it doesn't exist.
if [ ! -z "$mqtt_domain" ]; then
if ! ynh_permission_exists --permission="domoticz_MQTT"
then
# API Authorization with dedicated URL
ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true"
fi
fi fi
#remove unwanted log folder #remove unwanted log folder
@ -152,16 +66,11 @@ if [ -d "/var/log/$app/$app" ]; then
ynh_secure_remove "/var/log/$app/$app" ynh_secure_remove "/var/log/$app/$app"
fi fi
#remove the authentication header preventing login from 2023.2 and 11.2.3 onward
ynh_permission_url --permission="main" --auth_header=false
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
#================================================= #=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." ynh_script_progression --message="Checking dedicated user permissions..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username="$app" --home_dir="$final_path"
#allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus #allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus
if grep dialout -q < /etc/group; then if grep dialout -q < /etc/group; then
@ -174,10 +83,6 @@ if grep gpio -q < /etc/group; then
usermod -a -G gpio "$app" usermod -a -G gpio "$app"
fi fi
#allow app user to restart service on startup
ynh_add_config --template="../conf/sudoer" --destination="/etc/sudoers.d/$app"
chmod 440 /etc/sudoers.d/"$app"
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
@ -185,30 +90,24 @@ chmod 440 /etc/sudoers.d/"$app"
if [ "$upgrade_type" == "UPGRADE_APP" ] if [ "$upgrade_type" == "UPGRADE_APP" ]
then then
ynh_script_progression --message="Upgrading source files..." --weight=15 ynh_script_progression --message="Upgrading source files..." --weight=15
ynh_setup_source --dest_dir="$install_dir"
# Download, check integrity, uncompress and patch the source from app.src
ynh_add_config --template="../conf/app.src.default" --destination="../conf/app.src"
ynh_setup_source --dest_dir="$final_path"
#Create the database file #Create the database file
if [ ! -f "$final_path"/domoticz.db ]; then if [ ! -f "$install_dir"/domoticz.db ]; then
touch "$final_path"/domoticz.db touch "$install_dir"/domoticz.db
chmod 644 "$final_path"/domoticz.db chmod 644 "$install_dir"/domoticz.db
fi fi
fi fi
chmod 750 "$final_path" chmod 750 "$install_dir"
chmod -R o-rwx "$final_path" chmod -R o-rwx "$install_dir"
chown -R "$app":"$app" "$final_path" chown -R "$app":"$app" "$install_dir"
#================================================= #=================================================
# SET MOSQUITTO SETTINGS # SET MOSQUITTO SETTINGS
#================================================= #=================================================
if [ ! -z "$mqtt_domain" ]; then if [ "$domain" != "$mqtt_domain" ]; then
ynh_script_progression --message="Setting up mosquitto..." --weight=5 ynh_script_progression --message="Setting up mosquitto..." --weight=5
#Installing packages
ynh_install_extra_app_dependencies --repo="deb https://repo.mosquitto.org/debian buster main" --package="$extra_pkg_dependencies" --key="http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key"
#Setting up conf file for access #Setting up conf file for access
if [ ! -f "/etc/mosquitto/conf.d/"$app"_mosquitto.conf" ] if [ ! -f "/etc/mosquitto/conf.d/"$app"_mosquitto.conf" ]
then then
@ -223,6 +122,9 @@ if [ ! -z "$mqtt_domain" ]; then
ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app" ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app"
fi fi
else
#If no MQTT have been set, we delete the mqtt permission.
ynh_permission_delete --permission="mqtt"
fi fi
#================================================= #=================================================
@ -230,11 +132,10 @@ fi
#================================================= #=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." ynh_script_progression --message="Upgrading NGINX web server configuration..."
[[ ! -z "$mqtt_domain" ]] && ynh_add_config --template="../conf/mqtt_nginx.conf" --destination="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf" [[ "$domain" != "$mqtt_domain" ]] && ynh_add_config --template="../conf/mqtt_nginx.conf" --destination="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf"
#Set Hook for nginx domain #Set Hook for nginx domain
cp -R ../sources/hooks/conf_regen/95-nginx_domoticz /usr/share/yunohost/hooks/conf_regen/ cp -R ../sources/hooks/conf_regen/95-nginx_domoticz /usr/share/yunohost/hooks/conf_regen/
yunohost tools regen-conf nginx
# Create a dedicated NGINX config # Create a dedicated NGINX config
if [[ ! -f "/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ]] if [[ ! -f "/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ]]
@ -245,13 +146,6 @@ then
fi fi
ynh_add_nginx_config ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=5
ynh_install_app_dependencies "$pkg_dependencies"
#================================================= #=================================================
# SPECIFIC UPGRADE # SPECIFIC UPGRADE
#================================================= #=================================================
@ -290,14 +184,14 @@ fi
# Create a dedicated Fail2Ban config # Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from <HOST>.*$" --max_retry=5 ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from <HOST>.*$" --max_retry=5
ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation"
#================================================= #=================================================
# INTEGRATE SERVICE IN YUNOHOST # INTEGRATE SERVICE IN YUNOHOST
#================================================= #=================================================
ynh_script_progression --message="Integrating service in YunoHost..." ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add "$app" --description="Domotique open sources" --log="/var/log/$app/$app.log" yunohost service add "$app" --description="Domotique open sources" --log="/var/log/$app/$app.log"
[[ ! -z "$mqtt_domain" ]] && yunohost service add mosquitto --description="Serveur MQTT pour domoticz" --log="/var/log/mosquitto/mosquitto.log" [[ "$domain" != "$mqtt_domain" ]] && yunohost service add mosquitto --description="Serveur MQTT pour domoticz" --log="/var/log/mosquitto/mosquitto.log"
#================================================= #=================================================
@ -308,14 +202,7 @@ ynh_script_progression --message="Starting a systemd service..." --weight=3
ynh_systemd_action --service_name="$app" --action="start" ynh_systemd_action --service_name="$app" --action="start"
#Restarting mosquitto to take changes from /etc/mosquitto/conf.d/*.conf into account #Restarting mosquitto to take changes from /etc/mosquitto/conf.d/*.conf into account
[[ ! -z "$mqtt_domain" ]] && ynh_systemd_action --service_name=mosquitto --action="restart" [[ "$domain" != "$mqtt_domain" ]] && ynh_systemd_action --service_name=mosquitto --action="restart"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

View file

@ -0,0 +1,32 @@
--- a/www/index.html 2023-02-26 22:22:14.971932399 +0100
+++ b/www/index.html 2023-02-26 22:27:12.926431427 +0100
@@ -170,14 +170,15 @@
}
function ShowUpdateNotification(Revision, SystemName, DownloadURL) {
- var msgtxt=$.t('A new version of Domoticz is Available!...');
+ <!--var msgtxt=$.t('A new version of Domoticz is Available!...');-->
+ var msgtxt=$.t('A new version of Domoticz is Available, please wait for the Yunohost Package!...');
msgtxt+='<br>' + $.t('Version') + ': <b>' + Revision + '</b>, ' + $.t('Latest Changes') + ': <b><a class="norm-link" onclick="ShowLatestHistory();">' + $.t('Click Here') + '</a></b>';
- if (SystemName=="windows") {
+ <!--if (SystemName=="windows") {
msgtxt+='<br><center><a class="btn btn-danger" onclick="WindowsDownloadURL(\'' + DownloadURL + '\')">' + $.t('Update Now') + '</a></center>';
}
else {
msgtxt+='<br><center><a class="btn btn-danger" onclick="SwitchLayout(\'Update\');">' + $.t('Update Now') + '</a></center>';
- }
+ }-->
generate_noty('success', msgtxt, false);
}
@@ -1330,8 +1331,8 @@
<li ng-class="{'current_page_item':getClass('/Devices')}" id="mDevices"><a id="cDevices" href="#Devices"><img src="images/devices.png"> <span data-i18n="Devices">Devices</span></a></li>
<li ng-class="{'current_page_item':getClass('/Setup')}" id="mSetup"><a id="cSetup" href="#Setup"><img src="images/setup.png"> <span data-i18n="Settings">Settings</span></a></li>
<li id="dUpdate" class="divider"></li>
- <li ng-show="config.HaveUpdate && config.UseUpdate"><a href="#Update"><img src="images/update.png"> <span data-i18n="Update Domoticz">Update Domoticz</span></a></li>
- <li ng-show="!config.HaveUpdate && config.UseUpdate"><a class="lcursor" onclick="javascript:CheckForUpdate(true)"><img src="images/update.png"> <span data-i18n="Check for Update">Check for Update</span></a></li>
+<!-- <li ng-show="config.HaveUpdate && config.UseUpdate"><a href="#Update"><img src="images/update.png"> <span data-i18n="Update Domoticz">Update Domoticz</span></a></li>
+ <li ng-show="!config.HaveUpdate && config.UseUpdate"><a class="lcursor" onclick="javascript:CheckForUpdate(true)"><img src="images/update.png"> <span data-i18n="Check for Update">Check for Update</span></a></li>-->
<li class="dropdown-submenu">
<a id="cMoreOptions" tabindex="-1" data-i18n="More options">More options</a>
<ul class="dropdown-menu pull-left">

57
tests.toml Normal file
View file

@ -0,0 +1,57 @@
test_format = 1.0
#without Mosquitto
[default]
#Adding domain even if not used : snapshot are reused and may require domain to work
preinstall = """
set -euxo pipefail
yunohost domain add mqtt.domain.tld
"""
preupgrade = """
set -euxo pipefail
yunohost app setting domoticz mqtt_domain -v sub.domain.tld
"""
args.mqtt_domain="sub.domain.tld"
test_upgrade_from.a96510c.name = "2024.2"
test_upgrade_from.a96510c.args.mqtt_domain="sub.domain.tld"
test_upgrade_from.a96510c.args.domain="sub.domain.tld"
test_upgrade_from.a96510c.args.path="/domoticz"
# exclude = ["package_linter", "install.root", "install.subdir", "install.private", "install.multi", "backup_restore", "upgrade", "upgrade.a96510c", "change_url"]
[With_Mosquitto_upgrade_with_mosquitto]
preinstall = """
set -euxo pipefail
yunohost domain add mqtt.domain.tld
"""
args.mqtt_domain="mqtt.domain.tld"
exclude = ["package_linter"]
test_upgrade_from.a96510c.name = "2024.2 with mosquitto"
test_upgrade_from.a96510c.args.mqtt_domain="mqtt.domain.tld"
test_upgrade_from.a96510c.args.domain="sub.domain.tld"
test_upgrade_from.a96510c.args.path="/domoticz"
[Without_Mosquitto_upgrade_with_mosquitto]
preinstall = """
set -euxo pipefail
yunohost domain add mqtt.domain.tld
"""
preupgrade = """
set -euxo pipefail
yunohost app setting domoticz mqtt_domain -v mqtt.domain.tld
"""
args.mqtt_domain="sub.domain.tld"
only = ["upgrade","upgrade.a96510c"]
# exclude = ["package_linter", "install.root", "install.subdir", "install.private", "install.multi", "backup_restore", "change_url"]
test_upgrade_from.a96510c.name = "2024.2 without mosquitto"
test_upgrade_from.a96510c.args.mqtt_domain="sub.domain.tld"
test_upgrade_from.a96510c.args.domain="sub.domain.tld"
test_upgrade_from.a96510c.args.path="/domoticz"