YunoHost-Apps/domoticz_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/domoticz_ynh.git synced 2024-09-03 18:26:17 +02:00
Code Issues Activity Actions

convert to v2

Browse source
This commit is contained in:
Krakinou 2023-02-27 23:24:05 +01:00
parent 59aacd614f
commit fdda287acf
21 changed files with 348 additions and 697 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
check_process
View file

@ -1,54 +0,0 @@
;; Test avec Mosquitto
; pre-install
set -euxo pipefail
yunohost domain add mqtt.domain.tld
; pre-upgrade
set -euxo pipefail
yunohost app setting domoticz mqtt_domain -v mqtt.domain.tld
; Manifest
domain="domain.tld" (DOMAIN)
path="/domoticz" (PATH)
is_public=1 (PUBLIC|public=1|private=0)
mqtt_domain="mqtt.domain.tld"
; Checks
pkg_linter=1
setup_sub_dir=1
setup_root=1
setup_private=1
setup_public=1
upgrade=1
upgrade=1 from_commit=048ae59a016755b0829a4e8f3ed5d0dbbd1b826b
backup_restore=1
port_already_use=1
change_url=1
;;; Options
Email=nicolas@aubonalbanais.ovh
Notification=none
;;; Upgrade options
; commit=048ae59a016755b0829a4e8f3ed5d0dbbd1b826b
name=Package ynh3
##;; Test sans Mosquitto
## ; Manifest
## domain="domain.tld" (DOMAIN)
## path="/domoticz" (PATH)
## is_public=1 (PUBLIC|public=1|private=0)
## mqtt_domain="sub.domain.tld"
## ; Checks
## pkg_linter=0
## setup_sub_dir=1
## setup_root=1
## setup_private=1
## setup_public=1
## upgrade=1
## upgrade=1 from_commit=048ae59a016755b0829a4e8f3ed5d0dbbd1b826b
## backup_restore=1
## port_already_use=1
## change_url=1
##;;; Options
##Email=nicolas@aubonalbanais.ovh
##Notification=none
##;;; Upgrade options
## ; commit=048ae59a016755b0829a4e8f3ed5d0dbbd1b826b
## name=Package ynh3

14
conf/sudoer
View file

@ -1,14 +0,0 @@
#
# This file MUST be edited with the 'visudo' command as root.
#
# Use 'visudo -f /etc/sudoers.d/domoticz' to do so.
#
# See the man page for details on how to write a sudoers file.
#This file allow domoticz user to restart the service while upgrading the application with the upstream internal updater
#alias for command to restart service (will be used during upgrade)
Cmnd_Alias RESTART_CMD = /sbin/service __APP__.sh restart
#authorized app user to run restart command
__APP__ ALL=(ALL) NOPASSWD: RESTART_CMD

20
conf/systemd.service
View file

@ -7,31 +7,29 @@ User=__APP__
Group=__APP__
ExecStart=__INSTALL_DIR__/domoticz -www __PORT__ -sslwww 0 -log /var/log/__APP__/__APP__.log -loglevel normal,status,error
WorkingDirectory=__INSTALL_DIR__/
PermissionsStartOnly=true
ExecStartPre=setcap 'cap_net_bind_service=+ep cap_net_raw=+eip' __INSTALL_DIR__/domoticz
ExecStartPre=+setcap 'cap_net_bind_service=+ep cap_net_raw=+eip' __INSTALL_DIR__/domoticz
Restart=on-failure
RestartSec=1m
#StandardOutput=null
# Sandboxing options to harden security
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
# Most of the options are disabled as they prevent domoticz to correctly update
#NoNewPrivileges=yes
NoNewPrivileges=yes
PrivateTmp=yes
#Private device restrict access to device in /dev/, so to any devices like razberry, zigate, etc.
#PrivateDevices=yes
#RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
#RestrictNamespaces=yes
#RestrictRealtime=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
#Same : restrict access to devices
#DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
#ProtectKernelModules=yes
#ProtectKernelTunables=yes
#LockPersonality=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
#@setuid prevent system call such as ping or other command lines
#SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @swap
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @swap
#SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps

90
doc/ADMIN.md Normal file
View file

@ -0,0 +1,90 @@
## Configuration
### Broker Mosquitto
During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), is installed at the same time as Domoticz. The installed version is the one from the official project repo and not from Debian ones.
This broker requires a dedicated domain or subdomain to work (ex : mqtt.your.domain.tld) : creating this domain prior installation is a prerequisite
#### Adding in domoticz
To use mosquitto, you need to customize the communication between domoticz and the broker by following the [domoticz documentation](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto), part *Add hardware "MQTT Client Gateway"*.
User and password are automatically generated during installation, you may retrieve them with
````
sudo yunohost app setting domoticz mqtt_user
sudo yunohost app setting domoticz mqtt_pwd
````
#### Publish/Subscribe
By default, mosquitto will listen on 2 ports:
- 1883 on localhost using mqtt protocol
- 8883 using websocket protocol. Nginx redirect external port 443 to this internal port.
Hence, To publish/subscribe on a topic from the outside, you have to use a software supporting websocket protocol (ex : paho python library).
#### Mosquitto_pub et mosquitto_sub
These 2 tools do not support websocket protocol, only direct mqtt: base settings will not allow communication from an outside device.
If you're using them directly from your server, this kind of syntax should work:
````
mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }'
````
In the same way:
````
mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out'
````
If you wish to open direct mqtt protocol from an outside device, you'll need to:
- open port 1883 on Yunohost firewall (**Attention, security risk**)
- Allows IP addresses in mosquitto configuration for this listener
- Set the tls setting in mosquitto configuration by giving access to crt.pem and key.pem from your mqtt domain by setting respective certfile et keyfile variables. **This is mandatory to ensure a secure connection.**
#### Upgrade from version without mosquitto
If you have package ynh3 or below or if you have chosen to not set a domain during initial installation, mosquitto is not installed by default.
If you need to activate mosquitto in retrospect, do following actions:
1. Create a domain or a subdomain (for example : 'mqtt.your.domain.tld')
2. Connect to your server in command line
3. Type following command : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld`
4. Upgrade domoticz to last package.
If you're already on the last package version, use the following command : `yunohost app upgrade domoticz --force`
## Configuration
### Sensors, language and this kind of stuff
Main configuration of the app take place inside the app itself.
### Zwave management
If you're using zwave devices, install mosquitto along domoticz and give a try to [zwave-JS-UI package](https://github.com/YunoHost-Apps/zwave-js-ui_ynh).
Once installed, just follow instructions from the [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI)
### Access and API
By default, access for the [JSON API](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) is allowed on following path `/yourdomain.tld/api_/domoticzpath`.
So if you access domoticz via https://mydomainname.tld/domoticz, use the following webpath for the api : `/mydomainname.tld/api_/domoticz/json.htm?yourapicommand`
By default, only sensor updates and switch toogle are authorized. To authorized a new command, you have to manually update the nginx config file :
````
sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf
````
Then edit the following block by adding the regex of the command you want to allow:
````
#set the list of authorized json command here in regex format
#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
#By default, sensors updates and toggle switch are authorized
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
set $api "1";
}
````
For example, to add the json command to retrieve the status of a device (/json.htm?type=devices&rid=IDX),modify the line as this:
````
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) {
set $api "1";
}
````
All IPv4 addresses within the local network (192.168.0.0/24) and *all IPv6* addresses are authorized as API.
As far as I know, there is no way to filter for IPv6 address on local network : You may remove the authorization by removing or commenting this line in `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`:
````
allow ::/1;
````
This will authorized only IPv4 within local network to access your domoticz API.
You may add individual IPv6 address in the same way.

91
doc/ADMIN_fr.md Normal file
View file

@ -0,0 +1,91 @@
## Configuration
### Broker MQTT Mosquitto
A l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), est installé en même temps que Domoticz. La version installée est celle du dépot officiel du projet, et non des dépots Debian.
Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant.
#### Ajout dans domoticz
Pour pouvoir l'utiliser, vous devez paramétrer la communication avec entre domoticz et le broker en suivant la [documentation de domoticz](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto) dans la partie *Add hardware "MQTT Client Gateway"*
Les users et mot de passe du broker sont automatiquement générés lors de l'installation. Vous pouvez les récupérer avec
````
sudo yunohost app setting domoticz mqtt_user
sudo yunohost app setting domoticz mqtt_pwd
````
#### Publier/souscrire
Par défaut, mosquitto va écouter sur 2 ports:
- Le 1883 sur localhost en protocole mqtt
- Le 8883 en protocole websocket. Nginx redirige le port 443 externe vers ce port en interne.
Pour publier/souscrire sur un topic depuis l'exterieur, vous devez donc utiliser un programme supportant le protocole websocket (ex : la bibliothèque python paho).:
#### Mosquitto_pub et mosquitto_sub
Ces deux programmes ne supportent pas le protocole websocket mais uniquement le mqtt : le paramétrage de base ne vous autorise donc pas à les utiliser pour communiquer depuis un client externe.
Si vous les utilisez directement depuis votre serveur, ce genre de syntaxe devrait marcher:
````
mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }'
````
De la même manière:c
````
mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out'
````
Si vous souhaitez ouvrir le protocole mqtt depuis l'extérieur afin de pouvoir les utiliser depuis un autre serveur, il vous faudra:
- ouvrir le port 1883 sur le firewall Yunohost (**Attention, risque de sécurité**)
- autoriser les adresses IP souhaitées dans la configuration de mosquitto pour ce listener
- paramétrer le tls dans la configuration de mosquitto en donnant accès au crt.pem et key.pem de votre domaine mqtt en les paramétrant respectivement avec les variables certfile et keyfile. **Ceci est obligatoire pour sécuriser la connexion.**
#### Mise à jour depuis les versions n'ayant pas mosquittoo
Si vous êtes sur le package ynh3 ou inférieur, mosquitto n'est pas installé par défaut.
De même si vous avez choisi de ne pas indiquer de domaine pour mosquitto lors de l'installation initiale.
Pour pouvoir l'installer après coup, faites les actions suivantes:
1. créez un domaine ou sous-domaine pour recevoir les informations (par exemple : 'mqtt.your.domain.tld')
2. connecter vous en ligne de commande à votre serveur
3. taper la commande suivante : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld`
4. Procédez à la mise à jour.
Si vous êtes déjà sur la dernière version, utiliser la commmande suivante : `yunohost app upgrade domoticz --force`
### Senseurs, langue et ce genre de choses
Toute la configuration de l'application a lieu dans l'application elle même
### Gestion du Zwave
Si vous utilisez des équipements zwave, installez mosquitto en plus de domoticz et essayez le [package zwave-JS-UI](https://github.com/YunoHost-Apps/zwave-js-ui_ynh).
Une fois installé, suivez simplement les indications du [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI)
### Accès et API
Par défaut, l'accès aux [API JSON](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) est autorisé sur cette URL `/votredomaine.tld/api_/chemindedomoticz`.
Donc, si vous accédez à domoticz par https://votredomaine.tld/domoticz, utilisez le chemin suivant pour l'api: `/votredomaine.tld/api_/domoticz/json.htm?votrecommandeapi`
Par défaut, seule la mise à jour de senseur et les interrupteurs sont autorisés. Pour autoriser une nouvelle commande, vous devez manuellement éditer le fichier de configuration nginx :
````
sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf
````
Puis éditer le bloc suivant en y ajoutant le regex de la commmande à autoriser :
````
#set the list of authorized json command here in regex format
#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
#By default, sensors updates and toggle switch are authorized
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
set $api "1";
}
````
Par exemple, pour ajouter la commmande json pour retrouver le statut d'un équipement (/json.htm?type=devices&rid=IDX),il faut modifier la ligne comme ceci:
````
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) {
set $api "1";
}
````
Toutes les adresses IPv4 du réseau local (192.168.0.0/24) et toutes les adresses IPv6 sont autorisées pour l'API.
A ma connaissance, il n'y a pas moyen d'effectuer un filtre pour les adresses IPv6 sur le réseau local, vous pouvez donc retirer leur autorisation en enlevant ou en commentant la ligne suivante dans `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`:
````
allow ::/1;
````
Ceci autorisera seulement les adresses IPv4 local a accéder aux API de domoticz.
Vous pouvez ajouter des adresses IPv6 de la même façon.

94
doc/DESCRIPTION.md
View file

@ -15,96 +15,4 @@ For example this system can be used with:
**Shipped version:** Always the last stable one. The last compiled version is retrieved from [this directory](https://releases.domoticz.com/releases/?dir=./release) during install.
Once installed, **updates from the uptream app are managed from within the app**. Yunohost upgrade script will only upgrade the Yunohost package.
The MQTT broker mosquitto is integrated into the package. It requires its own domain or subdomain. It's an optional setting: during install if you set the same domaine as your main app domain, it won't be installed.
## Configuration
### Broker Mosquitto
During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), is installed at the same time as Domoticz. The installed version is the one from the official project repo and not from Debian ones.
This broker requires a dedicated domain or subdomain to work (ex : mqtt.your.domain.tld) : creating this domain prior installation is a prerequisite
#### Adding in domoticz
To use mosquitto, you need to customize the communication between domoticz and the broker by following the [domoticz documentation](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto), part *Add hardware "MQTT Client Gateway"*.
User and password are automatically generated during installation, you may retrieve them with
````
sudo yunohost app setting domoticz mqtt_user
sudo yunohost app setting domoticz mqtt_pwd
````
#### Publish/Subscribe
By default, mosquitto will listen on 2 ports:
- 1883 on localhost using mqtt protocol
- 8883 using websocket protocol. Nginx redirect external port 443 to this internal port.
Hence, To publish/subscribe on a topic from the outside, you have to use a software supporting websocket protocol (ex : paho python library).
#### Mosquitto_pub et mosquitto_sub
These 2 tools do not support websocket protocol, only direct mqtt: base settings will not allow communication from an outside device.
If you're using them directly from your server, this kind of syntax should work:
````
mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }'
````
In the same way:
````
mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out'
````
If you wish to open direct mqtt protocol from an outside device, you'll need to:
- open port 1883 on Yunohost firewall (**Attention, security risk**)
- Allows IP addresses in mosquitto configuration for this listener
- Set the tls setting in mosquitto configuration by giving access to crt.pem and key.pem from your mqtt domain by setting respective certfile et keyfile variables. **This is mandatory to ensure a secure connection.**
#### Upgrade from version without mosquitto
If you have package ynh3 or below, mosquitto is not installed by default.
If you have chosen to not set a domain during initial installation also.
So, if you need to activate mosquitto in retrospect, do following actions:
1. Create a domain or a subdomain (for example : 'mqtt.your.domain.tld')
2. Connect to your server in command line
3. Type following command : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld`
4. Upgrade domoticz to last package.
If you're already on the last package version, use the following command : `yunohost app upgrade domoticz --force`
## Configuration
### Sensors, language and this kind of stuff
Main configuration of the app take place inside the app itself.
### Zwave management
If you're using zwave devices, install mosquitto along domoticz and give a try to [zwave-JS-UI package](https://github.com/YunoHost-Apps/zwave-js-ui_ynh).
Once installed, just follow instructions from the [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI)
### Access and API
By default, access for the [JSON API](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) is allowed on following path `/yourdomain.tld/api_/domoticzpath`.
So if you access domoticz via https://mydomainname.tld/domoticz, use the following webpath for the api : `/mydomainname.tld/api_/domoticz/json.htm?yourapicommand`
By default, only sensor updates and switch toogle are authorized. To authorized a new command, you have to manually update the nginx config file :
````
sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf
````
Then edit the following block by adding the regex of the command you want to allow:
````
#set the list of authorized json command here in regex format
#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
#By default, sensors updates and toggle switch are authorized
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
set $api "1";
}
````
For example, to add the json command to retrieve the status of a device (/json.htm?type=devices&rid=IDX),modify the line as this:
````
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) {
set $api "1";
}
````
All IPv4 addresses within the local network (192.168.0.0/24) and *all IPv6* addresses are authorized as API.
As far as I know, there is no way to filter for IPv6 address on local network : You may remove the authorization by removing or commenting this line in `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`:
````
allow ::/1;
````
This will authorized only IPv4 within local network to access your domoticz API.
You may add individual IPv6 address in the same way.
The MQTT broker mosquitto is integrated into the package. It requires its own domain or subdomain. It's an optional setting: during install if you set the same domaine as your main app domain, it won't be installed.

91
doc/DESCRIPTION_fr.md
View file

@ -16,94 +16,3 @@ Une fois installée, **les mises à jour de l'application sont gérées depuis l
Le broker MQTT mosquitto est intégré au package et nécessite un sous-domaine ou un domaine distinct. Il est optionnel et si vous indiquez lors de l'installation le même domaine que le domaine principal, il ne sera pas installé.
## Configuration
### Broker MQTT Mosquitto
A l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), est installé en même temps que Domoticz. La version installée est celle du dépot officiel du projet, et non des dépots Debian.
Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant.
#### Ajout dans domoticz
Pour pouvoir l'utiliser, vous devez paramétrer la communication avec entre domoticz et le broker en suivant la [documentation de domoticz](https://www.domoticz.com/wiki/MQTT#Installing_Mosquitto) dans la partie *Add hardware "MQTT Client Gateway"*
Les users et mot de passe du broker sont automatiquement générés lors de l'installation. Vous pouvez les récupérer avec
````
sudo yunohost app setting domoticz mqtt_user
sudo yunohost app setting domoticz mqtt_pwd
````
#### Publier/souscrire
Par défaut, mosquitto va écouter sur 2 ports:
- Le 1883 sur localhost en protocole mqtt
- Le 8883 en protocole websocket. Nginx redirige le port 443 externe vers ce port en interne.
Pour publier/souscrire sur un topic depuis l'exterieur, vous devez donc utiliser un programme supportant le protocole websocket (ex : la bibliothèque python paho).:
#### Mosquitto_pub et mosquitto_sub
Ces deux programmes ne supportent pas le protocole websocket mais uniquement le mqtt : le paramétrage de base ne vous autorise donc pas à les utiliser pour communiquer depuis un client externe.
Si vous les utilisez directement depuis votre serveur, ce genre de syntaxe devrait marcher:
````
mosquitto_pub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/in' -m '{ "idx" : 1, "nvalue" : 0, "svalue" : "25.0" }'
````
De la même manière:c
````
mosquitto_sub -u *user* -P *password* -h mqtt.your.domain.tld -p 1883 -t 'domoticz/out'
````
Si vous souhaitez ouvrir le protocole mqtt depuis l'extérieur afin de pouvoir les utiliser depuis un autre serveur, il vous faudra:
- ouvrir le port 1883 sur le firewall Yunohost (**Attention, risque de sécurité**)
- autoriser les adresses IP souhaitées dans la configuration de mosquitto pour ce listener
- paramétrer le tls dans la configuration de mosquitto en donnant accès au crt.pem et key.pem de votre domaine mqtt en les paramétrant respectivement avec les variables certfile et keyfile. **Ceci est obligatoire pour sécuriser la connexion.**
#### Mise à jour depuis les versions n'ayant pas mosquittoo
Si vous êtes sur le package ynh3 ou inférieur, mosquitto n'est pas installé par défaut.
De même si vous avez choisi de ne pas indiquer de domaine pour mosquitto lors de l'installation initiale.
Pour pouvoir l'installer après coup, faites les actions suivantes:
1. créez un domaine ou sous-domaine pour recevoir les informations (par exemple : 'mqtt.your.domain.tld')
2. connecter vous en ligne de commande à votre serveur
3. taper la commande suivante : `yunohost app setting domoticz mqtt_domain -v mqtt.your.domain.tld`
4. Procédez à la mise à jour.
Si vous êtes déjà sur la dernière version, utiliser la commmande suivante : `yunohost app upgrade domoticz --force`
### Senseurs, langue et ce genre de choses
Toute la configuration de l'application a lieu dans l'application elle même
### Gestion du Zwave
Si vous utilisez des équipements zwave, installez mosquitto en plus de domoticz et essayez le [package zwave-JS-UI](https://github.com/YunoHost-Apps/zwave-js-ui_ynh).
Une fois installé, suivez simplement les indications du [wiki](https://www.domoticz.com/wiki/Zwave-JS-UI)
### Accès et API
Par défaut, l'accès aux [API JSON](https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's) est autorisé sur cette URL `/votredomaine.tld/api_/chemindedomoticz`.
Donc, si vous accédez à domoticz par https://votredomaine.tld/domoticz, utilisez le chemin suivant pour l'api: `/votredomaine.tld/api_/domoticz/json.htm?votrecommandeapi`
Par défaut, seule la mise à jour de senseur et les interrupteurs sont autorisés. Pour autoriser une nouvelle commande, vous devez manuellement éditer le fichier de configuration nginx :
````
sudo nano /etc/nginx/conf.d/yourdomain.tld.d/api_domoticz.conf
````
Puis éditer le bloc suivant en y ajoutant le regex de la commmande à autoriser :
````
#set the list of authorized json command here in regex format
#you may retrieve the command from https://www.domoticz.com/wiki/Domoticz_API/JSON_URL's
#By default, sensors updates and toggle switch are authorized
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$) {
set $api "1";
}
````
Par exemple, pour ajouter la commmande json pour retrouver le statut d'un équipement (/json.htm?type=devices&rid=IDX),il faut modifier la ligne comme ceci:
````
if ( $args ~* type=command&param=udevice&idx=[0-9]*&nvalue=[0-9]*&svalue=.*$|type=command&param=switchlight&idx=[0-9]*&switchcmd=Toggle$|type=devices&rid=[0-9]* ) {
set $api "1";
}
````
Toutes les adresses IPv4 du réseau local (192.168.0.0/24) et toutes les adresses IPv6 sont autorisées pour l'API.
A ma connaissance, il n'y a pas moyen d'effectuer un filtre pour les adresses IPv6 sur le réseau local, vous pouvez donc retirer leur autorisation en enlevant ou en commentant la ligne suivante dans `/etc/nginx/conf.d/yourdomain.tld.d/domoticz.conf`:
````
allow ::/1;
````
Ceci autorisera seulement les adresses IPv4 local a accéder aux API de domoticz.
Vous pouvez ajouter des adresses IPv6 de la même façon.

1
doc/DISCLAIMER_fr.md → doc/POST_INSTALL_fr.md
View file

@ -1,4 +1,3 @@
## Limitations
* Pas de gestion d'utilisateurs ni d'intégration LDAP. L'application ne [prévoit pas de gérer les utilisateurs par LDAP](https://github.com/domoticz/domoticz/issues/838), donc le package non plus.

3
doc/DISCLAIMER.md → doc/POST_INTALL.md
View file

@ -1,4 +1,3 @@
## Limitations
* No user management nor LDAP integration This function is [not planned to be implemented into the app](https://github.com/domoticz/domoticz/issues/838), hence it's not planned into the package neither.
@ -12,4 +11,4 @@ Although you may activate a login page on the application (either from the *Setu
It seems advisable to not make the app publicly available outside of the yunohost sso (public = yes at install or setting the domoticz permission to 'visitors' in the admin panel). If for any reason you need to, I recommend the following:
- Activate the website protection/user management (with login page instead of Basic-auth)
- In *Setup/Settings/System/Local Networks (no username/password)* enter the address of the nginx proxy (should be "::1;127.0.0.1" in any standard Yunohost installation) so that the Fail2ban settings is active (see last lines of [this wiki](https://www.domoticz.com/wiki/WebServer_Proxy)
- In *Setup/Settings/System/Local Networks (no username/password)* enter the address of the nginx proxy (should be "::1;127.0.0.1" in any standard Yunohost installation) so that the Fail2ban settings is active (see last lines of [this wiki](https://www.domoticz.com/wiki/WebServer_Proxy)

5
doc/PRE_INSTALL.md Normal file
View file

@ -0,0 +1,5 @@
## Mosquitto Broker
During installation, a [MQTT](https://en.wikipedia.org/wiki/MQTT) broker, [Mosquitto](https://mosquitto.org/), may be installed at the same time as Domoticz. It's an optional setting: during install if you set the same domaine as your main app domain, it won't be installed.
The installed version is the one from the official project repo and not from Debian ones.
This broker requires a dedicated domain or subdomain to work (ex : mqtt.your.domain.tld) : creating this domain prior installation is a prerequisite

5
doc/PRE_INSTALL_fr.md Normal file
View file

@ -0,0 +1,5 @@
## Broker MQTT Mosquitto
A l'installation, un broker [MQTT](https://fr.wikipedia.org/wiki/MQTT), [Mosquitto](https://mosquitto.org/), peut être installé en même temps que Domoticz. Il est optionnel et si vous indiquez lors de l'installation le même domaine que le domaine principal, il ne sera pas installé.
La version installée est celle du dépot officiel du projet, et non des dépots Debian.
Ce broker nécessite un domaine ou un sous-domaine particulier pour fonctionner (ex : mqtt.your.domain.tld) : il est nécessaire de créer ce domaine auparavant.

68
manifest.json
View file

@ -1,68 +0,0 @@
{
"name": "Domoticz",
"id": "domoticz",
"packaging_format": 1,
"description": {
"en": "Home automation system that lets you monitor and configure miscellaneous devices",
"fr": "Logiciel de domotique qui vous permet de configurer un grand nombre d'appareils"
},
"version": "2020.2~ynh7",
"url": "https://www.domoticz.com",
"upstream": {
"license": "GPL-3.0-or-later",
"website": "https://domoticz.com/",
"admindoc": "https://www.domoticz.com/wiki/Main_Page",
"userdoc": "https://www.domoticz.com/DomoticzManual.pdf",
"code": "https://github.com/domoticz/domoticz",
"cpe": "cpe:2.3:a:domoticz:domoticz"
},
"license": "GPL-3.0-or-later",
"maintainer": {
"name": "Krakinou",
"email": "misterl56@hotmail.com"
},
"requirements": {
"yunohost": ">= 11.0.0"
},
"multi_instance": false,
"services": [
"nginx"
],
"arguments": {
"install": [
{
"name": "domain",
"type": "domain"
},
{
"name": "path",
"type": "path",
"example": "/domoticz",
"default": "/domoticz"
},
{
"name": "is_public",
"type": "boolean",
"default": false,
"help": {
"fr": "Attention, cette application n'a pas de gestion d'utilisateur par défaut, si vous la mettez public, n importe qui y aura accès!",
"en": "Beware, there is no user management by default. If it's set as public, anyone will have access!"
}
},
{
"name": "mqtt_domain",
"type": "domain",
"ask": {
"fr": "Domaine MQTT",
"en": "MQTT domain"
},
"example": "mqtt.your.domain.com",
"optional": true,
"help": {
"fr": "Domaine pour le serveur MQTT. Remettez le domaine principal si vous ne souhaitez pas l'utiliser. Lire la documentation pour plus d'informations",
"en": "MQTT server domain. Set the main domain if you don't wish to use it. See the doc for more info"
}
}
]
}
}

46
manifest.toml
View file

@ -5,7 +5,7 @@ name = "Domoticz"
description.en = "Home automation system that lets you monitor and configure miscellaneous devices"
description.fr = "Logiciel de domotique qui vous permet de configurer un grand nombre d'appareils"
version = "2020.2~ynh8"
version = "2023.1~ynh1"
maintainers = ["Krakinou"]
@ -15,34 +15,32 @@ website = "https://domoticz.com/"
admindoc = "https://www.domoticz.com/wiki/Main_Page"
userdoc = "https://www.domoticz.com/DomoticzManual.pdf"
code = "https://github.com/domoticz/domoticz"
cpe = "???" # FIXME: optional but recommended if relevant, this is meant to contain the Common Platform Enumeration, which is sort of a standard id for applications defined by the NIST. In particular, Yunohost may use this is in the future to easily track CVE (=security reports) related to apps. The CPE may be obtained by searching here: https://nvd.nist.gov/products/cpe/search. For example, for Nextcloud, the CPE is 'cpe:2.3:a:nextcloud:nextcloud' (no need to include the version number)
fund = "???" # FIXME: optional but recommended (or remove if irrelevant / not applicable). This is meant to be an URL where people can financially support this app, especially when its development is based on volunteers and/or financed by its community. YunoHost may later advertise it in the webadmin.
cpe = "cpe:2.3:a:domoticz:domoticz"
fund = "https://www.paypal.com/donate?token=rF_gUybGmQGia_jzLfu3vkeXRqYLRV-v-BxCTylrTsEN4mB-nDdSVQhg3a-I9LkiqORq70Gtxbo6rq3r&locale.x=US"
[integration]
yunohost = ">= 11.0.0"
architectures = "all" # FIXME: can be replaced by a list of supported archs using the dpkg --print-architecture nomenclature (amd64/i386/armhf/arm64), for example: ["amd64", "i386"]
yunohost = ">= 11.1.11"
architectures = "all"
multi_instance = false
ldap = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "sso" key : the "ldap" key corresponds to wether or not a user *can* login on the app using its YunoHost credentials.
sso = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "ldap" key : the "sso" key corresponds to wether or not a user is *automatically logged-in* on the app when logged-in on the YunoHost portal.
disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ...
ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ...
ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ...
ldap = false
sso = false
disk = "100M"
ram.build = "50M"
ram.runtime = "50M"
[install]
[install.domain]
# this is a generic question - ask strings are automatically handled by Yunohost's core
type = "domain"
[install.path]
# this is a generic question - ask strings are automatically handled by Yunohost's core
type = "path"
default = "/domoticz"
[install.init_main_permission]
help.fr = "Attention, cette application n'a pas de gestion d'utilisateur par défaut, si vous la mettez public, n importe qui y aura accès!"
help.fr = "Attention, cette application n'a pas de gestion d'utilisateur par défaut, si vous la mettez public, n'importe qui y aura accès!"
help.en = "Beware, there is no user management by default. If it's set as public, anyone will have access!"
type = "group"
default = false
default = "all_users"
[install.mqtt_domain]
ask.fr = "Domaine MQTT"
@ -56,17 +54,25 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen
[resources.system_user]
[resources.install_dir]
dir = /opt/yunohost/__APP__
[resources.permissions]
main.url = "/"
api.url = "/_api/__APP_"
api.show_title = false
[resources.ports]
main.default = 8080
#to be checked if it can become conditionnal
#mqtt.default = 1883
#mqtt_websocket.default = 8883
[resources.apt]
packages = "libudev-dev, python3-dev, mosquitto, mosquitto-clients, $pkg_dependencies, $add_dep"
packages = "libudev-dev, python3-dev, libcurl4, libusb-0.1-4"
[[resources.apt.extras]]
repo = "deb https://repo.mosquitto.org/debian buster main"
key = "http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key"
packages = "#FIXME#$extra_pkg_dependencies
#[[resources.apt.extras]]
#repo = "deb https://repo.mosquitto.org/debian buster main"
#key = "http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key"
#packages = "#FIXME#$extra_pkg_dependencies

16
scripts/_common.sh
View file

@ -4,26 +4,12 @@
# COMMON VARIABLES
#=================================================
# dependencies used by the app
#python3-dev required as per https://www.domoticz.com/forum/viewtopic.php?f=65&t=16116&p=119747
#mosquitto and mosquitto-clients are required for mqtt
#other dependencies are from standard install script... seems quite useles...
#REMOVEME? pkg_dependencies="libudev-dev python3-dev"
#REMOVEME? extra_pkg_dependencies="mosquitto mosquitto-clients"
extra_pkg_dependencies="mosquitto mosquitto-clients"
default_mqtt_port=1883
default_mqtt_websocket_port=8883
#ALL FOLLOWING LINE FROM THE upstream bash installation script
DEBIAN_ID=$(grep -oP '(?<=^ID=).+' /etc/*-release | tr -d '"')
DEBIAN_VERSION=$(grep -oP '(?<=^VERSION_ID=).+' /etc/*-release | tr -d '"')
if test ${DEBIAN_VERSION} -lt 10
then
add_dep="libcurl3"
else
add_dep="libcurl4 libusb-0.1-4"
fi;
#REMOVEME? pkg_dependencies="$pkg_dependencies $add_dep"
lowercase(){
echo "$1" | sed "y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/"

22
scripts/backup
View file

@ -10,27 +10,6 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
#REMOVEME? ynh_clean_setup () {
ynh_clean_check_starting
#}
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
#REMOVEME? ynh_print_info --message="Loading installation settings..."
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain)
#REMOVEME? mqtt_domain=$(ynh_app_setting_get --app=$app --key=mqtt_domain)
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
@ -75,7 +54,6 @@ ynh_backup --src_path="/etc/systemd/system/$app.service"
# BACKUP VARIOUS FILES
#=================================================
ynh_backup --src_path="/etc/sudoers.d/$app"
[[ ! -z "$mqtt_domain" ]] && ynh_backup --src_path="/etc/mosquitto/conf.d" --not_mandatory
ynh_backup --src_path="/usr/share/yunohost/hooks/conf_regen/95-nginx_domoticz"

95
scripts/install
View file

@ -9,47 +9,16 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
#REMOVEME? ynh_clean_setup () {
ynh_clean_check_starting
#}
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
#REMOVEME? domain="$YNH_APP_ARG_DOMAIN"
#REMOVEME? path="$YNH_APP_ARG_PATH"
#REMOVEME? is_public="$YNH_APP_ARG_IS_PUBLIC"
#REMOVEME? mqtt_domain="$YNH_APP_ARG_MQTT_DOMAIN"
#REMOVEME? app="$YNH_APP_INSTANCE_NAME"
#Set dedicated variables
if [ "$path" == "/" ]; then
api_path=/api_/"$app"
else
api_path=/api_"$path"
fi
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
#REMOVEME? ynh_script_progression --message="Validating installation parameters..."
#REMOVEME? install_dir=/opt/yunohost/"$app"
#REMOVEME? test ! -e "$install_dir" || ynh_die --message="This path already contains a folder"
# Register (book) web path
#REMOVEME? ynh_webpath_register --app="$app" --domain="$domain" --path="$path"
#impossible de booker plusieurs webpath
#if [ ! -z $mqtt_domain ]; then
#REMOVEME? # ynh_webpath_register --app=mqtt_$app --domain=$mqtt_domain --path="/"
#fi
if [ "$domain" == "$mqtt_domain" ]; then
mqtt_domain=""
@ -58,18 +27,15 @@ fi
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
#REMOVEME? ynh_script_progression --message="Storing installation settings..."
#REMOVEME? ynh_app_setting_set --app="$app" --key=domain --value="$domain"
#REMOVEME? ynh_app_setting_set --app="$app" --key=path --value="$path"
ynh_script_progression --message="Storing installation settings..."
#Will be used in restore script to check that we're restoring on the same OS/Board type
ynh_app_setting_set --app="$app" --key=OS --value="$os"
ynh_app_setting_set --app="$app" --key=mach --value="$mach"
#path used by api & mqtt to read/update domoticz
#REMOVEME? ynh_app_setting_set --app="$app" --key=api_path --value="$api_path"
#REMOVEME? [[ ! -z "$mqtt_domain" ]] && ynh_app_setting_set --app="$app" --key=mqtt_domain --value="$mqtt_domain"
ynh_app_setting_set --app="$app" --key=api_path --value="$api_path"
[[ ! -z "$mqtt_domain" ]] && ynh_app_setting_set --app="$app" --key=mqtt_domain --value="$mqtt_domain"
#=================================================
@ -77,35 +43,19 @@ ynh_app_setting_set --app="$app" --key=mach --value="$mach"
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding available port..."
# Find an available port
#REMOVEME? port=$(ynh_find_port --port=8080)
#REMOVEME? ynh_app_setting_set --app="$app" --key=port --value="$port"
if [ ! -z "$mqtt_domain" ]; then
ynh_script_progression --message="Finding available ports for Mosquitto..."
#REMOVEME? mqtt_port=$(ynh_find_port --port="$default_mqtt_port")
#REMOVEME? ynh_app_setting_set --app="$app" --key=mqtt_port --value="$mqtt_port"
mqtt_port=$(ynh_find_port --port="$default_mqtt_port")
ynh_app_setting_set --app="$app" --key=mqtt_port --value="$mqtt_port"
#REMOVEME? mqtt_websocket_port=$(ynh_find_port --port="$default_mqtt_websocket_port")
#REMOVEME? ynh_app_setting_set --app="$app" --key=mqtt_websocket_port --value="$mqtt_websocket_port"
mqtt_websocket_port=$(ynh_find_port --port="$default_mqtt_websocket_port")
ynh_app_setting_set --app="$app" --key=mqtt_websocket_port --value="$mqtt_websocket_port"
fi
#=================================================
# INSTALL DEPENDENCIES
#=================================================
#REMOVEME? ynh_script_progression --message="Installing dependencies..." --weight=15
#REMOVEME? ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# CREATE DEDICATED USER
#=================================================
#REMOVEME? ynh_script_progression --message="Configuring system user..."
# Create a system user
#REMOVEME? ynh_system_user_create --username="$app" --home_dir="$install_dir"
ynh_script_progression --message="Configuring system user..."
#allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus
if grep dialout -q < /etc/group; then
@ -118,16 +68,11 @@ if grep gpio -q < /etc/group; then
usermod -a -G gpio "$app"
fi
#allow app user to restart service on startup
ynh_add_config --template="../conf/sudoer" --destination="/etc/sudoers.d/$app"
chmod 440 /etc/sudoers.d/"$app"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=5
#REMOVEME? ynh_app_setting_set --app="$app" --key=install_dir --value="$install_dir"
# Download, check integrity, uncompress and patch the source from app.src
# Create an app.src for the correct version of domoticz
# match string are fulfilled in _common.sh via the upstream bash installation script
@ -154,7 +99,7 @@ if [ ! -z "$mqtt_domain" ]; then
ynh_script_progression --message="Setting up mosquitto..." --weight=5
#Installing packages
#REMOVEME? ynh_install_extra_app_dependencies --repo="deb https://repo.mosquitto.org/debian buster main" --package="$extra_pkg_dependencies" --key="http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key"
ynh_install_extra_app_dependencies --repo="deb https://repo.mosquitto.org/debian buster main" --package="$extra_pkg_dependencies" --key="http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key"
#Setting up conf file for access
ynh_add_config --template="../conf/domoticz_mosquitto.conf" --destination="/etc/mosquitto/conf.d/"$app"_mosquitto.conf"
@ -163,7 +108,7 @@ if [ ! -z "$mqtt_domain" ]; then
#Setting up user&pwd for mqtt access
ynh_app_setting_set --app="$app" --key=mqtt_user --value=$(ynh_string_random --length=8)
ynh_app_setting_set --app="$app" --key=mqtt_pwd --value=$(ynh_string_random)
#REMOVEME? echo $(ynh_app_setting_get --app="$app" --key=mqtt_user):$(ynh_app_setting_get --app="$app" --key=mqtt_pwd) > "/etc/mosquitto/conf.d/"$app"_credentials"
echo $(ynh_app_setting_get --app="$app" --key=mqtt_user):$(ynh_app_setting_get --app="$app" --key=mqtt_pwd) > "/etc/mosquitto/conf.d/"$app"_credentials"
mosquitto_passwd -U "/etc/mosquitto/conf.d/"$app"_credentials"
ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app"
@ -179,7 +124,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=2
#Set Hook for nginx domain
cp -R ../sources/hooks/conf_regen/95-nginx_domoticz /usr/share/yunohost/hooks/conf_regen/
yunohost tools regen-conf nginx
# Create a dedicated NGINX config
ynh_add_config --template="api_nginx.conf" --destination="/etc/nginx/conf.d/"$domain".d/api_"$app".conf"
@ -242,6 +186,7 @@ if [ ! -f "$log_file" ]; then
chown $app: "$log_file"
fi
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from <HOST>.*$" --max_retry=5
ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation"
@ -251,26 +196,12 @@ ynh_print_info --message="If you wish for Fail2ban to work, set up your local ad
#=================================================
#REMOVEME? ynh_script_progression --message="Configuring permissions..."
# Make app public if necessary
#REMOVEME? if [ "$is_public" -eq 1 ]
then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
#REMOVEME? ynh_permission_update --permission="main" --add="visitors"
fi
#API & MQTT should stay publicly accessible.
#REMOVEME? ynh_permission_create --permission="domoticz_API" --label="api" --url="$domain$api_path" --allowed="visitors" --show_tile="false" --protected="true"
#REMOVEME? [[ ! -z "$mqtt_domain" ]] && ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true"
ynh_permission_create --permission="domoticz_API" --label="api" --url="$domain$api_path" --allowed="visitors" --show_tile="false" --protected="true"
[[ ! -z "$mqtt_domain" ]] && ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true"
#=================================================
# RELOAD NGINX
#=================================================
#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..."
#REMOVEME? ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================

108
scripts/remove
View file

@ -9,123 +9,43 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
#REMOVEME? ynh_script_progression --message="Loading installation settings..."
#REMOVEME? app="$YNH_APP_INSTANCE_NAME"
#REMOVEME? domain=$(ynh_app_setting_get --app="$app" --key=domain)
#REMOVEME? port=$(ynh_app_setting_get --app="$app" --key=port)
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app="$app" --key=install_dir)
#REMOVEME? mqtt_domain=$(ynh_app_setting_get --app="$app" --key=mqtt_domain)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
#=================================================
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if [ ! -z "$mqtt_domain" ]; then
ynh_script_progression --message="Removing system configurations related to Mosquitto..." --weight=1
yunohost service remove mosquitto
ynh_secure_remove --file="/etc/mosquitto/conf.d"
ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/95-nginx_domoticz"
ynh_secure_remove --file="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf"
yunohost tools regen-conf postfix
ynh_secure_remove --file="/var/log/mosquitto"
#not required as handled by the core?
#ynh_remove_app_dependencies
fi
ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
if ynh_exec_warn_less yunohost service status "$app" >/dev/null
then
ynh_script_progression --message="Removing $app service integration..."
yunohost service remove "$app"
[[ ! -z "$mqtt_domain" ]] && yunohost service remove mosquitto
fi
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
ynh_script_progression --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config
ynh_remove_systemd_config
#=================================================
# CLOSE A PORT
#=================================================
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $port..." --weight=1
ynh_exec_warn_less yunohost firewall disallow TCP "$port"
fi
#=================================================
# REMOVE DEPENDENCIES
#=================================================
#REMOVEME? ynh_script_progression --message="Removing dependencies..." --weight=3
# Remove metapackage and its dependencies
[[ ! -z "$mqtt_domain" ]] && ynh_secure_remove --file="/etc/mosquitto/conf.d"
#REMOVEME? ynh_remove_app_dependencies
#=================================================
# REMOVE APP MAIN DIR
#=================================================
#REMOVEME? ynh_script_progression --message="Removing app main directory..." --weight=3
# Remove the app directory securely
#REMOVEME? ynh_secure_remove --file="$install_dir"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..."
#remove hook for mqtt nginx
ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/95-nginx_domoticz"
yunohost tools regen-conf postfix
# Remove the dedicated NGINX config
[[ ! -z "$mqtt_domain" ]] && ynh_secure_remove --file="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf"
ynh_secure_remove --file="/etc/nginx/conf.d/"$domain".d/api_"$app".conf"
ynh_remove_nginx_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..."
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=8
# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config
#=================================================
# SPECIFIC REMOVE
#=================================================
# REMOVE VARIOUS FILES
#=================================================
ynh_script_progression --message="Removing various files..."
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
[[ ! -z "$mqtt_domain" ]] && ynh_secure_remove --file="/var/log/mosquitto"
#Delete the sudoer file
ynh_secure_remove --file="/etc/sudoers.d/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
#REMOVEME? ynh_script_progression --message="Removing the dedicated system user..."
# Delete a system user
#REMOVEME? ynh_system_user_delete --username="$app"
#=================================================
# END OF SCRIPT

53
scripts/restore
View file

@ -10,36 +10,15 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
#REMOVEME? ynh_clean_setup () {
ynh_clean_check_starting
#}
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
#REMOVEME? ynh_script_progression --message="Loading installation settings..."
#REMOVEME? app="$YNH_APP_INSTANCE_NAME"
#REMOVEME? domain=$(ynh_app_setting_get --app="$app" --key=domain)
#REMOVEME? path=$(ynh_app_setting_get --app="$app" --key=path)
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app="$app" --key=install_dir)
#REMOVEME? backup_OS=$(ynh_app_setting_get --app="$app" --key=OS)
#REMOVEME? backup_mach=$(ynh_app_setting_get --app="$app" --key=mach)
#REMOVEME? mqtt_domain=$(ynh_app_setting_get --app="$app" --key=mqtt_domain)
#Have to reload them as otherwise they are all the same
backup_OS=$(ynh_app_setting_get --app="$app" --key=OS)
backup_mach=$(ynh_app_setting_get --app="$app" --key=mach)
os=`lowercase \`uname -s\``
mach=`uname -m`
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
#REMOVEME? ynh_script_progression --message="Validating restoration parameters..."
#REMOVEME? test ! -d "$install_dir" \
|| ynh_die --message="There is already a directory: $install_dir "
#As we are downloading compiled binaries for each system, we have to check if the restore occurs
#on the same system type. If we are restoring on another system type it won't work and in that
#case we must go through a reinstall process.
@ -62,11 +41,6 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$mqtt_domain.d/mqtt_$app.conf"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
#REMOVEME? ynh_script_progression --message="Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
#REMOVEME? ynh_system_user_create --username="$app" --home_dir="$install_dir"
#allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus
if grep dialout -q < /etc/group; then
usermod -a -G dialout "$app"
@ -78,9 +52,6 @@ if grep gpio -q < /etc/group; then
usermod -a -G gpio "$app"
fi
#Restore user authorization to restart server
ynh_restore_file --origin_path="/etc/sudoers.d/$app"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
@ -92,16 +63,6 @@ chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R "$app":"$app" "$install_dir"
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
#REMOVEME? ynh_script_progression --message="Reinstalling dependencies..." --weight=5
# Define and install dependencies
#REMOVEME? ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# SET MOSQUITTO SETTINGS
#=================================================
@ -109,7 +70,7 @@ if [ ! -z "$mqtt_domain" ]; then
ynh_script_progression --message="Reinstalling up mosquitto..." --weight=5
#Installing packages
#REMOVEME? ynh_install_extra_app_dependencies --repo="deb https://repo.mosquitto.org/debian buster main" --package="$extra_pkg_dependencies" --key="http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key"
ynh_install_extra_app_dependencies --repo="deb https://repo.mosquitto.org/debian buster main" --package="$extra_pkg_dependencies" --key="http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key"
#reinstalling settings
ynh_restore_file --origin_path="/etc/mosquitto/conf.d" --not_mandatory
fi
@ -157,7 +118,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app"
ynh_script_progression --message="Restoring various files..."
ynh_restore_file --origin_path="/usr/share/yunohost/hooks/conf_regen/95-nginx_domoticz"
yunohost tools regen-conf postfix
#yunohost tools regen-conf postfix
#=================================================
# RESTORE THE FAIL2BAN CONFIGURATION

99
scripts/upgrade
View file

@ -13,23 +13,8 @@ version_gt() {
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
#REMOVEME? ynh_script_progression --message="Loading installation settings..."
#REMOVEME? app="$YNH_APP_INSTANCE_NAME"
#REMOVEME? domain=$(ynh_app_setting_get --app="$app" --key=domain)
#REMOVEME? path=$(ynh_app_setting_get --app="$app" --key=path)
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app="$app" --key=install_dir)
#REMOVEME? port=$(ynh_app_setting_get --app="$app" --key=port)
#REMOVEME? current_OS=$(ynh_app_setting_get --app="$app" --key=OS)
#REMOVEME? current_mach=$(ynh_app_setting_get --app="$app" --key=mach)
#REMOVEME? api_path=$(ynh_app_setting_get --app="$app" --key=api_path)
#REMOVEME? mqtt_domain=$(ynh_app_setting_get --app="$app" --key=mqtt_domain)
#REMOVEME? mqtt_port=$(ynh_app_setting_get --app="$app" --key=mqtt_port)
#REMOVEME? mqtt_websocket_port=$(ynh_app_setting_get --app="$app" --key=mqtt_websocket_port)
#=================================================
# CHECK VERSION
@ -38,35 +23,6 @@ ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
#REMOVEME? ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
# Ugly hack so that previous version backup script from "https://github.com/anubister/domoticz_ynh" works :
# It creates a dummy file in /etc/cron.d so that the backup do not fail.
current_upstream_version=$(ynh_app_upstream_version --manifest="/etc/yunohost/apps/$app/manifest.json")
current_package_version=$(ynh_app_package_version --manifest="/etc/yunohost/apps/$app/manifest.json")
if version_gt "4.9701" "$current_upstream_version" && version_gt "2" "$current_package_version" ; then
touch /etc/cron.d/"$app"
fi
# Backup the current version of the app
#REMOVEME? ynh_backup_before_upgrade
#REMOVEME? ynh_clean_setup () {
ynh_clean_check_starting
# Restore it if the upgrade fails
#REMOVEME? ynh_restore_upgradebackup
#}
#remove ugly hack
if [ -f /etc/cron.d/"$app" ]; then
rm /etc/cron.d/"$app"
fi
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
@ -89,10 +45,9 @@ if [ -z "$current_mach" ]; then
ynh_app_setting_set --app="$app" --key=mach --value="$MACH"
fi
# If install_dir doesn't exist, create it
if [ -z "$install_dir" ]; then
#REMOVEME? install_dir=/var/www/"$app"
#REMOVEME? ynh_app_setting_set --app="$app" --key=install_dir --value="$install_dir"
#sudoer file for restarting is not required anymore (from 2023.1~ynh1) as upgrade is managed by the Yunohost Package
if [ -f /etc/sudoers.d/domoticz ]; then
rm /etc/sudoers.d/domoticz
fi
#Create a dedicated path for the api access
@ -102,7 +57,7 @@ if [ -z "$api_path" ]; then
else
api_path=/api_"$path"
fi
#REMOVEME? ynh_app_setting_set --app="$app" --key=api_path --value="$api_path"
ynh_app_setting_set --app="$app" --key=api_path --value="$api_path"
fi
#Create a dedicated path for the mqtt access
@ -112,39 +67,29 @@ fi
#Port to listen for MQTT internal
if [[ -z "$mqtt_port" && ! -z "$mqtt_domain" ]]; then
#REMOVEME? mqtt_port=$(ynh_find_port --port="$default_mqtt_port")
#REMOVEME? ynh_app_setting_set --app="$app" --key=mqtt_port --value="$mqtt_port"
mqtt_port=$(ynh_find_port --port="$default_mqtt_port")
ynh_app_setting_set --app="$app" --key=mqtt_port --value="$mqtt_port"
fi
#Port to listen for MQTT websocket
if [[ -z "$mqtt_websocket_port" && ! -z "$mqtt_domain" ]]; then
#REMOVEME? mqtt_websocket_port=$(ynh_find_port --port="$default_mqtt_websocket_port")
#REMOVEME? ynh_app_setting_set --app="$app" --key=mqtt_websocket_port --value="$mqtt_websocket_port"
fi
# Cleaning legacy permissions
#REMOVEME? if ynh_legacy_permissions_exists; then
#REMOVEME? ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app="$app" --key=is_public
mqtt_websocket_port=$(ynh_find_port --port="$default_mqtt_websocket_port")
ynh_app_setting_set --app="$app" --key=mqtt_websocket_port --value="$mqtt_websocket_port"
fi
# Create the permission "domoticz_API" only if it doesn't exist.
#REMOVEME? if ! ynh_permission_exists --permission="domoticz_API"
if ! ynh_permission_exists --permission="domoticz_API"
then
# API Authorization with dedicated URL
#REMOVEME? ynh_permission_create --permission="domoticz_API" --label="api" --url="$domain$api_path" --allowed="visitors" --show_tile="false" --protected="true"
ynh_permission_create --permission="domoticz_API" --label="api" --url="$domain$api_path" --allowed="visitors" --show_tile="false" --protected="true"
fi
# Create the permission "domoticz_MQTT" only if it doesn't exist.
if [ ! -z "$mqtt_domain" ]; then
#REMOVEME? if ! ynh_permission_exists --permission="domoticz_MQTT"
if ! ynh_permission_exists --permission="domoticz_MQTT"
then
# API Authorization with dedicated URL
#REMOVEME? ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true"
ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true"
fi
fi
@ -158,9 +103,6 @@ fi
#=================================================
#REMOVEME? ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
#REMOVEME? ynh_system_user_create --username="$app" --home_dir="$install_dir"
#allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus
if grep dialout -q < /etc/group; then
usermod -a -G dialout "$app"
@ -172,10 +114,6 @@ if grep gpio -q < /etc/group; then
usermod -a -G gpio "$app"
fi
#allow app user to restart service on startup
ynh_add_config --template="../conf/sudoer" --destination="/etc/sudoers.d/$app"
chmod 440 /etc/sudoers.d/"$app"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -205,7 +143,7 @@ if [ ! -z "$mqtt_domain" ]; then
ynh_script_progression --message="Setting up mosquitto..." --weight=5
#Installing packages
#REMOVEME? ynh_install_extra_app_dependencies --repo="deb https://repo.mosquitto.org/debian buster main" --package="$extra_pkg_dependencies" --key="http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key"
ynh_install_extra_app_dependencies --repo="deb https://repo.mosquitto.org/debian buster main" --package="$extra_pkg_dependencies" --key="http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key"
#Setting up conf file for access
if [ ! -f "/etc/mosquitto/conf.d/"$app"_mosquitto.conf" ]
@ -216,7 +154,7 @@ if [ ! -z "$mqtt_domain" ]; then
#Setting up user&pwd for mqtt access
ynh_app_setting_set --app="$app" --key=mqtt_user --value=$(ynh_string_random --length=8)
ynh_app_setting_set --app="$app" --key=mqtt_pwd --value=$(ynh_string_random)
#REMOVEME? echo $(ynh_app_setting_get --app="$app" --key=mqtt_user):$(ynh_app_setting_get --app="$app" --key=mqtt_pwd) > "/etc/mosquitto/conf.d/"$app"_credentials"
echo $(ynh_app_setting_get --app="$app" --key=mqtt_user):$(ynh_app_setting_get --app="$app" --key=mqtt_pwd) > "/etc/mosquitto/conf.d/"$app"_credentials"
mosquitto_passwd -U "/etc/mosquitto/conf.d/"$app"_credentials"
ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app"
@ -232,7 +170,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..."
#Set Hook for nginx domain
cp -R ../sources/hooks/conf_regen/95-nginx_domoticz /usr/share/yunohost/hooks/conf_regen/
yunohost tools regen-conf nginx
# Create a dedicated NGINX config
if [[ ! -f "/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ]]
@ -243,13 +180,6 @@ then
fi
ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
#REMOVEME? ynh_script_progression --message="Upgrading dependencies..." --weight=5
#REMOVEME? ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# SPECIFIC UPGRADE
#=================================================
@ -289,6 +219,7 @@ fi
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from <HOST>.*$" --max_retry=5
ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation"
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================

32
sources/patches/app-index.html.patch Normal file
View file

@ -0,0 +1,32 @@
--- a/www/index.html 2023-02-26 22:22:14.971932399 +0100
+++ b/www/index.html 2023-02-26 22:27:12.926431427 +0100
@@ -170,14 +170,15 @@
}
function ShowUpdateNotification(Revision, SystemName, DownloadURL) {
- var msgtxt=$.t('A new version of Domoticz is Available!...');
+ <!--var msgtxt=$.t('A new version of Domoticz is Available!...');-->
+ var msgtxt=$.t('A new version of Domoticz is Available, please wait for the Yunohost Package!...');
msgtxt+='<br>' + $.t('Version') + ': <b>' + Revision + '</b>, ' + $.t('Latest Changes') + ': <b><a class="norm-link" onclick="ShowLatestHistory();">' + $.t('Click Here') + '</a></b>';
- if (SystemName=="windows") {
+ <!--if (SystemName=="windows") {
msgtxt+='<br><center><a class="btn btn-danger" onclick="WindowsDownloadURL(\'' + DownloadURL + '\')">' + $.t('Update Now') + '</a></center>';
}
else {
msgtxt+='<br><center><a class="btn btn-danger" onclick="SwitchLayout(\'Update\');">' + $.t('Update Now') + '</a></center>';
- }
+ }-->
generate_noty('success', msgtxt, false);
}
@@ -1330,8 +1331,8 @@
<li ng-class="{'current_page_item':getClass('/Devices')}" id="mDevices"><a id="cDevices" href="#Devices"><img src="images/devices.png"> <span data-i18n="Devices">Devices</span></a></li>
<li ng-class="{'current_page_item':getClass('/Setup')}" id="mSetup"><a id="cSetup" href="#Setup"><img src="images/setup.png"> <span data-i18n="Settings">Settings</span></a></li>
<li id="dUpdate" class="divider"></li>
- <li ng-show="config.HaveUpdate && config.UseUpdate"><a href="#Update"><img src="images/update.png"> <span data-i18n="Update Domoticz">Update Domoticz</span></a></li>
- <li ng-show="!config.HaveUpdate && config.UseUpdate"><a class="lcursor" onclick="javascript:CheckForUpdate(true)"><img src="images/update.png"> <span data-i18n="Check for Update">Check for Update</span></a></li>
+<!-- <li ng-show="config.HaveUpdate && config.UseUpdate"><a href="#Update"><img src="images/update.png"> <span data-i18n="Update Domoticz">Update Domoticz</span></a></li>
+ <li ng-show="!config.HaveUpdate && config.UseUpdate"><a class="lcursor" onclick="javascript:CheckForUpdate(true)"><img src="images/update.png"> <span data-i18n="Check for Update">Check for Update</span></a></li>-->
<li class="dropdown-submenu">
<a id="cMoreOptions" tabindex="-1" data-i18n="More options">More options</a>
<ul class="dropdown-menu pull-left">

38
tests.toml Normal file
View file

@ -0,0 +1,38 @@
test_format = 1.0
[default]
args.mqtt_domain="sub.domain.tld"
test_upgrade_from.27311ad.name = "2022.2"
[With_Mosquitto_upgrade_with_mosquitto]
preinstall = """
set -euxo pipefail
yunohost domain add mqtt.domain.tld
"""
preupgrade = """
set -euxo pipefail
yunohost app setting domoticz mqtt_domain -v mqtt.domain.tld
"""
args.mqtt_domain="mqtt.domain.tld"
test_upgrade_from.27311ad.name = "2022.2 with mosquitto"
test_upgrade_from.27311ad.args.mqtt_domain="mqtt.domain.tld"
[With_Mosquitto_upgrade_without_mosquitto]
preinstall = """
set -euxo pipefail
yunohost domain add mqtt.domain.tld
"""
preupgrade = """
set -euxo pipefail
yunohost app setting domoticz mqtt_domain -v mqtt.domain.tld
"""
exclude = ["install.private", "install.multi", "backup", "change_url"]
test_upgrade_from.27311ad.name = "2022.2 without mosquitto"
test_upgrade_from.27311ad.args.mqtt_domain="sub.domain.tld"