#!/bin/bash version_gt() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1"; } #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= #REMOVEME? ynh_script_progression --message="Loading installation settings..." #REMOVEME? app="$YNH_APP_INSTANCE_NAME" #REMOVEME? domain=$(ynh_app_setting_get --app="$app" --key=domain) #REMOVEME? path=$(ynh_app_setting_get --app="$app" --key=path) #REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app="$app" --key=install_dir) #REMOVEME? port=$(ynh_app_setting_get --app="$app" --key=port) #REMOVEME? current_OS=$(ynh_app_setting_get --app="$app" --key=OS) #REMOVEME? current_mach=$(ynh_app_setting_get --app="$app" --key=mach) #REMOVEME? api_path=$(ynh_app_setting_get --app="$app" --key=api_path) #REMOVEME? mqtt_domain=$(ynh_app_setting_get --app="$app" --key=mqtt_domain) #REMOVEME? mqtt_port=$(ynh_app_setting_get --app="$app" --key=mqtt_port) #REMOVEME? mqtt_websocket_port=$(ynh_app_setting_get --app="$app" --key=mqtt_websocket_port) #================================================= # CHECK VERSION #================================================= ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= #REMOVEME? ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." # Ugly hack so that previous version backup script from "https://github.com/anubister/domoticz_ynh" works : # It creates a dummy file in /etc/cron.d so that the backup do not fail. current_upstream_version=$(ynh_app_upstream_version --manifest="/etc/yunohost/apps/$app/manifest.json") current_package_version=$(ynh_app_package_version --manifest="/etc/yunohost/apps/$app/manifest.json") if version_gt "4.9701" "$current_upstream_version" && version_gt "2" "$current_package_version" ; then touch /etc/cron.d/"$app" fi # Backup the current version of the app #REMOVEME? ynh_backup_before_upgrade #REMOVEME? ynh_clean_setup () { ynh_clean_check_starting # Restore it if the upgrade fails #REMOVEME? ynh_restore_upgradebackup #} #remove ugly hack if [ -f /etc/cron.d/"$app" ]; then rm /etc/cron.d/"$app" fi # Exit if an error occurs during the execution of the script #REMOVEME? ynh_abort_if_errors #================================================= # STANDARD UPGRADE STEPS #================================================= # STOP SYSTEMD SERVICE #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=2 ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$app/$app.log" #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." #Store OS and machine (to be used in restore script) if [ -z "$current_OS" ]; then ynh_app_setting_set --app="$app" --key=OS --value="$OS" fi if [ -z "$current_mach" ]; then ynh_app_setting_set --app="$app" --key=mach --value="$MACH" fi # If install_dir doesn't exist, create it if [ -z "$install_dir" ]; then #REMOVEME? install_dir=/var/www/"$app" #REMOVEME? ynh_app_setting_set --app="$app" --key=install_dir --value="$install_dir" fi #Create a dedicated path for the api access if [ -z "$api_path" ]; then if [ "$path" == "/" ]; then api_path=/api_/"$app" else api_path=/api_"$path" fi #REMOVEME? ynh_app_setting_set --app="$app" --key=api_path --value="$api_path" fi #Create a dedicated path for the mqtt access if [ -z "$mqtt_domain" ]; then ynh_print_info --message="Mosquitto, a mqtt server, can now be installed during upgrade, pleaser refer to package documentation to activate it" fi #Port to listen for MQTT internal if [[ -z "$mqtt_port" && ! -z "$mqtt_domain" ]]; then #REMOVEME? mqtt_port=$(ynh_find_port --port="$default_mqtt_port") #REMOVEME? ynh_app_setting_set --app="$app" --key=mqtt_port --value="$mqtt_port" fi #Port to listen for MQTT websocket if [[ -z "$mqtt_websocket_port" && ! -z "$mqtt_domain" ]]; then #REMOVEME? mqtt_websocket_port=$(ynh_find_port --port="$default_mqtt_websocket_port") #REMOVEME? ynh_app_setting_set --app="$app" --key=mqtt_websocket_port --value="$mqtt_websocket_port" fi # Cleaning legacy permissions #REMOVEME? if ynh_legacy_permissions_exists; then #REMOVEME? ynh_legacy_permissions_delete_all ynh_app_setting_delete --app="$app" --key=is_public fi # Create the permission "domoticz_API" only if it doesn't exist. #REMOVEME? if ! ynh_permission_exists --permission="domoticz_API" then # API Authorization with dedicated URL #REMOVEME? ynh_permission_create --permission="domoticz_API" --label="api" --url="$domain$api_path" --allowed="visitors" --show_tile="false" --protected="true" fi # Create the permission "domoticz_MQTT" only if it doesn't exist. if [ ! -z "$mqtt_domain" ]; then #REMOVEME? if ! ynh_permission_exists --permission="domoticz_MQTT" then # API Authorization with dedicated URL #REMOVEME? ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true" fi fi #remove unwanted log folder if [ -d "/var/log/$app/$app" ]; then ynh_secure_remove "/var/log/$app/$app" fi #================================================= # CREATE DEDICATED USER #================================================= #REMOVEME? ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) #REMOVEME? ynh_system_user_create --username="$app" --home_dir="$install_dir" #allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus if grep dialout -q < /etc/group; then usermod -a -G dialout "$app" fi if grep i2c -q < /etc/group; then usermod -a -G i2c "$app" fi if grep gpio -q < /etc/group; then usermod -a -G gpio "$app" fi #allow app user to restart service on startup ynh_add_config --template="../conf/sudoer" --destination="/etc/sudoers.d/$app" chmod 440 /etc/sudoers.d/"$app" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=15 # Download, check integrity, uncompress and patch the source from app.src ynh_add_config --template="../conf/app.src.default" --destination="../conf/app.src" ynh_setup_source --dest_dir="$install_dir" #Create the database file if [ ! -f "$install_dir"/domoticz.db ]; then touch "$install_dir"/domoticz.db chmod 644 "$install_dir"/domoticz.db fi fi chmod 750 "$install_dir" chmod -R o-rwx "$install_dir" chown -R "$app":"$app" "$install_dir" #================================================= # SET MOSQUITTO SETTINGS #================================================= if [ ! -z "$mqtt_domain" ]; then ynh_script_progression --message="Setting up mosquitto..." --weight=5 #Installing packages #REMOVEME? ynh_install_extra_app_dependencies --repo="deb https://repo.mosquitto.org/debian buster main" --package="$extra_pkg_dependencies" --key="http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key" #Setting up conf file for access if [ ! -f "/etc/mosquitto/conf.d/"$app"_mosquitto.conf" ] then ynh_add_config --template="../conf/domoticz_mosquitto.conf" --destination="/etc/mosquitto/conf.d/"$app"_mosquitto.conf" chmod 644 /etc/mosquitto/conf.d/"$app"_mosquitto.conf #Setting up user&pwd for mqtt access ynh_app_setting_set --app="$app" --key=mqtt_user --value=$(ynh_string_random --length=8) ynh_app_setting_set --app="$app" --key=mqtt_pwd --value=$(ynh_string_random) #REMOVEME? echo $(ynh_app_setting_get --app="$app" --key=mqtt_user):$(ynh_app_setting_get --app="$app" --key=mqtt_pwd) > "/etc/mosquitto/conf.d/"$app"_credentials" mosquitto_passwd -U "/etc/mosquitto/conf.d/"$app"_credentials" ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app" fi fi #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." [[ ! -z "$mqtt_domain" ]] && ynh_add_config --template="../conf/mqtt_nginx.conf" --destination="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf" #Set Hook for nginx domain cp -R ../sources/hooks/conf_regen/95-nginx_domoticz /usr/share/yunohost/hooks/conf_regen/ yunohost tools regen-conf nginx # Create a dedicated NGINX config if [[ ! -f "/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ]] then ynh_print_warn --message="The nginx conf file will now be splitted between standard and api related path" ynh_print_warn --message="Report any manual changes on the new /etc/nginx/conf.d/$domain.d/api_$app.conf file for json command to keep working" ynh_add_config --template="api_nginx.conf" --destination="/etc/nginx/conf.d/"$domain".d/api_"$app".conf" fi ynh_add_nginx_config #================================================= # UPGRADE DEPENDENCIES #================================================= #REMOVEME? ynh_script_progression --message="Upgrading dependencies..." --weight=5 #REMOVEME? ynh_install_app_dependencies "$pkg_dependencies" #================================================= # SPECIFIC UPGRADE #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Upgrading systemd configuration..." # Create a dedicated systemd config ynh_add_systemd_config #================================================= # GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Upgrading logrotate configuration..." mkdir -p /var/log/"$app" chown -R domoticz: /var/log/"$app" # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --logfile="/var/log/$app" --non-append [[ ! -z "$mqtt_domain" ]] && ynh_use_logrotate --logfile="/var/log/mosquitto" #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2Ban..." --weight=8 # Make sure a log file exists (mostly for CI tests) log_file=/var/log/$app/$app.log if [ ! -f "$log_file" ]; then touch "$log_file" chown $app: "$log_file" fi # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from .*$" --max_retry=5 ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation" #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add "$app" --description="Domotique open sources" --log="/var/log/$app/$app.log" [[ ! -z "$mqtt_domain" ]] && yunohost service add mosquitto --description="Serveur MQTT pour domoticz" --log="/var/log/mosquitto/mosquitto.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=3 ynh_systemd_action --service_name="$app" --action="start" #Restarting mosquitto to take changes from /etc/mosquitto/conf.d/*.conf into account [[ ! -z "$mqtt_domain" ]] && ynh_systemd_action --service_name=mosquitto --action="restart" #================================================= # RELOAD NGINX #================================================= #REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." #REMOVEME? ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Upgrade of $app completed" --last