#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= ynh_clean_setup () { ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain="$YNH_APP_ARG_DOMAIN" path_url="$YNH_APP_ARG_PATH" is_public="$YNH_APP_ARG_IS_PUBLIC" mqtt_domain="$YNH_APP_ARG_MQTT_DOMAIN" app="$YNH_APP_INSTANCE_NAME" #Set dedicated variables if [ "$path_url" == "/" ]; then api_path=/api_/"$app" else api_path=/api_"$path_url" fi #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." final_path=/opt/yunohost/"$app" test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app="$app" --domain="$domain" --path_url="$path_url" #impossible de booker plusieurs webpath #if [ ! -z $mqtt_domain ]; then # ynh_webpath_register --app=mqtt_$app --domain=$mqtt_domain --path_url="/" #fi if [ "$domain" == "$mqtt_domain" ]; then mqtt_domain="" fi #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app="$app" --key=domain --value="$domain" ynh_app_setting_set --app="$app" --key=path --value="$path_url" #Will be used in restore script to check that we're restoring on the same OS/Board type ynh_app_setting_set --app="$app" --key=OS --value="$os" ynh_app_setting_set --app="$app" --key=mach --value="$mach" #path used by api & mqtt to read/update domoticz ynh_app_setting_set --app="$app" --key=api_path --value="$api_path" [[ ! -z "$mqtt_domain" ]] && ynh_app_setting_set --app="$app" --key=mqtt_domain --value="$mqtt_domain" #================================================= # STANDARD MODIFICATIONS #================================================= # FIND AND OPEN A PORT #================================================= ynh_script_progression --message="Finding available port..." # Find an available port port=$(ynh_find_port --port=8080) ynh_app_setting_set --app="$app" --key=port --value="$port" if [ ! -z "$mqtt_domain" ]; then ynh_script_progression --message="Finding available ports for Mosquitto..." mqtt_port=$(ynh_find_port --port="$default_mqtt_port") ynh_app_setting_set --app="$app" --key=mqtt_port --value="$mqtt_port" mqtt_websocket_port=$(ynh_find_port --port="$default_mqtt_websocket_port") ynh_app_setting_set --app="$app" --key=mqtt_websocket_port --value="$mqtt_websocket_port" fi #================================================= # INSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Installing dependencies..." --weight=15 ynh_install_app_dependencies "$pkg_dependencies" #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." # Create a system user ynh_system_user_create --username="$app" --home_dir="$final_path" #allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus if grep dialout -q < /etc/group; then usermod -a -G dialout "$app" fi if grep i2c -q < /etc/group; then usermod -a -G i2c "$app" fi if grep gpio -q < /etc/group; then usermod -a -G gpio "$app" fi #allow app user to restart service on startup ynh_add_config --template="../conf/sudoer" --destination="/etc/sudoers.d/$app" chmod 440 /etc/sudoers.d/"$app" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=5 ynh_app_setting_set --app="$app" --key=final_path --value="$final_path" # Download, check integrity, uncompress and patch the source from app.src # Create an app.src for the correct version of domoticz # match string are fulfilled in _common.sh via the upstream bash installation script ynh_add_config --template="../conf/app.src.default" --destination="../conf/app.src" ynh_setup_source --dest_dir="$final_path" #Create the database file if [ ! -f "$final_path"/domoticz.db ]; then touch "$final_path"/domoticz.db chmod 640 "$final_path"/domoticz.db fi chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R "$app":"$app" "$final_path" #================================================= # SET MOSQUITTO SETTINGS #================================================= if [ ! -z "$mqtt_domain" ]; then ynh_script_progression --message="Setting up mosquitto..." --weight=5 #Installing packages ynh_install_extra_app_dependencies --repo="deb https://repo.mosquitto.org/debian buster main" --package="$extra_pkg_dependencies" --key="http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key" #Setting up conf file for access ynh_add_config --template="../conf/domoticz_mosquitto.conf" --destination="/etc/mosquitto/conf.d/"$app"_mosquitto.conf" chmod 644 /etc/mosquitto/conf.d/"$app"_mosquitto.conf #Setting up user&pwd for mqtt access ynh_app_setting_set --app="$app" --key=mqtt_user --value=$(ynh_string_random --length=8) ynh_app_setting_set --app="$app" --key=mqtt_pwd --value=$(ynh_string_random) echo $(ynh_app_setting_get --app="$app" --key=mqtt_user):$(ynh_app_setting_get --app="$app" --key=mqtt_pwd) > "/etc/mosquitto/conf.d/"$app"_credentials" mosquitto_passwd -U "/etc/mosquitto/conf.d/"$app"_credentials" ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app" fi #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=2 [[ ! -z "$mqtt_domain" ]] && ynh_add_config --template="../conf/mqtt_nginx.conf" --destination="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf" #Set Hook for nginx domain cp -R ../sources/hooks/conf_regen/95-nginx_domoticz /usr/share/yunohost/hooks/conf_regen/ yunohost tools regen-conf nginx # Create a dedicated NGINX config ynh_add_config --template="api_nginx.conf" --destination="/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ynh_add_nginx_config #================================================= # SPECIFIC SETUP #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Configuring a systemd service..." # Create a dedicated systemd config ynh_add_systemd_config #================================================= # GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." mkdir -p /var/log/"$app" chown -R domoticz: /var/log/"$app" # Use logrotate to manage application logfile(s) ynh_use_logrotate [[ ! -z "$mqtt_domain" ]] && ynh_use_logrotate --logfile="/var/log/mosquitto" #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add "$app" --description="Domotique open sources" --log="/var/log/$app/$app.log" [[ ! -z "$mqtt_domain" ]] && yunohost service add mosquitto --description="Serveur MQTT pour domoticz" --log="/var/log/mosquitto/mosquitto.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." # Start a systemd service ynh_systemd_action --service_name="$app" --action="start" #Restarting mosquitto to take changes into account [[ ! -z "$mqtt_domain" ]] && ynh_systemd_action --service_name=mosquitto --action="restart" #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2Ban..." --weight=8 # Make sure a log file exists (mostly for CI tests) log_file=/var/log/$app/$app.log if [ ! -f "$log_file" ]; then touch "$log_file" chown $app: "$log_file" fi # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from .*$" --max_retry=5 ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation" #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring permissions..." # Make app public if necessary if [ "$is_public" -eq 1 ] then # Everyone can access the app. # The "main" permission is automatically created before the install script. ynh_permission_update --permission="main" --add="visitors" fi #API & MQTT should stay publicly accessible. ynh_permission_create --permission="domoticz_API" --label="api" --url="$domain$api_path" --allowed="visitors" --show_tile="false" --protected="true" [[ ! -z "$mqtt_domain" ]] && ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true" #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed" --last