mirror of
https://github.com/YunoHost-Apps/domoticz_ynh.git
synced 2024-09-03 18:26:17 +02:00
324 lines
12 KiB
Bash
324 lines
12 KiB
Bash
#!/bin/bash
|
||
|
||
version_gt() {
|
||
test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1";
|
||
}
|
||
|
||
#=================================================
|
||
# GENERIC START
|
||
#=================================================
|
||
# IMPORT GENERIC HELPERS
|
||
#=================================================
|
||
|
||
source _common.sh
|
||
source /usr/share/yunohost/helpers
|
||
|
||
#=================================================
|
||
# LOAD SETTINGS
|
||
#=================================================
|
||
ynh_script_progression --message="Loading installation settings..."
|
||
|
||
app="$YNH_APP_INSTANCE_NAME"
|
||
|
||
domain=$(ynh_app_setting_get --app="$app" --key=domain)
|
||
path_url=$(ynh_app_setting_get --app="$app" --key=path)
|
||
final_path=$(ynh_app_setting_get --app="$app" --key=final_path)
|
||
port=$(ynh_app_setting_get --app="$app" --key=port)
|
||
current_OS=$(ynh_app_setting_get --app="$app" --key=OS)
|
||
current_mach=$(ynh_app_setting_get --app="$app" --key=mach)
|
||
api_path=$(ynh_app_setting_get --app="$app" --key=api_path)
|
||
mqtt_domain=$(ynh_app_setting_get --app="$app" --key=mqtt_domain)
|
||
mqtt_port=$(ynh_app_setting_get --app="$app" --key=mqtt_port)
|
||
mqtt_websocket_port=$(ynh_app_setting_get --app="$app" --key=mqtt_websocket_port)
|
||
|
||
#=================================================
|
||
# CHECK VERSION
|
||
#=================================================
|
||
ynh_script_progression --message="Checking version..."
|
||
|
||
upgrade_type=$(ynh_check_app_version_changed)
|
||
|
||
#=================================================
|
||
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
||
#=================================================
|
||
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
|
||
|
||
# Ugly hack so that previous version backup script from "https://github.com/anubister/domoticz_ynh" works :
|
||
# It creates a dummy file in /etc/cron.d so that the backup do not fail.
|
||
current_upstream_version=$(ynh_app_upstream_version --manifest="/etc/yunohost/apps/$app/manifest.json")
|
||
current_package_version=$(ynh_app_package_version --manifest="/etc/yunohost/apps/$app/manifest.json")
|
||
if version_gt "4.9701" "$current_upstream_version" && version_gt "2" "$current_package_version" ; then
|
||
touch /etc/cron.d/"$app"
|
||
fi
|
||
|
||
# Backup the current version of the app
|
||
ynh_backup_before_upgrade
|
||
ynh_clean_setup () {
|
||
ynh_clean_check_starting
|
||
# Restore it if the upgrade fails
|
||
ynh_restore_upgradebackup
|
||
}
|
||
|
||
#remove ugly hack
|
||
if [ -f /etc/cron.d/"$app" ]; then
|
||
rm /etc/cron.d/"$app"
|
||
fi
|
||
|
||
# Exit if an error occurs during the execution of the script
|
||
ynh_abort_if_errors
|
||
|
||
#=================================================
|
||
# STANDARD UPGRADE STEPS
|
||
#=================================================
|
||
# STOP SYSTEMD SERVICE
|
||
#=================================================
|
||
ynh_script_progression --message="Stopping a systemd service..." --weight=2
|
||
|
||
ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$app/$app.log"
|
||
|
||
#=================================================
|
||
# ENSURE DOWNWARD COMPATIBILITY
|
||
#=================================================
|
||
ynh_script_progression --message="Ensuring downward compatibility..."
|
||
|
||
#Store OS and machine (to be used in restore script)
|
||
if [ -z "$current_OS" ]; then
|
||
ynh_app_setting_set --app="$app" --key=OS --value="$OS"
|
||
fi
|
||
if [ -z "$current_mach" ]; then
|
||
ynh_app_setting_set --app="$app" --key=mach --value="$MACH"
|
||
fi
|
||
|
||
# If final_path doesn't exist, create it
|
||
if [ -z "$final_path" ]; then
|
||
final_path=/var/www/"$app"
|
||
ynh_app_setting_set --app="$app" --key=final_path --value="$final_path"
|
||
fi
|
||
|
||
#Create a dedicated path for the api access
|
||
if [ -z "$api_path" ]; then
|
||
if [ "$path_url" == "/" ]; then
|
||
api_path=/api_/"$app"
|
||
else
|
||
api_path=/api_"$path_url"
|
||
fi
|
||
ynh_app_setting_set --app="$app" --key=api_path --value="$api_path"
|
||
fi
|
||
|
||
#Create a dedicated path for the mqtt access
|
||
if [ -z "$mqtt_domain" ]; then
|
||
ynh_print_info --message="Mosquitto, a mqtt server, can now be installed during upgrade, pleaser refer to package documentation to activate it"
|
||
fi
|
||
|
||
#Port to listen for MQTT internal
|
||
if [[ -z "$mqtt_port" && ! -z "$mqtt_domain" ]]; then
|
||
mqtt_port=$(ynh_find_port --port="$default_mqtt_port")
|
||
ynh_app_setting_set --app="$app" --key=mqtt_port --value="$mqtt_port"
|
||
fi
|
||
|
||
#Port to listen for MQTT websocket
|
||
if [[ -z "$mqtt_websocket_port" && ! -z "$mqtt_domain" ]]; then
|
||
mqtt_websocket_port=$(ynh_find_port --port="$default_mqtt_websocket_port")
|
||
ynh_app_setting_set --app="$app" --key=mqtt_websocket_port --value="$mqtt_websocket_port"
|
||
fi
|
||
|
||
|
||
# Cleaning legacy permissions
|
||
if ynh_legacy_permissions_exists; then
|
||
ynh_legacy_permissions_delete_all
|
||
|
||
ynh_app_setting_delete --app="$app" --key=is_public
|
||
fi
|
||
|
||
# Create the permission "domoticz_API" only if it doesn't exist.
|
||
if ! ynh_permission_exists --permission="domoticz_API"
|
||
then
|
||
# API Authorization with dedicated URL
|
||
ynh_permission_create --permission="domoticz_API" --label="api" --url="$domain$api_path" --allowed="visitors" --show_tile="false" --protected="true"
|
||
|
||
fi
|
||
|
||
# Create the permission "domoticz_MQTT" only if it doesn't exist.
|
||
if [ ! -z "$mqtt_domain" ]; then
|
||
if ! ynh_permission_exists --permission="domoticz_MQTT"
|
||
then
|
||
# API Authorization with dedicated URL
|
||
ynh_permission_create --permission="domoticz_MQTT" --label="MQTT" --url="$mqtt_domain" --allowed="visitors" --show_tile="false" --protected="true"
|
||
fi
|
||
fi
|
||
|
||
#remove unwanted log folder
|
||
if [ -d "/var/log/$app/$app" ]; then
|
||
ynh_secure_remove "/var/log/$app/$app"
|
||
fi
|
||
|
||
#remove the authentication header preventing login from 2023.2 and 11.2.3 onward
|
||
ynh_permission_url --permission="main" --auth_header=false
|
||
|
||
#=================================================
|
||
# CREATE DEDICATED USER
|
||
#=================================================
|
||
ynh_script_progression --message="Making sure dedicated system user exists..."
|
||
|
||
# Create a dedicated user (if not existing)
|
||
ynh_system_user_create --username="$app" --home_dir="$final_path"
|
||
|
||
#allow user to access USB / serial port to communicate with tools (RFXtrx, Z-wave dongle, etc.) & i2c bus
|
||
if grep dialout -q < /etc/group; then
|
||
usermod -a -G dialout "$app"
|
||
fi
|
||
if grep i2c -q < /etc/group; then
|
||
usermod -a -G i2c "$app"
|
||
fi
|
||
if grep gpio -q < /etc/group; then
|
||
usermod -a -G gpio "$app"
|
||
fi
|
||
|
||
#allow app user to restart service on startup
|
||
ynh_add_config --template="../conf/sudoer" --destination="/etc/sudoers.d/$app"
|
||
chmod 440 /etc/sudoers.d/"$app"
|
||
|
||
#=================================================
|
||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||
#=================================================
|
||
|
||
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
||
then
|
||
ynh_script_progression --message="Upgrading source files..." --weight=15
|
||
|
||
# Download, check integrity, uncompress and patch the source from app.src
|
||
ynh_add_config --template="../conf/app.src.default" --destination="../conf/app.src"
|
||
ynh_setup_source --dest_dir="$final_path"
|
||
#Create the database file
|
||
if [ ! -f "$final_path"/domoticz.db ]; then
|
||
touch "$final_path"/domoticz.db
|
||
chmod 644 "$final_path"/domoticz.db
|
||
fi
|
||
fi
|
||
|
||
chmod 750 "$final_path"
|
||
chmod -R o-rwx "$final_path"
|
||
chown -R "$app":"$app" "$final_path"
|
||
|
||
#=================================================
|
||
# SET MOSQUITTO SETTINGS
|
||
#=================================================
|
||
if [ ! -z "$mqtt_domain" ]; then
|
||
ynh_script_progression --message="Setting up mosquitto..." --weight=5
|
||
|
||
#Installing packages
|
||
ynh_install_extra_app_dependencies --repo="deb https://repo.mosquitto.org/debian buster main" --package="$extra_pkg_dependencies" --key="http://repo.mosquitto.org/debian/mosquitto-repo.gpg.key"
|
||
|
||
#Setting up conf file for access
|
||
if [ ! -f "/etc/mosquitto/conf.d/"$app"_mosquitto.conf" ]
|
||
then
|
||
ynh_add_config --template="../conf/domoticz_mosquitto.conf" --destination="/etc/mosquitto/conf.d/"$app"_mosquitto.conf"
|
||
chmod 644 /etc/mosquitto/conf.d/"$app"_mosquitto.conf
|
||
|
||
#Setting up user&pwd for mqtt access
|
||
ynh_app_setting_set --app="$app" --key=mqtt_user --value=$(ynh_string_random --length=8)
|
||
ynh_app_setting_set --app="$app" --key=mqtt_pwd --value=$(ynh_string_random)
|
||
echo $(ynh_app_setting_get --app="$app" --key=mqtt_user):$(ynh_app_setting_get --app="$app" --key=mqtt_pwd) > "/etc/mosquitto/conf.d/"$app"_credentials"
|
||
mosquitto_passwd -U "/etc/mosquitto/conf.d/"$app"_credentials"
|
||
|
||
ynh_print_info --message="The credential to the mosquitto server has been saved in the settings of the app"
|
||
fi
|
||
fi
|
||
|
||
#=================================================
|
||
# NGINX CONFIGURATION
|
||
#=================================================
|
||
ynh_script_progression --message="Upgrading NGINX web server configuration..."
|
||
|
||
[[ ! -z "$mqtt_domain" ]] && ynh_add_config --template="../conf/mqtt_nginx.conf" --destination="/etc/nginx/conf.d/"$mqtt_domain".d/mqtt_"$app".conf"
|
||
|
||
#Set Hook for nginx domain
|
||
cp -R ../sources/hooks/conf_regen/95-nginx_domoticz /usr/share/yunohost/hooks/conf_regen/
|
||
yunohost tools regen-conf nginx
|
||
|
||
# Create a dedicated NGINX config
|
||
if [[ ! -f "/etc/nginx/conf.d/"$domain".d/api_"$app".conf" ]]
|
||
then
|
||
ynh_print_warn --message="The nginx conf file will now be splitted between standard and api related path"
|
||
ynh_print_warn --message="Report any manual changes on the new /etc/nginx/conf.d/$domain.d/api_$app.conf file for json command to keep working"
|
||
ynh_add_config --template="api_nginx.conf" --destination="/etc/nginx/conf.d/"$domain".d/api_"$app".conf"
|
||
fi
|
||
ynh_add_nginx_config
|
||
|
||
#=================================================
|
||
# UPGRADE DEPENDENCIES
|
||
#=================================================
|
||
ynh_script_progression --message="Upgrading dependencies..." --weight=5
|
||
|
||
ynh_install_app_dependencies "$pkg_dependencies"
|
||
|
||
#=================================================
|
||
# SPECIFIC UPGRADE
|
||
#=================================================
|
||
# SETUP SYSTEMD
|
||
#=================================================
|
||
ynh_script_progression --message="Upgrading systemd configuration..."
|
||
|
||
# Create a dedicated systemd config
|
||
ynh_add_systemd_config
|
||
|
||
#=================================================
|
||
# GENERIC FINALIZATION
|
||
#=================================================
|
||
# SETUP LOGROTATE
|
||
#=================================================
|
||
ynh_script_progression --message="Upgrading logrotate configuration..."
|
||
|
||
mkdir -p /var/log/"$app"
|
||
chown -R domoticz: /var/log/"$app"
|
||
|
||
# Use logrotate to manage app-specific logfile(s)
|
||
ynh_use_logrotate --logfile="/var/log/$app" --non-append
|
||
[[ ! -z "$mqtt_domain" ]] && ynh_use_logrotate --logfile="/var/log/mosquitto"
|
||
|
||
#=================================================
|
||
# SETUP FAIL2BAN
|
||
#=================================================
|
||
ynh_script_progression --message="Configuring Fail2Ban..." --weight=8
|
||
|
||
# Make sure a log file exists (mostly for CI tests)
|
||
log_file=/var/log/$app/$app.log
|
||
if [ ! -f "$log_file" ]; then
|
||
touch "$log_file"
|
||
chown $app: "$log_file"
|
||
fi
|
||
|
||
# Create a dedicated Fail2Ban config
|
||
ynh_add_fail2ban_config --logpath="$log_file" --failregex="^.*Error: Failed login attempt from <HOST>.*$" --max_retry=5
|
||
ynh_print_info --message="If you wish for Fail2ban to work, set up your local address in Setup/Settings/System/Local Networks as per documentation"
|
||
#=================================================
|
||
# INTEGRATE SERVICE IN YUNOHOST
|
||
#=================================================
|
||
ynh_script_progression --message="Integrating service in YunoHost..."
|
||
|
||
yunohost service add "$app" --description="Domotique open sources" --log="/var/log/$app/$app.log"
|
||
[[ ! -z "$mqtt_domain" ]] && yunohost service add mosquitto --description="Serveur MQTT pour domoticz" --log="/var/log/mosquitto/mosquitto.log"
|
||
|
||
|
||
#=================================================
|
||
# START SYSTEMD SERVICE
|
||
#=================================================
|
||
ynh_script_progression --message="Starting a systemd service..." --weight=3
|
||
|
||
ynh_systemd_action --service_name="$app" --action="start"
|
||
|
||
#Restarting mosquitto to take changes from /etc/mosquitto/conf.d/*.conf into account
|
||
[[ ! -z "$mqtt_domain" ]] && ynh_systemd_action --service_name=mosquitto --action="restart"
|
||
|
||
#=================================================
|
||
# RELOAD NGINX
|
||
#=================================================
|
||
ynh_script_progression --message="Reloading NGINX web server..."
|
||
|
||
ynh_systemd_action --service_name=nginx --action=reload
|
||
|
||
#=================================================
|
||
# END OF SCRIPT
|
||
#=================================================
|
||
|
||
ynh_script_progression --message="Upgrade of $app completed" --last
|