diff --git a/conf/.env b/conf/.env new file mode 100644 index 0000000..1ff548c --- /dev/null +++ b/conf/.env @@ -0,0 +1,9 @@ +quarkus_http_host=127.0.0.1 + +quarkus_mongodb_projects_connection_string=mongodb://localhost:27017 +projects_database_name=dontCodeProjects + +quarkus_mongodb_data_connection_string=mongodb://localhost:27017 +data_database_name=dontCodeData +document_directory=__DOCUMENT_PATH__ +document_external_url=__DOCUMENT_URL__ diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..79447c1 --- /dev/null +++ b/conf/app.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://github.com/dont-code/release/releases/download/v0.2.10/dont-code-release-runners.zip +SOURCE_SUM=f20bfa0423d48015a3507b0555d30d57fa594657a4bca55ad869fca8fbad125d +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=zip +SOURCE_IN_SUBDIR=false +SOURCE_EXTRACT=true diff --git a/conf/authorized_keys b/conf/authorized_keys index e69de29..43a1924 100644 --- a/conf/authorized_keys +++ b/conf/authorized_keys @@ -0,0 +1 @@ +__PUBLIC_KEY__ diff --git a/conf/nginx.conf b/conf/nginx.conf index 6b738ce..c5794bc 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,28 +1,54 @@ #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; + location __PATH__/ { + location __PATH__/ide { + proxy_pass http://localhost:__PORT_IDE__/ide; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_read_timeout 86400s; + proxy_send_timeout 86400s; + } - # Path to source - alias __FINALPATH__/; + location __PATH__/preview { + proxy_pass http://localhost:__PORT_PREVIEW__/preview; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_read_timeout 86400s; + proxy_send_timeout 86400s; -### Example PHP configuration (remove it if not used) - index index.php; + } - # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file - #client_max_body_size 50M; + location __PATH__/project { + proxy_pass http://localhost:__PORT_PROJECT__/project; + proxy_set_header Host $host; + proxy_read_timeout 86400s; + proxy_send_timeout 86400s; + } - try_files $uri $uri/ index.php; - location ~ [^/]\.php(/|$) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + location __PATH__/data { + proxy_pass http://localhost:__PORT_DATA__/data; + proxy_set_header Host $host; + proxy_read_timeout 86400s; + proxy_send_timeout 86400s; + } - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $request_filename; - } -### End of PHP configuration part + location __PATH__/documents { + proxy_pass http://localhost:__PORT_DATA__/documents; + proxy_set_header Host $host; + proxy_read_timeout 86400s; + proxy_send_timeout 86400s; + client_max_body_size 15M; + } - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; + location __PATH__/demo_project { + proxy_pass http://localhost:__PORT_PROJECT__/project; + proxy_set_header Host $host; + proxy_set_header DbName "dontCodeDemoProjects"; + proxy_read_timeout 86400s; + proxy_send_timeout 86400s; + } } diff --git a/conf/systemd.service b/conf/systemd.service index caf7e46..6b7f6ad 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,14 +1,16 @@ [Unit] -Description=Small description of the service +Description=Dont-code __SERVICE_NAME__ service After=network.target +Requires=__MONGODB_SERVICENAME__.service [Service] Type=simple User=__APP__ Group=__APP__ +Environment="quarkus_http_port=__PORT__" WorkingDirectory=__FINALPATH__/ -ExecStart=__FINALPATH__/script -StandardOutput=append:/var/log/__APP__/__APP__.log +ExecStart=__YNH_JAVA__ -jar __SERVICE_NAME__-services-runner.jar +StandardOutput=append:/var/log/__APP__/__SERVICE_NAME__-__APP__.log StandardError=inherit # Sandboxing options to harden security diff --git a/manifest.json b/manifest.json index 16ab634..cc13269 100644 --- a/manifest.json +++ b/manifest.json @@ -1,6 +1,6 @@ { - "name": "Dont-code Services", - "id": "dont-code-services", + "name": "Dont-Code Services", + "id": "dont-code", "packaging_format": 1, "description": { "en": "Install services and databases needed to support Dont-code platform", @@ -44,9 +44,10 @@ { "name": "public_key", "type": "string", + "optional": "true", "ask": { - "en": "This public_key allows you to update the services through ssh (as part of delivery process)", - "fr": "Fournir ici une clef publique qui permettra de mettre à jour les services (via une deploiement automatique)" + "en": "SSH Public key to allow service updates as part of delivery process, leave empty to disable.", + "fr": "Clef publique SSH permettant la mise à jour des services via une deploiement automatique, inactif si non renseigné." } }, { diff --git a/scripts/install b/scripts/install index 22fe897..e3228d8 100755 --- a/scripts/install +++ b/scripts/install @@ -22,6 +22,8 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors +SERVICES_LIST=(ide preview project data) + #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= @@ -75,7 +77,7 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url #================================================= # FIND AND OPEN A PORT #================================================= -ynh_script_progression --message="Finding an available port..." --weight=1 +ynh_script_progression --message="Finding an available ports..." --weight=1 ### Use these lines if you have to open a port for the application ### `ynh_find_port` will find the first available port starting from the given port. @@ -83,8 +85,17 @@ ynh_script_progression --message="Finding an available port..." --weight=1 ### - Remove the section "CLOSE A PORT" in the remove script # Find an available port -port=$(ynh_find_port --port=8095) -ynh_app_setting_set --app=$app --key=port --value=$port +port_preview=$(ynh_find_port --port=8081) +ynh_app_setting_set --app=$app --key=port_preview --value=$port_preview +port_ide=$(ynh_find_port --port=8082) +ynh_app_setting_set --app=$app --key=port_ide --value=$port_ide +port_project=$(ynh_find_port --port=8083) +ynh_app_setting_set --app=$app --key=port_project --value=$port_project +port_data=$(ynh_find_port --port=8084) +ynh_app_setting_set --app=$app --key=port_data --value=$port_data + +# define the list of port in the same order than the list of services +PORT_LIST=($port_ide $port_preview $port_project $port_data) # Optional: Expose this port publicly # (N.B.: you only need to do this if the app actually needs to expose the port publicly. @@ -121,27 +132,26 @@ ynh_install_mongo --mongo_version=6.0 ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" --use-shell --groups="ssh.app" - +ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell --groups="ssh.app" #================================================= # CREATE A Mongo DATABASE #================================================= -ynh_script_progression --message="Creating a Mongo database..." --weight=1 +ynh_script_progression --message="Creating the Mongo databases..." --weight=1 -### Use these lines if you need a database for the application. -### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password. -### The password will be stored as 'mysqlpwd' into the app settings, -### and will be available as $db_pwd -### If you're not using these lines: -### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script -### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script -### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script +# No need to create the database for data and demoProjects, and the user is not used -db_name=$(ynh_sanitize_dbid --db_name=$app-projects) -db_user=$db_name -ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_mongo_setup_db --db_user=$db_user --db_name=$db_name +#db_project_name=$(ynh_sanitize_dbid --db_name="${app}-projects") +#db_demo_project_name=$(ynh_sanitize_dbid --db_name="${app}-demo-projects") +#db_data_name=$(ynh_sanitize_dbid --db_name="${app}-data") +db_user=$(ynh_sanitize_dbid --db_name="${app}") +#ynh_app_setting_set --app=$app --key=db_project_name --value=$db_project_name +#ynh_app_setting_set --app=$app --key=db_demo_project_name --value=$db_demo_project_name +#ynh_app_setting_set --app=$app --key=db_data_name --value=$db_data_name +#ynh_app_setting_set --app=$app --key=db_user --value=$db_user + +#We should probably enable databases to the user, but for now, we connect through admin +ynh_mongo_setup_db --db_user=$db_user --db_name=dontCodeProjects #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -166,17 +176,18 @@ chmod -R o-rwx "$final_path" chown -R $app:$app "$final_path" # Download, check integrity, uncompress and patch the source from app.src -# ynh_setup_source --dest_dir="$final_path" +ynh_setup_source --dest_dir="$final_path" + if [ -n "$public_key" ] then #enable ssh access to the files for updates #todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh - mkdir $final_path .ssh - ynh_add_config --template="authorized_keys" --destination=".ssh/authorized_keys" + mkdir --parents $final_path/.ssh + ynh_add_config --template="authorized_keys" --destination="$final_path/.ssh/authorized_keys" ynh_app_setting_set --app=$app --key=public_key --value=$public_key chown -R $app:$app "$final_path/.ssh" chmod 700 "$final_path/.ssh" - chmod 600 "$final_path/.ssh/authorized-keys" + chmod 600 "$final_path/.ssh/authorized_keys" fi @@ -193,8 +204,17 @@ ynh_add_nginx_config #================================================= # SPECIFIC SETUP #================================================= -# ... +# Create document storage #================================================= +document_path=/var/www/$app/documents +test ! -e "$document_path" || ynh_die --message="This path already contains a folder" +mkdir --parents $document_path + +chmod 750 "$document_path" +chmod -R o-rwx "$document_path" +chown -R $app:www-data "$document_path" + +document_url=https://${domain}${path_url}/documents #================================================= # DONT CREATE A DATA DIRECTORY @@ -241,13 +261,13 @@ ynh_script_progression --message="Adding a configuration file..." --weight=1 ### ### Check the documentation of `ynh_add_config` for more info. -# ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file" +ynh_add_config --template=".env" --destination="$final_path/.env" # FIXME: this should be handled by the core in the future # You may need to use chmod 600 instead of 400, # for example if the app is expected to be able to modify its own config -#chmod 400 "$final_path/some_config_file" -#chown $app:$app "$final_path/some_config_file" +chmod 400 "$final_path/.env" +chown $app:$app "$final_path/.env" ### For more complex cases where you want to replace stuff using regexes, ### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) @@ -272,8 +292,16 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=1 ### - As well as the section "RESTORE SYSTEMD" in the restore script ### - And the section "SETUP SYSTEMD" in the upgrade script -# Create a dedicated systemd config -#ynh_add_systemd_config +# Create a dedicated systemd config for each service + +service_list_length=${#SERVICES_LIST[@]} +for (( j=0; j<${service_list_length}; j++ )) +do + service_name=${SERVICES_LIST[$j]} + port=${PORT_LIST[$j]} + ynh_add_systemd_config --service="${app}-${service_name}" +done + #================================================= # GENERIC FINALIZATION @@ -307,7 +335,10 @@ ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 ### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script ### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script -yunohost service add $app --description="Dont-code platform services" --log="/var/log/$app/$app.log" +for service_name in "${SERVICES_LIST[@]}" +do + yunohost service add "${app}-${service_name}" --description="Dont-code platform ${service_name} service" --log="/var/log/${app}/${service_name}-${app}.log" +done ### Additional options starting with 3.8: ### @@ -328,7 +359,7 @@ yunohost service add $app --description="Dont-code platform services" --log="/va #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message="Starting systemd services..." --weight=1 ### `ynh_systemd_action` is used to start a systemd service for an app. ### Only needed if you have configure a systemd service @@ -339,7 +370,10 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script # Start a systemd service -#ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +for service_name in "${SERVICES_LIST[@]}" +do + ynh_systemd_action --service_name="${app}-${service_name}" --action="start" --log_path="/var/log/$app/$app.log" +done #================================================= # SETUP SSOWAT diff --git a/scripts/remove b/scripts/remove index e03ce89..beec708 100755 --- a/scripts/remove +++ b/scripts/remove @@ -19,23 +19,32 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) -port=$(ynh_app_setting_get --app=$app --key=port) +port_ide=$(ynh_app_setting_get --app=$app --key=port_ide) +port_preview=$(ynh_app_setting_get --app=$app --key=port_preview) +port_project=$(ynh_app_setting_get --app=$app --key=port_project) +port_data=$(ynh_app_setting_get --app=$app --key=port_data) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name final_path=$(ynh_app_setting_get --app=$app --key=final_path) +SERVICES_LIST=(ide preview project data) +PORT_LIST=($port_ide $port_preview $port_project $port_data) + #================================================= # STANDARD REMOVE #================================================= # REMOVE SERVICE INTEGRATION IN YUNOHOST #================================================= +ynh_script_progression --message="Removing $app services..." --weight=1 # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) -if ynh_exec_warn_less yunohost service status $app >/dev/null -then - ynh_script_progression --message="Removing $app service integration..." --weight=1 - yunohost service remove $app -fi +for service_name in "${SERVICES_LIST[@]}" +do + if ynh_exec_warn_less yunohost service status "${app}-${service_name}" >/dev/null + then + yunohost service remove "${app}-${service_name}" + fi +done #================================================= # STOP AND REMOVE SERVICE @@ -43,7 +52,10 @@ fi ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 # Remove the dedicated systemd config -#ynh_remove_systemd_config +for service_name in "${SERVICES_LIST[@]}" +do + ynh_remove_systemd_config --service="${app}-${service_name}" +done #================================================= # REMOVE LOGROTATE CONFIGURATION @@ -59,7 +71,9 @@ ynh_remove_logrotate ynh_script_progression --message="Removing the Mongo database..." --weight=1 # Remove a database if it exists, along with the associated user -ynh_mongo_remove_db --db_user=$db_user --db_name=$db_name +ynh_mongo_remove_db --db_user=$db_user --db_name=dontCodeProjects +ynh_mongo_remove_db --db_user=$db_user --db_name=dontCodeDemoProjects +ynh_mongo_remove_db --db_user=$db_user --db_name=dontCodeData # Remove mongo itself if not used anymore ynh_remove_mongo @@ -89,14 +103,17 @@ ynh_script_progression --message="Removing dependencies..." --weight=1 ynh_remove_app_dependencies #================================================= -# CLOSE A PORT +# CLOSE ALL PORTS #================================================= -if yunohost firewall list | grep -q "\- $port$" -then - ynh_script_progression --message="Closing port $port..." --weight=1 - ynh_exec_warn_less yunohost firewall disallow TCP $port -fi +for port in "${PORT_LIST[@]}" +do + if yunohost firewall list | grep -q "\- $port$" + then + ynh_script_progression --message="Closing port $port..." --weight=1 + ynh_exec_warn_less yunohost firewall disallow TCP $port + fi +done #================================================= # SPECIFIC REMOVE @@ -105,9 +122,6 @@ fi #================================================= ynh_script_progression --message="Removing various files..." --weight=1 -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - # Remove the log files ynh_secure_remove --file="/var/log/$app"