mirror of
https://github.com/YunoHost-Apps/dont-code_ynh.git
synced 2024-09-03 18:26:34 +02:00
Enable ssh support for dev
This commit is contained in:
parent
d61139ad3e
commit
7852cc4bf4
8 changed files with 55 additions and 3 deletions
1
conf/dont-code-sudoers
Normal file
1
conf/dont-code-sudoers
Normal file
|
@ -0,0 +1 @@
|
||||||
|
%__APP__ ALL=(root) NOPASSWD: /usr/bin/systemctl restart __APP__-*
|
4
conf/restart-services.sh
Normal file
4
conf/restart-services.sh
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Restart all dont-code services
|
||||||
|
sudo systemctl restart "__APP__-*"
|
|
@ -6,7 +6,7 @@
|
||||||
"en": "Install services and databases needed to support Dont-code platform",
|
"en": "Install services and databases needed to support Dont-code platform",
|
||||||
"fr": "Installe les services et base de données nécessaires pour utiliser la plateforme Dont-code"
|
"fr": "Installe les services et base de données nécessaires pour utiliser la plateforme Dont-code"
|
||||||
},
|
},
|
||||||
"version": "0.2~ynh1",
|
"version": "0.2~ynh2",
|
||||||
"url": "https://dont-code.net",
|
"url": "https://dont-code.net",
|
||||||
"upstream": {
|
"upstream": {
|
||||||
"license": "AGPL-3.0-or-later",
|
"license": "AGPL-3.0-or-later",
|
||||||
|
|
|
@ -65,6 +65,9 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||||
#=================================================
|
#=================================================
|
||||||
# SPECIFIC BACKUP
|
# SPECIFIC BACKUP
|
||||||
#=================================================
|
#=================================================
|
||||||
|
ynh_backup --src_path="/etc/sudoers.d/$app-sudoers"
|
||||||
|
|
||||||
|
|
||||||
# BACKUP LOGROTATE
|
# BACKUP LOGROTATE
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
|
|
|
@ -179,6 +179,7 @@ ynh_setup_source --dest_dir="$final_path"
|
||||||
|
|
||||||
if [ -n "$public_key" ]
|
if [ -n "$public_key" ]
|
||||||
then
|
then
|
||||||
|
ynh_script_progression --message="Enabling ssh access for dev..." --weight=1
|
||||||
#enable ssh access to the files for updates
|
#enable ssh access to the files for updates
|
||||||
#todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh
|
#todo: Secure it more with https://github.com/YunoHost-Apps/ssh_chroot_dir_ynh
|
||||||
mkdir --parents $final_path/.ssh
|
mkdir --parents $final_path/.ssh
|
||||||
|
@ -187,6 +188,22 @@ then
|
||||||
chown -R $app:$app "$final_path/.ssh"
|
chown -R $app:$app "$final_path/.ssh"
|
||||||
chmod 700 "$final_path/.ssh"
|
chmod 700 "$final_path/.ssh"
|
||||||
chmod 600 "$final_path/.ssh/authorized_keys"
|
chmod 600 "$final_path/.ssh/authorized_keys"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# Create restart services file
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
# Enable restarting of services from ssh
|
||||||
|
ynh_add_config --template="restart-services.sh" --destination="$final_path/restart-services.sh"
|
||||||
|
|
||||||
|
# Enable root ownership to be able to call systemctl
|
||||||
|
chown $app:$app "$final_path/restart-services.sh"
|
||||||
|
chmod o-rwx,gu=rwx "$final_path/restart-services.sh"
|
||||||
|
|
||||||
|
ynh_add_config --template="dont-code-sudoers" --destination="/etc/sudoers.d/$app-sudoers"
|
||||||
|
chown root:root "/etc/sudoers.d/$app-sudoers"
|
||||||
|
chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers"
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
@ -205,6 +222,7 @@ ynh_add_nginx_config
|
||||||
#=================================================
|
#=================================================
|
||||||
# Create document storage
|
# Create document storage
|
||||||
#=================================================
|
#=================================================
|
||||||
|
ynh_script_progression --message="Configuring document storage..." --weight=1
|
||||||
document_path=$html_path/docs
|
document_path=$html_path/docs
|
||||||
test ! -e "$document_path" || ynh_die --message="This path already contains a folder"
|
test ! -e "$document_path" || ynh_die --message="This path already contains a folder"
|
||||||
mkdir --parents $document_path
|
mkdir --parents $document_path
|
||||||
|
|
|
@ -102,6 +102,8 @@ ynh_script_progression --message="Removing NGINX web server configuration..." --
|
||||||
# Remove the dedicated NGINX config
|
# Remove the dedicated NGINX config
|
||||||
ynh_remove_nginx_config
|
ynh_remove_nginx_config
|
||||||
|
|
||||||
|
ynh_secure_remove --file="/etc/sudoers.d/$app-sudoers"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# REMOVE DEPENDENCIES
|
# REMOVE DEPENDENCIES
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
@ -54,7 +54,7 @@ test ! -d $final_path \
|
||||||
ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
|
ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
|
||||||
|
|
||||||
# Create the dedicated user (if not existing)
|
# Create the dedicated user (if not existing)
|
||||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell --groups="ssh.app"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RESTORE THE APP MAIN DIR
|
# RESTORE THE APP MAIN DIR
|
||||||
|
@ -79,6 +79,14 @@ then
|
||||||
chown -R $app:$app "$final_path/.ssh"
|
chown -R $app:$app "$final_path/.ssh"
|
||||||
chmod 700 "$final_path/.ssh"
|
chmod 700 "$final_path/.ssh"
|
||||||
chmod 600 "$final_path/.ssh/authorized_keys"
|
chmod 600 "$final_path/.ssh/authorized_keys"
|
||||||
|
# Enable restart of services for the dont-code user
|
||||||
|
chown $app:$app "$final_path/restart-services.sh"
|
||||||
|
chmod o-rwx,gu=rwx "$final_path/restart-services.sh"
|
||||||
|
|
||||||
|
ynh_restore_file --origin_path="/etc/sudoers.d/$app-sudoers"
|
||||||
|
|
||||||
|
chown root:root "/etc/sudoers.d/$app-sudoers"
|
||||||
|
chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
@ -29,6 +29,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||||
document_path=$(ynh_app_setting_get --app=$app --key=document_path)
|
document_path=$(ynh_app_setting_get --app=$app --key=document_path)
|
||||||
document_url=$(ynh_app_setting_get --app=$app --key=document_url)
|
document_url=$(ynh_app_setting_get --app=$app --key=document_url)
|
||||||
html_path=$(ynh_app_setting_get --app=$app --key=html_path)
|
html_path=$(ynh_app_setting_get --app=$app --key=html_path)
|
||||||
|
public_key=$(ynh_app_setting_get --app=$app --key=public_key)
|
||||||
|
|
||||||
PORT_LIST=($port_ide $port_preview $port_project $port_data)
|
PORT_LIST=($port_ide $port_preview $port_project $port_data)
|
||||||
|
|
||||||
|
@ -105,7 +106,6 @@ then
|
||||||
# Download, check integrity, uncompress and patch the source from app.src
|
# Download, check integrity, uncompress and patch the source from app.src
|
||||||
ynh_setup_source --dest_dir="$final_path"
|
ynh_setup_source --dest_dir="$final_path"
|
||||||
|
|
||||||
# No need to upgrade the .ssh authorization files
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# FIXME: this should be managed by the core in the future
|
# FIXME: this should be managed by the core in the future
|
||||||
|
@ -195,6 +195,22 @@ if [ "$correct_document_url" != "$document_url" ]; then
|
||||||
chown $app:$app "$final_path/.env"
|
chown $app:$app "$final_path/.env"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -n "$public_key" ] && [ ! -f "$final_path/restart-services.sh" ];
|
||||||
|
then
|
||||||
|
ynh_script_progression --message="Upgrading ssh access for dev..." --weight=1
|
||||||
|
|
||||||
|
# Enable restarting of services from ssh
|
||||||
|
ynh_add_config --template="restart-services.sh" --destination="$final_path/restart-services.sh"
|
||||||
|
|
||||||
|
# Enable root ownership to be able to call systemctl
|
||||||
|
chown $app:$app "$final_path/restart-services.sh"
|
||||||
|
chmod o-rwx,gu=rwx "$final_path/restart-services.sh"
|
||||||
|
|
||||||
|
ynh_add_config --template="dont-code-sudoers" --destination="/etc/sudoers.d/$app-sudoers"
|
||||||
|
chown root:root "/etc/sudoers.d/$app-sudoers"
|
||||||
|
chmod o-rwx,gu=r "/etc/sudoers.d/$app-sudoers"
|
||||||
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# UPDATE A CONFIG FILE
|
# UPDATE A CONFIG FILE
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
Loading…
Reference in a new issue