2024-02-12 15:13:34 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
# IMPORT GENERIC HELPERS
|
|
|
|
source _common.sh
|
|
|
|
source /usr/share/yunohost/helpers
|
|
|
|
|
2024-04-10 14:33:26 +02:00
|
|
|
# https://codeberg.org/ChriChri/flohmarkt_ynh/issues/9
|
|
|
|
# check if couchdb is already installed
|
2024-04-30 14:12:49 +02:00
|
|
|
# if there's a couchdb configuration file for flohmarkt we'll assume that couchdb
|
|
|
|
# had been installed by flohmarkt and we thus can savely do whatever we want to it
|
|
|
|
# with the resulting damage hopefully only influencing flohmarkt instances
|
|
|
|
if [[ -e /opt/couchdb ]] || pgrep epmd > /dev/null || pgrep beam.smp || dpkg-query -W couchdb > /dev/null 2>&1 \
|
|
|
|
&& ![[ -e /opt/couchdb/etc/local.d/05-flohmarkt.ini ]];
|
2024-04-17 15:06:48 +02:00
|
|
|
then
|
2024-04-17 15:10:30 +02:00
|
|
|
ynh_die --message="CouchDB already installed on this host - will not proceed."
|
2024-04-17 15:06:48 +02:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
2024-04-17 15:21:52 +02:00
|
|
|
# INITIALIZE AND STORE SETTINGS
|
|
|
|
# todo: do we need to store the password un-encrypted somewhere on the system?
|
|
|
|
# → there's no way to get the admin password later if sometimes in the future deleting
|
|
|
|
# the app will delete its specific database only (instead of the whole couchdb server as
|
|
|
|
# of now in the earliest versions of the integration).
|
|
|
|
ynh_app_setting_set --app=$app --key=password_couchdb_admin --value="$password_couchdb_admin"
|
|
|
|
|
2024-04-10 14:33:26 +02:00
|
|
|
# get port, admin_pw for already installed couchdb
|
|
|
|
# skip the installation steps below
|
2024-02-12 15:13:34 +01:00
|
|
|
ynh_script_progression --message="Installing CouchDB..." --weight=60
|
|
|
|
|
2024-04-17 14:55:10 +02:00
|
|
|
# A CouchDB node has an Erlang magic cookie value set at startup.
|
|
|
|
# This value must match for all nodes in the cluster. If they do not match,
|
|
|
|
# attempts to connect the node to the cluster will be rejected.
|
2024-04-18 14:54:50 +02:00
|
|
|
couchdb_magic_cookie=$(ynh_string_random --length=23 --filter='A-Za-z0-9_')
|
2024-04-21 16:23:59 +02:00
|
|
|
ynh_app_setting_set --app=$app --key=couchdb_magic_cookie --value="$couchdb_magic_cookie"
|
2024-04-17 14:55:10 +02:00
|
|
|
|
2024-02-12 15:13:34 +01:00
|
|
|
echo "\
|
|
|
|
couchdb couchdb/mode select standalone
|
|
|
|
couchdb couchdb/mode seen true
|
|
|
|
couchdb couchdb/bindaddress string 127.0.0.1
|
|
|
|
couchdb couchdb/bindaddress seen true
|
2024-04-17 14:55:10 +02:00
|
|
|
couchdb couchdb/cookie string $couchdb_magic_cookie
|
2024-02-24 15:31:30 +01:00
|
|
|
couchdb couchdb/adminpass password $password_couchdb_admin
|
2024-02-12 15:13:34 +01:00
|
|
|
couchdb couchdb/adminpass seen true
|
2024-02-24 15:31:30 +01:00
|
|
|
couchdb couchdb/adminpass_again password $password_couchdb_admin
|
2024-02-12 15:13:34 +01:00
|
|
|
couchdb couchdb/adminpass_again seen true" | debconf-set-selections
|
|
|
|
DEBIAN_FRONTEND=noninteractive # apt-get install -y --force-yes couchdb
|
|
|
|
|
2024-04-19 17:06:25 +02:00
|
|
|
ynh_install_extra_app_dependencies \
|
|
|
|
--repo="deb https://apache.jfrog.io/artifactory/couchdb-deb/ $(lsb_release -c -s) main" \
|
|
|
|
--key="https://couchdb.apache.org/repo/keys.asc" \
|
|
|
|
--package="couchdb"
|
2024-02-12 15:13:34 +01:00
|
|
|
|
2024-04-10 14:33:26 +02:00
|
|
|
# add couchdb configuration
|
2024-02-12 15:13:34 +01:00
|
|
|
ynh_script_progression --message="Adding a configuration file..." --weight=2
|
2024-04-10 14:33:26 +02:00
|
|
|
# customize couchdb config
|
2024-04-21 12:43:18 +02:00
|
|
|
ynh_add_config --template="../conf/05-flohmarkt.ini" --destination="/opt/couchdb/etc/local.d/05-flohmarkt.ini"
|
|
|
|
chown root:couchdb /opt/couchdb/etc/local.d/05-flohmarkt.ini
|
|
|
|
chmod 640 /opt/couchdb/etc/local.d/05-flohmarkt.ini
|
2024-02-12 15:13:34 +01:00
|
|
|
|
2024-04-20 16:27:34 +02:00
|
|
|
# restart couchdb to pick up changes
|
|
|
|
systemctl restart couchdb
|
|
|
|
systemctl status couchdb
|
|
|
|
|
2024-04-10 14:55:12 +02:00
|
|
|
# get flohmarkt
|
2024-05-07 12:18:36 +02:00
|
|
|
# suspecting that this deletes all other sources for YNH_APP_ID
|
2024-05-06 07:47:13 +02:00
|
|
|
ynh_setup_source --dest_dir="$flohmarkt_app_dir"
|
2024-04-10 14:55:12 +02:00
|
|
|
|
|
|
|
# setup python environment for flohmarkt
|
2024-04-30 14:12:49 +02:00
|
|
|
ynh_secure_remove "$flohmarkt_venv_dir"
|
2024-05-07 12:18:36 +02:00
|
|
|
|
2024-04-30 14:12:49 +02:00
|
|
|
python3 -m venv --without-pip "$flohmarkt_venv_dir"
|
2024-04-10 14:55:12 +02:00
|
|
|
|
|
|
|
# install python dependencies
|
|
|
|
(
|
|
|
|
set +o nounset
|
2024-04-30 14:12:49 +02:00
|
|
|
source "$flohmarkt_venv_dir/bin/activate"
|
2024-04-10 14:55:12 +02:00
|
|
|
set -o nounset
|
|
|
|
set -x
|
2024-04-30 14:12:49 +02:00
|
|
|
$flohmarkt_venv_dir/bin/python3 -m ensurepip
|
2024-05-06 07:47:13 +02:00
|
|
|
$flohmarkt_venv_dir/bin/pip3 install -r "$flohmarkt_app_dir/requirements.txt"
|
2024-04-10 14:55:12 +02:00
|
|
|
)
|
2024-04-10 14:33:26 +02:00
|
|
|
|
2024-04-11 15:00:40 +02:00
|
|
|
# JwtSecret
|
2024-04-23 14:12:44 +02:00
|
|
|
# workaround for https://github.com/YunoHost/issues/issues/2379
|
|
|
|
jwtsecret=$(ynh_string_random -l 200 -f 'a-zA-Z0-9/+'; ynh_string_random -l 142 -f 'a-zA-Z0-9/+'; echo -n '==')
|
2024-04-22 19:51:27 +02:00
|
|
|
ynh_app_setting_set --app=$app --key=jwtsecret --value="$jwtsecret"
|
2024-04-11 15:00:40 +02:00
|
|
|
|
2024-04-20 15:52:03 +02:00
|
|
|
password_couchdb_flohmarkt=$(ynh_string_random --length=31 --filter='A-Za-z0-9_.:,')
|
2024-04-21 16:23:59 +02:00
|
|
|
ynh_app_setting_set --app=$app --key=password_couchdb_flohmarkt --value="$password_couchdb_flohmarkt"
|
2024-04-19 14:10:35 +02:00
|
|
|
|
2024-04-11 19:53:18 +02:00
|
|
|
# generate flohmarkt.conf
|
2024-05-06 07:47:13 +02:00
|
|
|
ynh_add_config --template="../conf/flohmarkt.conf" --destination="$flohmarkt_app_dir/flohmarkt.conf"
|
2024-04-10 14:33:26 +02:00
|
|
|
|
2024-04-11 19:53:18 +02:00
|
|
|
# setup couchdb
|
|
|
|
(
|
|
|
|
set +o nounset
|
2024-04-30 14:12:49 +02:00
|
|
|
source "$flohmarkt_venv_dir/bin/activate"
|
2024-04-11 19:53:18 +02:00
|
|
|
set -o nounset
|
2024-05-06 07:47:13 +02:00
|
|
|
cd "$flohmarkt_app_dir"
|
2024-04-17 16:37:22 +02:00
|
|
|
# initialize_couchdb seems to re-try on connect problems endlessly blocking the yunohost api
|
2024-04-17 20:00:10 +02:00
|
|
|
# give it 45 seconds to finish and then fail
|
2024-04-17 16:52:01 +02:00
|
|
|
# https://codeberg.org/ChriChri/flohmarkt_ynh/issues/13
|
2024-05-06 07:47:13 +02:00
|
|
|
timeout 45 python3 initialize_couchdb.py $password_couchdb_admin
|
2024-04-11 19:53:18 +02:00
|
|
|
)
|
|
|
|
|
2024-02-12 15:13:34 +01:00
|
|
|
# SETUP LOGROTATE
|
|
|
|
ynh_script_progression --message="Configuring log rotation..." --weight=2
|
|
|
|
# Use logrotate to manage application logfile(s)
|
2024-05-06 07:47:13 +02:00
|
|
|
ynh_use_logrotate --logfile=$flohmarkt_logfile
|
2024-02-12 15:13:34 +01:00
|
|
|
|
2024-04-10 14:33:26 +02:00
|
|
|
# NGINX CONFIGURATION
|
|
|
|
ynh_script_progression --message="Configuring NGINX web server..." --weight=3
|
|
|
|
# Create a dedicated NGINX config
|
|
|
|
ynh_add_nginx_config
|
|
|
|
|
2024-04-11 19:53:18 +02:00
|
|
|
# systemd.service
|
|
|
|
ynh_script_progression --message="Configuring a systemd service..." --weight=1
|
|
|
|
# Create a dedicated systemd config
|
2024-05-06 07:47:13 +02:00
|
|
|
ynh_add_systemd_config --service=$flohmarkt_filename
|
2024-04-11 19:53:18 +02:00
|
|
|
# integrate into yunohost
|
2024-02-12 15:13:34 +01:00
|
|
|
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
2024-05-06 07:47:13 +02:00
|
|
|
yunohost service add $flohmarkt_filename --description="A decentral federated small advertisement platform" --log="$flohmarkt_logfile"
|
2024-04-25 09:48:43 +02:00
|
|
|
# logfile contains possibly the secret setup URL
|
2024-05-06 07:47:13 +02:00
|
|
|
mkdir -m755 -p "$flohmarkt_log_dir"
|
|
|
|
touch "$flohmarkt_logfile"
|
|
|
|
chmod 640 "$flohmarkt_logfile"
|
2024-04-12 08:20:16 +02:00
|
|
|
# start service
|
2024-05-07 12:18:36 +02:00
|
|
|
ynh_systemd_action --service_name=$flohmarkt_filename --action="start" --line_match='INFO: *Application startup complete.' --log_path="$flohmarkt_logfile" --timeout=30
|
2024-05-06 07:47:13 +02:00
|
|
|
# https://codeberg.org/flohmarkt/flohmarkt_ynh/issues/44
|
|
|
|
# --line_match="INFO: Application startup complete."
|
2024-02-12 15:13:34 +01:00
|
|
|
|
|
|
|
# SETUP FAIL2BAN
|
2024-04-27 14:04:21 +02:00
|
|
|
ynh_script_progression --message="Configuring Fail2Ban..." --weight=3
|
2024-05-06 07:47:13 +02:00
|
|
|
ynh_add_fail2ban_config --logpath="$flohmarkt_logfile" --failregex='INFO: +<HOST>:\d+ - "POST /token HTTP/\d+\.\d+" 403 Forbidden' --max_retry=5
|
2024-02-12 15:13:34 +01:00
|
|
|
|
2024-05-07 12:18:36 +02:00
|
|
|
# symlink data_dir and install_dir to make it easier to find the
|
|
|
|
# files for a certain domain/path
|
|
|
|
ln -s "$flohmarkt_install" "$flohmarkt_sym_install"
|
|
|
|
ln -s "$flohmarkt_data_dir" "$flohmarkt_sym_data_dir"
|
|
|
|
|
|
|
|
# debug
|
|
|
|
env
|
|
|
|
|
2024-05-06 07:47:13 +02:00
|
|
|
ynh_script_progression --message="Installation of $id completed" --last
|