YunoHost-Apps/forgejo_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/forgejo_ynh.git synced 2024-09-03 18:36:26 +02:00
Code Issues Activity Actions

Merge ef480e3c13 into 59ad6008ae

Browse source
This commit is contained in:
YunoHost Bot 2024-09-02 14:36:27 +02:00 committed by GitHub
commit cacd336a87
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 120 additions and 296 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
manifest.toml
View file

@ -17,7 +17,8 @@ userdoc = "https://forgejo.org/docs/latest/user/"
code = "https://codeberg.org/forgejo/forgejo"
[integration]
yunohost = ">= 11.2"
yunohost = ">= 11.2.18"
helpers_version = "2.1"
architectures = [ "amd64", "arm64", "armhf" ]
multi_instance = true
ldap = true

28
scripts/_common.sh
View file

@ -5,44 +5,44 @@
#=================================================
function set_forgejo_login_source() {
ynh_print_info --message="Creating forgejo login source"
ynh_print_info "Creating forgejo login source"
pushd "$install_dir"
ynh_exec_as "$app" ./forgejo admin auth add-ldap-simple --security-protocol "Unencrypted" --name "YunoHost LDAP" --host "localhost" --port "389" --skip-tls-verify --user-search-base "ou=users,dc=yunohost,dc=org" --user-dn "uid=%s,ou=Users,dc=yunohost,dc=org" --user-filter "(&(objectclass=posixAccount)(uid=%s)(permission=cn=$app.main,ou=permission,dc=yunohost,dc=org))" --admin-filter "(permission=cn=forgejo.admin,ou=permission,dc=yunohost,dc=org)" --username-attribute "uid" --firstname-attribute "givenName" --surname-attribute "sn" --email-attribute "mail"
ynh_exec_as_app ./forgejo admin auth add-ldap-simple --security-protocol "Unencrypted" --name "YunoHost LDAP" --host "localhost" --port "389" --skip-tls-verify --user-search-base "ou=users,dc=yunohost,dc=org" --user-dn "uid=%s,ou=Users,dc=yunohost,dc=org" --user-filter "(&(objectclass=posixAccount)(uid=%s)(permission=cn=$app.main,ou=permission,dc=yunohost,dc=org))" --admin-filter "(permission=cn=forgejo.admin,ou=permission,dc=yunohost,dc=org)" --username-attribute "uid" --firstname-attribute "givenName" --surname-attribute "sn" --email-attribute "mail"
popd
}
function enable_login_source_sync() {
ynh_print_info --message="Set forgejo login source as synchronizable"
ynh_print_info "Set forgejo login source as synchronizable"
# Enable login source synchronisation manualy because forgejo command does not allow it (https://codeberg.org/forgejo/forgejo/issues/952)
ynh_psql_execute_as_root --database "$db_name" --sql "update login_source set is_sync_enabled = true where type = 5 and name = 'YunoHost LDAP'"
ynh_psql_db_shell "$db_name" --sql "update login_source set is_sync_enabled = true where type = 5 and name = 'YunoHost LDAP'"
}
function create_forgejo_api_user() {
ynh_print_info --message="Creating forgejo api user"
ynh_print_info "Creating forgejo api user"
forgejo_api_user=yunohost_api
forgejo_api_pwd=$(ynh_string_random --length=24)
ynh_app_setting_set --app="$app" --key=forgejo_api_user --value="$forgejo_api_user"
ynh_app_setting_set --app="$app" --key=forgejo_api_pwd --value="$forgejo_api_pwd"
ynh_app_setting_set --key=forgejo_api_user --value="$forgejo_api_user"
ynh_app_setting_set --key=forgejo_api_pwd --value="$forgejo_api_pwd"
pushd "$install_dir"
ynh_exec_as "$app" ./forgejo admin user create --username "$forgejo_api_user" --password "$forgejo_api_pwd" --email "admin@${domain}" --admin --must-change-password=false
forgejo_api_token=$(ynh_exec_as "$app" ./forgejo admin user generate-access-token --username "$forgejo_api_user" --token-name "admin" --scopes "write:admin" --raw | tail -1)
ynh_app_setting_set --app="$app" --key=forgejo_api_token --value="$forgejo_api_token"
ynh_exec_as_app ./forgejo admin user create --username "$forgejo_api_user" --password "$forgejo_api_pwd" --email "admin@${domain}" --admin --must-change-password=false
forgejo_api_token=$(ynh_exec_as_app ./forgejo admin user generate-access-token --username "$forgejo_api_user" --token-name "admin" --scopes "write:admin" --raw | tail -1)
ynh_app_setting_set --key=forgejo_api_token --value="$forgejo_api_token"
popd
}
function set_users_login_source() {
# Previously created users have «Local» login source. It should be «YunoHost LDAP»
for username in $(ynh_user_list); do
ynh_print_info --message="Updating forgejo user login type for ${username}"
ynh_print_info "Updating forgejo user login type for ${username}"
ynh_psql_execute_as_root --database "$db_name" --sql "update public.user set login_source = (select id from login_source where name = 'YunoHost LDAP' and type = 5), login_name = name, login_type = 5 where name = '${username}'"
ynh_psql_db_shell "$db_name" --sql "update public.user set login_source = (select id from login_source where name = 'YunoHost LDAP' and type = 5), login_name = name, login_type = 5 where name = '${username}'"
done
}
function synchronize_users() {
ynh_print_info --message="Synchronizing forgejo users"
ynh_print_info "Synchronizing forgejo users"
# Fetch the token independently such that it's redacted by Yunohost logging mechanism
forgejo_api_token=$(ynh_app_setting_get --app="$app" --key=forgejo_api_token)
forgejo_api_token=$(ynh_app_setting_get --key=forgejo_api_token)
# Remove trailing slash from path
local no_trailing_slash_path=${path%/}

53
scripts/backup
View file

@ -1,73 +1,46 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
ynh_print_info --message="Declaring files to be backed up..."
ynh_print_info "Declaring files to be backed up..."
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup --src_path="$install_dir"
ynh_backup "$install_dir"
#=================================================
# BACKUP THE DATA DIR
#=================================================
ynh_backup --src_path="$data_dir" --is_big
ynh_backup "$data_dir"
#=================================================
# BACKUP THE NGINX CONFIGURATION
# SYSTEM CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
ynh_backup "/etc/fail2ban/jail.d/$app.conf"
ynh_backup "/etc/fail2ban/filter.d/$app.conf"
ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
ynh_backup "/etc/logrotate.d/$app"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP LOGROTATE
#=================================================
ynh_backup "/etc/systemd/system/$app.service"
ynh_backup --src_path="/etc/logrotate.d/$app"
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_backup --src_path="/etc/systemd/system/$app.service"
#=================================================
# BACKUP VARIOUS FILES
#=================================================
ynh_backup --src_path="/var/log/$app"
ynh_backup "/var/log/$app"
#=================================================
# BACKUP THE DATABASE
#=================================================
ynh_print_info --message="Backing up the database..."
ynh_print_info "Backing up the database..."
ynh_psql_dump_db --database="$db_name" > db.sql
ynh_psql_dump_db > db.sql
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."

28
scripts/change_url
View file

@ -1,52 +1,42 @@
#!/bin/bash
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=2
ynh_script_progression "Stopping $app's systemd service..."
ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$app/forgejo.log"
ynh_systemctl --service="$app" --action="stop" --log_path="/var/log/$app/forgejo.log"
#=================================================
# MODIFY URL IN NGINX CONF
#=================================================
ynh_script_progression --message="Updating NGINX web server configuration..." --weight=3
ynh_script_progression "Updating NGINX web server configuration..."
ynh_change_url_nginx_config
ynh_config_change_url_nginx
#=================================================
# SPECIFIC MODIFICATIONS
#=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
ynh_script_progression "Adding $app's configuration..."
ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+")
ynh_exec_warn_less ynh_add_config --template="../conf/app.ini" --destination="$install_dir/custom/conf/app.ini"
ynh_hide_warnings ynh_config_add --template="app.ini" --destination="$install_dir/custom/conf/app.ini"
chmod 640 "$install_dir/custom/conf/app.ini"
chown "$app:$app" "$install_dir/custom/conf/app.ini"
#=================================================
# GENERIC FINALISATION
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=2
ynh_script_progression "Starting $app's systemd service..."
ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:"
ynh_systemctl --service="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --wait_until="Starting new Web server: tcp:127.0.0.1:"
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Change of URL completed for $app" --last
ynh_script_progression "Change of URL completed for $app"

74
scripts/install
View file

@ -1,19 +1,19 @@
#!/bin/bash
#=================================================
# GENERIC START
# IMPORT GENERIC HELPERS
#=================================================
# Load common variables and helpers
source ./_common.sh
# IMPORT GENERIC HELPERS
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# Create install and data subdirs
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression "Setting up source files..."
ynh_setup_source --dest_dir="$install_dir"
xz -d "$install_dir/forgejo.xz"
chmod +x "$install_dir/forgejo"
@ -30,75 +30,49 @@ secret_key=$("$install_dir/forgejo" generate secret SECRET_KEY)
lfs_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET)
internal_token=$("$install_dir/forgejo" generate secret INTERNAL_TOKEN)
oauth2_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET)
ynh_app_setting_set --app="$app" --key=secret_key --value="$secret_key"
ynh_app_setting_set --app="$app" --key=lfs_jwt_secret --value="$lfs_jwt_secret"
ynh_app_setting_set --app="$app" --key=internal_token --value="$internal_token"
ynh_app_setting_set --app="$app" --key=oauth2_jwt_secret --value="$oauth2_jwt_secret"
ynh_app_setting_set --key=secret_key --value="$secret_key"
ynh_app_setting_set --key=lfs_jwt_secret --value="$lfs_jwt_secret"
ynh_app_setting_set --key=internal_token --value="$internal_token"
ynh_app_setting_set --key=oauth2_jwt_secret --value="$oauth2_jwt_secret"
#=================================================
# ADD A CONFIGURATION
# APP INITIAL CONFIGURATION
#=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
ynh_script_progression "Adding $app's configuration files..."
ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+")
ynh_add_config --template="app.ini" --destination="$install_dir/custom/conf/app.ini"
ynh_config_add --template="app.ini" --destination="$install_dir/custom/conf/app.ini"
chmod 640 "$install_dir/custom/conf/app.ini"
chown "$app:$app" "$install_dir/custom/conf/app.ini"
#=================================================
# SETUP SYSTEMD
# SYSTEM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
ynh_script_progression "Adding system configurations related to $app..."
ynh_add_systemd_config
ynh_config_add_systemd
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
ynh_config_add_nginx
ynh_add_nginx_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=1
# Use logrotate to manage application logfile(s)
ynh_use_logrotate --logfile "/var/log/$app" --nonappend
chown -R "$app:$app" "/var/log/$app"
chmod u=rwX,g=rX,o= "/var/log/$app"
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
ynh_config_add_logrotate "/var/log/$app"
yunohost service add "$app" --description="Forgejo" --log="/var/log/$app/forgejo.log"
ynh_config_add_fail2ban --logpath "/var/log/$app/forgejo.log" --failregex ".*Failed authentication attempt for .* from <HOST>"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=3
ynh_script_progression "Starting $app's systemd service..."
# Start a systemd service
ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:"
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
ynh_add_fail2ban_config --logpath "/var/log/$app/forgejo.log" --failregex ".*Failed authentication attempt for .* from <HOST>" --max_retry 5
ynh_systemctl --service="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --wait_until="Starting new Web server: tcp:127.0.0.1:"
#=================================================
# LDAP CONFIGURATION
#=================================================
ynh_script_progression --message="Adding LDAP configuration..." --weight=1
ynh_script_progression "Adding LDAP configuration..."
set_forgejo_login_source
enable_login_source_sync
@ -112,4 +86,4 @@ synchronize_users
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --last
ynh_script_progression "Installation of $app completed"

34
scripts/remove
View file

@ -1,45 +1,29 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
# REMOVE SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression "Removing system configurations related to $app..."
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status "$app" >/dev/null
if ynh_hide_warnings yunohost service status "$app" >/dev/null
then
ynh_script_progression --message="Removing $app service integration..." --weight=1
ynh_script_progression "Removing $app service integration..."
yunohost service remove "$app"
fi
# Remove the dedicated systemd config
ynh_script_progression --message="Removing systemd configuration..." --weight=1
ynh_remove_systemd_config
ynh_config_remove_systemd
# Remove the app-specific logrotate config
ynh_script_progression --message="Removing logrotate configuration..." --weight=1
ynh_remove_logrotate
ynh_config_remove_logrotate
# Remove the dedicated NGINX config
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
ynh_remove_nginx_config
ynh_config_remove_nginx
# Remove the dedicated Fail2Ban config
ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1
ynh_remove_fail2ban_config
ynh_config_remove_fail2ban
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Removal of $app completed" --last
ynh_script_progression "Removal of $app completed"

89
scripts/restore
View file

@ -1,103 +1,60 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the NGINX configuration..." --weight=1
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring $app main directory..." --weight=10
ynh_script_progression "Restoring $app main directory..."
ynh_restore_file --origin_path="$install_dir"
chmod -R o-rwx "$install_dir"
chown -R "$app:$app" "$install_dir"
ynh_restore "$install_dir"
#=================================================
# RESTORE THE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Restoring the data directory..." --weight=1
ynh_restore_file --origin_path="$data_dir" --not_mandatory
ynh_script_progression "Restoring the data directory..."
ynh_restore "$data_dir"
chown -R "$app:$app" "$data_dir"
#=================================================
# RESTORE THE LOG DIRECTORY
#=================================================
ynh_restore_file --origin_path="/var/log/$app"
chown -R "$app:$app" "/var/log/$app"
chmod u=rwX,g=rX,o= "/var/log/$app"
#=================================================
# RESTORE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1
ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
ynh_systemd_action --action=restart --service_name=fail2ban
#=================================================
# RESTORE THE DATABASE
#=================================================
ynh_script_progression --message="Restoring the database..." --weight=6
ynh_script_progression "Restoring the database..."
ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name"
ynh_psql_db_shell < "./db.sql"
#=================================================
# RESTORE SYSTEMD
# RESTORE SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Restoring the systemd configuration..." --weight=5
ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
ynh_restore "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore "/etc/systemd/system/$app.service"
systemctl enable "$app.service" --quiet
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
ynh_restore "/etc/logrotate.d/$app"
yunohost service add "$app" --description="Forgejo" --log="/var/log/$app/forgejo.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=3
ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:"
ynh_restore "/etc/fail2ban/jail.d/$app.conf"
ynh_restore "/etc/fail2ban/filter.d/$app.conf"
ynh_systemctl --action=restart --service=fail2ban
#=================================================
# GENERIC FINALIZATION
# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_script_progression "Reloading NGINX web server and $app's service..."
ynh_systemd_action --service_name=nginx --action=reload
ynh_systemctl --service="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --wait_until="Starting new Web server: tcp:127.0.0.1:"
ynh_systemctl --service=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --last
ynh_script_progression "Restoration completed for $app"

107
scripts/upgrade
View file

@ -1,47 +1,34 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# CHECK VERSION
#=================================================
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=2
ynh_systemd_action --service_name="$app" --action="stop" --log_path="systemd"
ynh_script_progression "Stopping $app's systemd service..."
ynh_systemctl --service="$app" --action="stop" --log_path="systemd"
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
ynh_script_progression "Ensuring downward compatibility..."
# Update forgejo login source (1.19.3-0~ynh2)
pushd "$install_dir"
old_login_source_id=$(ynh_exec_as "$app" ./forgejo admin auth list | grep "YunoHost LDAP" | grep "via BindDN" | cut -f 1)
old_login_source_id=$(ynh_exec_as_app ./forgejo admin auth list | grep "YunoHost LDAP" | grep "via BindDN" | cut -f 1)
if [ -n "$old_login_source_id" ]; then
ynh_print_info --message="Delete obsolete forgejo login source (LDAP via BindDN)"
ynh_print_info "Delete obsolete forgejo login source (LDAP via BindDN)"
# Ensure no user have this obsolete login source
ynh_psql_execute_as_root --database "$db_name" --sql "update public.user set login_source = 0, login_type = 0 where login_source = ${old_login_source_id}"
ynh_psql_db_shell "$db_name" --sql "update public.user set login_source = 0, login_type = 0 where login_source = ${old_login_source_id}"
# Delete old login source
ynh_exec_as "$app" ./forgejo admin auth delete --id "$old_login_source_id"
ynh_exec_as_app ./forgejo admin auth delete --id "$old_login_source_id"
fi
ynh_exec_as "$app" ./forgejo admin auth list | grep "YunoHost LDAP" | grep -q "LDAP (simple auth)" ||
ynh_exec_as_app ./forgejo admin auth list | grep "YunoHost LDAP" | grep -q "LDAP (simple auth)" ||
# create new login source if not existing
set_forgejo_login_source
popd
@ -57,48 +44,34 @@ if [ -d "$data_dir/.ssh" ]; then
fi
# If secret_key doesn't exist, create it
if [ -z "${secret_key:-}" ]; then
secret_key=$("$install_dir/forgejo" generate secret SECRET_KEY)
ynh_app_setting_set --app="$app" --key=secret_key --value="$secret_key"
fi
ynh_app_setting_set_default --key=secret_key --value=$("$install_dir/forgejo" generate secret SECRET_KEY)
# If lfs_jwt_secret doesn't exist, create it
if [ -z "${lfs_jwt_secret:-}" ]; then
lfs_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET)
ynh_app_setting_set --app="$app" --key=lfs_jwt_secret --value="$lfs_jwt_secret"
fi
ynh_app_setting_set_default --key=lfs_jwt_secret --value=$("$install_dir/forgejo" generate secret JWT_SECRET)
# If internal_token doesn't exist, create it
if [ -z "${internal_token:-}" ]; then
internal_token=$("$install_dir/forgejo" generate secret INTERNAL_TOKEN)
ynh_app_setting_set --app="$app" --key=internal_token --value="$internal_token"
fi
ynh_app_setting_set_default --key=internal_token --value=$("$install_dir/forgejo" generate secret INTERNAL_TOKEN)
# If oauth2_jwt_secret doesn't exist, create it
if [ -z "${oauth2_jwt_secret:-}" ]; then
oauth2_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET)
ynh_app_setting_set --app="$app" --key=oauth2_jwt_secret --value="$oauth2_jwt_secret"
fi
ynh_app_setting_set_default --key=oauth2_jwt_secret --value=$("$install_dir/forgejo" generate secret JWT_SECRET)
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=3
ynh_script_progression "Setting up source files..."
ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep="custom .ssh"
ynh_setup_source --dest_dir="$install_dir" --full_replace --keep="custom .ssh"
xz -f -d "$install_dir/forgejo.xz"
chmod -R o-rwx "$install_dir"
chown -R "$app:$app" "$install_dir"
chmod +x "$install_dir/forgejo"
#=================================================
# ADD A CONFIGURATION
#=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
ynh_script_progression "Adding $app's configuration..."
ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+")
ynh_add_config --template="app.ini" --destination="$install_dir/custom/conf/app.ini"
ynh_config_add --template="app.ini" --destination="$install_dir/custom/conf/app.ini"
chmod 640 "$install_dir/custom/conf/app.ini"
chown "$app:$app" "$install_dir/custom/conf/app.ini"
@ -106,45 +79,24 @@ chown "$app:$app" "$install_dir/custom/conf/app.ini"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
ynh_script_progression "Upgrading systemd configuration..."
ynh_add_systemd_config
ynh_config_add_systemd
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
ynh_config_add_nginx
ynh_add_nginx_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=1
# Use logrotate to manage application logfile(s)
ynh_use_logrotate --logfile "/var/log/$app" --nonappend
chown -R "$app:$app" "/var/log/$app"
chmod u=rwX,g=rX,o= "/var/log/$app"
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
ynh_config_add_logrotate "/var/log/$app"
yunohost service add "$app" --description="Forgejo" --log="/var/log/$app/forgejo.log"
ynh_config_add_fail2ban --logpath "/var/log/$app/forgejo.log" --failregex ".*Failed authentication attempt for .* from <HOST>"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=3
# Start a systemd service
ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:"
ynh_script_progression "Starting $app's systemd service..."
ynh_systemctl --service="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --wait_until="Starting new Web server: tcp:127.0.0.1:"
#=================================================
# Synchronize users (backward compatibility 1.19.3-0~ynh3)
@ -157,15 +109,8 @@ set_users_login_source
synchronize_users
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
ynh_add_fail2ban_config --logpath "/var/log/$app/forgejo.log" --failregex ".*Failed authentication attempt for .* from <HOST>" --max_retry 5
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last
ynh_script_progression "Upgrade of $app completed"