diff --git a/manifest.toml b/manifest.toml index 101ad5e..ecf9094 100644 --- a/manifest.toml +++ b/manifest.toml @@ -17,7 +17,8 @@ userdoc = "https://forgejo.org/docs/latest/user/" code = "https://codeberg.org/forgejo/forgejo" [integration] -yunohost = ">= 11.2" +yunohost = ">= 11.2.18" +helpers_version = "2.1" architectures = [ "amd64", "arm64", "armhf" ] multi_instance = true ldap = true diff --git a/scripts/_common.sh b/scripts/_common.sh index dad63d9..e2bffb5 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,44 +5,44 @@ #================================================= function set_forgejo_login_source() { - ynh_print_info --message="Creating forgejo login source" + ynh_print_info "Creating forgejo login source" pushd "$install_dir" - ynh_exec_as "$app" ./forgejo admin auth add-ldap-simple --security-protocol "Unencrypted" --name "YunoHost LDAP" --host "localhost" --port "389" --skip-tls-verify --user-search-base "ou=users,dc=yunohost,dc=org" --user-dn "uid=%s,ou=Users,dc=yunohost,dc=org" --user-filter "(&(objectclass=posixAccount)(uid=%s)(permission=cn=$app.main,ou=permission,dc=yunohost,dc=org))" --admin-filter "(permission=cn=forgejo.admin,ou=permission,dc=yunohost,dc=org)" --username-attribute "uid" --firstname-attribute "givenName" --surname-attribute "sn" --email-attribute "mail" + ynh_exec_as_app ./forgejo admin auth add-ldap-simple --security-protocol "Unencrypted" --name "YunoHost LDAP" --host "localhost" --port "389" --skip-tls-verify --user-search-base "ou=users,dc=yunohost,dc=org" --user-dn "uid=%s,ou=Users,dc=yunohost,dc=org" --user-filter "(&(objectclass=posixAccount)(uid=%s)(permission=cn=$app.main,ou=permission,dc=yunohost,dc=org))" --admin-filter "(permission=cn=forgejo.admin,ou=permission,dc=yunohost,dc=org)" --username-attribute "uid" --firstname-attribute "givenName" --surname-attribute "sn" --email-attribute "mail" popd } function enable_login_source_sync() { - ynh_print_info --message="Set forgejo login source as synchronizable" + ynh_print_info "Set forgejo login source as synchronizable" # Enable login source synchronisation manualy because forgejo command does not allow it (https://codeberg.org/forgejo/forgejo/issues/952) - ynh_psql_execute_as_root --database "$db_name" --sql "update login_source set is_sync_enabled = true where type = 5 and name = 'YunoHost LDAP'" + ynh_psql_db_shell "$db_name" --sql "update login_source set is_sync_enabled = true where type = 5 and name = 'YunoHost LDAP'" } function create_forgejo_api_user() { - ynh_print_info --message="Creating forgejo api user" + ynh_print_info "Creating forgejo api user" forgejo_api_user=yunohost_api forgejo_api_pwd=$(ynh_string_random --length=24) - ynh_app_setting_set --app="$app" --key=forgejo_api_user --value="$forgejo_api_user" - ynh_app_setting_set --app="$app" --key=forgejo_api_pwd --value="$forgejo_api_pwd" + ynh_app_setting_set --key=forgejo_api_user --value="$forgejo_api_user" + ynh_app_setting_set --key=forgejo_api_pwd --value="$forgejo_api_pwd" pushd "$install_dir" - ynh_exec_as "$app" ./forgejo admin user create --username "$forgejo_api_user" --password "$forgejo_api_pwd" --email "admin@${domain}" --admin --must-change-password=false - forgejo_api_token=$(ynh_exec_as "$app" ./forgejo admin user generate-access-token --username "$forgejo_api_user" --token-name "admin" --scopes "write:admin" --raw | tail -1) - ynh_app_setting_set --app="$app" --key=forgejo_api_token --value="$forgejo_api_token" + ynh_exec_as_app ./forgejo admin user create --username "$forgejo_api_user" --password "$forgejo_api_pwd" --email "admin@${domain}" --admin --must-change-password=false + forgejo_api_token=$(ynh_exec_as_app ./forgejo admin user generate-access-token --username "$forgejo_api_user" --token-name "admin" --scopes "write:admin" --raw | tail -1) + ynh_app_setting_set --key=forgejo_api_token --value="$forgejo_api_token" popd } function set_users_login_source() { # Previously created users have «Local» login source. It should be «YunoHost LDAP» for username in $(ynh_user_list); do - ynh_print_info --message="Updating forgejo user login type for ${username}" + ynh_print_info "Updating forgejo user login type for ${username}" - ynh_psql_execute_as_root --database "$db_name" --sql "update public.user set login_source = (select id from login_source where name = 'YunoHost LDAP' and type = 5), login_name = name, login_type = 5 where name = '${username}'" + ynh_psql_db_shell "$db_name" --sql "update public.user set login_source = (select id from login_source where name = 'YunoHost LDAP' and type = 5), login_name = name, login_type = 5 where name = '${username}'" done } function synchronize_users() { - ynh_print_info --message="Synchronizing forgejo users" + ynh_print_info "Synchronizing forgejo users" # Fetch the token independently such that it's redacted by Yunohost logging mechanism - forgejo_api_token=$(ynh_app_setting_get --app="$app" --key=forgejo_api_token) + forgejo_api_token=$(ynh_app_setting_get --key=forgejo_api_token) # Remove trailing slash from path local no_trailing_slash_path=${path%/} diff --git a/scripts/backup b/scripts/backup index ada8d65..3738252 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,73 +1,46 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# DECLARE DATA AND CONF FILES TO BACKUP -#================================================= -ynh_print_info --message="Declaring files to be backed up..." +ynh_print_info "Declaring files to be backed up..." #================================================= # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$install_dir" +ynh_backup "$install_dir" #================================================= # BACKUP THE DATA DIR #================================================= -ynh_backup --src_path="$data_dir" --is_big +ynh_backup "$data_dir" #================================================= -# BACKUP THE NGINX CONFIGURATION +# SYSTEM CONFIGURATION #================================================= -ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# BACKUP FAIL2BAN CONFIGURATION -#================================================= +ynh_backup "/etc/fail2ban/jail.d/$app.conf" +ynh_backup "/etc/fail2ban/filter.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" +ynh_backup "/etc/logrotate.d/$app" -#================================================= -# SPECIFIC BACKUP -#================================================= -# BACKUP LOGROTATE -#================================================= +ynh_backup "/etc/systemd/system/$app.service" -ynh_backup --src_path="/etc/logrotate.d/$app" - -#================================================= -# BACKUP SYSTEMD -#================================================= - -ynh_backup --src_path="/etc/systemd/system/$app.service" - -#================================================= -# BACKUP VARIOUS FILES -#================================================= - -ynh_backup --src_path="/var/log/$app" +ynh_backup "/var/log/$app" #================================================= # BACKUP THE DATABASE #================================================= -ynh_print_info --message="Backing up the database..." +ynh_print_info "Backing up the database..." -ynh_psql_dump_db --database="$db_name" > db.sql +ynh_psql_dump_db > db.sql #================================================= # END OF SCRIPT #================================================= -ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index 7f6e399..5bf1d24 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -1,52 +1,42 @@ #!/bin/bash -#================================================= -# GENERIC STARTING -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers -#================================================= -# STANDARD MODIFICATIONS #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=2 +ynh_script_progression "Stopping $app's systemd service..." -ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$app/forgejo.log" +ynh_systemctl --service="$app" --action="stop" --log_path="/var/log/$app/forgejo.log" #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating NGINX web server configuration..." --weight=3 +ynh_script_progression "Updating NGINX web server configuration..." -ynh_change_url_nginx_config +ynh_config_change_url_nginx #================================================= # SPECIFIC MODIFICATIONS #================================================= -ynh_script_progression --message="Adding a configuration file..." --weight=1 +ynh_script_progression "Adding $app's configuration..." ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") -ynh_exec_warn_less ynh_add_config --template="../conf/app.ini" --destination="$install_dir/custom/conf/app.ini" +ynh_hide_warnings ynh_config_add --template="app.ini" --destination="$install_dir/custom/conf/app.ini" chmod 640 "$install_dir/custom/conf/app.ini" chown "$app:$app" "$install_dir/custom/conf/app.ini" -#================================================= -# GENERIC FINALISATION #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=2 +ynh_script_progression "Starting $app's systemd service..." -ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" +ynh_systemctl --service="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --wait_until="Starting new Web server: tcp:127.0.0.1:" #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --last +ynh_script_progression "Change of URL completed for $app" diff --git a/scripts/install b/scripts/install index 871236e..8ee2665 100644 --- a/scripts/install +++ b/scripts/install @@ -1,19 +1,19 @@ #!/bin/bash #================================================= -# GENERIC START +# IMPORT GENERIC HELPERS #================================================= -# Load common variables and helpers -source ./_common.sh - -# IMPORT GENERIC HELPERS +source _common.sh source /usr/share/yunohost/helpers #================================================= -# Create install and data subdirs +# DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_script_progression "Setting up source files..." + ynh_setup_source --dest_dir="$install_dir" + xz -d "$install_dir/forgejo.xz" chmod +x "$install_dir/forgejo" @@ -30,75 +30,49 @@ secret_key=$("$install_dir/forgejo" generate secret SECRET_KEY) lfs_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET) internal_token=$("$install_dir/forgejo" generate secret INTERNAL_TOKEN) oauth2_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET) -ynh_app_setting_set --app="$app" --key=secret_key --value="$secret_key" -ynh_app_setting_set --app="$app" --key=lfs_jwt_secret --value="$lfs_jwt_secret" -ynh_app_setting_set --app="$app" --key=internal_token --value="$internal_token" -ynh_app_setting_set --app="$app" --key=oauth2_jwt_secret --value="$oauth2_jwt_secret" +ynh_app_setting_set --key=secret_key --value="$secret_key" +ynh_app_setting_set --key=lfs_jwt_secret --value="$lfs_jwt_secret" +ynh_app_setting_set --key=internal_token --value="$internal_token" +ynh_app_setting_set --key=oauth2_jwt_secret --value="$oauth2_jwt_secret" #================================================= -# ADD A CONFIGURATION +# APP INITIAL CONFIGURATION #================================================= -ynh_script_progression --message="Adding a configuration file..." --weight=1 +ynh_script_progression "Adding $app's configuration files..." ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") -ynh_add_config --template="app.ini" --destination="$install_dir/custom/conf/app.ini" +ynh_config_add --template="app.ini" --destination="$install_dir/custom/conf/app.ini" chmod 640 "$install_dir/custom/conf/app.ini" chown "$app:$app" "$install_dir/custom/conf/app.ini" #================================================= -# SETUP SYSTEMD +# SYSTEM CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 +ynh_script_progression "Adding system configurations related to $app..." -ynh_add_systemd_config +ynh_config_add_systemd -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2 +ynh_config_add_nginx -ynh_add_nginx_config - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Configuring log rotation..." --weight=1 - -# Use logrotate to manage application logfile(s) -ynh_use_logrotate --logfile "/var/log/$app" --nonappend - -chown -R "$app:$app" "/var/log/$app" -chmod u=rwX,g=rX,o= "/var/log/$app" - -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 +ynh_config_add_logrotate "/var/log/$app" yunohost service add "$app" --description="Forgejo" --log="/var/log/$app/forgejo.log" +ynh_config_add_fail2ban --logpath "/var/log/$app/forgejo.log" --failregex ".*Failed authentication attempt for .* from " + #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=3 +ynh_script_progression "Starting $app's systemd service..." # Start a systemd service -ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" - -#================================================= -# SETUP FAIL2BAN -#================================================= -ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 - -ynh_add_fail2ban_config --logpath "/var/log/$app/forgejo.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 +ynh_systemctl --service="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --wait_until="Starting new Web server: tcp:127.0.0.1:" #================================================= # LDAP CONFIGURATION #================================================= -ynh_script_progression --message="Adding LDAP configuration..." --weight=1 +ynh_script_progression "Adding LDAP configuration..." set_forgejo_login_source enable_login_source_sync @@ -112,4 +86,4 @@ synchronize_users # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" --last +ynh_script_progression "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index ed4ac1b..d6e975d 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,45 +1,29 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers #================================================= -# STANDARD REMOVE -#================================================= -# REMOVE SERVICE INTEGRATION IN YUNOHOST +# REMOVE SYSTEM CONFIGURATIONS #================================================= +ynh_script_progression "Removing system configurations related to $app..." -# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) -if ynh_exec_warn_less yunohost service status "$app" >/dev/null +if ynh_hide_warnings yunohost service status "$app" >/dev/null then - ynh_script_progression --message="Removing $app service integration..." --weight=1 + ynh_script_progression "Removing $app service integration..." yunohost service remove "$app" fi -# Remove the dedicated systemd config -ynh_script_progression --message="Removing systemd configuration..." --weight=1 -ynh_remove_systemd_config +ynh_config_remove_systemd -# Remove the app-specific logrotate config -ynh_script_progression --message="Removing logrotate configuration..." --weight=1 -ynh_remove_logrotate +ynh_config_remove_logrotate -# Remove the dedicated NGINX config -ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 -ynh_remove_nginx_config +ynh_config_remove_nginx -# Remove the dedicated Fail2Ban config -ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1 -ynh_remove_fail2ban_config +ynh_config_remove_fail2ban #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --last +ynh_script_progression "Removal of $app completed" diff --git a/scripts/restore b/scripts/restore index f2ee8f0..fcf3c29 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,103 +1,60 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# STANDARD RESTORATION STEPS -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX configuration..." --weight=1 - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" - #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring $app main directory..." --weight=10 +ynh_script_progression "Restoring $app main directory..." -ynh_restore_file --origin_path="$install_dir" - -chmod -R o-rwx "$install_dir" -chown -R "$app:$app" "$install_dir" +ynh_restore "$install_dir" #================================================= # RESTORE THE DATA DIRECTORY #================================================= -ynh_script_progression --message="Restoring the data directory..." --weight=1 -ynh_restore_file --origin_path="$data_dir" --not_mandatory +ynh_script_progression "Restoring the data directory..." + +ynh_restore "$data_dir" + chown -R "$app:$app" "$data_dir" -#================================================= -# RESTORE THE LOG DIRECTORY -#================================================= -ynh_restore_file --origin_path="/var/log/$app" -chown -R "$app:$app" "/var/log/$app" -chmod u=rwX,g=rX,o= "/var/log/$app" - -#================================================= -# RESTORE FAIL2BAN CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1 - -ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" -ynh_systemd_action --action=restart --service_name=fail2ban - #================================================= # RESTORE THE DATABASE #================================================= -ynh_script_progression --message="Restoring the database..." --weight=6 +ynh_script_progression "Restoring the database..." -ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" +ynh_psql_db_shell < "./db.sql" #================================================= -# RESTORE SYSTEMD +# RESTORE SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Restoring the systemd configuration..." --weight=5 +ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 -ynh_restore_file --origin_path="/etc/systemd/system/$app.service" +ynh_restore "/etc/nginx/conf.d/$domain.d/$app.conf" + +ynh_restore "/etc/systemd/system/$app.service" systemctl enable "$app.service" --quiet -#================================================= -# RESTORE THE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1 - -ynh_restore_file --origin_path="/etc/logrotate.d/$app" - -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 +ynh_restore "/etc/logrotate.d/$app" yunohost service add "$app" --description="Forgejo" --log="/var/log/$app/forgejo.log" -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=3 - -ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" +ynh_restore "/etc/fail2ban/jail.d/$app.conf" +ynh_restore "/etc/fail2ban/filter.d/$app.conf" +ynh_systemctl --action=restart --service=fail2ban #================================================= -# GENERIC FINALIZATION +# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE #================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression "Reloading NGINX web server and $app's service..." -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemctl --service="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --wait_until="Starting new Web server: tcp:127.0.0.1:" + +ynh_systemctl --service=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --last +ynh_script_progression "Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index f75b289..48c9b8e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,47 +1,34 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers -#================================================= -# CHECK VERSION -#================================================= - -upgrade_type=$(ynh_check_app_version_changed) - -#================================================= -# STANDARD UPGRADE STEPS #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=2 -ynh_systemd_action --service_name="$app" --action="stop" --log_path="systemd" +ynh_script_progression "Stopping $app's systemd service..." + +ynh_systemctl --service="$app" --action="stop" --log_path="systemd" #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 +ynh_script_progression "Ensuring downward compatibility..." # Update forgejo login source (1.19.3-0~ynh2) pushd "$install_dir" - old_login_source_id=$(ynh_exec_as "$app" ./forgejo admin auth list | grep "YunoHost LDAP" | grep "via BindDN" | cut -f 1) + old_login_source_id=$(ynh_exec_as_app ./forgejo admin auth list | grep "YunoHost LDAP" | grep "via BindDN" | cut -f 1) if [ -n "$old_login_source_id" ]; then - ynh_print_info --message="Delete obsolete forgejo login source (LDAP via BindDN)" + ynh_print_info "Delete obsolete forgejo login source (LDAP via BindDN)" # Ensure no user have this obsolete login source - ynh_psql_execute_as_root --database "$db_name" --sql "update public.user set login_source = 0, login_type = 0 where login_source = ${old_login_source_id}" + ynh_psql_db_shell "$db_name" --sql "update public.user set login_source = 0, login_type = 0 where login_source = ${old_login_source_id}" # Delete old login source - ynh_exec_as "$app" ./forgejo admin auth delete --id "$old_login_source_id" + ynh_exec_as_app ./forgejo admin auth delete --id "$old_login_source_id" fi - ynh_exec_as "$app" ./forgejo admin auth list | grep "YunoHost LDAP" | grep -q "LDAP (simple auth)" || + ynh_exec_as_app ./forgejo admin auth list | grep "YunoHost LDAP" | grep -q "LDAP (simple auth)" || # create new login source if not existing set_forgejo_login_source popd @@ -57,48 +44,34 @@ if [ -d "$data_dir/.ssh" ]; then fi # If secret_key doesn't exist, create it -if [ -z "${secret_key:-}" ]; then - secret_key=$("$install_dir/forgejo" generate secret SECRET_KEY) - ynh_app_setting_set --app="$app" --key=secret_key --value="$secret_key" -fi +ynh_app_setting_set_default --key=secret_key --value=$("$install_dir/forgejo" generate secret SECRET_KEY) # If lfs_jwt_secret doesn't exist, create it -if [ -z "${lfs_jwt_secret:-}" ]; then - lfs_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET) - ynh_app_setting_set --app="$app" --key=lfs_jwt_secret --value="$lfs_jwt_secret" -fi +ynh_app_setting_set_default --key=lfs_jwt_secret --value=$("$install_dir/forgejo" generate secret JWT_SECRET) # If internal_token doesn't exist, create it -if [ -z "${internal_token:-}" ]; then - internal_token=$("$install_dir/forgejo" generate secret INTERNAL_TOKEN) - ynh_app_setting_set --app="$app" --key=internal_token --value="$internal_token" -fi +ynh_app_setting_set_default --key=internal_token --value=$("$install_dir/forgejo" generate secret INTERNAL_TOKEN) # If oauth2_jwt_secret doesn't exist, create it -if [ -z "${oauth2_jwt_secret:-}" ]; then - oauth2_jwt_secret=$("$install_dir/forgejo" generate secret JWT_SECRET) - ynh_app_setting_set --app="$app" --key=oauth2_jwt_secret --value="$oauth2_jwt_secret" -fi +ynh_app_setting_set_default --key=oauth2_jwt_secret --value=$("$install_dir/forgejo" generate secret JWT_SECRET) #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --weight=3 +ynh_script_progression "Setting up source files..." -ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep="custom .ssh" +ynh_setup_source --dest_dir="$install_dir" --full_replace --keep="custom .ssh" xz -f -d "$install_dir/forgejo.xz" -chmod -R o-rwx "$install_dir" -chown -R "$app:$app" "$install_dir" chmod +x "$install_dir/forgejo" #================================================= # ADD A CONFIGURATION #================================================= -ynh_script_progression --message="Adding a configuration file..." --weight=1 +ynh_script_progression "Adding $app's configuration..." ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") -ynh_add_config --template="app.ini" --destination="$install_dir/custom/conf/app.ini" +ynh_config_add --template="app.ini" --destination="$install_dir/custom/conf/app.ini" chmod 640 "$install_dir/custom/conf/app.ini" chown "$app:$app" "$install_dir/custom/conf/app.ini" @@ -106,45 +79,24 @@ chown "$app:$app" "$install_dir/custom/conf/app.ini" #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 +ynh_script_progression "Upgrading systemd configuration..." -ynh_add_systemd_config +ynh_config_add_systemd -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2 +ynh_config_add_nginx -ynh_add_nginx_config - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Configuring log rotation..." --weight=1 - -# Use logrotate to manage application logfile(s) -ynh_use_logrotate --logfile "/var/log/$app" --nonappend - -chown -R "$app:$app" "/var/log/$app" -chmod u=rwX,g=rX,o= "/var/log/$app" - -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 +ynh_config_add_logrotate "/var/log/$app" yunohost service add "$app" --description="Forgejo" --log="/var/log/$app/forgejo.log" +ynh_config_add_fail2ban --logpath "/var/log/$app/forgejo.log" --failregex ".*Failed authentication attempt for .* from " + #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=3 - -# Start a systemd service -ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" +ynh_script_progression "Starting $app's systemd service..." +ynh_systemctl --service="$app" --action="start" --log_path="/var/log/$app/forgejo.log" --wait_until="Starting new Web server: tcp:127.0.0.1:" #================================================= # Synchronize users (backward compatibility 1.19.3-0~ynh3) @@ -157,15 +109,8 @@ set_users_login_source synchronize_users -#================================================= -# SETUP FAIL2BAN -#================================================= -ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 - -ynh_add_fail2ban_config --logpath "/var/log/$app/forgejo.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 - #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --last +ynh_script_progression "Upgrade of $app completed"