#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # CHECK VERSION #================================================= upgrade_type=$(ynh_check_app_version_changed) #================================================= # STANDARD UPGRADE STEPS #================================================= # STOP SYSTEMD SERVICE #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=2 ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # Update forgejo login source pushd "$install_dir" old_login_source_id=$(ynh_exec_as $app ./forgejo admin auth list | grep "YunoHost LDAP" | grep "via BindDN" | cut -f 1) if [ ! -z $old_login_source_id ]; then # Delete old login source ynh_exec_as $app ./forgejo admin auth delete --id $old_login_source_id # Create new login source set_forgejo_login_source fi popd # forgejo home directory has changed (yunohost packaging v2) # .ssh directory should move from old home dir (data_dir) to new one # (/var/www/$app is the default value for home in resources.system_user) if [ -d "$data_dir/.ssh" ]; then mv "$data_dir/.ssh" /var/www/$app fi # If secret_key doesn't exist, create it if [ -z "$secret_key" ]; then secret_key=$($install_dir/forgejo generate secret SECRET_KEY) ynh_app_setting_set --app=$app --key=secret_key --value=$secret_key fi # If lfs_jwt_secret doesn't exist, create it if [ -z "$lfs_jwt_secret" ]; then lfs_jwt_secret=$($install_dir/forgejo generate secret JWT_SECRET) ynh_app_setting_set --app=$app --key=lfs_jwt_secret --value=$lfs_jwt_secret fi # If internal_token doesn't exist, create it if [ -z "$internal_token" ]; then internal_token=$($install_dir/forgejo generate secret INTERNAL_TOKEN) ynh_app_setting_set --app=$app --key=internal_token --value=$internal_token fi #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=3 ynh_setup_source --dest_dir=$install_dir xz -f -d "$install_dir/forgejo.xz" chmod -R o-rwx "$install_dir" chown -R $app:$app "$install_dir" chmod +x "$install_dir/forgejo" #================================================= # ADD A CONFIGURATION #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") ynh_add_config --template="app.ini" --destination="$install_dir/custom/conf/app.ini" chmod 640 "$install_dir/custom/conf/app.ini" chown $app:$app "$install_dir/custom/conf/app.ini" #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 ynh_add_systemd_config #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2 ynh_add_nginx_config #================================================= # GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate --logfile "/var/log/$app" --nonappend chown -R $app:$app "/var/log/$app" chmod u=rwX,g=rX,o= "/var/log/$app" #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 yunohost service add $app --description="Forgejo" --log="/var/log/$app/forgejo.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=3 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/forgejo.log" --line_match="Starting new Web server: tcp:127.0.0.1:" #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 ynh_add_fail2ban_config --logpath "/var/log/$app/forgejo.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Upgrade of $app completed" --last