diff --git a/conf/funkwhale_proxy.conf b/conf/funkwhale_proxy.conf index 1f091b4..312986f 100644 --- a/conf/funkwhale_proxy.conf +++ b/conf/funkwhale_proxy.conf @@ -1,13 +1,13 @@ -# global proxy conf -proxy_set_header Host $host; -proxy_set_header X-Real-IP $remote_addr; -proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -proxy_set_header X-Forwarded-Proto $scheme; -proxy_set_header X-Forwarded-Host $host:$server_port; -proxy_set_header X-Forwarded-Port $server_port; -proxy_redirect off; - -# websocket support -proxy_http_version 1.1; -proxy_set_header Upgrade $http_upgrade; -proxy_set_header Connection $connection_upgrade; +# global proxy conf +proxy_set_header Host $host; +proxy_set_header X-Real-IP $remote_addr; +proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +proxy_set_header X-Forwarded-Proto $scheme; +proxy_set_header X-Forwarded-Host $host:$server_port; +proxy_set_header X-Forwarded-Port $server_port; +proxy_redirect off; + +# websocket support +proxy_http_version 1.1; +proxy_set_header Upgrade $http_upgrade; +proxy_set_header Connection $connection_upgrade; diff --git a/manifest.toml b/manifest.toml index b7f8eb9..554aff8 100644 --- a/manifest.toml +++ b/manifest.toml @@ -21,7 +21,8 @@ code = "https://dev.funkwhale.audio/funkwhale/funkwhale" fund = "https://next.funkwhale.audio/donate/" [integration] -yunohost = ">= 11.2.12" +yunohost = ">= 11.2.29" +helpers_version = "2.1" architectures = "all" multi_instance = true @@ -69,6 +70,7 @@ ram.runtime = "50M" [resources.system_user] [resources.install_dir] + group = "www-data:r-x" [resources.data_dir] diff --git a/scripts/_common.sh b/scripts/_common.sh index 599c71e..3d7f008 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,13 +1,5 @@ #!/bin/bash #================================================= -# COMMON VARIABLES -#================================================= - -#================================================= -# PERSONAL HELPERS -#================================================= - -#================================================= -# EXPERIMENTAL HELPERS +# COMMON VARIABLES AND CUSTOM HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index ed8efd6..5a76af9 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,44 +1,34 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - -# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# DECLARE DATA AND CONF FILES TO BACKUP -#================================================= -ynh_print_info --message="Declaring files to be backed up..." +ynh_print_info "Declaring files to be backed up..." #================================================= # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$install_dir" +ynh_backup "$install_dir" #================================================= # BACKUP THE DATA DIR #================================================= -ynh_backup --src_path="$data_dir" --is_big +ynh_backup "$data_dir" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= -ynh_backup --src_path="/etc/nginx/conf.d/$domain.d" +ynh_backup "/etc/nginx/conf.d/$domain.d" #================================================= # BACKUP FAIL2BAN CONFIGURATION #================================================= -ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" +ynh_backup "/etc/fail2ban/jail.d/$app.conf" +ynh_backup "/etc/fail2ban/filter.d/$app.conf" #================================================= # SPECIFIC BACKUP @@ -46,20 +36,20 @@ ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" # BACKUP SYSTEMD #================================================= -ynh_backup --src_path="/etc/systemd/system/${app}-beat.service" -ynh_backup --src_path="/etc/systemd/system/${app}-server.service" -ynh_backup --src_path="/etc/systemd/system/${app}-worker.service" -ynh_backup --src_path="/etc/systemd/system/$app.target" +ynh_backup "/etc/systemd/system/${app}-beat.service" +ynh_backup "/etc/systemd/system/${app}-server.service" +ynh_backup "/etc/systemd/system/${app}-worker.service" +ynh_backup "/etc/systemd/system/$app.target" #================================================= # BACKUP THE POSTGRESQL DATABASE #================================================= -ynh_print_info --message="Backing up the PostgreSQL database..." +ynh_print_info "Backing up the PostgreSQL database..." -ynh_psql_dump_db --database="$db_name" > db.sql +ynh_psql_dump_db > db.sql #================================================= # END OF SCRIPT #================================================= -ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index 9bb78b0..d661e70 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -1,59 +1,54 @@ #!/bin/bash -#================================================= -# GENERIC STARTING -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers -#================================================= -# STANDARD MODIFICATIONS #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 +ynh_script_progression "Stopping $app's systemd service..." -ynh_systemd_action --service_name="$app-beat" --action=stop --log_path="/var/log/$app/$app.log" -ynh_systemd_action --service_name="$app-server" --action=stop --log_path="/var/log/$app/$app.log" -ynh_systemd_action --service_name="$app-worker" --action=stop --log_path="/var/log/$app/$app.log" +ynh_systemctl --service="$app-beat" --action=stop + +ynh_systemctl --service="$app-server" --action=stop + +ynh_systemctl --service="$app-worker" --action=stop #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 +ynh_script_progression "Updating NGINX web server configuration..." domain=$new_domain -ynh_add_config --template="funkwhale_proxy.conf" --destination="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" -ynh_change_url_nginx_config +ynh_config_add --template="funkwhale_proxy.conf" --destination="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" +ynh_config_change_url_nginx #================================================= # MODIFY THE CONFIG FILE #================================================= -ynh_script_progression --message="Modifying a config file..." --weight=1 +ynh_script_progression "Updating configuration..." -ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/.env" +ynh_config_add --template="env.prod" --destination="$install_dir/config/.env" #================================================= -# MODIFY THE FEDERATION +# MODIFY THE FEDERATION + #================================================= source $install_dir/venv/bin/activate -ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage fix_federation_ids https://$old_domain https://$new_domain --no-dry-run --no-input +ynh_hide_warnings ynh_exec_as_app $install_dir/venv/bin/funkwhale-manage fix_federation_ids https://$old_domain https://$new_domain --no-dry-run --no-input #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression "Starting $app's systemd service..." -ynh_systemd_action --service_name="$app-beat" --action="start" --log_path="/var/log/$app/${app}-beat.log" -ynh_systemd_action --service_name="$app-server" --action="start" --log_path="/var/log/$app/${app}-server.log" -ynh_systemd_action --service_name="$app-worker" --action="start" --log_path="/var/log/$app/${app}-worker.log" +ynh_systemctl --service="$app-beat" --action="start" --log_path="/var/log/$app/${app}-beat.log" +ynh_systemctl --service="$app-server" --action="start" --log_path="/var/log/$app/${app}-server.log" +ynh_systemctl --service="$app-worker" --action="start" --log_path="/var/log/$app/${app}-worker.log" #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --last +ynh_script_progression "Change of URL completed for $app" diff --git a/scripts/install b/scripts/install index bd43072..2b92716 100644 --- a/scripts/install +++ b/scripts/install @@ -1,11 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers @@ -18,9 +12,8 @@ admin_mail=$(ynh_user_get_info --username="$admin" --key="mail") #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --weight=1 +ynh_script_progression "Setting up source files..." -# Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir/api" --source_id="api" ynh_setup_source --dest_dir="$install_dir/front" --source_id="front" @@ -29,18 +22,15 @@ mkdir -p $install_dir/config #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=1 +ynh_script_progression "Configuring NGINX web server..." -# Create a dedicated NGINX config -ynh_add_config --template="funkwhale_proxy.conf" --destination="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" -ynh_add_nginx_config +ynh_config_add --template="funkwhale_proxy.conf" --destination="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" +ynh_config_add_nginx -#================================================= -# SPECIFIC SETUP #================================================= # CREATE DATA DIRECTORY #================================================= -ynh_script_progression --message="Creating a data directory..." --weight=1 +ynh_script_progression "Creating a data directory..." mkdir -p $data_dir/data mkdir -p $data_dir/data/{static,media,music} @@ -52,35 +42,32 @@ chown -R $app:www-data "$data_dir/" #================================================= # ADD A CONFIGURATION #================================================= -ynh_script_progression --message="Adding a configuration file..." --weight=1 +ynh_script_progression "Adding $app's configuration..." key=$(ynh_string_random --length=45 | base64) redis_db=$(ynh_redis_get_free_db) -ynh_app_setting_set --app=$app --key=key --value=$key -ynh_app_setting_set --app=$app --key=redis_db --value=$redis_db +ynh_app_setting_set --key=key --value=$key +ynh_app_setting_set --key=redis_db --value=$redis_db -ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/.env" - -chmod 400 "$install_dir/config/.env" -chown $app:$app "$install_dir/config/.env" +ynh_config_add --template="env.prod" --destination="$install_dir/config/.env" #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Configuring a systemd service..." --weight=1 +ynh_script_progression "Configuring $app's systemd service..." -ynh_add_config --template="../conf/funkwhale.target" --destination="/etc/systemd/system/$app.target" +ynh_config_add --template="funkwhale.target" --destination="/etc/systemd/system/$app.target" # Create a dedicated systemd config -ynh_add_systemd_config --service="${app}-server" --template="funkwhale-server.service" -ynh_add_systemd_config --service="${app}-worker" --template="funkwhale-worker.service" -ynh_add_systemd_config --service="${app}-beat" --template="funkwhale-beat.service" +ynh_config_add_systemd --service="${app}-server" --template="funkwhale-server.service" +ynh_config_add_systemd --service="${app}-worker" --template="funkwhale-worker.service" +ynh_config_add_systemd --service="${app}-beat" --template="funkwhale-beat.service" #================================================= # INSTALL PYTHON DEPENDENCIES #================================================= -ynh_script_progression --message="Installing Python dependencies..." --weight=1 +ynh_script_progression "Installing Python dependencies..." if [ $YNH_ARCH == "armhf" ] || [ $YNH_ARCH == "armel" ] then @@ -88,58 +75,52 @@ then # We need this to be able to install cryptgraphy export PATH="$PATH:$install_dir/.cargo/bin:$install_dir/.local/bin:/usr/local/sbin" if [ -e $install_dir/.rustup ]; then - sudo -u "$app" env PATH=$PATH rustup update + ynh_exec_as_app PATH=$PATH rustup update else - sudo -u "$app" bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain=stable --profile=minimal' + ynh_exec_as_app bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain=stable --profile=minimal' fi fi - pushd $install_dir python3 -m venv $install_dir/venv source $install_dir/venv/bin/activate - ynh_exec_warn_less pip install --upgrade pip wheel toml - ynh_exec_warn_less pip install --editable ./api + ynh_hide_warnings pip install --upgrade pip wheel toml + ynh_hide_warnings pip install --editable ./api popd #================================================= # BUILDING FUNKWHALE #================================================= -ynh_script_progression --message="Building funkwhale..." --weight=1 +ynh_script_progression "Building funkwhale..." pushd $install_dir source $install_dir/venv/bin/activate # needed for enabling the 'unaccent' extension - ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name" - ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage migrate - ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name" - echo "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('$admin', '$admin_mail', 'funkwhale') " | ynh_exec_warn_less python api/manage.py shell - echo "yes" | ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage collectstatic -popd + ynh_psql_db_shell <<< "ALTER USER $db_user WITH SUPERUSER;" -chmod 750 "$install_dir" -chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" + ynh_hide_warnings ynh_exec_as_app $install_dir/venv/bin/funkwhale-manage migrate + ynh_psql_db_shell <<< "ALTER USER $db_user WITH NOSUPERUSER;" + + echo "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('$admin', '$admin_mail', 'funkwhale') " | ynh_hide_warnings python api/manage.py shell + echo "yes" | ynh_hide_warnings ynh_exec_as_app $install_dir/venv/bin/funkwhale-manage collectstatic +popd #================================================= # LOGROTATE #================================================= -ynh_script_progression --message="Configuring logrotate to manage application logfiles" --weight=1 +ynh_script_progression "Configuring logrotate to manage application logfiles" + +ynh_config_add_logrotate -# Use logrotate to manage application logfile(s) -ynh_use_logrotate --specific_user=$app touch /var/log/$app/${app}-server.log touch /var/log/$app/${app}-worker.log touch /var/log/$app/${app}-beat.log -chown -R $app:$app /var/log/$app/ -#================================================= -# GENERIC FINALIZATION #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 +ynh_script_progression "Integrating service in YunoHost..." yunohost service add "${app}-beat" --description="${app} celery beat process" --log="/var/log/$app/${app}-beat.log" yunohost service add "${app}-server" --description="${app} application server" --log="/var/log/$app/${app}-server.log" @@ -148,23 +129,21 @@ yunohost service add "${app}-worker" --description="${app} celery worker" --log= #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression "Starting $app's systemd service..." -# Start a systemd service -ynh_systemd_action --service_name="${app}-beat" --action="start" --log_path="systemd" -ynh_systemd_action --service_name="${app}-server" --action="start" --log_path="systemd" --line_match="Application startup complete" -ynh_systemd_action --service_name="${app}-worker" --action="start" --log_path="systemd" --line_match="ready" +ynh_systemctl --service="${app}-beat" --action="start" --log_path="systemd" +ynh_systemctl --service="${app}-server" --action="start" --log_path="systemd" --wait_until="Application startup complete" +ynh_systemctl --service="${app}-worker" --action="start" --log_path="systemd" --wait_until="ready" #================================================= # SETUP FAIL2BAN #================================================= -ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 +ynh_script_progression "Configuring Fail2Ban..." -# Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-access.log" --failregex=".* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5 +ynh_config_add_fail2ban --logpath="/var/log/nginx/${domain}-access.log" --failregex=".* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" --last +ynh_script_progression "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index d4ead20..a56aecb 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,11 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers @@ -15,77 +9,57 @@ source /usr/share/yunohost/helpers # REMOVE SERVICE INTEGRATION IN YUNOHOST #================================================= -# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) -if ynh_exec_warn_less yunohost service status "${app}-server" >/dev/null +if ynh_hide_warnings yunohost service status "${app}-server" >/dev/null then - ynh_script_progression --message="Removing ${app}-server service integration..." + ynh_script_progression "Removing ${app}-server service integration..." yunohost service remove "${app}-server" fi -if ynh_exec_warn_less yunohost service status "${app}-worker" >/dev/null +if ynh_hide_warnings yunohost service status "${app}-worker" >/dev/null then - ynh_script_progression --message="Removing ${app}-worker service integration..." + ynh_script_progression "Removing ${app}-worker service integration..." yunohost service remove "${app}-worker" fi -if ynh_exec_warn_less yunohost service status "${app}-beat" >/dev/null +if ynh_hide_warnings yunohost service status "${app}-beat" >/dev/null then - ynh_script_progression --message="Removing ${app}-beat service integration..." + ynh_script_progression "Removing ${app}-beat service integration..." yunohost service remove "${app}-beat" fi #================================================= # STOP AND REMOVE SERVICE #================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 +ynh_script_progression "Stopping and removing the systemd service..." -ynh_systemd_action --service_name="${app}-beat" --action="stop" --log_path="systemd" -ynh_systemd_action --service_name="${app}-server" --action="stop" --log_path="systemd" -ynh_systemd_action --service_name="${app}-worker" --action="stop" --log_path="systemd" +ynh_systemctl --service="${app}-beat" --action="stop" --log_path="systemd" +ynh_systemctl --service="${app}-server" --action="stop" --log_path="systemd" +ynh_systemctl --service="${app}-worker" --action="stop" --log_path="systemd" # Remove the dedicated systemd config -ynh_remove_systemd_config --service="${app}-beat" -ynh_remove_systemd_config --service="${app}-server" -ynh_remove_systemd_config --service="${app}-worker" +ynh_config_remove_systemd"${app}-beat" +ynh_config_remove_systemd"${app}-server" +ynh_config_remove_systemd"${app}-worker" -ynh_secure_remove --file="/etc/systemd/system/$app.target" +ynh_safe_rm "/etc/systemd/system/$app.target" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 +ynh_script_progression "Removing NGINX web server configuration..." # Remove the dedicated NGINX config -ynh_secure_remove --file="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" -ynh_remove_nginx_config +ynh_safe_rm "/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" +ynh_config_remove_nginx -#================================================= -# REMOVE LOGS -#================================================= -ynh_script_progression --message="Removing logs..." --weight=5 +ynh_config_remove_logrotate -ynh_remove_logrotate +ynh_config_remove_fail2ban -#================================================= -# REMOVE FAIL2BAN CONFIGURATION -#================================================= -ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1 - -# Remove the dedicated Fail2Ban config -ynh_remove_fail2ban_config - -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE THE REDIS DATABASE -#================================================= -ynh_script_progression --message="Removing the Redis database..." --weight=1 - -# Remove a database if it exists, along with the associated user ynh_redis_remove_db $redis_db #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --last +ynh_script_progression "Removal of $app completed" diff --git a/scripts/restore b/scripts/restore index ae65c8f..23fa109 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,74 +1,62 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - -# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory..." --weight=1 +ynh_script_progression "Restoring the app main directory..." -ynh_restore_file --origin_path="$install_dir" - -chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" +ynh_restore "$install_dir" #================================================= # RESTORE THE DATA DIRECTORY #================================================= -ynh_script_progression --message="Restoring the data directory..." --weight=1 +ynh_script_progression "Restoring the data directory..." -ynh_restore_file --origin_path="$data_dir/" --not_mandatory +ynh_restore "$data_dir/" || true mkdir -p $data_dir/data mkdir -p $data_dir/data/{static,media,music} -chmod 750 "$data_dir/" chmod -R o-rwx "$data_dir/" chown -R $app:www-data "$data_dir/" #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 +ynh_script_progression "Restoring the NGINX web server configuration..." -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d" +ynh_restore "/etc/nginx/conf.d/$domain.d" #================================================= # RESTORE THE POSTGRESQL DATABASE #================================================= -ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1 +ynh_script_progression "Restoring the PostgreSQL database..." -ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name +ynh_psql_db_shell < "./db.sql" #================================================= # LOGROTATE #================================================= -ynh_script_progression --message="Configuring logrotate to manage application logfiles" --weight=1 +ynh_script_progression "Configuring logrotate to manage application logfiles" + +ynh_config_add_logrotate -# Use logrotate to manage application logfile(s) -ynh_use_logrotate --specific_user=$app touch /var/log/$app/${app}-server.log touch /var/log/$app/${app}-worker.log touch /var/log/$app/${app}-beat.log -chown -R $app:$app /var/log/$app/ #================================================= # RESTORE SYSTEMD #================================================= -ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 +ynh_script_progression "Restoring $app's systemd service..." -ynh_restore_file --origin_path="/etc/systemd/system/${app}-beat.service" -ynh_restore_file --origin_path="/etc/systemd/system/${app}-server.service" -ynh_restore_file --origin_path="/etc/systemd/system/${app}-worker.service" -ynh_restore_file --origin_path="/etc/systemd/system/$app.target" +ynh_restore "/etc/systemd/system/${app}-beat.service" +ynh_restore "/etc/systemd/system/${app}-server.service" +ynh_restore "/etc/systemd/system/${app}-worker.service" +ynh_restore "/etc/systemd/system/$app.target" systemctl enable "${app}-beat.service" --quiet systemctl enable "${app}-server.service" --quiet @@ -77,11 +65,11 @@ systemctl enable "${app}-worker.service" --quiet #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 +ynh_script_progression "Integrating service in YunoHost..." -ynh_add_systemd_config --service="${app}-server" --template="funkwhale-server.service" -ynh_add_systemd_config --service="${app}-worker" --template="funkwhale-worker.service" -ynh_add_systemd_config --service="${app}-beat" --template="funkwhale-beat.service" +ynh_config_add_systemd --service="${app}-server" --template="funkwhale-server.service" +ynh_config_add_systemd --service="${app}-worker" --template="funkwhale-worker.service" +ynh_config_add_systemd --service="${app}-beat" --template="funkwhale-beat.service" yunohost service add "${app}-beat" --description="${app} celery beat process" --log="/var/log/$app/${app}-beat.log" yunohost service add "${app}-server" --description="${app} application server" --log="/var/log/$app/${app}-server.log" @@ -90,23 +78,21 @@ yunohost service add "${app}-worker" --description="${app} celery worker" --log= #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression "Starting $app's systemd service..." -ynh_systemd_action --service_name="${app}-beat" --action="start" --log_path="systemd" -ynh_systemd_action --service_name="${app}-server" --action="start" --log_path="systemd" --line_match="Application startup complete" -ynh_systemd_action --service_name="${app}-worker" --action="start" --log_path="systemd" --line_match="ready" +ynh_systemctl --service="${app}-beat" --action="start" --log_path="systemd" +ynh_systemctl --service="${app}-server" --action="start" --log_path="systemd" --wait_until="Application startup complete" +ynh_systemctl --service="${app}-worker" --action="start" --log_path="systemd" --wait_until="ready" -#================================================= -# GENERIC FINALIZATION #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression "Reloading NGINX web server..." -ynh_systemd_action --service_name=nginx --action=reload +ynh_systemctl --service=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --last +ynh_script_progression "Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index 65a462f..c3d985e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,68 +1,46 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers -#================================================= -# CHECK VERSION -#================================================= - -upgrade_type=$(ynh_check_app_version_changed) - -#================================================= -# STANDARD UPGRADE STEPS #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 +ynh_script_progression "Stopping $app's systemd service..." -ynh_systemd_action --action="stop" --service_name="${app}-beat" --log_path="systemd" -ynh_systemd_action --action="stop" --service_name="${app}-server" --log_path="systemd" -ynh_systemd_action --action="stop" --service_name="${app}-worker" --log_path="systemd" +ynh_systemctl --action="stop" --service="${app}-beat" --log_path="systemd" +ynh_systemctl --action="stop" --service="${app}-server" --log_path="systemd" +ynh_systemctl --action="stop" --service="${app}-worker" --log_path="systemd" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_script_progression "Upgrading source files..." -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Upgrading source files..." --weight=1 - - # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$install_dir/api" --source_id="api" --full_replace=1 - ynh_setup_source --dest_dir="$install_dir/front" --source_id="front" --full_replace=1 -fi +ynh_setup_source --dest_dir="$install_dir/api" --source_id="api" --full_replace +ynh_setup_source --dest_dir="$install_dir/front" --source_id="front" --full_replace #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 +ynh_script_progression "Upgrading NGINX web server configuration..." -# Create a dedicated NGINX config -ynh_add_config --template="funkwhale_proxy.conf" --destination="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" -ynh_add_nginx_config +ynh_config_add --template="funkwhale_proxy.conf" --destination="/etc/nginx/conf.d/$domain.d/funkwhale_proxy.conf" +ynh_config_add_nginx #================================================= # Assure correct permissions to $data_dir #================================================= -ynh_script_progression --message="Assure correct permissions to $data_dir..." --weight=1 +ynh_script_progression "Assure correct permissions to $data_dir..." chmod 750 "$data_dir" chmod -R o-rwx "$data_dir/" chown -R $app:www-data "$data_dir/" -#================================================= -# SPECIFIC UPGRADE #================================================= # INSTALL PYTHON DEPENDENCIES #================================================= -ynh_script_progression --message="Installing Python dependencies..." --weight=1 +ynh_script_progression "Installing Python dependencies..." if [ $YNH_ARCH == "armhf" ] || [ $YNH_ARCH == "armel" ] then @@ -70,83 +48,74 @@ then # We need this to be able to install cryptgraphy export PATH="$PATH:$install_dir/.cargo/bin:$install_dir/.local/bin:/usr/local/sbin" if [ -e $install_dir/.rustup ]; then - sudo -u "$app" env PATH=$PATH rustup update + ynh_exec_as_app PATH=$PATH rustup update else - sudo -u "$app" bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain=stable --profile=minimal' + ynh_exec_as_app bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain=stable --profile=minimal' fi fi pushd $install_dir - ynh_secure_remove --file="$install_dir/virtualenv" - ynh_secure_remove --file="$install_dir/venv" - + ynh_safe_rm "$install_dir/virtualenv" + ynh_safe_rm "$install_dir/venv" + python3 -m venv $install_dir/venv source $install_dir/venv/bin/activate - ynh_exec_warn_less pip install --upgrade pip wheel toml - ynh_exec_warn_less pip install --editable ./api + ynh_hide_warnings pip install --upgrade pip wheel toml + ynh_hide_warnings pip install --editable ./api popd #================================================= # UPDATE A CONFIG FILE #================================================= -ynh_script_progression --message="Updating a configuration file..." --weight=1 +ynh_script_progression "Updating configuration..." -ynh_add_config --template="../conf/env.prod" --destination="$install_dir/config/.env" - -chmod 400 "$install_dir/config/.env" -chown $app:$app "$install_dir/config/.env" +ynh_config_add --template="env.prod" --destination="$install_dir/config/.env" #================================================= # UPGRADE FUNKWHALE #================================================= -ynh_script_progression --message="Upgrading Funkwhale..." --weight=1 +ynh_script_progression "Upgrading Funkwhale..." pushd $install_dir source $install_dir/venv/bin/activate - echo "yes" | ynh_exec_warn_less $install_dir/venv/bin/funkwhale-manage collectstatic --clear --noinput + echo "yes" | ynh_hide_warnings $install_dir/venv/bin/funkwhale-manage collectstatic --clear --noinput # needed for enabling the 'unaccent' extension - ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH SUPERUSER;" --database="$db_name" + ynh_psql_db_shell <<< "ALTER USER $db_user WITH SUPERUSER;" + + ynh_hide_warnings ynh_exec_as_app $install_dir/venv/bin/funkwhale-manage migrate + ynh_psql_db_shell <<< "ALTER USER $db_user WITH NOSUPERUSER;" - ynh_exec_warn_less ynh_exec_as $app $install_dir/venv/bin/funkwhale-manage migrate - ynh_psql_execute_as_root --sql="ALTER USER $db_user WITH NOSUPERUSER;" --database="$db_name" popd -chmod 750 "$install_dir" -chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" - #================================================= # LOGROTATE #================================================= -ynh_script_progression --message="Configuring logrotate to manage application logfiles" --weight=1 +ynh_script_progression "Configuring logrotate to manage application logfiles" + +ynh_config_add_logrotate -# Use logrotate to manage application logfile(s) -ynh_use_logrotate --specific_user=$app touch /var/log/$app/${app}-server.log touch /var/log/$app/${app}-worker.log touch /var/log/$app/${app}-beat.log -chown -R $app:$app /var/log/$app/ #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 +ynh_script_progression "Upgrading systemd configuration..." -ynh_add_config --template="../conf/funkwhale.target" --destination="/etc/systemd/system/$app.target" +ynh_config_add --template="funkwhale.target" --destination="/etc/systemd/system/$app.target" # Create a dedicated systemd config -ynh_add_systemd_config --service="${app}-server" --template="funkwhale-server.service" -ynh_add_systemd_config --service="${app}-worker" --template="funkwhale-worker.service" -ynh_add_systemd_config --service="${app}-beat" --template="funkwhale-beat.service" +ynh_config_add_systemd --service="${app}-server" --template="funkwhale-server.service" +ynh_config_add_systemd --service="${app}-worker" --template="funkwhale-worker.service" +ynh_config_add_systemd --service="${app}-beat" --template="funkwhale-beat.service" -#================================================= -# GENERIC FINALIZATION #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 +ynh_script_progression "Integrating service in YunoHost..." yunohost service add "${app}-beat" --description="${app} celery beat process" --log="/var/log/$app/${app}-beat.log" yunohost service add "${app}-server" --description="${app} application server" --log="/var/log/$app/${app}-server.log" @@ -155,23 +124,22 @@ yunohost service add "${app}-worker" --description="${app} celery worker" --log= #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression "Starting $app's systemd service..." # Start a systemd service -ynh_systemd_action --service_name="${app}-beat" --action="start" --log_path="systemd" -ynh_systemd_action --service_name="${app}-server" --action="start" --log_path="systemd" --line_match="Application startup complete" -ynh_systemd_action --service_name="${app}-worker" --action="start" --log_path="systemd" --line_match="ready" +ynh_systemctl --service="${app}-beat" --action="start" --log_path="systemd" +ynh_systemctl --service="${app}-server" --action="start" --log_path="systemd" --wait_until="Application startup complete" +ynh_systemctl --service="${app}-worker" --action="start" --log_path="systemd" --wait_until="ready" #================================================= # UPGRADE FAIL2BAN #================================================= -ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=1 +ynh_script_progression "Reconfiguring Fail2Ban..." -# Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/$domain-access.log" --failregex=".* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5 +ynh_config_add_fail2ban --logpath="/var/log/nginx/$domain-access.log" --failregex=".* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --last +ynh_script_progression "Upgrade of $app completed"