#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get "$app" domain) path_url=$(ynh_app_setting_get "$app" path) is_public=$(ynh_app_setting_get "$app" is_public) final_path=$(ynh_app_setting_get "$app" final_path) db_name=$(ynh_app_setting_get "$app" db_name) db_user=$db_name port=$(ynh_app_setting_get "$app" port) db_pwd=$(ynh_app_setting_get "$app" psqlpwd) redis_db=$(ynh_app_setting_get "$app" redis_db) code_migration=$(ynh_app_setting_get "$app" code_migration) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= # If redis_db doesn't exist, create it if [ -z "$redis_db" ]; then redis_db=0 ynh_app_setting_set "$app" redis_db "$redis_db" fi # make sure we have the last code organization if [ ! -d "$final_path/code/" ]; then mkdir "$final_path-tmp" mv "$final_path"/* "$final_path-tmp/" mkdir "$final_path/code" mv "$final_path-tmp/data/media" "$final_path/media" mv "$final_path-tmp/data/music" "$final_path/import" mv "$final_path-tmp"/* "$final_path/code" ynh_secure_remove "$final_path-tmp/" ynh_app_setting_set "$app" code_migration 1 fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= # Inform the backup/restore process that it should not save the data directory ynh_app_setting_set "$app" backup_core_only 1 # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { # restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # CHECK THE PATH #================================================= # Normalize the URL path syntax path_url=$(ynh_normalize_url_path "$path_url") #================================================= # STANDARD UPGRADE STEPS #================================================= # CLOSE A PORT #================================================= if yunohost firewall list | grep -q "\- $port$" then echo "Close port $port" yunohost firewall disallow TCP $port 2>&1 fi #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_app_setting_set "$app" final_path "$final_path" # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source "$final_path/code" ynh_setup_source "$final_path/code" "app-frontend" ( cd "$final_path" mkdir -p code/config code/api code/data/static media import code/front ) #================================================= # NGINX CONFIGURATION #================================================= # change the global configuration # remove domain specific configuration tail -n +11 "/etc/nginx/conf.d/$domain.conf" > "/etc/nginx/conf.d/$domain.conf.temp" mv "/etc/nginx/conf.d/$domain.conf.temp" "/etc/nginx/conf.d/$domain.conf" # add proxy_cache and connection_upgrade at the beginning of the domain configuration echo " proxy_cache_path /tmp/$app-transcode levels=1:2 keys_zone=$app-transcode:10m max_size=1g inactive=7d; # required for websocket support map \$http_upgrade \$connection_upgrade { default upgrade; '' close; } " | cat - "/etc/nginx/conf.d/$domain.conf" > temp && mv temp "/etc/nginx/conf.d/$domain.conf" # Create a dedicated nginx config ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= # Create a system user ynh_system_user_create "$app" #================================================= # INSTALL DEPENDENCIES #================================================= ynh_install_app_dependencies build-essential curl ffmpeg \ libjpeg-dev libmagic-dev libpq-dev postgresql python3-dev python3-venv \ redis-server libldap2-dev libsasl2-dev \ `# add arm support` \ zlib1g-dev libffi-dev libssl-dev #================================================= # SPECIFIC UPGRADE #================================================= # PYTHON DEPENDENCIES #================================================= python3 -m venv "$final_path/code/virtualenv" ( set +o nounset source "${final_path}/code/virtualenv/bin/activate" set -o nounset pip install --upgrade pip pip install --upgrade setuptools pip install wheel pip install -r "${final_path}/code/api/requirements.txt" # https://code.eliotberriot.com/funkwhale/funkwhale/tags/0.16 pip uninstall django-cacheops --yes ) #================================================= # MODIFY THE CONFIG FILE #================================================= configfile="$final_path/code/config/.env" cp ../conf/env.prod "$configfile" key=$(ynh_string_random) ynh_app_setting_set "$app" key "$key" ynh_replace_string "__REDIS_DB__" "$redis_db" "$configfile" ynh_replace_string "__PORT__" "$port" "$configfile" ynh_replace_string "__DOMAIN__" "$domain" "$configfile" ynh_replace_string "__DBUSER__" "$db_name" "$configfile" ynh_replace_string "__DBPWD__" "$db_pwd" "$configfile" ynh_replace_string "__DBNAME__" "$app" "$configfile" ynh_replace_string "__FINALPATH__" "$final_path" "$configfile" ynh_replace_string "__KEY__" "$key" "$configfile" loadfile="$final_path/code/load_env" cat > "$loadfile" <<'EOL' #!/bin/bash export $(cat "__FINALPATH__/code/config/.env" | grep -v ^# | xargs) EOL chmod +x "$loadfile" ynh_replace_string "__FINALPATH__" "$final_path" "$loadfile" #================================================= # MIGRATE #================================================= ( set +o nounset source "${final_path}/code/virtualenv/bin/activate" source "$loadfile" set -o nounset cd "$final_path/code" # needed for enabling the 'unaccent' extension ynh_psql_execute_as_root "ALTER USER $db_user WITH SUPERUSER;" python api/manage.py migrate ynh_psql_execute_as_root "ALTER USER $db_user WITH NOSUPERUSER;" python api/manage.py collectstatic --clear --noinput # https://code.eliotberriot.com/funkwhale/funkwhale/tags/0.16 # users-now-have-an-activitypub-actor-manual-action-required python api/manage.py script create_actors --no-input # https://code.eliotberriot.com/funkwhale/funkwhale/tags/0.16 #image-thumbnails-manual-action-required python api/manage.py script create_image_variations --no-input # https://docs.funkwhale.audio/upgrading/0.17.html#upgrade-instructions python api/manage.py script migrate_to_user_libraries --no-input ) #================================================= # SETUP SYSTEMD #================================================= cp ../conf/funkwhale.target "/etc/systemd/system/$app.target" ynh_replace_string "__APP__" "$app" "/etc/systemd/system/$app.target" # Create a dedicated systemd config ynh_add_systemd_config "$app-server" "funkwhale-server.service" ynh_add_systemd_config "$app-worker" "funkwhale-worker.service" ynh_add_systemd_config "$app-beat" "funkwhale-beat.service" systemctl restart "$app".target #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= chown -R "$app": "$final_path" chmod -R 755 "$final_path/code/front/dist/" mkdir -p "/var/log/$app" chown -R "$app": "/var/log/$app" #================================================= # SETUP FAIL2BAN #================================================= ynh_add_fail2ban_config "/var/log/nginx/$domain-access.log" ".* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" 5 #================================================= # SETUP SSOWAT #================================================= # Make app public if necessary if [ "$is_public" -eq 1 ] then # makes sure no SSO credentials to be passed ynh_app_setting_set "$app" skipped_uris "/" fi #================================================= # RELOAD NGINX #================================================= systemctl reload nginx #================================================= # REMOVE CODE MIGRATION FLAG #================================================= ynh_app_setting_set "$app" code_migration 2