#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================ domain=$YNH_APP_ARG_DOMAIN admin_mastodon=$YNH_APP_ARG_ADMIN admin_mastodon_mail=$(ynh_user_get_info $admin_mastodon 'mail') admin_pass=$YNH_APP_ARG_PASSWD language=$YNH_APP_ARG_LANGUAGE path_url="/" app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" [[ ${#admin_pass} -gt 7 ]] || ynh_die "Password is too weak, must be longer than 7 characters" # Normalize the url path syntax path_url=$(ynh_normalize_url_path $path_url) # Check web path availability ynh_webpath_available $domain $path_url # Register (book) web path ynh_webpath_register $app $domain $path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_app_setting_set $app domain $domain ynh_app_setting_set $app admin $admin_mastodon ynh_app_setting_set $app pass $admin_pass ynh_app_setting_set $app language $language ynh_app_setting_set $app path $path_url #================================================= # STANDARD MODIFICATIONS #================================================= #================================================= # INSTALL DEPENDENCIES #================================================= # TODO: add in a clean way backports and yarn # Import debian archive pubkey, need on ARM arch arch=$(uname -m) if [[ $arch = arm* ]]; then apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 fi # Install source.list debian package backports & yarn cp ../conf/backports.list /etc/apt/sources.list.d/ curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - cp ../conf/yarn.list /etc/apt/sources.list.d/ ynh_package_update # Creates the destination directory and stores its location. ynh_app_setting_set $app final_path $final_path # Install de Node.js # TODO: use https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/ynh_install_nodejs/ynh_install_nodejs ( cd /opt curl -sL https://deb.nodesource.com/setup_6.x | bash - apt-get -y install nodejs ) # TODO: use the same mecanism with other files ynh_install_app_dependencies \ `# debian packages ` \ imagemagick libpq-dev libxml2-dev libxslt1-dev file curl apt-transport-https pkg-config libprotobuf-dev protobuf-compiler libicu-dev libidn11-dev \ `# redis ` \ redis-server redis-tools \ `# postgresql ` \ postgresql postgresql-contrib postgresql-server-dev-9.4 \ `# Ruby ` \ autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev \ `# ffmpeg from backports ` \ ffmpeg \ `# Yarn ` \ yarn #================================================= # CREATE A DATABASE #================================================= # TODO: use non-official https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/postgres/postgres # TODO: this commands doesn't looks like a requirement, you may fully remove it # Set UTF8 encoding by default su -c "psql" postgres <<< \ "update pg_database set datistemplate='false' where datname='template1';" su -c "psql" postgres <<< \ "drop database template1;" su -c "psql" postgres <<< \ "create database template1 encoding='UTF8' template template0;" su -c "psql" postgres <<< \ "update pg_database set datistemplate='true' where datname='template1';" # Create DB without password ynh_psql_create_db_without_password "$app" systemctl restart postgresql #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= # TODO: dont su as $app, work root and set corrects rights at the end of install # Download all sources rbenv, ruby and mastodon ( su $app git clone https://github.com/rbenv/rbenv.git $final_path/.rbenv git clone https://github.com/rbenv/ruby-build.git $final_path/.rbenv/plugins/ruby-build git clone https://github.com/tootsuite/mastodon.git $final_path/live ) #================================================= # NGINX CONFIGURATION #================================================= # TODO: use official helper # Modify Nginx configuration file and copy it to Nginx conf directory sed -i "s@__PATH__@$app@g" ../conf/nginx.conf* sed -i "s@__FINALPATH__@$final_path@g" ../conf/nginx.conf* cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf #================================================= # CREATE DEDICATED USER #================================================= # TODO: use official helper # TODO: AFAIK, no app should change should be in /opt don't use it # Create user unix adduser $app --home /opt/$app --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password --disabled-login # Switch branch to tagged release cd $final_path/live version=$(curl -s https://api.github.com/repos/tootsuite/mastodon/releases/latest | grep tag_name | cut -d\" -f4) ( su $app cd ~/live git checkout $version ) # Install de rbenv ( su $app cd ~/.rbenv src/configure && make -C src echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.profile echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.bashrc echo 'eval "\$(rbenv init -)"' >> ~/.profile ) # Install ruby-build # TODO: /opt/mastodon looks like /opt/$app which is WRONG. ( su $app /opt/mastodon/.rbenv/bin/rbenv install 2.5.0 /opt/mastodon/.rbenv/versions/2.5.0/bin/ruby -v ) # Create symlink for ruby rm /usr/bin/ruby || true ln -s /opt/mastodon/.rbenv/versions/2.5.0/bin/ruby /usr/bin/ruby || true # Install Mastodon # TODO: /opt/mastodon looks like /opt/$app which is WRONG. ( su $app cd ~/live /opt/mastodon/.rbenv/versions/2.5.0/bin/gem install bundler bin/bundle install --deployment --without development test yarn install --production ) # Adjust Mastodon config # TODO: use official helper: ynh_replace_string cp -a $final_path/live/.env.production.sample $final_path/live/.env.production sed -i "s@REDIS_HOST=redis@REDIS_HOST=127.0.0.1@g" "${final_path}/live/.env.production" sed -i "s@DB_HOST=db@DB_HOST=/var/run/postgresql@g" "${final_path}/live/.env.production" sed -i "s@DB_USER=postgres@DB_USER=${app}@g" "${final_path}/live/.env.production" sed -i "s@DB_NAME=postgres@DB_NAME=${app}_production@g" "${final_path}/live/.env.production" sed -i "s@LOCAL_DOMAIN=example.com@LOCAL_DOMAIN=${domain}@g" "${final_path}/live/.env.production" language="$(echo $language | head -c 2)" sed -i "s@# DEFAULT_LOCALE=de@DEFAULT_LOCALE=${language}@g" "${final_path}/live/.env.production" paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) sed -i "s@PAPERCLIP_SECRET=@PAPERCLIP_SECRET=${paperclip_secret}@g" "${final_path}/live/.env.production" sed -i "s@SECRET_KEY_BASE=@SECRET_KEY_BASE=${secret_key_base}@g" "${final_path}/live/.env.production" sed -i "s@OTP_SECRET=@OTP_SECRET=${otp_secret}@g" "${final_path}/live/.env.production" sed -i "s@SMTP_LOGIN=@#SMTP_LOGIN=@g" "${final_path}/live/.env.production" sed -i "s@SMTP_PASSWORD=@#SMTP_PASSWORD=@g" "${final_path}/live/.env.production" sed -i "s@SMTP_SERVER=smtp.mailgun.org@SMTP_SERVER=localhost@g" "${final_path}/live/.env.production" sed -i "s@SMTP_PORT=587@SMTP_PORT=25@g" "${final_path}/live/.env.production" sed -i 's,SMTP_FROM_ADDRESS=notifications@example.com,SMTP_FROM_ADDRESS='${admin_mastodon}'@'${domain}',' "${final_path}/live/.env.production" sed -i "s@#SMTP_AUTH_METHOD=plain@SMTP_AUTH_METHOD=none@g" "${final_path}/live/.env.production" sed -i "s@#SMTP_OPENSSL_VERIFY_MODE=peer@SMTP_OPENSSL_VERIFY_MODE=none@g" "${final_path}/live/.env.production" # Preconfig CSS & JS ( su $app cd ~/live echo "SAFETY_ASSURED=1">> .env.production RAILS_ENV=production bin/bundle exec rails db:setup RAILS_ENV=production bin/bundle exec rails --trace assets:precompile ) # init rbenv & create bundle ( su $app . ~/.profile type rbenv ) # TODO: use official helper ynh_add_systemd_config cp ../conf/mastodon-web.service /etc/systemd/system/mastodon-web.service chown root: /etc/systemd/system/mastodon-web.service cp ../conf/mastodon-sidekiq.service /etc/systemd/system/mastodon-sidekiq.service chown root: /etc/systemd/system/mastodon-sidekiq.service cp ../conf/mastodon-streaming.service /etc/systemd/system/mastodon-streaming.service chown root: /etc/systemd/system/mastodon-streaming.service systemctl daemon-reload systemctl enable /etc/systemd/system/mastodon-*.service systemctl start mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service # debug systemctl status mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service # Create user ( su $app cd ~/live RAILS_ENV=production bundle exec rails c account = Account.create!(username: '$admin_mastodon') user = User.create!(email: '$admin_mastodon_mail', password: '$admin_pass', account: account) ) # Create administrator & confirm user ( su $app cd ~/live RAILS_ENV=production bin/bundle exec rails mastodon:make_admin USERNAME=$admin_mastodon RAILS_ENV=production bin/bundle exec rails mastodon:confirm_email USER_EMAIL=$admin_mastodon_mail ) # Install crontab cp ../conf/crontab_mastodon /etc/cron.d/$app sed -i "s@__APP__@$app@g" /etc/cron.d/$app #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= # TODO:Set permissions to app files #================================================= # ADVERTISE SERVICE IN ADMIN PANEL #================================================= # Add service YunoHost yunohost service add mastodon-web yunohost service add mastodon-sidekiq yunohost service add mastodon-streaming #================================================= # SETUP SSOWAT #================================================= # TODO: all private install # Unprotected url ynh_app_setting_set "$app" unprotected_uris "/" #================================================= # RELOAD NGINX #================================================= # Reload Nginx systemctl reload nginx