From 156240e02c1e36fcccc139ee296921a5c370d9cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 18 May 2024 17:48:40 +0200 Subject: [PATCH] cleaning --- scripts/_common.sh | 20 ------------ scripts/backup | 20 +----------- scripts/install | 44 ++------------------------- scripts/remove | 33 ++------------------ scripts/restore | 76 ++-------------------------------------------- scripts/upgrade | 56 ++++------------------------------ 6 files changed, 14 insertions(+), 235 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index a8bdbb9..ebb9161 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -8,26 +8,6 @@ # PERSONAL HELPERS #================================================= -# custom function to detect armv6 and armv7 -# ($YNH_ARCH returns armhf for both...) -detect_arch(){ - local architecture - if uname -m | grep -q -E "arm64|aarch64" ; then - architecture="arm64" - elif uname -m | grep -q "64" ; then - architecture="amd64" - elif uname -m | grep -q "86" ; then - architecture="i386" - elif uname -m | grep -q "armv6" ; then - architecture="armv6" - elif uname -m | grep -q "armv7" ; then - architecture="armv7" - else - ynh_die --message="The script can't identify a valid architecture. Please report this error." - fi - echo $architecture -} - # custom function to change bash bool 0/1 to false/true convert_bool(){ (("$1")) && echo "true" || echo "false" diff --git a/scripts/backup b/scripts/backup index 0db8849..6ccea16 100755 --- a/scripts/backup +++ b/scripts/backup @@ -28,36 +28,18 @@ ynh_backup --src_path="$install_dir" ynh_backup --src_path="$data_dir" --is_big #================================================= -# BACKUP THE NGINX CONFIGURATION +# SYSTEM CONFIGURATION #================================================= ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# SPECIFIC BACKUP -#================================================= -# BACKUP LOGROTATE -#================================================= - ynh_backup --src_path="/etc/logrotate.d/$app" -#================================================= -# BACKUP FAIL2BAN CONFIGURATION -#================================================= - ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" -#================================================= -# BACKUP SYSTEMD -#================================================= - ynh_backup --src_path="/etc/systemd/system/$app.service" -#================================================= -# BACKUP VARIOUS FILES -#================================================= - #================================================= # BACKUP THE POSTGRESQL DATABASE #================================================= diff --git a/scripts/install b/scripts/install index 980c26e..222d63c 100755 --- a/scripts/install +++ b/scripts/install @@ -153,34 +153,13 @@ ynh_app_setting_set --app="$app" --key=advanced_rate_limit_requests --value="$ad #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 -### `ynh_setup_source` is used to install an app from a zip or tar.gz file, -### downloaded from an upstream source, like a git repository. -### `ynh_setup_source` use the file conf/app.src - -# detect_arch comes from _common.sh / personnal helpers -architecture=$(detect_arch) - # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder _ -# this will be treated as a security issue. chmod -R 750 "$install_dir" chmod -R o-rwx "$install_dir" chown -R "$app:www-data" "$install_dir" -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=1 - -# Create a dedicated NGINX config for the main domain -ynh_add_nginx_config - #================================================= # ADD A CONFIGURATION #================================================= @@ -188,9 +167,6 @@ ynh_script_progression --message="Adding a configuration file..." --weight=1 ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" -# FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config chmod 400 "$install_dir/config.yaml" chown "$app:$app" "$install_dir/config.yaml" @@ -199,32 +175,18 @@ chown "$app:$app" "$install_dir/config.yaml" #================================================= ynh_script_progression --message="Configuring a systemd service..." --weight=1 +# Create a dedicated NGINX config for the main domain +ynh_add_nginx_config + # Create a dedicated systemd config ynh_add_systemd_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Configuring log rotation..." --weight=1 - # Use logrotate to manage application logfile(s) ynh_use_logrotate -#================================================= -# SETUP FAIL2BAN -#================================================= -ynh_script_progression --message="Configuring fail2ban..." --weight=1 - # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/${app}/${app}.log" --failregex="statusCode=401 path=/auth/sign_in clientIP= .* msg=\"Unauthorized:" --max_retry=5 -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - yunohost service add "$app" --description="Gotosocial server" --log="/var/log/$app/$app.log" #================================================= diff --git a/scripts/remove b/scripts/remove index 4dc7628..7ab0655 100755 --- a/scripts/remove +++ b/scripts/remove @@ -10,10 +10,9 @@ source _common.sh source /usr/share/yunohost/helpers #================================================= -# STANDARD REMOVE -#================================================= -# REMOVE SERVICE INTEGRATION IN YUNOHOST +# REMOVE SYSTEM CONFIGURATIONS #================================================= +ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status "$app" >/dev/null @@ -22,45 +21,17 @@ then yunohost service remove "$app" fi -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 - # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 - # Remove the dedicated NGINX config of the main domain ynh_remove_nginx_config -#================================================= -# REMOVE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Removing logrotate configuration..." --weight=1 - # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# REMOVE FAIL2BAN CONFIGURATION -#================================================= - -ynh_script_progression --message="Removing fail2ban configuration..." --weight=1 - ynh_remove_fail2ban_config -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE VARIOUS FILES -#================================================= -ynh_script_progression --message="Removing various files..." --weight=1 - # Remove the log files ynh_secure_remove --file="/var/log/$app" diff --git a/scripts/restore b/scripts/restore index b6c8bee..1dec59e 100755 --- a/scripts/restore +++ b/scripts/restore @@ -10,15 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# STANDARD RESTORATION STEPS -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX configuration..." --weight=1 - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" - #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -26,14 +17,6 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. -chmod 750 "$install_dir" -chmod -R o-rwx "$install_dir" chown -R "$app:www-data" "$install_dir" #================================================= @@ -43,16 +26,6 @@ ynh_script_progression --message="Restoring the data directory..." --weight=5 ynh_restore_file --origin_path="$data_dir" --not_mandatory -mkdir -p "$data_dir" - -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. -chmod 750 "$data_dir" -chmod -R o-rwx "$data_dir" chown -R "$app:www-data" "$data_dir" #================================================= @@ -62,34 +35,6 @@ ynh_script_progression --message="Restoring the PostgreSQL database..." ynh_psql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" < ./db.sql -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE -#================================================= -ynh_script_progression --message="Setting up source files..." --weight=1 - -# detect_arch comes from _common.sh / personnal helpers -architecture="$(detect_arch)" - -# compare if the system arch is different from the binary arch -# if so, download the correct binary -if [ "$architecture" != "$(file "$install_dir"/gotosocial | cut -d ',' -f 2 | tr -d ' ')" ] -then - ynh_script_progression --message="Migrating binary architecture..." - - # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep="config.yaml" -fi - -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder _ -# this will be treated as a security issue. -chmod 750 "$install_dir" -chmod -R o-rwx "$install_dir" -chown -R "$app:www-data" "$install_dir" - #================================================= # RESTORE VARIOUS FILES #================================================= @@ -101,34 +46,17 @@ mkdir -p "/var/log/$app" #================================================= ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" + ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable "$app.service" --quiet -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - yunohost service add "$app" --description="Gotosocial server" --log="/var/log/$app/$app.log" -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 - ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" -#================================================= -# RESTORE THE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1 - ynh_restore_file --origin_path="/etc/logrotate.d/$app" -#================================================= -# RESTORE THE FAIL2BAN CONFIGURATION -#================================================= - ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" ynh_systemd_action --action=restart --service_name=fail2ban diff --git a/scripts/upgrade b/scripts/upgrade index 759b680..1ab7d03 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,12 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# CHECK VERSION -#================================================= - -upgrade_type=$(ynh_check_app_version_changed) - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -283,36 +277,15 @@ fi #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= - -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Upgrading source files..." - - # detect_arch comes from _common.sh / personnal helpers - architecture=$(detect_arch) +ynh_script_progression --message="Upgrading source files..." - # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep="config.yaml" -fi +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep="config.yaml" -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. chmod 750 "$install_dir" chmod -R o-rwx "$install_dir" chown -R "$app:www-data" "$install_dir" -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." - -# Create a dedicated NGINX config for the main domain -ynh_add_nginx_config - #================================================= # UPDATE A CONFIG FILE #================================================= @@ -320,9 +293,6 @@ ynh_script_progression --message="Updating a configuration file..." ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" -# FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config chmod 400 "$install_dir/config.yaml" chown "$app:$app" "$install_dir/config.yaml" @@ -331,32 +301,18 @@ chown "$app:$app" "$install_dir/config.yaml" #================================================= ynh_script_progression --message="Upgrading systemd configuration..." +# Create a dedicated NGINX config for the main domain +ynh_add_nginx_config + # Create a dedicated systemd config ynh_add_systemd_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Upgrading logrotate configuration..." - # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append -#================================================= -# SETUP FAIL2BAN -#================================================= -ynh_script_progression --message="Upgrading fail2ban configuration..." - # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/${app}/${app}.log" --failregex="statusCode=401 path=/auth/sign_in clientIP= .* msg=\"Unauthorized:" --max_retry=5 -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - yunohost service add "$app" --description="Gotosocial server" --log="/var/log/$app/$app.log" #=================================================