diff --git a/README.md b/README.md index d8e6dfa..5a97609 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ With GoToSocial, you can keep in touch with your friends, post, read, and share Documentation is at [docs.gotosocial.org](https://docs.gotosocial.org). -**Shipped version:** 0.11.1~ynh2 +**Shipped version:** 0.11.1~ynh3 ## Screenshots diff --git a/README_fr.md b/README_fr.md index d0bd5a0..695a233 100644 --- a/README_fr.md +++ b/README_fr.md @@ -25,7 +25,7 @@ Avec GoToSocial, vous pouvez rester en contact avec vos amis, publier, lire et p Vous pouvez consulter la documentation à l'adresse : [docs.gotosocial.org](https://docs.gotosocial.org). -**Version incluse :** 0.11.1~ynh2 +**Version incluse :** 0.11.1~ynh3 ## Captures d’écran diff --git a/manifest.json b/manifest.json index 7fca2a8..4c5860e 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "ActivityPub social network server", "fr": "Serveur de réseau social basé sur ActivityPub" }, - "version": "0.11.1~ynh2", + "version": "0.11.1~ynh3", "url": "https://github.com/superseriousbusiness/gotosocial", "upstream": { "license": "AGPL-3.0-only", diff --git a/scripts/backup b/scripts/backup index 05535cb..14f4599 100755 --- a/scripts/backup +++ b/scripts/backup @@ -72,6 +72,13 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/logrotate.d/$app" +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" + #================================================= # BACKUP SYSTEMD #================================================= diff --git a/scripts/install b/scripts/install index a79e60f..12c3195 100755 --- a/scripts/install +++ b/scripts/install @@ -284,6 +284,17 @@ ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Configuring fail2ban..." --weight=1 + +# Create the logfile, required before configuring fail2ban +touch "/var/log/${app}/${app}.log" + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/${app}/${app}.log" --failregex="statusCode=401 path=/auth/sign_in clientIP= .* msg=\"Unauthorized:" --max_retry=5 + #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= diff --git a/scripts/remove b/scripts/remove index 3bd5e14..0298c20 100755 --- a/scripts/remove +++ b/scripts/remove @@ -92,6 +92,14 @@ ynh_script_progression --message="Removing logrotate configuration..." --weight= # Remove the app-specific logrotate config ynh_remove_logrotate +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= + +ynh_script_progression --message="Removing fail2ban configuration..." --weight=1 + +ynh_remove_fail2ban_config + #================================================= # CLOSE A PORT #================================================= diff --git a/scripts/restore b/scripts/restore index 30c1fe3..9247bf9 100755 --- a/scripts/restore +++ b/scripts/restore @@ -186,7 +186,7 @@ ynh_script_progression --message="Setting up source files..." --weight=1 # detect_arch comes from _common.sh / personnal helpers architecture="$(detect_arch)" -# compare is the system arch is different from the binary arch +# compare if the system arch is different from the binary arch # if so, download the correct binary if [ "$architecture" != "$(file "$final_path"/gotosocial | cut -d ',' -f 2 | tr -d ' ')" ] then @@ -241,6 +241,14 @@ ynh_script_progression --message="Restoring the logrotate configuration..." --we ynh_restore_file --origin_path="/etc/logrotate.d/$app" +#================================================= +# RESTORE THE FAIL2BAN CONFIGURATION +#================================================= + +ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 83bd7e8..1e54fd0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -410,6 +410,14 @@ ynh_script_progression --message="Upgrading logrotate configuration..." # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Upgrading fail2ban configuration..." + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/${app}/${app}.log" --failregex="statusCode=401 path=/auth/sign_in clientIP= .* msg=\"Unauthorized:" --max_retry=5 + #================================================= # INTEGRATE SERVICE IN YUNOHOST #=================================================