From 8d030bdd7995b4ed83e76ea5abdc5bf120ecd3ed Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Tue, 5 Sep 2023 17:05:06 +0200 Subject: [PATCH 1/9] typo --- scripts/restore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/restore b/scripts/restore index 30c1fe3..460ad56 100755 --- a/scripts/restore +++ b/scripts/restore @@ -186,7 +186,7 @@ ynh_script_progression --message="Setting up source files..." --weight=1 # detect_arch comes from _common.sh / personnal helpers architecture="$(detect_arch)" -# compare is the system arch is different from the binary arch +# compare if the system arch is different from the binary arch # if so, download the correct binary if [ "$architecture" != "$(file "$final_path"/gotosocial | cut -d ',' -f 2 | tr -d ' ')" ] then From 29d5e85179e8bddf71f602fdc4c30daf80b6d58f Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Sun, 10 Sep 2023 22:07:43 +0200 Subject: [PATCH 2/9] initial fail2ban adding --- scripts/backup | 7 +++++++ scripts/install | 7 +++++++ scripts/remove | 8 ++++++++ scripts/restore | 8 ++++++++ scripts/upgrade | 7 +++++++ 5 files changed, 37 insertions(+) diff --git a/scripts/backup b/scripts/backup index 05535cb..14f4599 100755 --- a/scripts/backup +++ b/scripts/backup @@ -72,6 +72,13 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/logrotate.d/$app" +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" + #================================================= # BACKUP SYSTEMD #================================================= diff --git a/scripts/install b/scripts/install index a79e60f..38140cc 100755 --- a/scripts/install +++ b/scripts/install @@ -284,6 +284,13 @@ ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate +#================================================= +# SETUP FAIL2BAN +#================================================= + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" + #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= diff --git a/scripts/remove b/scripts/remove index 3bd5e14..0298c20 100755 --- a/scripts/remove +++ b/scripts/remove @@ -92,6 +92,14 @@ ynh_script_progression --message="Removing logrotate configuration..." --weight= # Remove the app-specific logrotate config ynh_remove_logrotate +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= + +ynh_script_progression --message="Removing fail2ban configuration..." --weight=1 + +ynh_remove_fail2ban_config + #================================================= # CLOSE A PORT #================================================= diff --git a/scripts/restore b/scripts/restore index 460ad56..9247bf9 100755 --- a/scripts/restore +++ b/scripts/restore @@ -241,6 +241,14 @@ ynh_script_progression --message="Restoring the logrotate configuration..." --we ynh_restore_file --origin_path="/etc/logrotate.d/$app" +#================================================= +# RESTORE THE FAIL2BAN CONFIGURATION +#================================================= + +ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 83bd7e8..8e13eee 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -410,6 +410,13 @@ ynh_script_progression --message="Upgrading logrotate configuration..." # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append +#================================================= +# SETUP FAIL2BAN +#================================================= + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" + #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= From d1c00c32e16361ab950f036bb74fa8811de4eaca Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Sun, 10 Sep 2023 22:37:13 +0200 Subject: [PATCH 3/9] add logpath & regex --- scripts/install | 2 +- scripts/upgrade | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 38140cc..5bf4175 100755 --- a/scripts/install +++ b/scripts/install @@ -289,7 +289,7 @@ ynh_use_logrotate #================================================= # Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" +ynh_add_fail2ban_config --logpath="/var/log/${app}/${app}.log" --failregex="statusCode=401 path=/auth/sign_in clientIP= .* msg=\"Unauthorized:" --max_retry=5 #================================================= # INTEGRATE SERVICE IN YUNOHOST diff --git a/scripts/upgrade b/scripts/upgrade index 8e13eee..be00b13 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -415,7 +415,7 @@ ynh_use_logrotate --non-append #================================================= # Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" +ynh_add_fail2ban_config --logpath="/var/log/${app}/${app}.log" --failregex="statusCode=401 path=/auth/sign_in clientIP= .* msg=\"Unauthorized:" --max_retry=5 #================================================= # INTEGRATE SERVICE IN YUNOHOST From ed9fc6c961984d394cd0b40b2f76f8aa7cdbdd21 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Sun, 10 Sep 2023 22:55:58 +0200 Subject: [PATCH 4/9] add ynh_script_progression for fail2ban --- scripts/install | 1 + scripts/upgrade | 1 + 2 files changed, 2 insertions(+) diff --git a/scripts/install b/scripts/install index 5bf4175..6e35f95 100755 --- a/scripts/install +++ b/scripts/install @@ -287,6 +287,7 @@ ynh_use_logrotate #================================================= # SETUP FAIL2BAN #================================================= +ynh_script_progression --message="Configuring fail2ban..." --weight=1 # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/${app}/${app}.log" --failregex="statusCode=401 path=/auth/sign_in clientIP= .* msg=\"Unauthorized:" --max_retry=5 diff --git a/scripts/upgrade b/scripts/upgrade index be00b13..1e54fd0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -413,6 +413,7 @@ ynh_use_logrotate --non-append #================================================= # SETUP FAIL2BAN #================================================= +ynh_script_progression --message="Upgrading fail2ban configuration..." # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/${app}/${app}.log" --failregex="statusCode=401 path=/auth/sign_in clientIP= .* msg=\"Unauthorized:" --max_retry=5 From eed0be846cbf7c0c45e033ccd644e619a5a4d8f9 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Sun, 10 Sep 2023 23:06:40 +0200 Subject: [PATCH 5/9] bump version --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 7fca2a8..4c5860e 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "ActivityPub social network server", "fr": "Serveur de réseau social basé sur ActivityPub" }, - "version": "0.11.1~ynh2", + "version": "0.11.1~ynh3", "url": "https://github.com/superseriousbusiness/gotosocial", "upstream": { "license": "AGPL-3.0-only", From 736d548f1a4b2887bb374857e0e65ae8017c2c23 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 10 Sep 2023 21:06:45 +0000 Subject: [PATCH 6/9] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d8e6dfa..5a97609 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ With GoToSocial, you can keep in touch with your friends, post, read, and share Documentation is at [docs.gotosocial.org](https://docs.gotosocial.org). -**Shipped version:** 0.11.1~ynh2 +**Shipped version:** 0.11.1~ynh3 ## Screenshots diff --git a/README_fr.md b/README_fr.md index d0bd5a0..695a233 100644 --- a/README_fr.md +++ b/README_fr.md @@ -25,7 +25,7 @@ Avec GoToSocial, vous pouvez rester en contact avec vos amis, publier, lire et p Vous pouvez consulter la documentation à l'adresse : [docs.gotosocial.org](https://docs.gotosocial.org). -**Version incluse :** 0.11.1~ynh2 +**Version incluse :** 0.11.1~ynh3 ## Captures d’écran From 84e8921a18881a3b20a6aec919c65356d8209be4 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Sun, 10 Sep 2023 23:16:52 +0200 Subject: [PATCH 7/9] Create the logfile, required before configuring fail2ban --- scripts/install | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/install b/scripts/install index 6e35f95..12c3195 100755 --- a/scripts/install +++ b/scripts/install @@ -289,6 +289,9 @@ ynh_use_logrotate #================================================= ynh_script_progression --message="Configuring fail2ban..." --weight=1 +# Create the logfile, required before configuring fail2ban +touch "/var/log/${app}/${app}.log" + # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/${app}/${app}.log" --failregex="statusCode=401 path=/auth/sign_in clientIP= .* msg=\"Unauthorized:" --max_retry=5 From 90927e2da1fa44927907ba54986685fc30f96758 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Sun, 10 Sep 2023 23:25:05 +0200 Subject: [PATCH 8/9] mask the `"remote_url" has [count(*)] args, but no placeholders` error --- scripts/install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 12c3195..f7fe5e6 100755 --- a/scripts/install +++ b/scripts/install @@ -307,9 +307,9 @@ yunohost service add "$app" --description="Gotosocial server" --log="/var/log/$a #================================================= ynh_script_progression --message="Creating gotosocial admin user..." --weight=1 -"$final_path"/gotosocial --config-path "$final_path/config.yaml" admin account create --username "$admin" --email "$email" --password "$password" +ynh_exec_warn_less "$final_path"/gotosocial --config-path "$final_path/config.yaml" admin account create --username "$admin" --email "$email" --password "$password" -"$final_path"/gotosocial --config-path "$final_path/config.yaml" admin account promote --username "$admin" +ynh_exec_warn_less "$final_path"/gotosocial --config-path "$final_path/config.yaml" admin account promote --username "$admin" #================================================= # START SYSTEMD SERVICE From cc96fc480487a1005be254915438832d3c74aca7 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Mon, 11 Sep 2023 00:30:07 +0200 Subject: [PATCH 9/9] meh linter --- scripts/install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index f7fe5e6..12c3195 100755 --- a/scripts/install +++ b/scripts/install @@ -307,9 +307,9 @@ yunohost service add "$app" --description="Gotosocial server" --log="/var/log/$a #================================================= ynh_script_progression --message="Creating gotosocial admin user..." --weight=1 -ynh_exec_warn_less "$final_path"/gotosocial --config-path "$final_path/config.yaml" admin account create --username "$admin" --email "$email" --password "$password" +"$final_path"/gotosocial --config-path "$final_path/config.yaml" admin account create --username "$admin" --email "$email" --password "$password" -ynh_exec_warn_less "$final_path"/gotosocial --config-path "$final_path/config.yaml" admin account promote --username "$admin" +"$final_path"/gotosocial --config-path "$final_path/config.yaml" admin account promote --username "$admin" #================================================= # START SYSTEMD SERVICE