#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= ynh_clean_setup () { ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= app="$YNH_APP_INSTANCE_NAME" landing_page_user="" domain="$YNH_APP_ARG_DOMAIN" path_url="/" client_max_body_size="100M" admin="$YNH_APP_ARG_ADMIN" email="$YNH_APP_ARG_EMAIL" password="$YNH_APP_ARG_PASSWORD" # Config stuff: cache_memory_target="100MiB" accounts_registration_open=$(convert_bool "$YNH_APP_ARG_ACCOUNTS_REGISTRATION_OPEN") accounts_approval_required=$(convert_bool "$YNH_APP_ARG_ACCOUNTS_APPROVAL_REQUIRED") accounts_reason_required=$(convert_bool "$YNH_APP_ARG_ACCOUNTS_REASON_REQUIRED") accounts_allow_custom_css="false" accounts_custom_css_length="10000" instance_federation_mode="blocklist" instance_expose_peers="false" instance_expose_suspended="false" instance_expose_suspended_web="false" instance_expose_public_timeline="false" instance_deliver_to_shared_inboxes="true" instance_inject_mastodon_version="false" media_image_max_size="10485760" media_video_max_size="41943040" media_description_min_chars="0" media_description_max_chars="500" media_remote_cache_days="7" media_emoji_local_max_size="51200" media_emoji_remote_max_size="102400" storage_backend="local" storage_s3_endpoint="" storage_s3_proxy="false" storage_s3_access_key="" storage_s3_secret_key="" storage_s3_bucket="" statuses_max_chars="5000" statuses_cw_max_chars="100" statuses_poll_max_options="6" statuses_poll_option_max_chars="50" statuses_media_max_files="6" oidc_enabled="false" oidc_idp_name="" oidc_skip_verification="false" oidc_issuer="" oidc_client_id="" oidc_client_secret="" oidc_link_existing="false" smtp_host="localhost" smtp_port="25" smtp_username="" smtp_password="" smtp_from="noreply@$domain" smtp_disclose_recipients="false" advanced_cookies_samesite="lax" advanced_rate_limit_requests="300" #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." --weight=1 final_path="/var/www/$app" test ! -e "$final_path" || ynh_die --message="This path already contains a folder" ynh_webpath_register --app="$app" --domain="$domain" --path_url="$path_url" #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app="$app" --key=final_path --value="$final_path" ynh_app_setting_set --app="$app" --key=landing_page_user --value="$landing_page_user" ynh_app_setting_set --app="$app" --key=domain --value="$domain" ynh_app_setting_set --app="$app" --key=path_url --value="$path_url" ynh_app_setting_set --app="$app" --key=client_max_body_size --value="$client_max_body_size" ynh_app_setting_set --app="$app" --key=admin --value="$admin" ynh_app_setting_set --app="$app" --key=email --value="$email" ynh_app_setting_set --app="$app" --key=password --value="$password" ynh_app_setting_set --app="$app" --key=cache_memory_target --value="$cache_memory_target" ynh_app_setting_set --app="$app" --key=accounts_registration_open --value="$accounts_registration_open" ynh_app_setting_set --app="$app" --key=accounts_approval_required --value="$accounts_approval_required" ynh_app_setting_set --app="$app" --key=accounts_reason_required --value="$accounts_reason_required" ynh_app_setting_set --app="$app" --key=accounts_allow_custom_css --value="$accounts_allow_custom_css" ynh_app_setting_set --app="$app" --key=accounts_custom_css_length --value="$accounts_custom_css_length" ynh_app_setting_set --app="$app" --key=instance_federation_mode --value="$instance_federation_mode" ynh_app_setting_set --app="$app" --key=instance_expose_peers --value="$instance_expose_peers" ynh_app_setting_set --app="$app" --key=instance_expose_suspended --value="$instance_expose_suspended" ynh_app_setting_set --app="$app" --key=instance_expose_suspended_web --value="$instance_expose_suspended_web" ynh_app_setting_set --app="$app" --key=instance_expose_public_timeline --value="$instance_expose_public_timeline" ynh_app_setting_set --app="$app" --key=instance_deliver_to_shared_inboxes --value="$instance_deliver_to_shared_inboxes" ynh_app_setting_set --app="$app" --key=instance_inject_mastodon_version --value="$instance_inject_mastodon_version" ynh_app_setting_set --app="$app" --key=media_image_max_size --value="$media_image_max_size" ynh_app_setting_set --app="$app" --key=media_video_max_size --value="$media_video_max_size" ynh_app_setting_set --app="$app" --key=media_description_min_chars --value="$media_description_min_chars" ynh_app_setting_set --app="$app" --key=media_description_max_chars --value="$media_description_max_chars" ynh_app_setting_set --app="$app" --key=media_remote_cache_days --value="$media_remote_cache_days" ynh_app_setting_set --app="$app" --key=media_emoji_local_max_size --value="$media_emoji_local_max_size" ynh_app_setting_set --app="$app" --key=media_emoji_remote_max_size --value="$media_emoji_remote_max_size" ynh_app_setting_set --app="$app" --key=storage_backend --value="$storage_backend" ynh_app_setting_set --app="$app" --key=storage_s3_endpoint --value="$storage_s3_endpoint" ynh_app_setting_set --app="$app" --key=storage_s3_proxy --value="$storage_s3_proxy" ynh_app_setting_set --app="$app" --key=storage_s3_access_key --value="$storage_s3_access_key" ynh_app_setting_set --app="$app" --key=storage_s3_secret_key --value="$storage_s3_secret_key" ynh_app_setting_set --app="$app" --key=storage_s3_bucket --value="$storage_s3_bucket" ynh_app_setting_set --app="$app" --key=statuses_max_chars --value="$statuses_max_chars" ynh_app_setting_set --app="$app" --key=statuses_cw_max_chars --value="$statuses_cw_max_chars" ynh_app_setting_set --app="$app" --key=statuses_poll_max_options --value="$statuses_poll_max_options" ynh_app_setting_set --app="$app" --key=statuses_poll_option_max_chars --value="$statuses_poll_option_max_chars" ynh_app_setting_set --app="$app" --key=statuses_media_max_files --value="$statuses_media_max_files" ynh_app_setting_set --app="$app" --key=oidc_enabled --value="$oidc_enabled" ynh_app_setting_set --app="$app" --key=oidc_idp_name --value="$oidc_idp_name" ynh_app_setting_set --app="$app" --key=oidc_skip_verification --value="$oidc_skip_verification" ynh_app_setting_set --app="$app" --key=oidc_issuer --value="$oidc_issuer" ynh_app_setting_set --app="$app" --key=oidc_client_id --value="$oidc_client_id" ynh_app_setting_set --app="$app" --key=oidc_client_secret --value="$oidc_client_secret" ynh_app_setting_set --app="$app" --key=oidc_client_secret --value="$oidc_link_existing" ynh_app_setting_set --app="$app" --key=smtp_host --value="$smtp_host" ynh_app_setting_set --app="$app" --key=smtp_port --value="$smtp_port" ynh_app_setting_set --app="$app" --key=smtp_username --value="$smtp_username" ynh_app_setting_set --app="$app" --key=smtp_password --value="$smtp_password" ynh_app_setting_set --app="$app" --key=smtp_from --value="$smtp_from" ynh_app_setting_set --app="$app" --key=smtp_disclose_recipients --value="$smtp_disclose_recipients" ynh_app_setting_set --app="$app" --key=advanced_cookies_samesite --value="$advanced_cookies_samesite" ynh_app_setting_set --app="$app" --key=advanced_rate_limit_requests --value="$advanced_rate_limit_requests" #================================================= # STANDARD MODIFICATIONS #================================================= # FIND AND OPEN A PORT #================================================= ynh_script_progression --message="Finding an available port..." --weight=1 # Find an available port port=$(ynh_find_port --port=8095) ynh_app_setting_set --app="$app" --key=port --value="$port" #================================================= # INSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Installing dependencies..." --weight=5 ynh_exec_warn_less ynh_install_app_dependencies "$pkg_dependencies" #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user ynh_system_user_create --username="$app" --home_dir="$final_path" #================================================= # CREATE A POSTGRESQL DATABASE #================================================= ynh_script_progression --message="Creating a PostgreSQL database..." --weight=5 db_name=$(ynh_sanitize_dbid --db_name="$app") db_user="$db_name" db_pwd=$(ynh_string_random --length=30) ynh_app_setting_set --app="$app" --key=db_name --value="$db_name" ynh_app_setting_set --app="$app" --key=db_user --value="$db_user" ynh_app_setting_set --app="$app" --key=db_pwd --value="$db_pwd" ynh_psql_test_if_first_run ynh_psql_setup_db --db_user="$db_user" --db_name="$db_name" --db_pwd="$db_pwd" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 ### `ynh_setup_source` is used to install an app from a zip or tar.gz file, ### downloaded from an upstream source, like a git repository. ### `ynh_setup_source` use the file conf/app.src # detect_arch comes from _common.sh / personnal helpers architecture=$(detect_arch) # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" --source_id="$architecture" # FIXME: this should be managed by the core in the future # Here, as a packager, you may have to tweak the ownerhsip/permissions # such that the appropriate users (e.g. maybe www-data) can access # files in some cases. # But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder _ # this will be treated as a security issue. chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R "$app:www-data" "$final_path" #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config for the main domain ynh_add_nginx_config #================================================= # CREATE DATA DIRECTORY #================================================= ynh_script_progression --message="Creating a data directory..." --weight=1 datadir=/home/yunohost.app/$app ynh_app_setting_set --app="$app" --key=datadir --value="$datadir" mkdir -p "$datadir" # FIXME: this should be managed by the core in the future # Here, as a packager, you may have to tweak the ownerhsip/permissions # such that the appropriate users (e.g. maybe www-data) can access # files in some cases. # But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - # this will be treated as a security issue. chmod 750 "$datadir" chmod -R o-rwx "$datadir" chown -R "$app:www-data" "$datadir" #================================================= # ADD A CONFIGURATION #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml" # FIXME: this should be handled by the core in the future # You may need to use chmod 600 instead of 400, # for example if the app is expected to be able to modify its own config chmod 400 "$final_path/config.yaml" chown "$app:$app" "$final_path/config.yaml" #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Configuring a systemd service..." --weight=1 # Create a dedicated systemd config ynh_add_systemd_config #================================================= # GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring fail2ban..." --weight=1 # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/${app}/${app}.log" --failregex="statusCode=401 path=/auth/sign_in clientIP= .* msg=\"Unauthorized:" --max_retry=5 #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 yunohost service add "$app" --description="Gotosocial server" --log="/var/log/$app/$app.log" #================================================= # CREATE ADMIN USER #================================================= ynh_script_progression --message="Creating gotosocial admin user..." --weight=1 # using "/var/www/$app" instead of "$final_path" as a temporary workaround for this bug: # bad_ynh_exec_syntax() false positive: https://github.com/YunoHost/package_linter/issues/123 ynh_exec_warn_less /var/www/"$app"/gotosocial --config-path "$final_path/config.yaml" admin account create --username "$admin" --email "$email" --password "$password" ynh_exec_warn_less /var/www/"$app"/gotosocial --config-path "$final_path/config.yaml" admin account promote --username "$admin" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 # Everyone can access the app. ynh_permission_update --permission="main" --add="visitors" #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed" --last