diff --git a/check_process b/check_process index fab8d82..d6a6403 100644 --- a/check_process +++ b/check_process @@ -1,12 +1,7 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - is_public=1 (PUBLIC|public=1|private=0) + domain="domain.tld" + is_public=1 language="en_US" ; Checks pkg_linter=1 @@ -18,7 +13,6 @@ upgrade=1 backup_restore=1 multi_instance=1 - port_already_use=0 change_url=0 ;;; Options Email=anmol@datamol.org diff --git a/conf/config.ini.sample b/conf/config.ini.sample new file mode 100644 index 0000000..0bbe1b2 --- /dev/null +++ b/conf/config.ini.sample @@ -0,0 +1,33 @@ +; Register App Settings +; The URL Unshortener automatically parses links to URL Shorteners like bit.ly and displays the long version so that the user knows where a link goes +[App] +api_client_name = YunoHost Halcyon +api_client_website = https://__DOMAIN__/ +who_to_follow_provider = https://vinayaka.tsia.de/cgi-bin/vinayaka-user-match-osa-api.cgi?{{host}}+{{user}} +default_language = __LANGUAGE__ +debug_mode = false +url_unshortener = true + +; Media embed settings +; YouPlay resolves YouTube MP4s on your server and sends this link to the user for privacy-friendly watching +; Vimeo embeds work in the same way as YouPlay embeds here because the official players contain too much spyware +; YouPlay Fallback uses a proprietary API of https://unblockvideos.com and can be used if your own server IP has been blocked by Google +; Invidous is a external service to watch YouTube videos in a privacy-friendly way - Halcyon can automatically rewrite links to a instance you can set here +; Nitter is a external service to view Twitter contents in a privacy-friendly way - Halcyon can automatically rewrite links to a instance you can set here +; Bibliogram is a external service to view Instagram contents in a privacy-friendly way - Halcyon can automatically rewrite links to a instance you can set here +[Media] +youplay = true +vimeo = true +youplay_fallback = true +invidious = invidious.snopyta.org +nitter = nitter.13ad.de +bibliogram = bibliogram.ggc-project.de + +; The proxy can be used optionally to resolve data for privacy-friendly media embeds on the server side - It is not used for Mastodon API requests on login +; Proxy type can be set to none, socks5, socks4, http or https +[Proxy] +type = none +domain = +port = +username = +password = diff --git a/manifest.json b/manifest.json index 6e03eda..80dfd22 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "anmol@datamol.org" }, "requirements": { - "yunohost": ">= 3.8.1" + "yunohost": ">= 4.2.4" }, "multi_instance": true, "services": [ @@ -26,19 +26,11 @@ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain name for Halcyon", - "fr": "Choisissez un nom de domaine pour Halcyon" - }, "example": "example.com" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public application?", - "fr": "Est-ce une application publique ?" - }, "help": { "en": "If enabled, Halcyon will be accessible by people who do not have an account. This can be changed later via the webadmin.", "fr": "Si cette case est cochée, Halcyon sera accessible aux personnes n’ayant pas de compte. Vous pourrez changer ceci plus tard via la webadmin." diff --git a/scripts/install b/scripts/install index dca63f3..a4d7735 100755 --- a/scripts/install +++ b/scripts/install @@ -59,6 +59,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -90,29 +94,10 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) # MODIFY A CONFIG FILE #================================================= -### `ynh_replace_string` is used to replace a string in a file. -### (It's compatible with sed regular expressions syntax) -cp $final_path/config/config.ini.sample $final_path/config/config.ini -ynh_replace_string --match_string="Your application name" --replace_string="Yunohost Halcyon" --target_file="$final_path/config/config.ini" -ynh_replace_string --match_string="example.com" --replace_string="$domain" --target_file="$final_path/config/config.ini" -ynh_replace_string --match_string="en_US" --replace_string="$language" --target_file="$final_path/config/config.ini" +ynh_add_config --template="../conf/config.ini.sample" --destination="$final_path/config/config.ini" -#================================================= -# STORE THE CONFIG FILE CHECKSUM -#================================================= - -# Calculate and store the config file checksum into the app settings -ynh_store_file_checksum --file="$final_path/config/config.ini" - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R $app: $final_path -chmod -R 755 $final_path/data +chmod 400 "$final_path/config/config.ini" +chown $app:$app "$final_path/config/config.ini" #================================================= # SETUP SSOWAT @@ -122,7 +107,7 @@ ynh_script_progression --message="Configuring SSOwat..." --weight=10 # Make app public if necessary or protect it if [ $is_public -eq 1 ] then - ynh_permission_update --permission "main" --add "visitors" + ynh_permission_update --permission="main" --add="visitors" fi #================================================= diff --git a/scripts/restore b/scripts/restore index 01bccc1..95a3bae 100755 --- a/scripts/restore +++ b/scripts/restore @@ -47,6 +47,14 @@ test ! -d $final_path \ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -54,21 +62,9 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# RESTORE USER RIGHTS -#================================================= - -# Restore permissions on app files -chown -R $app: $final_path -chmod -R 755 $final_path/data +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 5d35b9b..e55bd52 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -63,6 +63,14 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -74,9 +82,13 @@ then ynh_script_progression --message="Upgrading source files..." --weight=2 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" + ynh_setup_source --dest_dir="$final_path" --keep="$final_path/config/config.ini" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -85,14 +97,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated nginx config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -101,31 +105,6 @@ ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1 # Create a dedicated PHP-FPM config ynh_add_fpm_config --package="$extra_php_dependencies" -#================================================= -# CREATE DEDICATED USER -#================================================= - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# STORE THE CONFIG FILE CHECKSUM -#================================================= - -ynh_backup_if_checksum_is_different --file="$final_path/config/config.ini" -# Recalculate and store the checksum of the file for the next upgrade. -ynh_store_file_checksum --file="$final_path/config/config.ini" - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions on app files -chown -R $app: $final_path -chmod -R 755 $final_path/data - #================================================= # RELOAD NGINX #=================================================