mirror of
https://github.com/YunoHost-Apps/headscale_ynh.git
synced 2024-09-03 19:25:53 +02:00
Initial commit
This commit is contained in:
commit
703c468939
25 changed files with 1923 additions and 0 deletions
55
.github/ISSUE_TEMPLATE.md
vendored
Normal file
55
.github/ISSUE_TEMPLATE.md
vendored
Normal file
|
@ -0,0 +1,55 @@
|
||||||
|
---
|
||||||
|
name: Bug report
|
||||||
|
about: When creating a bug report, please use the following template to provide all the relevant information and help debugging efficiently.
|
||||||
|
|
||||||
|
---
|
||||||
|
|
||||||
|
**How to post a meaningful bug report**
|
||||||
|
1. *Read this whole template first.*
|
||||||
|
2. *Determine if you are on the right place:*
|
||||||
|
- *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!*
|
||||||
|
- *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.*
|
||||||
|
- *When in doubt, post here and we will figure it out together.*
|
||||||
|
3. *Delete the italic comments as you write over them below, and remove this guide.*
|
||||||
|
---
|
||||||
|
|
||||||
|
### Describe the bug
|
||||||
|
|
||||||
|
*A clear and concise description of what the bug is.*
|
||||||
|
|
||||||
|
### Context
|
||||||
|
|
||||||
|
- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...*
|
||||||
|
- YunoHost version: x.x.x
|
||||||
|
- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...*
|
||||||
|
- Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes*
|
||||||
|
- If yes, please explain:
|
||||||
|
- Using, or trying to install package version/branch:
|
||||||
|
- If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`*
|
||||||
|
|
||||||
|
### Steps to reproduce
|
||||||
|
|
||||||
|
- *If you performed a command from the CLI, the command itself is enough. For example:*
|
||||||
|
```sh
|
||||||
|
sudo yunohost app install the_app
|
||||||
|
```
|
||||||
|
- *If you used the webadmin, please perform the equivalent command from the CLI first.*
|
||||||
|
- *If the error occurs in your browser, explain what you did:*
|
||||||
|
1. *Go to '...'*
|
||||||
|
2. *Click on '...'*
|
||||||
|
3. *Scroll down to '...'*
|
||||||
|
4. *See error*
|
||||||
|
|
||||||
|
### Expected behavior
|
||||||
|
|
||||||
|
*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.*
|
||||||
|
|
||||||
|
### Logs
|
||||||
|
|
||||||
|
*When an operation fails, YunoHost provides a simple way to share the logs.*
|
||||||
|
- *In the webadmin, the error message contains a link to the relevant log page. On that page, you will be able to 'Share with Yunopaste'. If you missed it, the logs of previous operations are also available under Tools > Logs.*
|
||||||
|
- *In command line, the command to share the logs is displayed at the end of the operation and looks like `yunohost log display [log name] --share`. If you missed it, you can find the log ID of a previous operation using `yunohost log list`.*
|
||||||
|
|
||||||
|
*After sharing the log, please copypaste directly the link provided by YunoHost (to help readability, no need to copypaste the entire content of the log here, just the link is enough...)*
|
||||||
|
|
||||||
|
*If applicable and useful, add screenshots to help explain your problem.*
|
16
.github/PULL_REQUEST_TEMPLATE.md
vendored
Normal file
16
.github/PULL_REQUEST_TEMPLATE.md
vendored
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
## Problem
|
||||||
|
|
||||||
|
- *Description of why you made this PR*
|
||||||
|
|
||||||
|
## Solution
|
||||||
|
|
||||||
|
- *And how do you fix that problem*
|
||||||
|
|
||||||
|
## PR Status
|
||||||
|
|
||||||
|
- [ ] Code finished and ready to be reviewed/tested
|
||||||
|
- [ ] The fix/enhancement were manually tested (if applicable)
|
||||||
|
|
||||||
|
## Automatic tests
|
||||||
|
|
||||||
|
Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization)
|
137
.github/workflows/updater.sh
vendored
Executable file
137
.github/workflows/updater.sh
vendored
Executable file
|
@ -0,0 +1,137 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# PACKAGE UPDATING HELPER
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
# This script is meant to be run by GitHub Actions
|
||||||
|
# The YunoHost-Apps organisation offers a template Action to run this script periodically
|
||||||
|
# Since each app is different, maintainers can adapt its contents so as to perform
|
||||||
|
# automatic actions when a new upstream release is detected.
|
||||||
|
|
||||||
|
# Remove this exit command when you are ready to run this Action
|
||||||
|
exit 1
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# FETCHING LATEST RELEASE AND ITS ASSETS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
# Fetching information
|
||||||
|
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
|
||||||
|
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
|
||||||
|
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
|
||||||
|
version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
|
||||||
|
assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'"))
|
||||||
|
|
||||||
|
# Later down the script, we assume the version has only digits and dots
|
||||||
|
# Sometimes the release name starts with a "v", so let's filter it out.
|
||||||
|
# You may need more tweaks here if the upstream repository has different naming conventions.
|
||||||
|
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
|
||||||
|
version=${version:1}
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Setting up the environment variables
|
||||||
|
echo "Current version: $current_version"
|
||||||
|
echo "Latest release from upstream: $version"
|
||||||
|
echo "VERSION=$version" >> $GITHUB_ENV
|
||||||
|
echo "REPO=$repo" >> $GITHUB_ENV
|
||||||
|
# For the time being, let's assume the script will fail
|
||||||
|
echo "PROCEED=false" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
# Proceed only if the retrieved version is greater than the current one
|
||||||
|
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
|
||||||
|
echo "::warning ::No new version available"
|
||||||
|
exit 0
|
||||||
|
# Proceed only if a PR for this new version does not already exist
|
||||||
|
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
|
||||||
|
echo "::warning ::A branch already exists for this update"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
|
||||||
|
echo "${#assets[@]} available asset(s)"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# UPDATE SOURCE FILES
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
# Here we use the $assets variable to get the resources published in the upstream release.
|
||||||
|
# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like.
|
||||||
|
|
||||||
|
# Let's loop over the array of assets URLs
|
||||||
|
for asset_url in ${assets[@]}; do
|
||||||
|
|
||||||
|
echo "Handling asset at $asset_url"
|
||||||
|
|
||||||
|
# Assign the asset to a source file in conf/ directory
|
||||||
|
# Here we base the source file name upon a unique keyword in the assets url (admin vs. update)
|
||||||
|
# Leave $src empty to ignore the asset
|
||||||
|
case $asset_url in
|
||||||
|
*"admin"*)
|
||||||
|
src="app"
|
||||||
|
;;
|
||||||
|
*"update"*)
|
||||||
|
src="app-upgrade"
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
src=""
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
# If $src is not empty, let's process the asset
|
||||||
|
if [ ! -z "$src" ]; then
|
||||||
|
|
||||||
|
# Create the temporary directory
|
||||||
|
tempdir="$(mktemp -d)"
|
||||||
|
|
||||||
|
# Download sources and calculate checksum
|
||||||
|
filename=${asset_url##*/}
|
||||||
|
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
|
||||||
|
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
|
||||||
|
|
||||||
|
# Delete temporary directory
|
||||||
|
rm -rf $tempdir
|
||||||
|
|
||||||
|
# Get extension
|
||||||
|
if [[ $filename == *.tar.gz ]]; then
|
||||||
|
extension=tar.gz
|
||||||
|
else
|
||||||
|
extension=${filename##*.}
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Rewrite source file
|
||||||
|
cat <<EOT > conf/$src.src
|
||||||
|
SOURCE_URL=$asset_url
|
||||||
|
SOURCE_SUM=$checksum
|
||||||
|
SOURCE_SUM_PRG=sha256sum
|
||||||
|
SOURCE_FORMAT=$extension
|
||||||
|
SOURCE_IN_SUBDIR=true
|
||||||
|
SOURCE_FILENAME=
|
||||||
|
EOT
|
||||||
|
echo "... conf/$src.src updated"
|
||||||
|
|
||||||
|
else
|
||||||
|
echo "... asset ignored"
|
||||||
|
fi
|
||||||
|
|
||||||
|
done
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# SPECIFIC UPDATE STEPS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
# Any action on the app's source code can be done.
|
||||||
|
# The GitHub Action workflow takes care of committing all changes after this script ends.
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC FINALIZATION
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
# Replace new version in manifest
|
||||||
|
echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
|
||||||
|
|
||||||
|
# No need to update the README, yunohost-bot takes care of it
|
||||||
|
|
||||||
|
# The Action will proceed only if the PROCEED environment variable is set to true
|
||||||
|
echo "PROCEED=true" >> $GITHUB_ENV
|
||||||
|
exit 0
|
2
.gitignore
vendored
Normal file
2
.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
*~
|
||||||
|
*.sw[op]
|
17
LICENSE
Normal file
17
LICENSE
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in
|
||||||
|
all copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||||
|
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||||
|
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
||||||
|
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
||||||
|
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
||||||
|
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
||||||
|
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
84
README.md
Normal file
84
README.md
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
# Packaging an app, starting from this example
|
||||||
|
|
||||||
|
* Copy this app before working on it, using the ['Use this template'](https://github.com/YunoHost/example_ynh/generate) button on the Github repo.
|
||||||
|
* Edit the `manifest.json` with app specific info.
|
||||||
|
* Edit the `install`, `upgrade`, `remove`, `backup`, and `restore` scripts, and any relevant conf files in `conf/`.
|
||||||
|
* Using the [script helpers documentation.](https://yunohost.org/packaging_apps_helpers)
|
||||||
|
* Add a `LICENSE` file for the package.
|
||||||
|
* Edit `doc/DISCLAIMER*.md`
|
||||||
|
* The `README.md` files are to be automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
|
||||||
|
|
||||||
|
---
|
||||||
|
<!--
|
||||||
|
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
|
||||||
|
It shall NOT be edited by hand.
|
||||||
|
-->
|
||||||
|
|
||||||
|
# Example app for YunoHost
|
||||||
|
|
||||||
|
[![Integration level](https://dash.yunohost.org/integration/example.svg)](https://dash.yunohost.org/appci/app/example) ![Working status](https://ci-apps.yunohost.org/ci/badges/example.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/example.maintain.svg)
|
||||||
|
[![Install Example app with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=example)
|
||||||
|
|
||||||
|
*[Lire ce readme en français.](./README_fr.md)*
|
||||||
|
|
||||||
|
> *This package allows you to install Example app quickly and simply on a YunoHost server.
|
||||||
|
If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
|
||||||
|
|
||||||
|
## Overview
|
||||||
|
|
||||||
|
Some long and extensive description of what the app is and does, lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
|
||||||
|
|
||||||
|
### Features
|
||||||
|
|
||||||
|
- Ut enim ad minim veniam, quis nostrud exercitation ullamco ;
|
||||||
|
- Laboris nisi ut aliquip ex ea commodo consequat ;
|
||||||
|
- Duis aute irure dolor in reprehenderit in voluptate ;
|
||||||
|
- Velit esse cillum dolore eu fugiat nulla pariatur ;
|
||||||
|
- Excepteur sint occaecat cupidatat non proident, sunt in culpa."
|
||||||
|
|
||||||
|
|
||||||
|
**Shipped version:** 1.0~ynh1
|
||||||
|
|
||||||
|
**Demo:** https://demo.example.com
|
||||||
|
|
||||||
|
## Screenshots
|
||||||
|
|
||||||
|
![Screenshot of Example app](./doc/screenshots/example.jpg)
|
||||||
|
|
||||||
|
## Disclaimers / important information
|
||||||
|
|
||||||
|
* Any known limitations, constrains or stuff not working, such as (but not limited to):
|
||||||
|
* requiring a full dedicated domain ?
|
||||||
|
* architectures not supported ?
|
||||||
|
* not-working single-sign on or LDAP integration ?
|
||||||
|
* the app requires an important amount of RAM / disk / .. to install or to work properly
|
||||||
|
* etc...
|
||||||
|
|
||||||
|
* Other infos that people should be aware of, such as:
|
||||||
|
* any specific step to perform after installing (such as manually finishing the install, specific admin credentials, ...)
|
||||||
|
* how to configure / administrate the application if it ain't obvious
|
||||||
|
* upgrade process / specificities / things to be aware of ?
|
||||||
|
* security considerations ?
|
||||||
|
|
||||||
|
## Documentation and resources
|
||||||
|
|
||||||
|
* Official app website: <https://example.com>
|
||||||
|
* Official user documentation: <https://yunohost.org/apps>
|
||||||
|
* Official admin documentation: <https://yunohost.org/packaging_apps>
|
||||||
|
* Upstream app code repository: <https://some.forge.com/example/example>
|
||||||
|
* YunoHost documentation for this app: <https://yunohost.org/app_example>
|
||||||
|
* Report a bug: <https://github.com/YunoHost-Apps/example_ynh/issues>
|
||||||
|
|
||||||
|
## Developer info
|
||||||
|
|
||||||
|
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/example_ynh/tree/testing).
|
||||||
|
|
||||||
|
To try the testing branch, please proceed like that.
|
||||||
|
|
||||||
|
``` bash
|
||||||
|
sudo yunohost app install https://github.com/YunoHost-Apps/example_ynh/tree/testing --debug
|
||||||
|
or
|
||||||
|
sudo yunohost app upgrade example -u https://github.com/YunoHost-Apps/example_ynh/tree/testing --debug
|
||||||
|
```
|
||||||
|
|
||||||
|
**More info regarding app packaging:** <https://yunohost.org/packaging_apps>
|
34
check_process
Normal file
34
check_process
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
# See here for more information
|
||||||
|
# https://github.com/YunoHost/package_check#syntax-check_process-file
|
||||||
|
|
||||||
|
# Move this file from check_process.default to check_process when you have filled it.
|
||||||
|
|
||||||
|
;; Test complet
|
||||||
|
; Manifest
|
||||||
|
domain="domain.tld"
|
||||||
|
path="/path"
|
||||||
|
is_public=1
|
||||||
|
language="fr"
|
||||||
|
admin="john"
|
||||||
|
password="1Strong-Password"
|
||||||
|
port="666"
|
||||||
|
; Checks
|
||||||
|
pkg_linter=1
|
||||||
|
setup_sub_dir=1
|
||||||
|
setup_root=1
|
||||||
|
setup_nourl=0
|
||||||
|
setup_private=1
|
||||||
|
setup_public=1
|
||||||
|
upgrade=1
|
||||||
|
upgrade=1 from_commit=CommitHash
|
||||||
|
backup_restore=1
|
||||||
|
multi_instance=1
|
||||||
|
port_already_use=0
|
||||||
|
change_url=1
|
||||||
|
;;; Options
|
||||||
|
Email=
|
||||||
|
Notification=none
|
||||||
|
;;; Upgrade options
|
||||||
|
; commit=CommitHash
|
||||||
|
name=Name and date of the commit.
|
||||||
|
manifest_arg=domain=DOMAIN&path=PATH&is_public=1&language=fr&admin=USER&password=pass&port=666&
|
318
conf/config.yaml
Normal file
318
conf/config.yaml
Normal file
|
@ -0,0 +1,318 @@
|
||||||
|
# headscale will look for a configuration file named `config.yaml` (or `config.json`) in the following order:
|
||||||
|
#
|
||||||
|
# - `/etc/headscale`
|
||||||
|
# - `~/.headscale`
|
||||||
|
# - current working directory
|
||||||
|
|
||||||
|
# The url clients will connect to.
|
||||||
|
# Typically this will be a domain like:
|
||||||
|
#
|
||||||
|
# https://myheadscale.example.com:443
|
||||||
|
#
|
||||||
|
server_url: https://__DOMAIN__
|
||||||
|
|
||||||
|
# Address to listen to / bind to on the server
|
||||||
|
#
|
||||||
|
# For production:
|
||||||
|
listen_addr: 127.0.0.1:__PORT__
|
||||||
|
|
||||||
|
# Address to listen to /metrics, you may want
|
||||||
|
# to keep this endpoint private to your internal
|
||||||
|
# network
|
||||||
|
#
|
||||||
|
metrics_listen_addr: 127.0.0.1:__PORT_METRICS__
|
||||||
|
|
||||||
|
# Address to listen for gRPC.
|
||||||
|
# gRPC is used for controlling a headscale server
|
||||||
|
# remotely with the CLI
|
||||||
|
# Note: Remote access _only_ works if you have
|
||||||
|
# valid certificates.
|
||||||
|
grpc_listen_addr: 127.0.0.1:__PORT_GRPC__
|
||||||
|
|
||||||
|
# Allow the gRPC admin interface to run in INSECURE
|
||||||
|
# mode. This is not recommended as the traffic will
|
||||||
|
# be unencrypted. Only enable if you know what you
|
||||||
|
# are doing.
|
||||||
|
grpc_allow_insecure: false
|
||||||
|
|
||||||
|
# Private key used to encrypt the traffic between headscale
|
||||||
|
# and Tailscale clients.
|
||||||
|
# The private key file will be autogenerated if it's missing.
|
||||||
|
private_key_path: __INSTALL_DIR__/private.key
|
||||||
|
|
||||||
|
# The Noise section includes specific configuration for the
|
||||||
|
# TS2021 Noise protocol
|
||||||
|
noise:
|
||||||
|
# The Noise private key is used to encrypt the
|
||||||
|
# traffic between headscale and Tailscale clients when
|
||||||
|
# using the new Noise-based protocol. It must be different
|
||||||
|
# from the legacy private key.
|
||||||
|
private_key_path: __INSTALL_DIR__/noise_private.key
|
||||||
|
|
||||||
|
# List of IP prefixes to allocate tailaddresses from.
|
||||||
|
# Each prefix consists of either an IPv4 or IPv6 address,
|
||||||
|
# and the associated prefix length, delimited by a slash.
|
||||||
|
# It must be within IP ranges supported by the Tailscale
|
||||||
|
# client - i.e., subnets of 100.64.0.0/10 and fd7a:115c:a1e0::/48.
|
||||||
|
# See below:
|
||||||
|
# IPv6: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#LL81C52-L81C71
|
||||||
|
# IPv4: https://github.com/tailscale/tailscale/blob/22ebb25e833264f58d7c3f534a8b166894a89536/net/tsaddr/tsaddr.go#L33
|
||||||
|
ip_prefixes:
|
||||||
|
- fd7a:115c:a1e0::/48
|
||||||
|
- 100.64.0.0/10
|
||||||
|
|
||||||
|
# DERP is a relay system that Tailscale uses when a direct
|
||||||
|
# connection cannot be established.
|
||||||
|
# https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp
|
||||||
|
#
|
||||||
|
# headscale needs a list of DERP servers that can be presented
|
||||||
|
# to the clients.
|
||||||
|
derp:
|
||||||
|
server:
|
||||||
|
# If enabled, runs the embedded DERP server and merges it into the rest of the DERP config
|
||||||
|
# The Headscale server_url defined above MUST be using https, DERP requires TLS to be in place
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
# Region ID to use for the embedded DERP server.
|
||||||
|
# The local DERP prevails if the region ID collides with other region ID coming from
|
||||||
|
# the regular DERP config.
|
||||||
|
region_id: 999
|
||||||
|
|
||||||
|
# Region code and name are displayed in the Tailscale UI to identify a DERP region
|
||||||
|
region_code: "headscale"
|
||||||
|
region_name: "Headscale Embedded DERP"
|
||||||
|
|
||||||
|
# Listens over UDP at the configured address for STUN connections - to help with NAT traversal.
|
||||||
|
# When the embedded DERP server is enabled stun_listen_addr MUST be defined.
|
||||||
|
#
|
||||||
|
# For more details on how this works, check this great article: https://tailscale.com/blog/how-tailscale-works/
|
||||||
|
stun_listen_addr: "0.0.0.0:3478"
|
||||||
|
|
||||||
|
# List of externally available DERP maps encoded in JSON
|
||||||
|
urls:
|
||||||
|
- https://controlplane.tailscale.com/derpmap/default
|
||||||
|
|
||||||
|
# Locally available DERP map files encoded in YAML
|
||||||
|
#
|
||||||
|
# This option is mostly interesting for people hosting
|
||||||
|
# their own DERP servers:
|
||||||
|
# https://tailscale.com/kb/1118/custom-derp-servers/
|
||||||
|
#
|
||||||
|
# paths:
|
||||||
|
# - /etc/headscale/derp-example.yaml
|
||||||
|
paths: []
|
||||||
|
|
||||||
|
# If enabled, a worker will be set up to periodically
|
||||||
|
# refresh the given sources and update the derpmap
|
||||||
|
# will be set up.
|
||||||
|
auto_update_enabled: true
|
||||||
|
|
||||||
|
# How often should we check for DERP updates?
|
||||||
|
update_frequency: 24h
|
||||||
|
|
||||||
|
# Disables the automatic check for headscale updates on startup
|
||||||
|
disable_check_updates: true
|
||||||
|
|
||||||
|
# Time before an inactive ephemeral node is deleted?
|
||||||
|
ephemeral_node_inactivity_timeout: 30m
|
||||||
|
|
||||||
|
# Period to check for node updates within the tailnet. A value too low will severely affect
|
||||||
|
# CPU consumption of Headscale. A value too high (over 60s) will cause problems
|
||||||
|
# for the nodes, as they won't get updates or keep alive messages frequently enough.
|
||||||
|
# In case of doubts, do not touch the default 10s.
|
||||||
|
node_update_check_interval: 10s
|
||||||
|
|
||||||
|
# SQLite config
|
||||||
|
db_type: sqlite3
|
||||||
|
|
||||||
|
# For production:
|
||||||
|
db_path: __INSTALL_DIR__/db.sqlite
|
||||||
|
|
||||||
|
# FIXME: Disabled due to 'Error initializing error="simple protocol queries must be run with client_encoding=UTF8"'
|
||||||
|
# # Postgres config
|
||||||
|
# If using a Unix socket to connect to Postgres, set the socket path in the 'host' field and leave 'port' blank.
|
||||||
|
#db_type: postgres
|
||||||
|
#db_host: localhost
|
||||||
|
#db_port: 5432
|
||||||
|
#db_name: __DB_NAME
|
||||||
|
#db_user: __DB_USER
|
||||||
|
#db_pass: __DB_PWD
|
||||||
|
# If other 'sslmode' is required instead of 'require(true)' and 'disabled(false)', set the 'sslmode' you need
|
||||||
|
# in the 'db_ssl' field. Refers to https://www.postgresql.org/docs/current/libpq-ssl.html Table 34.1.
|
||||||
|
#db_ssl: false
|
||||||
|
|
||||||
|
### TLS configuration
|
||||||
|
#
|
||||||
|
## Let's encrypt / ACME
|
||||||
|
#
|
||||||
|
# headscale supports automatically requesting and setting up
|
||||||
|
# TLS for a domain with Let's Encrypt.
|
||||||
|
#
|
||||||
|
# URL to ACME directory
|
||||||
|
acme_url: https://acme-v02.api.letsencrypt.org/directory
|
||||||
|
|
||||||
|
# Email to register with ACME provider
|
||||||
|
acme_email: ""
|
||||||
|
|
||||||
|
# Domain name to request a TLS certificate for:
|
||||||
|
tls_letsencrypt_hostname: ""
|
||||||
|
|
||||||
|
# Path to store certificates and metadata needed by
|
||||||
|
# letsencrypt
|
||||||
|
tls_letsencrypt_cache_dir: __INSTALL_DIR__/cache
|
||||||
|
|
||||||
|
# Type of ACME challenge to use, currently supported types:
|
||||||
|
# HTTP-01 or TLS-ALPN-01
|
||||||
|
# See [docs/tls.md](docs/tls.md) for more information
|
||||||
|
tls_letsencrypt_challenge_type: HTTP-01
|
||||||
|
# When HTTP-01 challenge is chosen, letsencrypt must set up a
|
||||||
|
# verification endpoint, and it will be listening on:
|
||||||
|
# :http = port 80
|
||||||
|
tls_letsencrypt_listen: ":http"
|
||||||
|
|
||||||
|
## Use already defined certificates:
|
||||||
|
tls_cert_path: ""
|
||||||
|
tls_key_path: ""
|
||||||
|
|
||||||
|
log:
|
||||||
|
# Output formatting for logs: text or json
|
||||||
|
format: text
|
||||||
|
level: warn
|
||||||
|
|
||||||
|
# Path to a file containg ACL policies.
|
||||||
|
# ACLs can be defined as YAML or HUJSON.
|
||||||
|
# https://tailscale.com/kb/1018/acls/
|
||||||
|
acl_policy_path: ""
|
||||||
|
|
||||||
|
## DNS
|
||||||
|
#
|
||||||
|
# headscale supports Tailscale's DNS configuration and MagicDNS.
|
||||||
|
# Please have a look to their KB to better understand the concepts:
|
||||||
|
#
|
||||||
|
# - https://tailscale.com/kb/1054/dns/
|
||||||
|
# - https://tailscale.com/kb/1081/magicdns/
|
||||||
|
# - https://tailscale.com/blog/2021-09-private-dns-with-magicdns/
|
||||||
|
#
|
||||||
|
dns_config:
|
||||||
|
# Whether to prefer using Headscale provided DNS or use local.
|
||||||
|
override_local_dns: true
|
||||||
|
|
||||||
|
# List of DNS servers to expose to clients.
|
||||||
|
nameservers:
|
||||||
|
- 1.1.1.1
|
||||||
|
|
||||||
|
# NextDNS (see https://tailscale.com/kb/1218/nextdns/).
|
||||||
|
# "abc123" is example NextDNS ID, replace with yours.
|
||||||
|
#
|
||||||
|
# With metadata sharing:
|
||||||
|
# nameservers:
|
||||||
|
# - https://dns.nextdns.io/abc123
|
||||||
|
#
|
||||||
|
# Without metadata sharing:
|
||||||
|
# nameservers:
|
||||||
|
# - 2a07:a8c0::ab:c123
|
||||||
|
# - 2a07:a8c1::ab:c123
|
||||||
|
|
||||||
|
# Split DNS (see https://tailscale.com/kb/1054/dns/),
|
||||||
|
# list of search domains and the DNS to query for each one.
|
||||||
|
#
|
||||||
|
# restricted_nameservers:
|
||||||
|
# foo.bar.com:
|
||||||
|
# - 1.1.1.1
|
||||||
|
# darp.headscale.net:
|
||||||
|
# - 1.1.1.1
|
||||||
|
# - 8.8.8.8
|
||||||
|
|
||||||
|
# Search domains to inject.
|
||||||
|
domains: []
|
||||||
|
|
||||||
|
# Extra DNS records
|
||||||
|
# so far only A-records are supported (on the tailscale side)
|
||||||
|
# See https://github.com/juanfont/headscale/blob/main/docs/dns-records.md#Limitations
|
||||||
|
# extra_records:
|
||||||
|
# - name: "grafana.myvpn.example.com"
|
||||||
|
# type: "A"
|
||||||
|
# value: "100.64.0.3"
|
||||||
|
#
|
||||||
|
# # you can also put it in one line
|
||||||
|
# - { name: "prometheus.myvpn.example.com", type: "A", value: "100.64.0.3" }
|
||||||
|
|
||||||
|
# Whether to use [MagicDNS](https://tailscale.com/kb/1081/magicdns/).
|
||||||
|
# Only works if there is at least a nameserver defined.
|
||||||
|
magic_dns: true
|
||||||
|
|
||||||
|
# Defines the base domain to create the hostnames for MagicDNS.
|
||||||
|
# `base_domain` must be a FQDNs, without the trailing dot.
|
||||||
|
# The FQDN of the hosts will be
|
||||||
|
# `hostname.user.base_domain` (e.g., _myhost.myuser.example.com_).
|
||||||
|
base_domain: __BASE_DOMAIN__
|
||||||
|
|
||||||
|
# Unix socket used for the CLI to connect without authentication
|
||||||
|
# Note: for production you will want to set this to something like:
|
||||||
|
unix_socket: /var/run/__APP__.sock
|
||||||
|
unix_socket_permission: "0770"
|
||||||
|
#
|
||||||
|
# headscale supports experimental OpenID connect support,
|
||||||
|
# it is still being tested and might have some bugs, please
|
||||||
|
# help us test it.
|
||||||
|
# OpenID Connect
|
||||||
|
oidc:
|
||||||
|
only_start_if_oidc_is_available: true
|
||||||
|
issuer: "https://__DEX_DOMAIN____DEX_PATH__"
|
||||||
|
client_id: "__OIDC_NAME__"
|
||||||
|
client_secret: "__OIDC_SECRET__"
|
||||||
|
# # Alternatively, set `client_secret_path` to read the secret from the file.
|
||||||
|
# # It resolves environment variables, making integration to systemd's
|
||||||
|
# # `LoadCredential` straightforward:
|
||||||
|
# client_secret_path: "${CREDENTIALS_DIRECTORY}/oidc_client_secret"
|
||||||
|
# # client_secret and client_secret_path are mutually exclusive.
|
||||||
|
#
|
||||||
|
# # The amount of time from a node is authenticated with OpenID until it
|
||||||
|
# # expires and needs to reauthenticate.
|
||||||
|
# # Setting the value to "0" will mean no expiry.
|
||||||
|
# expiry: 180d
|
||||||
|
#
|
||||||
|
# # Use the expiry from the token received from OpenID when the user logged
|
||||||
|
# # in, this will typically lead to frequent need to reauthenticate and should
|
||||||
|
# # only been enabled if you know what you are doing.
|
||||||
|
# # Note: enabling this will cause `oidc.expiry` to be ignored.
|
||||||
|
# use_expiry_from_token: false
|
||||||
|
#
|
||||||
|
# # Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query
|
||||||
|
# # parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email".
|
||||||
|
#
|
||||||
|
scope: ["openid", "profile", "email", "custom"]
|
||||||
|
extra_params:
|
||||||
|
domain_hint: __DOMAIN__
|
||||||
|
#
|
||||||
|
# # List allowed principal domains and/or users. If an authenticated user's domain is not in this list, the
|
||||||
|
# # authentication request will be rejected.
|
||||||
|
#
|
||||||
|
# allowed_domains:
|
||||||
|
# - example.com
|
||||||
|
# # Note: Groups from keycloak have a leading '/'
|
||||||
|
# allowed_groups:
|
||||||
|
# - /headscale
|
||||||
|
# allowed_users:
|
||||||
|
# - alice@example.com
|
||||||
|
#
|
||||||
|
# # If `strip_email_domain` is set to `true`, the domain part of the username email address will be removed.
|
||||||
|
# # This will transform `first-name.last-name@example.com` to the user `first-name.last-name`
|
||||||
|
# # If `strip_email_domain` is set to `false` the domain part will NOT be removed resulting to the following
|
||||||
|
# user: `first-name.last-name.example.com`
|
||||||
|
#
|
||||||
|
# strip_email_domain: true
|
||||||
|
|
||||||
|
# Logtail configuration
|
||||||
|
# Logtail is Tailscales logging and auditing infrastructure, it allows the control panel
|
||||||
|
# to instruct tailscale nodes to log their activity to a remote server.
|
||||||
|
logtail:
|
||||||
|
# Enable logtail for this headscales clients.
|
||||||
|
# As there is currently no support for overriding the log server in headscale, this is
|
||||||
|
# disabled by default. Enabling this will make your clients send logs to Tailscale Inc.
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
# Enabling this option makes devices prefer a random port for WireGuard traffic over the
|
||||||
|
# default static port 41641. This option is intended as a workaround for some buggy
|
||||||
|
# firewall devices. See https://tailscale.com/kb/1181/firewalls/ for more information.
|
||||||
|
randomize_client_port: false
|
12
conf/nginx.conf
Normal file
12
conf/nginx.conf
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:__PORT__;
|
||||||
|
proxy_redirect http:// https://;
|
||||||
|
proxy_buffering off;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $connection_upgrade;
|
||||||
|
proxy_set_header Host $server_name;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
|
||||||
|
}
|
45
conf/systemd.service
Normal file
45
conf/systemd.service
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Small description of the service
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
User=__APP__
|
||||||
|
Group=__APP__
|
||||||
|
WorkingDirectory=__INSTALL_DIR__/
|
||||||
|
ExecStart=__INSTALL_DIR__/headscale serve
|
||||||
|
StandardOutput=append:/var/log/__APP__/__APP__.log
|
||||||
|
StandardError=inherit
|
||||||
|
|
||||||
|
# Sandboxing options to harden security
|
||||||
|
# Depending on specificities of your service/app, you may need to tweak these
|
||||||
|
# .. but this should be a good baseline
|
||||||
|
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||||
|
NoNewPrivileges=yes
|
||||||
|
PrivateTmp=yes
|
||||||
|
PrivateDevices=yes
|
||||||
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||||
|
RestrictNamespaces=yes
|
||||||
|
RestrictRealtime=yes
|
||||||
|
DevicePolicy=closed
|
||||||
|
ProtectSystem=full
|
||||||
|
ProtectControlGroups=yes
|
||||||
|
ProtectKernelModules=yes
|
||||||
|
ProtectKernelTunables=yes
|
||||||
|
LockPersonality=yes
|
||||||
|
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
|
||||||
|
|
||||||
|
# Denying access to capabilities that should not be relevant for webapps
|
||||||
|
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||||
|
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||||
|
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||||
|
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||||
|
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||||
|
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||||
|
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
295
config_panel.toml.example
Normal file
295
config_panel.toml.example
Normal file
|
@ -0,0 +1,295 @@
|
||||||
|
|
||||||
|
## Config panel are available from webadmin > Apps > YOUR_APP > Config Panel Button
|
||||||
|
## Those panels let user configure some params on their apps using a friendly interface,
|
||||||
|
## and remove the need to manually edit files from the command line.
|
||||||
|
|
||||||
|
## From a packager perspective, this .toml is coupled to the scripts/config script,
|
||||||
|
## which may be used to define custom getters/setters. However, most use cases
|
||||||
|
## should be covered automagically by the core, thus it may not be necessary
|
||||||
|
## to define a scripts/config at all!
|
||||||
|
|
||||||
|
## -----------------------------------------------------------------------------
|
||||||
|
## IMPORTANT: In accordance with YunoHost's spirit, please keep things simple and
|
||||||
|
## do not overwhelm the admin with tons of misunderstandable or advanced settings.
|
||||||
|
## -----------------------------------------------------------------------------
|
||||||
|
|
||||||
|
## The top level describe the entire config panels screen.
|
||||||
|
|
||||||
|
## The version is a required property.
|
||||||
|
## Here a small reminder to associate config panel version with YunoHost version
|
||||||
|
## | Config | YNH | Config panel small change log |
|
||||||
|
## | ------ | --- | ------------------------------------------------------- |
|
||||||
|
## | 0.1 | 3.x | 0.1 config script not compatible with YNH >= 4.3 |
|
||||||
|
## | 1.0 | 4.3.x | The new config panel system with 'bind' property |
|
||||||
|
version = "1.0"
|
||||||
|
|
||||||
|
## (optional) i18n property let you internationalize questions, however this feature
|
||||||
|
## is only available in core configuration panel (like yunohost domain config).
|
||||||
|
## So in app config panel this key is ignored for now, but you can internationalize
|
||||||
|
## by using a lang dictionary (see property name bellow)
|
||||||
|
# i18n = "prefix_translation_key"
|
||||||
|
|
||||||
|
################################################################################
|
||||||
|
#### ABOUT PANELS
|
||||||
|
################################################################################
|
||||||
|
|
||||||
|
## The next level describes web admin panels
|
||||||
|
## You have to choose an ID for each panel, in this example the ID is "main"
|
||||||
|
## Keep in mind this ID will be used in CLI to refer to your question, so choose
|
||||||
|
## something short and meaningfull.
|
||||||
|
## In the webadmin, each panel corresponds to a distinct tab / form
|
||||||
|
[main]
|
||||||
|
|
||||||
|
## Define the label for your panel
|
||||||
|
## Internationalization works similarly to the 'description' and 'ask' questions in the manifest
|
||||||
|
# name.en = "Main configuration"
|
||||||
|
# name.fr = "Configuration principale"
|
||||||
|
|
||||||
|
## (optional) If you need to trigger a service reload-or-restart after the user
|
||||||
|
## change a question in this panel, you can add your service in the list.
|
||||||
|
services = ["__APP__"]
|
||||||
|
# or services = ["nginx", "__APP__"] to also reload-or-restart nginx
|
||||||
|
|
||||||
|
## (optional) This help properties is a short help displayed on the same line
|
||||||
|
## than the panel title but not displayed in the tab.
|
||||||
|
# help = ""
|
||||||
|
|
||||||
|
############################################################################
|
||||||
|
#### ABOUT SECTIONS
|
||||||
|
############################################################################
|
||||||
|
|
||||||
|
## A panel is composed of one or several sections.
|
||||||
|
##
|
||||||
|
## Sections are meant to group questions together when they correspond to
|
||||||
|
## a same subtopic. This impacts the rendering in terms of CLI prompts
|
||||||
|
## and HTML forms
|
||||||
|
##
|
||||||
|
## You should choose an ID for your section, and prefix it with the panel ID
|
||||||
|
## (Be sure to not make a typo in the panel ID, which would implicitly create
|
||||||
|
## an other entire panel)
|
||||||
|
##
|
||||||
|
## We use the context of pepettes_ynh as an example,
|
||||||
|
## which is a simple donation form app written in python,
|
||||||
|
## and for which the admin will want to edit the configuration
|
||||||
|
[main.customization]
|
||||||
|
|
||||||
|
## (optional) Defining a proper title for sections is not mandatory
|
||||||
|
## and depends on the exact rendering you're aiming for the CLI / webadmin
|
||||||
|
name = ""
|
||||||
|
|
||||||
|
## (optional) This help properties is a short help displayed on the same line
|
||||||
|
## than the section title, meant to provide additional details
|
||||||
|
# help = ""
|
||||||
|
|
||||||
|
## (optional) As for panel, you can specify to trigger a service
|
||||||
|
## reload-or-restart after the user change a question in this section.
|
||||||
|
## This property is added to the panel property, it doesn't deactivate it.
|
||||||
|
## So no need to replicate, the service list from panel services property.
|
||||||
|
# services = []
|
||||||
|
|
||||||
|
## (optional) By default all questions are optionals, but you can specify a
|
||||||
|
## default behaviour for question in the section
|
||||||
|
optional = false
|
||||||
|
|
||||||
|
## (optional) It's also possible with the 'visible' property to only
|
||||||
|
## display the section depending on the user's answers to previous questions.
|
||||||
|
##
|
||||||
|
## Be careful that the 'visible' property should only refer to **previous** questions
|
||||||
|
## Hence, it should not make sense to have a "visible" property on the very first section.
|
||||||
|
##
|
||||||
|
## Also, keep in mind that this feature only works in the webadmin and not in CLI
|
||||||
|
## (therefore a user could be prompted in CLI for a question that may not be relevant)
|
||||||
|
# visible = true
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
#### ABOUT QUESTIONS
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
## A section is compound of one or several questions.
|
||||||
|
|
||||||
|
## ---------------------------------------------------------------------
|
||||||
|
## IMPORTANT: as for panel and section you have to choose an ID, but this
|
||||||
|
## one should be unique in all this document, even if the question is in
|
||||||
|
## an other panel.
|
||||||
|
## ---------------------------------------------------------------------
|
||||||
|
|
||||||
|
## You can use same questions types and properties than in manifest.yml
|
||||||
|
## install part. However, in YNH 4.3, a lot of change has been made to
|
||||||
|
## extend availables questions types list.
|
||||||
|
## See: TODO DOC LINK
|
||||||
|
|
||||||
|
[main.customization.project_name]
|
||||||
|
|
||||||
|
## (required) The ask property is equivalent to the ask property in
|
||||||
|
## the manifest. However, in config panels, questions are displayed on the
|
||||||
|
## left side and therefore have less space to be rendered. Therefore,
|
||||||
|
## it is better to use a short question, and use the "help" property to
|
||||||
|
## provide additional details if necessary.
|
||||||
|
ask.en = "Name of the project"
|
||||||
|
|
||||||
|
## (required) The type property indicates how the question should be
|
||||||
|
## displayed, validated and managed. Some types have specific properties.
|
||||||
|
##
|
||||||
|
## Types available: string, boolean, number, range, text, password, path
|
||||||
|
## email, url, date, time, color, select, domain, user, tags, file.
|
||||||
|
##
|
||||||
|
## For a complete list with specific properties, see: TODO DOC LINK
|
||||||
|
type = "string"
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
#### ABOUT THE BIND PROPERTY
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
## (recommended) 'bind' property is a powerful feature that let you
|
||||||
|
## configure how and where the data will be read, validated and written.
|
||||||
|
|
||||||
|
## By default, 'bind property is in "settings" mode, it means it will
|
||||||
|
## **only** read and write the value in application settings file.
|
||||||
|
## bind = "settings"
|
||||||
|
|
||||||
|
## However, settings usually correspond to key/values in actual app configurations
|
||||||
|
## Hence, a more useful mode is to have bind = ":FILENAME". In that case, YunoHost
|
||||||
|
## will automagically find a line with "KEY=VALUE" in FILENAME
|
||||||
|
## (with the adequate separator between KEY and VALUE)
|
||||||
|
##
|
||||||
|
## YunoHost will then use this value for the read/get operation.
|
||||||
|
## During write/set operations, YunoHost will overwrite the value
|
||||||
|
## in **both** FILENAME and in the app's settings.yml
|
||||||
|
|
||||||
|
## Configuration file format supported: yaml, toml, json, ini, env, php,
|
||||||
|
## python. The feature probably works with others formats, but should be tested carefully.
|
||||||
|
|
||||||
|
## Note that this feature only works with relatively simple cases
|
||||||
|
## such as `KEY: VALUE`, but won't properly work with
|
||||||
|
## complex data structures like multilin array/lists or dictionnaries.
|
||||||
|
## It also doesn't work with XML format, custom config function call, php define(), ...
|
||||||
|
|
||||||
|
## More info on TODO
|
||||||
|
# bind = ":/var/www/__APP__/settings.py"
|
||||||
|
|
||||||
|
|
||||||
|
## By default, bind = ":FILENAME" will use the question ID as KEY
|
||||||
|
## ... but the question ID may sometime not be the exact KEY name in the configuration file.
|
||||||
|
##
|
||||||
|
## In particular, in pepettes, the python variable is 'name' and not 'project_name'
|
||||||
|
## (c.f. https://github.com/YunoHost-Apps/pepettes_ynh/blob/5cc2d3ffd6529cc7356ff93af92dbb6785c3ab9a/conf/settings.py##L11 )
|
||||||
|
##
|
||||||
|
## In that case, the key name can be specified before the column ':'
|
||||||
|
|
||||||
|
bind = "name:/var/www/__APP__/settings.py"
|
||||||
|
|
||||||
|
## ---------------------------------------------------------------------
|
||||||
|
## IMPORTANT: other 'bind' mode exists:
|
||||||
|
##
|
||||||
|
## bind = "FILENAME" (with no column character before FILENAME)
|
||||||
|
## may be used to bind to the **entire file content** (instead of a single KEY/VALUE)
|
||||||
|
## This could be used to expose an entire configuration file, or binary files such as images
|
||||||
|
## For example:
|
||||||
|
## bind = "/var/www/__APP__/img/logo.png"
|
||||||
|
##
|
||||||
|
## bind = "null" can be used to disable reading / writing in settings.
|
||||||
|
## This creates sort of a "virtual" or "ephemeral" question which is not related to any actual setting
|
||||||
|
## In this mode, you are expected to define custom getter/setters/validators in scripts/config:
|
||||||
|
##
|
||||||
|
## getter: get__QUESTIONID()
|
||||||
|
## setter: set__QUESTIONID()
|
||||||
|
## validator: validate__QUESTIONID()
|
||||||
|
##
|
||||||
|
## You can also specify a common getter / setter / validator, with the
|
||||||
|
## function 'bind' mode, for example here it will try to run
|
||||||
|
## get__array_settings() first.
|
||||||
|
# bind = "array_settings()"
|
||||||
|
## ---------------------------------------------------------------------
|
||||||
|
|
||||||
|
## ---------------------------------------------------------------------
|
||||||
|
## IMPORTANT: with the exception of bind=null questions,
|
||||||
|
## question IDs should almost **always** correspond to an app setting
|
||||||
|
## initialized / reused during install/upgrade.
|
||||||
|
## Not doing so may result in inconsistencies between the config panel mechanism
|
||||||
|
## and the use of ynh_add_config
|
||||||
|
## ---------------------------------------------------------------------
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
#### OTHER GENERIC PROPERTY FOR QUESTIONS
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
## (optional) An help text for the question
|
||||||
|
help = "Fill the name of the project which will received donation"
|
||||||
|
|
||||||
|
## (optional) An example display as placeholder in web form
|
||||||
|
# example = "YunoHost"
|
||||||
|
|
||||||
|
## (optional) set to true in order to redact the value in operation logs
|
||||||
|
# redact = false
|
||||||
|
|
||||||
|
## (optional) A validation pattern
|
||||||
|
## ---------------------------------------------------------------------
|
||||||
|
## IMPORTANT: your pattern should be between simple quote, not double.
|
||||||
|
## ---------------------------------------------------------------------
|
||||||
|
pattern.regexp = '^\w{3,30}$'
|
||||||
|
pattern.error = "The name should be at least 3 chars and less than 30 chars. Alphanumeric chars are accepted"
|
||||||
|
|
||||||
|
## Note: visible and optional properties are also available for questions
|
||||||
|
|
||||||
|
|
||||||
|
[main.customization.contact_url]
|
||||||
|
ask = "Contact url"
|
||||||
|
type = "url"
|
||||||
|
example = "mailto: contact@example.org"
|
||||||
|
help = "mailto: accepted"
|
||||||
|
pattern.regexp = '^mailto:[^@]+@[^@]+|https://$'
|
||||||
|
pattern.error = "Should be https or mailto:"
|
||||||
|
bind = ":/var/www/__APP__/settings.py"
|
||||||
|
|
||||||
|
[main.customization.logo]
|
||||||
|
ask = "Logo"
|
||||||
|
type = "file"
|
||||||
|
accept = ".png"
|
||||||
|
help = "Fill with an already resized logo"
|
||||||
|
bind = "__FINALPATH__/img/logo.png"
|
||||||
|
|
||||||
|
[main.customization.favicon]
|
||||||
|
ask = "Favicon"
|
||||||
|
type = "file"
|
||||||
|
accept = ".png"
|
||||||
|
help = "Fill with an already sized favicon"
|
||||||
|
bind = "__FINALPATH__/img/favicon.png"
|
||||||
|
|
||||||
|
|
||||||
|
[main.stripe]
|
||||||
|
name = "Stripe general info"
|
||||||
|
optional = false
|
||||||
|
|
||||||
|
# The next alert is overwrited with a getter from the config script
|
||||||
|
[main.stripe.amount]
|
||||||
|
ask = "Donation in the month : XX €
|
||||||
|
type = "alert"
|
||||||
|
style = "success"
|
||||||
|
|
||||||
|
[main.stripe.publishable_key]
|
||||||
|
ask = "Publishable key"
|
||||||
|
type = "string"
|
||||||
|
redact = true
|
||||||
|
help = "Indicate here the stripe publishable key"
|
||||||
|
bind = ":/var/www/__APP__/settings.py"
|
||||||
|
|
||||||
|
[main.stripe.secret_key]
|
||||||
|
ask = "Secret key"
|
||||||
|
type = "string"
|
||||||
|
redact = true
|
||||||
|
help = "Indicate here the stripe secret key"
|
||||||
|
bind = ":/var/www/__APP__/settings.py"
|
||||||
|
|
||||||
|
[main.stripe.prices]
|
||||||
|
ask = "Prices ID"
|
||||||
|
type = "tags"
|
||||||
|
help = """\
|
||||||
|
Indicates here the prices ID of donation products you created in stripe interfaces. \
|
||||||
|
Go on [Stripe products](https://dashboard.stripe.com/products) to create those donation products. \
|
||||||
|
Fill it tag with 'FREQUENCY/CURRENCY/PRICE_ID' \
|
||||||
|
FREQUENCY: 'one_time' or 'recuring' \
|
||||||
|
CURRENCY: 'EUR' or 'USD' \
|
||||||
|
PRICE_ID: ID from stripe interfaces starting with 'price_' \
|
||||||
|
"""
|
||||||
|
pattern.regexp = '^(one_time|recuring)/(EUR|USD)/price_.*$'
|
||||||
|
pattern.error = "Please respect the format describe in help text for each price ID"
|
0
doc/.gitkeep
Normal file
0
doc/.gitkeep
Normal file
9
doc/DESCRIPTION.md
Normal file
9
doc/DESCRIPTION.md
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
Some long and extensive description of what the app is and does, lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
|
||||||
|
|
||||||
|
### Features
|
||||||
|
|
||||||
|
- Ut enim ad minim veniam, quis nostrud exercitation ullamco ;
|
||||||
|
- Laboris nisi ut aliquip ex ea commodo consequat ;
|
||||||
|
- Duis aute irure dolor in reprehenderit in voluptate ;
|
||||||
|
- Velit esse cillum dolore eu fugiat nulla pariatur ;
|
||||||
|
- Excepteur sint occaecat cupidatat non proident, sunt in culpa."
|
12
doc/DISCLAIMER.md
Normal file
12
doc/DISCLAIMER.md
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
* Any known limitations, constrains or stuff not working, such as (but not limited to):
|
||||||
|
* requiring a full dedicated domain ?
|
||||||
|
* architectures not supported ?
|
||||||
|
* not-working single-sign on or LDAP integration ?
|
||||||
|
* the app requires an important amount of RAM / disk / .. to install or to work properly
|
||||||
|
* etc...
|
||||||
|
|
||||||
|
* Other infos that people should be aware of, such as:
|
||||||
|
* any specific step to perform after installing (such as manually finishing the install, specific admin credentials, ...)
|
||||||
|
* how to configure / administrate the application if it ain't obvious
|
||||||
|
* upgrade process / specificities / things to be aware of ?
|
||||||
|
* security considerations ?
|
0
doc/screenshots/.gitkeep
Normal file
0
doc/screenshots/.gitkeep
Normal file
BIN
doc/screenshots/example.jpg
Normal file
BIN
doc/screenshots/example.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 35 KiB |
84
manifest.toml
Normal file
84
manifest.toml
Normal file
|
@ -0,0 +1,84 @@
|
||||||
|
packaging_format = 2
|
||||||
|
|
||||||
|
id = "headscale"
|
||||||
|
name = "Headscale"
|
||||||
|
description.en = "Open-source implementation of the Tailscale control server, a WireGuard-based VPN"
|
||||||
|
|
||||||
|
version = "0.22.3~ynh1"
|
||||||
|
|
||||||
|
maintainers = ["tituspijean"]
|
||||||
|
|
||||||
|
[upstream]
|
||||||
|
license = "BSD-3-Clause"
|
||||||
|
admindoc = "https://github.com/juanfont/headscale/tree/main/docs"
|
||||||
|
userdoc = "https://tailscale.com/kb/"
|
||||||
|
code = "https://github.com/juanfont/headscale"
|
||||||
|
website = "https://tailscale.com/"
|
||||||
|
cpe = "cpe:2.3:a:tailscale:tailscale"
|
||||||
|
|
||||||
|
[integration]
|
||||||
|
yunohost = ">= 11.0.0"
|
||||||
|
architectures = "all"
|
||||||
|
multi_instance = false
|
||||||
|
ldap = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "sso" key : the "ldap" key corresponds to wether or not a user *can* login on the app using its YunoHost credentials.
|
||||||
|
sso = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "ldap" key : the "sso" key corresponds to wether or not a user is *automatically logged-in* on the app when logged-in on the YunoHost portal.
|
||||||
|
disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ...
|
||||||
|
ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ...
|
||||||
|
ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ...
|
||||||
|
|
||||||
|
[install]
|
||||||
|
[install.domain]
|
||||||
|
type = "domain"
|
||||||
|
|
||||||
|
[install.dex_domain]
|
||||||
|
type = "domain"
|
||||||
|
ask.en = "Choose the domain to install Dex on."
|
||||||
|
help.en = "It should be different than Headscale's domain"
|
||||||
|
|
||||||
|
[install.dex_path]
|
||||||
|
type = "path"
|
||||||
|
ask.en = "Choose the path to install Dex on."
|
||||||
|
default = "/dex"
|
||||||
|
|
||||||
|
[install.base_domain]
|
||||||
|
type = "domain"
|
||||||
|
ask.en = "Choose the base domain for Headscale's MagicDNS feature"
|
||||||
|
help.en = "MagiDNS will allow you to access your hosts with a domain like `myhost.mynamespace.basedomain.tld`"
|
||||||
|
|
||||||
|
[resources]
|
||||||
|
[resources.sources.main]
|
||||||
|
rename = "headscale"
|
||||||
|
|
||||||
|
i386.url = "https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_386"
|
||||||
|
i386.sha256 = "5e1c23c2ca269041d1040e273d9f164c3703d3b7c38aea5a293c8059b24d9712"
|
||||||
|
amd64.url = "https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_amd64"
|
||||||
|
amd64.sha256 = "41eb475ba94d2f4efdd5b90ca76d3926a0fc0b561baabf6190ca32335c9102d2"
|
||||||
|
arm64.url = "https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_arm64"
|
||||||
|
arm64.sha256 = "5835d282fdfcb42b30802e76bf1fac5e4dd6b3bec8b2daead2d226269307bee8"
|
||||||
|
armhf.url = "https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_armv7"
|
||||||
|
armhf.sha256 = "4711fd03c9f5d814eb4c85be9939f167ce7aa40510cda2133c9f63810ead395d"
|
||||||
|
armel.url = "https://github.com/juanfont/headscale/releases/download/v0.22.3/headscale_0.22.3_linux_armv5"
|
||||||
|
armel.sha256 = "3a983ea320b05372b5493ece01bab1252907e0864a26f1857dbcd7307dfc463f"
|
||||||
|
|
||||||
|
autoupdate.strategy = "latest_github_release"
|
||||||
|
autoupdate.asset.i386 = ".*_386"
|
||||||
|
autoupdate.asset.amd64 = ".*_amd64"
|
||||||
|
autoupdate.asset.arm64 = ".*_arm64"
|
||||||
|
autoupdate.asset.armhf = ".*_armv7"
|
||||||
|
autoupdate.asset.armel = ".*_armv5"
|
||||||
|
|
||||||
|
[resources.system_user]
|
||||||
|
|
||||||
|
[resources.install_dir]
|
||||||
|
|
||||||
|
[resources.permissions]
|
||||||
|
main.url = "/"
|
||||||
|
|
||||||
|
[resources.ports]
|
||||||
|
main.default = 8080
|
||||||
|
metrics.default = 9090
|
||||||
|
grpc.default = 50443
|
||||||
|
|
||||||
|
# FIXME: cf. config file
|
||||||
|
# [resources.database]
|
||||||
|
# type = "postgresql"
|
17
scripts/_common.sh
Normal file
17
scripts/_common.sh
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# COMMON VARIABLES
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# PERSONAL HELPERS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# EXPERIMENTAL HELPERS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# FUTURE OFFICIAL HELPERS
|
||||||
|
#=================================================
|
58
scripts/backup
Executable file
58
scripts/backup
Executable file
|
@ -0,0 +1,58 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC START
|
||||||
|
#=================================================
|
||||||
|
# IMPORT GENERIC HELPERS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
|
||||||
|
source ../settings/scripts/_common.sh
|
||||||
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# DECLARE DATA AND CONF FILES TO BACKUP
|
||||||
|
#=================================================
|
||||||
|
ynh_print_info --message="Declaring files to be backed up..."
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# BACKUP THE APP MAIN DIR
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_backup --src_path="$install_dir"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# BACKUP THE NGINX CONFIGURATION
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# SPECIFIC BACKUP
|
||||||
|
#=================================================
|
||||||
|
# BACKUP LOGROTATE
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_backup --src_path="/etc/logrotate.d/$app"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# BACKUP SYSTEMD
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_backup --src_path="/etc/systemd/system/$app.service"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# BACKUP THE MYSQL DATABASE
|
||||||
|
#=================================================
|
||||||
|
ynh_print_info --message="Backing up the MySQL database..."
|
||||||
|
|
||||||
|
### (However, things like MySQL dumps *do* take some time to run, though the
|
||||||
|
### copy of the generated dump to the archive still happens later)
|
||||||
|
|
||||||
|
ynh_mysql_dump_db --database="$db_name" > db.sql
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# END OF SCRIPT
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
|
136
scripts/change_url
Normal file
136
scripts/change_url
Normal file
|
@ -0,0 +1,136 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC STARTING
|
||||||
|
#=================================================
|
||||||
|
# IMPORT GENERIC HELPERS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
source _common.sh
|
||||||
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RETRIEVE ARGUMENTS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
#REMOVEME? old_domain=$YNH_APP_OLD_DOMAIN
|
||||||
|
#REMOVEME? old_path=$YNH_APP_OLD_PATH
|
||||||
|
|
||||||
|
#REMOVEME? new_domain=$YNH_APP_NEW_DOMAIN
|
||||||
|
#REMOVEME? new_path=$YNH_APP_NEW_PATH
|
||||||
|
|
||||||
|
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# LOAD SETTINGS
|
||||||
|
#=================================================
|
||||||
|
#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=1
|
||||||
|
|
||||||
|
#REMOVEME? # Needed for helper "ynh_add_nginx_config"
|
||||||
|
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
|
||||||
|
|
||||||
|
# Add settings here as needed by your application
|
||||||
|
#REMOVEME? #db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||||
|
#db_user=$db_name
|
||||||
|
#REMOVEME? #db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
|
||||||
|
#=================================================
|
||||||
|
#REMOVEME? ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1
|
||||||
|
|
||||||
|
# Backup the current version of the app
|
||||||
|
#REMOVEME? ynh_backup_before_upgrade
|
||||||
|
#REMOVEME? ynh_clean_setup () {
|
||||||
|
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
|
||||||
|
#REMOVEME? ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
|
||||||
|
|
||||||
|
# Restore it if the upgrade fails
|
||||||
|
#REMOVEME? ynh_restore_upgradebackup
|
||||||
|
}
|
||||||
|
# Exit if an error occurs during the execution of the script
|
||||||
|
#REMOVEME? ynh_abort_if_errors
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# CHECK WHICH PARTS SHOULD BE CHANGED
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
#REMOVEME? change_domain=0
|
||||||
|
#REMOVEME? if [ "$old_domain" != "$new_domain" ]
|
||||||
|
then
|
||||||
|
#REMOVEME? change_domain=1
|
||||||
|
fi
|
||||||
|
|
||||||
|
#REMOVEME? change_path=0
|
||||||
|
#REMOVEME? if [ "$old_path" != "$new_path" ]
|
||||||
|
then
|
||||||
|
#REMOVEME? change_path=1
|
||||||
|
fi
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# STANDARD MODIFICATIONS
|
||||||
|
#=================================================
|
||||||
|
# STOP SYSTEMD SERVICE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Stopping a systemd service..." --weight=1
|
||||||
|
|
||||||
|
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# MODIFY URL IN NGINX CONF
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1
|
||||||
|
|
||||||
|
ynh_change_url_nginx_config
|
||||||
|
|
||||||
|
#REMOVEME? nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
|
||||||
|
|
||||||
|
# Change the path in the NGINX config file
|
||||||
|
if [ $change_path -eq 1 ]
|
||||||
|
then
|
||||||
|
# Make a backup of the original NGINX config file if modified
|
||||||
|
#REMOVEME? ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
|
||||||
|
# Set global variables for NGINX helper
|
||||||
|
#REMOVEME? domain="$old_domain"
|
||||||
|
#REMOVEME? path="$new_path"
|
||||||
|
# Create a dedicated NGINX config
|
||||||
|
#REMOVEME? ynh_add_nginx_config
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Change the domain for NGINX
|
||||||
|
if [ $change_domain -eq 1 ]
|
||||||
|
then
|
||||||
|
# Delete file checksum for the old conf file location
|
||||||
|
#REMOVEME? ynh_delete_file_checksum --file="$nginx_conf_path"
|
||||||
|
#REMOVEME? mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
|
||||||
|
# Store file checksum for the new config file location
|
||||||
|
#REMOVEME? ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# SPECIFIC MODIFICATIONS
|
||||||
|
#=================================================
|
||||||
|
# ...
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC FINALISATION
|
||||||
|
#=================================================
|
||||||
|
# START SYSTEMD SERVICE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||||
|
|
||||||
|
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RELOAD NGINX
|
||||||
|
#=================================================
|
||||||
|
#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1
|
||||||
|
|
||||||
|
#REMOVEME? #REMOVEME? ynh_systemd_action --service_name=nginx --action=reload
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# END OF SCRIPT
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_script_progression --message="Change of URL completed for $app" --last
|
102
scripts/config
Normal file
102
scripts/config
Normal file
|
@ -0,0 +1,102 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# In simple cases, you don't need a config script.
|
||||||
|
|
||||||
|
# With a simple config_panel.toml, you can write in the app settings, in the
|
||||||
|
# upstream config file or replace complete files (logo ...) and restart services.
|
||||||
|
|
||||||
|
# The config scripts allows you to go further, to handle specific cases
|
||||||
|
# (validation of several interdependent fields, specific getter/setter for a value,
|
||||||
|
# display dynamic informations or choices, pre-loading of config type .cube... ).
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC STARTING
|
||||||
|
#=================================================
|
||||||
|
# IMPORT GENERIC HELPERS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
|
ynh_abort_if_errors
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RETRIEVE ARGUMENTS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
final_path=$(ynh_app_setting_get $app final_path)
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# SPECIFIC GETTERS FOR TOML SHORT KEY
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
get__amount() {
|
||||||
|
# Here we can imagine to have an API call to stripe to know the amount of donation during a month
|
||||||
|
local amount = 200
|
||||||
|
|
||||||
|
# It's possible to change some properties of the question by overriding it:
|
||||||
|
if [ $amount -gt 100 ]
|
||||||
|
then
|
||||||
|
cat << EOF
|
||||||
|
style: success
|
||||||
|
value: $amount
|
||||||
|
ask:
|
||||||
|
en: A lot of donation this month: **$amount €**
|
||||||
|
EOF
|
||||||
|
else
|
||||||
|
cat << EOF
|
||||||
|
style: danger
|
||||||
|
value: $amount
|
||||||
|
ask:
|
||||||
|
en: Not so much donation this month: $amount €
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
get__prices() {
|
||||||
|
local prices = "$(grep "DONATION\['" "$final_path/settings.py" | sed -r "s@^DONATION\['([^']*)'\]\['([^']*)'\] = '([^']*)'@\1/\2/\3@g" | sed -z 's/\n/,/g;s/,$/\n/')"
|
||||||
|
if [ "$prices" == "," ];
|
||||||
|
then
|
||||||
|
# Return YNH_NULL if you prefer to not return a value at all.
|
||||||
|
echo YNH_NULL
|
||||||
|
else
|
||||||
|
echo $prices
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# SPECIFIC VALIDATORS FOR TOML SHORT KEYS
|
||||||
|
#=================================================
|
||||||
|
validate__publishable_key() {
|
||||||
|
|
||||||
|
# We can imagine here we test if the key is really a publisheable key
|
||||||
|
(is_secret_key $publishable_key) &&
|
||||||
|
echo 'This key seems to be a secret key'
|
||||||
|
}
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# SPECIFIC SETTERS FOR TOML SHORT KEYS
|
||||||
|
#=================================================
|
||||||
|
set__prices() {
|
||||||
|
|
||||||
|
#---------------------------------------------
|
||||||
|
# IMPORTANT: setter are trigger only if a change is detected
|
||||||
|
#---------------------------------------------
|
||||||
|
for price in $(echo $prices | sed "s/,/ /"); do
|
||||||
|
frequency=$(echo $price | cut -d/ -f1)
|
||||||
|
currency=$(echo $price | cut -d/ -f2)
|
||||||
|
price_id=$(echo $price | cut -d/ -f3)
|
||||||
|
sed "d/DONATION\['$frequency'\]\['$currency'\]" "$final_path/settings.py"
|
||||||
|
|
||||||
|
echo "DONATION['$frequency']['$currency'] = '$price_id'" >> "$final_path/settings.py"
|
||||||
|
done
|
||||||
|
|
||||||
|
#---------------------------------------------
|
||||||
|
# IMPORTANT: to be able to upgrade properly, you have to saved the value in settings too
|
||||||
|
#---------------------------------------------
|
||||||
|
ynh_app_setting_set $app prices $prices
|
||||||
|
}
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC FINALIZATION
|
||||||
|
#=================================================
|
||||||
|
ynh_app_config_run $1
|
113
scripts/install
Executable file
113
scripts/install
Executable file
|
@ -0,0 +1,113 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC START
|
||||||
|
#=================================================
|
||||||
|
# IMPORT GENERIC HELPERS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
source _common.sh
|
||||||
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# INSTALL DEX FOR OIDC
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Installing Dex..." --weight=1
|
||||||
|
|
||||||
|
oidc_secret="$(echo $(ynh_string_random --length=64 --filter='A-F0-9'))"
|
||||||
|
oidc_name="$app"
|
||||||
|
oidc_callback="$domain/oidc/callback"
|
||||||
|
|
||||||
|
ynh_app_setting_set --app=$app --key=oidc_secret --value=$oidc_secret
|
||||||
|
ynh_app_setting_set --app=$app --key=oidc_name --value=$oidc_name
|
||||||
|
ynh_app_setting_set --app=$app --key=oidc_callback --value=$oidc_callback
|
||||||
|
|
||||||
|
if yunohost app list | grep -q "$YNH_APP_ARG_DEX_DOMAIN$YNH_APP_ARG_DEX_PATH"; then
|
||||||
|
ynh_die "The domain and path provided for Dex is already used by another app. Please chose another one !"
|
||||||
|
fi
|
||||||
|
|
||||||
|
yunohost app install https://github.com/YunoHost-Apps/dex_ynh --force --args "domain=$dex_domain&path=$dex_path&OIDC_name=$oidc_name&OIDC_secret=$oidc_secret&OIDC_callback=$oidc_callback" 2>&1 | tee dexlog.txt
|
||||||
|
dex_app=$(gawk 'match($0, /Installation of (.+) completed/, app) {print app[1]}' dexlog.txt)
|
||||||
|
rm dexlog.txt
|
||||||
|
|
||||||
|
# Create Dex URIs
|
||||||
|
if [ $dex_path = "/" ]
|
||||||
|
then
|
||||||
|
dex_auth_uri="https://$dex_domain/auth"
|
||||||
|
dex_token_uri="https://$dex_domain/token"
|
||||||
|
dex_user_uri="https://$dex_domain/userinfo"
|
||||||
|
else
|
||||||
|
dex_auth_uri="https://$dex_domain$dex_path/auth"
|
||||||
|
dex_token_uri="https://$dex_domain$dex_path/token"
|
||||||
|
dex_user_uri="https://$dex_domain$dex_path/userinfo"
|
||||||
|
fi
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Setting up source files..." --weight=1
|
||||||
|
|
||||||
|
# Download, check integrity, uncompress and patch the source from app.src
|
||||||
|
ynh_setup_source --dest_dir="$install_dir"
|
||||||
|
|
||||||
|
chmod 750 "$install_dir"
|
||||||
|
chmod -R o-rwx "$install_dir"
|
||||||
|
chown -R $app:$app "$install_dir"
|
||||||
|
chmod -R ug+x "$install_dir/headscale"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# NGINX CONFIGURATION
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
|
||||||
|
|
||||||
|
# Create a dedicated NGINX config
|
||||||
|
ynh_add_nginx_config
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# ADD A CONFIGURATION
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Adding a configuration file..." --weight=1
|
||||||
|
|
||||||
|
ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml"
|
||||||
|
|
||||||
|
chmod 400 "$install_dir/config.yaml"
|
||||||
|
chown $app:$app "$install_dir/config.yaml"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# SETUP SYSTEMD
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Configuring a systemd service..." --weight=1
|
||||||
|
|
||||||
|
# Create a dedicated systemd config
|
||||||
|
ynh_add_systemd_config
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC FINALIZATION
|
||||||
|
#=================================================
|
||||||
|
# SETUP LOGROTATE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Configuring log rotation..." --weight=1
|
||||||
|
|
||||||
|
# Use logrotate to manage application logfile(s)
|
||||||
|
ynh_use_logrotate
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# INTEGRATE SERVICE IN YUNOHOST
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
||||||
|
|
||||||
|
yunohost service add $app --description="Control server for the WireGuard-based VPN" --log="/var/log/$app/$app.log"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# START SYSTEMD SERVICE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||||
|
|
||||||
|
# Start a systemd service
|
||||||
|
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# END OF SCRIPT
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_script_progression --message="Installation of $app completed" --last
|
97
scripts/remove
Executable file
97
scripts/remove
Executable file
|
@ -0,0 +1,97 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC START
|
||||||
|
#=================================================
|
||||||
|
# IMPORT GENERIC HELPERS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
source _common.sh
|
||||||
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# STANDARD REMOVE
|
||||||
|
#=================================================
|
||||||
|
# REMOVE SERVICE INTEGRATION IN YUNOHOST
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
|
||||||
|
if ynh_exec_warn_less yunohost service status $app >/dev/null
|
||||||
|
then
|
||||||
|
ynh_script_progression --message="Removing $app service integration..." --weight=1
|
||||||
|
yunohost service remove $app
|
||||||
|
fi
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# STOP AND REMOVE SERVICE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
|
||||||
|
|
||||||
|
# Remove the dedicated systemd config
|
||||||
|
ynh_remove_systemd_config
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# REMOVE LOGROTATE CONFIGURATION
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Removing logrotate configuration..." --weight=1
|
||||||
|
|
||||||
|
# Remove the app-specific logrotate config
|
||||||
|
ynh_remove_logrotate
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# REMOVE NGINX CONFIGURATION
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
|
||||||
|
|
||||||
|
# Remove the dedicated NGINX config
|
||||||
|
ynh_remove_nginx_config
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# CLOSE A PORT
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
if yunohost firewall list | grep -q "\- $port$"
|
||||||
|
then
|
||||||
|
ynh_script_progression --message="Closing port $port..." --weight=1
|
||||||
|
ynh_exec_warn_less yunohost firewall disallow TCP $port
|
||||||
|
fi
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# REMOVE FAIL2BAN CONFIGURATION
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1
|
||||||
|
|
||||||
|
# Remove the dedicated Fail2Ban config
|
||||||
|
ynh_remove_fail2ban_config
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# SPECIFIC REMOVE
|
||||||
|
#=================================================
|
||||||
|
# REMOVE VARIOUS FILES
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Removing various files..." --weight=1
|
||||||
|
|
||||||
|
# Remove a cron file
|
||||||
|
ynh_secure_remove --file="/etc/cron.d/$app"
|
||||||
|
|
||||||
|
# Remove a directory securely
|
||||||
|
ynh_secure_remove --file="/etc/$app"
|
||||||
|
|
||||||
|
# Remove the log files
|
||||||
|
ynh_secure_remove --file="/var/log/$app"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC FINALIZATION
|
||||||
|
#=================================================
|
||||||
|
# REMOVE DEDICATED USER
|
||||||
|
#=================================================
|
||||||
|
#REMOVEME? ynh_script_progression --message="Removing the dedicated system user..." --weight=1
|
||||||
|
|
||||||
|
# Delete a system user
|
||||||
|
#REMOVEME? ynh_system_user_delete --username=$app
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# END OF SCRIPT
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_script_progression --message="Removal of $app completed" --last
|
187
scripts/restore
Executable file
187
scripts/restore
Executable file
|
@ -0,0 +1,187 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC START
|
||||||
|
#=================================================
|
||||||
|
# IMPORT GENERIC HELPERS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
|
||||||
|
source ../settings/scripts/_common.sh
|
||||||
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# MANAGE SCRIPT FAILURE
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
#REMOVEME? ynh_clean_setup () {
|
||||||
|
#### Remove this function if there's nothing to clean before calling the remove script.
|
||||||
|
true
|
||||||
|
}
|
||||||
|
# Exit if an error occurs during the execution of the script
|
||||||
|
#REMOVEME? ynh_abort_if_errors
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# LOAD SETTINGS
|
||||||
|
#=================================================
|
||||||
|
#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=1
|
||||||
|
|
||||||
|
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
|
||||||
|
|
||||||
|
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||||
|
#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path)
|
||||||
|
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
|
||||||
|
#REMOVEME? db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||||||
|
#REMOVEME? db_user=$db_name
|
||||||
|
#REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
|
||||||
|
#REMOVEME? data_dir=$(ynh_app_setting_get --app=$app --key=data_dir)
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# CHECK IF THE APP CAN BE RESTORED
|
||||||
|
#=================================================
|
||||||
|
#REMOVEME? ynh_script_progression --message="Validating restoration parameters..." --weight=1
|
||||||
|
|
||||||
|
#REMOVEME? test ! -d $install_dir \
|
||||||
|
|| ynh_die --message="There is already a directory: $install_dir "
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# STANDARD RESTORATION STEPS
|
||||||
|
#=================================================
|
||||||
|
# RECREATE THE DEDICATED USER
|
||||||
|
#=================================================
|
||||||
|
#REMOVEME? ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
|
||||||
|
|
||||||
|
# Create the dedicated user (if not existing)
|
||||||
|
#REMOVEME? ynh_system_user_create --username=$app --home_dir="$install_dir"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RESTORE THE APP MAIN DIR
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Restoring the app main directory..." --weight=1
|
||||||
|
|
||||||
|
ynh_restore_file --origin_path="$install_dir"
|
||||||
|
|
||||||
|
# FIXME: this should be managed by the core in the future
|
||||||
|
# Here, as a packager, you may have to tweak the ownerhsip/permissions
|
||||||
|
# such that the appropriate users (e.g. maybe www-data) can access
|
||||||
|
# files in some cases.
|
||||||
|
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
|
||||||
|
# this will be treated as a security issue.
|
||||||
|
chmod 750 "$install_dir"
|
||||||
|
chmod -R o-rwx "$install_dir"
|
||||||
|
chown -R $app:www-data "$install_dir"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RESTORE THE DATA DIRECTORY
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Restoring the data directory..." --weight=1
|
||||||
|
|
||||||
|
ynh_restore_file --origin_path="$data_dir" --not_mandatory
|
||||||
|
|
||||||
|
mkdir -p $data_dir
|
||||||
|
|
||||||
|
# FIXME: this should be managed by the core in the future
|
||||||
|
# Here, as a packager, you may have to tweak the ownerhsip/permissions
|
||||||
|
# such that the appropriate users (e.g. maybe www-data) can access
|
||||||
|
# files in some cases.
|
||||||
|
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
|
||||||
|
# this will be treated as a security issue.
|
||||||
|
chmod 750 "$data_dir"
|
||||||
|
chmod -R o-rwx "$data_dir"
|
||||||
|
chown -R $app:www-data "$data_dir"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RESTORE FAIL2BAN CONFIGURATION
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1
|
||||||
|
|
||||||
|
ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
|
||||||
|
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
|
||||||
|
ynh_systemd_action --action=restart --service_name=fail2ban
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# SPECIFIC RESTORATION
|
||||||
|
#=================================================
|
||||||
|
# REINSTALL DEPENDENCIES
|
||||||
|
#=================================================
|
||||||
|
#REMOVEME? ynh_script_progression --message="Reinstalling dependencies..." --weight=1
|
||||||
|
|
||||||
|
# Define and install dependencies
|
||||||
|
#REMOVEME? ynh_install_app_dependencies $pkg_dependencies
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RESTORE THE PHP-FPM CONFIGURATION
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Restoring the PHP-FPM configuration..." --time --weight=1
|
||||||
|
|
||||||
|
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RESTORE THE NGINX CONFIGURATION
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Restoring the NGINX web server configuration..." --time --weight=1
|
||||||
|
|
||||||
|
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RESTORE THE MYSQL DATABASE
|
||||||
|
#=================================================
|
||||||
|
#REMOVEME? ynh_script_progression --message="Restoring the MySQL database..." --weight=1
|
||||||
|
|
||||||
|
#REMOVEME? db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
|
||||||
|
#REMOVEME? ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
|
||||||
|
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RESTORE VARIOUS FILES
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Restoring various files..." --weight=1
|
||||||
|
|
||||||
|
ynh_restore_file --origin_path="/etc/cron.d/$app"
|
||||||
|
|
||||||
|
ynh_restore_file --origin_path="/etc/$app/"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RESTORE SYSTEMD
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
|
||||||
|
|
||||||
|
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
|
||||||
|
systemctl enable $app.service --quiet
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# RESTORE THE LOGROTATE CONFIGURATION
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1
|
||||||
|
|
||||||
|
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# INTEGRATE SERVICE IN YUNOHOST
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
||||||
|
|
||||||
|
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# START SYSTEMD SERVICE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||||
|
|
||||||
|
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC FINALIZATION
|
||||||
|
#=================================================
|
||||||
|
# RELOAD NGINX AND PHP-FPM
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=1
|
||||||
|
|
||||||
|
ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
|
||||||
|
ynh_systemd_action --service_name=nginx --action=reload
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# END OF SCRIPT
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_script_progression --message="Restoration completed for $app" --last
|
93
scripts/upgrade
Normal file
93
scripts/upgrade
Normal file
|
@ -0,0 +1,93 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC START
|
||||||
|
#=================================================
|
||||||
|
# IMPORT GENERIC HELPERS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
source _common.sh
|
||||||
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
|
upgrade_type=$(ynh_check_app_version_changed)
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# STANDARD UPGRADE STEPS
|
||||||
|
#=================================================
|
||||||
|
# STOP SYSTEMD SERVICE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Stopping a systemd service..." --weight=1
|
||||||
|
|
||||||
|
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
||||||
|
then
|
||||||
|
ynh_script_progression --message="Upgrading source files..." --weight=1
|
||||||
|
|
||||||
|
# Download, check integrity, uncompress and patch the source from app.src
|
||||||
|
ynh_setup_source --dest_dir="$install_dir"
|
||||||
|
fi
|
||||||
|
|
||||||
|
chmod 750 "$install_dir"
|
||||||
|
chmod -R o-rwx "$install_dir"
|
||||||
|
chown -R $app:www-data "$install_dir"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# NGINX CONFIGURATION
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Upgrading NGINX web server configuration..." --time --weight=1
|
||||||
|
|
||||||
|
# Create a dedicated NGINX config
|
||||||
|
ynh_add_nginx_config
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# UPDATE A CONFIG FILE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Updating a configuration file..." --weight=1
|
||||||
|
|
||||||
|
ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml"
|
||||||
|
|
||||||
|
chmod 400 "$install_dir/config.yaml"
|
||||||
|
chown $app:$app "$install_dir/config.yaml"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# SETUP SYSTEMD
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
|
||||||
|
|
||||||
|
# Create a dedicated systemd config
|
||||||
|
ynh_add_systemd_config
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# GENERIC FINALIZATION
|
||||||
|
#=================================================
|
||||||
|
# SETUP LOGROTATE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
|
||||||
|
|
||||||
|
# Use logrotate to manage app-specific logfile(s)
|
||||||
|
ynh_use_logrotate --non-append
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# INTEGRATE SERVICE IN YUNOHOST
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
||||||
|
|
||||||
|
yunohost service add $app --description="Control server for the WireGuard-based VPN" --log="/var/log/$app/$app.log"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# START SYSTEMD SERVICE
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||||
|
|
||||||
|
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# END OF SCRIPT
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_script_progression --message="Upgrade of $app completed" --last
|
Loading…
Reference in a new issue