YunoHost-Apps/headscale_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/headscale_ynh.git synced 2024-09-03 19:25:53 +02:00
Code Issues Activity Actions

Merge pull request #1 from YunoHost-Apps/testing

Browse source 
First release
This commit is contained in:
tituspijean 2023-06-11 19:15:33 +02:00 committed by GitHub
commit be0b019cbb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 283 additions and 942 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

137
.github/workflows/updater.sh vendored
View file

@ -1,137 +0,0 @@
#!/bin/bash
#=================================================
# PACKAGE UPDATING HELPER
#=================================================
# This script is meant to be run by GitHub Actions
# The YunoHost-Apps organisation offers a template Action to run this script periodically
# Since each app is different, maintainers can adapt its contents so as to perform
# automatic actions when a new upstream release is detected.
# Remove this exit command when you are ready to run this Action
exit 1
#=================================================
# FETCHING LATEST RELEASE AND ITS ASSETS
#=================================================
# Fetching information
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'"))
# Later down the script, we assume the version has only digits and dots
# Sometimes the release name starts with a "v", so let's filter it out.
# You may need more tweaks here if the upstream repository has different naming conventions.
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
version=${version:1}
fi
# Setting up the environment variables
echo "Current version: $current_version"
echo "Latest release from upstream: $version"
echo "VERSION=$version" >> $GITHUB_ENV
echo "REPO=$repo" >> $GITHUB_ENV
# For the time being, let's assume the script will fail
echo "PROCEED=false" >> $GITHUB_ENV
# Proceed only if the retrieved version is greater than the current one
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
echo "::warning ::No new version available"
exit 0
# Proceed only if a PR for this new version does not already exist
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
echo "::warning ::A branch already exists for this update"
exit 0
fi
# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
echo "${#assets[@]} available asset(s)"
#=================================================
# UPDATE SOURCE FILES
#=================================================
# Here we use the $assets variable to get the resources published in the upstream release.
# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like.
# Let's loop over the array of assets URLs
for asset_url in ${assets[@]}; do
echo "Handling asset at $asset_url"
# Assign the asset to a source file in conf/ directory
# Here we base the source file name upon a unique keyword in the assets url (admin vs. update)
# Leave $src empty to ignore the asset
case $asset_url in
*"admin"*)
src="app"
;;
*"update"*)
src="app-upgrade"
;;
*)
src=""
;;
esac
# If $src is not empty, let's process the asset
if [ ! -z "$src" ]; then
# Create the temporary directory
tempdir="$(mktemp -d)"
# Download sources and calculate checksum
filename=${asset_url##*/}
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
# Delete temporary directory
rm -rf $tempdir
# Get extension
if [[ $filename == *.tar.gz ]]; then
extension=tar.gz
else
extension=${filename##*.}
fi
# Rewrite source file
cat <<EOT > conf/$src.src
SOURCE_URL=$asset_url
SOURCE_SUM=$checksum
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=$extension
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
EOT
echo "... conf/$src.src updated"
else
echo "... asset ignored"
fi
done
#=================================================
# SPECIFIC UPDATE STEPS
#=================================================
# Any action on the app's source code can be done.
# The GitHub Action workflow takes care of committing all changes after this script ends.
#=================================================
# GENERIC FINALIZATION
#=================================================
# Replace new version in manifest
echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
# No need to update the README, yunohost-bot takes care of it
# The Action will proceed only if the PROCEED environment variable is set to true
echo "PROCEED=true" >> $GITHUB_ENV
exit 0

112
README.md
View file

@ -1,84 +1,98 @@
# Packaging an app, starting from this example
* Copy this app before working on it, using the ['Use this template'](https://github.com/YunoHost/example_ynh/generate) button on the Github repo.
* Edit the `manifest.json` with app specific info.
* Edit the `install`, `upgrade`, `remove`, `backup`, and `restore` scripts, and any relevant conf files in `conf/`.
* Using the [script helpers documentation.](https://yunohost.org/packaging_apps_helpers)
* Add a `LICENSE` file for the package.
* Edit `doc/DISCLAIMER*.md`
* The `README.md` files are to be automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
---
<!--
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
It shall NOT be edited by hand.
-->
# Example app for YunoHost
# Headscale for YunoHost
[![Integration level](https://dash.yunohost.org/integration/example.svg)](https://dash.yunohost.org/appci/app/example) ![Working status](https://ci-apps.yunohost.org/ci/badges/example.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/example.maintain.svg)
[![Install Example app with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=example)
[![Integration level](https://dash.yunohost.org/integration/headscale.svg)](https://dash.yunohost.org/appci/app/headscale) ![Working status](https://ci-apps.yunohost.org/ci/badges/headscale.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/headscale.maintain.svg)
[![Install Headscale with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=headscale)
*[Lire ce readme en français.](./README_fr.md)*
> *This package allows you to install Example app quickly and simply on a YunoHost server.
> *This package allows you to install Headscale quickly and simply on a YunoHost server.
If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
## Overview
Some long and extensive description of what the app is and does, lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
An open source, self-hosted implementation of the Tailscale control server.
### What is Tailscale
Tailscale is [a modern VPN](https://tailscale.com/) built on top of
[Wireguard](https://www.wireguard.com/).
It [works like an overlay network](https://tailscale.com/blog/how-tailscale-works/)
between the computers of your networks - using
[NAT traversal](https://tailscale.com/blog/how-nat-traversal-works/).
Everything in Tailscale is Open Source, except the GUI clients for proprietary OS
(Windows and macOS/iOS), and the control server.
The control server works as an exchange point of Wireguard public keys for the
nodes in the Tailscale network. It assigns the IP addresses of the clients,
creates the boundaries between each user, enables sharing machines between users,
and exposes the advertised routes of your nodes.
A [Tailscale network (tailnet)](https://tailscale.com/kb/1136/tailnet/) is private
network which Tailscale assigns to a user in terms of private users or an
organisation.
### Design goal
Headscale aims to implement a self-hosted, open source alternative to the Tailscale
control server.
Headscale's goal is to provide self-hosters and hobbyists with an open-source
server they can use for their projects and labs.
It implements a narrow scope, a single Tailnet, suitable for a personal use, or a small
open-source organisation.
### Features
- Ut enim ad minim veniam, quis nostrud exercitation ullamco ;
- Laboris nisi ut aliquip ex ea commodo consequat ;
- Duis aute irure dolor in reprehenderit in voluptate ;
- Velit esse cillum dolore eu fugiat nulla pariatur ;
- Excepteur sint occaecat cupidatat non proident, sunt in culpa."
- Full "base" support of Tailscale's features
- Configurable DNS
- [Split DNS](https://tailscale.com/kb/1054/dns/#using-dns-settings-in-the-admin-console)
- Node registration
- Single-Sign-On (via Open ID Connect)
- Pre authenticated key
- Taildrop (File Sharing)
- [Access control lists](https://tailscale.com/kb/1018/acls/)
- [MagicDNS](https://tailscale.com/kb/1081/magicdns)
- Support for multiple IP ranges in the tailnet
- Dual stack (IPv4 and IPv6)
- Routing advertising (including exit nodes)
- Ephemeral nodes
- Embedded [DERP server](https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp)
*from Headscale's README. See Links section below.*
**Shipped version:** 1.0~ynh1
**Demo:** https://demo.example.com
**Shipped version:** 0.22.3~ynh1
## Screenshots
![Screenshot of Example app](./doc/screenshots/example.jpg)
## Disclaimers / important information
* Any known limitations, constrains or stuff not working, such as (but not limited to):
* requiring a full dedicated domain ?
* architectures not supported ?
* not-working single-sign on or LDAP integration ?
* the app requires an important amount of RAM / disk / .. to install or to work properly
* etc...
* Other infos that people should be aware of, such as:
* any specific step to perform after installing (such as manually finishing the install, specific admin credentials, ...)
* how to configure / administrate the application if it ain't obvious
* upgrade process / specificities / things to be aware of ?
* security considerations ?
![Screenshot of Headscale](./doc/screenshots/example.jpg)
## Documentation and resources
* Official app website: <https://example.com>
* Official user documentation: <https://yunohost.org/apps>
* Official admin documentation: <https://yunohost.org/packaging_apps>
* Upstream app code repository: <https://some.forge.com/example/example>
* YunoHost documentation for this app: <https://yunohost.org/app_example>
* Report a bug: <https://github.com/YunoHost-Apps/example_ynh/issues>
* Official app website: <https://headscale.net/>
* Official user documentation: <https://tailscale.com/kb/>
* Official admin documentation: <https://headscale.net/>
* Upstream app code repository: <https://github.com/juanfont/headscale>
* YunoHost documentation for this app: <https://yunohost.org/app_headscale>
* Report a bug: <https://github.com/YunoHost-Apps/headscale_ynh/issues>
## Developer info
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/example_ynh/tree/testing).
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/headscale_ynh/tree/testing).
To try the testing branch, please proceed like that.
``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/example_ynh/tree/testing --debug
sudo yunohost app install https://github.com/YunoHost-Apps/headscale_ynh/tree/testing --debug
or
sudo yunohost app upgrade example -u https://github.com/YunoHost-Apps/example_ynh/tree/testing --debug
sudo yunohost app upgrade headscale -u https://github.com/YunoHost-Apps/headscale_ynh/tree/testing --debug
```
**More info regarding app packaging:** <https://yunohost.org/packaging_apps>

98
README_fr.md Normal file
View file

@ -0,0 +1,98 @@
<!--
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
It shall NOT be edited by hand.
-->
# Headscale pour YunoHost
[![Niveau dintégration](https://dash.yunohost.org/integration/headscale.svg)](https://dash.yunohost.org/appci/app/headscale) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/headscale.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/headscale.maintain.svg)
[![Installer Headscale avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=headscale)
*[Read this readme in english.](./README.md)*
> *Ce package vous permet dinstaller Headscale rapidement et simplement sur un serveur YunoHost.
Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment linstaller et en profiter.*
## Vue densemble
An open source, self-hosted implementation of the Tailscale control server.
### What is Tailscale
Tailscale is [a modern VPN](https://tailscale.com/) built on top of
[Wireguard](https://www.wireguard.com/).
It [works like an overlay network](https://tailscale.com/blog/how-tailscale-works/)
between the computers of your networks - using
[NAT traversal](https://tailscale.com/blog/how-nat-traversal-works/).
Everything in Tailscale is Open Source, except the GUI clients for proprietary OS
(Windows and macOS/iOS), and the control server.
The control server works as an exchange point of Wireguard public keys for the
nodes in the Tailscale network. It assigns the IP addresses of the clients,
creates the boundaries between each user, enables sharing machines between users,
and exposes the advertised routes of your nodes.
A [Tailscale network (tailnet)](https://tailscale.com/kb/1136/tailnet/) is private
network which Tailscale assigns to a user in terms of private users or an
organisation.
### Design goal
Headscale aims to implement a self-hosted, open source alternative to the Tailscale
control server.
Headscale's goal is to provide self-hosters and hobbyists with an open-source
server they can use for their projects and labs.
It implements a narrow scope, a single Tailnet, suitable for a personal use, or a small
open-source organisation.
### Features
- Full "base" support of Tailscale's features
- Configurable DNS
- [Split DNS](https://tailscale.com/kb/1054/dns/#using-dns-settings-in-the-admin-console)
- Node registration
- Single-Sign-On (via Open ID Connect)
- Pre authenticated key
- Taildrop (File Sharing)
- [Access control lists](https://tailscale.com/kb/1018/acls/)
- [MagicDNS](https://tailscale.com/kb/1081/magicdns)
- Support for multiple IP ranges in the tailnet
- Dual stack (IPv4 and IPv6)
- Routing advertising (including exit nodes)
- Ephemeral nodes
- Embedded [DERP server](https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp)
*from Headscale's README. See Links section below.*
**Version incluse :** 0.22.3~ynh1
## Captures décran
![Capture décran de Headscale](./doc/screenshots/example.jpg)
## Documentations et ressources
* Site officiel de lapp : <https://headscale.net/>
* Documentation officielle utilisateur : <https://tailscale.com/kb/>
* Documentation officielle de ladmin : <https://headscale.net/>
* Dépôt de code officiel de lapp : <https://github.com/juanfont/headscale>
* Documentation YunoHost pour cette app : <https://yunohost.org/app_headscale>
* Signaler un bug : <https://github.com/YunoHost-Apps/headscale_ynh/issues>
## Informations pour les développeurs
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/headscale_ynh/tree/testing).
Pour essayer la branche testing, procédez comme suit.
``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/headscale_ynh/tree/testing --debug
ou
sudo yunohost app upgrade headscale -u https://github.com/YunoHost-Apps/headscale_ynh/tree/testing --debug
```
**Plus dinfos sur le packaging dapplications :** <https://yunohost.org/packaging_apps>

34
check_process
View file

@ -1,34 +0,0 @@
# See here for more information
# https://github.com/YunoHost/package_check#syntax-check_process-file
# Move this file from check_process.default to check_process when you have filled it.
;; Test complet
; Manifest
domain="domain.tld"
path="/path"
is_public=1
language="fr"
admin="john"
password="1Strong-Password"
port="666"
; Checks
pkg_linter=1
setup_sub_dir=1
setup_root=1
setup_nourl=0
setup_private=1
setup_public=1
upgrade=1
upgrade=1 from_commit=CommitHash
backup_restore=1
multi_instance=1
port_already_use=0
change_url=1
;;; Options
Email=
Notification=none
;;; Upgrade options
; commit=CommitHash
name=Name and date of the commit.
manifest_arg=domain=DOMAIN&path=PATH&is_public=1&language=fr&admin=USER&password=pass&port=666&

4
conf/config.yaml
View file

@ -249,7 +249,7 @@ dns_config:
# Unix socket used for the CLI to connect without authentication
# Note: for production you will want to set this to something like:
unix_socket: /var/run/__APP__.sock
unix_socket: ./headscale.sock
unix_socket_permission: "0770"
#
# headscale supports experimental OpenID connect support,
@ -281,7 +281,7 @@ oidc:
# # Customize the scopes used in the OIDC flow, defaults to "openid", "profile" and "email" and add custom query
# # parameters to the Authorize Endpoint request. Scopes default to "openid", "profile" and "email".
#
scope: ["openid", "profile", "email", "custom"]
scope: ["openid", "profile", "email"]
extra_params:
domain_hint: __DOMAIN__
#

6
conf/nginx.conf
View file

@ -1,3 +1,9 @@
rewrite ^$ /;
location ~ ^/$ {
default_type text/plain;
return 200 "This is where Headscale is installed.";
}
location / {
proxy_pass http://127.0.0.1:__PORT__;
proxy_redirect http:// https://;

2
conf/systemd.service
View file

@ -1,5 +1,5 @@
[Unit]
Description=Small description of the service
Description=Control server for the WireGuard-based VPN
After=network.target
[Service]

295
config_panel.toml.example
View file

@ -1,295 +0,0 @@
## Config panel are available from webadmin > Apps > YOUR_APP > Config Panel Button
## Those panels let user configure some params on their apps using a friendly interface,
## and remove the need to manually edit files from the command line.
## From a packager perspective, this .toml is coupled to the scripts/config script,
## which may be used to define custom getters/setters. However, most use cases
## should be covered automagically by the core, thus it may not be necessary
## to define a scripts/config at all!
## -----------------------------------------------------------------------------
## IMPORTANT: In accordance with YunoHost's spirit, please keep things simple and
## do not overwhelm the admin with tons of misunderstandable or advanced settings.
## -----------------------------------------------------------------------------
## The top level describe the entire config panels screen.
## The version is a required property.
## Here a small reminder to associate config panel version with YunoHost version
## | Config | YNH | Config panel small change log |
## | ------ | --- | ------------------------------------------------------- |
## | 0.1 | 3.x | 0.1 config script not compatible with YNH >= 4.3 |
## | 1.0 | 4.3.x | The new config panel system with 'bind' property |
version = "1.0"
## (optional) i18n property let you internationalize questions, however this feature
## is only available in core configuration panel (like yunohost domain config).
## So in app config panel this key is ignored for now, but you can internationalize
## by using a lang dictionary (see property name bellow)
# i18n = "prefix_translation_key"
################################################################################
#### ABOUT PANELS
################################################################################
## The next level describes web admin panels
## You have to choose an ID for each panel, in this example the ID is "main"
## Keep in mind this ID will be used in CLI to refer to your question, so choose
## something short and meaningfull.
## In the webadmin, each panel corresponds to a distinct tab / form
[main]
## Define the label for your panel
## Internationalization works similarly to the 'description' and 'ask' questions in the manifest
# name.en = "Main configuration"
# name.fr = "Configuration principale"
## (optional) If you need to trigger a service reload-or-restart after the user
## change a question in this panel, you can add your service in the list.
services = ["__APP__"]
# or services = ["nginx", "__APP__"] to also reload-or-restart nginx
## (optional) This help properties is a short help displayed on the same line
## than the panel title but not displayed in the tab.
# help = ""
############################################################################
#### ABOUT SECTIONS
############################################################################
## A panel is composed of one or several sections.
##
## Sections are meant to group questions together when they correspond to
## a same subtopic. This impacts the rendering in terms of CLI prompts
## and HTML forms
##
## You should choose an ID for your section, and prefix it with the panel ID
## (Be sure to not make a typo in the panel ID, which would implicitly create
## an other entire panel)
##
## We use the context of pepettes_ynh as an example,
## which is a simple donation form app written in python,
## and for which the admin will want to edit the configuration
[main.customization]
## (optional) Defining a proper title for sections is not mandatory
## and depends on the exact rendering you're aiming for the CLI / webadmin
name = ""
## (optional) This help properties is a short help displayed on the same line
## than the section title, meant to provide additional details
# help = ""
## (optional) As for panel, you can specify to trigger a service
## reload-or-restart after the user change a question in this section.
## This property is added to the panel property, it doesn't deactivate it.
## So no need to replicate, the service list from panel services property.
# services = []
## (optional) By default all questions are optionals, but you can specify a
## default behaviour for question in the section
optional = false
## (optional) It's also possible with the 'visible' property to only
## display the section depending on the user's answers to previous questions.
##
## Be careful that the 'visible' property should only refer to **previous** questions
## Hence, it should not make sense to have a "visible" property on the very first section.
##
## Also, keep in mind that this feature only works in the webadmin and not in CLI
## (therefore a user could be prompted in CLI for a question that may not be relevant)
# visible = true
########################################################################
#### ABOUT QUESTIONS
########################################################################
## A section is compound of one or several questions.
## ---------------------------------------------------------------------
## IMPORTANT: as for panel and section you have to choose an ID, but this
## one should be unique in all this document, even if the question is in
## an other panel.
## ---------------------------------------------------------------------
## You can use same questions types and properties than in manifest.yml
## install part. However, in YNH 4.3, a lot of change has been made to
## extend availables questions types list.
## See: TODO DOC LINK
[main.customization.project_name]
## (required) The ask property is equivalent to the ask property in
## the manifest. However, in config panels, questions are displayed on the
## left side and therefore have less space to be rendered. Therefore,
## it is better to use a short question, and use the "help" property to
## provide additional details if necessary.
ask.en = "Name of the project"
## (required) The type property indicates how the question should be
## displayed, validated and managed. Some types have specific properties.
##
## Types available: string, boolean, number, range, text, password, path
## email, url, date, time, color, select, domain, user, tags, file.
##
## For a complete list with specific properties, see: TODO DOC LINK
type = "string"
########################################################################
#### ABOUT THE BIND PROPERTY
########################################################################
## (recommended) 'bind' property is a powerful feature that let you
## configure how and where the data will be read, validated and written.
## By default, 'bind property is in "settings" mode, it means it will
## **only** read and write the value in application settings file.
## bind = "settings"
## However, settings usually correspond to key/values in actual app configurations
## Hence, a more useful mode is to have bind = ":FILENAME". In that case, YunoHost
## will automagically find a line with "KEY=VALUE" in FILENAME
## (with the adequate separator between KEY and VALUE)
##
## YunoHost will then use this value for the read/get operation.
## During write/set operations, YunoHost will overwrite the value
## in **both** FILENAME and in the app's settings.yml
## Configuration file format supported: yaml, toml, json, ini, env, php,
## python. The feature probably works with others formats, but should be tested carefully.
## Note that this feature only works with relatively simple cases
## such as `KEY: VALUE`, but won't properly work with
## complex data structures like multilin array/lists or dictionnaries.
## It also doesn't work with XML format, custom config function call, php define(), ...
## More info on TODO
# bind = ":/var/www/__APP__/settings.py"
## By default, bind = ":FILENAME" will use the question ID as KEY
## ... but the question ID may sometime not be the exact KEY name in the configuration file.
##
## In particular, in pepettes, the python variable is 'name' and not 'project_name'
## (c.f. https://github.com/YunoHost-Apps/pepettes_ynh/blob/5cc2d3ffd6529cc7356ff93af92dbb6785c3ab9a/conf/settings.py##L11 )
##
## In that case, the key name can be specified before the column ':'
bind = "name:/var/www/__APP__/settings.py"
## ---------------------------------------------------------------------
## IMPORTANT: other 'bind' mode exists:
##
## bind = "FILENAME" (with no column character before FILENAME)
## may be used to bind to the **entire file content** (instead of a single KEY/VALUE)
## This could be used to expose an entire configuration file, or binary files such as images
## For example:
## bind = "/var/www/__APP__/img/logo.png"
##
## bind = "null" can be used to disable reading / writing in settings.
## This creates sort of a "virtual" or "ephemeral" question which is not related to any actual setting
## In this mode, you are expected to define custom getter/setters/validators in scripts/config:
##
## getter: get__QUESTIONID()
## setter: set__QUESTIONID()
## validator: validate__QUESTIONID()
##
## You can also specify a common getter / setter / validator, with the
## function 'bind' mode, for example here it will try to run
## get__array_settings() first.
# bind = "array_settings()"
## ---------------------------------------------------------------------
## ---------------------------------------------------------------------
## IMPORTANT: with the exception of bind=null questions,
## question IDs should almost **always** correspond to an app setting
## initialized / reused during install/upgrade.
## Not doing so may result in inconsistencies between the config panel mechanism
## and the use of ynh_add_config
## ---------------------------------------------------------------------
########################################################################
#### OTHER GENERIC PROPERTY FOR QUESTIONS
########################################################################
## (optional) An help text for the question
help = "Fill the name of the project which will received donation"
## (optional) An example display as placeholder in web form
# example = "YunoHost"
## (optional) set to true in order to redact the value in operation logs
# redact = false
## (optional) A validation pattern
## ---------------------------------------------------------------------
## IMPORTANT: your pattern should be between simple quote, not double.
## ---------------------------------------------------------------------
pattern.regexp = '^\w{3,30}$'
pattern.error = "The name should be at least 3 chars and less than 30 chars. Alphanumeric chars are accepted"
## Note: visible and optional properties are also available for questions
[main.customization.contact_url]
ask = "Contact url"
type = "url"
example = "mailto: contact@example.org"
help = "mailto: accepted"
pattern.regexp = '^mailto:[^@]+@[^@]+|https://$'
pattern.error = "Should be https or mailto:"
bind = ":/var/www/__APP__/settings.py"
[main.customization.logo]
ask = "Logo"
type = "file"
accept = ".png"
help = "Fill with an already resized logo"
bind = "__FINALPATH__/img/logo.png"
[main.customization.favicon]
ask = "Favicon"
type = "file"
accept = ".png"
help = "Fill with an already sized favicon"
bind = "__FINALPATH__/img/favicon.png"
[main.stripe]
name = "Stripe general info"
optional = false
# The next alert is overwrited with a getter from the config script
[main.stripe.amount]
ask = "Donation in the month : XX €
type = "alert"
style = "success"
[main.stripe.publishable_key]
ask = "Publishable key"
type = "string"
redact = true
help = "Indicate here the stripe publishable key"
bind = ":/var/www/__APP__/settings.py"
[main.stripe.secret_key]
ask = "Secret key"
type = "string"
redact = true
help = "Indicate here the stripe secret key"
bind = ":/var/www/__APP__/settings.py"
[main.stripe.prices]
ask = "Prices ID"
type = "tags"
help = """\
Indicates here the prices ID of donation products you created in stripe interfaces. \
Go on [Stripe products](https://dashboard.stripe.com/products) to create those donation products. \
Fill it tag with 'FREQUENCY/CURRENCY/PRICE_ID' \
FREQUENCY: 'one_time' or 'recuring' \
CURRENCY: 'EUR' or 'USD' \
PRICE_ID: ID from stripe interfaces starting with 'price_' \
"""
pattern.regexp = '^(one_time|recuring)/(EUR|USD)/price_.*$'
pattern.error = "Please respect the format describe in help text for each price ID"

13
doc/ADMIN.md Normal file
View file

@ -0,0 +1,13 @@
Tweak Headscale's configuration in `__INSTALL_DIR__/config.yaml`.
All features might not be compatible with YunoHost.
Feel free to experiment and report your use cases in YunoHost's forum and chatrooms!
Some technical notes:
- [Internal DERP server](https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp) is not enabled
- The server is allowed to use the [DERP servers operated by Tailscale](https://controlplane.tailscale.com/derpmap/default)
- The database used to store user and nodes information is SQLite. It should be fine for YunoHost's current small-scale self-hosting mindset.
- Headscale will push DNS servers to its clients. The configuration includes FDN's open resolvers. ([French Data Network](https://www.fdn.fr/actions/dns/), associative ISP)
To create users and connect clients, refer to Headscale's documentation.
To call Headscale's program, use `sudo -u bash __INSTALL_DIR/headscale` followed by its parameters.

53
doc/DESCRIPTION.md
View file

@ -1,9 +1,50 @@
Some long and extensive description of what the app is and does, lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
An open source, self-hosted implementation of the Tailscale control server.
### What is Tailscale
Tailscale is [a modern VPN](https://tailscale.com/) built on top of
[Wireguard](https://www.wireguard.com/).
It [works like an overlay network](https://tailscale.com/blog/how-tailscale-works/)
between the computers of your networks - using
[NAT traversal](https://tailscale.com/blog/how-nat-traversal-works/).
Everything in Tailscale is Open Source, except the GUI clients for proprietary OS
(Windows and macOS/iOS), and the control server.
The control server works as an exchange point of Wireguard public keys for the
nodes in the Tailscale network. It assigns the IP addresses of the clients,
creates the boundaries between each user, enables sharing machines between users,
and exposes the advertised routes of your nodes.
A [Tailscale network (tailnet)](https://tailscale.com/kb/1136/tailnet/) is private
network which Tailscale assigns to a user in terms of private users or an
organisation.
### Design goal
Headscale aims to implement a self-hosted, open source alternative to the Tailscale
control server.
Headscale's goal is to provide self-hosters and hobbyists with an open-source
server they can use for their projects and labs.
It implements a narrow scope, a single Tailnet, suitable for a personal use, or a small
open-source organisation.
### Features
- Ut enim ad minim veniam, quis nostrud exercitation ullamco ;
- Laboris nisi ut aliquip ex ea commodo consequat ;
- Duis aute irure dolor in reprehenderit in voluptate ;
- Velit esse cillum dolore eu fugiat nulla pariatur ;
- Excepteur sint occaecat cupidatat non proident, sunt in culpa."
- Full "base" support of Tailscale's features
- Configurable DNS
- [Split DNS](https://tailscale.com/kb/1054/dns/#using-dns-settings-in-the-admin-console)
- Node registration
- Single-Sign-On (via Open ID Connect)
- Pre authenticated key
- Taildrop (File Sharing)
- [Access control lists](https://tailscale.com/kb/1018/acls/)
- [MagicDNS](https://tailscale.com/kb/1081/magicdns)
- Support for multiple IP ranges in the tailnet
- Dual stack (IPv4 and IPv6)
- Routing advertising (including exit nodes)
- Ephemeral nodes
- Embedded [DERP server](https://tailscale.com/blog/how-tailscale-works/#encrypted-tcp-relays-derp)
*from Headscale's README. See Links section below.*

12
doc/DISCLAIMER.md
View file

@ -1,12 +0,0 @@
* Any known limitations, constrains or stuff not working, such as (but not limited to):
* requiring a full dedicated domain ?
* architectures not supported ?
* not-working single-sign on or LDAP integration ?
* the app requires an important amount of RAM / disk / .. to install or to work properly
* etc...
* Other infos that people should be aware of, such as:
* any specific step to perform after installing (such as manually finishing the install, specific admin credentials, ...)
* how to configure / administrate the application if it ain't obvious
* upgrade process / specificities / things to be aware of ?
* security considerations ?

19
manifest.toml
View file

@ -10,21 +10,22 @@ maintainers = ["tituspijean"]
[upstream]
license = "BSD-3-Clause"
admindoc = "https://github.com/juanfont/headscale/tree/main/docs"
admindoc = "https://headscale.net/"
userdoc = "https://tailscale.com/kb/"
code = "https://github.com/juanfont/headscale"
website = "https://tailscale.com/"
website = "https://headscale.net/"
cpe = "cpe:2.3:a:tailscale:tailscale"
fund = "https://ko-fi.com/headscale"
[integration]
yunohost = ">= 11.0.0"
architectures = "all"
multi_instance = false
ldap = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "sso" key : the "ldap" key corresponds to wether or not a user *can* login on the app using its YunoHost credentials.
sso = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "ldap" key : the "sso" key corresponds to wether or not a user is *automatically logged-in* on the app when logged-in on the YunoHost portal.
disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ...
ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ...
ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ...
ldap = true
sso = false
disk = "50M"
ram.build = "50M"
ram.runtime = "50M"
[install]
[install.domain]
@ -43,7 +44,7 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen
[install.base_domain]
type = "domain"
ask.en = "Choose the base domain for Headscale's MagicDNS feature"
help.en = "MagiDNS will allow you to access your hosts with a domain like `myhost.mynamespace.basedomain.tld`"
help.en = "MagicDNS will allow you to access your hosts with a domain like `myhost.username.basedomain.tld`"
[resources]
[resources.sources.main]
@ -79,6 +80,6 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen
metrics.default = 9090
grpc.default = 50443
# FIXME: cf. config file
# Disabled, cf. config file
# [resources.database]
# type = "postgresql"

10
scripts/backup
View file

@ -42,14 +42,10 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
ynh_backup --src_path="/etc/systemd/system/$app.service"
#=================================================
# BACKUP THE MYSQL DATABASE
# BACKUP THE DATABASE
#=================================================
ynh_print_info --message="Backing up the MySQL database..."
### (However, things like MySQL dumps *do* take some time to run, though the
### copy of the generated dump to the archive still happens later)
ynh_mysql_dump_db --database="$db_name" > db.sql
#ynh_print_info --message="Backing up the PostgreSQL database..."
# FIXME: cf. config file
#=================================================
# END OF SCRIPT

136
scripts/change_url
View file

@ -1,136 +0,0 @@
#!/bin/bash
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
#REMOVEME? old_domain=$YNH_APP_OLD_DOMAIN
#REMOVEME? old_path=$YNH_APP_OLD_PATH
#REMOVEME? new_domain=$YNH_APP_NEW_DOMAIN
#REMOVEME? new_path=$YNH_APP_NEW_PATH
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
#=================================================
# LOAD SETTINGS
#=================================================
#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=1
#REMOVEME? # Needed for helper "ynh_add_nginx_config"
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
# Add settings here as needed by your application
#REMOVEME? #db_name=$(ynh_app_setting_get --app=$app --key=db_name)
#db_user=$db_name
#REMOVEME? #db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
#=================================================
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
#=================================================
#REMOVEME? ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1
# Backup the current version of the app
#REMOVEME? ynh_backup_before_upgrade
#REMOVEME? ynh_clean_setup () {
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
#REMOVEME? ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
# Restore it if the upgrade fails
#REMOVEME? ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
#=================================================
# CHECK WHICH PARTS SHOULD BE CHANGED
#=================================================
#REMOVEME? change_domain=0
#REMOVEME? if [ "$old_domain" != "$new_domain" ]
then
#REMOVEME? change_domain=1
fi
#REMOVEME? change_path=0
#REMOVEME? if [ "$old_path" != "$new_path" ]
then
#REMOVEME? change_path=1
fi
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
#=================================================
# MODIFY URL IN NGINX CONF
#=================================================
ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1
ynh_change_url_nginx_config
#REMOVEME? nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# Change the path in the NGINX config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original NGINX config file if modified
#REMOVEME? ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
# Set global variables for NGINX helper
#REMOVEME? domain="$old_domain"
#REMOVEME? path="$new_path"
# Create a dedicated NGINX config
#REMOVEME? ynh_add_nginx_config
fi
# Change the domain for NGINX
if [ $change_domain -eq 1 ]
then
# Delete file checksum for the old conf file location
#REMOVEME? ynh_delete_file_checksum --file="$nginx_conf_path"
#REMOVEME? mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
#REMOVEME? ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
#=================================================
# SPECIFIC MODIFICATIONS
#=================================================
# ...
#=================================================
#=================================================
# GENERIC FINALISATION
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# RELOAD NGINX
#=================================================
#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1
#REMOVEME? #REMOVEME? ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Change of URL completed for $app" --last

102
scripts/config
View file

@ -1,102 +0,0 @@
#!/bin/bash
# In simple cases, you don't need a config script.
# With a simple config_panel.toml, you can write in the app settings, in the
# upstream config file or replace complete files (logo ...) and restart services.
# The config scripts allows you to go further, to handle specific cases
# (validation of several interdependent fields, specific getter/setter for a value,
# display dynamic informations or choices, pre-loading of config type .cube... ).
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
final_path=$(ynh_app_setting_get $app final_path)
#=================================================
# SPECIFIC GETTERS FOR TOML SHORT KEY
#=================================================
get__amount() {
# Here we can imagine to have an API call to stripe to know the amount of donation during a month
local amount = 200
# It's possible to change some properties of the question by overriding it:
if [ $amount -gt 100 ]
then
cat << EOF
style: success
value: $amount
ask:
en: A lot of donation this month: **$amount €**
EOF
else
cat << EOF
style: danger
value: $amount
ask:
en: Not so much donation this month: $amount €
EOF
fi
}
get__prices() {
local prices = "$(grep "DONATION\['" "$final_path/settings.py" | sed -r "s@^DONATION\['([^']*)'\]\['([^']*)'\] = '([^']*)'@\1/\2/\3@g" | sed -z 's/\n/,/g;s/,$/\n/')"
if [ "$prices" == "," ];
then
# Return YNH_NULL if you prefer to not return a value at all.
echo YNH_NULL
else
echo $prices
fi
}
#=================================================
# SPECIFIC VALIDATORS FOR TOML SHORT KEYS
#=================================================
validate__publishable_key() {
# We can imagine here we test if the key is really a publisheable key
(is_secret_key $publishable_key) &&
echo 'This key seems to be a secret key'
}
#=================================================
# SPECIFIC SETTERS FOR TOML SHORT KEYS
#=================================================
set__prices() {
#---------------------------------------------
# IMPORTANT: setter are trigger only if a change is detected
#---------------------------------------------
for price in $(echo $prices | sed "s/,/ /"); do
frequency=$(echo $price | cut -d/ -f1)
currency=$(echo $price | cut -d/ -f2)
price_id=$(echo $price | cut -d/ -f3)
sed "d/DONATION\['$frequency'\]\['$currency'\]" "$final_path/settings.py"
echo "DONATION['$frequency']['$currency'] = '$price_id'" >> "$final_path/settings.py"
done
#---------------------------------------------
# IMPORTANT: to be able to upgrade properly, you have to saved the value in settings too
#---------------------------------------------
ynh_app_setting_set $app prices $prices
}
#=================================================
# GENERIC FINALIZATION
#=================================================
ynh_app_config_run $1

14
scripts/install
View file

@ -14,14 +14,10 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_script_progression --message="Installing Dex..." --weight=1
oidc_secret="$(echo $(ynh_string_random --length=64 --filter='A-F0-9'))"
oidc_secret="$(echo $(ynh_string_random --length=32 --filter='A-F0-9'))"
oidc_name="$app"
oidc_callback="$domain/oidc/callback"
ynh_app_setting_set --app=$app --key=oidc_secret --value=$oidc_secret
ynh_app_setting_set --app=$app --key=oidc_name --value=$oidc_name
ynh_app_setting_set --app=$app --key=oidc_callback --value=$oidc_callback
if yunohost app list | grep -q "$YNH_APP_ARG_DEX_DOMAIN$YNH_APP_ARG_DEX_PATH"; then
ynh_die "The domain and path provided for Dex is already used by another app. Please chose another one !"
fi
@ -42,6 +38,12 @@ else
dex_user_uri="https://$dex_domain$dex_path/userinfo"
fi
# Store Dex settings
ynh_app_setting_set --app=$app --key=oidc_secret --value=$oidc_secret
ynh_app_setting_set --app=$app --key=oidc_name --value=$oidc_name
ynh_app_setting_set --app=$app --key=oidc_callback --value=$oidc_callback
ynh_app_setting_set --app=$app --key=dex_app --value=$dex_app
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -70,7 +72,7 @@ ynh_script_progression --message="Adding a configuration file..." --weight=1
ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml"
chmod 400 "$install_dir/config.yaml"
chmod 600 "$install_dir/config.yaml"
chown $app:$app "$install_dir/config.yaml"
#=================================================

27
scripts/remove
View file

@ -46,6 +46,13 @@ ynh_script_progression --message="Removing NGINX web server configuration..." --
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE DEX APP
#=================================================
ynh_script_progression --message="Removing Dex app used for Headscale authentication..." --weight=1
yunohost app remove $dex_app
#=================================================
# CLOSE A PORT
#=================================================
@ -56,14 +63,6 @@ then
ynh_exec_warn_less yunohost firewall disallow TCP $port
fi
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1
# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config
#=================================================
# SPECIFIC REMOVE
#=================================================
@ -71,24 +70,12 @@ ynh_remove_fail2ban_config
#=================================================
ynh_script_progression --message="Removing various files..." --weight=1
# Remove a cron file
ynh_secure_remove --file="/etc/cron.d/$app"
# Remove a directory securely
ynh_secure_remove --file="/etc/$app"
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
#REMOVEME? ynh_script_progression --message="Removing the dedicated system user..." --weight=1
# Delete a system user
#REMOVEME? ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT

125
scripts/restore
View file

@ -10,50 +10,6 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
#REMOVEME? ynh_clean_setup () {
#### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=1
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain)
#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path)
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
#REMOVEME? db_name=$(ynh_app_setting_get --app=$app --key=db_name)
#REMOVEME? db_user=$db_name
#REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#REMOVEME? data_dir=$(ynh_app_setting_get --app=$app --key=data_dir)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
#REMOVEME? ynh_script_progression --message="Validating restoration parameters..." --weight=1
#REMOVEME? test ! -d $install_dir \
|| ynh_die --message="There is already a directory: $install_dir "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
#REMOVEME? ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
# Create the dedicated user (if not existing)
#REMOVEME? ynh_system_user_create --username=$app --home_dir="$install_dir"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
@ -61,86 +17,20 @@ ynh_script_progression --message="Restoring the app main directory..." --weight=
ynh_restore_file --origin_path="$install_dir"
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
#=================================================
# RESTORE THE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Restoring the data directory..." --weight=1
ynh_restore_file --origin_path="$data_dir" --not_mandatory
mkdir -p $data_dir
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$data_dir"
chmod -R o-rwx "$data_dir"
chown -R $app:www-data "$data_dir"
#=================================================
# RESTORE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1
ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
ynh_systemd_action --action=restart --service_name=fail2ban
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
#REMOVEME? ynh_script_progression --message="Reinstalling dependencies..." --weight=1
# Define and install dependencies
#REMOVEME? ynh_install_app_dependencies $pkg_dependencies
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the PHP-FPM configuration..." --time --weight=1
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
chown -R $app:$app "$install_dir"
chmod -R ug+x "$install_dir/headscale"
chmod 600 "$install_dir/config.yaml"
chown $app:$app "$install_dir/config.yaml"
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the NGINX web server configuration..." --time --weight=1
ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE THE MYSQL DATABASE
#=================================================
#REMOVEME? ynh_script_progression --message="Restoring the MySQL database..." --weight=1
#REMOVEME? db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
#REMOVEME? ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
#=================================================
# RESTORE VARIOUS FILES
#=================================================
ynh_script_progression --message="Restoring various files..." --weight=1
ynh_restore_file --origin_path="/etc/cron.d/$app"
ynh_restore_file --origin_path="/etc/$app/"
#=================================================
# RESTORE SYSTEMD
#=================================================
@ -161,7 +51,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
yunohost service add $app --description="Control server for the WireGuard-based VPN" --log="/var/log/$app/$app.log"
#=================================================
# START SYSTEMD SERVICE
@ -175,9 +65,8 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=1
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload
#=================================================

12
scripts/upgrade
View file

@ -34,12 +34,13 @@ fi
chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
chown -R $app:$app "$install_dir"
chmod -R ug+x "$install_dir/headscale"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --time --weight=1
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
@ -47,12 +48,7 @@ ynh_add_nginx_config
#=================================================
# UPDATE A CONFIG FILE
#=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1
ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml"
chmod 400 "$install_dir/config.yaml"
chown $app:$app "$install_dir/config.yaml"
# We do not alter the configuration file since admins are encouraged to fine-tune it.
#=================================================
# SETUP SYSTEMD

14
tests.toml Normal file
View file

@ -0,0 +1,14 @@
test_format = 1.0
[default]
preinstall = """
sudo yunohost domain add dex-headscale.domain.tld
"""
exclude = ["change_url"]
args.domain = "sub.domain.tld"
args.dex_domain = "dex-headscale.domain.tld"
args.dex_path = "/dex"
args.base_domain = "sub.domain.tld"