mirror of
https://github.com/YunoHost-Apps/hedgedoc_ynh.git
synced 2024-09-03 19:25:52 +02:00
Éric Gaspar
GitHub
parent
eae9570d66
commit
eb22f7bdd5
6 changed files with 33 additions and 16 deletions
|
|
@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
|
|||
|
||||
Collaborative editor to work on notes written in Markdown
|
||||
|
||||
**Shipped version:** 1.8.2~ynh2
|
||||
**Shipped version:** 1.9.0~ynh1
|
||||
|
||||
**Demo:** https://demo.hedgedoc.org/
|
||||
|
||||
|
|
@ -35,7 +35,6 @@ When you finished editing the configuration, for your changes to take effect, yo
|
|||
## Documentation and resources
|
||||
|
||||
* Official app website: https://hedgedoc.org
|
||||
* Official user documentation: https://yunohost.org/en/app_hedgedoc
|
||||
* Official admin documentation: https://docs.hedgedoc.org/
|
||||
* Upstream app code repository: https://github.com/hedgedoc/hedgedoc
|
||||
* YunoHost documentation for this app: https://yunohost.org/app_hedgedoc
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
|
|||
|
||||
Éditeur collaboratif pour travailler sur des notes en Markdown
|
||||
|
||||
**Version incluse :** 1.8.2~ynh2
|
||||
**Version incluse :** 1.9.0~ynh1
|
||||
|
||||
**Démo :** https://demo.hedgedoc.org/
|
||||
|
||||
|
|
@ -31,7 +31,6 @@ Lorsque vous avez terminé de modifier la configuration, pour que vos modificati
|
|||
## Documentations et ressources
|
||||
|
||||
* Site officiel de l'app : https://hedgedoc.org
|
||||
* Documentation officielle utilisateur : https://yunohost.org/en/app_hedgedoc
|
||||
* Documentation officielle de l'admin : https://docs.hedgedoc.org/
|
||||
* Dépôt de code officiel de l'app : https://github.com/hedgedoc/hedgedoc
|
||||
* Documentation YunoHost pour cette app : https://yunohost.org/app_hedgedoc
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
SOURCE_URL=https://github.com/hedgedoc/hedgedoc/releases/download/1.8.2/hedgedoc-1.8.2.tar.gz
|
||||
SOURCE_SUM=e325d433aba6f5e9de91162dd97a605e29ebc5e740750cd47054abfdc1f8fd42
|
||||
SOURCE_URL=https://github.com/hedgedoc/hedgedoc/releases/download/1.9.0/hedgedoc-1.9.0.tar.gz
|
||||
SOURCE_SUM=976d908ea81025e72277d2815fd51ccf462c09d10451c16893b187d95f21e837
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
|
|
|
|||
|
|
@ -12,14 +12,36 @@ Environment="PATH=__ENV_PATH__"
|
|||
Environment="NODE_ENV=production"
|
||||
ExecStart=__YNH_NPM__ start --production
|
||||
Restart=always
|
||||
PrivateTmp=true
|
||||
PrivateDevices=true
|
||||
|
||||
ProtectControlGroups=true
|
||||
ProtectHome=true
|
||||
ProtectKernelTunables=true
|
||||
# Sandboxing options to harden security
|
||||
# Depending on specificities of your service/app, you may need to tweak these
|
||||
# .. but this should be a good baseline
|
||||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
NoNewPrivileges=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
DevicePolicy=closed
|
||||
ProtectSystem=full
|
||||
RestrictSUIDSGID=true
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
LockPersonality=yes
|
||||
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
|
||||
|
||||
# Denying access to capabilities that should not be relevant for webapps
|
||||
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
|||
|
|
@ -6,14 +6,13 @@
|
|||
"en": "Collaborative editor to work on notes written in Markdown",
|
||||
"fr": "Éditeur collaboratif pour travailler sur des notes en Markdown"
|
||||
},
|
||||
"version": "1.8.2~ynh2",
|
||||
"version": "1.9.0~ynh1",
|
||||
"url": "https://hedgedoc.org",
|
||||
"upstream": {
|
||||
"license": "free",
|
||||
"website": "https://hedgedoc.org",
|
||||
"demo": "https://demo.hedgedoc.org/",
|
||||
"admindoc": "https://docs.hedgedoc.org/",
|
||||
"userdoc": "https://yunohost.org/en/app_hedgedoc",
|
||||
"code": "https://github.com/hedgedoc/hedgedoc"
|
||||
},
|
||||
"license": "AGPL-3.0-only",
|
||||
|
|
|
|||
|
|
@ -38,8 +38,6 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
|
|||
#=================================================
|
||||
ynh_script_progression --message="Validating restoration parameters..." --weight=2
|
||||
|
||||
ynh_webpath_available --domain=$domain --path_url=$path_url \
|
||||
|| ynh_die --message="Path not available: ${domain}${path_url}"
|
||||
test ! -d $final_path \
|
||||
|| ynh_die --message="There is already a directory: $final_path "
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue