YunoHost-Apps/immich_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/immich_ynh.git synced 2024-09-03 20:36:24 +02:00
Code Issues Activity Actions 1

v2

Browse source
This commit is contained in:
Éric Gaspar 2023-05-27 16:25:34 +02:00
parent 300d080db2
commit 97e77cc7db
17 changed files with 55 additions and 713 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

137
.github/workflows/updater.sh vendored
View file

@ -1,137 +0,0 @@
#!/bin/bash
#=================================================
# PACKAGE UPDATING HELPER
#=================================================
# This script is meant to be run by GitHub Actions
# The YunoHost-Apps organisation offers a template Action to run this script periodically
# Since each app is different, maintainers can adapt its contents so as to perform
# automatic actions when a new upstream release is detected.
# Remove this exit command when you are ready to run this Action
exit 1
#=================================================
# FETCHING LATEST RELEASE AND ITS ASSETS
#=================================================
# Fetching information
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'"))
# Later down the script, we assume the version has only digits and dots
# Sometimes the release name starts with a "v", so let's filter it out.
# You may need more tweaks here if the upstream repository has different naming conventions.
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
version=${version:1}
fi
# Setting up the environment variables
echo "Current version: $current_version"
echo "Latest release from upstream: $version"
echo "VERSION=$version" >> $GITHUB_ENV
echo "REPO=$repo" >> $GITHUB_ENV
# For the time being, let's assume the script will fail
echo "PROCEED=false" >> $GITHUB_ENV
# Proceed only if the retrieved version is greater than the current one
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
echo "::warning ::No new version available"
exit 0
# Proceed only if a PR for this new version does not already exist
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
echo "::warning ::A branch already exists for this update"
exit 0
fi
# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
echo "${#assets[@]} available asset(s)"
#=================================================
# UPDATE SOURCE FILES
#=================================================
# Here we use the $assets variable to get the resources published in the upstream release.
# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like.
# Let's loop over the array of assets URLs
for asset_url in ${assets[@]}; do
echo "Handling asset at $asset_url"
# Assign the asset to a source file in conf/ directory
# Here we base the source file name upon a unique keyword in the assets url (admin vs. update)
# Leave $src empty to ignore the asset
case $asset_url in
*"admin"*)
src="app"
;;
*"update"*)
src="app-upgrade"
;;
*)
src=""
;;
esac
# If $src is not empty, let's process the asset
if [ ! -z "$src" ]; then
# Create the temporary directory
tempdir="$(mktemp -d)"
# Download sources and calculate checksum
filename=${asset_url##*/}
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
# Delete temporary directory
rm -rf $tempdir
# Get extension
if [[ $filename == *.tar.gz ]]; then
extension=tar.gz
else
extension=${filename##*.}
fi
# Rewrite source file
cat <<EOT > conf/$src.src
SOURCE_URL=$asset_url
SOURCE_SUM=$checksum
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=$extension
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
EOT
echo "... conf/$src.src updated"
else
echo "... asset ignored"
fi
done
#=================================================
# SPECIFIC UPDATE STEPS
#=================================================
# Any action on the app's source code can be done.
# The GitHub Action workflow takes care of committing all changes after this script ends.
#=================================================
# GENERIC FINALIZATION
#=================================================
# Replace new version in manifest
echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
# No need to update the README, yunohost-bot takes care of it
# The Action will proceed only if the PROCEED environment variable is set to true
echo "PROCEED=true" >> $GITHUB_ENV
exit 0

34
check_process
View file

@ -1,34 +0,0 @@
# See here for more information
# https://github.com/YunoHost/package_check#syntax-check_process-file
# Move this file from check_process.default to check_process when you have filled it.
;; Test complet
; Manifest
domain="domain.tld"
path="/path"
is_public=1
language="fr"
admin="john"
password="1Strong-Password"
port="666"
; Checks
pkg_linter=1
setup_sub_dir=1
setup_root=1
setup_nourl=0
setup_private=1
setup_public=1
upgrade=1
upgrade=1 from_commit=CommitHash
backup_restore=1
multi_instance=1
port_already_use=0
change_url=1
;;; Options
Email=
Notification=none
;;; Upgrade options
; commit=CommitHash
name=Name and date of the commit.
manifest_arg=domain=DOMAIN&path=PATH&is_public=1&language=fr&admin=USER&password=pass&port=666&

18
conf/.env
View file

@ -3,16 +3,13 @@
###################################################################################
DB_HOSTNAME=localhost
DB_USERNAME=__DB_NAME__
DB_USERNAME=__DB_USER__
DB_PASSWORD=__DB_PWD__
DB_DATABASE_NAME=__DB_NAME__
# Optional Database settings:
# DB_PORT=5532
###################################################################################
# Redis
###################################################################################
@ -25,18 +22,11 @@ REDIS_PORT=6379
# REDIS_PASSWORD=
# REDIS_SOCKET=
###################################################################################
# Upload File Config
###################################################################################
UPLOAD_LOCATION=/home/yunohost.app/__APP__/
UPLOAD_LOCATION=__DATA_DIR__
###################################################################################
# JWT SECRET
@ -44,9 +34,6 @@ UPLOAD_LOCATION=/home/yunohost.app/__APP__/
JWT_SECRET=__JWT__
###################################################################################
# MAPBOX
####################################################################################
@ -55,7 +42,6 @@ JWT_SECRET=__JWT__
ENABLE_MAPBOX=false
MAPBOX_KEY=
####################################################################################
# WEB - Optional
####################################################################################

2
conf/microservices.service
View file

@ -1,5 +1,5 @@
[Unit]
Description=Small description of the service
Description=Immich
After=network.target
[Service]

2
conf/ml.service
View file

@ -1,5 +1,5 @@
[Unit]
Description=Small description of the service
Description=Immich
After=network.target
[Service]

28
conf/nginx.conf
View file

@ -1,4 +1,19 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
proxy_pass http://127.0.0.1:__PORT__;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 500M;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location __PATH__/api {
proxy_pass http://127.0.0.1:3001;
@ -15,16 +30,3 @@ location __PATH__/api {
rewrite /api/(.*) /$1 break;
}
location __PATH__/ {
proxy_pass http://127.0.0.1:3000;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
client_max_body_size 500M;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}

2
conf/web.service
View file

@ -1,5 +1,5 @@
[Unit]
Description=Small description of the service
Description=Immich:
After=network.target
[Service]

10
doc/DESCRIPTION.md
View file

@ -1,9 +1 @@
Some long and extensive description of what the app is and does, lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
### Features
- Ut enim ad minim veniam, quis nostrud exercitation ullamco ;
- Laboris nisi ut aliquip ex ea commodo consequat ;
- Duis aute irure dolor in reprehenderit in voluptate ;
- Velit esse cillum dolore eu fugiat nulla pariatur ;
- Excepteur sint occaecat cupidatat non proident, sunt in culpa."
Photo and video backup solution directly from your mobile phone

12
doc/DISCLAIMER.md
View file

@ -1,12 +0,0 @@
* Any known limitations, constrains or stuff not working, such as (but not limited to):
* requiring a full dedicated domain ?
* architectures not supported ?
* not-working single-sign on or LDAP integration ?
* the app requires an important amount of RAM / disk / .. to install or to work properly
* etc...
* Other infos that people should be aware of, such as:
* any specific step to perform after installing (such as manually finishing the install, specific admin credentials, ...)
* how to configure / administrate the application if it ain't obvious
* upgrade process / specificities / things to be aware of ?
* security considerations ?

70
manifest.json
View file

@ -1,70 +0,0 @@
{
"name": "Immich",
"id": "immich",
"packaging_format": 1,
"description": {
"en": "Self-hosted photo and video backup solution directly from your mobile phone",
"fr": "Solution auto-hébergée pour la sauvegarde de photos et de vidéos directement depuis votre mobile"
},
"version": "1.26.0~ynh1",
"url": "https://www.immich.app",
"upstream": {
"license": "MIT",
"website": "https://www.immich.app",
"admindoc": "https://github.com/immich-app/immich#getting-started",
"userdoc": "https://github.com/immich-app/immich#getting-started",
"code": "https://github.com/immich-app/immich"
},
"license": "MIT",
"maintainer": {
"name": "limezy"
},
"requirements": {
"yunohost": ">= 11.0.0"
},
"multi_instance": false,
"services": [
"nginx"
],
"arguments": {
"install": [
{
"name": "domain",
"type": "domain"
},
{
"name": "path",
"type": "path",
"example": "/immich",
"default": "/immich"
},
{
"name": "is_public",
"type": "boolean",
"default": true
},
{
"name": "language",
"type": "string",
"ask": {
"en": "Choose the application language",
"fr": "Choisissez la langue de l'application"
},
"choices": ["fr", "en"],
"default": "fr"
},
{
"name": "admin",
"type": "user"
},
{
"name": "password",
"type": "password",
"help": {
"en": "Use the help field to add an information for the admin about this question.",
"fr": "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question."
}
}
]
}
}

36
manifest.toml
View file

@ -2,8 +2,8 @@ packaging_format = 2
id = "immich"
name = "Immich"
description.en = "Self-hosted photo and video backup solution directly from your mobile phone"
description.fr = "Solution auto-hébergée pour la sauvegarde de photos et de vidéos directement depuis votre mobile"
description.en = "Photo and video backup solution directly from your mobile phone"
description.fr = "Sauvegarde de photos et de vidéos directement depuis votre mobile"
version = "1.26.0~ynh1"
@ -15,26 +15,22 @@ website = "https://www.immich.app"
admindoc = "https://github.com/immich-app/immich#getting-started"
userdoc = "https://github.com/immich-app/immich#getting-started"
code = "https://github.com/immich-app/immich"
cpe = "???" # FIXME: optional but recommended if relevant, this is meant to contain the Common Platform Enumeration, which is sort of a standard id for applications defined by the NIST. In particular, Yunohost may use this is in the future to easily track CVE (=security reports) related to apps. The CPE may be obtained by searching here: https://nvd.nist.gov/products/cpe/search. For example, for Nextcloud, the CPE is 'cpe:2.3:a:nextcloud:nextcloud' (no need to include the version number)
fund = "???" # FIXME: optional but recommended (or remove if irrelevant / not applicable). This is meant to be an URL where people can financially support this app, especially when its development is based on volunteers and/or financed by its community. YunoHost may later advertise it in the webadmin.
[integration]
yunohost = ">= 11.0.0"
architectures = "all" # FIXME: can be replaced by a list of supported archs using the dpkg --print-architecture nomenclature (amd64/i386/armhf/arm64), for example: ["amd64", "i386"]
yunohost = ">= 11.1.19"
architectures = ["arm64", "amd64"]
multi_instance = false
ldap = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "sso" key : the "ldap" key corresponds to wether or not a user *can* login on the app using its YunoHost credentials.
sso = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "ldap" key : the "sso" key corresponds to wether or not a user is *automatically logged-in* on the app when logged-in on the YunoHost portal.
disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ...
ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ...
ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ...
ldap = false
sso = false
disk = "50M"
ram.build = "50M"
ram.runtime = "50M"
[install]
[install.domain]
# this is a generic question - ask strings are automatically handled by Yunohost's core
type = "domain"
[install.path]
# this is a generic question - ask strings are automatically handled by Yunohost's core
type = "path"
default = "/immich"
@ -50,11 +46,9 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen
default = "fr"
[install.admin]
# this is a generic question - ask strings are automatically handled by Yunohost's core
type = "user"
[install.password]
# this is a generic question - ask strings are automatically handled by Yunohost's core
help.en = "Use the help field to add an information for the admin about this question."
help.fr = "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question."
type = "password"
@ -64,6 +58,9 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen
url = "https://codeload.github.com/jjlin/docker-image-extract/tar.gz/a9e455e44bbbfba897bf3342d9661b182cee67a9"
sha256 = "9eb0c734e83a3fd7102fc7209af4977024ec467fbc819782491af47295675f67"
[resources.ports]
main.default = 3000
api.default = 3001
[resources.system_user]
@ -73,6 +70,15 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen
[resources.permissions]
main.url = "/"
admin.url = "/admin"
admin.allowed= "admins"
api.url = "/api"
api.allowed = "visitors"
api.show_tile = false
api.protected = true
[resources.apt]
packages = "postgresql musl-dev libvips ffmpeg"
[resources.database]
type = "postgresql"

8
scripts/_common.sh
View file

@ -26,18 +26,10 @@ function detect_arch() {
NODEJS_VERSION=16
# dependencies used by the app
#REMOVEME? pkg_dependencies="npm musl-dev libvips postgresql ffmpeg"
# libheif vips
#=================================================
# PERSONAL HELPERS
#=================================================
# apt-get install musl-dev
# ln -s /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1
#=================================================
# EXPERIMENTAL HELPERS
#=================================================

126
scripts/install
View file

@ -9,93 +9,25 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
#REMOVEME? ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
#REMOVEME? domain=$YNH_APP_ARG_DOMAIN
#REMOVEME? path=$YNH_APP_ARG_PATH
#REMOVEME? is_public=$YNH_APP_ARG_IS_PUBLIC
#REMOVEME? language=$YNH_APP_ARG_LANGUAGE
#REMOVEME? admin=$YNH_APP_ARG_ADMIN
#REMOVEME? password=$YNH_APP_ARG_PASSWORD
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
jwt=$(ynh_string_random)
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
#REMOVEME? ynh_script_progression --message="Validating installation parameters..." --weight=1
#REMOVEME? install_dir=/var/www/$app
#REMOVEME? test ! -e "$install_dir" || ynh_die --message="This path already contains a folder"
# Register (book) web path
#REMOVEME? ynh_webpath_register --app=$app --domain=$domain --path=$path
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
#REMOVEME? ynh_script_progression --message="Storing installation settings..." --weight=1
#REMOVEME? ynh_app_setting_set --app=$app --key=domain --value=$domain
#REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path
ynh_app_setting_set --app=$app --key=language --value=$language
#REMOVEME? ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=jwt --value=$jwt
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
#REMOVEME? ynh_script_progression --message="Finding an available port..." --weight=1
# Find an available port
#REMOVEME? port=$(ynh_find_port --port=3000)
#REMOVEME? ynh_app_setting_set --app=$app --key=port --value=$port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
#REMOVEME? ynh_script_progression --message="Installing dependencies..." --weight=1
ynh_script_progression --message="Installing dependencies..." --weight=1
# Install nodejs
ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
#REMOVEME? ynh_install_app_dependencies $pkg_dependencies
# sudo ln -s /usr/lib/x86_64-linux-musl/libc.so /lib/libc.musl-x86_64.so.1
#=================================================
# CREATE DEDICATED USER
#=================================================
#REMOVEME? ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user
#REMOVEME? ynh_system_user_create --username=$app --home_dir="$install_dir"
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
#REMOVEME? ynh_script_progression --message="Creating a PostgreSQL database..." --weight=1
#REMOVEME? db_name=$(ynh_sanitize_dbid --db_name=$app)
#REMOVEME? ynh_app_setting_set --app=$app --key=db_name --value=$db_name
#REMOVEME? ynh_psql_test_if_first_run
#REMOVEME? ynh_psql_setup_db --db_user=$db_name --db_name=$db_name
ynh_script_progression --message="Creating a PostgreSQL database..." --weight=1
ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS unaccent;" --database=$db_name
ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pg_trgm;" --database=$db_name
@ -105,11 +37,9 @@ ynh_psql_execute_as_root --sql="CREATE EXTENSION IF NOT EXISTS pg_trgm;" --datab
#=================================================
ynh_script_progression --message="Setting up source files..."
#REMOVEME? ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$install_dir/build/" --source_id="docker-image-extract"
chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
@ -137,7 +67,7 @@ mkdir -p "$install_dir/server/dist/"
mkdir -p "$install_dir/server/node_modules/"
rsync -a "$install_dir/build/output/usr/src/app/dist/" "$install_dir/server/dist/"
rsync -a "$install_dir/build/output/usr/src/app/node_modules/" "$install_dir/server/node_modules/"
#REMOVEME? ynh_secure_remove --file="$install_dir/build/output"
ynh_secure_remove --file="$install_dir/build/output"
# Install immich machine learning
pushd $install_dir/build
@ -148,7 +78,7 @@ mkdir -p "$install_dir/ml/dist/"
mkdir -p "$install_dir/ml/node_modules/"
rsync -a "$install_dir/build/output/usr/src/app/dist/" "$install_dir/ml/dist/"
rsync -a "$install_dir/build/output/usr/src/app/node_modules/" "$install_dir/ml/node_modules/"
#REMOVEME? ynh_secure_remove --file="$install_dir/build/output"
ynh_secure_remove --file="$install_dir/build/output"
# Install immich web
pushd $install_dir/build
@ -165,7 +95,7 @@ pushd $install_dir/build/output/usr/src/app
popd
rsync -a "$install_dir/build/output/usr/src/app/" "$install_dir/web/"
#REMOVEME? #ynh_secure_remove --file="$install_dir/build"
#ynh_secure_remove --file="$install_dir/build"
# To be put back when everything stabilized
# Shouldn't be needed, but for some reasons the server doesn't use the .env
@ -176,24 +106,9 @@ chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app:$app "$install_dir"
#=================================================
# CREATE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Creating a data directory..." --weight=1
#REMOVEME? data_dir=/home/yunohost.app/$app
#REMOVEME? ynh_app_setting_set --app=$app --key=data_dir --value=$data_dir
mkdir -p $data_dir
chmod 750 "$data_dir"
chmod -R o-rwx "$data_dir"
chown -R $app:www-data "$data_dir"
#=================================================
# ADD A CONFIGURATION
#=================================================
ynh_script_progression --message="Adding a configuration file..."
ynh_add_config --template="../conf/.env" --destination="$install_dir/.env"
@ -243,37 +158,6 @@ ynh_systemd_action --service_name=$app-microservices --action="start" --log_path
ynh_systemd_action --service_name=$app-ml --action="start" --log_path="/var/log/$app/$app-ml.log"
ynh_systemd_action --service_name=$app-web --action="start" --log_path="/var/log/$app/$app-web.log"
#=================================================
# SETUP SSOWAT
#=================================================
#REMOVEME? ynh_script_progression --message="Configuring permissions..."
# Make app public if necessary
#REMOVEME? if [ $is_public -eq 1 ]
then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
#REMOVEME? ynh_permission_update --permission="main" --add="visitors"
fi
### N.B. : the following extra permissions only make sense if your app
### does have for example an admin interface or an API.
# Only the admin can access the admin panel of the app (if the app has an admin panel)
#REMOVEME? ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
# Everyone can access the API part
# We don't want to display the tile in the SSO so we put --show_tile="false"
# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true"
#REMOVEME? ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
#=================================================
# RELOAD NGINX
#=================================================
#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1
#REMOVEME? ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================

84
scripts/remove
View file

@ -9,21 +9,6 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=1
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain)
#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=port)
#REMOVEME? db_name=$(ynh_app_setting_get --app=$app --key=db_name)
#REMOVEME? db_user=$db_name
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
#REMOVEME? data_dir=$(ynh_app_setting_get --app=$app --key=data_dir)
#REMOVEME? jwt=$(ynh_app_setting_get --app=$app --key=jwt)
#=================================================
# STANDARD REMOVE
#=================================================
@ -56,33 +41,6 @@ ynh_script_progression --message="Removing logrotate configuration..." --weight=
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# REMOVE THE POSTGRESQL DATABASE
#=================================================
#REMOVEME? ynh_script_progression --message="Removing the PostgreSQL database..."
# Remove a database if it exists, along with the associated user
#REMOVEME? ynh_psql_remove_db --db_user=$db_name --db_name=$db_name
#=================================================
# REMOVE APP MAIN DIR
#=================================================
#REMOVEME? ynh_script_progression --message="Removing app main directory..." --weight=1
# Remove the app directory securely
#REMOVEME? ynh_secure_remove --file="$install_dir"
#=================================================
# REMOVE DATA DIR
#=================================================
# Remove the data directory if --purge option is used
if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
then
ynh_script_progression --message="Removing app data directory..." --weight=1
#REMOVEME? ynh_secure_remove --file="$data_dir"
fi
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
@ -91,32 +49,6 @@ ynh_script_progression --message="Removing NGINX web server configuration..." --
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE DEPENDENCIES
#=================================================
#REMOVEME? ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies
#REMOVEME? ynh_remove_app_dependencies
#=================================================
# CLOSE A PORT
#=================================================
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $port..." --weight=1
ynh_exec_warn_less yunohost firewall disallow TCP $port
fi
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1
# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config
#=================================================
# SPECIFIC REMOVE
#=================================================
@ -124,25 +56,9 @@ ynh_remove_fail2ban_config
#=================================================
ynh_script_progression --message="Removing various files..." --weight=1
# Remove a cron file
ynh_secure_remove --file="/etc/cron.d/$app"
# Remove a directory securely
ynh_secure_remove --file="/etc/$app"
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
#REMOVEME? ynh_script_progression --message="Removing the dedicated system user..." --weight=1
# Delete a system user
#REMOVEME? ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT
#=================================================

95
scripts/restore
View file

@ -10,50 +10,6 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
#REMOVEME? ynh_clean_setup () {
#### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=1
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain)
#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path)
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
#REMOVEME? db_name=$(ynh_app_setting_get --app=$app --key=db_name)
#REMOVEME? db_user=$db_name
#REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#REMOVEME? data_dir=$(ynh_app_setting_get --app=$app --key=data_dir)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
#REMOVEME? ynh_script_progression --message="Validating restoration parameters..." --weight=1
#REMOVEME? test ! -d $install_dir \
|| ynh_die --message="There is already a directory: $install_dir "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
#REMOVEME? ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
# Create the dedicated user (if not existing)
#REMOVEME? ynh_system_user_create --username=$app --home_dir="$install_dir"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
@ -61,7 +17,6 @@ ynh_script_progression --message="Restoring the app main directory..." --weight=
ynh_restore_file --origin_path="$install_dir"
chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
@ -72,44 +27,8 @@ ynh_script_progression --message="Restoring the data directory..." --weight=1
ynh_restore_file --origin_path="$data_dir" --not_mandatory
mkdir -p $data_dir
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$data_dir"
chmod -R o-rwx "$data_dir"
chown -R $app:www-data "$data_dir"
#=================================================
# RESTORE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1
ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
ynh_systemd_action --action=restart --service_name=fail2ban
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
#REMOVEME? ynh_script_progression --message="Reinstalling dependencies..." --weight=1
# Define and install dependencies
#REMOVEME? ynh_install_app_dependencies $pkg_dependencies
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weight=1
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
@ -120,21 +39,10 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE THE MYSQL DATABASE
#=================================================
#REMOVEME? ynh_script_progression --message="Restoring the MySQL database..." --weight=1
ynh_script_progression --message="Restoring the MySQL database..." --weight=1
#REMOVEME? db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
#REMOVEME? ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
#=================================================
# RESTORE VARIOUS FILES
#=================================================
ynh_script_progression --message="Restoring various files..." --weight=1
ynh_restore_file --origin_path="/etc/cron.d/$app"
ynh_restore_file --origin_path="/etc/$app/"
#=================================================
# RESTORE SYSTEMD
#=================================================
@ -171,7 +79,6 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap
#=================================================
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=1
ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload
#=================================================

101
scripts/upgrade
View file

@ -9,47 +9,12 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=1
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain)
#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path)
#REMOVEME? language=$(ynh_app_setting_get --app=$app --key=language)
#REMOVEME? admin=$(ynh_app_setting_get --app=$app --key=admin)
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
#REMOVEME? db_name=$(ynh_app_setting_get --app=$app --key=db_name)
#REMOVEME? jwt=$(ynh_app_setting_get --app=$app --key=jwt)
#=================================================
# CHECK VERSION
#=================================================
### This helper will compare the version of the currently installed app and the version of the upstream package.
### $upgrade_type can have 2 different values
### - UPGRADE_APP if the upstream app version has changed
### - UPGRADE_PACKAGE if only the YunoHost package has changed
### ynh_check_app_version_changed will stop the upgrade if the app is up to date.
### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do.
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
#REMOVEME? ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
# Backup the current version of the app
#REMOVEME? ynh_backup_before_upgrade
#REMOVEME? ynh_clean_setup () {
# Restore it if the upgrade fails
#REMOVEME? ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
@ -122,31 +87,9 @@ then
ynh_setup_source --dest_dir="$install_dir"
fi
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
#REMOVEME? ynh_script_progression --message="Upgrading dependencies..." --weight=1
#REMOVEME? ynh_install_app_dependencies $pkg_dependencies
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
#=================================================
# NGINX CONFIGURATION
#=================================================
@ -155,36 +98,15 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# ...
#=================================================
#=================================================
# UPDATE A CONFIG FILE
#=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1
#ynh_script_progression --message="Updating a configuration file..." --weight=1
### Same as during install
###
### The file will automatically be backed-up if it's found to be manually modified (because
### ynh_add_config keeps track of the file's checksum)
#ynh_add_config --template="some_config_file" --destination="$install_dir/some_config_file"
ynh_add_config --template="some_config_file" --destination="$install_dir/some_config_file"
# FIXME: this should be handled by the core in the future
# You may need to use chmod 600 instead of 400,
# for example if the app is expected to be able to modify its own config
chmod 400 "$install_dir/some_config_file"
chown $app:$app "$install_dir/some_config_file"
### For more complex cases where you want to replace stuff using regexes,
### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
### When doing so, you also need to manually call ynh_store_file_checksum
###
### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$install_dir/some_config_file"
### ynh_store_file_checksum --file="$install_dir/some_config_file"
#chmod 400 "$install_dir/some_config_file"
#chown $app:$app "$install_dir/some_config_file"
#=================================================
# SETUP SYSTEMD
@ -218,21 +140,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# UPGRADE FAIL2BAN
#=================================================
ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=1
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
#=================================================
# RELOAD NGINX
#=================================================
#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1
#REMOVEME? ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================

3
tests.toml Normal file
View file

@ -0,0 +1,3 @@
test_format = 1.0
[default]