From 618683305c711f4f3dbd2797d7682d2227334dbc Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sun, 23 May 2021 12:45:39 +0200 Subject: [PATCH] Add discovery port opening --- check_process | 1 + manifest.json | 13 +++++++++++++ scripts/install | 24 ++++++++++++++++++++++++ scripts/remove | 18 ++++++++++++++++++ scripts/upgrade | 8 +++++++- 5 files changed, 63 insertions(+), 1 deletion(-) diff --git a/check_process b/check_process index 54286f7..8d29001 100644 --- a/check_process +++ b/check_process @@ -9,6 +9,7 @@ path="/path" (PATH) admin="john" (USER) is_public=1 (PUBLIC|public=1|private=0) + discovery=1 ; Checks pkg_linter=1 setup_sub_dir=1 diff --git a/manifest.json b/manifest.json index e7d4bdc..cec2af4 100644 --- a/manifest.json +++ b/manifest.json @@ -46,6 +46,19 @@ "en": "Jellyfin has its own login system, you should make it public to let external clients access it (mobile app, etc.).", "fr": "Jellyfin a son propre système de connexion, vous devriez la laisser publique pour permettre la connexion de clients externes (app mobile, etc.)." } + }, + { + "name": "discovery", + "type": "boolean", + "default": true, + "ask": { + "en": "Should the ports for client and server discovery be opened?", + "fr": "Est-ce que les ports pour la découverte entre clients et serveur doivent être ouverts ?" + }, + "help": { + "en": "Enable discovery if you use Jellyfin on your local network or through a VPN to smoothen detection between clients and server. If it is installed on a VPS and only accessed via its web interface, you should disable discovery.", + "fr": "Activez la découverte si vous utilisez Jellyfin sur votre réseau local ou via un VPN pour simplifier la détection entre clients et serveur. S'il est installé sur un VPS et utilisé uniquement via son interface web, vous devriez désactiver la découverte." + } } ] } diff --git a/scripts/install b/scripts/install index 128e5c0..6c7ac51 100644 --- a/scripts/install +++ b/scripts/install @@ -27,6 +27,7 @@ domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC +discovery=$YNH_APP_ARG_DISCOVERY app=$YNH_APP_INSTANCE_NAME @@ -56,6 +57,7 @@ ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin +ynh_app_setting_set --app=$app --key=discovery --value=$discovery ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=config_path --value=$config_path @@ -70,6 +72,28 @@ ynh_script_progression --message="Finding an available port..." --weight=1 port=$(ynh_find_port --port=8095) ynh_app_setting_set --app=$app --key=port --value=$port +if [ $discovery -eq 1 ]; then + ynh_script_progression --message="Configuring firewall..." --time --weight=1 + + # Open port 1900 for service auto-discovery + if [ ynh_port_available --port=1900 ]; then + ynh_exec_warn_less yunohost firewall allow UDP 1900 + ynh_app_setting_set --app=$app --key=discovery_service --value=1 + else + ynh_print_warn --message="Port 1900 (for service auto-discovery) is not available. Continuing nonetheless." + ynh_app_setting_set --app=$app --key=discovery_service --value=0 + fi + + # Open port 7359 for client auto-discovery + if [ ynh_port_available --port=7359 ]; then + ynh_exec_warn_less yunohost firewall allow UDP 7359 + ynh_app_setting_set --app=$app --key=discovery_client --value=1 + else + ynh_print_warn --message="Port 7359 (for client auto-discovery) is not available. Continuing nonetheless." + ynh_app_setting_set --app=$app --key=discovery_client --value=0 + fi +fi + #================================================= # INSTALL DEPENDENCIES #================================================= diff --git a/scripts/remove b/scripts/remove index acf5d08..0f35084 100644 --- a/scripts/remove +++ b/scripts/remove @@ -17,6 +17,8 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) +discovery_client=$(ynh_app_setting_get --app=$app --key=discovery_client) +discovery_server=$(ynh_app_setting_get --app=$app --key=discovery_server) final_path=$(ynh_app_setting_get --app=$app --key=final_path) config_path=$(ynh_app_setting_get --app=$app --key=config_path) @@ -68,6 +70,22 @@ ynh_script_progression --message="Removing logrotate configuration..." --weight= # Remove the app-specific logrotate config ynh_remove_logrotate +#================================================= +# CLOSE A PORT +#================================================= + +if [ $discovery_server -eq 1 ] && [ yunohost firewall list | grep -q "\- 1900$" ] +then + ynh_script_progression --message="Closing port 1900..." --time --weight=1 + ynh_exec_warn_less yunohost firewall disallow UDP 1900 +fi + +if [ $discovery_client -eq 1 ] && [ yunohost firewall list | grep -q "\- 7359$" ] +then + ynh_script_progression --message="Closing port 7359..." --time --weight=1 + ynh_exec_warn_less yunohost firewall disallow UDP 7359 +fi + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index ef26d66..38bfbce 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -39,7 +39,7 @@ if [[ ! "$architecture" =~ ^(amd64|arm64|armhf)$ ]]; then ynh_die "Jellyfin is not compatible with your architecture, $architecture, which is neither amd64, arm64, or armhf." 1 fi -# If path keys do not exist, create it +# If path keys do not exist, create them if [ -z "$config_path" ]; then config_path=/var/lib/jellyfin ynh_app_setting_set --app=$app --key=config_path --value=$config_path @@ -64,6 +64,12 @@ if ! ynh_permission_exists --permission="admin"; then ynh_permission_create --permission="admin" --allowed=$admin fi +# If discovery key does not exist, create it +if [ -z "$discovery" ]; then + discovery=0 + ynh_app_setting_set --app=$app --key=discovery --value=$discovery +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #=================================================