diff --git a/conf/opensearch.xml.example b/conf/opensearch.xml.example index 227b0bb..81067d4 100644 --- a/conf/opensearch.xml.example +++ b/conf/opensearch.xml.example @@ -4,7 +4,7 @@ Framework and javascript free privacy respecting meta search engine UTF-8 LibreX search - + diff --git a/conf/systemd.service b/conf/systemd.service deleted file mode 100644 index 2aac9e5..0000000 --- a/conf/systemd.service +++ /dev/null @@ -1,45 +0,0 @@ -[Unit] -Description=LibreX: Privacy meta search engine -After=syslog.target network.target - -[Service] -Type=simple -User=__APP__ -Group=__APP__ -WorkingDirectory=__INSTALL_DIR__/ -ExecStart=__INSTALL_DIR__/auto_updater.sh -Restart=always -RestartSec=10s - -# Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline -# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html -NoNewPrivileges=yes -PrivateTmp=yes -PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 -RestrictNamespaces=yes -RestrictRealtime=yes -DevicePolicy=closed -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -LockPersonality=yes -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap - -# Denying access to capabilities that should not be relevant for webapps -# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html -CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD -CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE -CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT -CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK -CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM -CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG -CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE -CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG - -[Install] -WantedBy=multi-user.target diff --git a/scripts/backup b/scripts/backup index 1352ed3..eaaecc1 100755 --- a/scripts/backup +++ b/scripts/backup @@ -39,12 +39,6 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" -#================================================= -# BACKUP SYSTEMD -#================================================= - -ynh_backup --src_path="/etc/systemd/system/$app.service" - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/change_url b/scripts/change_url index c46f2dc..40335e8 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -9,15 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 - -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" - #================================================= # MODIFY URL IN NGINX CONF #================================================= @@ -34,15 +25,6 @@ ynh_add_config --template="opensearch.xml.example" --destination="$install_dir/o chmod 650 "$install_dir/opensearch.xml" chown $app:www-data "$install_dir/opensearch.xml" -#================================================= -# GENERIC FINALISATION -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 - -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index dbabb86..f430060 100755 --- a/scripts/install +++ b/scripts/install @@ -31,14 +31,9 @@ ynh_add_fpm_config # Create a dedicated NGINX config ynh_add_nginx_config -# Create a dedicated systemd config -ynh_add_systemd_config - # Use logrotate to manage application logfile(s) ynh_use_logrotate -yunohost service add $app --description="Privacy meta search engine" --log="/var/log/$app/$app.log" - #================================================= # ADD A CONFIGURATION #================================================= @@ -52,14 +47,6 @@ chown $app:$app "$install_dir/config.php" chmod 650 "$install_dir/opensearch.xml" chown $app:www-data "$install_dir/opensearch.xml" -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=3 - -# Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index c10baa6..eac7b1b 100755 --- a/scripts/remove +++ b/scripts/remove @@ -15,13 +15,6 @@ source /usr/share/yunohost/helpers # REMOVE SERVICE INTEGRATION IN YUNOHOST #================================================= -# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) -if ynh_exec_warn_less yunohost service status $app >/dev/null -then - ynh_script_progression --message="Removing $app service integration..." --weight=1 - yunohost service remove $app -fi - # Remove the dedicated systemd config ynh_remove_systemd_config diff --git a/scripts/restore b/scripts/restore index 0ce0c96..f03f180 100755 --- a/scripts/restore +++ b/scripts/restore @@ -29,15 +29,8 @@ ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -ynh_restore_file --origin_path="/etc/systemd/system/$app.service" -systemctl enable $app.service --quiet - ynh_restore_file --origin_path="/etc/logrotate.d/$app" -yunohost service add $app --description="Privacy meta search engine" --log="/var/log/$app/$app.log" - -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" - #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 68d8d4f..7ab5f70 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -15,15 +15,6 @@ source /usr/share/yunohost/helpers upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# STANDARD UPGRADE STEPS -#================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 - -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -50,21 +41,9 @@ ynh_add_fpm_config # Create a dedicated NGINX config ynh_add_nginx_config -# Create a dedicated systemd config -ynh_add_systemd_config - # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append -yunohost service add $app --description="Privacy meta search engine" --log="/var/log/$app/$app.log" - -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=3 - -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" - #================================================= # END OF SCRIPT #=================================================