1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/listmonk_ynh.git synced 2024-09-03 19:36:15 +02:00

Merge branch 'master' into testing

This commit is contained in:
Navan Chauhan 2023-01-19 19:17:42 -07:00 committed by GitHub
commit a83090b8a8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 27 additions and 53 deletions

View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/knadh/listmonk/releases/download/v2.3.0/listmonk_2.3.0_linux_amd64.tar.gz SOURCE_URL=https://github.com/knadh/listmonk/releases/download/v2.2.0/listmonk_2.2.0_linux_amd64.tar.gz
SOURCE_SUM=4ad9ff7a04e13c9f8609c705e4850046ae8a3c9a03b0c4ac04e3c1d1c8fe8b7a SOURCE_SUM=c2bdccd073d768d2b8dfbfad6469c5b41cf39b44a20c263cbaebf15876463709
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=false SOURCE_IN_SUBDIR=false

View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/knadh/listmonk/archive/refs/tags/v2.3.0.tar.gz SOURCE_URL=https://github.com/knadh/listmonk/archive/refs/tags/v2.2.0.tar.gz
SOURCE_SUM=54cab80ca16dbf58ce40b7fc1ae88a9f8ed4c9d9a54387a77b1a90cb4dba3404 SOURCE_SUM=e3f1cc89972cafaab78cda38be54ab3fc115fd7846e2e7dae1b19fff002e1c77
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true SOURCE_IN_SUBDIR=true

View file

@ -9,8 +9,8 @@ address = "127.0.0.1:__PORT__"
# be replaced with a better multi-user, role-based authentication system. # be replaced with a better multi-user, role-based authentication system.
# IMPORTANT: Leave both values empty to disable authentication on admin # IMPORTANT: Leave both values empty to disable authentication on admin
# only where an external authentication is already setup. # only where an external authentication is already setup.
admin_username = "" admin_username = "__ADMIN__"
admin_password = "" admin_password = "__PASSWORD__"
# Database. # Database.
[db] [db]

View file

@ -1,48 +1,14 @@
[Unit] [Unit]
Description=Listmonk: newsletter and mailing list manager Description=Listmonk: newsletter and mailing list manager
Documentation=https://listmonk.app/docs/ Documentation=https://listmonk.app/docs/
ConditionPathExists=__FINALPATH__/config.toml
After=network.target
[Service] [Service]
Type=simple Type=simple
User=__APP__ User=__APP__
Group=__APP__ Group=__APP__
WorkingDirectory=__FINALPATH__/ WorkingDirectory=__FINALPATH__/
ExecStartPre=/usr/bin/mkdir -p "__FINALPATH__/uploads"
ExecStartPre=__FINALPATH__/listmonk --config __FINALPATH__/config.toml --upgrade --yes
ExecStart=__FINALPATH__/listmonk ExecStart=__FINALPATH__/listmonk
Restart=always Restart=always
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -38,6 +38,14 @@
"name": "is_public", "name": "is_public",
"type": "boolean", "type": "boolean",
"default": true "default": true
},
{
"name": "admin",
"type": "user"
},
{
"name": "password",
"type": "password"
} }
] ]
} }

View file

@ -28,8 +28,8 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path_url="/" path_url="/"
is_public=$YNH_APP_ARG_IS_PUBLIC is_public=$YNH_APP_ARG_IS_PUBLIC
admin="" admin=$YNH_APP_ARG_ADMIN
password="" password=$YNH_APP_ARG_PASSWORD
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
@ -209,12 +209,12 @@ then
fi fi
# Only the admin can access the admin panel of the app (if the app has an admin panel) # Only the admin can access the admin panel of the app (if the app has an admin panel)
ynh_permission_create --permission="admin" --url="/admin" --additional_urls="/admin /api" --allowed=$admin --auth_header=false ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin --auth_header=false
# Everyone can access the API part # Everyone can access the API part
# We don't want to display the tile in the SSO so we put --show_tile="false" # We don't want to display the tile in the SSO so we put --show_tile="false"
# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true" # And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true"
ynh_permission_create --permission="api" --url="/public" --additional_urls="/api/public" --allowed="visitors" --show_tile="false" --protected="true" ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX

View file

@ -70,12 +70,12 @@ fi
if ! ynh_permission_exists --permission="admin"; then if ! ynh_permission_exists --permission="admin"; then
# Create the required permissions # Create the required permissions
ynh_permission_create --permission="admin" --url="/admin" --additional_urls="/admin /api" --allowed=$admin --auth_header=false ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin --auth_header=false
fi fi
# Create a permission if needed # Create a permission if needed
if ! ynh_permission_exists --permission="api"; then if ! ynh_permission_exists --permission="api"; then
ynh_permission_create --permission="api" --url="/public" --additional_urls="/api/public" --allowed="visitors" --show_tile="false" --protected="true" ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
fi fi
if ynh_compare_current_package_version --comparison le --version 2.3.0~ynh3 if ynh_compare_current_package_version --comparison le --version 2.3.0~ynh3
@ -100,7 +100,6 @@ then
ynh_permission_create --permission="api" --url="/public" --additional_urls="/api/public" --allowed="visitors" --show_tile="false" --protected="true" ynh_permission_create --permission="api" --url="/public" --additional_urls="/api/public" --allowed="visitors" --show_tile="false" --protected="true"
fi fi
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
#================================================= #=================================================
@ -116,10 +115,11 @@ ynh_system_user_create --username=$app --home_dir="$final_path"
if [ "$upgrade_type" == "UPGRADE_APP" ] if [ "$upgrade_type" == "UPGRADE_APP" ]
then then
ynh_script_progression --message="Upgrading source files..." --weight=5 ynh_script_progression --message="Upgrading source files..." --weight=5
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
if [ $YNH_ARCH == "armhf" ] || [ $YNH_ARCH == "arm64" ] if [ $YNH_ARCH == "armhf" ] || [ $YNH_ARCH == "arm64" ]
then then
ynh_setup_source --dest_dir="$final_path/build" --keep="$final_path/config.toml uploads" ynh_setup_source --dest_dir="$final_path/build" --keep="$final_path/config.toml"
# Install Nodejs # Install Nodejs
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
# Install Yarn # Install Yarn
@ -139,7 +139,7 @@ then
ynh_remove_nodejs ynh_remove_nodejs
ynh_secure_remove --file="$final_path/build" ynh_secure_remove --file="$final_path/build"
else else
ynh_setup_source --dest_dir="$final_path" --source_id=$YNH_ARCH --keep="$final_path/config.toml uploads" ynh_setup_source --dest_dir="$final_path" --source_id=$YNH_ARCH --keep="$final_path/config.toml"
fi fi
fi fi
@ -166,12 +166,12 @@ ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
#================================================= #=================================================
# UPDATE A CONFIG FILE # UPDATE A CONFIG FILE
#================================================= #=================================================
ynh_script_progression --message="Updating a configuration file..." --time --weight=1 # ynh_script_progression --message="Updating a configuration file..." --time --weight=1
ynh_add_config --template="../conf/config.toml" --destination="$final_path/config.toml" # ynh_add_config --template="../conf/config.toml" --destination="$final_path/config.toml"
chmod 400 "$final_path/config.toml" # chmod 400 "$final_path/config.toml"
chown $app:$app "$final_path/config.toml" # chown $app:$app "$final_path/config.toml"
#================================================= #=================================================
# DATABASE CONFIGURATION # DATABASE CONFIGURATION