mirror of
https://github.com/YunoHost-Apps/listmonk_ynh.git
synced 2024-09-03 19:36:15 +02:00
Merge branch 'master' into testing
This commit is contained in:
commit
a83090b8a8
7 changed files with 27 additions and 53 deletions
|
@ -1,5 +1,5 @@
|
||||||
SOURCE_URL=https://github.com/knadh/listmonk/releases/download/v2.3.0/listmonk_2.3.0_linux_amd64.tar.gz
|
SOURCE_URL=https://github.com/knadh/listmonk/releases/download/v2.2.0/listmonk_2.2.0_linux_amd64.tar.gz
|
||||||
SOURCE_SUM=4ad9ff7a04e13c9f8609c705e4850046ae8a3c9a03b0c4ac04e3c1d1c8fe8b7a
|
SOURCE_SUM=c2bdccd073d768d2b8dfbfad6469c5b41cf39b44a20c263cbaebf15876463709
|
||||||
SOURCE_SUM_PRG=sha256sum
|
SOURCE_SUM_PRG=sha256sum
|
||||||
SOURCE_FORMAT=tar.gz
|
SOURCE_FORMAT=tar.gz
|
||||||
SOURCE_IN_SUBDIR=false
|
SOURCE_IN_SUBDIR=false
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
SOURCE_URL=https://github.com/knadh/listmonk/archive/refs/tags/v2.3.0.tar.gz
|
SOURCE_URL=https://github.com/knadh/listmonk/archive/refs/tags/v2.2.0.tar.gz
|
||||||
SOURCE_SUM=54cab80ca16dbf58ce40b7fc1ae88a9f8ed4c9d9a54387a77b1a90cb4dba3404
|
SOURCE_SUM=e3f1cc89972cafaab78cda38be54ab3fc115fd7846e2e7dae1b19fff002e1c77
|
||||||
SOURCE_SUM_PRG=sha256sum
|
SOURCE_SUM_PRG=sha256sum
|
||||||
SOURCE_FORMAT=tar.gz
|
SOURCE_FORMAT=tar.gz
|
||||||
SOURCE_IN_SUBDIR=true
|
SOURCE_IN_SUBDIR=true
|
||||||
|
|
|
@ -9,8 +9,8 @@ address = "127.0.0.1:__PORT__"
|
||||||
# be replaced with a better multi-user, role-based authentication system.
|
# be replaced with a better multi-user, role-based authentication system.
|
||||||
# IMPORTANT: Leave both values empty to disable authentication on admin
|
# IMPORTANT: Leave both values empty to disable authentication on admin
|
||||||
# only where an external authentication is already setup.
|
# only where an external authentication is already setup.
|
||||||
admin_username = ""
|
admin_username = "__ADMIN__"
|
||||||
admin_password = ""
|
admin_password = "__PASSWORD__"
|
||||||
|
|
||||||
# Database.
|
# Database.
|
||||||
[db]
|
[db]
|
||||||
|
|
|
@ -1,48 +1,14 @@
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Listmonk: newsletter and mailing list manager
|
Description=Listmonk: newsletter and mailing list manager
|
||||||
Documentation=https://listmonk.app/docs/
|
Documentation=https://listmonk.app/docs/
|
||||||
ConditionPathExists=__FINALPATH__/config.toml
|
|
||||||
After=network.target
|
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=simple
|
Type=simple
|
||||||
User=__APP__
|
User=__APP__
|
||||||
Group=__APP__
|
Group=__APP__
|
||||||
WorkingDirectory=__FINALPATH__/
|
WorkingDirectory=__FINALPATH__/
|
||||||
ExecStartPre=/usr/bin/mkdir -p "__FINALPATH__/uploads"
|
|
||||||
ExecStartPre=__FINALPATH__/listmonk --config __FINALPATH__/config.toml --upgrade --yes
|
|
||||||
ExecStart=__FINALPATH__/listmonk
|
ExecStart=__FINALPATH__/listmonk
|
||||||
Restart=always
|
Restart=always
|
||||||
|
|
||||||
# Sandboxing options to harden security
|
|
||||||
# Depending on specificities of your service/app, you may need to tweak these
|
|
||||||
# .. but this should be a good baseline
|
|
||||||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
|
||||||
NoNewPrivileges=yes
|
|
||||||
PrivateTmp=yes
|
|
||||||
PrivateDevices=yes
|
|
||||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
|
||||||
RestrictNamespaces=yes
|
|
||||||
RestrictRealtime=yes
|
|
||||||
DevicePolicy=closed
|
|
||||||
ProtectSystem=full
|
|
||||||
ProtectControlGroups=yes
|
|
||||||
ProtectKernelModules=yes
|
|
||||||
ProtectKernelTunables=yes
|
|
||||||
LockPersonality=yes
|
|
||||||
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
|
|
||||||
|
|
||||||
# Denying access to capabilities that should not be relevant for webapps
|
|
||||||
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
|
||||||
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
|
||||||
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
|
||||||
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
|
||||||
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
|
||||||
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
|
||||||
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
|
||||||
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
|
||||||
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
|
||||||
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -38,6 +38,14 @@
|
||||||
"name": "is_public",
|
"name": "is_public",
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"default": true
|
"default": true
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "admin",
|
||||||
|
"type": "user"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"name": "password",
|
||||||
|
"type": "password"
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,8 +28,8 @@ ynh_abort_if_errors
|
||||||
domain=$YNH_APP_ARG_DOMAIN
|
domain=$YNH_APP_ARG_DOMAIN
|
||||||
path_url="/"
|
path_url="/"
|
||||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
is_public=$YNH_APP_ARG_IS_PUBLIC
|
||||||
admin=""
|
admin=$YNH_APP_ARG_ADMIN
|
||||||
password=""
|
password=$YNH_APP_ARG_PASSWORD
|
||||||
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
app=$YNH_APP_INSTANCE_NAME
|
||||||
|
|
||||||
|
@ -209,12 +209,12 @@ then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Only the admin can access the admin panel of the app (if the app has an admin panel)
|
# Only the admin can access the admin panel of the app (if the app has an admin panel)
|
||||||
ynh_permission_create --permission="admin" --url="/admin" --additional_urls="/admin /api" --allowed=$admin --auth_header=false
|
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin --auth_header=false
|
||||||
|
|
||||||
# Everyone can access the API part
|
# Everyone can access the API part
|
||||||
# We don't want to display the tile in the SSO so we put --show_tile="false"
|
# We don't want to display the tile in the SSO so we put --show_tile="false"
|
||||||
# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true"
|
# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true"
|
||||||
ynh_permission_create --permission="api" --url="/public" --additional_urls="/api/public" --allowed="visitors" --show_tile="false" --protected="true"
|
ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RELOAD NGINX
|
# RELOAD NGINX
|
||||||
|
|
|
@ -70,12 +70,12 @@ fi
|
||||||
|
|
||||||
if ! ynh_permission_exists --permission="admin"; then
|
if ! ynh_permission_exists --permission="admin"; then
|
||||||
# Create the required permissions
|
# Create the required permissions
|
||||||
ynh_permission_create --permission="admin" --url="/admin" --additional_urls="/admin /api" --allowed=$admin --auth_header=false
|
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin --auth_header=false
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Create a permission if needed
|
# Create a permission if needed
|
||||||
if ! ynh_permission_exists --permission="api"; then
|
if ! ynh_permission_exists --permission="api"; then
|
||||||
ynh_permission_create --permission="api" --url="/public" --additional_urls="/api/public" --allowed="visitors" --show_tile="false" --protected="true"
|
ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ynh_compare_current_package_version --comparison le --version 2.3.0~ynh3
|
if ynh_compare_current_package_version --comparison le --version 2.3.0~ynh3
|
||||||
|
@ -100,7 +100,6 @@ then
|
||||||
ynh_permission_create --permission="api" --url="/public" --additional_urls="/api/public" --allowed="visitors" --show_tile="false" --protected="true"
|
ynh_permission_create --permission="api" --url="/public" --additional_urls="/api/public" --allowed="visitors" --show_tile="false" --protected="true"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CREATE DEDICATED USER
|
# CREATE DEDICATED USER
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -116,10 +115,11 @@ ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||||
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
||||||
then
|
then
|
||||||
ynh_script_progression --message="Upgrading source files..." --weight=5
|
ynh_script_progression --message="Upgrading source files..." --weight=5
|
||||||
|
|
||||||
# Download, check integrity, uncompress and patch the source from app.src
|
# Download, check integrity, uncompress and patch the source from app.src
|
||||||
if [ $YNH_ARCH == "armhf" ] || [ $YNH_ARCH == "arm64" ]
|
if [ $YNH_ARCH == "armhf" ] || [ $YNH_ARCH == "arm64" ]
|
||||||
then
|
then
|
||||||
ynh_setup_source --dest_dir="$final_path/build" --keep="$final_path/config.toml uploads"
|
ynh_setup_source --dest_dir="$final_path/build" --keep="$final_path/config.toml"
|
||||||
# Install Nodejs
|
# Install Nodejs
|
||||||
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
|
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
|
||||||
# Install Yarn
|
# Install Yarn
|
||||||
|
@ -139,7 +139,7 @@ then
|
||||||
ynh_remove_nodejs
|
ynh_remove_nodejs
|
||||||
ynh_secure_remove --file="$final_path/build"
|
ynh_secure_remove --file="$final_path/build"
|
||||||
else
|
else
|
||||||
ynh_setup_source --dest_dir="$final_path" --source_id=$YNH_ARCH --keep="$final_path/config.toml uploads"
|
ynh_setup_source --dest_dir="$final_path" --source_id=$YNH_ARCH --keep="$final_path/config.toml"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -166,12 +166,12 @@ ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
|
||||||
#=================================================
|
#=================================================
|
||||||
# UPDATE A CONFIG FILE
|
# UPDATE A CONFIG FILE
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Updating a configuration file..." --time --weight=1
|
# ynh_script_progression --message="Updating a configuration file..." --time --weight=1
|
||||||
|
|
||||||
ynh_add_config --template="../conf/config.toml" --destination="$final_path/config.toml"
|
# ynh_add_config --template="../conf/config.toml" --destination="$final_path/config.toml"
|
||||||
|
|
||||||
chmod 400 "$final_path/config.toml"
|
# chmod 400 "$final_path/config.toml"
|
||||||
chown $app:$app "$final_path/config.toml"
|
# chown $app:$app "$final_path/config.toml"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# DATABASE CONFIGURATION
|
# DATABASE CONFIGURATION
|
||||||
|
|
Loading…
Reference in a new issue