1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/mastodon_ynh.git synced 2024-09-03 19:46:02 +02:00

Merge pull request #74 from Jibec/master

Review and beginning of refactoring
This commit is contained in:
nemsia 2018-04-06 21:21:22 +02:00 committed by GitHub
commit 52ea388073
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 317 additions and 426 deletions

View file

@ -4,7 +4,7 @@
domain="domain.tld" (DOMAIN) domain="domain.tld" (DOMAIN)
admin="john" (USER) admin="john" (USER)
path="/path" (PATH) path="/path" (PATH)
passwd="adminpassword" passwd="():g9!co.'G{2+f/Wd\,e"
; Checks ; Checks
pkg_linter=1 pkg_linter=1
setup_sub_dir=0 setup_sub_dir=0
@ -26,9 +26,9 @@
Level 1=auto Level 1=auto
Level 2=auto Level 2=auto
Level 3=auto Level 3=auto
Level 4=na # Level 4: TODO: https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Enabling-LDAP-login.md
Level 5=1 Level 4=0
# level 5: le test ne semble pas tout à fait savoir ce qu'est vraiment un "exit". Level 5=auto
Level 6=auto Level 6=auto
Level 7=auto Level 7=auto
Level 8=0 Level 8=0

View file

@ -3,15 +3,15 @@
"id": "mastodon", "id": "mastodon",
"packaging_format": 1, "packaging_format": 1,
"requirements": { "requirements": {
"yunohost": ">= 2.4" "yunohost": ">= 2.7.9"
}, },
"description": { "description": {
"en": "Mastodon is a free, open-source social network.", "en": "Mastodon is a free, open-source social network.",
"fr": "Mastodon est un réseau social gratuit et open source." "fr": "Mastodon est un réseau social gratuit et open source."
}, },
"version": "2.2.0", "version": "2.2.0-1",
"url": "https://github.com/tootsuite/mastodon", "url": "https://github.com/tootsuite/mastodon",
"license": "AGPL v3.0", "license": "AGPL-3.0-or-later",
"maintainer": { "maintainer": {
"name": "cyp, nemsia", "name": "cyp, nemsia",
"email": "cyp@rouquin.me, nemsia@nemsia.org" "email": "cyp@rouquin.me, nemsia@nemsia.org"

View file

@ -1,263 +0,0 @@
#!/bin/bash
ynh_version="2.4"
YNH_VERSION () { # Returns the version number of the Yunohost moulinette
ynh_version=$(sudo yunohost -v | grep "moulinette:" | cut -d' ' -f2 | cut -d'.' -f1,2)
}
CHECK_VAR () { # Verifies that the variable is not empty.
# $1 = Variable to be checked
# $2 = Display text on error
test -n "$1" || (echo "$2" >&2 && false)
}
EXIT_PROPERLY () { # Causes the script to stop in the event of an error. And clean the residue.
trap '' ERR
echo -e "\e[91m \e[1m" # Shell in light red bold
echo -e "!!\n $app install's script has encountered an error. Installation was cancelled.\n!!" >&2
if type -t CLEAN_SETUP > /dev/null; then # Checks the existence of the function before executing it.
CLEAN_SETUP # Call the specific cleanup function of the install script.
fi
# Compensates the ssowat bug that does not remove the app's input in case of installation error.
sudo sed -i "\@\"$domain/\":@d" /etc/ssowat/conf.json
if [ "$ynh_version" = "2.2" ]; then
/bin/bash $script_dir/remove
fi
ynh_die
}
TRAP_ON () { # Activate signal capture
trap EXIT_PROPERLY ERR # Capturing exit signals on error
}
TRAP_OFF () { # Ignoring signal capture until TRAP_ON
trap '' ERR # Ignoring exit signals
}
CHECK_USER () { # Check the validity of the user admin
# $1 = User admin variable
ynh_user_exists "$1" || (echo "Wrong admin" >&2 && false)
}
CHECK_PATH () { # Checks / at the beginning of the path. And his absence at the end.
if [ "${path:0:1}" != "/" ]; then # If the first character is not /
path="/$path" # Add / at the beginning of path
fi
if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # If the last character is a / and it is not the only character.
path="${path:0:${#path}-1}" # Delete last character
fi
}
CHECK_DOMAINPATH () { # Checks the availability of the path and domain.
sudo yunohost app checkurl $domain -a $app
}
CHECK_FINALPATH () { # Checks that the destination folder is not already in use.
final_path=/opt/$app
if [ -e "$final_path" ]
then
echo "This path already contains a folder" >&2
false
fi
}
STORE_MD5_CONFIG () { # Saves the checksum of the config file
# $1 = Name of the conf file for storage in settings.yml
# $2 = Full name and path of the conf file.
ynh_app_setting_set $app $1_file_md5 $(sudo md5sum "$2" | cut -d' ' -f1)
}
CHECK_MD5_CONFIG () { # Created a backup of the config file if it was changed.
# $1 = Name of the conf file for storage in settings.yml
# $2 = Full name and path of the conf file.onf.
if [ "$(ynh_app_setting_get $app $1_file_md5)" != $(sudo md5sum "$2" | cut -d' ' -f1) ]; then
sudo cp -a "$2" "$2.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')" # Si le fichier de config a été modifié, créer un backup.
fi
}
FIND_PORT () { # Search free port
# $1 = Port number to start the search.
port=$1
while ! sudo yunohost app checkport $port ; do
port=$((port+1))
done
CHECK_VAR "$port" "port empty"
}
SETUP_SOURCE () { # Download source, decompress and copu into $final_path
src=$(cat ../sources/source_md5 | awk -F' ' {'print $2'})
sudo wget -nv -i ../sources/source_url -O $src
# Checks the checksum of the downloaded source.
# md5sum -c ../sources/source_md5 --status || ynh_die "Corrupt source"
# Decompress source
if [ "$(echo ${src##*.})" == "tgz" ]; then
tar -x -f $src
elif [ "$(echo ${src##*.})" == "zip" ]; then
unzip -q $src
else
false # Unsupported archive format.
fi
# Copy file source
sudo cp -a $(cat ../sources/source_dir)/. "$final_path/live"
# Copy additional file and modified
if test -e "../sources/ajouts"; then
sudo cp -a ../sources/ajouts/. "$final_path"
fi
}
# Create user with special hack
CREATE_USER () {
sudo curl -kSs https://${domain}/auth/sign_up --cookie-jar cookie | grep csrf > token || true
token=$(sudo cat token | sed -n '/csrf-token/s/.*name="csrf-token"\s\+content="\([^"]\+\).*/\1/p')
sudo curl -kSs https://${domain}/auth --data "&user[account_attributes][username]=${admin_mastodon}&user[email]=${admin_mastodon}@${domain}&user[password]=${admin_pass}&user[password_confirmation]=${admin_pass}&authenticity_token=${token}" --cookie cookie
}
### REMOVE SCRIPT
REMOVE_NGINX_CONF () { # Delete nginx configuration
if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then # Delete nginx config
echo "Delete nginx config"
sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf"
sudo systemctl reload nginx
fi
}
REMOVE_LOGROTATE_CONF () { # Delete logrotate configuration
if [ -e "/etc/logrotate.d/$app" ]; then
echo "Delete logrotate config"
sudo rm "/etc/logrotate.d/$app"
fi
}
SECURE_REMOVE () { # Deleting a folder with variable verification
chaine="$1" # The argument must be given between simple quotes '', to avoid interpreting the variables.
no_var=0
while (echo "$chaine" | grep -q '\$') # Loop as long as there are $ in the string
do
no_var=1
global_var=$(echo "$chaine" | cut -d '$' -f 2) # Isole the first variable found.
only_var=\$$(expr "$global_var" : '\([A-Za-z0-9_]*\)') # Isole completely the variable by adding the $ at the beginning and keeping only the name of the variable. Mostly gets rid of / and a possible path behind.
real_var=$(eval "echo ${only_var}") # `eval "echo ${var}` Allows to interpret a variable contained in a variable.
if test -z "$real_var" || [ "$real_var" = "/" ]; then
echo "Variable $only_var is empty, suppression of $chaine cancelled." >&2
return 1
fi
chaine=$(echo "$chaine" | sed "s@$only_var@$real_var@") # Replaces variable with its value in the string.
done
if [ "$no_var" -eq 1 ]
then
if [ -e "$chaine" ]; then
echo "Delete directory $chaine"
sudo rm -r "$chaine"
fi
return 0
else
echo "No detected variable." >&2
return 1
fi
}
# Create a db without password
#
# usage: ynh_mysql_create_user user
# | arg: user - the user name to create
ynh_psql_create_db_without_password() {
db=$1
sudo su -c "psql" postgres <<< \
"CREATE USER $db CREATEDB;"
}
# Create a user
#
# usage: ynh_mysql_create_user user pwd [host]
# | arg: user - the user name to create
# | arg: pwd - the password to identify user by
ynh_psql_create_user() {
sudo su -c "psql" postgres <<< \
"CREATE USER ${1} WITH PASSWORD '${2}';"
}
# Create a user without password
#
# usage: ynh_mysql_create_user user pwd [host]
# | arg: user - the user name to create
ynh_psql_create_user_without_password() {
sudo su -c "psql" postgres <<< \
"CREATE USER ${1};"
}
# Create a database and grant optionnaly privilegies to a user
#
# usage: ynh_mysql_create_db db [user [pwd]]
# | arg: db - the database name to create
# | arg: user - the user to grant privilegies
# | arg: pwd - the password to identify user by
ynh_psql_create_db() {
db=$1
# grant all privilegies to user
if [[ $# -gt 1 ]]; then
ynh_psql_create_user ${2} "${3}"
sudo su -c "createdb -O ${2} $db" postgres
else
sudo su -c "createdb $db" postgres
fi
}
# Drop a role
#
# usage: ynh_mysql_drop_role db
# | arg: db - the database name to drop
ynh_psql_drop_role() {
sudo su -c "psql" postgres <<< \
"DROP ROLE ${1};"
}
# Drop a database
#
# usage: ynh_mysql_drop_db db
# | arg: db - the database name to drop
ynh_psql_drop_db() {
sudo su -c "dropdb ${1}" postgres
}
# Drop a user
#
# usage: ynh_mysql_drop_user user
# | arg: user - the user name to drop
ynh_psql_drop_user() {
sudo su -c "dropuser ${1}" postgres
}
# Remove a file or a directory securely
#
# usage: ynh_secure_remove path_to_remove
# | arg: path_to_remove - File or directory to remove
ynh_secure_remove () {
path_to_remove=$1
forbidden_path=" \
/var/www \
/home/yunohost.app"
if [[ "$forbidden_path" =~ "$path_to_remove" \
# Match all path or subpath in $forbidden_path
|| "$path_to_remove" =~ ^/[[:alnum:]]+$ \
# Match all first level path from / (Like /var, /root, etc...)
|| "${path_to_remove:${#path_to_remove}-1}" = "/" ]]
# Match if the path finish by /. Because it's seems there is an empty variable
then
echo "Avoid deleting of $path_to_remove." >&2
else
if [ -e "$path_to_remove" ]
then
sudo rm -R "$path_to_remove"
else
echo "$path_to_remove doesn't deleted because it's not exist." >&2
fi
fi
}

73
scripts/_common.sh Normal file
View file

@ -0,0 +1,73 @@
#!/bin/bash
# Create a db without password
#
# usage: ynh_mysql_create_user user
# | arg: user - the user name to create
ynh_psql_create_db_without_password() {
db=$1
sudo su -c "psql" postgres <<< \
"CREATE USER $db CREATEDB;"
}
# Create a user
#
# usage: ynh_mysql_create_user user pwd [host]
# | arg: user - the user name to create
# | arg: pwd - the password to identify user by
ynh_psql_create_user() {
sudo su -c "psql" postgres <<< \
"CREATE USER ${1} WITH PASSWORD '${2}';"
}
# Create a user without password
#
# usage: ynh_mysql_create_user user pwd [host]
# | arg: user - the user name to create
ynh_psql_create_user_without_password() {
sudo su -c "psql" postgres <<< \
"CREATE USER ${1};"
}
# Create a database and grant optionnaly privilegies to a user
#
# usage: ynh_mysql_create_db db [user [pwd]]
# | arg: db - the database name to create
# | arg: user - the user to grant privilegies
# | arg: pwd - the password to identify user by
ynh_psql_create_db() {
db=$1
# grant all privilegies to user
if [[ $# -gt 1 ]]; then
ynh_psql_create_user ${2} "${3}"
sudo su -c "createdb -O ${2} $db" postgres
else
sudo su -c "createdb $db" postgres
fi
}
# Drop a role
#
# usage: ynh_mysql_drop_role db
# | arg: db - the database name to drop
ynh_psql_drop_role() {
sudo su -c "psql" postgres <<< \
"DROP ROLE ${1};"
}
# Drop a database
#
# usage: ynh_mysql_drop_db db
# | arg: db - the database name to drop
ynh_psql_drop_db() {
sudo su -c "dropdb ${1}" postgres
}
# Drop a user
#
# usage: ynh_mysql_drop_user user
# | arg: user - the user name to drop
ynh_psql_drop_user() {
sudo su -c "dropuser ${1}" postgres
}

View file

@ -3,13 +3,13 @@
# Exit on command errors and treat unset variables as an error # Exit on command errors and treat unset variables as an error
set -eu set -eu
if [ ! -e .fonctions ]; then if [ ! -e _common.sh ]; then
# Get file fonction if not been to the current directory # Get file fonction if not been to the current directory
sudo cp ../settings/scripts/.fonctions ./.fonctions sudo cp ../settings/scripts/_common.sh ./_common.sh
sudo chmod a+rx .fonctions sudo chmod a+rx _common.sh
fi fi
# Loads the generic functions usually used in the script # Loads the generic functions usually used in the script
source .fonctions source _common.sh
# Source app helpers # Source app helpers
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers

View file

@ -1,17 +1,25 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error #=================================================
set -eu # GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source .fonctions # Loads the generic functions usually used in the script source _common.sh
source /usr/share/yunohost/helpers # Source app helpers source /usr/share/yunohost/helpers
CLEAN_SETUP () { #=================================================
# Clean installation residues that are not supported by the remove script. # MANAGE SCRIPT FAILURE
# Clean hosts #=================================================
echo ""
} # Exit if an error occurs during the execution of the script
TRAP_ON # Active trap to stop the script if an error is detected. ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#================================================
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
admin_mastodon=$YNH_APP_ARG_ADMIN admin_mastodon=$YNH_APP_ARG_ADMIN
@ -19,217 +27,290 @@ admin_mastodon_mail=$(ynh_user_get_info $admin_mastodon 'mail')
admin_pass=$YNH_APP_ARG_PASSWD admin_pass=$YNH_APP_ARG_PASSWD
language=$YNH_APP_ARG_LANGUAGE language=$YNH_APP_ARG_LANGUAGE
path_url="/"
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
CHECK_VAR "$app" "app name not set" #=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
CHECK_USER "$admin_mastodon" final_path=/var/www/$app
test ! -e "$final_path" || ynh_die "This path already contains a folder"
CHECK_DOMAINPATH [[ ${#admin_pass} -gt 7 ]] || ynh_die "Password is too weak, must be longer than 7 characters"
CHECK_FINALPATH # Normalize the url path syntax
path_url=$(ynh_normalize_url_path $path_url)
# Check web path availability
ynh_webpath_available $domain $path_url
# Register (book) web path
ynh_webpath_register $app $domain $path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_app_setting_set $app domain $domain ynh_app_setting_set $app domain $domain
ynh_app_setting_set $app admin $admin_mastodon ynh_app_setting_set $app admin $admin_mastodon
ynh_app_setting_set $app pass $admin_pass ynh_app_setting_set $app pass $admin_pass
ynh_app_setting_set $app language $language ynh_app_setting_set $app language $language
ynh_app_setting_set $app path $path_url
[[ ${#admin_pass} -gt 7 ]] || ynh_die \
"The password is too weak, it must be longer than 7 characters"
# Create user unix #=================================================
sudo adduser $app --home /opt/$app --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password --disabled-login # STANDARD MODIFICATIONS
#=================================================
# Install debian package
ynh_package_install imagemagick libpq-dev libxml2-dev libxslt1-dev file curl apt-transport-https pkg-config libprotobuf-dev protobuf-compiler libicu-dev libidn11-dev
# Install redis package #=================================================
ynh_package_install redis-server redis-tools # INSTALL DEPENDENCIES
#=================================================
# Install postgresql # TODO: add in a clean way backports and yarn
ynh_package_install postgresql postgresql-contrib postgresql-server-dev-9.4
# Install Ruby
ynh_package_install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev
# Import debian archive pubkey, need on ARM arch # Import debian archive pubkey, need on ARM arch
arch=$(uname -m) arch=$(uname -m)
if [[ $arch = arm* ]]; then if [[ $arch = arm* ]]; then
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010
fi fi
# Install source.list debian package backports & yarn # Install source.list debian package backports & yarn
sudo cp ../conf/backports.list /etc/apt/sources.list.d/ cp ../conf/backports.list /etc/apt/sources.list.d/
sudo curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
sudo cp ../conf/yarn.list /etc/apt/sources.list.d/ cp ../conf/yarn.list /etc/apt/sources.list.d/
ynh_package_update ynh_package_update
# Install debian package backports
sudo apt-get -t jessie-backports -y install ffmpeg
# Creates the destination directory and stores its location. # Creates the destination directory and stores its location.
ynh_app_setting_set $app final_path $final_path ynh_app_setting_set $app final_path $final_path
# Install de Node.js # Install de Node.js
pushd /opt # TODO: use https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/ynh_install_nodejs/ynh_install_nodejs
curl -sL https://deb.nodesource.com/setup_6.x | sudo bash - (
sudo apt-get -y install nodejs cd /opt
curl -sL https://deb.nodesource.com/setup_6.x | bash -
apt-get -y install nodejs
)
# Install Yarn # TODO: use the same mecanism with other files
ynh_package_install yarn ynh_install_app_dependencies \
`# debian packages ` \
imagemagick libpq-dev libxml2-dev libxslt1-dev file curl apt-transport-https pkg-config libprotobuf-dev protobuf-compiler libicu-dev libidn11-dev \
`# redis ` \
redis-server redis-tools \
`# postgresql ` \
postgresql postgresql-contrib postgresql-server-dev-9.4 \
`# Ruby ` \
autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev \
`# ffmpeg from backports ` \
ffmpeg \
`# Yarn ` \
yarn
#=================================================
# CREATE A DATABASE
#=================================================
# TODO: use non-official https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/postgres/postgres
# TODO: this commands doesn't looks like a requirement, you may fully remove it
# Set UTF8 encoding by default # Set UTF8 encoding by default
sudo su -c "psql" postgres <<< \ su -c "psql" postgres <<< \
"update pg_database set datistemplate='false' where datname='template1';" "update pg_database set datistemplate='false' where datname='template1';"
sudo su -c "psql" postgres <<< \ su -c "psql" postgres <<< \
"drop database template1;" "drop database template1;"
sudo su -c "psql" postgres <<< \ su -c "psql" postgres <<< \
"create database template1 encoding='UTF8' template template0;" "create database template1 encoding='UTF8' template template0;"
sudo su -c "psql" postgres <<< \ su -c "psql" postgres <<< \
"update pg_database set datistemplate='true' where datname='template1';" "update pg_database set datistemplate='true' where datname='template1';"
# Create DB without password # Create DB without password
ynh_psql_create_db_without_password "$app" ynh_psql_create_db_without_password "$app"
sudo systemctl restart postgresql systemctl restart postgresql
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# TODO: dont su as $app, work root and set corrects rights at the end of install
# Download all sources rbenv, ruby and mastodon # Download all sources rbenv, ruby and mastodon
sudo su - $app <<CLONECOMMANDS (
su $app
git clone https://github.com/rbenv/rbenv.git $final_path/.rbenv git clone https://github.com/rbenv/rbenv.git $final_path/.rbenv
git clone https://github.com/rbenv/ruby-build.git $final_path/.rbenv/plugins/ruby-build git clone https://github.com/rbenv/ruby-build.git $final_path/.rbenv/plugins/ruby-build
git clone https://github.com/tootsuite/mastodon.git $final_path/live git clone https://github.com/tootsuite/mastodon.git $final_path/live
CLONECOMMANDS )
#=================================================
# NGINX CONFIGURATION
#=================================================
# TODO: use official helper
# Modify Nginx configuration file and copy it to Nginx conf directory
sed -i "s@__PATH__@$app@g" ../conf/nginx.conf*
sed -i "s@__FINALPATH__@$final_path@g" ../conf/nginx.conf*
cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
#=================================================
# CREATE DEDICATED USER
#=================================================
# TODO: use official helper
# TODO: AFAIK, no app should change should be in /opt don't use it
# Create user unix
adduser $app --home /opt/$app --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password --disabled-login
# Switch branch to tagged release # Switch branch to tagged release
cd $final_path/live cd $final_path/live
version=$(curl -s https://api.github.com/repos/tootsuite/mastodon/releases/latest | grep tag_name | cut -d\" -f4) version=$(curl -s https://api.github.com/repos/tootsuite/mastodon/releases/latest | grep tag_name | cut -d\" -f4)
sudo su - $app <<SWITCHCOMMANDS
pushd ~/live
git checkout $version
SWITCHCOMMANDS
# Be king rewind (/var/cache/yunohost/from_file/scripts) (
popd su $app
cd ~/live
git checkout $version
)
# Install de rbenv # Install de rbenv
sudo su - $app <<COMMANDS (
pushd ~/.rbenv su $app
cd ~/.rbenv
src/configure && make -C src src/configure && make -C src
echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.profile echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.profile
echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.bashrc echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.bashrc
echo 'eval "\$(rbenv init -)"' >> ~/.profile echo 'eval "\$(rbenv init -)"' >> ~/.profile
COMMANDS )
# Install ruby-build # Install ruby-build
sudo su - $app <<RCOMMANDS # TODO: /opt/mastodon looks like /opt/$app which is WRONG.
(
su $app
/opt/mastodon/.rbenv/bin/rbenv install 2.5.0 /opt/mastodon/.rbenv/bin/rbenv install 2.5.0
/opt/mastodon/.rbenv/versions/2.5.0/bin/ruby -v /opt/mastodon/.rbenv/versions/2.5.0/bin/ruby -v
RCOMMANDS )
# Create symlink for ruby # Create symlink for ruby
sudo rm /usr/bin/ruby || true rm /usr/bin/ruby || true
sudo ln -s /opt/mastodon/.rbenv/versions/2.5.0/bin/ruby /usr/bin/ruby || true ln -s /opt/mastodon/.rbenv/versions/2.5.0/bin/ruby /usr/bin/ruby || true
# Install Mastodon # Install Mastodon
sudo su - $app <<MCOMMANDS # TODO: /opt/mastodon looks like /opt/$app which is WRONG.
pushd ~/live (
su $app
cd ~/live
/opt/mastodon/.rbenv/versions/2.5.0/bin/gem install bundler /opt/mastodon/.rbenv/versions/2.5.0/bin/gem install bundler
bin/bundle install --deployment --without development test bin/bundle install --deployment --without development test
yarn install --production yarn install --production
MCOMMANDS )
# Adjust Mastodon config # Adjust Mastodon config
pushd $final_path/live/ # TODO: use official helper: ynh_replace_string
sudo cp -a .env.production.sample .env.production cp -a $final_path/live/.env.production.sample $final_path/live/.env.production
sudo sed -i "s@REDIS_HOST=redis@REDIS_HOST=127.0.0.1@g" "${final_path}/live/.env.production" sed -i "s@REDIS_HOST=redis@REDIS_HOST=127.0.0.1@g" "${final_path}/live/.env.production"
sudo sed -i "s@DB_HOST=db@DB_HOST=/var/run/postgresql@g" "${final_path}/live/.env.production" sed -i "s@DB_HOST=db@DB_HOST=/var/run/postgresql@g" "${final_path}/live/.env.production"
sudo sed -i "s@DB_USER=postgres@DB_USER=${app}@g" "${final_path}/live/.env.production" sed -i "s@DB_USER=postgres@DB_USER=${app}@g" "${final_path}/live/.env.production"
sudo sed -i "s@DB_NAME=postgres@DB_NAME=${app}_production@g" "${final_path}/live/.env.production" sed -i "s@DB_NAME=postgres@DB_NAME=${app}_production@g" "${final_path}/live/.env.production"
sudo sed -i "s@LOCAL_DOMAIN=example.com@LOCAL_DOMAIN=${domain}@g" "${final_path}/live/.env.production" sed -i "s@LOCAL_DOMAIN=example.com@LOCAL_DOMAIN=${domain}@g" "${final_path}/live/.env.production"
language="$(echo $language | head -c 2)" language="$(echo $language | head -c 2)"
sudo sed -i "s@# DEFAULT_LOCALE=de@DEFAULT_LOCALE=${language}@g" "${final_path}/live/.env.production" sed -i "s@# DEFAULT_LOCALE=de@DEFAULT_LOCALE=${language}@g" "${final_path}/live/.env.production"
paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128)
sudo sed -i "s@PAPERCLIP_SECRET=@PAPERCLIP_SECRET=${paperclip_secret}@g" "${final_path}/live/.env.production" sed -i "s@PAPERCLIP_SECRET=@PAPERCLIP_SECRET=${paperclip_secret}@g" "${final_path}/live/.env.production"
sudo sed -i "s@SECRET_KEY_BASE=@SECRET_KEY_BASE=${secret_key_base}@g" "${final_path}/live/.env.production" sed -i "s@SECRET_KEY_BASE=@SECRET_KEY_BASE=${secret_key_base}@g" "${final_path}/live/.env.production"
sudo sed -i "s@OTP_SECRET=@OTP_SECRET=${otp_secret}@g" "${final_path}/live/.env.production" sed -i "s@OTP_SECRET=@OTP_SECRET=${otp_secret}@g" "${final_path}/live/.env.production"
sudo sed -i "s@SMTP_LOGIN=@#SMTP_LOGIN=@g" "${final_path}/live/.env.production" sed -i "s@SMTP_LOGIN=@#SMTP_LOGIN=@g" "${final_path}/live/.env.production"
sudo sed -i "s@SMTP_PASSWORD=@#SMTP_PASSWORD=@g" "${final_path}/live/.env.production" sed -i "s@SMTP_PASSWORD=@#SMTP_PASSWORD=@g" "${final_path}/live/.env.production"
sudo sed -i "s@SMTP_SERVER=smtp.mailgun.org@SMTP_SERVER=localhost@g" "${final_path}/live/.env.production" sed -i "s@SMTP_SERVER=smtp.mailgun.org@SMTP_SERVER=localhost@g" "${final_path}/live/.env.production"
sudo sed -i "s@SMTP_PORT=587@SMTP_PORT=25@g" "${final_path}/live/.env.production" sed -i "s@SMTP_PORT=587@SMTP_PORT=25@g" "${final_path}/live/.env.production"
sudo sed -i 's,SMTP_FROM_ADDRESS=notifications@example.com,SMTP_FROM_ADDRESS='${admin_mastodon}'@'${domain}',' "${final_path}/live/.env.production" sed -i 's,SMTP_FROM_ADDRESS=notifications@example.com,SMTP_FROM_ADDRESS='${admin_mastodon}'@'${domain}',' "${final_path}/live/.env.production"
sudo sed -i "s@#SMTP_AUTH_METHOD=plain@SMTP_AUTH_METHOD=none@g" "${final_path}/live/.env.production" sed -i "s@#SMTP_AUTH_METHOD=plain@SMTP_AUTH_METHOD=none@g" "${final_path}/live/.env.production"
sudo sed -i "s@#SMTP_OPENSSL_VERIFY_MODE=peer@SMTP_OPENSSL_VERIFY_MODE=none@g" "${final_path}/live/.env.production" sed -i "s@#SMTP_OPENSSL_VERIFY_MODE=peer@SMTP_OPENSSL_VERIFY_MODE=none@g" "${final_path}/live/.env.production"
# Create database
# Preconfig CSS & JS # Preconfig CSS & JS
sudo su - $app <<CCOMMANDS (
pushd ~/live su $app
cd ~/live
echo "SAFETY_ASSURED=1">> .env.production echo "SAFETY_ASSURED=1">> .env.production
RAILS_ENV=production bin/bundle exec rails db:setup RAILS_ENV=production bin/bundle exec rails db:setup
RAILS_ENV=production bin/bundle exec rails --trace assets:precompile RAILS_ENV=production bin/bundle exec rails --trace assets:precompile
CCOMMANDS )
# init rbenv & create bundle # init rbenv & create bundle
sudo su - $app <<BCOMMANDS (
su $app
. ~/.profile . ~/.profile
type rbenv type rbenv
BCOMMANDS )
# Add Services # TODO: use official helper ynh_add_systemd_config
popd cp ../conf/mastodon-web.service /etc/systemd/system/mastodon-web.service
chown root: /etc/systemd/system/mastodon-web.service
cp ../conf/mastodon-sidekiq.service /etc/systemd/system/mastodon-sidekiq.service
chown root: /etc/systemd/system/mastodon-sidekiq.service
cp ../conf/mastodon-streaming.service /etc/systemd/system/mastodon-streaming.service
chown root: /etc/systemd/system/mastodon-streaming.service
sudo cp ../conf/mastodon-web.service /etc/systemd/system/mastodon-web.service systemctl daemon-reload
sudo chown root: /etc/systemd/system/mastodon-web.service systemctl enable /etc/systemd/system/mastodon-*.service
sudo cp ../conf/mastodon-sidekiq.service /etc/systemd/system/mastodon-sidekiq.service systemctl start mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service
sudo chown root: /etc/systemd/system/mastodon-sidekiq.service
sudo cp ../conf/mastodon-streaming.service /etc/systemd/system/mastodon-streaming.service
sudo chown root: /etc/systemd/system/mastodon-streaming.service
sudo systemctl daemon-reload
sudo systemctl enable /etc/systemd/system/mastodon-*.service
sudo systemctl start mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service
# debug # debug
sudo systemctl status mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service systemctl status mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service
# Add service YunoHost
sudo yunohost service add mastodon-web
sudo yunohost service add mastodon-sidekiq
sudo yunohost service add mastodon-streaming
# Create user # Create user
sudo su - $app <<UCOMMANDS (
pushd ~/live su $app
cd ~/live
RAILS_ENV=production bundle exec rails c RAILS_ENV=production bundle exec rails c
account = Account.create!(username: '$admin_mastodon') account = Account.create!(username: '$admin_mastodon')
user = User.create!(email: '$admin_mastodon_mail', password: '$admin_pass', account: account) user = User.create!(email: '$admin_mastodon_mail', password: '$admin_pass', account: account)
UCOMMANDS )
# Create administrator & confirm user # Create administrator & confirm user
sudo su - $app <<ACOMMANDS (
pushd ~/live su $app
cd ~/live
RAILS_ENV=production bin/bundle exec rails mastodon:make_admin USERNAME=$admin_mastodon RAILS_ENV=production bin/bundle exec rails mastodon:make_admin USERNAME=$admin_mastodon
RAILS_ENV=production bin/bundle exec rails mastodon:confirm_email USER_EMAIL=$admin_mastodon_mail RAILS_ENV=production bin/bundle exec rails mastodon:confirm_email USER_EMAIL=$admin_mastodon_mail
ACOMMANDS )
# Modify Nginx configuration file and copy it to Nginx conf directory
sudo sed -i "s@__PATH__@$app@g" ../conf/nginx.conf*
sudo sed -i "s@__FINALPATH__@$final_path@g" ../conf/nginx.conf*
sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
# Install crontab # Install crontab
sudo cp ../conf/crontab_mastodon /etc/cron.d/$app cp ../conf/crontab_mastodon /etc/cron.d/$app
sudo sed -i "s@__APP__@$app@g" /etc/cron.d/$app sed -i "s@__APP__@$app@g" /etc/cron.d/$app
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# TODO:Set permissions to app files
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
# Add service YunoHost
yunohost service add mastodon-web
yunohost service add mastodon-sidekiq
yunohost service add mastodon-streaming
#=================================================
# SETUP SSOWAT
#=================================================
# TODO: all private install
# Unprotected url # Unprotected url
ynh_app_setting_set "$app" unprotected_uris "/" ynh_app_setting_set "$app" unprotected_uris "/"
# Reload SSOwat configuration #=================================================
sudo yunohost app ssowatconf # RELOAD NGINX
#=================================================
# Reload Nginx # Reload Nginx
sudo systemctl reload nginx systemctl reload nginx

View file

@ -3,13 +3,13 @@
# Exit on command errors and treat unset variables as an error # Exit on command errors and treat unset variables as an error
set -u set -u
if [ ! -e .fonctions ]; then if [ ! -e _common.sh ]; then
# Get file fonction if not been to the current directory # Get file fonction if not been to the current directory
sudo cp ../settings/scripts/.fonctions ./.fonctions sudo cp ../settings/scripts/_common.sh ./_common.sh
sudo chmod a+rx .fonctions sudo chmod a+rx _common.sh
fi fi
source .fonctions # Loads the generic functions usually used in the script source _common.sh # Loads the generic functions usually used in the script
# Source app helpers # Source app helpers
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers

View file

@ -4,13 +4,13 @@
# Exit on command errors and treat unset variables as an error # Exit on command errors and treat unset variables as an error
set -eu set -eu
if [ ! -e .fonctions ]; then if [ ! -e _common.sh ]; then
# Get file fonction if not been to the current directory # Get file fonction if not been to the current directory
sudo cp ../settings/scripts/.fonctions ./.fonctions sudo cp ../settings/scripts/_common.sh ./_common.sh
sudo chmod a+rx .fonctions sudo chmod a+rx _common.sh
fi fi
# Loads the generic functions usually used in the script # Loads the generic functions usually used in the script
source .fonctions source _common.sh
# Source app helpers # Source app helpers
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers

View file

@ -4,7 +4,7 @@
set -eu set -eu
# Loads the generic functions usually used in the script # Loads the generic functions usually used in the script
source .fonctions source _common.sh
# Source YunoHost helpers # Source YunoHost helpers
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers