diff --git a/conf/.env.production.sample b/conf/.env.production.sample index d27bf87..920d0d8 100644 --- a/conf/.env.production.sample +++ b/conf/.env.production.sample @@ -170,7 +170,7 @@ STREAMING_CLUSTER_NUM=1 # GID=1000 # LDAP authentication (optional) -LDAP_ENABLED=true +LDAP_ENABLED=__LDAP_ENABLED__ LDAP_HOST=localhost LDAP_PORT=389 LDAP_METHOD=start_tls diff --git a/manifest.json b/manifest.json index 5925f8f..42856be 100644 --- a/manifest.json +++ b/manifest.json @@ -67,7 +67,16 @@ }, "choices": ["en_EN", "fr_FR"], "default": "fr_FR" - } + }, + { + "name": "ldap_enabled", + "type": "boolean", + "ask": { + "en": "Do you want to enable ldap authentication?", + "fr": "Voulez vous activer l'authentification LDAP?" + }, + "default": true + } ] } } diff --git a/scripts/install b/scripts/install index cb059ba..89bd1a9 100644 --- a/scripts/install +++ b/scripts/install @@ -35,6 +35,7 @@ path_url="/" admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC language=$YNH_APP_ARG_LANGUAGE +ldap_enabled=$YNH_APP_ARG_LDAP_ENABLED admin_mail=$(ynh_user_get_info $admin 'mail') @@ -61,6 +62,7 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=language --value=$language +ynh_app_setting_set --app=$app --key=ldap_enabled --value=$ldap_enabled #================================================= # STANDARD MODIFICATIONS @@ -108,7 +110,7 @@ ynh_script_progression --message="Setting up source files..." --weight=5 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src mkdir $final_path -ynh_setup_source --dest_dir="$final_path/live" +ynh_setup_source --dest_dir="$final_path/live" # Temporary workaround for https://github.com/tootsuite/mastodon/issues/13292 ynh_replace_string --match_string="sidekiq-unique-jobs (6.0.18)" --replace_string="sidekiq-unique-jobs (6.0.20)" --target_file="$final_path/live/Gemfile.lock" @@ -162,26 +164,29 @@ ynh_install_ruby --ruby_version=2.6.5 #================================================= ynh_script_progression --message="Modifying a config file..." --weight=2 -cp -f ../conf/.env.production.sample "$final_path/live/.env.production" -ynh_replace_string --match_string="__DB_USER__" --replace_string="$app" --target_file="$final_path/live/.env.production" -ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$final_path/live/.env.production" -ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/live/.env.production" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/live/.env.production" -ynh_replace_string --match_string="__SMTP_FROM_ADDRESS__" --replace_string="$admin_mail" --target_file="${final_path}/live/.env.production" +config="${final_path}/live/.env.production" +cp -f ../conf/.env.production.sample "$config" +ynh_replace_string --match_string="__DB_USER__" --replace_string="$app" --target_file="$config" +ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config" +ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config" +ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config" +ynh_replace_string --match_string="__SMTP_FROM_ADDRESS__" --replace_string="$admin_mail" --target_file="$config" language="$(echo $language | head -c 2)" -ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="$final_path/live/.env.production" +ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="$config" + +ynh_replace_string --match_string="__LDAP_ENABLED__" --replace_string="$ldap_enabled" --target_file="$config" paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) -ynh_replace_string --match_string="PAPERCLIP_SECRET=" --replace_string="PAPERCLIP_SECRET=$paperclip_secret" --target_file="${final_path}/live/.env.production" +ynh_replace_string --match_string="PAPERCLIP_SECRET=" --replace_string="PAPERCLIP_SECRET=$paperclip_secret" --target_file="$config" ynh_app_setting_set --app="$app" --key=paperclip_secret --value="$paperclip_secret" secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) -ynh_replace_string --match_string="__SECRET_KEY_BASE__" --replace_string="$secret_key_base" --target_file="$final_path/live/.env.production" +ynh_replace_string --match_string="__SECRET_KEY_BASE__" --replace_string="$secret_key_base" --target_file="$config" ynh_app_setting_set --app="$app" --key=secret_key_base --value="$secret_key_base" otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) -ynh_replace_string --match_string="__OTP_SECRET__" --replace_string="$otp_secret" --target_file="$final_path/live/.env.production" +ynh_replace_string --match_string="__OTP_SECRET__" --replace_string="$otp_secret" --target_file="$config" ynh_app_setting_set --app="$app" --key=otp_secret --value="$otp_secret" #================================================= @@ -195,7 +200,7 @@ pushd "$final_path/live" ynh_use_nodejs sudo -u "$app" env PATH=$PATH /opt/rbenv/versions/2.6.5/bin/bundle install -j$(getconf _NPROCESSORS_ONLN) --deployment --without development test sudo -u "$app" env PATH=$PATH yarn install --pure-lockfile - sudo -u "$app" echo "SAFETY_ASSURED=1">> .env.production + sudo -u "$app" echo "SAFETY_ASSURED=1">> $config sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.5/bin/bundle exec rails db:setup --quiet sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.5/bin/bundle exec rails assets:precompile --quiet sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.5/bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt @@ -208,8 +213,8 @@ ynh_secure_remove --file="$final_path/live/acc.txt" vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$final_path/live/key.txt") vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "$final_path/live/key.txt") -ynh_replace_string --match_string="__VAPID_PRIVATE_KEY__" --replace_string="$vapid_private_key" --target_file="${final_path}/live/.env.production" -ynh_replace_string --match_string="__VAPID_PUBLIC_KEY__" --replace_string="$vapid_public_key" --target_file="${final_path}/live/.env.production" +ynh_replace_string --match_string="__VAPID_PRIVATE_KEY__" --replace_string="$vapid_private_key" --target_file="$config" +ynh_replace_string --match_string="__VAPID_PUBLIC_KEY__" --replace_string="$vapid_public_key" --target_file="$config" ynh_app_setting_set --app="$app" --key=vapid_private_key --value="$vapid_private_key" ynh_app_setting_set --app="$app" --key=vapid_public_key --value="$vapid_public_key" @@ -222,7 +227,7 @@ ynh_secure_remove --file="$final_path/live/key.txt" ynh_script_progression --message="Setuping a cron job for removing cache..." --weight=1 ynh_replace_string --match_string="__FINAL_PATH__" --replace_string="$final_path" --target_file="../conf/cron" -ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="../conf/cron" +ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="../conf/cron" sudo cp -f ../conf/cron /etc/cron.d/$app #================================================= @@ -231,11 +236,11 @@ sudo cp -f ../conf/cron /etc/cron.d/$app ynh_script_progression --message="Configuring a systemd service..." --weight=5 # Create a dedicated systemd config -ynh_replace_string --match_string="__PORT_WEB__" --replace_string="$port_web" --target_file="../conf/mastodon-web.service" +ynh_replace_string --match_string="__PORT_WEB__" --replace_string="$port_web" --target_file="../conf/mastodon-web.service" ynh_replace_string --match_string="__PORT_STREAM__" --replace_string="$port_stream" --target_file="../conf/mastodon-streaming.service" ynh_replace_string --match_string="__NODEJS_PATH__" --replace_string="$nodejs_path" --target_file="../conf/mastodon-streaming.service" -ynh_add_systemd_config --service="$app-web" --template="mastodon-web.service" -ynh_add_systemd_config --service="$app-sidekiq" --template="mastodon-sidekiq.service" +ynh_add_systemd_config --service="$app-web" --template="mastodon-web.service" +ynh_add_systemd_config --service="$app-sidekiq" --template="mastodon-sidekiq.service" ynh_add_systemd_config --service="$app-streaming" --template="mastodon-streaming.service" #================================================= @@ -244,7 +249,7 @@ ynh_add_systemd_config --service="$app-streaming" --template="mastodon-streaming ynh_script_progression --message="Storing the config file checksum..." --weight=1 # Calculate and store the config file checksum into the app settings -ynh_store_file_checksum --file="${final_path}/live/.env.production" +ynh_store_file_checksum --file="$config" #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index 153437b..5c6df00 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -26,6 +26,7 @@ admin=$(ynh_app_setting_get --app=$app --key=admin) is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) language=$(ynh_app_setting_get --app=$app --key=language) +ldap_enabled=$(ynh_app_setting_get --app=$app --key=ldap_enabled) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) @@ -51,6 +52,7 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 +config="${final_path}/live/.env.production" # If db_name doesn't exist, create it if [ -z "$db_name" ]; then db_name="${app}_production" @@ -87,12 +89,12 @@ if [[ -z "$db_pwd" ]]; then ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd ynh_psql_test_if_first_run sudo --login --user=postgres psql -c"ALTER user $app WITH PASSWORD '$db_pwd'" postgres - ynh_replace_string --match_string="DB_PASS=" --replace_string="DB_PASS=${db_pwd}" --target_file="${final_path}/live/.env.production" + ynh_replace_string --match_string="DB_PASS=" --replace_string="DB_PASS=${db_pwd}" --target_file="$config" fi # If paperclip_secret doesn't exist, retrieve it or create it if [[ -z "$paperclip_secret" ]]; then - paperclip_secret=$(grep -oP "PAPERCLIP_SECRET=\K\w+" ${final_path}/live/.env.production) + paperclip_secret=$(grep -oP "PAPERCLIP_SECRET=\K\w+" $config) if [[ -z "$paperclip_secret" ]]; then paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) fi @@ -101,7 +103,7 @@ fi # If secret_key_base doesn't exist, retrieve it or create it if [[ -z "$secret_key_base" ]]; then - secret_key_base=$(grep -oP "SECRET_KEY_BASE=\K\w+" ${final_path}/live/.env.production) + secret_key_base=$(grep -oP "SECRET_KEY_BASE=\K\w+" $config) if [[ -z "$secret_key_base" ]]; then secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) fi @@ -110,7 +112,7 @@ fi # If otp_secret doesn't exist, retrieve it or create it if [[ -z "$otp_secret" ]]; then - otp_secret=$(grep -oP "OTP_SECRET=\K\w+" ${final_path}/live/.env.production) + otp_secret=$(grep -oP "OTP_SECRET=\K\w+" $config) if [[ -z "$otp_secret" ]]; then otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) fi @@ -119,12 +121,18 @@ fi # If vapid_private_key doesn't exist, retrieve it or create it if [[ -z "$vapid_private_key" ]]; then - vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" ${final_path}/live/.env.production) - vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" ${final_path}/live/.env.production) + vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" $config) + vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" $config) ynh_app_setting_set "$app" vapid_private_key "$vapid_private_key" ynh_app_setting_set "$app" vapid_public_key "$vapid_public_key" fi +# If ldap_enabled doesn't exist, create it +if [[ -z "$ldap_enabled" ]]; then + ldap_enabled=false + ynh_app_setting_set --app=$app --key=ldap_enabled --value=$ldap_enabled +fi + #Remove previous added repository ynh_remove_extra_repo @@ -180,8 +188,8 @@ then mkdir $tmpdir/system if [ -d "$final_path/live/public/system" ]; then rsync -a "$final_path/live/public/system" "$tmpdir/." - fi - rsync -a "$final_path/live/.env.production" "$tmpdir/." + fi + rsync -a "$config" "$tmpdir/." ynh_secure_remove --file="$final_path/live" ynh_setup_source --dest_dir="$final_path/live" @@ -256,25 +264,27 @@ ynh_install_ruby --ruby_version=2.6.5 #================================================= ynh_script_progression --message="Modifying a config file..." --weight=1 -ynh_backup_if_checksum_is_different --file="$final_path/live/.env.production" -cp -f ../conf/.env.production.sample "$final_path/live/.env.production" -ynh_replace_string --match_string="__DB_USER__" --replace_string="$app" --target_file="$final_path/live/.env.production" -ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$final_path/live/.env.production" -ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/live/.env.production" -ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/live/.env.production" -ynh_replace_string --match_string="__SMTP_FROM_ADDRESS__" --replace_string="$admin_mail" --target_file="${final_path}/live/.env.production" +ynh_backup_if_checksum_is_different --file="$config" +cp -f ../conf/.env.production.sample "$config" +ynh_replace_string --match_string="__DB_USER__" --replace_string="$app" --target_file="$config" +ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$config" +ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$config" +ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config" +ynh_replace_string --match_string="__SMTP_FROM_ADDRESS__" --replace_string="$admin_mail" --target_file="$config" language="$(echo $language | head -c 2)" -ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="$final_path/live/.env.production" +ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="$config" -ynh_replace_string --match_string="PAPERCLIP_SECRET=" --replace_string="PAPERCLIP_SECRET=$paperclip_secret" --target_file="${final_path}/live/.env.production" +ynh_replace_string --match_string="__LDAP_ENABLED__" --replace_string="$ldap_enabled" --target_file="$config" -ynh_replace_string --match_string="__SECRET_KEY_BASE__" --replace_string="$secret_key_base" --target_file="$final_path/live/.env.production" +ynh_replace_string --match_string="PAPERCLIP_SECRET=" --replace_string="PAPERCLIP_SECRET=$paperclip_secret" --target_file="$config" -ynh_replace_string --match_string="__OTP_SECRET__" --replace_string="$otp_secret" --target_file="$final_path/live/.env.production" +ynh_replace_string --match_string="__SECRET_KEY_BASE__" --replace_string="$secret_key_base" --target_file="$config" -ynh_replace_string "__VAPID_PRIVATE_KEY__" "$vapid_private_key" "$final_path/live/.env.production" -ynh_replace_string "__VAPID_PUBLIC_KEY__" "$vapid_public_key" "$final_path/live/.env.production" +ynh_replace_string --match_string="__OTP_SECRET__" --replace_string="$otp_secret" --target_file="$config" + +ynh_replace_string --match_string="__VAPID_PRIVATE_KEY__" --replace_string="$vapid_private_key" --target_file="$config" +ynh_replace_string --match_string="__VAPID_PUBLIC_KEY__" --replace_string="$vapid_public_key" --target_file="$config" #================================================= # UPGRADE MASTODON @@ -293,20 +303,8 @@ pushd "$final_path/live" sudo -u "$app" env PATH=$PATH RAILS_ENV=production bin/tootctl cache clear popd -# If vapid_private_key doesn't exist, retrieve it or create it -#if [[ -z "$vapid_private_key" ]]; then -# sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt -# vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$final_path/live/key.txt") -# vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "$final_path/live/key.txt") -# ynh_app_setting_set "$app" vapid_private_key "$vapid_private_key" -# ynh_app_setting_set "$app" vapid_public_key "$vapid_public_key" -# ynh_secure_remove "$final_path/live/key.txt" -# ynh_replace_string "__VAPID_PRIVATE_KEY__" "$vapid_private_key" "${final_path}/live/.env.production" -# ynh_replace_string "__VAPID_PUBLIC_KEY__" "$vapid_public_key" "${final_path}/live/.env.production" -#fi - # Recalculate and store the checksum of the file for the next upgrade. -ynh_store_file_checksum --file="${final_path}/live/.env.production" +ynh_store_file_checksum --file="$config" #================================================= # SETUP CRON JOB FOR REMOVING CACHE @@ -314,7 +312,7 @@ ynh_store_file_checksum --file="${final_path}/live/.env.production" ynh_script_progression --message="Setuping a cron job for removing cache..." --weight=1 ynh_replace_string --match_string="__FINAL_PATH__" --replace_string="$final_path" --target_file="../conf/cron" -ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="../conf/cron" +ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="../conf/cron" sudo cp -f ../conf/cron /etc/cron.d/$app #================================================= @@ -323,11 +321,11 @@ sudo cp -f ../conf/cron /etc/cron.d/$app ynh_script_progression --message="Upgrading systemd configuration..." --weight=13 # Create a dedicated systemd config -ynh_replace_string --match_string="__PORT_WEB__" --replace_string="$port_web" --target_file="../conf/mastodon-web.service" +ynh_replace_string --match_string="__PORT_WEB__" --replace_string="$port_web" --target_file="../conf/mastodon-web.service" ynh_replace_string --match_string="__PORT_STREAM__" --replace_string="$port_stream" --target_file="../conf/mastodon-streaming.service" ynh_replace_string --match_string="__NODEJS_PATH__" --replace_string="$nodejs_path" --target_file="../conf/mastodon-streaming.service" -ynh_add_systemd_config --service="$app-web" --template="mastodon-web.service" -ynh_add_systemd_config --service="$app-sidekiq" --template="mastodon-sidekiq.service" +ynh_add_systemd_config --service="$app-web" --template="mastodon-web.service" +ynh_add_systemd_config --service="$app-sidekiq" --template="mastodon-sidekiq.service" ynh_add_systemd_config --service="$app-streaming" --template="mastodon-streaming.service" #================================================= diff --git a/scripts/ynh_check_ram b/scripts/ynh_check_ram index 11012a3..011c617 100644 --- a/scripts/ynh_check_ram +++ b/scripts/ynh_check_ram @@ -5,9 +5,9 @@ # usage: ynh_check_ram [--required=RAM required in Mb] [--no_swap|--only_swap] [--free_ram] # | arg: -r, --required= - Amount of RAM required in Mb. The helper will return 0 is there's enough RAM, or 1 otherwise. # If --required isn't set, the helper will print the amount of RAM, in Mb. -# | arg: -s, --no_swap - Ignore swap +# | arg: -s, --no_swap - Ignore swap # | arg: -o, --only_swap - Ignore real RAM, consider only swap. -# | arg: -f, --free_ram - Count only free RAM, not the total amount of RAM available. +# | arg: -f, --free_ram - Count only free RAM, not the total amount of RAM available. ynh_check_ram () { # Declare an array to define the options of this helper. declare -Ar args_array=( [r]=required= [s]=no_swap [o]=only_swap [f]=free_ram ) diff --git a/scripts/ynh_install_ruby__2 b/scripts/ynh_install_ruby__2 index f064c08..74b93fa 100644 --- a/scripts/ynh_install_ruby__2 +++ b/scripts/ynh_install_ruby__2 @@ -100,7 +100,7 @@ ynh_install_ruby () { ynh_app_setting_set $app ruby_version $ruby_version # Set environment for ruby users - echo "#rbenv + echo "#rbenv export RBENV_ROOT=$rbenv_install_dir export PATH=\"$rbenv_install_dir/bin:$PATH\" eval \"\$(rbenv init -)\"