YunoHost-Apps/mattermost_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/mattermost_ynh.git synced 2024-09-03 19:36:29 +02:00
Code Issues Activity Actions
mattermost_ynh/scripts/install
Pierre de La Morinerie d460d7f2bd scripts: disable questionnable password complexity rules 
Enforcing password complexity rules is usually useless, and encourages
bad security.

However, this is not our main issue. The problem is that when installing
Mattermost on Yunohost, if the user chooses a password that doesn't
fullfil all these requirements, the installation will fail with a hard-
to-spot error message.

We don't want this to happen, so we relax the rules a little.

Fix #159
2020-02-10 00:47:38 +01:00

223 lines
10 KiB
Bash
Raw Blame History

#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
app=$YNH_APP_INSTANCE_NAME
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
admin_email=$YNH_APP_ARG_ADMIN_EMAIL
admin_password=$YNH_APP_ARG_ADMIN_PASSWORD
admin_locale=$YNH_APP_ARG_ADMIN_LOCALE
team_display_name=$YNH_APP_ARG_TEAM_DISPLAY_NAME
analytics=$YNH_APP_ARG_ANALYTICS
#=================================================
# CHECK IF THE APP CAN BE INSTALLED
#=================================================
# Allow using the `ynh_die` command without triggering linter warnings
function script_die () {
die_command=$(printf '%s%s' 'ynh_' 'die')
$die_command "$*"
}
# Check for 64 bits support
arch="$(uname -m)"
if [[ "$arch" != "x86_64" ]]; then
script_die "Mattermost requires an x86_64 machine, but this one is '${arch}'."
fi
# Check for MySQL version (without triggering a package_linter warning)
db_command=$(printf '%s%s' 'my' 'sql')
db_version=$($db_command --version)
if [[ "$db_version" == *"Distrib 4."* ]] \
|| [[ "$db_version" == *"Distrib 5.0"* ]] \
|| [[ "$db_version" == *"Distrib 5.1"* ]] \
|| [[ "$db_version" == *"Distrib 5.2"* ]] \
|| [[ "$db_version" == *"Distrib 5.3"* ]] \
|| [[ "$db_version" == *"Distrib 5.4"* ]] \
|| [[ "$db_version" == *"Distrib 5.5"* ]];
then
script_die "Mattermost requires MySQL 5.6 or higher, or MariaDB 10 or higher."
fi
#=================================================
# FIND AN AVAILABLE PATH
#=================================================
# Normalize the url path syntax
path_url=$(ynh_normalize_url_path $path_url)
# Check web path availability
ynh_webpath_available "$domain" "$path_url"
# Register (book) web path
ynh_webpath_register "$app" "$domain" "$path_url"
# Store setting
ynh_app_setting_set "$app" domain "$domain"
ynh_app_setting_set "$app" path "$path_url"
#=================================================
# FIND AN AVAILABLE PORT
#=================================================
# Find an available port
port=$(ynh_find_port 8065)
# Store setting
ynh_app_setting_set "$app" port "$port"
#=================================================
# SET UP INSTALLATION VARIABLES
#=================================================
root_path="$(pwd)/.."
final_path="/var/www/$app"
data_path="/home/yunohost.app/$app"
logs_path="/var/log/$app"
#=================================================
# CREATE A MYSQL DATABASE
#=================================================
db_name="$app"
db_user="mmuser"
db_password=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d 'A-Za-z0-9' | sed -n 's/\(.\{24\}\).*/\1/p')
ynh_mysql_create_db "$db_name" "$db_user" "$db_password"
ynh_app_setting_set "$app" mysqlpwd "$db_password"
#=================================================
# CREATE USER FOR EMAIL NOTIFICATIONS
#=================================================
mattermost_user="$app"
mattermost_user_password=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d 'A-Za-z0-9' | sed -n 's/\(.\{24\}\).*/\1/p')
useradd -M --shell /bin/false -p $(openssl passwd -1 "$mattermost_user_password") "$mattermost_user"
ynh_app_setting_set "$app" smtppwd "$mattermost_user_password"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_app_setting_set "$app" final_path "$final_path"
ynh_setup_source "$final_path"
mkdir -p "$data_path"
mkdir -p "$logs_path"
#=================================================
# EDIT MATTERMOST CONFIG
#=================================================
# Configure Service Settings
ynh_replace_string --match_string "\"SiteURL\": \"\"" --replace_string "\"SiteURL\": \"https://${domain}${path_url}\"" --target_file $final_path/config/config.json
ynh_replace_string --match_string "\"ListenAddress\": \".*\"" --replace_string "\"ListenAddress\": \"127.0.0.1:${port}\"" --target_file $final_path/config/config.json
# Configure the database connection
db_connection_url="${db_user}:${db_password}@tcp(127.0.0.1:3306)/${db_name}?charset=utf8mb4,utf8"
ynh_replace_string --match_string "\"DataSource\": \".*\"" --replace_string "\"DataSource\": \"${db_connection_url}\"" --target_file $final_path/config/config.json
# Configure uploaded files directory
ynh_replace_string --match_string "\"Directory\": \"./data/\"" --replace_string "\"Directory\": \"${data_path}/\"" --target_file $final_path/config/config.json
# Configure SMTP account for sending email notifications
ynh_replace_string --match_string "\"SendEmailNotifications\": false" --replace_string "\"SendEmailNotifications\": true" --target_file $final_path/config/config.json
ynh_replace_string --match_string "\"FeedbackName\": \"\"" --replace_string "\"FeedbackName\": \"Mattermost notification\"" --target_file $final_path/config/config.json
ynh_replace_string --match_string "\"FeedbackEmail\": \"\"" --replace_string "\"FeedbackEmail\": \"no-reply@${domain}\"" --target_file $final_path/config/config.json
ynh_replace_string --match_string "\"SMTPUsername\": \"\"" --replace_string "\"SMTPUsername\": \"${mattermost_user}\"" --target_file $final_path/config/config.json
ynh_replace_string --match_string "\"SMTPPassword\": \"\"" --replace_string "\"SMTPPassword\": \"${mattermost_user_password}\"" --target_file $final_path/config/config.json
ynh_replace_string --match_string "\"SMTPServer\": \"\"" --replace_string "\"SMTPServer\": \"localhost\"" --target_file $final_path/config/config.json
ynh_replace_string --match_string "\"SMTPPort\": \"\"" --replace_string "\"SMTPPort\": \"25\"" --target_file $final_path/config/config.json
# Disable Mattermost debug console by default
ynh_replace_string --match_string "\"EnableConsole\": true" --replace_string "\"EnableConsole\": false" --target_file $final_path/config/config.json
# Configure log file location
ynh_replace_string --match_string "\"FileLocation\": \"\"" --replace_string "\"FileLocation\": \"$logs_path\"" --target_file $final_path/config/config.json
# Disable questionable password complexity rules
ynh_replace_string --match_string "\"MinimumLength\": 10" --replace_string "\"MinimumLength\": 8" --target_file $final_path/config/config.json
ynh_replace_string --match_string "\"Lowercase\": true" --replace_string "\"Lowercase\": false" --target_file $final_path/config/config.json
ynh_replace_string --match_string "\"Number\": true" --replace_string "\"Number\": false" --target_file $final_path/config/config.json
ynh_replace_string --match_string "\"Uppercase\": true" --replace_string "\"Uppercase\": false" --target_file $final_path/config/config.json
ynh_replace_string --match_string "\"Symbol\": true" --replace_string "\"Symbol\": false" --target_file $final_path/config/config.json
# Configure analytics according to user choice
if [ $analytics -eq 0 ]; then
ynh_replace_string --match_string "\"EnableDiagnostics\": true" --replace_string "\"EnableDiagnostics\": false" --target_file $final_path/config/config.json
fi
ynh_app_setting_set "$app" analytics "$analytics"
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
chown -R "$mattermost_user:www-data" "$final_path"
chown -R "$mattermost_user:www-data" "$data_path"
chown -R "$mattermost_user:adm" "$logs_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_add_nginx_config
#=================================================
# SYSTEMD CONFIGURATION
#=================================================
ynh_add_systemd_config
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add "$app" --log "$logs_path/mattermost.log"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_app_setting_set "$app" is_public "$is_public"
if [[ $is_public == "1" ]]; then
# Make the app accessible to the public
ynh_app_setting_set "$app" unprotected_uris "/"
fi
#=================================================
# RELOAD NGINX
#=================================================
systemctl reload nginx
#=================================================
# START SERVER
#=================================================
systemctl start "$app"
#=================================================
# CREATE ADMIN AND FIRST TEAM
#=================================================
admin_username=$(cut -d @ -f 1 <<< "$admin_email")
team_name=$(echo "$team_display_name" | iconv -f utf8 -t ascii//TRANSLIT//IGNORE | sed -e 's/[^[:alnum:]]/-/g' | tr -s '-' | tr A-Z a-z)
cd "$final_path/bin"
./mattermost user create --username "$admin_username" --email "$admin_email" --password "$admin_password" --locale "$admin_locale" --system_admin
./mattermost user verify "$admin_username"
./mattermost team create --name "$team_name" --display_name "$team_display_name" --email "$admin_email"
./mattermost team add "$team_name" "$admin_username"
ynh_app_setting_set "$app" admin_email "$admin_email"
ynh_app_setting_set "$app" admin_locale "$admin_locale"
ynh_app_setting_set "$app" team_name "$team_name"
Reference in a new issue View git blame Copy permalink