YunoHost-Apps/mautrix_discord_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/mautrix_discord_ynh.git synced 2024-09-03 19:36:35 +02:00
Code Issues Activity Actions

Fix install and upgrade

Browse source
This commit is contained in:
Florent 2024-01-15 09:12:08 +01:00 committed by Florent F
parent 0df96055cc
commit cf16f0a9f3
3 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
conf/systemd.service
View file

@ -17,13 +17,16 @@ RestartSec=3
# Depending on specificities of your service/app, you may need to tweak these # Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline # .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
ReadWritePaths=__INSTALL_DIR__ /var/log/__APP__
NoNewPrivileges=yes NoNewPrivileges=yes
MemoryDenyWriteExecute=true MemoryDenyWriteExecute=true
PrivateTmp=yes PrivateTmp=yes
PrivateDevices=yes PrivateDevices=yes
PrivateUsers=true
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes RestrictNamespaces=yes
RestrictRealtime=yes RestrictRealtime=yes
RestrictSUIDSGID=true
DevicePolicy=closed DevicePolicy=closed
ProtectClock=yes ProtectClock=yes
ProtectHostname=yes ProtectHostname=yes
@ -32,8 +35,10 @@ ProtectSystem=full
ProtectControlGroups=yes ProtectControlGroups=yes
ProtectKernelModules=yes ProtectKernelModules=yes
ProtectKernelTunables=yes ProtectKernelTunables=yes
ProtectKernelLogs=true
LockPersonality=yes LockPersonality=yes
SystemCallArchitectures=native SystemCallArchitectures=native
SystemCallErrorNumber=EPERM
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
# Denying access to capabilities that should not be relevant for webapps # Denying access to capabilities that should not be relevant for webapps

6
scripts/install
View file

@ -66,7 +66,11 @@ ynh_add_systemd_config
yunohost service add $app --description="Matrix Discord pupetting bridge for YunoHost" --log="/var/log/$app/$app.log" yunohost service add $app --description="Matrix Discord pupetting bridge for YunoHost" --log="/var/log/$app/$app.log"
ynh_use_logrotate # Use logrotate to manage application logfile(s)
ynh_use_logrotate --logfile "/var/log/$app/$app.log" --nonappend --specific_user $app/$app
chmod -R 600 "/var/log/$app"
chmod 700 "/var/log/$app"
chown -R $app:$app /var/log/$app
#================================================= #=================================================
# APP INITIAL CONFIGURATION # APP INITIAL CONFIGURATION

6
scripts/upgrade
View file

@ -56,7 +56,11 @@ ynh_add_systemd_config
yunohost service add $app --description="Matrix Discord pupetting bridge for YunoHost" --log="/var/log/$app/$app.log" yunohost service add $app --description="Matrix Discord pupetting bridge for YunoHost" --log="/var/log/$app/$app.log"
ynh_use_logrotate --non-append # Use logrotate to manage application logfile(s)
ynh_use_logrotate --logfile "/var/log/$app/$app.log" --nonappend --specific_user $app/$app
chmod -R 600 "/var/log/$app"
chmod 700 "/var/log/$app"
chown -R $app:$app /var/log/$app
#================================================= #=================================================
# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...) # RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...)