1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/monitorix_ynh.git synced 2024-09-03 19:46:06 +02:00

Merge pull request #47 from YunoHost-Apps/systemd_unit

Systemd unit
This commit is contained in:
Josue-T 2023-02-01 20:54:00 +01:00 committed by GitHub
commit 5d5e47556f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
11 changed files with 101 additions and 36 deletions

View file

@ -5,15 +5,15 @@ It shall NOT be edited by hand.
# Monitorix pour YunoHost # Monitorix pour YunoHost
[![Niveau d'intégration](https://dash.yunohost.org/integration/monitorix.svg)](https://dash.yunohost.org/appci/app/monitorix) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/monitorix.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/monitorix.maintain.svg) [![Niveau dintégration](https://dash.yunohost.org/integration/monitorix.svg)](https://dash.yunohost.org/appci/app/monitorix) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/monitorix.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/monitorix.maintain.svg)
[![Installer Monitorix avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=monitorix) [![Installer Monitorix avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=monitorix)
*[Read this readme in english.](./README.md)* *[Read this readme in english.](./README.md)*
> *Ce package vous permet d'installer Monitorix rapidement et simplement sur un serveur YunoHost. > *Ce package vous permet dinstaller Monitorix rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment linstaller et en profiter.*
## Vue d'ensemble ## Vue densemble
Monitorix is a free, open source, lightweight system monitoring tool designed to monitor as many services and system resources as possible. It has been created to be used under production Linux/UNIX servers, but due to its simplicity and small size can be used on embedded devices as well. Monitorix is a free, open source, lightweight system monitoring tool designed to monitor as many services and system resources as possible. It has been created to be used under production Linux/UNIX servers, but due to its simplicity and small size can be used on embedded devices as well.
@ -22,9 +22,9 @@ Monitorix is a free, open source, lightweight system monitoring tool designed to
**Démo :** https://www.fibranet.cat/monitorix/ **Démo :** https://www.fibranet.cat/monitorix/
## Captures d'écran ## Captures décran
![Capture d'écran de Monitorix](./doc/screenshots/mail.png) ![Capture décran de Monitorix](./doc/screenshots/mail.png)
## Avertissements / informations importantes ## Avertissements / informations importantes
@ -280,9 +280,9 @@ In this config we have :
## Documentations et ressources ## Documentations et ressources
* Site officiel de l'app : <http://monitorix.org> * Site officiel de lapp : <http://monitorix.org>
* Documentation officielle de l'admin : <https://www.monitorix.org/documentation.html> * Documentation officielle de ladmin : <https://www.monitorix.org/documentation.html>
* Dépôt de code officiel de l'app : <https://github.com/mikaku/Monitorix> * Dépôt de code officiel de lapp : <https://github.com/mikaku/Monitorix>
* Documentation YunoHost pour cette app : <https://yunohost.org/app_monitorix> * Documentation YunoHost pour cette app : <https://yunohost.org/app_monitorix>
* Signaler un bug : <https://github.com/YunoHost-Apps/monitorix_ynh/issues> * Signaler un bug : <https://github.com/YunoHost-Apps/monitorix_ynh/issues>
@ -298,4 +298,4 @@ ou
sudo yunohost app upgrade monitorix -u https://github.com/YunoHost-Apps/monitorix_ynh/tree/testing --debug sudo yunohost app upgrade monitorix -u https://github.com/YunoHost-Apps/monitorix_ynh/tree/testing --debug
``` ```
**Plus d'infos sur le packaging d'applications :** <https://yunohost.org/packaging_apps> **Plus dinfos sur le packaging dapplications :** <https://yunohost.org/packaging_apps>

View file

@ -30,7 +30,7 @@ base_cgi = __YNH_WWW_PATH__/cgi
port = __SERVICE_PORT__ port = __SERVICE_PORT__
user = www-data user = www-data
group = nogroup group = nogroup
log_file = /var/log/monitorix-httpd log_file = /var/log/monitorix-httpd.log
hosts_deny = hosts_deny =
hosts_allow = hosts_allow =
https_url = y https_url = y
@ -44,7 +44,7 @@ base_cgi = __YNH_WWW_PATH__/cgi
# Log files pathnames # Log files pathnames
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
log_file = /var/log/monitorix log_file = /var/log/monitorix.log
secure_log = /var/log/secure secure_log = /var/log/secure
mail_log = /var/log/maillog mail_log = /var/log/maillog
milter_gl = /var/milter-greylist/greylist.db milter_gl = /var/milter-greylist/greylist.db

45
conf/systemd.service Normal file
View file

@ -0,0 +1,45 @@
[Unit]
Description=Monitorix
[Service]
Type=simple
User=__SYSTEMD_USER__
ExecStart=/usr/bin/monitorix -c /etc/monitorix/monitorix.conf -p /var/run/monitorix.pid -n
Restart=always
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
# PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectClock=yes
ProtectHostname=yes
ProtectProc=invisible
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @cpu-emulation @swap
# # Denying access to capabilities that should not be relevant for webapps
# # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

View file

@ -21,7 +21,7 @@
"email": "josue@familletille.ch" "email": "josue@familletille.ch"
}, },
"requirements": { "requirements": {
"yunohost": ">= 4.3.0" "yunohost": ">= 11.0.11"
}, },
"multi_instance": false, "multi_instance": false,
"services": [ "services": [

View file

@ -3,6 +3,7 @@
#================================================= #=================================================
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
systemd_user=root
#================================================= #=================================================
# DEFINE ALL COMMON FONCTIONS # DEFINE ALL COMMON FONCTIONS

View file

@ -32,6 +32,9 @@ domain=$(ynh_app_setting_get --app $app --key domain)
ynh_backup --src_path "/etc/nginx/conf.d/${domain}.d/${app}.conf" ynh_backup --src_path "/etc/nginx/conf.d/${domain}.d/${app}.conf"
ynh_backup --src_path "/etc/nginx/conf.d/monitorix_status.conf" ynh_backup --src_path "/etc/nginx/conf.d/monitorix_status.conf"
# systemd config
ynh_backup --src_path "/etc/systemd/system/${app}.service"
# Copy hook # Copy hook
ynh_backup --src_path "/etc/yunohost/hooks.d/post_iptable_rules/50-$app" ynh_backup --src_path "/etc/yunohost/hooks.d/post_iptable_rules/50-$app"

View file

@ -55,6 +55,10 @@ install_dependances
ynh_script_progression --message="Installing sources files..." --weight=7 ynh_script_progression --message="Installing sources files..." --weight=7
get_install_source get_install_source
# Configure init script
ynh_script_progression --message="Configuring a systemd service..." --weight=2
ynh_add_systemd_config
# # Generate MySQL user # # Generate MySQL user
ynh_script_progression --message="Configuring MySQL database..." ynh_script_progression --message="Configuring MySQL database..."
dbuser=$app dbuser=$app
@ -88,6 +92,6 @@ ynh_script_progression --message="Starting monitorix services..." --weight=3
systemctl stop monitorix.service systemctl stop monitorix.service
sleep 1 sleep 1
pkill -f "monitorix-httpd listening on" || true pkill -f "monitorix-httpd listening on" || true
ynh_systemd_action -l ' - Ok, ready.' -p '/var/log/monitorix' ynh_systemd_action -l ' - Ok, ready.' -p 'systemd'
ynh_script_progression --message="Installation of $app completed" --last ynh_script_progression --message="Installation of $app completed" --last

View file

@ -39,6 +39,10 @@ ynh_print_info --message="Due of the backup core only feature the data directory
ynh_secure_remove --file="/etc/nginx/conf.d/monitorix_status.conf" ynh_secure_remove --file="/etc/nginx/conf.d/monitorix_status.conf"
ynh_remove_nginx_config ynh_remove_nginx_config
# Remove init script
ynh_script_progression --message="Removing systemd units..."
ynh_remove_systemd_config
# Autoremove package # Autoremove package
ynh_script_progression --message="Removing dependencies" --weight=10 ynh_script_progression --message="Removing dependencies" --weight=10
ynh_remove_app_dependencies ynh_remove_app_dependencies

View file

@ -49,6 +49,10 @@ ynh_secure_remove --file=/etc/monitorix # we remove the directory because if it
ynh_secure_remove --file=/var/lib/monitorix ynh_secure_remove --file=/var/lib/monitorix
ynh_restore ynh_restore
# Restore systemd files
systemctl daemon-reload
systemctl enable "$app".service --quiet
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
@ -70,6 +74,6 @@ ynh_script_progression --message="Starting monitorix services..." --weight=3
systemctl stop monitorix.service systemctl stop monitorix.service
sleep 1 sleep 1
pkill -f "monitorix-httpd listening on" || true pkill -f "monitorix-httpd listening on" || true
ynh_systemd_action -l ' - Ok, ready.' -p '/var/log/monitorix' ynh_systemd_action -l ' - Ok, ready.' -p 'systemd'
ynh_script_progression --message="Restoration completed for $app" --last ynh_script_progression --message="Restoration completed for $app" --last

View file

@ -55,6 +55,10 @@ ynh_script_progression --message="Upgrading source files..." --weight=6
test -e /etc/monitorix/conf.d/00-debian.conf || touch /etc/monitorix/conf.d/00-debian.conf test -e /etc/monitorix/conf.d/00-debian.conf || touch /etc/monitorix/conf.d/00-debian.conf
get_install_source get_install_source
# Configure init script
ynh_script_progression --message="Configuring a systemd service..." --weight=2
ynh_add_systemd_config
# Update nginx config # Update nginx config
config_nginx config_nginx
@ -83,6 +87,6 @@ ynh_script_progression --message="Starting monitorix services..." --weight=3
systemctl stop monitorix.service systemctl stop monitorix.service
sleep 1 sleep 1
pkill -f "monitorix-httpd listening on" || true pkill -f "monitorix-httpd listening on" || true
ynh_systemd_action -l ' - Ok, ready.' -p '/var/log/monitorix' ynh_systemd_action -l ' - Ok, ready.' -p 'systemd'
ynh_script_progression --message="Upgrade of $app completed" --last ynh_script_progression --message="Upgrade of $app completed" --last