From 8629f51b7b673b02f1cb71d3e848a70a8d7e4b1b Mon Sep 17 00:00:00 2001 From: Jules-Bertholet Date: Tue, 27 Apr 2021 16:37:37 -0400 Subject: [PATCH] More tweaks to systemd services, various refactorings --- check_process | 4 +- conf/systemd-beat.service | 3 +- conf/systemd-celery.service | 3 +- conf/systemd.service | 3 +- manifest.json | 2 +- scripts/_common.sh | 66 +++++++++++++++++++++++++++++++ scripts/backup | 7 +--- scripts/change_url | 9 +++-- scripts/install | 78 +++++++++---------------------------- scripts/remove | 11 ++---- scripts/restore | 36 +++++++---------- scripts/upgrade | 69 +++++++++++++------------------- 12 files changed, 142 insertions(+), 149 deletions(-) diff --git a/check_process b/check_process index ff14d37..5a331db 100644 --- a/check_process +++ b/check_process @@ -16,7 +16,7 @@ setup_private=1 setup_public=1 upgrade=1 - upgrade=0 from_commit=CommitHash + upgrade=1 from_commit=a50d46ae3a01d8a5b08ca9f9e62bfc9269fdedfa backup_restore=1 multi_instance=0 port_already_use=0 @@ -26,6 +26,6 @@ Email= Notification=none ;;; Upgrade options ; commit=CommitHash - name=Name and date of the commit. + name= Tweak starting of systemd services (April 1) manifest_arg=domain=DOMAIN&admin=USER&is_public=1& diff --git a/conf/systemd-beat.service b/conf/systemd-beat.service index 877956c..c2709bd 100644 --- a/conf/systemd-beat.service +++ b/conf/systemd-beat.service @@ -1,10 +1,9 @@ [Unit] Description=GPodder-beat -After=network.target postgresql.service redis.service +After=network.target postgresql.service redis.service __APP__.scoket [Service] -Type=basic User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__ diff --git a/conf/systemd-celery.service b/conf/systemd-celery.service index 3a008eb..5c39756 100644 --- a/conf/systemd-celery.service +++ b/conf/systemd-celery.service @@ -1,10 +1,9 @@ [Unit] Description=GPodder-celery -After=network.target postgresql.service redis.service +After=network.target postgresql.service redis.service __APP__.socket [Service] -Type=basic User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__ diff --git a/conf/systemd.service b/conf/systemd.service index eb801a0..c3dfa7a 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,6 +1,7 @@ [Unit] Description=GPodder -After=network.target postgresql.service nginx.service redis.service __APP__.socket __APP__-celery.service __APP__-beat.service +After=network.target postgresql.service nginx.service redis.service __APP__-celery.service __APP__-beat.service +Requires=__APP__.socket [Service] diff --git a/manifest.json b/manifest.json index 6a45f0c..62db53c 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Manage podcast subscriptions, and sync them between apps and devices", "fr": "GĂ©rez vos sousciptions balado, et sychronisez-lez entre vos applis et appareils" }, - "version": "2.11.1~ynh3", + "version": "2.11.1~ynh5", "url": "https://github.com/gpodder/mygpo", "license": "AGPL-3.0-only", "maintainer": { diff --git a/scripts/_common.sh b/scripts/_common.sh index d9d72e1..055ffdd 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -10,6 +10,72 @@ pkg_dependencies="acl python3 python3-pip python3-venv postgresql postgresql-con # PERSONAL HELPERS #================================================= +function set_permissions { + mkdir -p $data_path + + env_path=$final_path/envs/prod + mkdir -p $env_path + + chown -R $app:$app $data_path + chmod o-rwx $data_path + setfacl -n -R -m u:www-data:rx -m d:u:www-data:rx $data_path + + chown -R root:$app $final_path + chmod -R g=u,g-w,o-rwx $final_path + setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path + setfacl -n -R -m user:www-data:- -m default:user:www-data:- $final_path/envs +} + +function set_up_virtualenv { + env_path=$final_path/envs/prod + mkdir -p $env_path + + pushd $final_path || ynh_die + chown -R $app:$app $final_path + sudo -u $app python3 -m venv $final_path/venv + sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U wheel pip --cache-dir $final_path/.cache/pip setuptools + sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements.txt + sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-setup.txt + sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-ynh.txt + set_permissions + popd || ynh_dies +} + +function initialize_db { + pushd $final_path || ynh_die + chown -R $app:$app $final_path + perform_db_migrations + sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py createsuperuser --username "$admin" --email "$admin_email" --noinput -v 0 + set_permissions + popd || ynh_die +} + +function upgrade_db { + pushd $final_path || ynh_die + chown -R $app:$app $final_path + perform_db_migrations + set_permissions + popd || ynh_die +} + +function perform_db_migrations { + sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py makemigrations + sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py migrate +} + +function get_app_settings { + domain=$(ynh_app_setting_get --app=$app --key=domain) + path_url=$(ynh_app_setting_get --app=$app --key=path) + final_path=$(ynh_app_setting_get --app=$app --key=final_path) + data_path=$(ynh_app_setting_get --app=$app --key=data_path) + admin=$(ynh_app_setting_get --app=$app --key=admin) + secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) + admin_email=$(ynh_user_get_info --username=$admin --key="mail") + db_name=$(ynh_app_setting_get --app=$app --key=db_name) + db_user="$db_name" + db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) +} + #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index d739d98..a01aa8b 100755 --- a/scripts/backup +++ b/scripts/backup @@ -25,16 +25,13 @@ ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) +get_app_settings #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= ynh_print_info --message="Declaring files to be backed up..." - #================================================= # BACKUP THE APP MAIN DIR #================================================= @@ -58,7 +55,7 @@ ynh_backup --src_path="/etc/systemd/system/$app.socket" #================================================= # BACKUP VARIOUS FILES #================================================= -ynh_backup --is_big --src_path="/home/yunohost.app/$app/" +ynh_backup --is_big --src_path="/home/yunohost.app/$app" #================================================= # BACKUP THE POSTGRESQL DATABASE diff --git a/scripts/change_url b/scripts/change_url index 4f143eb..4e84165 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -22,8 +22,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= ynh_script_progression --message="Loading installation settings..." --weight=1 -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) +get_app_settings #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP @@ -54,7 +53,7 @@ fi #================================================= # STANDARD MODIFICATIONS #================================================= -# STOP SYSTEMD SERVICE +# STOP SYSTEMD SERVICES #================================================= ynh_script_progression --message="Stopping systemd services..." --weight=1 @@ -87,10 +86,12 @@ echo $new_domain > $final_path/envs/prod/DEFAULT_BASE_URL echo "$app@$new_domain" > $final_path/envs/prod/DEFAULT_FROM_EMAIL echo "$app@$new_domain" > $final_path/envs/prod/SERVER_EMAIL +set_permissions + #================================================= # GENERIC FINALISATION #================================================= -# START SYSTEMD SERVICE +# START SYSTEMD SERVICES #================================================= ynh_script_progression --message="Starting systemd services..." --weight=1 diff --git a/scripts/install b/scripts/install index e92777a..fef2b4d 100755 --- a/scripts/install +++ b/scripts/install @@ -39,6 +39,9 @@ ynh_script_progression --message="Validating installation parameters..." --weigh final_path=/opt/yunohost/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" +data_path=/home/yunohost.app/$app +test ! -e "$data_path" || ynh_die --message="This path already contains a folder" + # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url @@ -50,7 +53,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin -ynh_app_setting_set --app=$app --key=admin_email --value=$admin_email ynh_app_setting_set --app=$app --key=random_key --value=$secret_key #================================================= @@ -62,6 +64,14 @@ ynh_script_progression --message="Installing dependencies..." --weight=3 ynh_install_app_dependencies $pkg_dependencies +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=1 + +# Create a q user +ynh_system_user_create --username=$app + #================================================= # CREATE A POSTGRESQL DATABASE #================================================= @@ -69,11 +79,9 @@ ynh_script_progression --message="Creating a PostgreSQL database..." db_name=$(ynh_sanitize_dbid --db_name=$app) db_user=$db_name -db_pwd=$(ynh_string_random --length=30) ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd ynh_psql_test_if_first_run -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd +ynh_psql_setup_db --db_user=$db_user --db_name=$db_name ynh_psql_execute_as_root --sql="ALTER ROLE $db_user SET statement_timeout = 5000;" --database=$db_name #================================================= @@ -82,9 +90,12 @@ ynh_psql_execute_as_root --sql="ALTER ROLE $db_user SET statement_timeout = 5000 ynh_script_progression --message="Setting up source files..." --weight=1 ynh_app_setting_set --app=$app --key=final_path --value=$final_path +ynh_app_setting_set --app=$app --key=data_path --value=$data_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +set_permissions + #================================================= # NGINX CONFIGURATION #================================================= @@ -93,43 +104,13 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a q user -ynh_system_user_create --username=$app - #================================================= # SPECIFIC SETUP -#================================================= -# CREATE THE DATA DIRECTORY -#================================================= -ynh_script_progression --message="Creating the data directory..." - -# Define app's data directory -datadir="/home/yunohost.app/${app}" -mkdir $datadir - -ynh_app_setting_set --app=$app --key=datadir --value="$datadir" - -# Give permission to the datadir -chown -R $app:$app $datadir -chmod o-rwx $datadir -setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $datadir - -ynh_app_setting_set --app=$app --key=datadir --value="$datadir" - #================================================= # ENVDIR CONFIGURATION #================================================= ynh_script_progression --message="Building configuration..." --weight=1 -env_path=$final_path/envs/prod - -mkdir -p $env_path - echo "$admin <$admin_email>" > $env_path/ADMINS echo "None" > $env_path/BROKER_POOL_LIMIT echo "redis://localhost:6379" > $env_path/BROKER_URL @@ -138,7 +119,7 @@ echo False > $env_path/DEBUG echo $domain > $env_path/DEFAULT_BASE_URL echo "$app@$domain" > $env_path/DEFAULT_FROM_EMAIL echo "django.core.mail.backends.console.EmailBackend" > $env_path/EMAIL_BACKEND -echo "$datadir" > $env_path/MEDIA_ROOT +echo "$data_path" > $env_path/MEDIA_ROOT echo $secret_key > $env_path/SECRET_KEY echo "$app@$domain" > $env_path/SERVER_EMAIL echo $staff_token > $env_path/STAFF_TOKEN @@ -148,26 +129,12 @@ echo $staff_token > $env_path/STAFF_TOKEN #================================================= ynh_script_progression --message="Initializing Python virtualenv..." --weight=20 -pushd $final_path || ynh_die - chown -R $app:$app $final_path - sudo -u $app python3 -m venv $final_path/venv - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U wheel pip --cache-dir $final_path/.cache/pip setuptools - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements.txt - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-setup.txt - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-ynh.txt - chown -R root:root $final_path -popd || ynh_die +set_up_virtualenv #================================================= # INITIALIZE DATABASE #================================================= -pushd $final_path || ynh_die - chown -R $app:$app $final_path - sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py makemigrations - sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py migrate - sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py createsuperuser --username "$admin" --email "$admin_email" --noinput -v 0 - chown -R root:root $final_path -popd || ynh_die +initialize_db #================================================= # SETUP SYSTEMD @@ -185,15 +152,6 @@ systemctl daemon-reload --quiet #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -# Set permissions to app files -chown -R root:$app $final_path -chmod -R g=u,g-w,o-rwx $final_path -setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path -setfacl -n -R -m user:www-data:- -m default:user:www-data:- $final_path/envs - #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= diff --git a/scripts/remove b/scripts/remove index fd67bed..49d1143 100755 --- a/scripts/remove +++ b/scripts/remove @@ -15,11 +15,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) +get_app_settings #================================================= # STANDARD REMOVE @@ -48,6 +44,7 @@ systemctl daemon-reload --quiet ynh_remove_systemd_config ynh_remove_systemd_config -s $app-celery ynh_remove_systemd_config -s $app-beat + #================================================= # REMOVE THE POSTGRESQL DATABASE #================================================= @@ -87,10 +84,10 @@ ynh_remove_nginx_config #================================================= # Remove the log files -ynh_secure_remove --file="/var/log/$app/" +ynh_secure_remove --file="/var/log/$app" # Remove data dir -ynh_secure_remove --file="$datadir" +ynh_secure_remove --file="$data_path" #================================================= # GENERIC FINALIZATION diff --git a/scripts/restore b/scripts/restore index c4bb4c2..617b42a 100755 --- a/scripts/restore +++ b/scripts/restore @@ -25,12 +25,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user="$db_name" -datadir=$(ynh_app_setting_get --app=$app --key=datadir) +get_app_settings #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -42,6 +37,9 @@ ynh_webpath_available --domain=$domain --path_url=$path_url \ test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " +test ! -d $data_path \ + || ynh_die --message="There is already a directory: $data_path " + #================================================= # STANDARD RESTORATION STEPS #================================================= @@ -49,13 +47,6 @@ test ! -d $final_path \ #================================================= ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RESTORE THE APP MAIN DIR -#================================================= -ynh_script_progression --message="Restoring the app main directory..." --weight=1 - -ynh_restore_file --origin_path="$final_path" - #================================================= # RECREATE THE DEDICATED USER #================================================= @@ -64,12 +55,19 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei # Create the dedicated user (if not existing) ynh_system_user_create --username=$app +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= +ynh_script_progression --message="Restoring the app main directory..." --weight=1 + +ynh_restore_file --origin_path="$final_path" + #================================================= # RESTORE DATA DIR #================================================= ynh_script_progression --message="Restoring the app data directory..." -ynh_restore_file --origin_path="$datadir" --not_mandatory +ynh_restore_file --origin_path="$data_path" --not_mandatory #================================================= # REINSTALL DEPENDENCIES @@ -83,13 +81,7 @@ ynh_install_app_dependencies $pkg_dependencies # RESTORE USER RIGHTS #================================================= # Restore permissions on app files -chown -R root:$app $final_path -chmod -R g=u,g-w,o-rwx $final_path -setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path -setfacl -n -R -m user:www-data:- -m default:user:www-data:- $final_path/envs -chown -R $app:$app $datadir -chmod o-rwx $datadir -setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $datadir +set_permissions #================================================= # SPECIFIC RESTORATION @@ -99,7 +91,7 @@ setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $datadir ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1 ynh_psql_test_if_first_run -db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) +db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql diff --git a/scripts/upgrade b/scripts/upgrade index d6624f3..11d1838 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -15,16 +15,26 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) +get_app_settings #================================================= # CHECK VERSION #================================================= upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 + +if [ -z "$data_path" ]; then + data_path=$(ynh_app_setting_get --app=$app --key=datadir) + ynh_app_setting_set --app=$app --key=data_path --value=$data_path + ynh_app_setting_delete --app=$app --key=datadir + ynh_app_setting_delete --app=$app --key=db_pwd + ynh_app_setting_delete --app=$app --key=admin_email +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -42,7 +52,7 @@ ynh_abort_if_errors #================================================= # STANDARD UPGRADE STEPS #================================================= -# STOP SYSTEMD SERVICE +# STOP SYSTEMD SERVICES #================================================= ynh_script_progression --message="Stopping systemd services..." --weight=1 @@ -56,6 +66,13 @@ systemctl disable $app --quiet systemctl disable $app-beat --quiet systemctl disable $app-celery --quiet +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --weight=1 + +ynh_install_app_dependencies $pkg_dependencies + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -67,6 +84,8 @@ then ynh_setup_source --dest_dir="$final_path" fi +set_permissions + #================================================= # NGINX CONFIGURATION #================================================= @@ -75,13 +94,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=1 - -ynh_install_app_dependencies $pkg_dependencies - #================================================= # CREATE DEDICATED USER #================================================= @@ -97,30 +109,14 @@ ynh_system_user_create --username=$app #================================================= ynh_script_progression --message="Upgrading Python virtualenv..." --weight=2 -env_path=$final_path/envs/prod -mkdir -p $env_path - -pushd $final_path || ynh_die - chown -R $app:$app $final_path - sudo -u $app python3 -m venv $final_path/venv - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U wheel pip --cache-dir $final_path/.cache/pip setuptools - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements.txt - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-setup.txt - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-ynh.txt - chown -R root:root $final_path -popd || ynh_die +set_up_virtualenv #================================================= # PERFORM DATABASE MIGRATIONS #================================================= ynh_script_progression --message="Performing database migrations..." --weight=2 -pushd $final_path || ynh_die - chown -R $app:$app $final_path - sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py makemigrations - sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py migrate - chown -R root:root $final_path -popd || ynh_die +upgrade_db #================================================= # SETUP SYSTEMD @@ -138,19 +134,6 @@ systemctl daemon-reload --quiet #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions on app files -chown -R root:$app $final_path -chmod -R g=u,g-w,o-rwx $final_path -setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path -setfacl -n -R -m user:www-data:- -m default:user:www-data:- $final_path/envs -chown -R $app:$app $datadir -chmod o-rwx $datadir -setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $datadir - #================================================= # INTEGRATE SERVICE IN YUNOHOST #=================================================