mirror of
https://github.com/YunoHost-Apps/mygpo_ynh.git
synced 2024-09-03 19:55:52 +02:00
eff624b855
We don't want to give code from the internet that hasn't been reviewed more privileges than it needs
248 lines
10 KiB
Bash
Executable file
248 lines
10 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
source _common.sh
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# MANAGE SCRIPT FAILURE
|
|
#=================================================
|
|
ynh_clean_setup () {
|
|
true
|
|
}
|
|
# Exit if an error occurs during the execution of the script
|
|
ynh_abort_if_errors
|
|
|
|
#=================================================
|
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
|
#=================================================
|
|
|
|
domain=$YNH_APP_ARG_DOMAIN
|
|
path_url="/"
|
|
admin=$YNH_APP_ARG_ADMIN
|
|
is_public=$YNH_APP_ARG_IS_PUBLIC
|
|
admin_email=$(ynh_user_get_info --username=$admin --key="mail")
|
|
secret_key=$(ynh_string_random --length=64)
|
|
staff_token=$(ynh_string_random --length=64)
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
|
|
#=================================================
|
|
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
|
#=================================================
|
|
ynh_script_progression --message="Validating installation parameters..." --weight=1
|
|
|
|
final_path=/opt/yunohost/$app
|
|
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
|
|
|
|
# Register (book) web path
|
|
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
|
|
|
|
#=================================================
|
|
# STORE SETTINGS FROM MANIFEST
|
|
#=================================================
|
|
ynh_script_progression --message="Storing installation settings..." --weight=1
|
|
|
|
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
|
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
|
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
|
ynh_app_setting_set --app=$app --key=admin_email --value=$admin_email
|
|
ynh_app_setting_set --app=$app --key=random_key --value=$secret_key
|
|
|
|
#=================================================
|
|
# STANDARD MODIFICATIONS
|
|
#=================================================
|
|
# INSTALL DEPENDENCIES
|
|
#=================================================
|
|
ynh_script_progression --message="Installing dependencies..." --weight=3
|
|
|
|
ynh_install_app_dependencies $pkg_dependencies
|
|
|
|
#=================================================
|
|
# CREATE A POSTGRESQL DATABASE
|
|
#=================================================
|
|
ynh_script_progression --message="Creating a PostgreSQL database..."
|
|
|
|
db_name=$(ynh_sanitize_dbid --db_name=$app)
|
|
db_user=$db_name
|
|
db_pwd=$(ynh_string_random --length=30)
|
|
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
|
|
ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
|
|
ynh_psql_test_if_first_run
|
|
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
|
|
ynh_psql_execute_as_root --sql="ALTER ROLE $db_user SET statement_timeout = 5000;" --database=$db_name
|
|
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
ynh_script_progression --message="Setting up source files..." --weight=1
|
|
|
|
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
|
# Download, check integrity, uncompress and patch the source from app.src
|
|
ynh_setup_source --dest_dir="$final_path"
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
|
|
|
|
# Create a dedicated NGINX config
|
|
ynh_add_nginx_config
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring system user..." --weight=1
|
|
|
|
# Create a q user
|
|
ynh_system_user_create --username=$app
|
|
|
|
#=================================================
|
|
# SPECIFIC SETUP
|
|
#=================================================
|
|
# CREATE THE DATA DIRECTORY
|
|
#=================================================
|
|
ynh_script_progression --message="Creating the data directory..."
|
|
|
|
# Define app's data directory
|
|
datadir="/home/yunohost.app/${app}"
|
|
mkdir $datadir
|
|
|
|
ynh_app_setting_set --app=$app --key=datadir --value="$datadir"
|
|
|
|
# Give permission to the datadir
|
|
chown -R $app:$app $datadir
|
|
chmod o-rwx $datadir
|
|
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $datadir
|
|
|
|
|
|
ynh_app_setting_set --app=$app --key=datadir --value="$datadir"
|
|
|
|
#=================================================
|
|
# ENVDIR CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Building configuration..." --weight=1
|
|
|
|
env_path=$final_path/envs/prod
|
|
|
|
mkdir -p $env_path
|
|
|
|
echo "$admin <$admin_email>" > $env_path/ADMINS
|
|
echo "None" > $env_path/BROKER_POOL_LIMIT
|
|
echo "redis://localhost:6379" > $env_path/BROKER_URL
|
|
echo "postgres://$db_user:$db_pwd@localhost:5432/$db_name" > $env_path/DATABASE_URL
|
|
echo False > $env_path/DEBUG
|
|
echo $domain > $env_path/DEFAULT_BASE_URL
|
|
echo "$app@$domain" > $env_path/DEFAULT_FROM_EMAIL
|
|
echo "django.core.mail.backends.console.EmailBackend" > $env_path/EMAIL_BACKEND
|
|
echo "$datadir" > $env_path/MEDIA_ROOT
|
|
echo $secret_key > $env_path/SECRET_KEY
|
|
echo "$app@$domain" > $env_path/SERVER_EMAIL
|
|
echo $staff_token > $env_path/STAFF_TOKEN
|
|
|
|
#=================================================
|
|
# SET UP VIRTUALENV
|
|
#=================================================
|
|
ynh_script_progression --message="Initializing Python virtualenv..." --weight=20
|
|
|
|
pushd $final_path || ynh_die
|
|
chown -R $app:$app $final_path
|
|
sudo -u $app python3 -m venv $final_path/venv
|
|
sudo -u $app $final_path/venv/bin/python -m pip install -U wheel pip setuptools
|
|
sudo -u $app $final_path/venv/bin/python -m pip install -U --requirement $final_path/requirements.txt
|
|
sudo -u $app $final_path/venv/bin/python -m pip install -U --requirement $final_path/requirements-setup.txt
|
|
sudo -u $app $final_path/venv/bin/python -m pip install -U --requirement $final_path/requirements-ynh.txt
|
|
chown -R root:root $final_path
|
|
popd || ynh_die
|
|
|
|
#=================================================
|
|
# INITIALIZE DATABASE
|
|
#=================================================
|
|
pushd $final_path || ynh_die
|
|
chown -R root:$app $final_path
|
|
sudo -u $app $final_path/venv/bin/envdir $env_path python3 $final_path/manage.py makemigrations
|
|
sudo -u $app $final_path/venv/bin/envdir $env_path python3 $final_path/manage.py migrate
|
|
sudo -u $app $final_path/venv/bin/envdir $env_path python3 $final_path/manage.py createsuperuser --username "$admin" --email "$admin_email" --noinput -v 0
|
|
chown -R root:root $final_path
|
|
popd || ynh_die
|
|
|
|
#=================================================
|
|
# SETUP SYSTEMD
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring systemd services..." --weight=1
|
|
|
|
# Create a dedicated systemd config
|
|
ynh_add_systemd_config
|
|
ynh_add_systemd_config --service="$app-socket" --template systemd.socket
|
|
ynh_add_systemd_config --service="$app-celery" --template systemd-celery.service
|
|
ynh_add_systemd_config --service="$app-beat" --template systemd-beat.service
|
|
systemctl disable "$app-socket.service" --quiet
|
|
mv "/etc/systemd/system/$app-socket.service" "/etc/systemd/system/$app.socket"
|
|
systemctl daemon-reload --quiet
|
|
|
|
#=================================================
|
|
# GENERIC FINALIZATION
|
|
#=================================================
|
|
# SECURE FILES AND DIRECTORIES
|
|
#=================================================
|
|
# Set permissions to app files
|
|
chown -R root:$app $final_path
|
|
chmod -R o-rwx $final_path
|
|
chmod -R g-w $final_path
|
|
setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path
|
|
setfacl -n -R -m user:www-data:- -m default:user:www-data:- $final_path/envs
|
|
|
|
#=================================================
|
|
# INTEGRATE SERVICE IN YUNOHOST
|
|
#=================================================
|
|
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
|
|
|
|
yunohost service add $app --description="Manage podcast subscriptions, and sync them between apps and devices" --log="/var/log/$app/$app.log"
|
|
|
|
#=================================================
|
|
# START SYSTEMD SERVICE
|
|
#=================================================
|
|
ynh_script_progression --message="Starting systemd services..." --weight=1
|
|
|
|
# Start systemd services
|
|
ynh_systemd_action --service_name=$app-celery --action="start" --log_path="/var/log/$app/$app.log"
|
|
ynh_systemd_action --service_name=$app-beat --action="start" --log_path="/var/log/$app/$app.log"
|
|
ynh_systemd_action --service_name=$app.socket --action="start" --log_path="/var/log/$app/$app.log"
|
|
|
|
#=================================================
|
|
# SETUP SSOWAT
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring permissions..." --weight=1
|
|
|
|
# Everyone can access to the api part
|
|
# We don't want to display the tile in the sso so we put --show_tile="false"
|
|
# And we don't want that the YunoHost Admin can remove visitors group to this permission, so we put --protected="true"
|
|
ynh_permission_create --permission="api" --url="/api" -A "/clientconfig.json" "/subscriptions" "/suggestions" --allowed="visitors" --show_tile="false" --protected="true"
|
|
ynh_permission_create --permission="api-noauth" --url="/toplist" -A "/api/2/data" "/api/2/tag" "/api/2/tags" "/search.opml" "/search.json" "/search.jsonp" "/search.txt" "/search.xml" "/toplist.opml" --show_tile="false"
|
|
ynh_permission_create --permission="api-lists" --url="/api/2/lists" --show_tile="false"
|
|
|
|
# Make app public if necessary
|
|
if [ $is_public -eq 1 ]
|
|
then
|
|
# Everyone can access the app.
|
|
# The "main" permission is automatically created before the install script.
|
|
ynh_permission_update --permission="main" --add="visitors"
|
|
ynh_permission_update --permission="api-noauth" --add="visitors"
|
|
ynh_permission_update --permission="api-lists" --add="visitors"
|
|
fi
|
|
|
|
#=================================================
|
|
# RELOAD NGINX
|
|
#=================================================
|
|
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
|
|
|
|
ynh_systemd_action --service_name=nginx --action=reload
|
|
|
|
#=================================================
|
|
# END OF SCRIPT
|
|
#=================================================
|
|
ynh_script_progression --message="Installation of $app completed" --last
|