Fix missing helpers and fail2ban configuration

scripts/_common.sh

@@ -191,6 +191,51 @@ ynh_remove_logrotate () {
 		sudo rm "/etc/logrotate.d/$app"
 	fi
 }
+# Calculate and store a file checksum into the app settings
+#
+# $app should be defined when calling this helper
+#
+# usage: ynh_store_file_checksum file
+# | arg: file - The file on which the checksum will performed, then stored.
+ynh_store_file_checksum () {
+	local checksum_setting_name=checksum_${1//[\/ ]/_}	# Replace all '/' and ' ' by '_'
+	ynh_app_setting_set $app $checksum_setting_name $(sudo md5sum "$1" | cut -d' ' -f1)
+}
+
+# Verify the checksum and backup the file if it's different
+# This helper is primarily meant to allow to easily backup personalised/manually 
+# modified config files.
+#
+# $app should be defined when calling this helper
+#
+# usage: ynh_backup_if_checksum_is_different file [compress]
+# | arg: file - The file on which the checksum test will be perfomed.
+# | arg: compress - 1 to compress the backup instead of a simple copy
+# A compression is needed for a file which will be analyzed even if its name is different.
+#
+# | ret: Return the name a the backup file, or nothing
+ynh_backup_if_checksum_is_different () {
+	local file=$1
+	local compress_backup=${2:-0}	# If $2 is empty, compress_backup will set at 0
+	local checksum_setting_name=checksum_${file//[\/ ]/_}	# Replace all '/' and ' ' by '_'
+	local checksum_value=$(ynh_app_setting_get $app $checksum_setting_name)
+	if [ -n "$checksum_value" ]
+	then	# Proceed only if a value was stored into the app settings
+		if ! echo "$checksum_value $file" | sudo md5sum -c --status
+		then	# If the checksum is now different
+			backup_file="$file.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')"
+			if [ $compress_backup -eq 1 ]
+			then
+				sudo tar --create --gzip --file "$backup_file.tar.gz" "$file"	# Backup the current file and compress
+				backup_file="$backup_file.tar.gz"
+			else
+				sudo cp -a "$file" "$backup_file"	# Backup the current file
+			fi
+			echo "File $file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_file" >&2
+			echo "$backup_file"	# Return the name of the backup file
+		fi
+	fi
+}
 
 ynh_add_fail2ban_config () {
    # Process parameters
@@ -207,7 +252,7 @@ ynh_add_fail2ban_config () {
 	ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1
 	ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1
   
-  echo | sudo tee $finalfail2banjailconf <<EOF
+  sudo tee $finalfail2banjailconf <<EOF
 [$app]
 enabled = true
 port = $ports
@@ -216,7 +261,7 @@ logpath = $logpath
 maxretry = $max_retry" 
 EOF
 
-  echo | sudo tee $finalfail2banfilterconf <<EOF
+  sudo tee $finalfail2banfilterconf <<EOF
 [INCLUDES]
 before = common.conf
 [Definition]
@@ -238,3 +283,4 @@ ynh_remove_fail2ban_config () {
   ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
 	sudo systemctl restart fail2ban
 }
+

scripts/install

@@ -177,7 +177,7 @@ ynh_app_setting_set "$app" skipped_regex \
 
 
 # Set-up fail2ban
-ynh_add_fail2ban_config "/var/log/${app}FailedLogins.log" "ip=<HOST>" 4
+ynh_add_fail2ban_config "/home/yunohost.app/nextcloud/data/nextcloud.log" "^.*Login failed: '.*' \(Remote IP: '<HOST>'.*$"
 
 # Reload services
 sudo service php5-fpm restart || true

scripts/upgrade

@@ -211,7 +211,7 @@ ynh_app_setting_set "$real_app" skipped_regex \
     "$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*"
     
 # Set-up fail2ban
-ynh_add_fail2ban_config "/var/log/${app}FailedLogins.log" "ip=<HOST>" 6
+ynh_add_fail2ban_config "/home/yunohost.app/nextcloud/data/nextcloud.log" "^.*Login failed: '.*' \(Remote IP: '<HOST>'.*$"
 
 # Reload services
 sudo service php5-fpm restart || true