diff --git a/.gitignore b/.gitignore index 783a4ae..52ffdbe 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ *~ *.sw[op] +.DS_Store \ No newline at end of file diff --git a/conf/.env b/conf/.env index da540cf..96efe5e 100644 --- a/conf/.env +++ b/conf/.env @@ -10,11 +10,11 @@ # Generate a hex-encoded 32-byte random key. You should use `openssl rand -hex 32` # in your terminal to generate a random value. -SECRET_KEY=53b654d84c820573dc19e86d09c4c47d44c17b32055154a0cbc75efc5aee00fb +SECRET_KEY=__SECRET_KEY__ # Generate a unique random key. The format is not important but you could still use # `openssl rand -hex 32` in your terminal to produce this. -UTILS_SECRET=7cbd5fbf647a8f85f06560c6dad74d2eee21fd4e1889f91dabb7dd873c7428be +UTILS_SECRET=__UTILS_SECRET__ # For production point these at your databases, in development the default # should work out of the box. @@ -36,11 +36,11 @@ PORT=__PORT__ # A more detailed guide on setting up S3 is available here: # => https://wiki.generaloutline.com/share/125de1cc-9ff6-424b-8415-0d58c809a40f # -AWS_ACCESS_KEY_ID=get_a_key_from_aws -AWS_SECRET_ACCESS_KEY=get_the_secret_of_above_key -AWS_REGION=xx-xxxx -AWS_S3_UPLOAD_BUCKET_URL=http://s3:4569 -AWS_S3_UPLOAD_BUCKET_NAME=bucket_name_here +AWS_ACCESS_KEY_ID=__MINIO_ID__ +AWS_SECRET_ACCESS_KEY=__MINIO_KEY__ +AWS_REGION=fr-ynh-1 +AWS_S3_UPLOAD_BUCKET_URL=https://__MINIO_DOMAIN__ +AWS_S3_UPLOAD_BUCKET_NAME=outlinestorage AWS_S3_UPLOAD_MAX_SIZE=26214400 AWS_S3_FORCE_PATH_STYLE=true AWS_S3_ACL=private @@ -57,8 +57,8 @@ AWS_S3_ACL=private # # When configuring the Client ID, add a redirect URL under "OAuth & Permissions": # https:///auth/slack.callback -SLACK_KEY=__SLACKKEY__ -SLACK_SECRET=__SLACKSECRET__ +SLACK_KEY=__SLACK_KEY__ +SLACK_SECRET=__SLACK_SECRET__ # To configure Google auth, you'll need to create an OAuth Client ID at # => https://console.cloud.google.com/apis/credentials @@ -139,18 +139,18 @@ SENTRY_DSN= # To support sending outgoing transactional emails such as "document updated" or # "you've been invited" you'll need to provide authentication for an SMTP server -SMTP_HOST= -SMTP_PORT= -SMTP_USERNAME= -SMTP_PASSWORD= -SMTP_FROM_EMAIL= -SMTP_REPLY_EMAIL= -SMTP_TLS_CIPHERS= -SMTP_SECURE=true +SMTP_HOST='localhost' +SMTP_PORT='25' +SMTP_USERNAME='' +SMTP_PASSWORD='' +SMTP_FROM_EMAIL='__APP__@__DOMAIN__' +SMTP_REPLY_EMAIL='webmaster@__DOMAIN__' +SMTP_TLS_CIPHERS='' +SMTP_SECURE='true' # Custom logo that displays on the authentication screen, scaled to height: 60px # TEAM_LOGO=https://example.com/images/logo.png # The default interface language. See translate.getoutline.com for a list of # available language codes and their rough percentage translated. -DEFAULT_LANGUAGE=en_US +DEFAULT_LANGUAGE=__LANGUAGE_KEY__ diff --git a/conf/mc.src b/conf/mc.src new file mode 100644 index 0000000..8f12cdd --- /dev/null +++ b/conf/mc.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://dl.min.io/client/mc/release/linux-amd64/archive/mc.RELEASE.2021-11-05T10-05-06Z +SOURCE_SUM=9f5ad72fd93678f9f756c6da34a8d4d1e61f7356a96ee327c652ad765975d2b2 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT= +SOURCE_IN_SUBDIR=false +SOURCE_FILENAME=mc +SOURCE_EXTRACT=false diff --git a/conf/nginx.conf b/conf/nginx.conf index a2fab1e..2967bbf 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -12,7 +12,7 @@ location / { proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; - + client_max_body_size 200M; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; diff --git a/manifest.json b/manifest.json index 0a445ba..a4ab01b 100644 --- a/manifest.json +++ b/manifest.json @@ -46,15 +46,22 @@ "fr": "Choisissez la langue de l'application" }, "choices": ["fr", "en"], - "default": "fr" + "default": "en" }, { - "name": "slackkey", - "type": "string" + "name": "slack_key", + "type": "string", + "ask": "Slack Client ID (from https://api.slack.com/apps)" }, { - "name": "slacksecret", - "type": "string" + "name": "slack_secret", + "type": "string", + "ask": "Slack Client Secret (from https://api.slack.com/apps)" + }, + { + "name": "minio_domain", + "type": "domain", + "ask": "Domain for MinIO app (if not yet installed, it will automatically be). Please note that this domain has to be free from any app" } ] } diff --git a/scripts/install b/scripts/install index 8ca9c52..edf00cb 100755 --- a/scripts/install +++ b/scripts/install @@ -27,22 +27,43 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url="/" #$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC -language=$YNH_APP_ARG_LANGUAGE -slackkey=$YNH_APP_ARG_SLACKKEY -slacksecret=$YNH_APP_ARG_SLACKSECRET -### If it's a multi-instance app, meaning it can be installed several times independently -### The id of the app as stated in the manifest is available as $YNH_APP_ID -### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...) -### The app instance name is available as $YNH_APP_INSTANCE_NAME -### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -### - ynhexample__{N} for the subsequent installations, with N=3,4... -### The app instance name is probably what interests you most, since this is -### guaranteed to be unique. This is a good unique identifier to define installation path, -### db names... +language=$YNH_APP_ARG_LANGUAGE + +if [ $language == "fr" ]; then + language_key="fr_FR" + echo "French" +else + language_key="en_US" + echo "English" +fi + +secret_key=`openssl rand -hex 32` +utils_secret=`openssl rand -hex 32` + +slack_key=$YNH_APP_ARG_SLACK_KEY +slack_secret=$YNH_APP_ARG_SLACK_SECRET + app=$YNH_APP_INSTANCE_NAME +#================================================= +# CHECK IF MINIO IS INSTALLED, IF NOT INSTALL IT +#================================================= +ynh_script_progression --message="Installing MinIO if needed..." --time --weight=1 + +if ! yunohost app list | grep -q "id: minio"; then + echo "MinIO is not installed. Installing... " + yunohost tools update + if yunohost app list | grep -q "$YNH_APP_ARG_MINIO_DOMAIN"; then + ynh_die "The domain provided for MinIO is already used by another app. Please chose another one !" + fi + yunohost app install https://github.com/limezy/minio_ynh --force --args "domain=$YNH_APP_ARG_MINIO_DOMAIN&is_public=true&language=en" +fi + +minio_domain=$(ynh_app_setting_get --app="minio" --key=domain) +minio_id=$(ynh_app_setting_get --app="minio" --key=minio_id) +minio_key=$(ynh_app_setting_get --app="minio" --key=minio_key) + #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= @@ -51,6 +72,8 @@ ynh_script_progression --message="Validating installation parameters..." --time final_path=/opt/yunohost/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" +mc_path=$final_path/mc + # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url @@ -62,6 +85,8 @@ ynh_script_progression --message="Storing installation settings..." --time --wei ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=language --value=$language +ynh_app_setting_set --app=$app --key=secret_key --value=$secret_key +ynh_app_setting_set --app=$app --key=utils_secret --value=$utils_secret #================================================= # STANDARD MODIFICATIONS @@ -79,6 +104,13 @@ ynh_app_setting_set --app=$app --key=port --value=$port #================================================= ynh_script_progression --message="Installing dependencies..." --time --weight=1 +### SHOULD HAVE A CHECK FOR MINIO + INSTALLATION HERE +#if ! ynh_package_is_installed --package="minio" +#then +# yunohost tools update +# yunohost app install minio --force +#fi + # Install nodejs ynh_install_nodejs --nodejs_version=$NODEJS_VERSION @@ -121,6 +153,32 @@ chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" +#================================================= +# DOWNLOAD, CHECK AND UNPACK MINIO CLIENT +#================================================= +ynh_script_progression --message="Setting up MinIO client..." --time --weight=1 + +ynh_setup_source --dest_dir="$mc_path" --source_id=mc + +# FIXME: this should be managed by the core in the future +# Here, as a packager, you may have to tweak the ownerhsip/permissions +# such that the appropriate users (e.g. maybe www-data) can access +# files in some cases. +# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - +# this will be treated as a security issue. +chmod -R 750 "$mc_path" +chmod -R o-rwx "$mc_path" +chown -R $app:www-data "$mc_path" + +#================================================= +# SETUP MINIO BUCKET +#================================================= +ynh_script_progression --message="Setting up MinIO bucket for Outline..." --time --weight=1 + +$mc_path/mc alias set minio "https://$minio_domain" $minio_id $minio_key +$mc_path/mc mb minio/outlinestorage --region "fr-ynh-1" +$mc_path/mc policy set public minio/outlinestorage + #================================================= # NGINX CONFIGURATION #================================================= @@ -129,16 +187,24 @@ ynh_script_progression --message="Configuring NGINX web server..." --time --weig # Create a dedicated NGINX config ynh_add_nginx_config + #================================================= # BUILD YARN DEPENDENCIES #================================================= -ynh_script_progression --message="Building Yarn dependencies..." +ynh_script_progression --message="Building Yarn dependencies... This can be very long, be patient !" --time --weight=10 pushd "$final_path" ynh_use_nodejs - ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn install --frozen-lockfile + ynh_script_progression --message="Fetching Yarn dev dependencies... This can be very long, be patient !" --time --weight=5 + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn install --no-optional --frozen-lockfile + ynh_script_progression --message="Cleaning cache... " --time --weight=1 ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn cache clean + ynh_script_progression --message="Building Yarn dev dependencies... This can be very long, be patient !" --time --weight=5 ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn build + ynh_script_progression --message="Fetching Yarn production dependencies... This can be very long, be patient !" --time --weight=5 + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn install --production=true --frozen-lockfile + ynh_script_progression --message="Cleaning cache... " --time --weight=1 + ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn cache clean popd #=================================================