diff --git a/check_process b/check_process index 5e8d872..954e403 100644 --- a/check_process +++ b/check_process @@ -13,7 +13,7 @@ setup_root=1 setup_nourl=0 setup_private=1 - setup_public=0 + setup_public=1 upgrade=1 upgrade=0 from_commit=CommitHash backup_restore=1 diff --git a/conf/app.src b/conf/app.src index 08ba4f9..eacaec9 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/paperless-ngx/paperless-ngx/releases/download/ngx-1.6.0/paperless-ngx-1.6.0.tar.xz -SOURCE_SUM=f4971abf258382fb171a8d11f4c6181ca03b42334deb6d9305a04ea8f8eab91e +SOURCE_URL=https://github.com/paperless-ngx/paperless-ngx/releases/download/v1.11.0/paperless-ngx-v1.11.0.tar.xz +SOURCE_SUM=6b175daf2b9c7411b9a63f747ad62661c9733d87072c16a494394a189d2e240f SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/nginx.conf b/conf/nginx.conf index dba1943..fe3f78e 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -13,6 +13,8 @@ location __PATH__/ { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; + client_max_body_size 25M; + # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; } diff --git a/conf/paperless.conf.example b/conf/paperless.conf.example index bd8cc8b..282872d 100644 --- a/conf/paperless.conf.example +++ b/conf/paperless.conf.example @@ -3,11 +3,11 @@ # Debug. Only enable this for development. -#PAPERLESS_DEBUG=false +PAPERLESS_DEBUG=false # Required services -PAPERLESS_REDIS=redis://localhost:6379 +PAPERLESS_REDIS=redis://localhost:6379/__REDIS_DB__ PAPERLESS_DBHOST=localhost PAPERLESS_DBPORT=5432 @@ -18,15 +18,17 @@ PAPERLESS_DBPASS=__DB_PWD__ # Paths and folders -PAPERLESS_CONSUMPTION_DIR=__DATA_DIR__/consume -PAPERLESS_DATA_DIR=__DATA_DIR__/data +PAPERLESS_SCRATCH_DIR=/tmp/__APP__ +PAPERLESS_CONSUMPTION_DIR=__DATADIR__/consume +PAPERLESS_DATA_DIR=__DATADIR__/data #PAPERLESS_TRASH_DIR= -PAPERLESS_MEDIA_ROOT=__DATA_DIR__/media +PAPERLESS_MEDIA_ROOT=__DATADIR__/media #PAPERLESS_STATICDIR=../static #PAPERLESS_FILENAME_FORMAT= # Security and hosting +PAPERLESS_URL=https://__DOMAIN__ PAPERLESS_SECRET_KEY=__PAPERLESS_SECRET_KEY__ PAPERLESS_ALLOWED_HOSTS=__DOMAIN__ PAPERLESS_CORS_ALLOWED_HOSTS=https://__DOMAIN__ @@ -38,7 +40,7 @@ PAPERLESS_CORS_ALLOWED_HOSTS=https://__DOMAIN__ # OCR settings -PAPERLESS_OCR_LANGUAGE=eng+fra +PAPERLESS_OCR_LANGUAGE=eng #PAPERLESS_OCR_MODE=skip #PAPERLESS_OCR_OUTPUT_TYPE=pdfa #PAPERLESS_OCR_PAGES=1 @@ -84,4 +86,3 @@ PAPERLESS_CONSUMER_IGNORE_PATTERNS=[".DS_STORE/*", "._*", ".stfolder/*", ".*"] # YunoHost tweaks PAPERLESS_LOGOUT_REDIRECT_URL=https://__MAIN_DOMAIN__/yunohost/sso/?action=logout -PAPERLESS_PORT=__PORT__ diff --git a/conf/systemd-consumer.service b/conf/systemd-consumer.service new file mode 100644 index 0000000..f3f4d06 --- /dev/null +++ b/conf/systemd-consumer.service @@ -0,0 +1,43 @@ +[Unit] +Description=Paperless consumer +Requires=redis.service + +[Service] +Type=simple +User=__APP__ +Group=__APP__ +WorkingDirectory=__FINALPATH__/src/ +ExecStart=__FINALPATH__/venv/bin/python3 manage.py document_consumer +StandardOutput=append:/var/log/__APP__/__APP__-consumer.log +StandardError=inherit + +# Sandboxing options to harden security +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + +[Install] +WantedBy=multi-user.target diff --git a/conf/systemd-scheduler.service b/conf/systemd-scheduler.service new file mode 100644 index 0000000..1bc4d39 --- /dev/null +++ b/conf/systemd-scheduler.service @@ -0,0 +1,43 @@ +[Unit] +Description=Paperless scheduler +Requires=redis.service + +[Service] +Type=simple +User=__APP__ +Group=__APP__ +WorkingDirectory=__FINALPATH__/src/ +ExecStart=__FINALPATH__/venv/bin/celery --app paperless beat --loglevel INFO +StandardOutput=append:/var/log/__APP__/__APP__-scheduler.log +StandardError=inherit + +# Sandboxing options to harden security +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + +[Install] +WantedBy=multi-user.target diff --git a/conf/systemd-task-queue.service b/conf/systemd-task-queue.service new file mode 100644 index 0000000..ea6d556 --- /dev/null +++ b/conf/systemd-task-queue.service @@ -0,0 +1,44 @@ +[Unit] +Description=Paperless task-queue +Requires=redis.service + +[Service] +Type=simple +User=__APP__ +Group=__APP__ +WorkingDirectory=__FINALPATH__/src/ +ExecStart=__FINALPATH__/venv/bin/celery --app paperless worker --loglevel INFO +StandardOutput=append:/var/log/__APP__/__APP__-task-queue.log +StandardError=inherit + +# Sandboxing options to harden security +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +#PrivateTmp - Must be disabled for full functionality +#PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + +[Install] +WantedBy=multi-user.target diff --git a/conf/systemd.service b/conf/systemd.service index 604c84b..636126f 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,22 +1,23 @@ [Unit] -Description=Scan, index and archive all your physical documents +Description=Paperless webserver After=network.target +Wants=network.target +Requires=redis.service [Service] Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/ -ExecStart=__FINALPATH__/venv/bin/python3 manage.py runserver +WorkingDirectory=__FINALPATH__/src/ +ExecStart=__FINALPATH__/venv/bin/uvicorn --port=__PORT__ --log-level=warning paperless.asgi:application StandardOutput=append:/var/log/__APP__/__APP__.log StandardError=inherit # Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html NoNewPrivileges=yes -PrivateTmp=yes +#PrivateTmp - Must be disabled for full functionality +#PrivateTmp=yes PrivateDevices=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 RestrictNamespaces=yes diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 912eca6..45eb9f5 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -1,2 +1,13 @@ * This app require a dedicated domain. -* There no LDAP or SSO. ⚠️ The admin user will recieve a mail after the installation. +* There is no LDAP or SSO support. + +* Paperless is performing OCR on documents and images. English is installed by default. More languages can be installed: + * Display a list of all Tesseract language packs `apt-cache search tesseract-ocr` + * Install additional language packs + * Example for french `sudo apt-get install tesseract-ocr-fra` + * Example for german `sudo apt-get install tesseract-ocr-deu` + * Modify config to add new languages + * Open config-panel: https://my-domain.tld/yunohost/admin/#/apps/$app_id/config-panel + * You can combine multiple languages like this: + * One language: eng + * Two languages: eng+fra diff --git a/doc/screenshots/documents-wchrome-dark.png b/doc/screenshots/documents-wchrome-dark.png index 868d1af..51bd617 100644 Binary files a/doc/screenshots/documents-wchrome-dark.png and b/doc/screenshots/documents-wchrome-dark.png differ diff --git a/manifest.json b/manifest.json index c729a06..00c3583 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Scan, index and archive all your physical documents", "fr": "Scannez, triez et archivez tous vos documents papiers" }, - "version": "1.6~ynh1", + "version": "1.11.0~ynh1", "url": "https://paperless-ngx.com", "upstream": { "license": "GPL-3.0-or-later", @@ -21,7 +21,7 @@ "name": "Tagada" }, "requirements": { - "yunohost": ">= 4.3.0" + "yunohost": ">= 11.0.0" }, "multi_instance": true, "services": [ @@ -38,6 +38,26 @@ { "name": "admin", "type": "user" + }, + { + "name": "admin_pw", + "type": "password", + "ask": { + "en": "Please chose a password for admin user." + } + }, + { + "name": "is_public", + "type": "boolean", + "default": false + }, + { + "name": "is_public_api", + "type": "boolean", + "default": false, + "ask": { + "en": "Should Paperless-ngx be accessible for apps." + } } ] } diff --git a/scripts/_common.sh b/scripts/_common.sh index dc1c5cb..ff70f8e 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # dependencies used by the app -pkg_dependencies="redis-tools redis-server postgresql postgresql-contrib python3 python3-pip python3-dev python3-venv imagemagick fonts-liberation optipng gnupg libpq-dev libmagic-dev mime-support" +pkg_dependencies="python3 python3-pip python3-dev python3-venv default-libmysqlclient-dev fonts-liberation imagemagick gnupg libpq-dev libmagic-dev mime-support libzbar0 poppler-utils postgresql postgresql-contrib " ocr_pkg_dependencies="unpaper ghostscript icc-profiles-free qpdf liblept5 libxml2 pngquant zlib1g tesseract-ocr" raspberry_pkg_dependencies="libatlas-base-dev libxslt1-dev" diff --git a/scripts/backup b/scripts/backup index f5bce7a..f2ae68d 100755 --- a/scripts/backup +++ b/scripts/backup @@ -31,7 +31,6 @@ app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get --app=$app --key=final_path) domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) -phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= @@ -66,8 +65,8 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" # BACKUP FAIL2BAN CONFIGURATION #================================================= -ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" +#ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +#ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" #================================================= # SPECIFIC BACKUP @@ -82,12 +81,15 @@ ynh_backup --src_path="/etc/logrotate.d/$app" #================================================= ynh_backup --src_path="/etc/systemd/system/$app.service" +ynh_backup --src_path="/etc/systemd/system/$app-consumer.service" +ynh_backup --src_path="/etc/systemd/system/$app-scheduler.service" +ynh_backup --src_path="/etc/systemd/system/$app-task-queue.service" #================================================= # BACKUP VARIOUS FILES #================================================= -ynh_backup --src_path="/etc/$app/" +#ynh_backup --src_path="/etc/$app/" #================================================= # BACKUP THE MYSQL DATABASE diff --git a/scripts/change_url b/scripts/change_url index 5f9dcdf..18bf00c 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -24,16 +24,22 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) port=$(ynh_app_setting_get --app=$app --key=port) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name +db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) +redis_db=$(ynh_app_setting_get --app=$app --key=redis_db) +paperless_secret_key=$(ynh_app_setting_get --app=$app --key=paperless_secret_key) #================================================= # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --time --weight=1 +ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1 # Backup the current version of the app ynh_backup_before_upgrade @@ -68,14 +74,17 @@ fi #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --time --weight=1 +ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app-consumer" --action="stop" --log_path="/var/log/$app/$app-consumer.log" +ynh_systemd_action --service_name="$app-scheduler" --action="stop" --log_path="/var/log/$app/$app-scheduler.log" +ynh_systemd_action --service_name="$app-task-queue" --action="stop" --log_path="/var/log/$app/$app-task-queue.log" #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating NGINX web server configuration..." --time --weight=1 +ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -104,22 +113,34 @@ fi #================================================= # SPECIFIC MODIFICATIONS #================================================= -# ... +# MODIFY A CONFIGURATION #================================================= +ynh_script_progression --message="Modifying a configuration file..." --weight=1 + +domain="$new_domain" +path_url="$new_path" + +ynh_add_config --template="paperless.conf.example" --destination="$final_path/paperless.conf" + +chmod 400 "$final_path/paperless.conf" +chown $app:$app "$final_path/paperless.conf" #================================================= # GENERIC FINALISATION #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --time --weight=1 +ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app-consumer" --action="start" --log_path="/var/log/$app/$app-consumer.log" +ynh_systemd_action --service_name="$app-scheduler" --action="start" --log_path="/var/log/$app/$app-scheduler.log" +ynh_systemd_action --service_name="$app-task-queue" --action="start" --log_path="/var/log/$app/$app-task-queue.log" #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -127,4 +148,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --time --last +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/install b/scripts/install index 04ca216..05a1509 100755 --- a/scripts/install +++ b/scripts/install @@ -7,6 +7,7 @@ #================================================= source _common.sh +source ynh_redis source /usr/share/yunohost/helpers #================================================= @@ -26,25 +27,18 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url="/" +is_public=$YNH_APP_ARG_IS_PUBLIC +is_public_api=$YNH_APP_ARG_IS_PUBLIC_API admin=$YNH_APP_ARG_ADMIN +admin_pw=$YNH_APP_ARG_ADMIN_PW app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -### About --weight and --time -### ynh_script_progression will show to your final users the progression of each scripts. -### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script. -### --time is a packager option, it will show you the execution time since the previous call. -### This option should be removed before releasing your app. -### Use the execution time, given by --time, to estimate the weight of a step. -### A common way to do it is to set a weight equal to the execution time in second +1. -### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call. -ynh_script_progression --message="Validating installation parameters..." --time --weight=1 +ynh_script_progression --message="Validating installation parameters..." --weight=1 -### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". -### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app" final_path=/opt/yunohost/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" @@ -54,7 +48,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_script_progression --message="Storing installation settings..." --time --weight=1 +ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url @@ -65,7 +59,7 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin #================================================= # FIND AND OPEN A PORT #================================================= -ynh_script_progression --message="Finding an available port..." --time --weight=1 +ynh_script_progression --message="Finding an available port..." --weight=1 # Find an available port port=$(ynh_find_port --port=8095) @@ -74,16 +68,16 @@ ynh_app_setting_set --app=$app --key=port --value=$port #================================================= # INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Installing dependencies..." --time --weight=1 +ynh_script_progression --message="Installing dependencies..." --weight=1 # FIXME: Only on a Raspberry Pi (armv6 v7?) # ynh_add_app_dependencies $raspberry_pkg_dependencies -ynh_install_app_dependencies $pkg_dependencies $ocr_pkg_dependencies +ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $ocr_pkg_dependencies #================================================= # CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Configuring system user..." --time --weight=1 +ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user ynh_system_user_create --username=$app --home_dir="$final_path" @@ -91,17 +85,18 @@ ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # CREATE A POSTGRESQL DATABASE #================================================= -ynh_script_progression --message="Creating a PostgreSQL database..." --time --weight=1 +ynh_script_progression --message="Creating a PostgreSQL database..." --weight=1 db_name=$(ynh_sanitize_dbid --db_name=$app) db_user=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name + ynh_psql_setup_db --db_user=$db_user --db_name=$db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --time --weight=1 +ynh_script_progression --message="Setting up source files..." --weight=1 ynh_app_setting_set --app=$app --key=final_path --value=$final_path @@ -114,9 +109,7 @@ chown -R $app:$app "$final_path" #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1 - -### `ynh_add_nginx_config` will use the file conf/nginx.conf +ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config @@ -130,19 +123,26 @@ ynh_script_progression --message="Installing Python dependencies..." pushd $final_path python3 -m venv venv - venv/bin/pip install --upgrade pip - venv/bin/pip install -r requirements.txt + chown -R "$app:" "$final_path" +( + source "$final_path/venv/bin/activate" + ynh_exec_as $app $final_path/venv/bin/pip3 install --upgrade pip setuptools wheel + ynh_exec_as $app $final_path/venv/bin/pip3 install -r "$final_path/requirements.txt" + deactivate +) popd #================================================= # CREATE DATA DIRECTORY #================================================= -ynh_script_progression --message="Creating a data directory..." --time --weight=1 +ynh_script_progression --message="Creating a data directory..." --weight=1 datadir=/home/yunohost.app/$app ynh_app_setting_set --app=$app --key=datadir --value=$datadir -mkdir -p $datadir/{consume,data,media} +mkdir -p "$datadir/consume" +mkdir -p "$datadir/data" +mkdir -p "$datadir/media" chmod 750 "$datadir" chmod -R o-rwx "$datadir" @@ -151,49 +151,63 @@ chown -R $app:www-data "$datadir" #================================================= # ADD A CONFIGURATION #================================================= -ynh_script_progression --message="Adding a configuration file..." --time --weight=1 +ynh_script_progression --message="Adding a configuration file..." --weight=1 + +redis_db=$(ynh_redis_get_free_db) +ynh_app_setting_set --app=$app --key=redis_db --value=$redis_db paperless_secret_key=$(ynh_string_random) -ynh_app_setting_set --app=$app --key=paperless_secret_key +ynh_app_setting_set --app=$app --key=paperless_secret_key --value=$paperless_secret_key ynh_add_config --template="paperless.conf.example" --destination="$final_path/paperless.conf" chmod 400 "$final_path/paperless.conf" chown $app:$app "$final_path/paperless.conf" -#================================================= -# SETUP SYSTEMD -#================================================= -ynh_script_progression --message="Configuring a systemd service..." --time --weight=1 - -# Create a dedicated systemd config -ynh_add_systemd_config - #================================================= # SETUP THE DATABASE #================================================= -ynh_script_progression --message="Setting up the database..." --time --weight=1 +ynh_script_progression --message="Setting up the database..." --weight=1 -pushd $final_path - ynh_exec_as $app python3 manage.py migrate +pushd "$final_path/src" +( + source "$final_path/venv/bin/activate" + ynh_exec_as $app $final_path/venv/bin/python manage.py migrate + deactivate +) popd #================================================= # CREATE THE ADMIN USER #================================================= -ynh_script_progression --message="Creating the admin user..." --time --weight=1 +ynh_script_progression --message="Creating the admin user..." --weight=1 -pushd $final_path +pushd "$final_path/src" +( + source "$final_path/venv/bin/activate" email=$(ynh_user_get_info $admin 'mail') - ynh_exec_as $app python3 manage.py createsuperuser --noinput --username "$admin" --email "$email" + ynh_exec_as $app env "DJANGO_SUPERUSER_PASSWORD=$admin_pw" $final_path/venv/bin/python3 manage.py createsuperuser --noinput --username "$admin" --email "$email" + deactivate +) popd +#================================================= +# SETUP SYSTEMD +#================================================= +ynh_script_progression --message="Configuring a systemd service..." --weight=1 + +# Create a dedicated systemd config +ynh_add_systemd_config --service="$app" --template="systemd.service" +ynh_add_systemd_config --service="$app-consumer" --template="systemd-consumer.service" +ynh_add_systemd_config --service="$app-scheduler" --template="systemd-scheduler.service" +ynh_add_systemd_config --service="$app-task-queue" --template="systemd-task-queue.service" + #================================================= # GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= -ynh_script_progression --message="Configuring log rotation..." --time --weight=1 +ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate @@ -201,39 +215,54 @@ ynh_use_logrotate #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 +ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --log="/var/log/$app/$app.log" +yunohost service add "$app" --log="/var/log/$app/$app.log" +yunohost service add "$app-consumer" --log="/var/log/$app/$app-consumer.log" +yunohost service add "$app-scheduler" --log="/var/log/$app/$app-scheduler.log" +yunohost service add "$app-task-queue" --log="/var/log/$app/$app-task-queue.log" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --time --weight=1 +ynh_script_progression --message="Starting a systemd service..." --weight=1 -# Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app-consumer" --action="start" --log_path="/var/log/$app/$app-consumer.log" +ynh_systemd_action --service_name="$app-scheduler" --action="start" --log_path="/var/log/$app/$app-scheduler.log" +ynh_systemd_action --service_name="$app-task-queue" --action="start" --log_path="/var/log/$app/$app-task-queue.log" #================================================= # SETUP FAIL2BAN #================================================= -ynh_script_progression --message="Configuring Fail2Ban..." --time --weight=1 +#ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 # Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" +#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" # FIXME fail2ban # ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-access.log" --failregex=".* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$" --max_retry=5 #================================================= # SETUP SSOWAT #================================================= -#ynh_script_progression --message="Configuring permissions..." --time --weight=1 +ynh_script_progression --message="Configuring permissions..." --weight=1 -# .main already exist so nothing to do here... +# Make app public if necessary +if [ $is_public -eq 1 ] +then + ynh_permission_update --permission="main" --add="visitors" +fi + +ynh_permission_create --permission="api" --url="/api" --allowed="all_users" --auth_header="false" --label="$app API" --show_tile="false" --protected="false" +if [ $is_public_api -eq 1 ] +then + ynh_permission_update --permission="api" --add="visitors" +fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -241,4 +270,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" --time --last +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index 0df6f20..0730658 100755 --- a/scripts/remove +++ b/scripts/remove @@ -7,12 +7,13 @@ #================================================= source _common.sh +source ynh_redis source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME @@ -22,6 +23,7 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name final_path=$(ynh_app_setting_get --app=$app --key=final_path) datadir=$(ynh_app_setting_get --app=$app --key=datadir) +redis_db=$(ynh_app_setting_get --app=$app --key=redis_db) #================================================= # STANDARD REMOVE @@ -32,22 +34,28 @@ datadir=$(ynh_app_setting_get --app=$app --key=datadir) # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status $app >/dev/null then - ynh_script_progression --message="Removing $app service integration..." --time --weight=1 - yunohost service remove $app + ynh_script_progression --message="Removing $app service integration..." --weight=1 + yunohost service remove "$app" + yunohost service remove "$app-consumer" + yunohost service remove "$app-scheduler" + yunohost service remove "$app-task-queue" fi #================================================= # STOP AND REMOVE SERVICE #================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." --time --weight=1 +ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 # Remove the dedicated systemd config -ynh_remove_systemd_config +ynh_remove_systemd_config --service="$app" +ynh_remove_systemd_config --service="$app-consumer" +ynh_remove_systemd_config --service="$app-scheduler" +ynh_remove_systemd_config --service="$app-task-queue" #================================================= # REMOVE LOGROTATE CONFIGURATION #================================================= -ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1 +ynh_script_progression --message="Removing logrotate configuration..." --weight=1 # Remove the app-specific logrotate config ynh_remove_logrotate @@ -55,7 +63,7 @@ ynh_remove_logrotate #================================================= # REMOVE THE POSTGRESQL DATABASE #================================================= -ynh_script_progression --message="Removing the PostgreSQL database..." --time --weight=1 +ynh_script_progression --message="Removing the PostgreSQL database..." --weight=1 # Remove a database if it exists, along with the associated user ynh_psql_remove_db --db_user=$db_user --db_name=$db_name @@ -63,7 +71,7 @@ ynh_psql_remove_db --db_user=$db_user --db_name=$db_name #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing app main directory..." --time --weight=1 +ynh_script_progression --message="Removing app main directory..." --weight=1 # Remove the app directory securely ynh_secure_remove --file="$final_path" @@ -75,14 +83,14 @@ ynh_secure_remove --file="$final_path" # Remove the data directory if --purge option is used if [ "${YNH_APP_PURGE:-0}" -eq 1 ] then - ynh_script_progression --message="Removing app data directory..." --time --weight=1 + ynh_script_progression --message="Removing app data directory..." --weight=1 ynh_secure_remove --file="$datadir" fi #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1 +ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 # Remove the dedicated NGINX config ynh_remove_nginx_config @@ -90,28 +98,29 @@ ynh_remove_nginx_config #================================================= # REMOVE DEPENDENCIES #================================================= -ynh_script_progression --message="Removing dependencies..." --time --weight=1 +ynh_script_progression --message="Removing dependencies..." --weight=1 # Remove metapackage and its dependencies +ynh_redis_remove_db "$redis_db" ynh_remove_app_dependencies #================================================= # REMOVE FAIL2BAN CONFIGURATION #================================================= -ynh_script_progression --message="Removing Fail2Ban configuration..." --time --weight=1 +#ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1 # Remove the dedicated Fail2Ban config -ynh_remove_fail2ban_config +#ynh_remove_fail2ban_config #================================================= # SPECIFIC REMOVE #================================================= # REMOVE VARIOUS FILES #================================================= -ynh_script_progression --message="Removing various files..." --time --weight=1 +ynh_script_progression --message="Removing various files..." --weight=1 # Remove a directory securely -ynh_secure_remove --file="/etc/$app" +#ynh_secure_remove --file="/etc/$app" # Remove the log files ynh_secure_remove --file="/var/log/$app" @@ -121,7 +130,7 @@ ynh_secure_remove --file="/var/log/$app" #================================================= # REMOVE DEDICATED USER #================================================= -ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1 +ynh_script_progression --message="Removing the dedicated system user..." --weight=1 # Delete a system user ynh_system_user_delete --username=$app @@ -130,4 +139,4 @@ ynh_system_user_delete --username=$app # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --time --last +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index 7044509..a6933ea 100755 --- a/scripts/restore +++ b/scripts/restore @@ -8,6 +8,7 @@ # Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh +source ../settings/scripts/ynh_redis source /usr/share/yunohost/helpers #================================================= @@ -24,7 +25,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME @@ -34,29 +35,27 @@ admin=$(ynh_app_setting_get --app=$app --key=admin) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name +db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) datadir=$(ynh_app_setting_get --app=$app --key=datadir) +paperless_secret_key=$(ynh_app_setting_get --app=$app --key=paperless_secret_key) + +redis_db=$(ynh_redis_get_free_db) +ynh_app_setting_set --app=$app --key=redis_db --value=$redis_db #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_script_progression --message="Validating restoration parameters..." --time --weight=1 +ynh_script_progression --message="Validating restoration parameters..." --weight=1 test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " #================================================= # STANDARD RESTORATION STEPS -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX web server configuration..." --time --weight=1 - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" - #================================================= # RECREATE THE DEDICATED USER #================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1 +ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 # Create the dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir="$final_path" @@ -64,103 +63,153 @@ ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory..." --time --weight=1 +ynh_script_progression --message="Restoring the app main directory..." --weight=1 ynh_restore_file --origin_path="$final_path" chmod 750 "$final_path" chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chown -R $app:$app "$final_path" #================================================= # RESTORE THE DATA DIRECTORY #================================================= -ynh_script_progression --message="Restoring the data directory..." --time --weight=1 +ynh_script_progression --message="Restoring the data directory..." --weight=1 ynh_restore_file --origin_path="$datadir" --not_mandatory -mkdir -p $datadir/{consume,data,media} +mkdir -p "$datadir/consume" +mkdir -p "$datadir/data" +mkdir -p "$datadir/media" chmod 750 "$datadir" chmod -R o-rwx "$datadir" -chown -R $app:www-data "$datadir" +chown -R $app:$app "$datadir" + +#================================================= +# ADD A CONFIGURATION +#================================================= +ynh_script_progression --message="Adding a configuration file..." --weight=1 + +ynh_add_config --template="../settings/conf/paperless.conf.example" --destination="$final_path/paperless.conf" + +chmod 400 "$final_path/paperless.conf" +chown $app:$app "$final_path/paperless.conf" #================================================= # RESTORE FAIL2BAN CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the Fail2Ban configuration..." --time --weight=1 +#ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1 -ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" -ynh_systemd_action --action=restart --service_name=fail2ban +#ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" +#ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" +#ynh_systemd_action --action=restart --service_name=fail2ban #================================================= # SPECIFIC RESTORATION #================================================= # REINSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Reinstalling dependencies..." --time --weight=1 +ynh_script_progression --message="Reinstalling dependencies..." --weight=1 # Define and install dependencies -ynh_install_app_dependencies $pkg_dependencies +ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $ocr_pkg_dependencies + +#================================================= +# INSTALL PYTHON DEPENDENCIES +#================================================= +ynh_script_progression --message="Installing Python dependencies..." + +pushd $final_path + ynh_secure_remove --file="$final_path/venv" + python3 -m venv venv + chown -R "$app:" "$final_path" +( + source "$final_path/venv/bin/activate" + ynh_exec_as $app $final_path/venv/bin/pip3 install --upgrade pip setuptools wheel + ynh_exec_as $app $final_path/venv/bin/pip3 install -r "$final_path/requirements.txt" + deactivate +) +popd + +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE POSTGRESQL DATABASE #================================================= -ynh_script_progression --message="Restoring the PostgresSQL database..." --time --weight=1 +ynh_script_progression --message="Restoring the PostgresSQL database..." --weight=1 -db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) +db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql #================================================= # RESTORE VARIOUS FILES #================================================= -ynh_script_progression --message="Restoring various files..." --time --weight=1 +#ynh_script_progression --message="Restoring various files..." --weight=1 -ynh_restore_file --origin_path="/etc/$app/" +#ynh_restore_file --origin_path="/etc/$app/" #================================================= # RESTORE SYSTEMD #================================================= -ynh_script_progression --message="Restoring the systemd configuration..." --time --weight=1 +ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 ynh_restore_file --origin_path="/etc/systemd/system/$app.service" -systemctl enable $app.service --quiet +ynh_restore_file --origin_path="/etc/systemd/system/$app-consumer.service" +ynh_restore_file --origin_path="/etc/systemd/system/$app-scheduler.service" +ynh_restore_file --origin_path="/etc/systemd/system/$app-task-queue.service" +systemctl enable "$app.service" --quiet +systemctl enable "$app-consumer.service" --quiet +systemctl enable "$app-scheduler.service" --quiet +systemctl enable "$app-task-queue.service" --quiet #================================================= # RESTORE THE LOGROTATE CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the logrotate configuration..." --time --weight=1 +ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1 + +mkdir -p "/var/log/$app" +chown -R $app: "/var/log/$app" ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 +ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --log="/var/log/$app/$app.log" +yunohost service add "$app" --log="/var/log/$app/$app.log" +yunohost service add "$app-consumer" --log="/var/log/$app/$app-consumer.log" +yunohost service add "$app-scheduler" --log="/var/log/$app/$app-scheduler.log" +yunohost service add "$app-task-queue" --log="/var/log/$app/$app-task-queue.log" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --time --weight=1 +ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app-consumer" --action="start" --log_path="/var/log/$app/$app-consumer.log" +ynh_systemd_action --service_name="$app-scheduler" --action="start" --log_path="/var/log/$app/$app-scheduler.log" +ynh_systemd_action --service_name="$app-task-queue" --action="start" --log_path="/var/log/$app/$app-task-queue.log" #================================================= # GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --time --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 -ynh_systemd_action --service_name=php$phpversion-fpm --action=reload ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --time --last +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index 07cd16a..16a65f5 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -7,40 +7,37 @@ #================================================= source _common.sh +source ynh_redis source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) +port=$(ynh_app_setting_get --app=$app --key=port) admin=$(ynh_app_setting_get --app=$app --key=admin) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name -datadir=$(ynh_app_setting_get --app=$app --key=datadir) -paperless_secret_key=$(ynh_app_setting_get --app=app --key=paperless_secret_key) +db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) +redis_db=$(ynh_app_setting_get --app=$app --key=redis_db) +paperless_secret_key=$(ynh_app_setting_get --app=$app --key=paperless_secret_key) #================================================= # CHECK VERSION #================================================= - -### This helper will compare the version of the currently installed app and the version of the upstream package. -### $upgrade_type can have 2 different values -### - UPGRADE_APP if the upstream app version has changed -### - UPGRADE_PACKAGE if only the YunoHost package has changed -### ynh_check_app_version_changed will stop the upgrade if the app is up to date. -### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. upgrade_type=$(ynh_check_app_version_changed) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1 +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 # Backup the current version of the app ynh_backup_before_upgrade @@ -56,14 +53,17 @@ ynh_abort_if_errors #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --time --weight=1 +ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app-consumer" --action="stop" --log_path="/var/log/$app/$app-consumer.log" +ynh_systemd_action --service_name="$app-scheduler" --action="stop" --log_path="/var/log/$app/$app-scheduler.log" +ynh_systemd_action --service_name="$app-task-queue" --action="stop" --log_path="/var/log/$app/$app-task-queue.log" #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 +ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # # N.B. : the followings setting migrations snippets are provided as *EXAMPLES* @@ -83,10 +83,30 @@ ynh_script_progression --message="Ensuring downward compatibility..." --time --w # ynh_app_setting_set --app=$app --key=final_path --value=$final_path #fi +### If nobody installed your app before 4.1, +### then you may safely remove these lines + +# Cleaning legacy permissions +#if ynh_legacy_permissions_exists; then +# ynh_legacy_permissions_delete_all +# +# ynh_app_setting_delete --app=$app --key=is_public +#fi +# +#if ! ynh_permission_exists --permission="admin"; then +# # Create the required permissions +# ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin +#fi +# +## Create a permission if needed +#if ! ynh_permission_exists --permission="api"; then +# ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" +#fi + #================================================= # CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1 +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 # Create a dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir="$final_path" @@ -97,30 +117,29 @@ ynh_system_user_create --username=$app --home_dir="$final_path" if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_script_progression --message="Upgrading source files..." --time --weight=1 + ynh_script_progression --message="Upgrading source files..." --weight=1 - # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" + ynh_setup_source --dest_dir="$final_path" --keep="paperless.conf" fi chmod 750 "$final_path" chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --time --weight=1 - -# Create a dedicated NGINX config -ynh_add_nginx_config +chown -R $app:$app "$final_path" #================================================= # UPGRADE DEPENDENCIES #================================================= -ynh_script_progression --message="Upgrading dependencies..." --time --weight=1 +ynh_script_progression --message="Upgrading dependencies..." --weight=1 -ynh_install_app_dependencies $pkg_dependencies +ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies $ocr_pkg_dependencies + +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 + +# Create a dedicated NGINX config +ynh_add_nginx_config #================================================= # SPECIFIC UPGRADE @@ -131,84 +150,94 @@ ynh_script_progression --message="Installing Python dependencies..." pushd $final_path python3 -m venv venv - venv/bin/pip install --upgrade pip - venv/bin/pip install -r requirements.txt + chown -R "$app:" "$final_path" +( + source "$final_path/venv/bin/activate" + ynh_exec_as $app $final_path/venv/bin/pip3 install --upgrade pip setuptools wheel + ynh_exec_as $app $final_path/venv/bin/pip3 install -r "$final_path/requirements.txt" + deactivate +) popd #================================================= # UPDATE A CONFIG FILE #================================================= -ynh_script_progression --message="Updating a configuration file..." --time --weight=1 +ynh_script_progression --message="Updating a configuration file..." --weight=1 +ynh_add_config --template="paperless.conf.example" --destination="$final_path/paperless.conf" -ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file" - -# FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config -chmod 400 "$final_path/some_config_file" -chown $app:$app "$final_path/some_config_file" - -### For more complex cases where you want to replace stuff using regexes, -### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) -### When doing so, you also need to manually call ynh_store_file_checksum -### -### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file" -### ynh_store_file_checksum --file="$final_path/some_config_file" +chmod 400 "$final_path/paperless.conf" +chown $app:$app "$final_path/paperless.conf" #================================================= # SETUP THE DATABASE #================================================= -ynh_script_progression --message="Setting up the database..." --time --weight=1 +ynh_script_progression --message="Setting up the database..." --weight=1 -pushd $final_path - ynh_exec_as $app python3 manage.py migrate +pushd "$final_path/src" +( + source "$final_path/venv/bin/activate" + ynh_exec_as $app $final_path/venv/bin/python manage.py migrate + deactivate +) popd #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Upgrading systemd configuration..." --time --weight=1 +ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 # Create a dedicated systemd config -ynh_add_systemd_config +ynh_add_systemd_config --service="$app" --template="systemd.service" +ynh_add_systemd_config --service="$app-consumer" --template="systemd-consumer.service" +ynh_add_systemd_config --service="$app-scheduler" --template="systemd-scheduler.service" +ynh_add_systemd_config --service="$app-task-queue" --template="systemd-task-queue.service" #================================================= # GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= -ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1 +ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1 # Use logrotate to manage app-specific logfile(s) -ynh_use_logrotate --non-append +ynh_use_logrotate --logfile="/var/log/$app/$app.log" +ynh_use_logrotate --logfile="/var/log/$app/$app-consumer.log" +ynh_use_logrotate --logfile="/var/log/$app/$app-scheduler.log" +ynh_use_logrotate --logfile="/var/log/$app/$app-task-queue.log" #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 +ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --log="/var/log/$app/$app.log" +yunohost service add "$app" --log="/var/log/$app/$app.log" +yunohost service add "$app-consumer" --log="/var/log/$app/$app-consumer.log" +yunohost service add "$app-scheduler" --log="/var/log/$app/$app-scheduler.log" +yunohost service add "$app-task-queue" --log="/var/log/$app/$app-task-queue.log" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --time --weight=1 +ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name="$app-consumer" --action="start" --log_path="/var/log/$app/$app-consumer.log" +ynh_systemd_action --service_name="$app-scheduler" --action="start" --log_path="/var/log/$app/$app-scheduler.log" +ynh_systemd_action --service_name="$app-task-queue" --action="start" --log_path="/var/log/$app/$app-task-queue.log" #================================================= # UPGRADE FAIL2BAN #================================================= -ynh_script_progression --message="Reconfiguring Fail2Ban..." --time --weight=1 +#ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=1 # Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" +#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -216,4 +245,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --time --last +ynh_script_progression --message="Upgrade of $app completed" --last diff --git a/scripts/ynh_redis b/scripts/ynh_redis new file mode 100644 index 0000000..0071247 --- /dev/null +++ b/scripts/ynh_redis @@ -0,0 +1,39 @@ +#!/bin/bash + +# get the first available redis database +# +# usage: ynh_redis_get_free_db +# | returns: the database number to use +ynh_redis_get_free_db() { + local result max db + result=$(redis-cli INFO keyspace) + + # get the num + max=$(cat /etc/redis/redis.conf | grep ^databases | grep -Eow "[0-9]+") + + db=0 + # default Debian setting is 15 databases + for i in $(seq 0 "$max") + do + if ! echo "$result" | grep -q "db$i" + then + db=$i + break 1 + fi + db=-1 + done + + test "$db" -eq -1 && ynh_die --message="No available Redis databases..." + + echo "$db" +} + +# Create a master password and set up global settings +# Please always call this script in install and restore scripts +# +# usage: ynh_redis_remove_db database +# | arg: database - the database to erase +ynh_redis_remove_db() { + local db=$1 + redis-cli -n "$db" flushall +}