diff --git a/scripts/backup b/scripts/backup index 1e20dde..2fc99d4 100644 --- a/scripts/backup +++ b/scripts/backup @@ -63,13 +63,6 @@ ynh_backup --src_path="/etc/logrotate.d/$app" ynh_backup --src_path="/etc/systemd/system/$app.service" -#================================================= -# BACKUP THE POSTGRESQL DATABASE -#================================================= -ynh_print_info --message="Backing up the PostgreSQL database..." - -ynh_psql_dump_db --database="$db_name" > db.sql - #================================================= # BACKUP THE DATA DIRECTORY #================================================= @@ -77,6 +70,13 @@ ynh_print_info --message="Backing up data directory..." ynh_backup --src_path="$datadir" --is_big +#================================================= +# BACKUP THE POSTGRESQL DATABASE +#================================================= +ynh_print_info --message="Backing up the PostgreSQL database..." + +ynh_psql_dump_db --database="$db_name" > db.sql + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index d46d3a3..07fe1fe 100644 --- a/scripts/install +++ b/scripts/install @@ -97,6 +97,14 @@ fi # Install Yarn ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # CREATE A POSTGRESQL DATABASE #================================================= @@ -122,6 +130,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R root:$app "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -130,14 +142,6 @@ ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated NGINX config ynh_add_nginx_config "datadir" -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." - -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # SPECIFIC SETUP #================================================= @@ -148,25 +152,15 @@ ynh_script_progression --message="Creating the data directory..." # Create app folders mkdir -p "$datadir" -# Give permission to the datadir -chown -R $app:$app $datadir - -#================================================= -# MODIFY A CONFIG FILE -#================================================= -ynh_script_progression --message="Modifying a config file..." - -ynh_add_config --template="../conf/production.yaml" --destination="$final_path/config/production.yaml" - -ynh_add_config --template="../conf/local-production.json" --destination="$final_path/config/local-production.json" +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R root:$app "$datadir" #================================================= # BUILD YARN DEPENDENCIES #================================================= ynh_script_progression --message="Building Yarn dependencies..." -chown -R "$app":"$app" $final_path - pushd "$final_path" ynh_use_nodejs ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH yarn install --production --pure-lockfile @@ -180,6 +174,21 @@ ynh_script_progression --message="Configuring a systemd service..." # Create a dedicated systemd config ynh_add_systemd_config --others_var="ynh_node_load_PATH" +#================================================= +# ADD A CONFIGURATION +#================================================= +ynh_script_progression --message="Adding a config file..." + +ynh_add_config --template="../conf/production.yaml" --destination="$final_path/config/production.yaml" + +chmod 400 "$final_path/config/production.yaml" +chown $app:$app "$final_path/config/production.yaml" + +ynh_add_config --template="../conf/local-production.json" --destination="$final_path/config/local-production.json" + +chmod 400 "$final_path/config/local-production.json" +chown $app:$app "$final_path/config/local-production.json" + #================================================= # START SYSTEMD SERVICE #================================================= @@ -216,17 +225,6 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Set permissions to app files -chown -R $app:$app $final_path - -# Give permission to the datadir -chown -R $app:$app $datadir - #================================================= # SETUP LOGROTATE #================================================= diff --git a/scripts/restore b/scripts/restore index 24a99d4..f1002f5 100644 --- a/scripts/restore +++ b/scripts/restore @@ -56,13 +56,6 @@ ynh_script_progression --message="Restoring the NGINX web server configuration.. ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RESTORE THE APP MAIN DIR -#================================================= -ynh_script_progression --message="Restoring the app main directory..." - -ynh_restore_file --origin_path="$final_path" - #================================================= # RECREATE THE DEDICATED USER #================================================= @@ -72,12 +65,15 @@ ynh_script_progression --message="Recreating the dedicated system user..." ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= -# RESTORE USER RIGHTS +# RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring user rights..." +ynh_script_progression --message="Restoring the app main directory..." -# Restore permissions on app files -chown -R $app:$app $final_path +ynh_restore_file --origin_path="$final_path" + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R root:$app "$final_path" #================================================= # SPECIFIC RESTORATION @@ -91,8 +87,17 @@ ynh_restore_file --origin_path="$datadir" --not_mandatory mkdir -p "$datadir" -# Give permission to the datadir -chown -R $app:$app $datadir +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R root:$app "$datadir" + +#================================================= +# OPEN A PORT +#================================================= +ynh_script_progression --message="Configuring firewall..." + +# Open the port +ynh_exec_warn_less yunohost firewall allow TCP $rtmp_port #================================================= # REINSTALL DEPENDENCIES @@ -124,14 +129,6 @@ ynh_psql_test_if_first_run ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name -#================================================= -# OPEN A PORT -#================================================= -ynh_script_progression --message="Configuring firewall..." - -# Open the port -ynh_exec_warn_less yunohost firewall allow TCP $rtmp_port - #================================================= # RESTORE SYSTEMD #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 69422ea..1ce2fad 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -100,20 +100,12 @@ if ! ynh_permission_exists --permission="api"; then fi #================================================= -# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." -# Inform the backup/restore process that it should not save the data directory -# Use only for the previous backup script that doesn't set 'is_big' -ynh_app_setting_set --app=$app --key=backup_core_only --value=1 - # Backup the current version of the app ynh_backup_before_upgrade - -# Remove the option backup_core_only after the backup. -ynh_app_setting_delete --app=$app --key=backup_core_only - ynh_clean_setup () { # Restore it if the upgrade fails ynh_clean_check_starting @@ -131,6 +123,14 @@ ynh_script_progression --message="Stopping a systemd service..." ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -169,6 +169,10 @@ then ynh_secure_remove --file="$tmpdir" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R root:$app "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -202,14 +206,6 @@ ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ st ynh_secure_remove --file="/usr/share/yunohost/hooks/conf_regen/15-nginx_$app" yunohost tools regen-conf nginx -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # SPECIFIC UPGRADE #================================================= @@ -217,25 +213,27 @@ ynh_system_user_create --username=$app #================================================= ynh_script_progression --message="Creating the data directory..." -if [ ! -d "$datadir" ] -then - # Create app folders - mkdir -p "$datadir" -fi +# Create app folders +mkdir -p "$datadir" -# Give permission to the datadir -chown -R $app:$app $datadir +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R root:$app "$datadir" #================================================= -# MODIFY A CONFIG FILE +# UPDATE A CONFIG FILE #================================================= -ynh_script_progression --message="Modifying a config file..." +ynh_script_progression --message="Updating a config file..." ynh_add_config --template="../conf/production.yaml" --destination="$final_path/config/production.yaml" -local_config="$final_path/config/local-production.json" -ynh_backup_if_checksum_is_different --file="$local_config" -ynh_store_file_checksum --file="$local_config" +chmod 400 "$final_path/config/production.yaml" +chown $app:$app "$final_path/config/production.yaml" + +ynh_add_config --template="../conf/local-production.json" --destination="$final_path/config/local-production.json" + +chmod 400 "$final_path/config/local-production.json" +chown $app:$app "$final_path/config/local-production.json" #================================================= # BUILD YARN DEPENDENCIES @@ -268,17 +266,6 @@ ynh_add_systemd_config --others_var="ynh_node_load_PATH" #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Set permissions on app files -chown -R $app:$app $final_path - -# Give permission to the datadir -chown -R $app:$app $datadir - #================================================= # SETUP LOGROTATE #=================================================