#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC language=$YNH_APP_ARG_LANGUAGE app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=language --value=$language #================================================= # STANDARD MODIFICATIONS #================================================= # INSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Installing dependencies..." --weight=40 ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." --weight=3 # Create a system user ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # CREATE A MYSQL DATABASE #================================================= ynh_script_progression --message="Creating a MySQL database..." db_name=$(ynh_sanitize_dbid --db_name=$app) db_user=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=5 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Create tmp directory and fetch app inside tmpdir="$(ynh_smart_mktemp --min_size=300)" ynh_setup_source --dest_dir="$tmpdir" # Fetch needed plugins mkdir -p $tmpdir/plugins/Ldap_Login ynh_setup_source --dest_dir="$tmpdir/plugins/Ldap_Login" --source_id=ldap_plugin ynh_setup_source --dest_dir="$tmpdir/plugins" --source_id=log_failed_logins_plugin # sets extended pattern matching options in the bash shell shopt -s extglob # Install files and set permissions mkdir $final_path cp -a $tmpdir/!(upload|_data|galleries) $final_path datapath=/home/yunohost.app/$app mkdir -p $datapath/_data mkdir -p $datapath/upload mkdir -p $datapath/galleries ln -sd $datapath/_data $final_path/_data ln -sd $datapath/upload $final_path/upload ln -sd $datapath/galleries $final_path/galleries cp -Rp $tmpdir/_data/. $final_path/_data cp -Rp $tmpdir/upload/. $final_path/upload cp -Rp $tmpdir/galleries/. $final_path/galleries chmod 750 "$datapath" chmod -R o-rwx "$datapath" chown -R $app:www-data "$datapath" chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" ynh_app_setting_set --app=$app --key=datapath --value=$datapath ynh_secure_remove --file="$tmpdir" #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Configuring PHP-FPM..." --weight=2 # Create a dedicated PHP-FPM config ynh_add_fpm_config phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # SPECIFIC SETUP #================================================= # SETUP APPLICATION WITH CURL #================================================= ynh_script_progression --message="Setuping application with CURL..." --weight=5 # Set the app as temporarily public for curl call ynh_script_progression --message="Configuring SSOwat..." # Making the app public for curl ynh_permission_update --permission="main" --add="visitors" # Reload NGINX ynh_systemd_action --service_name=nginx --action=reload # Generate random password for admin adm_pwd=$(ynh_string_random --length=24) ynh_app_setting_set --app=$app --key=admin_pwd --value="$adm_pwd" if [ "$language" = "fr" ]; then applanguage="fr_FR" else applanguage="en_UK" fi # Configure Piwigo via cURL mail="$(ynh_user_get_info --username=$admin --key=mail)" # Installation with cURL ynh_local_curl "/install.php?language=$applanguage" "install=true" "dbhost=127.0.0.1" "dbuser=$db_user" "dbpasswd=$db_pwd" "dbname=$db_name" "prefix=" "admin_name=$admin" "admin_pass1=$adm_pwd" "admin_pass2=$adm_pwd" "admin_mail=$mail" #================================================= # CONFIGURE PIWIGO #================================================= ynh_script_progression --message="Configuring Piwigo..." # Change local config ynh_add_config --template="../conf/config.inc.php" --destination="$final_path/local/config/config.inc.php" # Setup database in local/config/database.inc.php ynh_add_config --template="../conf/database.inc.php" --destination="$final_path/local/config/database.inc.php" chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" #================================================= # ADD LDAP PLUGIN #================================================= ynh_script_progression --message="Configuring LDAP plugin..." # Activate the LDAP plugin using the WS API # Login with admin account ynh_local_curl "/ws.php?format=json" "method=pwg.session.login" "username=$admin" "password=$adm_pwd" # Get session token status=$(ynh_local_curl "/ws.php?format=json" "method=pwg.session.getStatus") pwg_token=$(jq --raw-output .result.pwg_token <<< $status) # Install the Ldap_Login plugin ynh_local_curl "/ws.php?format=json" "method=pwg.plugins.performAction" "action=install" "plugin=Ldap_Login" "pwg_token=$pwg_token" # Activate the Ldap_Login plugin ynh_local_curl "/ws.php?format=json" "method=pwg.plugins.performAction" "action=activate" "plugin=Ldap_Login" "pwg_token=$pwg_token" # Log out ynh_local_curl "/ws.php?format=json" "method=pwg.session.logout" # Edit Ldap_Login plugin configuration ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE piwigo_ldap_login_config SET value='ou=users,dc=yunohost,dc=org' WHERE param = 'ld_basedn'; UPDATE piwigo_ldap_login_config SET value='uid' WHERE param = 'ld_user_attr'; UPDATE piwigo_ldap_login_config SET value='' WHERE param = 'ld_binddn'; UPDATE piwigo_ldap_login_config SET value='0' WHERE param = 'allow_new_users'; UPDATE piwigo_ldap_login_config SET value='0' WHERE param = 'ld_group_user_active';" # Remove the public access ynh_permission_update --permission="main" --remove="visitors" #================================================= # GENERIC FINALIZATION #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2Ban..." --weight=6 # Configure and activate log_failed_logins plugin ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" touch "/var/log/${app}FailedLogins.log" chown $app: "/var/log/${app}FailedLogins.log" ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex="ip=" --max_retry=6 #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring permissions..." # Make app public if necessary if [ $is_public -eq 1 ] then # Everyone can access the app. # The "main" permission is automatically created before the install script. ynh_permission_update --permission="main" --add="visitors" fi #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed" --last