mirror of
https://github.com/YunoHost-Apps/piwigo_ynh.git
synced 2024-09-03 20:06:03 +02:00
218 lines
No EOL
7.5 KiB
Bash
218 lines
No EOL
7.5 KiB
Bash
#!/bin/bash
|
|
shopt -s extglob # sets extended pattern matching options in the bash shell
|
|
|
|
# Exit on command errors and treat unset variables as an error
|
|
set -eu
|
|
#=================================================
|
|
# GENERIC STARTING
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source _common.sh
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# LOAD SETTINGS
|
|
#=================================================
|
|
# Set app specific variables
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
|
|
# Check destination directory
|
|
destdir="/var/www/$app"
|
|
[[ ! -d $destdir ]] && ynh_die \
|
|
"The destination directory '$destdir' does not exist.\
|
|
The app is not correctly installed, you should remove it first."
|
|
|
|
# Retrieve arguments
|
|
domain=$(ynh_app_setting_get "$app" domain)
|
|
|
|
path_url=$(ynh_app_setting_get "$app" path_url)
|
|
# Compatibility with previous version
|
|
if [ -z "$path_url" ] ; then
|
|
path_url=$(ynh_app_setting_get "$app" path)
|
|
ynh_app_setting_set $app path_url "$path_url"
|
|
fi
|
|
path_url=$(ynh_normalize_url_path $path_url)
|
|
|
|
final_path=$(ynh_app_setting_get "$app" final_path)
|
|
# Compatibility with previous version
|
|
if [ -z "$final_path" ] ; then
|
|
final_path="/var/www/$app"
|
|
ynh_app_setting_set $app final_path "$final_path"
|
|
fi
|
|
|
|
db_name=$(ynh_app_setting_get "$app" db_name)
|
|
# Compatibility with previous version
|
|
if [ -z "$db_name" ] ; then
|
|
db_name=$app
|
|
ynh_app_setting_set "$app" db_name "$db_name"
|
|
fi
|
|
|
|
db_user="$db_name"
|
|
db_pwd=$(ynh_app_setting_get "$app" mysqlpwd)
|
|
admin=$(ynh_app_setting_get "$app" admin)
|
|
|
|
admin_pwd=$(ynh_app_setting_get "$app" admin_pwd)
|
|
# Compatibility with previous version; password was not set
|
|
if [ -z "$admin_pwd" ] ; then
|
|
# Generate a new password
|
|
admin_pwd=$(ynh_string_random 24)
|
|
|
|
# Compute password hash with the Piwigo function
|
|
cp ../conf/hash_password.php $final_path
|
|
hashed_password=$(cd $final_path ; php hash_password.php $admin_pwd)
|
|
|
|
# Update password hash in database
|
|
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE users SET password='$hashed_password' WHERE username='$admin';"
|
|
ynh_app_setting_set $app admin_pwd "$admin_pwd"
|
|
|
|
# Remove the temporary hash generation script
|
|
ynh_secure_remove "$final_path/hash_password.php"
|
|
fi
|
|
|
|
language=$(ynh_app_setting_get "$app" language)
|
|
if [ "$language" = "fr" ] ; then
|
|
applanguage="fr_FR"
|
|
else
|
|
applanguage="en_UK"
|
|
fi
|
|
|
|
is_public=$(ynh_app_setting_get "$app" is_public)
|
|
|
|
#=================================================
|
|
# MANAGE SCRIPT FAILURE
|
|
#=================================================
|
|
|
|
# Use prior backup and restore on error only if backup feature
|
|
# exists on installed instance
|
|
if [ -f "/etc/yunohost/apps/$app/scripts/backup" ] ; then
|
|
ynh_backup_before_upgrade # Backup the current version of the app
|
|
ynh_clean_setup () {
|
|
ynh_restore_upgradebackup
|
|
}
|
|
ynh_abort_if_errors # Stop script if an error is detected
|
|
fi
|
|
|
|
#=================================================
|
|
# INSTALL DEPENDENCIES
|
|
#=================================================
|
|
|
|
ynh_install_app_dependencies "$pkg_dependencies"
|
|
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
|
|
# Create tmp directory and fetch app inside
|
|
tmpdir=$(ynh_mkdir_tmp)
|
|
ynh_setup_source "$tmpdir"
|
|
# Fetch needed plugins
|
|
mkdir -p $tmpdir/plugins/Ldap_Login
|
|
ynh_setup_source "$tmpdir/plugins/Ldap_Login" ldap_plugin
|
|
ynh_setup_source "$tmpdir/plugins" log_failed_logins_plugin
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
|
|
ynh_system_user_create $app # Create dedicated user if not existing
|
|
|
|
#=================================================
|
|
# SPECIFIC SETUP
|
|
#=================================================
|
|
|
|
# We store photos (potentially large data) on /home/yunohost.app
|
|
datapath=/home/yunohost.app/$app
|
|
|
|
# Backward compatibility:
|
|
# If the galleries subdirectory was moved,
|
|
# remove the link and overwrite it
|
|
# (this directory always includes only a single index.php file...)
|
|
if [ -h $final_path/galleries ] ; then
|
|
rm -f $final_path/galleries # only a symbolic link, ynh_secure_remove can't handle that
|
|
ynh_secure_remove $datapath/galleries
|
|
fi
|
|
|
|
# Install files and set permissions
|
|
cp -a $tmpdir/!(upload|_data) $final_path
|
|
|
|
|
|
# Backward compatibility:
|
|
# If the _data subdirectory wasn't already moved to /home/yunohost.app/$app,
|
|
# then move it there
|
|
if [ ! -h $final_path/_data ] ; then
|
|
mv $final_path/_data $datapath
|
|
ln -sd $datapath/_data $final_path/_data
|
|
fi
|
|
|
|
|
|
chown -R $app: $final_path
|
|
chown -R $app: $datapath
|
|
chmod 755 -R $final_path/_data
|
|
|
|
#=================================================
|
|
# NGINX AND PHP-FPM CONFIGURATION
|
|
#=================================================
|
|
|
|
ynh_add_nginx_config
|
|
ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
|
|
|
|
# Copy and set php-fpm configuration
|
|
ynh_add_fpm_config
|
|
|
|
#=================================================
|
|
# CONFIGURE PIWIGO
|
|
#=================================================
|
|
|
|
ynh_app_setting_set "$app" unprotected_uris "/"
|
|
yunohost app ssowatconf
|
|
|
|
# Configure piwigo via curl
|
|
ynh_local_curl "/upgrade.php?language=$applanguage&now=true" "language=$applanguage" "username=$admin" "password=$admin_pwd"
|
|
|
|
# Make a backup of the original config file if modified
|
|
ynh_backup_if_checksum_is_different "$final_path/local/config/config.inc.php"
|
|
# Change local config
|
|
cp ../conf/config.inc.php $final_path/local/config/
|
|
# Calculate and store the config file checksum
|
|
ynh_store_file_checksum "$final_path/local/config/config.inc.php"
|
|
|
|
# Make a backup of the original database config file if modified
|
|
ynh_backup_if_checksum_is_different "$final_path/local/config/database.inc.php"
|
|
# Setup database in local/config/database.inc.php
|
|
ynh_replace_string "DBTOCHANGE" "$db_name" ../conf/database.inc.php
|
|
ynh_replace_string "USERTOCHANGE" "$db_user" ../conf/database.inc.php
|
|
ynh_replace_string "PASSTOCHANGE" "$db_pwd" ../conf/database.inc.php
|
|
cp ../conf/database.inc.php $final_path/local/config/database.inc.php
|
|
# Calculate and store the database config file checksum
|
|
ynh_store_file_checksum "$final_path/local/config/database.inc.php"
|
|
|
|
#=================================================
|
|
# ADD LDAP & FAIL2BAN PLUGINS
|
|
#=================================================
|
|
|
|
# Configure and activate LDAP plugin
|
|
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE plugins SET state='active' WHERE id='Ldap_Login';"
|
|
cp ../conf/data.dat $final_path/plugins/Ldap_Login
|
|
|
|
# Configure and activate log_failed_logins plugin
|
|
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" 2>&1 > /dev/null ||ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE plugins SET state='active' WHERE id='log_failed_logins';"
|
|
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" 2>&1 > /dev/null || ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE config SET value='/var/log/${app}FailedLogins.log' WHERE param='logFailedLoginsFilename';"
|
|
touch "/var/log/${app}FailedLogins.log"
|
|
chown $app: "/var/log/${app}FailedLogins.log"
|
|
|
|
# Set-up fail2ban
|
|
ynh_add_fail2ban_config "/var/log/${app}FailedLogins.log" "ip=<HOST>" 6
|
|
|
|
# Protect URIs if private
|
|
if [ $is_public -eq 0 ];
|
|
then
|
|
ynh_app_setting_delete "$app" unprotected_uris
|
|
ynh_app_setting_set "$app" protected_uris "/"
|
|
fi
|
|
|
|
#=================================================
|
|
# RELOAD NGINX
|
|
#=================================================
|
|
systemctl reload nginx |