1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/piwigo_ynh.git synced 2024-09-03 20:06:03 +02:00
piwigo_ynh/scripts/install
JimboJoe 829a1f16d9 Protect with fail2ban (closes #8) (#9)
Create and use ynh_add_fail2ban_config helper
2017-06-18 18:24:10 +02:00

168 lines
5.5 KiB
Bash

#!/bin/bash
shopt -s extglob # sets extended pattern matching options in the bash shell
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_abort_if_errors # Stop script if an error is detected
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
# Retrieve app id
app=$YNH_APP_INSTANCE_NAME
# Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
admin=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC
language=$YNH_APP_ARG_LANGUAGE
if [ "$language" = "fr" ] ; then
applanguage="fr_FR"
else
applanguage="en_UK"
fi
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
path_url=$(ynh_normalize_url_path $path_url) # Check and normalize path
CHECK_DOMAINPATH # Check domain and path availability
CHECK_FINALPATH # Check if destination directory is not already in use
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_app_setting_set $app domain "$domain"
ynh_app_setting_set $app path_url "$path_url"
ynh_app_setting_set $app admin "$admin"
ynh_app_setting_set $app is_public "$is_public"
ynh_app_setting_set $app language "$language"
#=================================================
# STANDARD MODIFICATIONS
#=================================================
#=================================================
# CREATE A MYSQL DB
#=================================================
db_name=$(ynh_sanitize_dbid $app)
db_user="$db_name"
ynh_app_setting_set "$app" db_name "$db_name"
# Initialize database
ynh_mysql_setup_db "$db_user" "$db_name"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_app_setting_set $app final_path "$final_path"
# Create tmp directory and fetch app inside
TMPDIR=$(mktemp -d)
ynh_setup_source "$TMPDIR"
# Fetch needed plugins
ynh_setup_source "$TMPDIR/plugins" log_failed_logins_plugin
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_system_user_create $app # Create a dedicated system user
#=================================================
# SPECIFIC SETUP
#=================================================
# Install files and set permissions
sudo mkdir $final_path
sudo cp -a $TMPDIR/!(upload|galleries) $final_path
datapath=/home/yunohost.app/$app
sudo mkdir -p $datapath
sudo mkdir -p $datapath/galleries
sudo mkdir -p $datapath/upload
sudo ln -sd $datapath/galleries $final_path/galleries
sudo cp -a $TMPDIR/galleries/* $final_path/galleries/
sudo ln -sd $datapath/upload $final_path/upload
sudo chown -R $app: $final_path
sudo chown -R $app: $datapath
sudo chmod 755 -R $final_path/galleries
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_add_nginx_config
ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
# Copy and set php-fpm configuration
ynh_add_fpm_config
# Set permissions and reload nginx (needed at this stage for the PHP piwigo installation process)
sudo systemctl reload nginx
sleep 5s
sudo systemctl reload php5-fpm
ynh_app_setting_set "$app" unprotected_uris "/"
sudo yunohost app ssowatconf
# Generate random password for admin
adm_pwd=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d 'A-Za-z0-9' | sed -n 's/\(.\{24\}\).*/\1/p')
ynh_app_setting_set $app admin_pwd "$adm_pwd"
# Configure piwigo via curl
sleep 5s
ynh_local_curl "/install.php?language=$applanguage" "install=true" "dbuser=$db_user" "dbpasswd=$db_pwd" "dbname=$db_name" "admin_name=$admin" "admin_pass1=$adm_pwd" "admin_pass2=$adm_pwd" "admin_mail=$admin@$domain"
# Change local config
sudo cp ../conf/config.inc.php $final_path/local/config/
# Setup database in local/config/database.inc.php
ynh_replace_string "DBTOCHANGE" "$db_name" ../conf/database.inc.php
ynh_replace_string "USERTOCHANGE" "$db_user" ../conf/database.inc.php
ynh_replace_string "PASSTOCHANGE" "$db_pwd" ../conf/database.inc.php
sudo cp ../conf/database.inc.php $final_path/local/config/database.inc.php
# Activate LDAP plugin
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('Ldap_Login','active','1.1');"
# Configure and activate log_failed_logins plugin
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');"
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');"
sudo touch "/var/log/${app}FailedLogins.log"
sudo chown $app: "/var/log/${app}FailedLogins.log"
# Set-up fail2ban
ynh_add_fail2ban_config "/var/log/${app}FailedLogins.log" "ip=<HOST>" 6
# Protect URIs if private
if [ $is_public -eq 0 ];
then
ynh_app_setting_delete "$app" unprotected_uris
ynh_app_setting_set "$app" protected_uris "/"
fi
#=================================================
# RELOAD NGINX
#=================================================
sudo systemctl restart php5-fpm
sudo systemctl reload nginx