#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= app_key="base64:$(ynh_string_random --length=32 | base64)" fpm_footprint="low" fpm_free_footprint=0 fpm_usage="low" #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_app_setting_set --app=$app --key=app_key --value=$app_key ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint ynh_app_setting_set --app=$app --key=fpm_free_footprint --value=$fpm_free_footprint ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage #================================================= # CONFIGURE REDIS DATABASE #================================================= ynh_script_progression --message="Creating a Redis database..." --weight=1 redis_db=$(ynh_redis_get_free_db) ynh_app_setting_set --app="$app" --key=redis_db --value="$redis_db" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" #================================================= # PATCHING SOURCE #================================================= ynh_script_progression --message="Patching source files..." --weight=1 # Prevent privilege escalation by injecting commands in an email name # This described in more detail on the manpage https://www.postfix.org/sendmail.1.html under security ynh_replace_string --match_string="'/usr/sbin/sendmail -bs'" --replace_string="'/usr/sbin/sendmail -bs -- '" --target_file=$install_dir/config/mail.php #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Configuring PHP-FPM..." --weight=1 ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint --group=www-data ynh_add_nginx_config #================================================= # SPECIFIC SETUP #================================================= # INSTALL COMPOSER DEPENDENCIES #================================================= ynh_script_progression --message="Installing composer dependencies..." --weight=1 ynh_exec_warn_less ynh_install_composer --phpversion="$phpversion" --composerversion="$YNH_COMPOSER_VERSION" --workdir="$install_dir" #================================================= # CREATE LOG FILE #================================================= ynh_script_progression --message="Creating log file..." --weight=1 mkdir -p "/var/log/$app/" touch "/var/log/$app/${app}-horizon.log" chown -R $app: "/var/log/$app/" chmod -R 600 "/var/log/$app/" #================================================= # ADD A CONFIGURATION #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 ynh_add_config --template="../conf/.env" --destination="$install_dir/.env" # Pixelfed app should be able to edit its settings from the admin panel chmod 600 "$install_dir/.env" chown $app:$app "$install_dir/.env" #================================================= # SETUP SUPERVISOR #================================================= ynh_script_progression --message="Configuring a supervisor service..." --weight=1 # Create a dedicated supervisor config ynh_add_supervisor_config --service="${app}-horizon" --template=horizon.conf #================================================= # DEPLOY #================================================= ynh_script_progression --message="Deploying..." --weight=1 pushd "$install_dir" php$phpversion artisan -n key:generate --force php$phpversion artisan horizon:install php$phpversion artisan horizon:publish php$phpversion artisan passport:keys php$phpversion artisan config:clear php$phpversion artisan config:cache php$phpversion artisan route:cache php$phpversion artisan view:cache php$phpversion artisan storage:link php$phpversion artisan migrate --force php$phpversion artisan update php$phpversion artisan horizon:purge php$phpversion artisan import:cities 2>/dev/null php$phpversion artisan instance:actor php$phpversion artisan passport:client --personal <<< "\\n" popd #================================================= # INSTALL THE CRON FILE #================================================= ynh_script_progression --message="Installing the cron file..." --weight=1 ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app" #================================================= # GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate --logfile="/var/log/$app/${app}-horizon.log" ynh_use_logrotate --logfile="/var/www/$app/storage/logs/laravel.log" --specific_user=$app/www-data #================================================= # PATCH PERMISSIONS for v0.11.5 versions and higher #================================================= ynh_script_progression --message="Patching permissions (for version 0.11.5 and newer)..." --weight=1 # Default configuration doesn't work ynh_replace_string --match_string="'private' => 0700," --replace_string="'private' => 0750," --target_file=$install_dir/config/filesystems.php # Repair permissions for files created after v0.11.5 and before this patch if [ -d "$install_dir/public/storage/m/_v2/" ]; then chmod 750 -R "$install_dir/public/storage/m/_v2/"* # all files subdirectories (picture folders) should be readable and executable. But if there is no picture, there is no /*/* chmod 770 "$install_dir/public/storage/m/_v2/"* # users folders should be 770 chmod 770 "$install_dir/public/storage/m/_v2/" # this should be 770 chown -R :www-data "$install_dir/public/storage/m/_v2/" # Fix the mess following packaging v2 upgrade - and make sure proper group owner is set. fi #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 yunohost service add "supervisor" --description="Supervisor daemon for $app" --log="/var/log/$app/${app}-horizon.log" #================================================= # START SUPERVISOR SERVICE #================================================= ynh_script_progression --message="Starting a supervisor service..." --weight=1 # Start a supervisor service ynh_supervisor_action --service_name="${app}-horizon" --action="reload" --log_path="systemd" --line_match="success: ${app}-horizon" #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed" --last