#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get $app domain) path_url="/" admin=$(ynh_app_setting_get $app admin) is_public=$(ynh_app_setting_get $app is_public) final_path=$(ynh_app_setting_get $app final_path) db_name=$(ynh_app_setting_get "$app" psql_db) admin_email=$(ynh_app_setting_get "$app" admin_email) random_key=$(ynh_app_setting_get "$app" random_key) name=$(ynh_app_setting_get "$app" name) port=$(ynh_app_setting_get "$app" port) db_pwd=$(ynh_app_setting_get "$app" psqlpwd) cache=$(ynh_app_setting_get "$app" cache) size=$(ynh_app_setting_get "$app" size) registration=$(ynh_app_setting_get "$app" registration) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= # Fix is_public as a boolean value if [ "$is_public" = "Yes" ]; then ynh_app_setting_set $app is_public 1 is_public=1 elif [ "$is_public" = "No" ]; then ynh_app_setting_set $app is_public 0 is_public=0 fi # If db_name doesn't exist, create it if [ -z $db_name ]; then db_name=$(ynh_sanitize_dbid $app) ynh_app_setting_set $app db_name $db_name fi # If final_path doesn't exist, create it if [ -z $final_path ]; then final_path=/var/www/$app ynh_app_setting_set $app final_path $final_path fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { # restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors # Stop Pleroma for upgrade systemctl stop "$app" #================================================= # CHECK THE PATH #================================================= # Normalize the URL path syntax path_url=$(ynh_normalize_url_path $path_url) #================================================= # STANDARD UPGRADE STEPS #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= # Download, check integrity, uncompress and patch the source from app.src #ynh_setup_source "$final_path/$app" ( cd $final_path/$app && git pull ) #================================================= # NGINX CONFIGURATION #================================================= # Create a dedicated nginx config ynh_add_nginx_config ynh_secure_remove /etc/nginx/conf.d/$app-cache.conf if [ $cache -eq 1 ] then cp -rf "../conf/cache.conf" "/etc/nginx/conf.d/$app-cache.conf" ynh_replace_string "{APP}" "$app" "/etc/nginx/conf.d/$app-cache.conf" ynh_replace_string "__SIZE__" "$size" "/etc/nginx/conf.d/$app-cache.conf" ynh_store_file_checksum "/etc/nginx/conf.d/$app-cache.conf" ynh_replace_string "{APP}" "$app" "../conf/media.conf" ynh_replace_string "__PORT__" "$port" "../conf/media.conf" sudo su -c "cat ../conf/media.conf >> /etc/nginx/conf.d/$domain.d/$app.conf" ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" fi #================================================= # UPGRADE DEPENDENCIES #================================================= # Add erlang for Debian Jessie if [ "$(lsb_release --codename --short)" == "jessie" ]; then echo "deb http://packages.erlang-solutions.com/debian jessie contrib" | tee /etc/apt/sources.list.d/erlang-solutions.list elif [ "$(lsb_release --codename --short)" == "stretch" ]; then echo "deb http://packages.erlang-solutions.com/debian stretch contrib" | tee /etc/apt/sources.list.d/erlang-solutions.list fi sudo wget https://packages.erlang-solutions.com/debian/erlang_solutions.asc sudo apt-key add erlang_solutions.asc sudo rm erlang_solutions.asc # install dependencies ynh_install_app_dependencies git build-essential postgresql postgresql-contrib openssl g++ apt-transport-https erlang-inets elixir erlang-dev erlang-parsetools erlang-xmerl erlang-tools #================================================= # CREATE DEDICATED USER #================================================= # Create a dedicated user (if not existing) ynh_system_user_create $app #================================================= # PHP-FPM CONFIGURATION #================================================= # Create a dedicated php-fpm config #ynh_add_fpm_config #================================================= # SPECIFIC UPGRADE #================================================= # ... #================================================= #=================================================== # Add PostgreSQL extension pg_trgm and citext #=================================================== ynh_psql_execute_as_root "\connect $db_name CREATE EXTENSION IF NOT EXISTS unaccent;CREATE EXTENSION IF NOT EXISTS pg_trgm;" ynh_psql_execute_as_root "\connect $db_name CREATE EXTENSION IF NOT EXISTS unaccent;CREATE EXTENSION IF NOT EXISTS citext;" # Open this port yunohost firewall allow Both "$port" 2>&1 # Give permission to the final_path chown -R "$app":"$app" "$final_path" ( cd $final_path/$app && sudo -u "$app" MIX_ENV=prod mix local.hex --force ) ( cd $final_path/$app && sudo -u "$app" MIX_ENV=prod mix local.rebar --force ) ( cd $final_path/$app && sudo -u "$app" mix deps.get ) ynh_psql_execute_as_root \ "ALTER USER $app WITH SUPERUSER;" ( cd $final_path/$app && sudo -u "$app" MIX_ENV=prod mix ecto.migrate --force ) ynh_psql_execute_as_root \ "ALTER USER $app WITH NOSUPERUSER;" #================================================= # MODIFY A CONFIG FILE #================================================= cp -f ../conf/prod.secret.exs "$final_path/$app/config/prod.secret.exs" cp -f ../conf/setup_db.psql "$final_path/$app/config/setup_db.psql" ynh_replace_string "__DOMAIN__" "$domain" "$final_path/$app/config/prod.secret.exs" ynh_replace_string "__KEY__" "$random_key" "$final_path/$app/config/prod.secret.exs" ynh_replace_string "__INSTANCE_NAME__" "$name" "$final_path/$app/config/prod.secret.exs" ynh_replace_string "__DB_NAME__" "$app" "$final_path/$app/config/prod.secret.exs" ynh_replace_string "__DB_PWD__" "$db_pwd" "$final_path/$app/config/prod.secret.exs" ynh_replace_string "__ADMIN_EMAIL__" "$admin_email" "$final_path/$app/config/prod.secret.exs" ynh_replace_string "__PORT__" "$port" "$final_path/$app/config/prod.secret.exs" ynh_replace_string "__DB_NAME__" "$app" "$final_path/$app/config/setup_db.psql" ynh_replace_string "__DB_PWD__" "$db_pwd" "$final_path/$app/config/setup_db.psql" if [ $cache -eq 1 ] then ynh_replace_string "__MEDIA_CACHE__" "true" "$final_path/$app/config/prod.secret.exs" else ynh_replace_string "__MEDIA_CACHE__" "false" "$final_path/$app/config/prod.secret.exs" fi # Set registrations open/closed if [ $registration -eq 1 ] then ynh_replace_string "__REG__" "true" "$final_path/$app/config/prod.secret.exs" else ynh_replace_string "__REG__" "false" "$final_path/$app/config/prod.secret.exs" fi # Recalculate and store the config file checksum into the app settings ynh_store_file_checksum "$final_path/$app/config/prod.secret.exs" ### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script. ### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. ynh_backup_if_checksum_is_different "$final_path/$app/config/prod.secret.exs" # Recalculate and store the checksum of the file for the next upgrade. ynh_store_file_checksum "$final_path/$app/config/prod.secret.exs" #================================================= # SETUP LOGROTATE #================================================= # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append #================================================= # SETUP SYSTEMD #================================================= # Create a dedicated systemd config ynh_add_systemd_config #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Set permissions on app files chown -R "$app":"$app" "$final_path" #================================================= # SETUP SSOWAT #================================================= # Make app public if necessary if [ $is_public -eq 1 ] then # unprotected_uris allows SSO credentials to be passed anyway ynh_app_setting_set $app unprotected_uris "/" fi #================================================= # RELOAD NGINX #================================================= systemctl reload nginx systemctl enable "$app" systemctl start "$app" # App needs time to start sleep 10