#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= ynh_clean_setup () { ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= # Retrieve arguments domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC ### If it's a multi-instance app, meaning it can be installed several times independently ### The id of the app as stated in the manifest is available as $YNH_APP_ID ### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) ### The app instance name is available as $YNH_APP_INSTANCE_NAME ### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample ### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 ### - ynhexample__{N} for the subsequent installations, with N=3,4, ... ### The app instance name is probably what interests you most, since this is ### guaranteed to be unique. This is a good unique identifier to define installation path, ### db names, ... app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". ### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" # Normalize the url path syntax path_url=$(ynh_normalize_url_path $path_url) # Check web path availability ynh_webpath_available $domain $path_url # Register (book) web path ynh_webpath_register $app $domain $path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_app_setting_set $app domain $domain ynh_app_setting_set $app path $path_url ynh_app_setting_set $app is_public $is_public #================================================= # FIND AND OPEN A PORT #================================================= ### Use these lines if you have to open a port for the application ### `ynh_find_port` will find the first available port starting from the given port. ### If you're not using these lines: ### - Remove the section "CLOSE A PORT" in the remove script # Find a free port port=$(ynh_find_port 8096) # Open this port yunohost firewall allow --no-upnp TCP $port 2>&1 ynh_app_setting_set $app port $port #============================================== # INSTALL DEPS #============================================== dpkg --add-architecture i386 apt-get update ynh_package_install debian-archive-keyring apt-transport-https openssl curl mysql-client mysql-server php-fpm php-cli php-curl php-mysql openjdk-8-jdk-headless git tar lib32gcc1 lib32tinfo5 lib32z1 lib32stdc++6 libcurl3-gnutls:i386 # Install Other Dependencies #sudo echo "deb http://http.debian.net/debian stretch-backports main" > /etc/apt/sources.list.d/backports.list #dpkg --add-architecture i386 #apt-get update #apt-get install -y -t stretch-backports #apt-get install -y openssl curl git tar lib32gcc1 lib32tinfo5 lib32z1 lib32stdc++6 libcurl3-gnutls:i386 #dpkg --add-architecture i386 #apt-get update #apt-get install -y openssl curl git openjdk-8-jdk-headless tar lib32gcc1 lib32tinfo5 lib32z1 lib32stdc++6 libcurl3-gnutls:i386 #curl -s https://packagecloud.io/install/repositories/pufferpanel/${pufferdRepo}/script.deb.sh | bash #Adding repo of pufferd #curl -s https://packagecloud.io/install/repositories/pufferpanel/pufferd/script.deb.sh unknown_os () { echo "Unfortunately, your operating system distribution and version are not supported by this script." echo echo "You can override the OS detection by setting os= and dist= prior to running this script." echo "You can find a list of supported OSes and distributions on our website: https://packagecloud.io/docs#os_distro_version" echo echo "For example, to force Ubuntu Trusty: os=ubuntu dist=trusty ./script.sh" echo echo "Please email support@packagecloud.io and let us know if you run into any issues." exit 1 } gpg_check () { echo "Checking for gpg..." if command -v gpg > /dev/null; then echo "Detected gpg..." else echo "Installing gnupg for GPG verification..." apt-get install -y gnupg if [ "$?" -ne "0" ]; then echo "Unable to install GPG! Your base system has a problem; please check your default OS's package repositories because GPG should work." echo "Repository installation aborted." exit 1 fi fi } curl_check () { echo "Checking for curl..." if command -v curl > /dev/null; then echo "Detected curl..." else echo "Installing curl..." apt-get install -q -y curl if [ "$?" -ne "0" ]; then echo "Unable to install curl! Your base system has a problem; please check your default OS's package repositories because curl should work." echo "Repository installation aborted." exit 1 fi fi } install_debian_keyring () { if [ "${os}" = "debian" ]; then echo "Installing debian-archive-keyring which is needed for installing " echo "apt-transport-https on many Debian systems." apt-get install -y debian-archive-keyring &> /dev/null fi } detect_os () { if [[ ( -z "${os}" ) && ( -z "${dist}" ) ]]; then # some systems dont have lsb-release yet have the lsb_release binary and # vice-versa if [ -e /etc/lsb-release ]; then . /etc/lsb-release if [ "${ID}" = "raspbian" ]; then os=${ID} dist=`cut --delimiter='.' -f1 /etc/debian_version` else os=${DISTRIB_ID} dist=${DISTRIB_CODENAME} if [ -z "$dist" ]; then dist=${DISTRIB_RELEASE} fi fi elif [ `which lsb_release 2>/dev/null` ]; then dist=`lsb_release -c | cut -f2` os=`lsb_release -i | cut -f2 | awk '{ print tolower($1) }'` elif [ -e /etc/debian_version ]; then # some Debians have jessie/sid in their /etc/debian_version # while others have '6.0.7' os=`cat /etc/issue | head -1 | awk '{ print tolower($1) }'` if grep -q '/' /etc/debian_version; then dist=`cut --delimiter='/' -f1 /etc/debian_version` else dist=`cut --delimiter='.' -f1 /etc/debian_version` fi else unknown_os fi fi if [ -z "$dist" ]; then unknown_os fi # remove whitespace from OS and dist name os="${os// /}" dist="${dist// /}" echo "Detected operating system as $os/$dist." } main () { detect_os curl_check gpg_check # Need to first run apt-get update so that apt-transport-https can be # installed echo -n "Running apt-get update... " apt-get update &> /dev/null echo "done." # Install the debian-archive-keyring package on debian systems so that # apt-transport-https can be installed next install_debian_keyring echo -n "Installing apt-transport-https... " apt-get install -y apt-transport-https &> /dev/null echo "done." gpg_key_url="https://packagecloud.io/pufferpanel/pufferd/gpgkey" apt_config_url="https://packagecloud.io/install/repositories/pufferpanel/pufferd/config_file.list?os=debian&dist=stretch&source=script" apt_source_path="/etc/apt/sources.list.d/pufferpanel_pufferd.list" echo -n "Installing $apt_source_path..." # create an apt config file for this repository curl -sSf "${apt_config_url}" > $apt_source_path curl_exit_code=$? if [ "$curl_exit_code" = "22" ]; then echo echo echo -n "Unable to download repo config from: " echo "${apt_config_url}" echo echo "This usually happens if your operating system is not supported by " echo "packagecloud.io, or this script's OS detection failed." echo echo "You can override the OS detection by setting os= and dist= prior to running this script." echo "You can find a list of supported OSes and distributions on our website: https://packagecloud.io/docs#os_distro_version" echo echo "For example, to force Ubuntu Trusty: os=ubuntu dist=trusty ./script.sh" echo echo "If you are running a supported OS, please email support@packagecloud.io and report this." [ -e $apt_source_path ] && rm $apt_source_path exit 1 elif [ "$curl_exit_code" = "35" -o "$curl_exit_code" = "60" ]; then echo "curl is unable to connect to packagecloud.io over TLS when running: " echo " curl ${apt_config_url}" echo "This is usually due to one of two things:" echo echo " 1.) Missing CA root certificates (make sure the ca-certificates package is installed)" echo " 2.) An old version of libssl. Try upgrading libssl on your system to a more recent version" echo echo "Contact support@packagecloud.io with information about your system for help." [ -e $apt_source_path ] && rm $apt_source_path exit 1 elif [ "$curl_exit_code" -gt "0" ]; then echo echo "Unable to run: " echo " curl ${apt_config_url}" echo echo "Double check your curl installation and try again." [ -e $apt_source_path ] && rm $apt_source_path exit 1 else echo "done." fi echo -n "Importing packagecloud gpg key... " # import the gpg key curl -L "${gpg_key_url}" 2> /dev/null | apt-key add - &>/dev/null echo "done." echo -n "Running apt-get update... " # update apt on this system apt-get update &> /dev/null echo "done." echo echo "The repository is setup! You can now install packages." } main #apt-key add - https://packagecloud.io/pufferpanel/pufferd/gpgkey #echo "https://packagecloud.io/install/repositories/pufferpanel/pufferd/config_file.list?os=debian&dist=stretch&source=script" > /etc/apt/sources.list.d/pufferpanel_pufferd.list #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_app_setting_set $app final_path $final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source "$final_path" #============================================== # INSTALL PufferPanel #============================================== #Install Panel #mv $final_path/ #Install Daemon mkdir -p /var/lib/pufferd /var/log/pufferd /etc/pufferd wget https://packagecloud.io/pufferpanel/pufferd/packages/debian/stretch/pufferd_1.2.5_amd64.deb/download.deb dpkg --install download.deb echo -e "Installing pufferd using package manager" pufferdLocation="/srv/pufferd" installed=0 if [ $OS_INSTALL_CMD == 'apt' ]; then apt-get update apt-get install pufferd pufferdLocation="/usr/sbin/" elif [ $OS_INSTALL_CMD == 'yum' ]; then yum install -y pufferd pufferdLocation="/usr/sbin/" fi if [ -f "${pufferdLocation}/pufferd" ]; then echo "Detected installation via package successful" else echo -e "Failed to install using package manager, manually installing" echo -e "Downloading pufferd from $downloadUrl" pufferdLocation="/srv/pufferd/" mkdir -p /srv/pufferd curl -L -o /srv/pufferd/pufferd $downloadUrl checkResponseCode chmod +x /srv/pufferd/pufferd checkResponseCode writeServiceFile checkResponseCode useradd --system --home /var/lib/pufferd --user-group pufferd fi if type systemctl &> /dev/null; then echo "Stopping service to prepare for installation" systemctl stop pufferd elif type service &> /dev/null; then echo "Stopping service to prepare for installation" service pufferd stop fi if [ -f "${pufferdLocation}/pufferd" ]; then echo "Detected installation via package successful" else echo -e "Failed to install using package manager, manually installing" echo -e "Downloading pufferd from $downloadUrl" pufferdLocation="/srv/pufferd/" mkdir -p /srv/pufferd curl -L -o /srv/pufferd/pufferd $downloadUrl checkResponseCode chmod +x /srv/pufferd/pufferd checkResponseCode writeServiceFile checkResponseCode useradd --system --home /var/lib/pufferd --user-group pufferd fi if type systemctl &> /dev/null; then echo "Stopping service to prepare for installation" systemctl stop pufferd elif type service &> /dev/null; then echo "Stopping service to prepare for installation" service pufferd stop fi cd $pufferdLocation echo -e "Executing pufferd installation" ./pufferd --install --auth http://yuno2.probetech.be --token 64F263CF-F18C-4C11-A118-81E2435B2A86 --config /etc/pufferd/config.json checkResponseCode chown -R pufferd:pufferd /var/lib/pufferd /etc/pufferd /var/log/pufferd if [ -f /srv/pufferd ]; then chown -R pufferd:pufferd /srv/pufferd fi if type systemctl &> /dev/null; then echo "Starting pufferd service" systemctl start pufferd systemctl enable pufferd elif type service &> /dev/null; then echo "Starting pufferd service" service pufferd start fi echo "Successfully installed the daemon" #================================================= # NGINX CONFIGURATION #================================================= # Create a dedicated nginx config ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= # Create a system user ynh_system_user_create $app #================================================= # MODIFY A CONFIG FILE #================================================= #cp -a ../conf/onlyoffice-documentserver.conf /etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver.conf #ynh_replace_string "__NEXTCLOUDDOMAIN__" "$nextcloud_domain" "/etc/loolwsd/loolwsd.xml" #ynh_replace_string "__PASSWORD__" "$password" "/etc/loolwsd/loolwsd.xml" #================================================= # STORE THE CONFIG FILE CHECKSUM #================================================= ### `ynh_store_file_checksum` is used to store the checksum of a file. ### That way, during the upgrade script, by using `ynh_backup_if_checksum_is_different`, ### you can make a backup of this file before modifying it again if the admin had modified it. # Calculate and store the config file checksum into the app settings #ynh_store_file_checksum "/etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver.conf" #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= ### For security reason, any app should set the permissions to root: before anything else. ### Then, if write authorization is needed, any access should be given only to directories ### that really need such authorization. # Set permissions to app files #chown -R root: /etc/loolwsd #================================================= # SETUP SSOWAT #================================================= # If app is public, add url to SSOWat conf as skipped_uris if [ $is_public -eq 1 ]; then # unprotected_uris allows SSO credentials to be passed anyway. ynh_app_setting_set "$app" unprotected_uris "/" fi # Reload services systemctl reload nginx