#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC lang=$YNH_APP_ARG_LANG password=$YNH_APP_ARG_PASSWORD ldap=$YNH_APP_ARG_LDAP app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." --weight=2 final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=lang --value=$lang ynh_app_setting_set --app=$app --key=password --value=$password ynh_app_setting_set --app=$app --key=ldap --value=$ldap #================================================= # STANDARD MODIFICATIONS #================================================= # CREATE A MYSQL DATABASE #================================================= ynh_script_progression --message="Creating a MySQL database..." --weight=2 db_name=$(ynh_sanitize_dbid --db_name=$app) ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=3 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path/app" #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." --weight=2 # Create a system user ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Configuring PHP-FPM..." --weight=2 # Create a dedicated PHP-FPM config ynh_add_fpm_config #================================================= # SPECIFIC SETUP #================================================= # AUTOCONFIG #================================================= ynh_script_progression --message= "Configuring Rainloop..." --weight=3 # Set plugins # This plugin is trying to automatically grab unknown domains if users want to add external email accounts plugins="ynh-login-mapping,auto-domain-grab" if [ $ldap -eq 1 ] then # This plugin is to suggest YunoHost users in recipients list plugins="$plugins,ynh-ldap-suggestions" fi ynh_app_setting_set --app=$app --key=plugins --value="$plugins" mkdir -p "$final_path/app/data/_data_/_default_/configs/" application_file="$final_path/app/data/_data_/_default_/configs/application.ini" cp ../conf/data/configs/application.ini "$application_file" ynh_replace_string --match_string="__DOMAIN__" --replace_string=$domain --target_file="$application_file" ynh_replace_string --match_string="__MYSQLUSER__" --replace_string=$db_name --target_file="$application_file" ynh_replace_string --match_string="__MYSQLPASSWORD__" --replace_string="$db_pwd" --target_file="$application_file" ynh_replace_string --match_string="__LANGTOCHANGE__" --replace_string=$lang --target_file="$application_file" ynh_replace_string --match_string="__PLUGINSTOENABLE__" --replace_string="$plugins" --target_file="$application_file" # FIXME Temporary fix for rainloop, waiting for https://github.com/YunoHost/yunohost/pull/752 to be released. # ynh_replace_string --match_string="__TIME_ZONE__" --replace_string="$(date +%:::z)" --target_file="$application_file" timezone="$(date +%:::z)" ynh_replace_string --match_string="__TIME_ZONE__" --replace_string="${timezone//-/\\-}" --target_file="$application_file" # Set admin password php ../conf/config.php --index="$final_path/app/index.php" --password="$password" # Add default domain configs by looping through all the domains already added mkdir -p "$final_path/app/data/_data_/_default_/domains/" # get list of ldap domains alldomains=$(ldapsearch -LLL -x -b ou=domains,dc=yunohost,dc=org -s one "objectclass=top" virtualdomain | grep -v "dn:" | sed "s/virtualdomain://") for ldomain in $alldomains; do cp ../conf/data/domains/domain.tld.ini "$final_path/app/data/_data_/_default_/domains/$ldomain.ini" done # Add wildcard domain for auto-grab cp ../conf/data/domains/default.ini "$final_path/app/data/_data_/_default_/domains/default.ini" # install SSO - at the moment the index is the SSO and rainloop is installed in /app cp ../sources/sso/sso.php "$final_path/index.php" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$final_path/index.php" ynh_replace_string --match_string="__ALIASTOCHANGE__" --replace_string="$final_path" --target_file="$final_path/index.php" ynh_replace_string --match_string="__ROOTTOCHANGE__" --replace_string="${path_url%/}" --target_file="$final_path/index.php" # Install PGPback by chtixof to allow users to backup/restore their PGP private keys on the server cp -rf ../sources/pgpback "$final_path/" #================================================= # STORE THE CONFIG FILE CHECKSUM #================================================= # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="$application_file" #================================================= # GENERIC FINALIZATION #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." mkdir -p $final_path/app/data/_data_/_default_/logs/fail2ban touch $final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log # Use logrotate to manage application logfile(s) ynh_use_logrotate --logfile=$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Set permissions to app files find $final_path/. -type d -exec chmod 755 {} \; find $final_path/. -type f -exec chmod 644 {} \; chown -R $app: $final_path #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2ban..." --weight=8 # Create a dedicated fail2ban config ynh_add_fail2ban_config --logpath="$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log" --failregex="Auth failed: ip=.*$" #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring SSOwat..." # Make app public if necessary if [ $is_public -eq 1 ] then # unprotected_uris allows SSO credentials to be passed anyway. ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" fi #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed" --last