mirror of
https://github.com/YunoHost-Apps/rainloop_ynh.git
synced 2024-09-03 20:16:18 +02:00
225 lines
8.6 KiB
Bash
225 lines
8.6 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source _common.sh
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# MANAGE SCRIPT FAILURE
|
|
#=================================================
|
|
|
|
# Exit if an error occurs during the execution of the script
|
|
ynh_abort_if_errors
|
|
|
|
#=================================================
|
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
|
#=================================================
|
|
|
|
domain=$YNH_APP_ARG_DOMAIN
|
|
path_url=$YNH_APP_ARG_PATH
|
|
is_public=$YNH_APP_ARG_IS_PUBLIC
|
|
language=$YNH_APP_ARG_LANGUAGE
|
|
password=$YNH_APP_ARG_PASSWORD
|
|
ldap=$YNH_APP_ARG_LDAP
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
|
|
#=================================================
|
|
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
|
#=================================================
|
|
ynh_script_progression --message="Validating installation parameters..." --weight=2
|
|
|
|
final_path=/var/www/$app
|
|
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
|
|
|
|
# Register (book) web path
|
|
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
|
|
|
|
#=================================================
|
|
# STORE SETTINGS FROM MANIFEST
|
|
#=================================================
|
|
ynh_script_progression --message="Storing installation settings..."
|
|
|
|
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
|
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
|
ynh_app_setting_set --app=$app --key=language --value=$language
|
|
ynh_app_setting_set --app=$app --key=password --value=$password
|
|
ynh_app_setting_set --app=$app --key=ldap --value=$ldap
|
|
|
|
#=================================================
|
|
# INSTALL DEPENDENCIES
|
|
#=================================================
|
|
ynh_script_progression --message="Installing dependencies..." --weight=1
|
|
|
|
ynh_install_app_dependencies $pkg_dependencies
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring system user..." --weight=2
|
|
|
|
# Create a system user
|
|
ynh_system_user_create --username=$app --home_dir="$final_path"
|
|
|
|
#=================================================
|
|
# STANDARD MODIFICATIONS
|
|
#=================================================
|
|
# CREATE A MYSQL DATABASE
|
|
#=================================================
|
|
ynh_script_progression --message="Creating a MySQL database..." --weight=2
|
|
|
|
db_name=$(ynh_sanitize_dbid --db_name=$app)
|
|
db_user=$db_name
|
|
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
|
|
ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
|
|
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
ynh_script_progression --message="Setting up source files..." --weight=3
|
|
|
|
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
|
# Download, check integrity, uncompress and patch the source from app.src
|
|
ynh_setup_source --dest_dir="$final_path/app"
|
|
|
|
ynh_script_progression --message="Patching CVE-2022-29360 code vulnerability..." --weight=1
|
|
# Deploy CVE-2022-29360 patch
|
|
version=$(ynh_app_upstream_version)
|
|
# FIXME because we need to apply the patch manually with --binary flag
|
|
# while we should be able to simply use the patching feature of ynh_setup_source
|
|
ynh_add_config --template="../sources/patches/app-CVE-2022-29360.patch.template" --destination="../sources/patches/FIXMEapp-CVE-2022-29360.patch"
|
|
patch --silent --binary $final_path/app/rainloop/v/$version/app/libraries/MailSo/Base/HtmlUtils.php < ../sources/patches/FIXMEapp-CVE-2022-29360.patch
|
|
|
|
#=================================================
|
|
# PHP-FPM CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring PHP-FPM..." --weight=2
|
|
|
|
# Create a dedicated PHP-FPM config
|
|
ynh_add_fpm_config
|
|
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring NGINX web server..." --weight=2
|
|
|
|
# Create a dedicated NGINX config
|
|
ynh_add_nginx_config
|
|
|
|
#=================================================
|
|
# SPECIFIC SETUP
|
|
#=================================================
|
|
# AUTOCONFIG
|
|
#=================================================
|
|
ynh_script_progression --message= "Configuring Rainloop..." --weight=3
|
|
|
|
# Set plugins
|
|
# This plugin is trying to automatically grab unknown domains if users want to add external email accounts
|
|
plugins="ynh-login-mapping,auto-domain-grab"
|
|
if [ $ldap -eq 1 ]
|
|
then
|
|
# This plugin is to suggest YunoHost users in recipients list
|
|
plugins="$plugins,ynh-ldap-suggestions"
|
|
fi
|
|
ynh_app_setting_set --app=$app --key=plugins --value="$plugins"
|
|
|
|
mkdir -p "$final_path/app/data/_data_/_default_/configs/"
|
|
application_file="$final_path/app/data/_data_/_default_/configs/application.ini"
|
|
|
|
timezone="$(date +%:::z)"
|
|
ynh_add_config --template="../conf/data/configs/application.ini" --destination="$application_file"
|
|
|
|
# Set admin password
|
|
php"${phpversion}" ../conf/config.php --index="$final_path/app/index.php" --password="$password"
|
|
|
|
# Add default domain configs by looping through all the domains already added
|
|
mkdir -p "$final_path/app/data/_data_/_default_/domains/"
|
|
# get list of ldap domains
|
|
alldomains=$(ldapsearch -LLL -x -b ou=domains,dc=yunohost,dc=org -s one "objectclass=top" virtualdomain | grep -v "dn:" | sed "s/virtualdomain://")
|
|
for ldomain in $alldomains; do
|
|
cp ../conf/data/domains/domain.tld.ini "$final_path/app/data/_data_/_default_/domains/$ldomain.ini"
|
|
done
|
|
# Add wildcard domain for auto-grab
|
|
cp ../conf/data/domains/default.ini "$final_path/app/data/_data_/_default_/domains/default.ini"
|
|
|
|
|
|
# install SSO - at the moment the index is the SSO and rainloop is installed in /app
|
|
ynh_add_config --template="../sources/sso/sso.php" --destination="$final_path/index.php"
|
|
|
|
# Install PGPback by chtixof to allow users to backup/restore their PGP private keys on the server
|
|
cp -rf ../sources/pgpback "$final_path/"
|
|
|
|
#=================================================
|
|
# STORE THE CONFIG FILE CHECKSUM
|
|
#=================================================
|
|
|
|
# Calculate and store the config file checksum into the app settings
|
|
ynh_store_file_checksum --file="$application_file"
|
|
|
|
#=================================================
|
|
# GENERIC FINALIZATION
|
|
#=================================================
|
|
# SETUP LOGROTATE
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring log rotation..." --weight=1
|
|
|
|
mkdir -p $final_path/app/data/_data_/_default_/logs/fail2ban
|
|
touch $final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log
|
|
|
|
# Use logrotate to manage application logfile(s)
|
|
ynh_use_logrotate --logfile=$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log
|
|
|
|
#=================================================
|
|
# SECURE FILES AND DIRECTORIES
|
|
#=================================================
|
|
|
|
# Set permissions to app files
|
|
find $final_path/. -type d -exec chmod 755 {} \;
|
|
find $final_path/. -type f -exec chmod 644 {} \;
|
|
chmod -R o-rwx $final_path
|
|
chown -R $app:www-data $final_path
|
|
|
|
#=================================================
|
|
# SETUP FAIL2BAN
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring Fail2Ban..." --weight=8
|
|
|
|
# Create a dedicated Fail2Ban config
|
|
ynh_add_fail2ban_config --logpath="$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log" --failregex="Auth failed: ip=<HOST>.*$"
|
|
|
|
#=================================================
|
|
# SETUP SSOWAT
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring permissions..." --weight=1
|
|
|
|
# Make app public if necessary or protect it
|
|
if [ $is_public -eq 1 ]
|
|
then
|
|
ynh_permission_update --permission="main" --add="visitors"
|
|
fi
|
|
|
|
#=================================================
|
|
# RELOAD NGINX
|
|
#=================================================
|
|
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
|
|
|
|
ynh_systemd_action --service_name=nginx --action=reload
|
|
|
|
#=================================================
|
|
# SEND README TO ADMIN
|
|
#=================================================
|
|
ynh_script_progression --message="Sending ReadMe to admin..."
|
|
|
|
ynh_send_readme_to_admin --app_message="../conf/email" --recipients="root" --type="warning"
|
|
|
|
#=================================================
|
|
# END OF SCRIPT
|
|
#=================================================
|
|
|
|
ynh_script_progression --message="Installation of $app completed" --last
|