mirror of
https://github.com/YunoHost-Apps/scrutiny_ynh.git
synced 2024-09-03 20:16:24 +02:00
commit
105b028467
20 changed files with 272 additions and 318 deletions
2
.github/workflows/package_linter.yml
vendored
2
.github/workflows/package_linter.yml
vendored
|
@ -24,7 +24,7 @@ jobs:
|
||||||
- name: Install dependencies
|
- name: Install dependencies
|
||||||
run: |
|
run: |
|
||||||
python -m pip install --upgrade pip
|
python -m pip install --upgrade pip
|
||||||
pip install toml
|
pip install toml pyparsing six
|
||||||
|
|
||||||
- name: 'Clone YunoHost apps package linter'
|
- name: 'Clone YunoHost apps package linter'
|
||||||
run: |
|
run: |
|
||||||
|
|
78
README.md
78
README.md
|
@ -1,85 +1,63 @@
|
||||||
# Packaging an app, starting from this example
|
|
||||||
|
|
||||||
* Copy this app before working on it, using the ['Use this template'](https://github.com/YunoHost/example_ynh/generate) button on the Github repo.
|
|
||||||
* Edit the `manifest.toml` with app specific info.
|
|
||||||
* Edit the `install`, `upgrade`, `remove`, `backup` and `restore` scripts, and any relevant conf files in `conf/`.
|
|
||||||
* Using the [script helpers documentation.](https://yunohost.org/packaging_apps_helpers)
|
|
||||||
* Edit the `change_url` and `config` scripts too, or remove them if you have no use of them
|
|
||||||
* Add a `LICENSE` file for the package. NB: this LICENSE file is not meant to necessarily be the LICENSE of the upstream app - it is only the LICENSE you want this package's code to published with ;). We recommend to use [the AGPL-3](https://www.gnu.org/licenses/agpl-3.0.txt).
|
|
||||||
* Edit `doc/DISCLAIMER*.md`
|
|
||||||
* The `README.md` files are to be automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
|
|
||||||
|
|
||||||
---
|
|
||||||
<!--
|
<!--
|
||||||
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
|
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
|
||||||
It shall NOT be edited by hand.
|
It shall NOT be edited by hand.
|
||||||
-->
|
-->
|
||||||
|
|
||||||
# Example app for YunoHost
|
# Scrutiny for YunoHost
|
||||||
|
|
||||||
[![Integration level](https://dash.yunohost.org/integration/example.svg)](https://dash.yunohost.org/appci/app/example) ![Working status](https://ci-apps.yunohost.org/ci/badges/example.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/example.maintain.svg)
|
[![Integration level](https://dash.yunohost.org/integration/scrutiny.svg)](https://dash.yunohost.org/appci/app/scrutiny) ![Working status](https://ci-apps.yunohost.org/ci/badges/scrutiny.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/scrutiny.maintain.svg)
|
||||||
[![Install Example app with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=example)
|
|
||||||
|
[![Install Scrutiny with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=scrutiny)
|
||||||
|
|
||||||
*[Lire ce readme en français.](./README_fr.md)*
|
*[Lire ce readme en français.](./README_fr.md)*
|
||||||
|
|
||||||
> *This package allows you to install Example app quickly and simply on a YunoHost server.
|
> *This package allows you to install Scrutiny quickly and simply on a YunoHost server.
|
||||||
If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
|
If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
|
||||||
|
|
||||||
## Overview
|
## Overview
|
||||||
|
|
||||||
Some long and extensive description of what the app is and does, lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
|
**Scrutiny is a Hard Drive Health Dashboard & Monitoring solution, merging manufacturer provided S.M.A.R.T metrics with real-world failure rates.**
|
||||||
|
|
||||||
|
> NOTE: Scrutiny is a Work-in-Progress and still has some rough edges.
|
||||||
|
|
||||||
### Features
|
### Features
|
||||||
|
|
||||||
- Ut enim ad minim veniam, quis nostrud exercitation ullamco ;
|
Scrutiny is a simple but focused application, with a couple of core features:
|
||||||
- Laboris nisi ut aliquip ex ea commodo consequat ;
|
|
||||||
- Duis aute irure dolor in reprehenderit in voluptate ;
|
- Web UI Dashboard - focused on Critical metrics
|
||||||
- Velit esse cillum dolore eu fugiat nulla pariatur ;
|
- `smartd` integration (no re-inventing the wheel)
|
||||||
- Excepteur sint occaecat cupidatat non proident, sunt in culpa."
|
- Auto-detection of all connected hard-drives
|
||||||
|
- S.M.A.R.T metric tracking for historical trends
|
||||||
|
- Customized thresholds using real world failure rates
|
||||||
|
- Temperature tracking
|
||||||
|
- Provided as an all-in-one Docker image (but can be installed manually)
|
||||||
|
- Configurable Alerting/Notifications via Webhooks
|
||||||
|
- (Future) Hard Drive performance testing & tracking
|
||||||
|
|
||||||
|
|
||||||
**Shipped version:** 1.0~ynh1
|
**Shipped version:** 0.6.0~ynh1
|
||||||
|
|
||||||
**Demo:** https://demo.example.com
|
|
||||||
|
|
||||||
## Screenshots
|
## Screenshots
|
||||||
|
|
||||||
![Screenshot of Example app](./doc/screenshots/example.jpg)
|
![Screenshot of Scrutiny](./doc/screenshots/dashboard.png)
|
||||||
|
|
||||||
## Disclaimers / important information
|
|
||||||
|
|
||||||
* Any known limitations, constrains or stuff not working, such as (but not limited to):
|
|
||||||
* requiring a full dedicated domain ?
|
|
||||||
* architectures not supported ?
|
|
||||||
* not-working single-sign on or LDAP integration ?
|
|
||||||
* the app requires an important amount of RAM / disk / .. to install or to work properly
|
|
||||||
* etc...
|
|
||||||
|
|
||||||
* Other infos that people should be aware of, such as:
|
|
||||||
* any specific step to perform after installing (such as manually finishing the install, specific admin credentials, ...)
|
|
||||||
* how to configure / administrate the application if it ain't obvious
|
|
||||||
* upgrade process / specificities / things to be aware of ?
|
|
||||||
* security considerations ?
|
|
||||||
|
|
||||||
## Documentation and resources
|
## Documentation and resources
|
||||||
|
|
||||||
* Official app website: <https://example.com>
|
* Official admin documentation: <https://github.com/AnalogJ/scrutiny/tree/master/docs>
|
||||||
* Official user documentation: <https://yunohost.org/apps>
|
* Upstream app code repository: <https://github.com/AnalogJ/scrutiny>
|
||||||
* Official admin documentation: <https://yunohost.org/packaging_apps>
|
* YunoHost documentation for this app: <https://yunohost.org/app_scrutiny>
|
||||||
* Upstream app code repository: <https://some.forge.com/example/example>
|
* Report a bug: <https://github.com/YunoHost-Apps/scrutiny_ynh/issues>
|
||||||
* YunoHost documentation for this app: <https://yunohost.org/app_example>
|
|
||||||
* Report a bug: <https://github.com/YunoHost-Apps/example_ynh/issues>
|
|
||||||
|
|
||||||
## Developer info
|
## Developer info
|
||||||
|
|
||||||
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/example_ynh/tree/testing).
|
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/scrutiny_ynh/tree/testing).
|
||||||
|
|
||||||
To try the testing branch, please proceed like that.
|
To try the testing branch, please proceed like that.
|
||||||
|
|
||||||
``` bash
|
``` bash
|
||||||
sudo yunohost app install https://github.com/YunoHost-Apps/example_ynh/tree/testing --debug
|
sudo yunohost app install https://github.com/YunoHost-Apps/scrutiny_ynh/tree/testing --debug
|
||||||
or
|
or
|
||||||
sudo yunohost app upgrade example -u https://github.com/YunoHost-Apps/example_ynh/tree/testing --debug
|
sudo yunohost app upgrade scrutiny -u https://github.com/YunoHost-Apps/scrutiny_ynh/tree/testing --debug
|
||||||
```
|
```
|
||||||
|
|
||||||
**More info regarding app packaging:** <https://yunohost.org/packaging_apps>
|
**More info regarding app packaging:** <https://yunohost.org/packaging_apps>
|
||||||
|
|
63
README_fr.md
Normal file
63
README_fr.md
Normal file
|
@ -0,0 +1,63 @@
|
||||||
|
<!--
|
||||||
|
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
|
||||||
|
It shall NOT be edited by hand.
|
||||||
|
-->
|
||||||
|
|
||||||
|
# Scrutiny pour YunoHost
|
||||||
|
|
||||||
|
[![Niveau d’intégration](https://dash.yunohost.org/integration/scrutiny.svg)](https://dash.yunohost.org/appci/app/scrutiny) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/scrutiny.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/scrutiny.maintain.svg)
|
||||||
|
|
||||||
|
[![Installer Scrutiny avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=scrutiny)
|
||||||
|
|
||||||
|
*[Read this readme in english.](./README.md)*
|
||||||
|
|
||||||
|
> *Ce package vous permet d’installer Scrutiny rapidement et simplement sur un serveur YunoHost.
|
||||||
|
Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l’installer et en profiter.*
|
||||||
|
|
||||||
|
## Vue d’ensemble
|
||||||
|
|
||||||
|
**Scrutiny is a Hard Drive Health Dashboard & Monitoring solution, merging manufacturer provided S.M.A.R.T metrics with real-world failure rates.**
|
||||||
|
|
||||||
|
> NOTE: Scrutiny is a Work-in-Progress and still has some rough edges.
|
||||||
|
|
||||||
|
### Features
|
||||||
|
|
||||||
|
Scrutiny is a simple but focused application, with a couple of core features:
|
||||||
|
|
||||||
|
- Web UI Dashboard - focused on Critical metrics
|
||||||
|
- `smartd` integration (no re-inventing the wheel)
|
||||||
|
- Auto-detection of all connected hard-drives
|
||||||
|
- S.M.A.R.T metric tracking for historical trends
|
||||||
|
- Customized thresholds using real world failure rates
|
||||||
|
- Temperature tracking
|
||||||
|
- Provided as an all-in-one Docker image (but can be installed manually)
|
||||||
|
- Configurable Alerting/Notifications via Webhooks
|
||||||
|
- (Future) Hard Drive performance testing & tracking
|
||||||
|
|
||||||
|
|
||||||
|
**Version incluse :** 0.6.0~ynh1
|
||||||
|
|
||||||
|
## Captures d’écran
|
||||||
|
|
||||||
|
![Capture d’écran de Scrutiny](./doc/screenshots/dashboard.png)
|
||||||
|
|
||||||
|
## Documentations et ressources
|
||||||
|
|
||||||
|
* Documentation officielle de l’admin : <https://github.com/AnalogJ/scrutiny/tree/master/docs>
|
||||||
|
* Dépôt de code officiel de l’app : <https://github.com/AnalogJ/scrutiny>
|
||||||
|
* Documentation YunoHost pour cette app : <https://yunohost.org/app_scrutiny>
|
||||||
|
* Signaler un bug : <https://github.com/YunoHost-Apps/scrutiny_ynh/issues>
|
||||||
|
|
||||||
|
## Informations pour les développeurs
|
||||||
|
|
||||||
|
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/scrutiny_ynh/tree/testing).
|
||||||
|
|
||||||
|
Pour essayer la branche testing, procédez comme suit.
|
||||||
|
|
||||||
|
``` bash
|
||||||
|
sudo yunohost app install https://github.com/YunoHost-Apps/scrutiny_ynh/tree/testing --debug
|
||||||
|
ou
|
||||||
|
sudo yunohost app upgrade scrutiny -u https://github.com/YunoHost-Apps/scrutiny_ynh/tree/testing --debug
|
||||||
|
```
|
||||||
|
|
||||||
|
**Plus d’infos sur le packaging d’applications :** <https://yunohost.org/packaging_apps>
|
|
@ -23,7 +23,6 @@ version: 1
|
||||||
host:
|
host:
|
||||||
id: "yunohost"
|
id: "yunohost"
|
||||||
|
|
||||||
|
|
||||||
# This block allows you to override/customize the settings for devices detected by
|
# This block allows you to override/customize the settings for devices detected by
|
||||||
# Scrutiny via `smartctl --scan`
|
# Scrutiny via `smartctl --scan`
|
||||||
# See the "--device=TYPE" section of https://linux.die.net/man/8/smartctl
|
# See the "--device=TYPE" section of https://linux.die.net/man/8/smartctl
|
||||||
|
@ -62,16 +61,13 @@ devices:
|
||||||
# metrics_info_args: '--info --json -T permissive' # used to determine device unique ID & register device with Scrutiny
|
# metrics_info_args: '--info --json -T permissive' # used to determine device unique ID & register device with Scrutiny
|
||||||
# metrics_smart_args: '--xall --json -T permissive' # used to retrieve smart data for each device.
|
# metrics_smart_args: '--xall --json -T permissive' # used to retrieve smart data for each device.
|
||||||
|
|
||||||
|
|
||||||
log:
|
log:
|
||||||
file: /var/log/__APP__/__APP__-collector.log
|
file: /var/log/__APP__/collector.log
|
||||||
level: INFO
|
level: INFO
|
||||||
#
|
|
||||||
api:
|
api:
|
||||||
# endpoint: 'https://__DOMAIN____PATH__/'
|
# endpoint: 'https://__DOMAIN____PATH__/'
|
||||||
endpoint: 'http://localhost:8080__PATH__/'
|
endpoint: 'http://127.0.0.1:__PORT____PATH__/'
|
||||||
# endpoint: 'http://localhost:8080'
|
|
||||||
# endpoint: 'http://localhost:8080/custombasepath'
|
|
||||||
# if you need to use a custom base path (for a reverse proxy), you can add a suffix to the endpoint.
|
# if you need to use a custom base path (for a reverse proxy), you can add a suffix to the endpoint.
|
||||||
# See docs/TROUBLESHOOTING_REVERSE_PROXY.md for more info,
|
# See docs/TROUBLESHOOTING_REVERSE_PROXY.md for more info,
|
||||||
|
|
||||||
|
@ -97,4 +93,3 @@ api:
|
||||||
# short:
|
# short:
|
||||||
# enable: false
|
# enable: false
|
||||||
# command: ''
|
# command: ''
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,7 @@ web:
|
||||||
# see docs/TROUBLESHOOTING_REVERSE_PROXY.md
|
# see docs/TROUBLESHOOTING_REVERSE_PROXY.md
|
||||||
# basepath: `/scrutiny`
|
# basepath: `/scrutiny`
|
||||||
# leave empty unless behind a path prefixed proxy
|
# leave empty unless behind a path prefixed proxy
|
||||||
basepath: '__PATH__'
|
basepath: '__BASE_PATH__'
|
||||||
database:
|
database:
|
||||||
# can also set absolute path here
|
# can also set absolute path here
|
||||||
location: __INSTALL_DIR__/config/scrutiny.db
|
location: __INSTALL_DIR__/config/scrutiny.db
|
||||||
|
@ -56,7 +56,7 @@ web:
|
||||||
# insecure_skip_verify: false
|
# insecure_skip_verify: false
|
||||||
|
|
||||||
log:
|
log:
|
||||||
file: /var/log/__APP__/__APP__-web-server.log
|
file: /var/log/__APP__/web-server.log
|
||||||
level: INFO
|
level: INFO
|
||||||
|
|
||||||
# Notification "urls" look like the following. For more information about service specific configuration see
|
# Notification "urls" look like the following. For more information about service specific configuration see
|
||||||
|
|
|
@ -4,6 +4,7 @@ After=network-online.target scrutiny-web-server.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
Type=oneshot
|
Type=oneshot
|
||||||
|
# Only root can fully execute smartcl features
|
||||||
User=root
|
User=root
|
||||||
Group=root
|
Group=root
|
||||||
WorkingDirectory=__INSTALL_DIR__
|
WorkingDirectory=__INSTALL_DIR__
|
||||||
|
@ -11,29 +12,42 @@ LogsDirectory=__APP__
|
||||||
StateDirectory=__APP__
|
StateDirectory=__APP__
|
||||||
ExecStart=__INSTALL_DIR__/bin/scrutiny-collector-metrics-linux-amd64 run --config __INSTALL_DIR__/config/collector.yaml
|
ExecStart=__INSTALL_DIR__/bin/scrutiny-collector-metrics-linux-amd64 run --config __INSTALL_DIR__/config/collector.yaml
|
||||||
Restart=no
|
Restart=no
|
||||||
StandardOutput=append:/var/log/__APP__/__APP__-collector.log
|
StandardOutput=append:/var/log/__APP__/collector.log
|
||||||
StandardError=inherit
|
StandardError=inherit
|
||||||
|
|
||||||
NoNewPrivileges=true
|
# Sandboxing options to harden security
|
||||||
SystemCallArchitectures=native
|
# Depending on specificities of your service/app, you may need to tweak these
|
||||||
|
# .. but this should be a good baseline
|
||||||
|
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||||
|
NoNewPrivileges=yes
|
||||||
PrivateTmp=yes
|
PrivateTmp=yes
|
||||||
ProtectHome=yes
|
#PrivateDevices=yes
|
||||||
#ProtectSystem=strict
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
||||||
ProtectKernelTunables=yes
|
|
||||||
ProtectKernelModules=yes
|
|
||||||
ProtectKernelLogs=yes
|
|
||||||
ProtectControlGroups=yes
|
|
||||||
ProtectHostname=yes
|
|
||||||
RestrictAddressFamilies=AF_INET AF_INET6
|
|
||||||
RestrictNamespaces=yes
|
RestrictNamespaces=yes
|
||||||
LockPersonality=yes
|
|
||||||
MemoryDenyWriteExecute=yes
|
|
||||||
RestrictRealtime=yes
|
RestrictRealtime=yes
|
||||||
RestrictSUIDSGID=yes
|
#DevicePolicy=closed
|
||||||
RemoveIPC=yes
|
#ProtectClock=yes # smartctl apparently doesn't function properly with this protection in place
|
||||||
|
ProtectHostname=yes
|
||||||
|
ProtectProc=invisible
|
||||||
|
ProtectSystem=full
|
||||||
|
ProtectControlGroups=yes
|
||||||
|
ProtectKernelModules=yes
|
||||||
|
ProtectKernelTunables=yes
|
||||||
|
LockPersonality=yes
|
||||||
|
SystemCallArchitectures=native
|
||||||
|
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
|
||||||
|
|
||||||
# smartctl apparently doesn't function properly with this protection in place
|
# Denying access to capabilities that should not be relevant for webapps
|
||||||
#ProtectClock=yes
|
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||||
|
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||||
|
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||||
|
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||||
|
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||||
|
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||||
|
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Scrutiny Collector timer
|
Description=Scrutiny Collector Timer
|
||||||
|
|
||||||
[Timer]
|
[Timer]
|
||||||
OnCalendar=daily
|
OnCalendar=daily
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
[Unit]
|
[Unit]
|
||||||
Description=Scrutiny web server
|
Description=Scrutiny Web Server
|
||||||
After=network-online.target
|
After=network-online.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
@ -12,28 +12,42 @@ StateDirectory=__APP__
|
||||||
ExecStart=__INSTALL_DIR__/bin/scrutiny-web-linux-amd64 start --config __INSTALL_DIR__/config/scrutiny.yaml
|
ExecStart=__INSTALL_DIR__/bin/scrutiny-web-linux-amd64 start --config __INSTALL_DIR__/config/scrutiny.yaml
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=10s
|
RestartSec=10s
|
||||||
StandardOutput=append:/var/log/__APP__/__APP__-web-server.log
|
StandardOutput=append:/var/log/__APP__/web-server.log
|
||||||
StandardError=inherit
|
StandardError=inherit
|
||||||
|
|
||||||
|
# Sandboxing options to harden security
|
||||||
|
# Depending on specificities of your service/app, you may need to tweak these
|
||||||
|
# .. but this should be a good baseline
|
||||||
|
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||||
NoNewPrivileges=yes
|
NoNewPrivileges=yes
|
||||||
ProtectHome=yes
|
|
||||||
#ProtectSystem=strict
|
|
||||||
PrivateTmp=yes
|
PrivateTmp=yes
|
||||||
PrivateDevices=yes
|
PrivateDevices=yes
|
||||||
ProtectKernelTunables=yes
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
|
||||||
ProtectKernelModules=yes
|
RestrictNamespaces=yes
|
||||||
ProtectKernelLogs=yes
|
RestrictRealtime=yes
|
||||||
ProtectControlGroups=yes
|
DevicePolicy=closed
|
||||||
ProtectHostname=yes
|
|
||||||
ProtectClock=yes
|
ProtectClock=yes
|
||||||
RestrictAddressFamilies=AF_INET AF_INET6
|
ProtectHostname=yes
|
||||||
RestrictNamespaces=true
|
ProtectProc=invisible
|
||||||
LockPersonality=true
|
ProtectSystem=full
|
||||||
MemoryDenyWriteExecute=true
|
ProtectControlGroups=yes
|
||||||
RestrictRealtime=true
|
ProtectKernelModules=yes
|
||||||
RestrictSUIDSGID=true
|
ProtectKernelTunables=yes
|
||||||
RemoveIPC=true
|
LockPersonality=yes
|
||||||
CapabilityBoundingSet=
|
SystemCallArchitectures=native
|
||||||
|
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
|
||||||
|
|
||||||
|
# Denying access to capabilities that should not be relevant for webapps
|
||||||
|
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||||
|
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||||
|
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||||
|
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||||
|
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||||
|
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||||
|
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -1,4 +1,8 @@
|
||||||
For any collector not on that host, you should change the `--api-endpoint`.
|
For any collector not on that host...
|
||||||
|
|
||||||
|
...refer to the documentation at [https://github.com/AnalogJ/scrutiny/blob/master/docs/INSTALL_MANUAL.md#collector](https://github.com/AnalogJ/scrutiny/blob/master/docs/INSTALL_MANUAL.md#collector)
|
||||||
|
|
||||||
|
...change the `--api-endpoint`
|
||||||
|
|
||||||
For example :
|
For example :
|
||||||
|
|
||||||
|
|
|
@ -1,23 +1,8 @@
|
||||||
WebUI for smartd S.M.A.R.T monitoring
|
**Scrutiny is a Hard Drive Health Dashboard & Monitoring solution, merging manufacturer provided S.M.A.R.T metrics with real-world failure rates.**
|
||||||
|
|
||||||
> NOTE: Scrutiny is a Work-in-Progress and still has some rough edges.
|
> NOTE: Scrutiny is a Work-in-Progress and still has some rough edges.
|
||||||
|
|
||||||
# Introduction
|
### Features
|
||||||
|
|
||||||
If you run a server with more than a couple of hard drives, you're probably already familiar with S.M.A.R.T and the `smartd` daemon. If not, it's an incredible open source project described as the following:
|
|
||||||
|
|
||||||
> smartd is a daemon that monitors the Self-Monitoring, Analysis and Reporting Technology (SMART) system built into many ATA, IDE and SCSI-3 hard drives. The purpose of SMART is to monitor the reliability of the hard drive and predict drive failures, and to carry out different types of drive self-tests.
|
|
||||||
|
|
||||||
Theses S.M.A.R.T hard drive self-tests can help you detect and replace failing hard drives before they cause permanent data loss. However, there's a couple issues with `smartd`:
|
|
||||||
|
|
||||||
- There are more than a hundred S.M.A.R.T attributes, however `smartd` does not differentiate between critical and informational metrics
|
|
||||||
- `smartd` does not record S.M.A.R.T attribute history, so it can be hard to determine if an attribute is degrading slowly over time.
|
|
||||||
- S.M.A.R.T attribute thresholds are set by the manufacturer. In some cases these thresholds are unset, or are so high that they can only be used to confirm a failed drive, rather than detecting a drive about to fail.
|
|
||||||
- `smartd` is a command line only tool. For head-less servers a web UI would be more valuable.
|
|
||||||
|
|
||||||
**Scrutiny is a Hard Drive Health Dashboard & Monitoring solution, merging manufacturer provided S.M.A.R.T metrics with real-world failure rates.**
|
|
||||||
|
|
||||||
# Features
|
|
||||||
|
|
||||||
Scrutiny is a simple but focused application, with a couple of core features:
|
Scrutiny is a simple but focused application, with a couple of core features:
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,8 @@
|
||||||
For any collector not on that host, you should change the `--api-endpoint`.
|
For any collector not on that host...
|
||||||
|
|
||||||
|
...refer to the documentation at [https://github.com/AnalogJ/scrutiny/blob/master/docs/INSTALL_MANUAL.md#collector](https://github.com/AnalogJ/scrutiny/blob/master/docs/INSTALL_MANUAL.md#collector)
|
||||||
|
|
||||||
|
...change the `--api-endpoint`
|
||||||
|
|
||||||
For example :
|
For example :
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,9 @@
|
||||||
For any collector not on that host, you should change the `--api-endpoint`.
|
For any collector not on that host...
|
||||||
|
|
||||||
|
...refer to the documentation at [https://github.com/AnalogJ/scrutiny/blob/master/docs/INSTALL_MANUAL.md#collector](https://github.com/AnalogJ/scrutiny/blob/master/docs/INSTALL_MANUAL.md#collector)
|
||||||
|
|
||||||
|
...change the `--api-endpoint`
|
||||||
|
|
||||||
For example :
|
For example :
|
||||||
|
|
||||||
> `/opt/scrutiny/bin/scrutiny-collector-metrics-linux-amd64 run --api-endpoint https://__DOMAIN____PATH__`
|
> `/opt/scrutiny/bin/scrutiny-collector-metrics-linux-amd64 run --api-endpoint https://__DOMAIN____PATH__`
|
||||||
|
|
||||||
|
|
|
@ -9,8 +9,7 @@ version = "0.6.0~ynh1"
|
||||||
maintainers = ["ewilly"]
|
maintainers = ["ewilly"]
|
||||||
|
|
||||||
[upstream]
|
[upstream]
|
||||||
license = "free"
|
license = "MIT"
|
||||||
website = "https://github.com/AnalogJ/scrutiny"
|
|
||||||
admindoc = "https://github.com/AnalogJ/scrutiny/tree/master/docs"
|
admindoc = "https://github.com/AnalogJ/scrutiny/tree/master/docs"
|
||||||
code = "https://github.com/AnalogJ/scrutiny"
|
code = "https://github.com/AnalogJ/scrutiny"
|
||||||
fund = "https://paypal.me/analogj/usd10"
|
fund = "https://paypal.me/analogj/usd10"
|
||||||
|
@ -18,7 +17,7 @@ fund = "https://paypal.me/analogj/usd10"
|
||||||
[integration]
|
[integration]
|
||||||
yunohost = ">= 11.1.6"
|
yunohost = ">= 11.1.6"
|
||||||
architectures = ["amd64", "arm64"]
|
architectures = ["amd64", "arm64"]
|
||||||
multi_instance = true
|
multi_instance = false
|
||||||
ldap = "not_relevant"
|
ldap = "not_relevant"
|
||||||
sso = "not_relevant"
|
sso = "not_relevant"
|
||||||
disk = "50M"
|
disk = "50M"
|
||||||
|
@ -35,7 +34,7 @@ ram.runtime = "50M"
|
||||||
|
|
||||||
[install.collector]
|
[install.collector]
|
||||||
ask.en = "Should the collector be activated on this host?"
|
ask.en = "Should the collector be activated on this host?"
|
||||||
ask.fr = "Le collector doit-il est activé sur cet host ?"
|
help.en = "Let it to true if yunohost is running on bare metal (i.e. not in a VM or in a LXC)"
|
||||||
type = "boolean"
|
type = "boolean"
|
||||||
default = true
|
default = true
|
||||||
|
|
||||||
|
@ -53,8 +52,7 @@ ram.runtime = "50M"
|
||||||
main.show_tile = true
|
main.show_tile = true
|
||||||
main.protected= true
|
main.protected= true
|
||||||
main.allowed = "admins"
|
main.allowed = "admins"
|
||||||
#api.url = "__DOMAIN____PATH__/api" # FIXME : __PATH__ in not handled by yunohost for the api in manifest.toml
|
api.url = "/api"
|
||||||
api.url = "re:__DOMAIN__/.*api/.*"
|
|
||||||
api.auth_header = false
|
api.auth_header = false
|
||||||
api.show_tile = false
|
api.show_tile = false
|
||||||
api.protected= true
|
api.protected= true
|
||||||
|
|
|
@ -16,7 +16,12 @@ source /usr/share/yunohost/helpers
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Stopping a systemd service..." --weight=1
|
ynh_script_progression --message="Stopping a systemd service..." --weight=1
|
||||||
|
|
||||||
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
|
ynh_systemd_action --service_name="influxdb" --action="stop"
|
||||||
|
ynh_systemd_action --service_name="scrutiny-web-server.service" --action="stop" --log_path="/var/log/$app/web-server.log"
|
||||||
|
if [ $collector -eq 1 ]
|
||||||
|
then
|
||||||
|
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="stop" --log_path="/var/log/$app/collector.log"
|
||||||
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# MODIFY URL IN NGINX CONF
|
# MODIFY URL IN NGINX CONF
|
||||||
|
@ -28,9 +33,31 @@ ynh_change_url_nginx_config
|
||||||
#=================================================
|
#=================================================
|
||||||
# SPECIFIC MODIFICATIONS
|
# SPECIFIC MODIFICATIONS
|
||||||
#=================================================
|
#=================================================
|
||||||
# ...
|
# in the change_url context, variables called new_domain, new_path, old_domain, old_path will be available, as well as change_domain and change_path equal to 0 (false) or 1 (true) depending if the domain / path changed
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
|
if [ "$old_path" != "$new_path" ]
|
||||||
|
then
|
||||||
|
# Update scrutiny.yaml
|
||||||
|
if [ "${new_path}" == "/" ]
|
||||||
|
then
|
||||||
|
new_base_path=""
|
||||||
|
else
|
||||||
|
new_base_path="\\${new_path}"
|
||||||
|
fi
|
||||||
|
key="basepath"
|
||||||
|
new_value="'$new_base_path'"
|
||||||
|
sed --regexp-extended "s/^(\s*${key}:\s*).*/\1${new_value}/" --in-place "$install_dir/config/scrutiny.yaml"
|
||||||
|
ynh_store_file_checksum --file="$install_dir/config/scrutiny.yaml"
|
||||||
|
|
||||||
|
# Update collector.yaml
|
||||||
|
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||||
|
key="endpoint"
|
||||||
|
new_value="'http:\/\/127.0.0.1:${port}${new_base_path}\/'"
|
||||||
|
sed --regexp-extended "s/^(\s*${key}:\s*).*/\1${new_value}/" --in-place "$install_dir/config/collector.yaml"
|
||||||
|
ynh_store_file_checksum --file="$install_dir/config/collector.yaml"
|
||||||
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# GENERIC FINALISATION
|
# GENERIC FINALISATION
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -38,7 +65,14 @@ ynh_change_url_nginx_config
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||||
|
|
||||||
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
|
ynh_systemd_action --service_name="influxdb" --action="start"
|
||||||
|
ynh_systemd_action --service_name="scrutiny-web-server.service" --action="start" --log_path="/var/log/$app/web-server.log"
|
||||||
|
if [ $collector -eq 1 ]
|
||||||
|
then
|
||||||
|
systemctl daemon-reload
|
||||||
|
ynh_systemd_action --service_name="scrutiny-collector.service" --action="start" --log_path="/var/log/$app/collector.log"
|
||||||
|
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="start" --log_path="/var/log/$app/collector.log"
|
||||||
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# END OF SCRIPT
|
# END OF SCRIPT
|
||||||
|
|
|
@ -17,10 +17,12 @@ source /usr/share/yunohost/helpers
|
||||||
ynh_script_progression --message="Setting up source files..." --weight=1
|
ynh_script_progression --message="Setting up source files..." --weight=1
|
||||||
|
|
||||||
mkdir -p "$install_dir/bin"
|
mkdir -p "$install_dir/bin"
|
||||||
if [ $YNH_ARCH == "amd64" ]; then
|
if [ $YNH_ARCH == "amd64" ]
|
||||||
|
then
|
||||||
ynh_setup_source --source_id="src/scrutiny-web-linux-amd64" --dest_dir="$install_dir/bin"
|
ynh_setup_source --source_id="src/scrutiny-web-linux-amd64" --dest_dir="$install_dir/bin"
|
||||||
ynh_setup_source --source_id="src/scrutiny-collector-metrics-linux-amd64" --dest_dir="$install_dir/bin"
|
ynh_setup_source --source_id="src/scrutiny-collector-metrics-linux-amd64" --dest_dir="$install_dir/bin"
|
||||||
elif [ $YNH_ARCH == "arm64" ]; then
|
elif [ $YNH_ARCH == "arm64" ]
|
||||||
|
then
|
||||||
ynh_setup_source --source_id="src/scrutiny-web-linux-arm64" --dest_dir="$install_dir/bin"
|
ynh_setup_source --source_id="src/scrutiny-web-linux-arm64" --dest_dir="$install_dir/bin"
|
||||||
ynh_setup_source --source_id="src/scrutiny-collector-metrics-linux-arm64" --dest_dir="$install_dir/bin"
|
ynh_setup_source --source_id="src/scrutiny-collector-metrics-linux-arm64" --dest_dir="$install_dir/bin"
|
||||||
fi
|
fi
|
||||||
|
@ -37,11 +39,12 @@ ynh_add_nginx_config
|
||||||
|
|
||||||
# Create a dedicated systemd config
|
# Create a dedicated systemd config
|
||||||
ynh_add_systemd_config --service="scrutiny-web-server" --template="systemd-scrutiny-web-server.service"
|
ynh_add_systemd_config --service="scrutiny-web-server" --template="systemd-scrutiny-web-server.service"
|
||||||
yunohost service add "scrutiny-web-server" --description="WebUI for smartd S.M.A.R.T monitoring" --log="/var/log/$app/$app-web-server.log"
|
yunohost service add "scrutiny-web-server" --description="WebUI for smartd S.M.A.R.T monitoring" --log="/var/log/$app/web-server.log"
|
||||||
|
|
||||||
ynh_add_config --template="systemd-scrutiny-collector.service" --destination="/etc/systemd/system/scrutiny-collector.service"
|
ynh_add_config --template="systemd-scrutiny-collector.service" --destination="/etc/systemd/system/scrutiny-collector.service"
|
||||||
if [ $collector ]; then
|
if [ $collector -eq 1 ]
|
||||||
yunohost service add "scrutiny-collector.timer" --description="Collector timer for smartd S.M.A.R.T monitoring" --log="/var/log/$app/$app-web-server.log"
|
then
|
||||||
|
yunohost service add "scrutiny-collector" --description="Collector running on timer (daily) for smartd S.M.A.R.T monitoring" --log="/var/log/$app/collector.log" --test_status="systemctl show scrutiny-collector.service -p ActiveState --value | grep -v failed"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Use logrotate to manage application logfile(s)
|
# Use logrotate to manage application logfile(s)
|
||||||
|
@ -55,6 +58,12 @@ ynh_use_logrotate --specific_user="$app"
|
||||||
ynh_script_progression --message="Adding a configuration file..." --weight=1
|
ynh_script_progression --message="Adding a configuration file..." --weight=1
|
||||||
|
|
||||||
mkdir -p "$install_dir/config"
|
mkdir -p "$install_dir/config"
|
||||||
|
if [ "${path}" == "/" ]
|
||||||
|
then
|
||||||
|
base_path=""
|
||||||
|
else
|
||||||
|
base_path="${path}"
|
||||||
|
fi
|
||||||
ynh_add_config --template="config/scrutiny.yaml" --destination="$install_dir/config/scrutiny.yaml"
|
ynh_add_config --template="config/scrutiny.yaml" --destination="$install_dir/config/scrutiny.yaml"
|
||||||
|
|
||||||
ynh_add_config --template="systemd-scrutiny-collector.timer" --destination="/etc/systemd/system/scrutiny-collector.timer"
|
ynh_add_config --template="systemd-scrutiny-collector.timer" --destination="/etc/systemd/system/scrutiny-collector.timer"
|
||||||
|
@ -74,13 +83,14 @@ myynh_set_permissions
|
||||||
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||||
ynh_systemd_action --service_name="influxdb" --action="enable"
|
ynh_systemd_action --service_name="influxdb" --action="enable"
|
||||||
ynh_systemd_action --service_name="influxdb" --action="start"
|
ynh_systemd_action --service_name="influxdb" --action="start"
|
||||||
ynh_systemd_action --service_name="scrutiny-web-server.service" --action="start" --log_path="/var/log/$app/scrutiny-web-server.log"
|
ynh_systemd_action --service_name="scrutiny-web-server.service" --action="start" --log_path="/var/log/$app/web-server.log"
|
||||||
if [ $collector ]; then
|
if [ $collector -eq 1 ]
|
||||||
|
then
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
ynh_systemd_action --service_name="scrutiny-collector.service" --action="enable"
|
ynh_systemd_action --service_name="scrutiny-collector.service" --action="enable"
|
||||||
ynh_systemd_action --service_name="scrutiny-collector.service" --action="start" --log_path="/var/log/$app/scrutiny-collector.log"
|
ynh_systemd_action --service_name="scrutiny-collector.service" --action="start" --log_path="/var/log/$app/collector.log"
|
||||||
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="enable"
|
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="enable"
|
||||||
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="start"
|
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="start" --log_path="/var/log/$app/collector.log"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
@ -25,21 +25,18 @@ fi
|
||||||
|
|
||||||
if ynh_exec_warn_less yunohost service status "scrutiny-collector" >/dev/null
|
if ynh_exec_warn_less yunohost service status "scrutiny-collector" >/dev/null
|
||||||
then
|
then
|
||||||
ynh_script_progression --message="Removing scrutiny-collector timer integration..." --weight=1
|
ynh_script_progression --message="Removing scrutiny-collector service integration..." --weight=1
|
||||||
yunohost service remove "scrutiny-collector"
|
yunohost service remove "scrutiny-collector"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ynh_remove_systemd_config --service="scrutiny-web-server"
|
ynh_remove_systemd_config --service="scrutiny-web-server"
|
||||||
ynh_remove_systemd_config --service="scrutiny-collector"
|
ynh_remove_systemd_config --service="scrutiny-collector"
|
||||||
|
ynh_secure_remove --file="/etc/systemd/system/scrutiny-collector.timer"
|
||||||
|
|
||||||
ynh_remove_nginx_config
|
ynh_remove_nginx_config
|
||||||
|
|
||||||
ynh_remove_logrotate
|
ynh_remove_logrotate
|
||||||
|
|
||||||
if [ $collector ]; then
|
|
||||||
ynh_secure_remove --file="/etc/systemd/system/scrutiny-collector.timer"
|
|
||||||
fi
|
|
||||||
|
|
||||||
ynh_secure_remove --file="/var/log/$app"
|
ynh_secure_remove --file="/var/log/$app"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
@ -30,9 +30,10 @@ systemctl enable "/etc/systemd/system/scrutiny-web-server.service" --quiet
|
||||||
ynh_restore_file --origin_path="/etc/systemd/system/scrutiny-collector.service"
|
ynh_restore_file --origin_path="/etc/systemd/system/scrutiny-collector.service"
|
||||||
ynh_restore_file --origin_path="/etc/systemd/system/scrutiny-collector.timer"
|
ynh_restore_file --origin_path="/etc/systemd/system/scrutiny-collector.timer"
|
||||||
|
|
||||||
yunohost service add "scrutiny-web-server" --description="WebUI for smartd S.M.A.R.T monitoring" --log="/var/log/$app/$app-web-server.log"
|
yunohost service add "scrutiny-web-server" --description="WebUI for smartd S.M.A.R.T monitoring" --log="/var/log/$app/web-server.log"
|
||||||
if [ $collector ]; then
|
if [ $collector -eq 1 ]
|
||||||
yunohost service add "scrutiny-collector.timer" --description="Collector timer for smartd S.M.A.R.T monitoring" --log="/var/log/$app/$app-web-server.log"
|
then
|
||||||
|
yunohost service add "scrutiny-collector" --description="Collector running on timer (daily) for smartd S.M.A.R.T monitoring" --log="/var/log/$app/collector.log" --test_status="systemctl show scrutiny-collector.service -p ActiveState --value | grep -v failed"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
|
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
|
||||||
|
@ -47,13 +48,14 @@ ynh_script_progression --message="Reloading NGINX web server and $app's service.
|
||||||
|
|
||||||
# Typically you only have either $app or php-fpm but not both at the same time...
|
# Typically you only have either $app or php-fpm but not both at the same time...
|
||||||
ynh_systemd_action --service_name="influxdb" --action="start"
|
ynh_systemd_action --service_name="influxdb" --action="start"
|
||||||
ynh_systemd_action --service_name="scrutiny-web-server.service" --action="start" --log_path="/var/log/$app/scrutiny-web-server.log"
|
ynh_systemd_action --service_name="scrutiny-web-server.service" --action="start" --log_path="/var/log/$app/web-server.log"
|
||||||
if [ $collector ]; then
|
if [ $collector -eq 1 ]
|
||||||
|
then
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
ynh_systemd_action --service_name="scrutiny-collector.service" --action="enable"
|
ynh_systemd_action --service_name="scrutiny-collector.service" --action="enable"
|
||||||
ynh_systemd_action --service_name="scrutiny-collector.service" --action="start" --log_path="/var/log/$app/scrutiny-collector.log"
|
ynh_systemd_action --service_name="scrutiny-collector.service" --action="start" --log_path="/var/log/$app/collector.log"
|
||||||
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="enable"
|
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="enable"
|
||||||
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="start"
|
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="start" --log_path="/var/log/$app/collector.log"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ynh_systemd_action --service_name=nginx --action=reload
|
ynh_systemd_action --service_name=nginx --action=reload
|
||||||
|
|
|
@ -24,11 +24,11 @@ upgrade_type=$(ynh_check_app_version_changed)
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Stopping a systemd service..." --weight=1
|
ynh_script_progression --message="Stopping a systemd service..." --weight=1
|
||||||
|
|
||||||
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
|
|
||||||
ynh_systemd_action --service_name="influxdb" --action="stop"
|
ynh_systemd_action --service_name="influxdb" --action="stop"
|
||||||
ynh_systemd_action --service_name="scrutiny-web-server.service" --action="stop" --log_path="/var/log/$app/scrutiny-web-server.log"
|
ynh_systemd_action --service_name="scrutiny-web-server.service" --action="stop" --log_path="/var/log/$app/web-server.log"
|
||||||
if [ $collector ]; then
|
if [ $collector -eq 1 ]
|
||||||
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="stop"
|
then
|
||||||
|
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="stop" --log_path="/var/log/$app/collector.log"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -42,10 +42,12 @@ then
|
||||||
ynh_script_progression --message="Upgrading source files..." --weight=1
|
ynh_script_progression --message="Upgrading source files..." --weight=1
|
||||||
|
|
||||||
# Download, check integrity, uncompress and patch the source from app.src
|
# Download, check integrity, uncompress and patch the source from app.src
|
||||||
if [ $YNH_ARCH == "amd64" ]; then
|
if [ $YNH_ARCH == "amd64" ]
|
||||||
|
then
|
||||||
ynh_setup_source --source_id="src/scrutiny-web-linux-amd64" --dest_dir="$install_dir/bin"
|
ynh_setup_source --source_id="src/scrutiny-web-linux-amd64" --dest_dir="$install_dir/bin"
|
||||||
ynh_setup_source --source_id="src/scrutiny-collector-metrics-linux-amd64" --dest_dir="$install_dir/bin"
|
ynh_setup_source --source_id="src/scrutiny-collector-metrics-linux-amd64" --dest_dir="$install_dir/bin"
|
||||||
elif [ $YNH_ARCH == "arm64" ]; then
|
elif [ $YNH_ARCH == "arm64" ]
|
||||||
|
then
|
||||||
ynh_setup_source --source_id="src/scrutiny-web-linux-arm64" --dest_dir="$install_dir/bin"
|
ynh_setup_source --source_id="src/scrutiny-web-linux-arm64" --dest_dir="$install_dir/bin"
|
||||||
ynh_setup_source --source_id="src/scrutiny-collector-metrics-linux-arm64" --dest_dir="$install_dir/bin"
|
ynh_setup_source --source_id="src/scrutiny-collector-metrics-linux-arm64" --dest_dir="$install_dir/bin"
|
||||||
fi
|
fi
|
||||||
|
@ -60,11 +62,12 @@ ynh_script_progression --message="Upgrading system configurations related to $ap
|
||||||
ynh_add_nginx_config
|
ynh_add_nginx_config
|
||||||
|
|
||||||
ynh_add_systemd_config --service="scrutiny-web-server" --template="systemd-scrutiny-web-server.service"
|
ynh_add_systemd_config --service="scrutiny-web-server" --template="systemd-scrutiny-web-server.service"
|
||||||
yunohost service add "scrutiny-web-server" --description="WebUI for smartd S.M.A.R.T monitoring" --log="/var/log/$app/$app-web-server.log"
|
yunohost service add "scrutiny-web-server" --description="WebUI for smartd S.M.A.R.T monitoring" --log="/var/log/$app/web-server.log"
|
||||||
|
|
||||||
ynh_add_config --template="systemd-scrutiny-collector.service" --destination="/etc/systemd/system/scrutiny-collector.service"
|
ynh_add_config --template="systemd-scrutiny-collector.service" --destination="/etc/systemd/system/scrutiny-collector.service"
|
||||||
if [ $collector ]; then
|
if [ $collector -eq 1 ]
|
||||||
yunohost service add "scrutiny-collector.timer" --description="Collector timer for smartd S.M.A.R.T monitoring" --log="/var/log/$app/$app-web-server.log"
|
then
|
||||||
|
yunohost service add "scrutiny-collector" --description="Collector running on timer (daily) for smartd S.M.A.R.T monitoring" --log="/var/log/$app/collector.log" --test_status="systemctl show scrutiny-collector.service -p ActiveState --value | grep -v failed"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ynh_use_logrotate --specific_user="$app" --non-append
|
ynh_use_logrotate --specific_user="$app" --non-append
|
||||||
|
@ -76,6 +79,12 @@ ynh_use_logrotate --specific_user="$app" --non-append
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Updating a configuration file..." --weight=1
|
ynh_script_progression --message="Updating a configuration file..." --weight=1
|
||||||
|
|
||||||
|
if [ "${path}" == "/" ]
|
||||||
|
then
|
||||||
|
base_path=""
|
||||||
|
else
|
||||||
|
base_path="${path}"
|
||||||
|
fi
|
||||||
ynh_add_config --template="config/scrutiny.yaml" --destination="$install_dir/config/scrutiny.yaml"
|
ynh_add_config --template="config/scrutiny.yaml" --destination="$install_dir/config/scrutiny.yaml"
|
||||||
|
|
||||||
ynh_add_config --template="systemd-scrutiny-collector.timer" --destination="/etc/systemd/system/scrutiny-collector.timer"
|
ynh_add_config --template="systemd-scrutiny-collector.timer" --destination="/etc/systemd/system/scrutiny-collector.timer"
|
||||||
|
@ -93,13 +102,14 @@ myynh_set_permissions
|
||||||
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
ynh_script_progression --message="Starting a systemd service..." --weight=1
|
||||||
ynh_systemd_action --service_name="influxdb" --action="enable"
|
ynh_systemd_action --service_name="influxdb" --action="enable"
|
||||||
ynh_systemd_action --service_name="influxdb" --action="start"
|
ynh_systemd_action --service_name="influxdb" --action="start"
|
||||||
ynh_systemd_action --service_name="scrutiny-web-server.service" --action="start" --log_path="/var/log/$app/scrutiny-web-server.log"
|
ynh_systemd_action --service_name="scrutiny-web-server.service" --action="start" --log_path="/var/log/$app/web-server.log"
|
||||||
if [ $collector ]; then
|
if [ $collector -eq 1 ]
|
||||||
|
then
|
||||||
systemctl daemon-reload
|
systemctl daemon-reload
|
||||||
ynh_systemd_action --service_name="scrutiny-collector.service" --action="enable"
|
ynh_systemd_action --service_name="scrutiny-collector.service" --action="enable"
|
||||||
ynh_systemd_action --service_name="scrutiny-collector.service" --action="start" --log_path="/var/log/$app/scrutiny-collector.log"
|
ynh_systemd_action --service_name="scrutiny-collector.service" --action="start" --log_path="/var/log/$app/collector.log"
|
||||||
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="enable"
|
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="enable"
|
||||||
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="start"
|
ynh_systemd_action --service_name="scrutiny-collector.timer" --action="start" --log_path="/var/log/$app/collector.log"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
@ -18,8 +18,4 @@ test_format = 1.0
|
||||||
# Commits to test upgrade from
|
# Commits to test upgrade from
|
||||||
# -------------------------------
|
# -------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
[some_additional_testsuite]
|
|
||||||
|
|
||||||
args.collector = false
|
|
||||||
|
|
153
updater.sh
153
updater.sh
|
@ -1,153 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# PACKAGE UPDATING HELPER
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# This script is meant to be run by GitHub Actions
|
|
||||||
# The YunoHost-Apps organisation offers a template Action to run this script periodically
|
|
||||||
# Since each app is different, maintainers can adapt its contents so as to perform
|
|
||||||
# automatic actions when a new upstream release is detected.
|
|
||||||
|
|
||||||
# Remove this exit command when you are ready to run this Action
|
|
||||||
#exit 1
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# FETCHING LATEST RELEASE AND ITS ASSETS
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Fetching information
|
|
||||||
current_version=$(cat manifest.toml | awk -v key="version" '$1 == key { gsub("\"","",$3);print $3 }' | awk -F'~' '{print $1}')
|
|
||||||
repo=$(cat manifest.toml | awk -v key="code" '$1 == key { gsub("\"","",$3);print $3 }' | awk -F'https://github.com/' '{print $2}')
|
|
||||||
|
|
||||||
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
|
|
||||||
version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
|
|
||||||
assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'"))
|
|
||||||
|
|
||||||
# Later down the script, we assume the version has only digits and dots
|
|
||||||
# Sometimes the release name starts with a "v", so let's filter it out.
|
|
||||||
# You may need more tweaks here if the upstream repository has different naming conventions.
|
|
||||||
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
|
|
||||||
version=${version:1}
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Setting up the environment variables
|
|
||||||
echo "Current version: $current_version"
|
|
||||||
echo "Latest release from upstream: $version"
|
|
||||||
echo "VERSION=$version" >> $GITHUB_ENV
|
|
||||||
echo "REPO=$repo" >> $GITHUB_ENV
|
|
||||||
# For the time being, let's assume the script will fail
|
|
||||||
echo "PROCEED=false" >> $GITHUB_ENV
|
|
||||||
|
|
||||||
# Proceed only if the retrieved version is greater than the current one
|
|
||||||
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
|
|
||||||
echo "::warning ::No new version available"
|
|
||||||
exit 0
|
|
||||||
# Proceed only if a PR for this new version does not already exist
|
|
||||||
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
|
|
||||||
echo "::warning ::A branch already exists for this update"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
|
|
||||||
echo "${#assets[@]} available asset(s)"
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# UPDATE SOURCE FILES
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Here we use the $assets variable to get the resources published in the upstream release.
|
|
||||||
# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like.
|
|
||||||
|
|
||||||
# Let's loop over the array of assets URLs
|
|
||||||
for asset_url in ${assets[@]}; do
|
|
||||||
|
|
||||||
echo "Handling asset at $asset_url"
|
|
||||||
|
|
||||||
# Assign the asset to a source file in conf/ directory
|
|
||||||
# Here we base the source file name upon a unique keyword in the assets url (admin vs. update)
|
|
||||||
# Leave $src empty to ignore the asset
|
|
||||||
case $asset_url in
|
|
||||||
*"scrutiny-collector-metrics-linux-amd64"*)
|
|
||||||
src="scrutiny-collector-metrics-linux-amd64"
|
|
||||||
;;
|
|
||||||
*"scrutiny-collector-metrics-linux-arm64"*)
|
|
||||||
src="scrutiny-collector-metrics-linux-arm64"
|
|
||||||
;;
|
|
||||||
*"scrutiny-web-frontend.tar.gz"*)
|
|
||||||
src="scrutiny-web-frontend.tar.gz"
|
|
||||||
;;
|
|
||||||
*"scrutiny-web-linux-amd64"*)
|
|
||||||
src="scrutiny-web-linux-amd64"
|
|
||||||
;;
|
|
||||||
*"scrutiny-web-linux-arm64"*)
|
|
||||||
src="scrutiny-web-linux-arm64"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
src=""
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# If $src is not empty, let's process the asset
|
|
||||||
if [ ! -z "$src" ]; then
|
|
||||||
|
|
||||||
# Create the temporary directory
|
|
||||||
tempdir="$(mktemp -d)"
|
|
||||||
|
|
||||||
# Download sources and calculate checksum
|
|
||||||
filename=${asset_url##*/}
|
|
||||||
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
|
|
||||||
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
|
|
||||||
|
|
||||||
# Delete temporary directory
|
|
||||||
rm -rf $tempdir
|
|
||||||
|
|
||||||
# Get extension
|
|
||||||
if [[ $filename == *.tar.gz ]]; then
|
|
||||||
extension=tar.gz
|
|
||||||
extract=true
|
|
||||||
elif [[ $filename == ${filename##*.} ]]; then
|
|
||||||
extension=""
|
|
||||||
extract=false
|
|
||||||
else
|
|
||||||
extension=${filename##*.}
|
|
||||||
extract=false
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Rewrite source file
|
|
||||||
cat <<EOT > conf/src/$src.src
|
|
||||||
SOURCE_URL=$asset_url
|
|
||||||
SOURCE_SUM=$checksum
|
|
||||||
SOURCE_SUM_PRG=sha256sum
|
|
||||||
SOURCE_FORMAT=$extension
|
|
||||||
SOURCE_IN_SUBDIR=true
|
|
||||||
SOURCE_FILENAME=$filename
|
|
||||||
SOURCE_EXTRACT=$extract
|
|
||||||
EOT
|
|
||||||
echo "... conf/src/$src.src updated"
|
|
||||||
|
|
||||||
else
|
|
||||||
echo "... asset ignored"
|
|
||||||
fi
|
|
||||||
|
|
||||||
done
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SPECIFIC UPDATE STEPS
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Any action on the app's source code can be done.
|
|
||||||
# The GitHub Action workflow takes care of committing all changes after this script ends.
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# GENERIC FINALIZATION
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Replace new version in manifest
|
|
||||||
sed -i "s/^version = .*/version = \"$version~ynh1\"/" manifest.toml
|
|
||||||
|
|
||||||
# No need to update the README, yunohost-bot takes care of it
|
|
||||||
|
|
||||||
# The Action will proceed only if the PROCEED environment variable is set to true
|
|
||||||
echo "PROCEED=true" >> $GITHUB_ENV
|
|
||||||
exit 0
|
|
Loading…
Reference in a new issue