#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= ynh_clean_setup () { ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH admin=$YNH_APP_ARG_ADMIN password=$YNH_APP_ARG_PASSWORD title=$YNH_APP_ARG_TITLE is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=is_public --value=$is_public #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." # Create a system user ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Configuring PHP-FPM..." # Create a dedicated PHP-FPM config ynh_add_fpm_config --usage=low --footprint=low --package="$extra_php_dependencies" #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." # Use logrotate to manage application logfile(s) touch "$final_path/data/log.txt" ynh_use_logrotate "$final_path/data/log.txt" #================================================= # MODIFY A CONFIG FILE #================================================= ynh_script_progression --message="Configuring Shaarli..." # Get the timezone timezone=$(cat /etc/timezone) # Generate the salt salt=$(php${YNH_PHP_VERSION} -r 'echo sha1(uniqid("", true) ."_". mt_rand());') # Generate the hash with the password hash=$(php${YNH_PHP_VERSION} -r "echo sha1('${password}'.'${admin}'.'${salt}');") # Generate the API secret secret=$(php${YNH_PHP_VERSION} -r "echo str_shuffle(substr(hash_hmac('sha512', uniqid('${salt}'), '${admin}'), 10, 12));") # Set default_private_links. By default, make them public if the app is public. if [ $is_public -eq 1 ] then default_private_links=false else default_private_links=true fi # Installing the config file and replace the placeholders ynh_add_config --template="../conf/config.json.php" --destination="$final_path/data/config.json.php" #================================================= # SECURE FILES AND DIRECTORIES #================================================= # set proper permissions ynh_script_progression --message="Securing files and directories..." chown -R $app: $final_path chmod -R g+rX $final_path chmod -R g+rwX $final_path/{cache/,data/,pagecache/,tmp/} #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2Ban..." # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="$final_path/data/log.txt" --failregex="\s-\s\s-\sLogin failed for user.*$" #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring SSOwat..." # Make app public if necessary if [ $is_public -eq 1 ] then # Everyone can access the app. # The "main" permission is automatically created before the install script. ynh_permission_update --permission "main" --add "visitors" fi #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed"