mirror of
https://github.com/YunoHost-Apps/shaarli_ynh.git
synced 2024-09-03 20:26:10 +02:00
111 lines
3.5 KiB
Bash
111 lines
3.5 KiB
Bash
#!/bin/bash
|
|
|
|
# ============= FUTURE YUNOHOST HELPER =============
|
|
# Delete a file checksum from the app settings
|
|
#
|
|
# $app should be defined when calling this helper
|
|
#
|
|
# usage: ynh_remove_file_checksum file
|
|
# | arg: file - The file for which the checksum will be deleted
|
|
ynh_delete_file_checksum () {
|
|
local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_'
|
|
ynh_app_setting_delete $app $checksum_setting_name
|
|
}
|
|
|
|
#=================================================
|
|
# COMMON VARIABLES
|
|
#=================================================
|
|
|
|
# dependencies used by the app
|
|
pkg_dependencies="php-cli php-gettext php-curl php-intl php-gd php-mbstring openssl"
|
|
|
|
|
|
#=================================================
|
|
# EXPERIMENTAL HELPERS
|
|
#=================================================
|
|
|
|
# Create a dedicated fail2ban config (jail and filter conf files)
|
|
#
|
|
# usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]]
|
|
# | arg: log_file - Log file to be checked by fail2ban
|
|
# | arg: failregex - Failregex to be looked for by fail2ban
|
|
# | arg: max_retry - Maximum number of retries allowed before banning IP address - default: 3
|
|
# | arg: ports - Ports blocked for a banned IP address - default: http,https
|
|
ynh_add_fail2ban_config_temp () {
|
|
# Process parameters
|
|
logpath=$1
|
|
failregex=$2
|
|
max_retry=${3:-3}
|
|
ports=${4:-http,https}
|
|
|
|
test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
|
|
test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
|
|
|
|
finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
|
|
finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
|
|
ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1
|
|
ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1
|
|
|
|
tee $finalfail2banjailconf <<EOF
|
|
[$app]
|
|
enabled = true
|
|
port = $ports
|
|
filter = $app
|
|
logpath = $logpath
|
|
maxretry = $max_retry
|
|
EOF
|
|
|
|
tee $finalfail2banfilterconf <<EOF
|
|
[INCLUDES]
|
|
before = common.conf
|
|
[Definition]
|
|
failregex = $failregex
|
|
ignoreregex =
|
|
EOF
|
|
|
|
ynh_store_file_checksum "$finalfail2banjailconf"
|
|
ynh_store_file_checksum "$finalfail2banfilterconf"
|
|
|
|
service fail2ban restart
|
|
local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
|
|
if [ -n "$fail2ban_error" ]
|
|
then
|
|
echo "[ERR] Fail2ban failed to load the jail for $app" >&2
|
|
echo "WARNING${fail2ban_error#*WARNING}" >&2
|
|
fi
|
|
}
|
|
|
|
# Remove the dedicated fail2ban config (jail and filter conf files)
|
|
#
|
|
# usage: ynh_remove_fail2ban_config
|
|
ynh_remove_fail2ban_config () {
|
|
ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
|
|
ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
|
|
systemctl restart fail2ban
|
|
}
|
|
|
|
ynh_smart_mktemp () {
|
|
local min_size="${1:-300}"
|
|
# Transform the minimum size from megabytes to kilobytes
|
|
min_size=$(( $min_size * 1024 ))
|
|
|
|
# Check if there's enough free space in a directory
|
|
is_there_enough_space () {
|
|
local free_space=$(df --output=avail "$1" | sed 1d)
|
|
test $free_space -ge $min_size
|
|
}
|
|
|
|
if is_there_enough_space /tmp; then
|
|
local tmpdir=/tmp
|
|
elif is_there_enough_space /var; then
|
|
local tmpdir=/var
|
|
elif is_there_enough_space /; then
|
|
local tmpdir=/
|
|
elif is_there_enough_space /home; then
|
|
local tmpdir=/home
|
|
else
|
|
ynh_die "Insufficient free space to continue..."
|
|
fi
|
|
|
|
echo "$(mktemp --directory --tmpdir="$tmpdir")"
|
|
}
|