Cleanup, Fixes

conf/env.sample

@@ -1,3 +1,10 @@
+# Sample ENV setup Variables
+# Copy this file and update as needed.
+#
+#   $ cp .env.sample .env
+#
+# Do not include this new file in source control
+#
 
 # Rails Settings
 EXPOSED_PORT=3000
@@ -10,15 +17,15 @@ RAILS_LOG_LEVEL=info # "debug" | "info" | "warn" | "error" | "fatal"
 #AWS_REGION=us-west1
 #S3_BACKUP_BUCKET_NAME=
 
-#ACTIVE_JOB_QUEUE_ADAPTER=async
+ACTIVE_JOB_QUEUE_ADAPTER=async
 
 # Database Settings
 DB_PORT=3306
 DB_HOST=127.0.0.1
 DB_DATABASE=standard_notes_db
 DB_USERNAME=std_notes_user
+# Please change this!
 DB_PASSWORD=changeme123
-#DB_ROOT_PASSWORD=changeme123
 DB_POOL_SIZE=30
 DB_WAIT_TIMEOUT=180
 

manifest.json

@@ -33,16 +33,6 @@
                 },
                 "example": "example.com"
             },
-            {
-                "name": "admin",
-                "type": "user",
-                "ask": {
-                    "en": "Choose an admin user",
-		    "fr": "Choisissez l'administrateur",
-		    "de": "Wähle einen Admin Benutzer"
-                },
-                "example": "johndoe"
-            },
             {
                 "name": "is_public",
                 "type": "boolean",
@@ -52,17 +42,6 @@
 		    "de": "Ist die Application Öffendlich?"
                 },
                 "default": true
-            },
-            {
-                "name": "language",
-                "type": "string",
-                "ask": {
-                    "en": "Choose the application language",
-		    "fr": "Choisissez la langue de l'application",
-		    "de": "Wähle die Application Sprache"
-                },
-                "choices": ["en", "fr", "de"],
-                "default": "en"
             }
         ]
     }

scripts/_common.sh

@@ -6,7 +6,6 @@
 RUBY_VERSION="2.7.2"
 
 # dependencies used by the app
-#pkg_dependencies="ruby ruby-dev rails zlib1g-dev libsqlite3-dev default-libmysqlclient-dev libssl-dev libreadline-dev"
 pkg_dependencies="\
 	zlib1g-dev \
 	libsqlite3-dev \

scripts/backup

@@ -65,10 +65,10 @@ ynh_mysql_dump_db --database="$db_name" > db.sql
 #=================================================
 # BACKUP FAIL2BAN CONFIGURATION
 #=================================================
-ynh_script_progression --message="Backing up fail2ban configuration..." --time --weight=1
+#ynh_script_progression --message="Backing up fail2ban configuration..." --time --weight=1
 
-ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
-ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
+#ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
+#ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
 
 #=================================================
 # SPECIFIC BACKUP

scripts/install

@@ -27,29 +27,13 @@ ynh_abort_if_errors
 domain=$YNH_APP_ARG_DOMAIN
 #path_url=$YNH_APP_ARG_PATH
 path_url="/"
-admin=$YNH_APP_ARG_ADMIN
 is_public=$YNH_APP_ARG_IS_PUBLIC
-language=$YNH_APP_ARG_LANGUAGE
-admin_mail=$(ynh_user_get_info $admin 'mail')
 app=$YNH_APP_INSTANCE_NAME
 
 #=================================================
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
 #=================================================
-### About  --weight and --time
-### ynh_script_progression will show to your final users the progression of each scripts.
-### In order to do that,  --weight will represent the relative time of execution compared to the other steps in the script.
-### --time is a packager option, it will show you the execution time since the previous call.
-### This option should be removed before releasing your app.
-### Use the execution time, given by --time, to estimate the weight of a step.
-### A common way to do it is to set a weight equal to the execution time in second +1.
-### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call.
-ynh_script_progression --message="Validating installation parameters..."  --weight=1
-
-### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
-### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app"
-final_path=/var/www/$app
-#final_path=/opt/yunohost/$app
+final_path=/opt/yunohost/$app
 test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
 
 # Register (book) web path
@@ -62,9 +46,7 @@ ynh_script_progression --message="Storing installation settings..."  --weight=3
 
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
-ynh_app_setting_set --app=$app --key=admin --value=$admin
 ynh_app_setting_set --app=$app --key=is_public --value=$is_public
-ynh_app_setting_set --app=$app --key=language --value=$language
 
 #=================================================
 # STANDARD MODIFICATIONS
@@ -73,36 +55,17 @@ ynh_app_setting_set --app=$app --key=language --value=$language
 #=================================================
 ynh_script_progression --message="Configuring firewall..."  --weight=1
 
-### Use these lines if you have to open a port for the application
-### `ynh_find_port` will find the first available port starting from the given port.
-### If you're not using these lines:
-###		- Remove the section "CLOSE A PORT" in the remove script
-
 # Find an available port
 port_web=$(ynh_find_port --port=3000)
 # Open the port
 ynh_app_setting_set --app=$app --key=port_web --value=$port_web
 
-# Optional: Expose this port publicly
-# (N.B. : you only need to do this if the app actually needs to expose the port publicly.
-# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !)
-
-# Open the port
-# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
 
 #=================================================
 # INSTALL DEPENDENCIES
 #=================================================
 ynh_script_progression --message="Installing dependencies..."  --weight=17
 
-### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package.
-### Those deb packages will be installed as dependencies of this package.
-### If you're not using this helper:
-###		- Remove the section "REMOVE DEPENDENCIES" in the remove script
-###		- Remove the variable "pkg_dependencies" in _common.sh
-###		- As well as the section "REINSTALL DEPENDENCIES" in the restore script
-###		- And the section "UPGRADE DEPENDENCIES" in the upgrade script
-
 ynh_install_app_dependencies $pkg_dependencies
 
 #=================================================
@@ -110,15 +73,6 @@ ynh_install_app_dependencies $pkg_dependencies
 #=================================================
 ynh_script_progression --message="Creating a MySQL database..."  --weight=2
 
-### Use these lines if you need a database for the application.
-### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password.
-### The password will be stored as 'mysqlpwd' into the app settings,
-### and will be available as $db_pwd
-### If you're not using these lines:
-###		- Remove the section "BACKUP THE MYSQL DATABASE" in the backup script
-###		- Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script
-###		- As well as the section "RESTORE THE MYSQL DATABASE" in the restore script
-
 db_name=$(ynh_sanitize_dbid --db_name=$app)
 db_user=$db_name
 ynh_app_setting_set --app=$app --key=db_name --value=$db_name
@@ -129,23 +83,17 @@ ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
 #=================================================
 ynh_script_progression --message="Setting up source files..."  --weight=2
 
-### `ynh_setup_source` is used to install an app from a zip or tar.gz file,
-### downloaded from an upstream source, like a git repository.
-### `ynh_setup_source` use the file conf/app.src
 
 ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 # Download, check integrity, uncompress and patch the source from app.src
 mkdir $final_path
 ynh_setup_source  --dest_dir="$final_path/live"
-#ynh_setup_source --dest_dir="$final_path"
 
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
 ynh_script_progression --message="Configuring nginx web server..."  --weight=3
 
-### `ynh_add_nginx_config` will use the file conf/nginx.conf
-
 # Create a dedicated nginx config
 ynh_replace_string --match_string="proxy_pass http://127.0.0.1:__PORT__;" --replace_string="proxy_pass http://127.0.0.1:$port_web;" --target_file="../conf/nginx.conf"
 ynh_add_nginx_config
@@ -155,47 +103,29 @@ ynh_add_nginx_config
 #=================================================
 ynh_script_progression --message="Configuring system user..."  --weight=1
 
-# Create a system user
-#ynh_system_user_create --username=$app
-# Create a system user allowing login
-#ynh_system_user_create $app $final_path 1
 # Create a system user
 ynh_system_user_create --username=$app --home_dir=$final_path
 
-
 #=================================================
 # SPECIFIC SETUP
 #=================================================
-pwd
-ls -al
 # INSTALLING RUBY AND BUNDLER
 #=================================================
 ynh_script_progression --message="Installing Ruby..."  --weight=331
 
 ynh_install_ruby --ruby_version=$RUBY_VERSION
 /opt/rbenv/versions/$RUBY_VERSION/bin/gem update --system --no-document
-#/opt/rbenv/versions/$RUBY_VERSION/bin/gem install bundler --no-document
 
 #=================================================
 # Setup
 #=================================================
-#ynh_script_progression --message="Setup..."  --weight=780
-
-# Set right permissions
-#chown -R "$app":"$app" $final_path
-#mkdir -p "/var/log/$app"
-#chown -R "$app":"$app" "/var/log/$app"
-
 #=================================================
 # MODIFY A CONFIG FILE
 #=================================================
 ynh_script_progression --message="Modifying a config file..."  --weight=2
-### `ynh_replace_string` is used to replace a string in a file.
-### (It's compatible with sed regular expressions syntax)
 
-
-cp -f ../conf/env.sample "$final_path/live/.env"
 config_file="$final_path/live/.env"
+cp -f ../conf/env.sample $config_file
 ynh_replace_string --match_string="EXPOSED_PORT=3000" --replace_string="EXPOSED_PORT=$port_web" --target_file="$config_file"
 secret_key=$(ynh_string_random --length=48 | base64)
 ynh_replace_string --match_string="SECRET_KEY_BASE=changeme123" --replace_string="SECRET_KEY_BASE=$secret_key" --target_file="$config_file"
@@ -206,8 +136,6 @@ ynh_replace_string --match_string="DB_DATABASE=standard_notes_db" --replace_stri
 ynh_replace_string --match_string="DB_USERNAME=std_notes_user" --replace_string="DB_USERNAME=$db_user" --target_file="$config_file"
 ynh_replace_string --match_string="DB_PASSWORD=changeme123" --replace_string="DB_PASSWORD=$db_pwd" --target_file="$config_file"
 
-
-
 #=================================================
 # INSTALLING Standard Notes - Synicing Server 
 #=================================================
@@ -219,77 +147,15 @@ pushd "$final_path/live"
 	exec_as "$app" env PATH=$PATH /opt/rbenv/versions/$RUBY_VERSION/bin/bundle config set path 'vendor/bundle'
 	exec_as "$app" env PATH=$PATH /opt/rbenv/versions/$RUBY_VERSION/bin/bundle config set with 'development'
 	exec_as "$app" env PATH=$PATH /opt/rbenv/versions/$RUBY_VERSION/bin/bundle install
-	#exec_as "$app" env PATH=$PATH yarn install --pure-lockfile
-	#exec_as "$app" echo "SAFETY_ASSURED=1">> .env.production
 	exec_as "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/$RUBY_VERSION/bin/bundle exec rails db:create db:migrate
-	#exec_as "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/$RUBY_VERSION/bin/bundle exec rails assets:precompile --quiet
-	#exec_as "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/$RUBY_VERSION/bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt
-	#exec_as "$app" env PATH=$PATH RAILS_ENV=production bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=admin > acc.txt
 popd
 
-#(cd "$final_path"
-# Install bundler, a gems installer
-#gem install bundler
-# Install without documentation
-#exec_as $app echo "gem: --no-ri --no-rdoc" >> "$final_path/.gemrc")
-
-# Install dependencies
-#exec_login_as $app bundle config set path 'vendor/bundle'
-#exec_login_as $app bundle config set with 'development'
-#exec_login_as $app bundle install
-# Database Migrate
-#exec_login_as $app rails db:create db:migrate
-#=================================================
-
-#=================================================
-# SETUP APPLICATION WITH CURL
-#=================================================
-
-### Use these lines only if the app installation needs to be finalized through
-### web forms. We generally don't want to ask the final user,
-### so we're going to use curl to automatically fill the fields and submit the
-### forms.
-
-# Set right permissions for curl install
-#chown -R $app: $final_path
-
-# Set the app as temporarily public for curl call
-#ynh_script_progression --message="Configuring SSOwat..."  --time --weight=1
-#ynh_app_setting_set --app=$app --key=skipped_uris --value="/"
-# Reload SSOwat config
-#yunohost app ssowatconf
-
-# Reload Nginx
-#ynh_systemd_action --service_name=nginx --action=reload
-
-# Installation with curl
-#ynh_script_progression --message="Finalizing installation..."  --time --weight=1
-#ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
-
-# Remove the public access
-#if [ $is_public -eq 0 ]
-#then
-#	ynh_app_setting_delete --app=$app --key=skipped_uris
-#fi
-
 #=================================================
 # SETUP SYSTEMD
 #=================================================
 ynh_script_progression --message="Configuring a systemd service..."  --weight=4
 
-### `ynh_systemd_config` is used to configure a systemd script for an app.
-### It can be used for apps that use sysvinit (with adaptation) or systemd.
-### Have a look at the app to be sure this app needs a systemd script.
-### `ynh_systemd_config` will use the file conf/systemd.service
-### If you're not using these lines:
-###		- You can remove those files in conf/.
-###		- Remove the section "BACKUP SYSTEMD" in the backup script
-###		- Remove also the section "STOP AND REMOVE SERVICE" in the remove script
-###		- As well as the section "RESTORE SYSTEMD" in the restore script
-###		- And the section "SETUP SYSTEMD" in the upgrade script
-
 # Create a dedicated systemd config
-#ynh_add_systemd_config
 ynh_replace_string --match_string="__PORT_WEB__" --replace_string="$port_web" --target_file="../conf/systemd.service"
 ynh_replace_string --match_string="__RUBY_VERSION__" --replace_string="$RUBY_VERSION" --target_file="../conf/systemd.service"
 ynh_add_systemd_config --service="$app" --template="systemd.service"
@@ -298,22 +164,16 @@ ynh_add_systemd_config --service="$app" --template="systemd.service"
 # STORE THE CONFIG FILE CHECKSUM
 #=================================================
 
-### `ynh_store_file_checksum` is used to store the checksum of a file.
-### That way, during the upgrade script, by using `ynh_backup_if_checksum_is_different`,
-### you can make a backup of this file before modifying it again if the admin had modified it.
-
 # Calculate and store the config file checksum into the app settings
 ynh_store_file_checksum --file="$config_file"
+ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
 
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
+#=================================================
 # SECURE FILES AND DIRECTORIES
 #=================================================
-ynh_script_progression --message="Securing files and directories..."  --weight=1
-### For security reason, any app should set the permissions to root: before anything else.
-### Then, if write authorization is needed, any access should be given only to directories
-### that really need such authorization.
 
 # Set permissions to app files
 chown -R root: $final_path
@@ -323,66 +183,25 @@ chown -R $app: $final_path/live/log/
 mkdir -p $final_path/live/tmp
 chown -R $app: $final_path/live/tmp/
 
+mkdir -p /var/log/$app
+chown -R $app: /var/log/$app
 
 #=================================================
 # SETUP LOGROTATE
 #=================================================
 ynh_script_progression --message="Configuring log rotation..."  --weight=1
 
-### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
-### Use this helper only if there is effectively a log file for this app.
-### If you're not using this helper:
-###		- Remove the section "BACKUP LOGROTATE" in the backup script
-###		- Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
-###		- As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
-###		- And the section "SETUP LOGROTATE" in the upgrade script
-
-mkdir -p /var/log/snserver
-chown -R $app: /var/log/snserver
-
 # Use logrotate to manage application logfile(s)
-ynh_use_logrotate --logfile="$final_path/log/production.log"
-ynh_use_logrotate --logfile="/var/log/snserver/snserver.log"
+ynh_use_logrotate --logfile="$final_path/live/log/production.log"
+ynh_use_logrotate --logfile="/var/log/$app/$app.log"
 
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
 ynh_script_progression --message="Integrate $app service in Yunohost..."  --weight=1
 
-### `yunohost service add` integrates a service in YunoHost. It then gets 
-### displayed in the admin interface and through the others `yunohost service` commands.
-### (N.B. : this line only makes sense if the app adds a service to the system!)
-### If you're not using these lines:
-###		- You can remove these files in conf/.
-###		- Remove the section "REMOVE SERVICE FROM ADMIN PANEL" in the remove script
-###		- As well as the section "ADVERTISE SERVICE IN ADMIN PANEL" in the restore script
-
 yunohost service add $app --description "Standard Notes - Syncing Server" 
 
-### With YunoHost 3.8 you will then be able to: 
-### - specify a list of ports that needs to be publicly exposed (c.f. --needs_exposed_ports) 
-###   which will then be checked by YunoHost's diagnosis system
-### - specify a custom command to check the status of the service (c.f. --test_status)
-###   though it's only needed for weird cases where 'systemctl status' doesn't do a good job
-### - specify a custom command to check / validate the configuration of the service (c.f. --test_conf)
-###   for example, the command to check the configuration of nginx is "nginx -t"
-
-#=================================================
-# START SYSTEMD SERVICE
-#=================================================
-ynh_script_progression --message="Starting a systemd service..."  --weight=1
-
-### `ynh_systemd_action` is used to start a systemd service for an app.
-### Only needed if you have configure a systemd service
-### If you're not using these lines:
-###		- Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script
-###		- As well as the section "START SYSTEMD SERVICE" in the restore script
-###		- As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script
-###		- And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script
-
-# Start a systemd service
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
-
 #=================================================
 # SETUP FAIL2BAN
 #=================================================
@@ -398,9 +217,20 @@ ynh_script_progression --message="Configuring SSOwat..."  --weight=3
 # Make app public if necessary or protect it
 if [ $is_public -eq 1 ]
 then
-	ynh_permission_update --permission "main" --add "visitors"
+	# Create the visitors permission if needed
+	if ! ynh_permission_exists --permission "visitors"; then
+		ynh_permission_create --permission "visitors"
+	fi
 fi
 
+#=================================================
+# START SYSTEMD SERVICE
+#=================================================
+ynh_script_progression --message="Starting a systemd service..."  --weight=1
+
+# Start a systemd service
+ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+
 #=================================================
 # RELOAD NGINX
 #=================================================

scripts/restore

@@ -8,6 +8,7 @@
 
 #Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
 source ../settings/scripts/_common.sh
+source ../settings/scripts/ynh_install_ruby
 source /usr/share/yunohost/helpers
 
 #=================================================
@@ -33,6 +34,7 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
+db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
 
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
@@ -65,16 +67,21 @@ ynh_restore_file --origin_path="$final_path"
 ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1
 
 # Create the dedicated user (if not existing)
-ynh_system_user_create --username=$app
+ynh_system_user_create --username=$app --home_dir=$final_path
 
 #=================================================
 # RESTORE USER RIGHTS
 #=================================================
 
 # Restore permissions on app files
-chown -R "$app":"$app" $final_path
-mkdir -p "/var/log/$app"
-chown -R "$app":"$app" /var/log/$app
+chown -R root: $final_path
+chown $app: $final_path
+mkdir -p $final_path/live/log
+chown -R $app: $final_path/live/log/
+mkdir -p $final_path/live/tmp
+chown -R $app: $final_path/live/tmp/
+mkdir -p /var/log/$app
+chown -R $app: /var/log/$app
 
 #=================================================
 # RESTORE FAIL2BAN CONFIGURATION
@@ -95,12 +102,20 @@ ynh_script_progression --message="Reinstalling dependencies..." --time --weight=
 # Define and install dependencies
 ynh_install_app_dependencies $pkg_dependencies
 
+
+#=================================================
+# INSTALLING RUBY AND BUNDLER
+#=================================================
+ynh_script_progression --message="Installing Ruby..."
+
+ynh_install_ruby --ruby_version=$RUBY_VERSION
+/opt/rbenv/versions/$RUBY_VERSION/bin/gem update --system --no-document
+
 #=================================================
 # RESTORE THE MYSQL DATABASE
 #=================================================
 ynh_script_progression --message="Restoring the MySQL database..." --time --weight=1
 
-db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
 ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
 ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
 
@@ -116,7 +131,7 @@ systemctl enable $app.service
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
 
-yunohost service add $app --description "A short description of the app" --log "/var/log/$app/$app.log"
+yunohost service add $app --description "Standard Notes - Syncing Server" --log "/var/log/$app/$app.log"
 
 #=================================================
 # START SYSTEMD SERVICE
@@ -138,7 +153,6 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app"
 #=================================================
 ynh_script_progression --message="Reloading nginx web server and php-fpm..." --time --weight=1
 
-ynh_systemd_action --service_name=php7.0-fpm --action=reload
 ynh_systemd_action --service_name=nginx --action=reload
 
 #=================================================

scripts/upgrade

@@ -7,6 +7,7 @@
 #=================================================
 
 source _common.sh
+source ynh_install_ruby
 source /usr/share/yunohost/helpers
 
 #=================================================
@@ -18,10 +19,8 @@ app=$YNH_APP_INSTANCE_NAME
 
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
-admin=$(ynh_app_setting_get --app=$app --key=admin)
 is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-language=$(ynh_app_setting_get --app=$app --key=language)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 
 #=================================================
@@ -58,7 +57,7 @@ fi
 
 # If final_path doesn't exist, create it
 if [ -z "$final_path" ]; then
-	final_path=/var/www/$app
+	final_path=/opt/yunohost/$app
 	ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 fi
 
@@ -81,11 +80,6 @@ ynh_abort_if_errors
 #=================================================
 
 # Normalize the URL path syntax
-# N.B. : this is for app installations before YunoHost 2.7
-# where this value might be something like /foo/ or foo/
-# instead of /foo ....
-# If nobody installed your app before 2.7, then you may
-# safely remove this line
 path_url=$(ynh_normalize_url_path --path_url=$path_url)
 
 #=================================================
@@ -105,8 +99,19 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
 	ynh_script_progression --message="Upgrading source files..." --time --weight=1
 
+	# Backup files to keep
+	tmpdir=$(mktemp -d)
+	if [ -d $final_path/live/log ] ; then
+		cp -Rp $final_path/live/log $tmpdir
+	fi
+	# Remove destination directory
+	ynh_secure_remove --file=$final_path
 	# Download, check integrity, uncompress and patch the source from app.src
-	ynh_setup_source --dest_dir="$final_path"
+	mkdir -p $final_path
+	ynh_setup_source --dest_dir="$final_path/live"
+	if [ -d $tmpdir/log ] ; then
+		cp -Rp $tmpdir/log $final_path/live
+	fi
 fi
 
 #=================================================
@@ -115,8 +120,10 @@ fi
 ynh_script_progression --message="Upgrading nginx web server configuration..." --time --weight=1
 
 # Create a dedicated nginx config
+ynh_replace_string --match_string="proxy_pass http://127.0.0.1:__PORT__;" --replace_string="proxy_pass http://127.0.0.1:$port_web;" --target_file="../conf/nginx.conf"
 ynh_add_nginx_config
 
+
 #=================================================
 # UPGRADE DEPENDENCIES
 #=================================================
@@ -124,37 +131,60 @@ ynh_script_progression --message="Upgrading dependencies..." --time --weight=1
 
 ynh_install_app_dependencies $pkg_dependencies
 
+#=================================================
+# INSTALL RUBY
+#=================================================
+ynh_script_progression --message="Installing Ruby..."
+
+ynh_install_ruby --ruby_version=$RUBY_VERSION
+/opt/rbenv/versions/$RUBY_VERSION/bin/gem update --system --no-document
+
 #=================================================
 # CREATE DEDICATED USER
 #=================================================
 ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1
 
 # Create a dedicated user (if not existing)
-ynh_system_user_create --username=$app
+ynh_system_user_create --username=$app --home_dir=$final_path
 
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================
-# ...
 #=================================================
+# MODIFY A CONFIG FILE
+#=================================================
+if [ "$upgrade_type" == "UPGRADE_APP" ]
+then
+	ynh_script_progression --message="Modifying a config file..."  --weight=2
 
+	config_file="$final_path/live/.env"
+	cp -f ../conf/env.sample $config_file
+	ynh_replace_string --match_string="EXPOSED_PORT=3000" --replace_string="EXPOSED_PORT=$port_web" --target_file="$config_file"
+	secret_key=$(ynh_string_random --length=48 | base64)
+	ynh_replace_string --match_string="SECRET_KEY_BASE=changeme123" --replace_string="SECRET_KEY_BASE=$secret_key" --target_file="$config_file"
+	pseudo_key=$(ynh_string_random --length=48 | base64)
+	ynh_replace_string --match_string="PSEUDO_KEY_PARAMS_KEY=changeme456" --replace_string="PSEUDO_KEY_PARAMS_KEY=$pseudo_key" --target_file="$config_file"
+	ynh_replace_string --match_string="RAILS_ENV=development" --replace_string="RAILS_ENV=production" --target_file="$config_file"
+	ynh_replace_string --match_string="DB_DATABASE=standard_notes_db" --replace_string="DB_DATABASE=$db_name" --target_file="$config_file"
+	ynh_replace_string --match_string="DB_USERNAME=std_notes_user" --replace_string="DB_USERNAME=$db_user" --target_file="$config_file"
+	ynh_replace_string --match_string="DB_PASSWORD=changeme123" --replace_string="DB_PASSWORD=$db_pwd" --target_file="$config_file"
+fi
 #=================================================
-# STORE THE CONFIG FILE CHECKSUM
+# INSTALLING Standard Notes - Synicing Server 
 #=================================================
+if [ "$upgrade_type" == "UPGRADE_APP" ]
+then
+	ynh_script_progression --message="Installing Standard Notes - Synicing Server..."  --weight=93
 	
-### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script.
-### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it.
-ynh_backup_if_checksum_is_different --file="$final_path/CONFIG_FILE"
-# Recalculate and store the checksum of the file for the next upgrade.
-ynh_store_file_checksum --file="$final_path/CONFIG_FILE"
+	chown -R "$app": "$final_path"
 	
-#=================================================
-# SETUP LOGROTATE
-#=================================================
-ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1
-
-# Use logrotate to manage app-specific logfile(s)
-ynh_use_logrotate --non-append
+	pushd "$final_path/live"
+		exec_as "$app" env PATH=$PATH /opt/rbenv/versions/$RUBY_VERSION/bin/bundle config set path 'vendor/bundle'
+		exec_as "$app" env PATH=$PATH /opt/rbenv/versions/$RUBY_VERSION/bin/bundle config set with 'development'
+		exec_as "$app" env PATH=$PATH /opt/rbenv/versions/$RUBY_VERSION/bin/bundle install
+		exec_as "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/$RUBY_VERSION/bin/bundle exec rails db:create db:migrate
+	popd
+fi
 
 #=================================================
 # SETUP SYSTEMD
@@ -162,35 +192,64 @@ ynh_use_logrotate --non-append
 ynh_script_progression --message="Upgrading systemd configuration..." --time --weight=1
 
 # Create a dedicated systemd config
-ynh_add_systemd_config
+ynh_replace_string --match_string="__PORT_WEB__" --replace_string="$port_web" --target_file="../conf/systemd.service"
+ynh_replace_string --match_string="__RUBY_VERSION__" --replace_string="$RUBY_VERSION" --target_file="../conf/systemd.service"
+ynh_add_systemd_config --service="$app" --template="systemd.service"
+
+#=================================================
+# STORE THE CONFIG FILE CHECKSUM
+#=================================================
+
+# Calculate and store the config file checksum into the app settings
+ynh_store_file_checksum --file="$config_file"
+ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
 
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
-# UPGRADE FAIL2BAN
-#=================================================
-ynh_script_progression --message="Reconfiguring fail2ban..." --time --weight=1
-
-# Create a dedicated fail2ban config
-ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
-
 #=================================================
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Set permissions on app files
+# Set permissions to app files
 chown -R root: $final_path
+chown $app: $final_path
+mkdir -p $final_path/live/log
+chown -R $app: $final_path/live/log/
+mkdir -p $final_path/live/tmp
+chown -R $app: $final_path/live/tmp/
+
+mkdir -p /var/log/$app
+chown -R $app: /var/log/$app
+
+#=================================================
+# SETUP LOGROTATE
+#=================================================
+ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1
+
+# Use logrotate to manage application logfile(s)
+ynh_use_logrotate --logfile="$final_path/live/log/production.log"
+ynh_use_logrotate --logfile="/var/log/$app/$app.log"
+
+#=================================================
+# SETUP FAIL2BAN
+#=================================================
+#ynh_script_progression --message="Reconfiguring fail2ban..." --time --weight=1
+
+# Create a dedicated fail2ban config
+#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
 
 #=================================================
 # SETUP SSOWAT
 #=================================================
 ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1
-
-# Make app public if necessary
+# Make app public if necessary or protect it
 if [ $is_public -eq 1 ]
 then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+	# Create the visitors permission if needed
+	if ! ynh_permission_exists --permission "visitors"; then
+		ynh_permission_create --permission "visitors"
+	fi
 fi
 
 #=================================================
@@ -198,6 +257,7 @@ fi
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --time --weight=1
 
+# Start a systemd service
 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
 
 #=================================================