1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/sogo_ynh.git synced 2024-09-03 20:26:07 +02:00

Merge pull request #30 from YunoHost-Apps/testing

Testing
This commit is contained in:
Josue-T 2024-02-26 12:59:26 +01:00 committed by GitHub
commit 3ca2bb070e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
16 changed files with 87 additions and 187 deletions

View file

@ -1,5 +1,5 @@
<!--
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/readme_generator
It shall NOT be edited by hand.
-->
@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
SOGo is an opensource groupware solution which has Webmail, a global address book and Calender and Contacts which can be synced via caldav or cardav.
**Shipped version:** 5.0.1~ynh3
**Shipped version:** 5.0.1~ynh4
**Demo:** https://demo.sogo.nu/SOGo/
## Documentation and resources
@ -42,4 +42,4 @@ or
sudo yunohost app upgrade sogo -u https://github.com/YunoHost-Apps/sogo_ynh/tree/testing --debug
```
**More info regarding app packaging:** <https://yunohost.org/packaging_apps>
**More info regarding app packaging:** <https://yunohost.org/packaging_apps>

View file

@ -1,5 +1,5 @@
<!--
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/readme_generator
It shall NOT be edited by hand.
-->
@ -19,7 +19,7 @@ Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
SOGo is an opensource groupware solution which has Webmail, a global address book and Calender and Contacts which can be synced via caldav or cardav.
**Version incluse :** 5.0.1~ynh3
**Version incluse :** 5.0.1~ynh4
**Démo :** https://demo.sogo.nu/SOGo/
## Documentations et ressources

View file

@ -1,22 +0,0 @@
# Sogod cronjobs
# Vacation messages expiration
# The credentials file should contain the sieve admin credentials (username:passwd)
0 0 * * * __APP__ /__INSTALL_DIR__/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds
# Session cleanup - runs every minute
# - Ajust the nbMinutes parameter to suit your needs
# Example: Sessions without activity since 60 minutes will be dropped:
* * * * * __APP__ /__INSTALL_DIR__/sbin/sogo-tool expire-sessions 60 > /dev/null 2>&1
# Email alarms - runs every minutes
# If you need to use SMTP AUTH for outgoing mails, specify credentials to use
# with '-p /path/to/credentialsFile' (same format as the sieve credentials)
* * * * * __APP__ /__INSTALL_DIR__/sbin/sogo-ealarms-notify > /dev/null 2>&1
# Daily backups
# - writes to ~sogo/backups/ by default
# - will keep 31 days worth of backups by default
# - runs once a day by default, but can run more frequently
# - make sure to set the path to sogo-backup.sh correctly
#30 0 * * * __APP__ /__INSTALL_DIR__/share/doc/sogo/sogo-backup.sh

View file

@ -1 +0,0 @@
PREFORK=3

View file

@ -1,8 +1,9 @@
# SOGo Proxying
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location ^~ __PATH__/ {
location ^~/SOGo/
{
proxy_pass http://127.0.0.1:__PORT__;
proxy_redirect http://127.0.0.1:__PORT__/SOGo/ /SOGo;
proxy_redirect http://127.0.0.1:__PORT__ default;
# forward user's IP address
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -11,17 +12,39 @@ location ^~ __PATH__/ {
proxy_set_header x-webobjects-remote-host 127.0.0.1;
proxy_set_header x-webobjects-server-name $server_name;
proxy_set_header x-webobjects-server-url $scheme://$host;
proxy_set_header x-webobjects-server-port $server_port;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 8k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
break;
include conf.d/yunohost_panel.conf.inc;
client_max_body_size 100M;
}
location __PATH__.woa/WebServerResources/ {
location /SOGo.woa/WebServerResources/
{
alias /usr/lib/GNUstep/SOGo/WebServerResources/;
allow all;
expires max;
}
location __PATH__/WebServerResources/ {
location /SOGo/WebServerResources/
{
alias /usr/lib/GNUstep/SOGo/WebServerResources/;
allow all;
expires max;
}
location ^__PATH__/so/ControlPanel/Products/([^/]*)/Resources/(.*)$ {
location (^/SOGo/so/ControlPanel/Products/([^/]*)/Resources/(.*)$)/
{
alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
expires max;
}
location (^/SOGo/so/ControlPanel/Products/[^/]*UI/Resources/.*\.(jpg|png|gif|css|js)$)/
{
alias /usr/lib/GNUstep/SOGo/$1.SOGo/Resources/$2;
expires max;
}

View file

@ -10,13 +10,13 @@
SOGoAppointmentSendEMailNotifications = YES;
SOGoEnablePublicAccess = YES;
SOGoMailingMechanism = smtp;
SOGoSMTPServer = 127.0.0.1:__PORT_SMTP__;
SOGoSMTPServer = "smtp://__DOMAIN__:587/?tls=YES";
SOGoSMTPAuthenticationType = PLAIN;
SOGoTimeZone = UTC;
SOGoSentFolderName = Sent;
SOGoTrashFolderName = Trash;
SOGoDraftsFolderName = Drafts;
SOGoIMAPServer = "imap://localhost:143";
SOGoIMAPServer = "imaps://__DOMAIN__:993";
SOGoIMAPAclConformsToIMAPExt = YES;
SOGoVacationEnabled = YES;
SOGoForwardEnabled = YES;

View file

@ -1,7 +0,0 @@
[Smtp-Starttls]
client=yes
accept = __PORT_SMTP__
connect = 587
protocol = smtp
protocolAuthentication = plain

View file

@ -1,46 +0,0 @@
[Unit]
Description=SOGo is a groupware server
After=network.target
After=mariadb.service
[Service]
Environment="PREFORK=3"
Environment="LD_LIBRARY_PATH=/lib:/usr/lib:/__INSTALL_DIR__/Library/Libraries/sogo:/__INSTALL_DIR__/Local/Library/Libraries/sogo"
EnvironmentFile=-/etc/default/__APP__
Type=forking
ExecStart=/__INSTALL_DIR__/sbin/sogod -WOWorkersCount ${PREFORK} -WOPidFile /run/__APP__/sogo.pid -WOLogFile /var/log/__APP__/sogo.log
PIDFile=/run/__APP__/sogo.pid
User=__APP__
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

View file

@ -7,7 +7,7 @@ name = "SOGo"
description.en = "Opensource groupware for E-Mail, Contacts and Calender"
description.fr = "Groupware opensource pour les e-mail, contacts et calendrier"
version = "5.0.1~ynh3"
version = "5.0.1~ynh4"
maintainers = ["Josué Tille"]
@ -34,6 +34,10 @@ ram.runtime = "200M"
[install.domain]
type = "domain"
[install.path]
type = "path"
default = "/SOGo"
[install.admin]
type = "user"
@ -41,13 +45,11 @@ ram.runtime = "200M"
help.en = "If it's not public, everybody which want to access to any page of SOGo need to be authenticated on the SSO. On the public mode anybody can access to the authentication page. The shared calendar will be also accessible by anybody who has this link"
help.fr = "Si n'est pas publique, n'importe qui veux accéder à n'importe quelle page de SOGo doit être authentifié dans le SSO. Dans le mode publique n'importe qui peut accéder à la page d'authentification de SOGo. Les agenda partagé seront aussi accessible par n'import qui qui à ce liens."
type = "group"
default = "visitors"
default = "all_users"
[resources]
[resources.system_user]
[resources.install_dir]
[resources.permissions]
main.url = "/"
@ -58,15 +60,12 @@ ram.runtime = "200M"
sync_client.auth_header = false
sync_client.additional_urls = ["/Microsoft-Server-ActiveSync", "/principals", "/.well-known/caldav", "/.well-known/carddav"]
[resources.ports]
main.default = 20000
smtp.default = 20001
[resources.apt]
packages = [
"sogo",
"stunnel4",
"memcached",
"mariadb-server",
]

View file

@ -9,7 +9,7 @@
#=================================================
config_nginx() {
nginx_config="$YNH_APP_BASEDIR/conf/nginx.conf"
nginx_config="/etc/nginx/conf.d/$domain.d/$app.conf"
# shellcheck disable=SC2016
principals_block='
@ -21,22 +21,33 @@ location = /principals/ {
# shellcheck disable=SC2016
activesync_block='
# For ActiveSync
location /Microsoft-Server-ActiveSync/ {
proxy_pass http://127.0.0.1:__PORT__/SOGo/Microsoft-Server-ActiveSync/;
location ^~ /Microsoft-Server-ActiveSync {
proxy_connect_timeout 75;
proxy_send_timeout 3600;
proxy_read_timeout 3600;
proxy_buffers 64 256k;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:'$port'/SOGo/Microsoft-Server-ActiveSync;
}'
# shellcheck disable=SC2016
caldav_block='
# For Caldav
location /.well-known/caldav {
location = /.well-known/caldav {
rewrite ^ https://$server_name/SOGo/dav/;
}'
# shellcheck disable=SC2016
carddav_block='
# For Carddav
location /.well-known/carddav {
location = /.well-known/carddav {
rewrite ^ https://$server_name/SOGo/dav/;
}'
ynh_add_nginx_config
if ! is_url_handled -d "$domain" -p "/principals"; then
echo "$principals_block" >> "$nginx_config"
fi
@ -49,7 +60,19 @@ location /.well-known/carddav {
if ! is_url_handled -d "$domain" -p "/.wellk-nown/carddav"; then
echo "$carddav_block" >> "$nginx_config"
fi
ynh_add_nginx_config
ynh_store_file_checksum --file="$nginx_config"
systemctl reload nginx.service
}
set_permissions() {
chown -R "$app:$app" "/etc/$app"
chmod -R u=rwX,g=rX,o= "/etc/$app"
chown -R "$app:$app" "/var/log/$app"
chmod -R u=rwX,g=rX,o= "/var/log/$app"
chown root: "/etc/cron.d/$app"
chmod 644 "/etc/cron.d/$app"
}
#=================================================

View file

@ -22,9 +22,6 @@ ynh_print_info --message="Declaring files to be backed up..."
# Backup the nginx configuration
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
# Backup the logrotate configuration
ynh_backup --src_path="/etc/logrotate.d/$app"
#=================================================
# BACKUP VARIOUS FILES
#=================================================
@ -32,9 +29,6 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
# Backup SOGo configuration
ynh_backup --src_path="/etc/$app"
# Backup Stunnel configuration
ynh_backup --src_path="/etc/stunnel/$app.conf"
# Backup cron
ynh_backup --src_path="/etc/cron.d/$app"

View file

@ -20,6 +20,7 @@ fi
ynh_script_progression --message="Updating NGINX configuration..."
ynh_change_url_nginx_config
config_nginx
#=================================================
# END OF SCRIPT

View file

@ -9,8 +9,9 @@
source _common.sh
source /usr/share/yunohost/helpers
# Set variable
path="/SOGo"
if [[ $path != "/SOGo" ]]; then
ynh_die --message "You can't install SOGo on other path than '/SOGo'"
fi
#=================================================
# ADD A CONFIGURATION
@ -19,37 +20,13 @@ ynh_script_progression --message="Configuring application..." --weight=3
mkdir -p "/etc/$app"
ynh_add_config --template="sogo.conf" --destination="/etc/$app/sogo.conf"
chown -R "$app:$app" "/etc/$app"
chmod -R 750 "/etc/$app"
# Configure stunnel
# To fix the issue https://sogo.nu/bugs/view.php?id=31 we need stunnel to be able to connect correctly to the smtp server
ynh_add_config --template="stunnel.conf" --destination="/etc/stunnel/$app.conf"
# Enable stunnel at startup
ynh_replace_string --match_string="ENABLED=0" --replace_string="ENABLED=1" --target_file="/etc/default/stunnel4"
#=================================================
# SETUP A CRON
#=================================================
ynh_script_progression --message="Setting up a cron..." --weight=1
ynh_add_config --template="cron" --destination="/etc/cron.d/$app"
chown root: "/etc/cron.d/$app"
chmod 644 "/etc/cron.d/$app"
#=================================================
# SYSTEM CONFIGURATION
#=================================================
ynh_script_progression --message="Adding system configurations related to $app..." --weight=1
config_nginx
ynh_use_logrotate --logfile="/var/log/$app/sogo.log" --nonappend
yunohost service add "sogo" --description="Groupware for E-Mail, Contacts and Calender" --log="/var/log/$app/$app.log"
ynh_use_logrotate --logfile="/var/log/$app/sogo.log" --nonappend
chown -R "$app:$app" "/var/log/$app"
chmod -R 750 "/var/log/$app"
set_permissions
#=================================================
# START SYSTEMD SERVICE
@ -57,7 +34,6 @@ chmod -R 750 "/var/log/$app"
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name="$app" --action="restart" --log_path="systemd"
ynh_systemd_action --service_name="stunnel4" --action="restart" --log_path="systemd"
#=================================================
# END OF SCRIPT

View file

@ -14,11 +14,7 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status "sogo" >/dev/null; then
ynh_script_progression --message="Removing sogo service integration..." --weight=1
yunohost service remove "sogo"
fi
yunohost service remove "sogo"
# Remove the dedicated systemd config
ynh_remove_systemd_config

View file

@ -17,37 +17,19 @@ ynh_script_progression --message="Restoring the MySQL database..." --weight=1
ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" < ./db.sql
# Enable stunnel at startup
ynh_replace_string --match_string "ENABLED=0" --replace_string "ENABLED=1" --target_file /etc/default/stunnel4
#=================================================
# RESTORE VARIOUS FILES
#=================================================
ynh_script_progression --message="Restoring various files..." --weight=1
ynh_restore_file --origin_path="/etc/$app"
chown -R "$app:$app" "/etc/$app"
chmod -R 750 "/etc/$app"
ynh_restore_file --origin_path="/etc/stunnel/$app.conf"
ynh_restore_file --origin_path="/etc/cron.d/$app"
ynh_restore_file --origin_path="/var/log/$app"
chown -R "$app:$app" "/var/log/$app"
chmod -R 750 "/var/log/$app"
ynh_restore
#=================================================
# RESTORE SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
systemctl enable "$app.service" --quiet
yunohost service add "sogo" --description="Groupware for E-Mail, Contacts and Calender" --log="/var/log/$app/$app.log"
ynh_use_logrotate --logfile="/var/log/$app/sogo.log" --nonappend
set_permissions
#=================================================
# START SYSTEMD SERVICE
@ -55,15 +37,17 @@ ynh_use_logrotate --logfile="/var/log/$app/sogo.log" --nonappend
ynh_script_progression --message="Starting a systemd service..." --weight=3
ynh_systemd_action --service_name="$app" --action="restart" --log_path="systemd"
ynh_systemd_action --service_name="stunnel4" --action="restart" --log_path="systemd"
#=================================================
# RELOAD NGINX AND PHP-FPM
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name="nginx" --action=reload
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --logfile="/var/log/$app/sogo.log" --nonappend
#=================================================
# END OF SCRIPT
#=================================================

View file

@ -31,27 +31,6 @@ ynh_script_progression --message="Configuring application..." --weight=1
# Configure SOGO
ynh_add_config --template="sogo.conf" --destination="/etc/$app/sogo.conf"
chown -R "$app:$app" "/etc/$app"
chmod -R 750 "/etc/$app"
# Configure stunnel
ynh_add_config --template="stunnel.conf" --destination="/etc/stunnel/$app.conf"
# Enable stunnel at startup
ynh_replace_string --match_string="ENABLED=0" --replace_string="ENABLED=1" --target_file="/etc/default/stunnel4"
# Protect logs dir
chown -R "$app:$app" "/var/log/$app"
chmod -R 750 "/var/log/$app"
#=================================================
# SETUP A CRON
#=================================================
ynh_script_progression --message="Setting up a cron..." --weight=1
ynh_add_config --template="cron" --destination="/etc/cron.d/$app"
chown root: "/etc/cron.d/$app"
chmod 644 "/etc/cron.d/$app"
#=================================================
# REAPPLY SYSTEM CONFIGURATIONS
@ -65,13 +44,14 @@ yunohost service add "sogo" --description="Groupware for E-Mail, Contacts and Ca
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --logfile="/var/log/$app/sogo.log" --nonappend
set_permissions
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name="$app" --action="restart" --log_path="systemd"
ynh_systemd_action --service_name="stunnel4" --action="restart" --log_path="systemd"
#=================================================
# END OF SCRIPT