mirror of
https://github.com/YunoHost-Apps/ssbroom_ynh.git
synced 2024-09-03 20:26:29 +02:00
Working on single install
This commit is contained in:
parent
2bce3a74d1
commit
e7dbc96048
8 changed files with 257 additions and 246 deletions
|
@ -1,5 +1,5 @@
|
||||||
SOURCE_URL=https://github.com/ssb-ngi-pointer/go-ssb-room/releases/download/v2.0.6/go-ssb-room_2.0.6_Linux_x86_64.tar.gz
|
SOURCE_URL=https://files.commoninternet.net/go-ssb-room_2.0.6_Linux_x86_64.tar.gz
|
||||||
SOURCE_SUM=0ab385e7632ad8c3c16c13f6bb1843dcfaa9e927afd9d6a8a35691b14a308e5e
|
SOURCE_SUM=7823838a42daac48c39f13563552b84920d66e782acf239d1da5fbd3b475c5bf
|
||||||
SOURCE_SUM_PRG=sha256sum
|
SOURCE_SUM_PRG=sha256sum
|
||||||
SOURCE_FORMAT=tar.gz
|
SOURCE_FORMAT=tar.gz
|
||||||
SOURCE_IN_SUBDIR=true
|
SOURCE_IN_SUBDIR=true
|
||||||
|
|
178
conf/full_nginx.conf
Normal file
178
conf/full_nginx.conf
Normal file
|
@ -0,0 +1,178 @@
|
||||||
|
map $http_upgrade $connection_upgrade {
|
||||||
|
default upgrade;
|
||||||
|
'' close;
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name __DOMAIN__ xmpp-upload.__DOMAIN__;
|
||||||
|
|
||||||
|
access_by_lua_file /usr/share/ssowat/access.lua;
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/acme-challenge.conf.inc;
|
||||||
|
|
||||||
|
location /yunohost {
|
||||||
|
return 301 https://$http_host$request_uri;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ^~ '/.well-known/ynh-diagnosis/' {
|
||||||
|
alias /tmp/.well-known/ynh-diagnosis/;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ^~ '/.well-known/autoconfig/mail/' {
|
||||||
|
alias /var/www/.well-known/__DOMAIN__/autoconfig/mail/;
|
||||||
|
}
|
||||||
|
|
||||||
|
access_log /var/log/nginx/__DOMAIN__-access.log;
|
||||||
|
error_log /var/log/nginx/__DOMAIN__-error.log;
|
||||||
|
}
|
||||||
|
|
||||||
|
# vhost dedicated to XMPP http_upload
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name xmpp-upload.__DOMAIN__;
|
||||||
|
root /dev/null;
|
||||||
|
|
||||||
|
location /upload/ {
|
||||||
|
alias /var/xmpp-upload/__DOMAIN__/upload/;
|
||||||
|
# Pass all requests to metronome, except for GET and HEAD requests.
|
||||||
|
limit_except GET HEAD {
|
||||||
|
proxy_pass http://localhost:5290;
|
||||||
|
}
|
||||||
|
|
||||||
|
include proxy_params;
|
||||||
|
add_header 'Access-Control-Allow-Origin' '*';
|
||||||
|
add_header 'Access-Control-Allow-Methods' 'HEAD, GET, PUT, OPTIONS';
|
||||||
|
add_header 'Access-Control-Allow-Headers' 'Authorization';
|
||||||
|
add_header 'Access-Control-Allow-Credentials' 'true';
|
||||||
|
client_max_body_size 105M; # Choose a value a bit higher than the max upload configured in XMPP server
|
||||||
|
}
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/security.conf.inc;
|
||||||
|
|
||||||
|
ssl_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
|
||||||
|
ssl_certificate_key /etc/yunohost/certs/__DOMAIN__/key.pem;
|
||||||
|
|
||||||
|
|
||||||
|
more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
|
||||||
|
|
||||||
|
|
||||||
|
# OCSP settings
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
ssl_trusted_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
|
||||||
|
resolver 127.0.0.1 127.0.1.1 valid=300s;
|
||||||
|
resolver_timeout 5s;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/xmpp-upload.__DOMAIN__-access.log;
|
||||||
|
error_log /var/log/nginx/xmpp-upload.__DOMAIN__-error.log;
|
||||||
|
}
|
||||||
|
|
||||||
|
# base ssl path
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name __DOMAIN__;
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/security.conf.inc;
|
||||||
|
|
||||||
|
ssl_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
|
||||||
|
ssl_certificate_key /etc/yunohost/certs/__DOMAIN__/key.pem;
|
||||||
|
|
||||||
|
more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
|
||||||
|
|
||||||
|
# OCSP settings
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
ssl_trusted_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
|
||||||
|
resolver 127.0.0.1 127.0.1.1 valid=300s;
|
||||||
|
resolver_timeout 5s;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:8899;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
# for websocket
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection $connection_upgrade;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ^~ '/.well-known/autoconfig/mail/' {
|
||||||
|
alias /var/www/.well-known/__DOMAIN__/autoconfig/mail/;
|
||||||
|
}
|
||||||
|
|
||||||
|
access_by_lua_file /usr/share/ssowat/access.lua;
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/yunohost_sso.conf.inc;
|
||||||
|
include /etc/nginx/conf.d/yunohost_admin.conf.inc;
|
||||||
|
include /etc/nginx/conf.d/yunohost_api.conf.inc;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/__DOMAIN__-access.log;
|
||||||
|
error_log /var/log/nginx/__DOMAIN__-error.log;
|
||||||
|
}
|
||||||
|
|
||||||
|
# alias ssl paths
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name "~^(?<alias>\w+)\.__DOMAINREGEX__$";
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/security.conf.inc;
|
||||||
|
|
||||||
|
ssl_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
|
||||||
|
ssl_certificate_key /etc/yunohost/certs/__DOMAIN__/key.pem;
|
||||||
|
|
||||||
|
more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
|
||||||
|
|
||||||
|
# OCSP settings
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
ssl_trusted_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
|
||||||
|
resolver 127.0.0.1 127.0.1.1 valid=300s;
|
||||||
|
resolver_timeout 5s;
|
||||||
|
|
||||||
|
location = / {
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
# "rewrite" requests with subdomains to the non-wildcard url for alias resolving
|
||||||
|
# $is_args$args pass on ?encoding=json if present
|
||||||
|
proxy_pass http://localhost:8899/alias/$alias$is_args$args;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
proxy_pass http://localhost:8899;
|
||||||
|
}
|
||||||
|
|
||||||
|
access_by_lua_file /usr/share/ssowat/access.lua;
|
||||||
|
|
||||||
|
#include /etc/nginx/conf.d/yunohost_sso.conf.inc;
|
||||||
|
#include /etc/nginx/conf.d/yunohost_admin.conf.inc;
|
||||||
|
#include /etc/nginx/conf.d/yunohost_api.conf.inc;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/__DOMAIN__-access.log;
|
||||||
|
error_log /var/log/nginx/__DOMAIN__-error.log;
|
||||||
|
}
|
||||||
|
|
||||||
|
# redirect http to https
|
||||||
|
server {
|
||||||
|
if ($host ~ __DOMAIN__$ ) {
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
} # managed by Certbot
|
||||||
|
|
||||||
|
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name __DOMAIN__;
|
||||||
|
return 404; # managed by Certbot
|
||||||
|
}
|
|
@ -6,9 +6,8 @@ After=network.target
|
||||||
Type=simple
|
Type=simple
|
||||||
User=__APP__
|
User=__APP__
|
||||||
Group=__APP__
|
Group=__APP__
|
||||||
WorkingDirectory=__FINALPATH__/
|
WorkingDirectory=__DATADIR__/
|
||||||
ExecStart=__FINALPATH__/go-ssb-room -repo /var/lib/peachcloud/go-ssb-room -lishttp localhost:8899 -https-domain ssbroom.commoninternet.net
|
ExecStart=__FINALPATH__/go-ssb-room -repo __DATADIR__/ -lishttp localhost:__PORT__ -https-domain __DOMAIN__ -lismux localhost:__SSBPORT__
|
||||||
WorkingDirectory=/var/lib/peachcloud/go-ssb-room
|
|
||||||
StandardOutput=append:/var/log/__APP__/__APP__.log
|
StandardOutput=append:/var/log/__APP__/__APP__.log
|
||||||
StandardError=inherit
|
StandardError=inherit
|
||||||
|
|
||||||
|
|
|
@ -35,29 +35,19 @@
|
||||||
"example": "example.com"
|
"example": "example.com"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "path",
|
"name": "ssb_admin_id",
|
||||||
"type": "path",
|
"type": "string",
|
||||||
"example": "/example",
|
"help": {
|
||||||
"default": "/example"
|
"en": "This ssb_id is used as the username for the first admin of the room. Create an ssb account or use your already existing ssb account, and use your ssb public key as the room admin id."
|
||||||
},
|
},
|
||||||
{
|
"example": "@5Pt3dKy2HTJ0mWuS78oIiklIX0gBz6BTfEnXsbvke9c=.ed25519"
|
||||||
"name": "admin",
|
|
||||||
"type": "user",
|
|
||||||
"example": "johndoe"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "is_public",
|
|
||||||
"type": "boolean",
|
|
||||||
"default": true
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "password",
|
"name": "password",
|
||||||
"type": "password",
|
"type": "password",
|
||||||
"help": {
|
"help": {
|
||||||
"en": "Use the help field to add an information for the admin about this question.",
|
"en": "Use this password to log into the admin interface for the ssb room."
|
||||||
"fr": "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question."
|
}
|
||||||
},
|
|
||||||
"example": "Choose a password"
|
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,6 +11,20 @@ pkg_dependencies=""
|
||||||
# PERSONAL HELPERS
|
# PERSONAL HELPERS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
|
# because ssbroom requires wildcard subdomains for aliases
|
||||||
|
# we need this custom function for creating the ssbroom nginx config
|
||||||
|
# instead of the standard ynh_add_nginx_config
|
||||||
|
add_ssb_room_nginx_config() {
|
||||||
|
domain=$1
|
||||||
|
domainregex=$(echo "$domain" | sed -r 's/\./\\\./g')
|
||||||
|
# the sed statement above replaces all . with \.
|
||||||
|
ynh_add_config --template="full_nginx.conf" --destination="/etc/nginx/conf.d/$domain.conf"
|
||||||
|
}
|
||||||
|
|
||||||
|
remove_ssb_room_nginx_config() {
|
||||||
|
rm "/etc/nginx/conf.d/$domain.conf"
|
||||||
|
}
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# EXPERIMENTAL HELPERS
|
# EXPERIMENTAL HELPERS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
@ -81,35 +81,11 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Updating NGINX web server configuration..." --time --weight=1
|
ynh_script_progression --message="Updating NGINX web server configuration..." --time --weight=1
|
||||||
|
|
||||||
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
|
# because ssbroom requires wildcard subdomains for aliases
|
||||||
|
# we need this custom function for creating the ssbroom nginx config
|
||||||
# Change the path in the NGINX config file
|
# instead of the standard ynh_add_nginx_config
|
||||||
if [ $change_path -eq 1 ]
|
remove_ssb_room_nginx_config $old_domain
|
||||||
then
|
add_ssb_room_nginx_config $new_domain
|
||||||
# Make a backup of the original NGINX config file if modified
|
|
||||||
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
|
|
||||||
# Set global variables for NGINX helper
|
|
||||||
domain="$old_domain"
|
|
||||||
path_url="$new_path"
|
|
||||||
# Create a dedicated NGINX config
|
|
||||||
ynh_add_nginx_config
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Change the domain for NGINX
|
|
||||||
if [ $change_domain -eq 1 ]
|
|
||||||
then
|
|
||||||
# Delete file checksum for the old conf file location
|
|
||||||
ynh_delete_file_checksum --file="$nginx_conf_path"
|
|
||||||
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
|
|
||||||
# Store file checksum for the new config file location
|
|
||||||
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
|
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SPECIFIC MODIFICATIONS
|
|
||||||
#=================================================
|
|
||||||
# ...
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# GENERIC FINALISATION
|
# GENERIC FINALISATION
|
||||||
|
|
185
scripts/install
185
scripts/install
|
@ -25,40 +25,18 @@ ynh_abort_if_errors
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
domain=$YNH_APP_ARG_DOMAIN
|
domain=$YNH_APP_ARG_DOMAIN
|
||||||
path_url=$YNH_APP_ARG_PATH
|
path_url="/"
|
||||||
admin=$YNH_APP_ARG_ADMIN
|
ssb_admin_id=$YNH_APP_ARG_SSB_ADMIN_ID
|
||||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
|
||||||
password=$YNH_APP_ARG_PASSWORD
|
password=$YNH_APP_ARG_PASSWORD
|
||||||
architecture=$(ynh_detect_arch)
|
architecture=$(ynh_detect_arch)
|
||||||
|
|
||||||
### If it's a multi-instance app, meaning it can be installed several times independently
|
|
||||||
### The id of the app as stated in the manifest is available as $YNH_APP_ID
|
|
||||||
### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...)
|
|
||||||
### The app instance name is available as $YNH_APP_INSTANCE_NAME
|
|
||||||
### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
|
|
||||||
### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
|
|
||||||
### - ynhexample__{N} for the subsequent installations, with N=3,4...
|
|
||||||
### The app instance name is probably what interests you most, since this is
|
|
||||||
### guaranteed to be unique. This is a good unique identifier to define installation path,
|
|
||||||
### db names...
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
app=$YNH_APP_INSTANCE_NAME
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
||||||
#=================================================
|
#=================================================
|
||||||
### About --weight and --time
|
|
||||||
### ynh_script_progression will show to your final users the progression of each scripts.
|
|
||||||
### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script.
|
|
||||||
### --time is a packager option, it will show you the execution time since the previous call.
|
|
||||||
### This option should be removed before releasing your app.
|
|
||||||
### Use the execution time, given by --time, to estimate the weight of a step.
|
|
||||||
### A common way to do it is to set a weight equal to the execution time in second +1.
|
|
||||||
### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call.
|
|
||||||
ynh_script_progression --message="Validating installation parameters..." --time --weight=1
|
ynh_script_progression --message="Validating installation parameters..." --time --weight=1
|
||||||
|
|
||||||
### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
|
final_path=/opt/yunohost/$app
|
||||||
### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app"
|
|
||||||
final_path=/var/www/$app
|
|
||||||
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
|
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
|
||||||
|
|
||||||
# Register (book) web path
|
# Register (book) web path
|
||||||
|
@ -71,7 +49,7 @@ ynh_script_progression --message="Storing installation settings..." --time --wei
|
||||||
|
|
||||||
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
||||||
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
||||||
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
ynh_app_setting_set --app=$app --key=admin --value=$ssb_admin_id
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD MODIFICATIONS
|
# STANDARD MODIFICATIONS
|
||||||
|
@ -80,36 +58,23 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Finding an available port..." --time --weight=1
|
ynh_script_progression --message="Finding an available port..." --time --weight=1
|
||||||
|
|
||||||
### Use these lines if you have to open a port for the application
|
# Find an available port for web interface
|
||||||
### `ynh_find_port` will find the first available port starting from the given port.
|
|
||||||
### If you're not using these lines:
|
|
||||||
### - Remove the section "CLOSE A PORT" in the remove script
|
|
||||||
|
|
||||||
# Find an available port
|
|
||||||
port=$(ynh_find_port --port=8899)
|
port=$(ynh_find_port --port=8899)
|
||||||
ynh_app_setting_set --app=$app --key=port --value=$port
|
ynh_app_setting_set --app=$app --key=port --value=$port
|
||||||
|
|
||||||
# Optional: Expose this port publicly
|
# Find an available port for ssb tunnels
|
||||||
# (N.B.: you only need to do this if the app actually needs to expose the port publicly.
|
ssbport=$(ynh_find_port --port=8008)
|
||||||
# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !)
|
ynh_app_setting_set --app=$app --key=ssbport --value=$ssbport
|
||||||
|
|
||||||
# Open the port
|
# Open the ssbport to the public
|
||||||
# ynh_script_progression --message="Configuring firewall..." --time --weight=1
|
ynh_script_progression --message="Configuring firewall..." --time --weight=1
|
||||||
# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
|
ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $ssbport
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# INSTALL DEPENDENCIES
|
# INSTALL DEPENDENCIES
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Installing dependencies..." --time --weight=1
|
ynh_script_progression --message="Installing dependencies..." --time --weight=1
|
||||||
|
|
||||||
### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package.
|
|
||||||
### Those deb packages will be installed as dependencies of this package.
|
|
||||||
### If you're not using this helper:
|
|
||||||
### - Remove the section "REMOVE DEPENDENCIES" in the remove script
|
|
||||||
### - Remove the variable "pkg_dependencies" in _common.sh
|
|
||||||
### - As well as the section "REINSTALL DEPENDENCIES" in the restore script
|
|
||||||
### - And the section "UPGRADE DEPENDENCIES" in the upgrade script
|
|
||||||
|
|
||||||
ynh_install_app_dependencies $pkg_dependencies
|
ynh_install_app_dependencies $pkg_dependencies
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -120,7 +85,6 @@ ynh_script_progression --message="Configuring system user..." --time --weight=1
|
||||||
# Create a system user
|
# Create a system user
|
||||||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||||
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -139,85 +103,39 @@ chown -R $app:www-data "$final_path"
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1
|
ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1
|
||||||
|
|
||||||
### `ynh_add_nginx_config` will use the file conf/nginx.conf
|
# because ssbroom requires wildcard subdomains for aliases
|
||||||
|
# we need this custom function for creating the ssbroom nginx config
|
||||||
# Create a dedicated NGINX config
|
add_ssb_room_nginx_config $domain
|
||||||
ynh_add_nginx_config
|
|
||||||
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SPECIFIC SETUP
|
|
||||||
#=================================================
|
|
||||||
# ...
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CREATE DATA DIRECTORY
|
# CREATE DATA DIRECTORY
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Creating a data directory..." --time --weight=1
|
ynh_script_progression --message="Creating a data directory..." --time --weight=1
|
||||||
|
|
||||||
### Use these lines if you need to create a directory to store "persistent files" for the application.
|
|
||||||
### Usually this directory is used to store uploaded files or any file that won't be updated during
|
|
||||||
### an upgrade and that won't be deleted during app removal
|
|
||||||
### If you're not using these lines:
|
|
||||||
### - Remove the section "BACKUP THE DATA DIR" in the backup script
|
|
||||||
### - As well as the section "RESTORE THE DATA DIRECTORY" in the restore script
|
|
||||||
|
|
||||||
datadir=/home/yunohost.app/$app
|
datadir=/home/yunohost.app/$app
|
||||||
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
|
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
|
||||||
|
|
||||||
mkdir -p $datadir
|
mkdir -p $datadir
|
||||||
|
|
||||||
# FIXME: this should be managed by the core in the future
|
# permissions
|
||||||
# Here, as a packager, you may have to tweak the ownerhsip/permissions
|
|
||||||
# such that the appropriate users (e.g. maybe www-data) can access
|
|
||||||
# files in some cases.
|
|
||||||
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
|
|
||||||
# this will be treated as a security issue.
|
|
||||||
chmod 750 "$datadir"
|
chmod 750 "$datadir"
|
||||||
chmod -R o-rwx "$datadir"
|
chmod -R o-rwx "$datadir"
|
||||||
chown -R $app:www-data "$datadir"
|
chown -R $app:www-data "$datadir"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# CREATE FIRST ADMIN USER
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Creating first ssbroom admin user" --weight=1
|
||||||
|
ynh_exec_as $app $final_path/insert-user -repo $datadir $ssb_admin_id
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP SYSTEMD
|
# SETUP SYSTEMD
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Configuring a systemd service..." --time --weight=1
|
ynh_script_progression --message="Configuring a systemd service..." --time --weight=1
|
||||||
|
|
||||||
### `ynh_systemd_config` is used to configure a systemd script for an app.
|
|
||||||
### It can be used for apps that use sysvinit (with adaptation) or systemd.
|
|
||||||
### Have a look at the app to be sure this app needs a systemd script.
|
|
||||||
### `ynh_systemd_config` will use the file conf/systemd.service
|
|
||||||
### If you're not using these lines:
|
|
||||||
### - You can remove those files in conf/.
|
|
||||||
### - Remove the section "BACKUP SYSTEMD" in the backup script
|
|
||||||
### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script
|
|
||||||
### - As well as the section "RESTORE SYSTEMD" in the restore script
|
|
||||||
### - And the section "SETUP SYSTEMD" in the upgrade script
|
|
||||||
|
|
||||||
# Create a dedicated systemd config
|
# Create a dedicated systemd config
|
||||||
ynh_add_systemd_config
|
ynh_add_systemd_config
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SETUP APPLICATION WITH CURL
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
### Use these lines only if the app installation needs to be finalized through
|
|
||||||
### web forms. We generally don't want to ask the final user,
|
|
||||||
### so we're going to use curl to automatically fill the fields and submit the
|
|
||||||
### forms.
|
|
||||||
|
|
||||||
# Set the app as temporarily public for curl call
|
|
||||||
ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
|
|
||||||
# Making the app public for curl
|
|
||||||
ynh_permission_update --permission="main" --add="visitors"
|
|
||||||
|
|
||||||
# Installation with curl
|
|
||||||
ynh_script_progression --message="Finalizing installation..." --time --weight=1
|
|
||||||
ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
|
|
||||||
|
|
||||||
# Remove the public access
|
|
||||||
ynh_permission_update --permission="main" --remove="visitors"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# GENERIC FINALIZATION
|
# GENERIC FINALIZATION
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -225,14 +143,6 @@ ynh_permission_update --permission="main" --remove="visitors"
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Configuring log rotation..." --time --weight=1
|
ynh_script_progression --message="Configuring log rotation..." --time --weight=1
|
||||||
|
|
||||||
### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
|
|
||||||
### Use this helper only if there is effectively a log file for this app.
|
|
||||||
### If you're not using this helper:
|
|
||||||
### - Remove the section "BACKUP LOGROTATE" in the backup script
|
|
||||||
### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
|
|
||||||
### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
|
|
||||||
### - And the section "SETUP LOGROTATE" in the upgrade script
|
|
||||||
|
|
||||||
# Use logrotate to manage application logfile(s)
|
# Use logrotate to manage application logfile(s)
|
||||||
ynh_use_logrotate
|
ynh_use_logrotate
|
||||||
|
|
||||||
|
@ -241,46 +151,13 @@ ynh_use_logrotate
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
|
ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
|
||||||
|
|
||||||
### `yunohost service add` integrates a service in YunoHost. It then gets
|
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" --needs_exposed_ports $ssbport
|
||||||
### displayed in the admin interface and through the others `yunohost service` commands.
|
|
||||||
### (N.B.: this line only makes sense if the app adds a service to the system!)
|
|
||||||
### If you're not using these lines:
|
|
||||||
### - You can remove these files in conf/.
|
|
||||||
### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script
|
|
||||||
### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script
|
|
||||||
### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script
|
|
||||||
|
|
||||||
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
|
|
||||||
|
|
||||||
### Additional options starting with 3.8:
|
|
||||||
###
|
|
||||||
### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed
|
|
||||||
### which will then be checked by YunoHost's diagnosis system
|
|
||||||
### (N.B. DO NOT USE THIS is the port is only internal!!!)
|
|
||||||
###
|
|
||||||
### --test_status "some command" a custom command to check the status of the service
|
|
||||||
### (only relevant if 'systemctl status' doesn't do a good job)
|
|
||||||
###
|
|
||||||
### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service
|
|
||||||
###
|
|
||||||
### Re-calling 'yunohost service add' during the upgrade script is the right way
|
|
||||||
### to proceed if you later realize that you need to enable some flags that
|
|
||||||
### weren't enabled on old installs (be careful it'll override the existing
|
|
||||||
### service though so you should re-provide all relevant flags when doing so)
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# START SYSTEMD SERVICE
|
# START SYSTEMD SERVICE
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Starting a systemd service..." --time --weight=1
|
ynh_script_progression --message="Starting a systemd service..." --time --weight=1
|
||||||
|
|
||||||
### `ynh_systemd_action` is used to start a systemd service for an app.
|
|
||||||
### Only needed if you have configure a systemd service
|
|
||||||
### If you're not using these lines:
|
|
||||||
### - Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script
|
|
||||||
### - As well as the section "START SYSTEMD SERVICE" in the restore script
|
|
||||||
### - As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script
|
|
||||||
### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script
|
|
||||||
|
|
||||||
# Start a systemd service
|
# Start a systemd service
|
||||||
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
|
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
|
||||||
|
|
||||||
|
@ -289,24 +166,14 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Configuring permissions..." --time --weight=1
|
ynh_script_progression --message="Configuring permissions..." --time --weight=1
|
||||||
|
|
||||||
# Make app public if necessary
|
# Make app public
|
||||||
if [ $is_public -eq 1 ]
|
|
||||||
then
|
|
||||||
# Everyone can access the app.
|
# Everyone can access the app.
|
||||||
# The "main" permission is automatically created before the install script.
|
# The "main" permission is automatically created before the install script.
|
||||||
ynh_permission_update --permission="main" --add="visitors"
|
ynh_permission_update --permission="main" --add="visitors"
|
||||||
fi
|
|
||||||
|
|
||||||
### N.B. : the following extra permissions only make sense if your app
|
# all users can access the /admin section, with or without SSO
|
||||||
### does have for example an admin interface or an api.
|
# as go-ssb-room has its own authentication and user-system
|
||||||
|
# which operates outside of yunohost SSO
|
||||||
# Only the admin can access the admin panel of the app (if the app has an admin panel)
|
|
||||||
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
|
|
||||||
|
|
||||||
# Everyone can access to the api part
|
|
||||||
# We don't want to display the tile in the sso so we put --show_tile="false"
|
|
||||||
# And we don't want that the YunoHost Admin can remove visitors group to this permission, so we put --protected="true"
|
|
||||||
ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RELOAD NGINX
|
# RELOAD NGINX
|
||||||
|
|
|
@ -18,9 +18,9 @@ app=$YNH_APP_INSTANCE_NAME
|
||||||
|
|
||||||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||||||
port=$(ynh_app_setting_get --app=$app --key=port)
|
port=$(ynh_app_setting_get --app=$app --key=port)
|
||||||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
ssbport=$(ynh_app_setting_get --app=$app --key=ssbport)
|
||||||
db_user=$db_name
|
|
||||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||||
|
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD REMOVE
|
# STANDARD REMOVE
|
||||||
|
@ -51,14 +51,6 @@ ynh_script_progression --message="Removing logrotate configuration..." --time --
|
||||||
# Remove the app-specific logrotate config
|
# Remove the app-specific logrotate config
|
||||||
ynh_remove_logrotate
|
ynh_remove_logrotate
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REMOVE THE MYSQL DATABASE
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing the MySQL database..." --time --weight=1
|
|
||||||
|
|
||||||
# Remove a database if it exists, along with the associated user
|
|
||||||
ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# REMOVE DEPENDENCIES
|
# REMOVE DEPENDENCIES
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -75,21 +67,24 @@ ynh_script_progression --message="Removing app main directory..." --time --weigh
|
||||||
# Remove the app directory securely
|
# Remove the app directory securely
|
||||||
ynh_secure_remove --file="$final_path"
|
ynh_secure_remove --file="$final_path"
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# REMOVE DATA DIR
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Removing data directory..." --time --weight=1
|
||||||
|
|
||||||
|
# Remove the data directory securely
|
||||||
|
ynh_secure_remove --file="$datadir"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# REMOVE NGINX CONFIGURATION
|
# REMOVE NGINX CONFIGURATION
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1
|
ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1
|
||||||
|
|
||||||
|
# because ssbroom requires wildcard subdomains for aliases
|
||||||
|
# we need this custom function for creating/removing the ssbroom nginx config
|
||||||
|
# instead of the standard ynh_add_nginx_config
|
||||||
# Remove the dedicated NGINX config
|
# Remove the dedicated NGINX config
|
||||||
ynh_remove_nginx_config
|
remove_ssb_room_nginx_config $domain
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REMOVE PHP-FPM CONFIGURATION
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Removing PHP-FPM configuration..." --time --weight=1
|
|
||||||
|
|
||||||
# Remove the dedicated PHP-FPM config
|
|
||||||
ynh_remove_fpm_config
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CLOSE A PORT
|
# CLOSE A PORT
|
||||||
|
@ -101,13 +96,11 @@ then
|
||||||
ynh_exec_warn_less yunohost firewall disallow TCP $port
|
ynh_exec_warn_less yunohost firewall disallow TCP $port
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
if yunohost firewall list | grep -q "\- $ssbport$"
|
||||||
# REMOVE FAIL2BAN CONFIGURATION
|
then
|
||||||
#=================================================
|
ynh_script_progression --message="Closing ssbport $ssbport..." --time --weight=1
|
||||||
ynh_script_progression --message="Removing Fail2ban configuration..." --time --weight=1
|
ynh_exec_warn_less yunohost firewall disallow TCP $ssbport
|
||||||
|
fi
|
||||||
# Remove the dedicated Fail2Ban config
|
|
||||||
ynh_remove_fail2ban_config
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SPECIFIC REMOVE
|
# SPECIFIC REMOVE
|
||||||
|
@ -116,12 +109,6 @@ ynh_remove_fail2ban_config
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Removing various files..." --time --weight=1
|
ynh_script_progression --message="Removing various files..." --time --weight=1
|
||||||
|
|
||||||
# Remove a cron file
|
|
||||||
ynh_secure_remove --file="/etc/cron.d/$app"
|
|
||||||
|
|
||||||
# Remove a directory securely
|
|
||||||
ynh_secure_remove --file="/etc/$app"
|
|
||||||
|
|
||||||
# Remove the log files
|
# Remove the log files
|
||||||
ynh_secure_remove --file="/var/log/$app"
|
ynh_secure_remove --file="/var/log/$app"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue