1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/ssbroom_ynh.git synced 2024-09-03 20:26:29 +02:00

Working on single install

This commit is contained in:
mhfowler 2021-09-15 08:17:28 +02:00
parent 2bce3a74d1
commit e7dbc96048
8 changed files with 257 additions and 246 deletions

View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/ssb-ngi-pointer/go-ssb-room/releases/download/v2.0.6/go-ssb-room_2.0.6_Linux_x86_64.tar.gz SOURCE_URL=https://files.commoninternet.net/go-ssb-room_2.0.6_Linux_x86_64.tar.gz
SOURCE_SUM=0ab385e7632ad8c3c16c13f6bb1843dcfaa9e927afd9d6a8a35691b14a308e5e SOURCE_SUM=7823838a42daac48c39f13563552b84920d66e782acf239d1da5fbd3b475c5bf
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true SOURCE_IN_SUBDIR=true

178
conf/full_nginx.conf Normal file
View file

@ -0,0 +1,178 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
server_name __DOMAIN__ xmpp-upload.__DOMAIN__;
access_by_lua_file /usr/share/ssowat/access.lua;
include /etc/nginx/conf.d/acme-challenge.conf.inc;
location /yunohost {
return 301 https://$http_host$request_uri;
}
location ^~ '/.well-known/ynh-diagnosis/' {
alias /tmp/.well-known/ynh-diagnosis/;
}
location ^~ '/.well-known/autoconfig/mail/' {
alias /var/www/.well-known/__DOMAIN__/autoconfig/mail/;
}
access_log /var/log/nginx/__DOMAIN__-access.log;
error_log /var/log/nginx/__DOMAIN__-error.log;
}
# vhost dedicated to XMPP http_upload
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name xmpp-upload.__DOMAIN__;
root /dev/null;
location /upload/ {
alias /var/xmpp-upload/__DOMAIN__/upload/;
# Pass all requests to metronome, except for GET and HEAD requests.
limit_except GET HEAD {
proxy_pass http://localhost:5290;
}
include proxy_params;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'HEAD, GET, PUT, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
client_max_body_size 105M; # Choose a value a bit higher than the max upload configured in XMPP server
}
include /etc/nginx/conf.d/security.conf.inc;
ssl_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
ssl_certificate_key /etc/yunohost/certs/__DOMAIN__/key.pem;
more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
# OCSP settings
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
resolver 127.0.0.1 127.0.1.1 valid=300s;
resolver_timeout 5s;
access_log /var/log/nginx/xmpp-upload.__DOMAIN__-access.log;
error_log /var/log/nginx/xmpp-upload.__DOMAIN__-error.log;
}
# base ssl path
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name __DOMAIN__;
include /etc/nginx/conf.d/security.conf.inc;
ssl_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
ssl_certificate_key /etc/yunohost/certs/__DOMAIN__/key.pem;
more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
# OCSP settings
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
resolver 127.0.0.1 127.0.1.1 valid=300s;
resolver_timeout 5s;
location / {
proxy_pass http://localhost:8899;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
# for websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
location ^~ '/.well-known/autoconfig/mail/' {
alias /var/www/.well-known/__DOMAIN__/autoconfig/mail/;
}
access_by_lua_file /usr/share/ssowat/access.lua;
include /etc/nginx/conf.d/yunohost_sso.conf.inc;
include /etc/nginx/conf.d/yunohost_admin.conf.inc;
include /etc/nginx/conf.d/yunohost_api.conf.inc;
access_log /var/log/nginx/__DOMAIN__-access.log;
error_log /var/log/nginx/__DOMAIN__-error.log;
}
# alias ssl paths
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name "~^(?<alias>\w+)\.__DOMAINREGEX__$";
include /etc/nginx/conf.d/security.conf.inc;
ssl_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
ssl_certificate_key /etc/yunohost/certs/__DOMAIN__/key.pem;
more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
# OCSP settings
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/yunohost/certs/__DOMAIN__/crt.pem;
resolver 127.0.0.1 127.0.1.1 valid=300s;
resolver_timeout 5s;
location = / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
# "rewrite" requests with subdomains to the non-wildcard url for alias resolving
# $is_args$args pass on ?encoding=json if present
proxy_pass http://localhost:8899/alias/$alias$is_args$args;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $remote_addr:$remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8899;
}
access_by_lua_file /usr/share/ssowat/access.lua;
#include /etc/nginx/conf.d/yunohost_sso.conf.inc;
#include /etc/nginx/conf.d/yunohost_admin.conf.inc;
#include /etc/nginx/conf.d/yunohost_api.conf.inc;
access_log /var/log/nginx/__DOMAIN__-access.log;
error_log /var/log/nginx/__DOMAIN__-error.log;
}
# redirect http to https
server {
if ($host ~ __DOMAIN__$ ) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name __DOMAIN__;
return 404; # managed by Certbot
}

View file

@ -6,9 +6,8 @@ After=network.target
Type=simple Type=simple
User=__APP__ User=__APP__
Group=__APP__ Group=__APP__
WorkingDirectory=__FINALPATH__/ WorkingDirectory=__DATADIR__/
ExecStart=__FINALPATH__/go-ssb-room -repo /var/lib/peachcloud/go-ssb-room -lishttp localhost:8899 -https-domain ssbroom.commoninternet.net ExecStart=__FINALPATH__/go-ssb-room -repo __DATADIR__/ -lishttp localhost:__PORT__ -https-domain __DOMAIN__ -lismux localhost:__SSBPORT__
WorkingDirectory=/var/lib/peachcloud/go-ssb-room
StandardOutput=append:/var/log/__APP__/__APP__.log StandardOutput=append:/var/log/__APP__/__APP__.log
StandardError=inherit StandardError=inherit

View file

@ -35,29 +35,19 @@
"example": "example.com" "example": "example.com"
}, },
{ {
"name": "path", "name": "ssb_admin_id",
"type": "path", "type": "string",
"example": "/example", "help": {
"default": "/example" "en": "This ssb_id is used as the username for the first admin of the room. Create an ssb account or use your already existing ssb account, and use your ssb public key as the room admin id."
}, },
{ "example": "@5Pt3dKy2HTJ0mWuS78oIiklIX0gBz6BTfEnXsbvke9c=.ed25519"
"name": "admin",
"type": "user",
"example": "johndoe"
},
{
"name": "is_public",
"type": "boolean",
"default": true
}, },
{ {
"name": "password", "name": "password",
"type": "password", "type": "password",
"help": { "help": {
"en": "Use the help field to add an information for the admin about this question.", "en": "Use this password to log into the admin interface for the ssb room."
"fr": "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question." }
},
"example": "Choose a password"
} }
] ]
} }

View file

@ -11,6 +11,20 @@ pkg_dependencies=""
# PERSONAL HELPERS # PERSONAL HELPERS
#================================================= #=================================================
# because ssbroom requires wildcard subdomains for aliases
# we need this custom function for creating the ssbroom nginx config
# instead of the standard ynh_add_nginx_config
add_ssb_room_nginx_config() {
domain=$1
domainregex=$(echo "$domain" | sed -r 's/\./\\\./g')
# the sed statement above replaces all . with \.
ynh_add_config --template="full_nginx.conf" --destination="/etc/nginx/conf.d/$domain.conf"
}
remove_ssb_room_nginx_config() {
rm "/etc/nginx/conf.d/$domain.conf"
}
#================================================= #=================================================
# EXPERIMENTAL HELPERS # EXPERIMENTAL HELPERS
#================================================= #=================================================

View file

@ -81,35 +81,11 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app
#================================================= #=================================================
ynh_script_progression --message="Updating NGINX web server configuration..." --time --weight=1 ynh_script_progression --message="Updating NGINX web server configuration..." --time --weight=1
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf # because ssbroom requires wildcard subdomains for aliases
# we need this custom function for creating the ssbroom nginx config
# Change the path in the NGINX config file # instead of the standard ynh_add_nginx_config
if [ $change_path -eq 1 ] remove_ssb_room_nginx_config $old_domain
then add_ssb_room_nginx_config $new_domain
# Make a backup of the original NGINX config file if modified
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
# Set global variables for NGINX helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated NGINX config
ynh_add_nginx_config
fi
# Change the domain for NGINX
if [ $change_domain -eq 1 ]
then
# Delete file checksum for the old conf file location
ynh_delete_file_checksum --file="$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
#=================================================
# SPECIFIC MODIFICATIONS
#=================================================
# ...
#=================================================
#================================================= #=================================================
# GENERIC FINALISATION # GENERIC FINALISATION

View file

@ -25,40 +25,18 @@ ynh_abort_if_errors
#================================================= #=================================================
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH path_url="/"
admin=$YNH_APP_ARG_ADMIN ssb_admin_id=$YNH_APP_ARG_SSB_ADMIN_ID
is_public=$YNH_APP_ARG_IS_PUBLIC
password=$YNH_APP_ARG_PASSWORD password=$YNH_APP_ARG_PASSWORD
architecture=$(ynh_detect_arch) architecture=$(ynh_detect_arch)
### If it's a multi-instance app, meaning it can be installed several times independently
### The id of the app as stated in the manifest is available as $YNH_APP_ID
### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...)
### The app instance name is available as $YNH_APP_INSTANCE_NAME
### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
### - ynhexample__{N} for the subsequent installations, with N=3,4...
### The app instance name is probably what interests you most, since this is
### guaranteed to be unique. This is a good unique identifier to define installation path,
### db names...
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
#================================================= #=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#================================================= #=================================================
### About --weight and --time
### ynh_script_progression will show to your final users the progression of each scripts.
### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script.
### --time is a packager option, it will show you the execution time since the previous call.
### This option should be removed before releasing your app.
### Use the execution time, given by --time, to estimate the weight of a step.
### A common way to do it is to set a weight equal to the execution time in second +1.
### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call.
ynh_script_progression --message="Validating installation parameters..." --time --weight=1 ynh_script_progression --message="Validating installation parameters..." --time --weight=1
### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". final_path=/opt/yunohost/$app
### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app"
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder" test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path # Register (book) web path
@ -71,7 +49,7 @@ ynh_script_progression --message="Storing installation settings..." --time --wei
ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=admin --value=$ssb_admin_id
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS
@ -80,36 +58,23 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
#================================================= #=================================================
ynh_script_progression --message="Finding an available port..." --time --weight=1 ynh_script_progression --message="Finding an available port..." --time --weight=1
### Use these lines if you have to open a port for the application # Find an available port for web interface
### `ynh_find_port` will find the first available port starting from the given port.
### If you're not using these lines:
### - Remove the section "CLOSE A PORT" in the remove script
# Find an available port
port=$(ynh_find_port --port=8899) port=$(ynh_find_port --port=8899)
ynh_app_setting_set --app=$app --key=port --value=$port ynh_app_setting_set --app=$app --key=port --value=$port
# Optional: Expose this port publicly # Find an available port for ssb tunnels
# (N.B.: you only need to do this if the app actually needs to expose the port publicly. ssbport=$(ynh_find_port --port=8008)
# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !) ynh_app_setting_set --app=$app --key=ssbport --value=$ssbport
# Open the port # Open the ssbport to the public
# ynh_script_progression --message="Configuring firewall..." --time --weight=1 ynh_script_progression --message="Configuring firewall..." --time --weight=1
# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $ssbport
#================================================= #=================================================
# INSTALL DEPENDENCIES # INSTALL DEPENDENCIES
#================================================= #=================================================
ynh_script_progression --message="Installing dependencies..." --time --weight=1 ynh_script_progression --message="Installing dependencies..." --time --weight=1
### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package.
### Those deb packages will be installed as dependencies of this package.
### If you're not using this helper:
### - Remove the section "REMOVE DEPENDENCIES" in the remove script
### - Remove the variable "pkg_dependencies" in _common.sh
### - As well as the section "REINSTALL DEPENDENCIES" in the restore script
### - And the section "UPGRADE DEPENDENCIES" in the upgrade script
ynh_install_app_dependencies $pkg_dependencies ynh_install_app_dependencies $pkg_dependencies
#================================================= #=================================================
@ -120,7 +85,6 @@ ynh_script_progression --message="Configuring system user..." --time --weight=1
# Create a system user # Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path" ynh_system_user_create --username=$app --home_dir="$final_path"
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
@ -139,85 +103,39 @@ chown -R $app:www-data "$final_path"
#================================================= #=================================================
ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1 ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1
### `ynh_add_nginx_config` will use the file conf/nginx.conf # because ssbroom requires wildcard subdomains for aliases
# we need this custom function for creating the ssbroom nginx config
# Create a dedicated NGINX config add_ssb_room_nginx_config $domain
ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
#=================================================
# ...
#=================================================
#================================================= #=================================================
# CREATE DATA DIRECTORY # CREATE DATA DIRECTORY
#================================================= #=================================================
ynh_script_progression --message="Creating a data directory..." --time --weight=1 ynh_script_progression --message="Creating a data directory..." --time --weight=1
### Use these lines if you need to create a directory to store "persistent files" for the application.
### Usually this directory is used to store uploaded files or any file that won't be updated during
### an upgrade and that won't be deleted during app removal
### If you're not using these lines:
### - Remove the section "BACKUP THE DATA DIR" in the backup script
### - As well as the section "RESTORE THE DATA DIRECTORY" in the restore script
datadir=/home/yunohost.app/$app datadir=/home/yunohost.app/$app
ynh_app_setting_set --app=$app --key=datadir --value=$datadir ynh_app_setting_set --app=$app --key=datadir --value=$datadir
mkdir -p $datadir mkdir -p $datadir
# FIXME: this should be managed by the core in the future # permissions
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$datadir" chmod 750 "$datadir"
chmod -R o-rwx "$datadir" chmod -R o-rwx "$datadir"
chown -R $app:www-data "$datadir" chown -R $app:www-data "$datadir"
#=================================================
# CREATE FIRST ADMIN USER
#=================================================
ynh_script_progression --message="Creating first ssbroom admin user" --weight=1
ynh_exec_as $app $final_path/insert-user -repo $datadir $ssb_admin_id
#================================================= #=================================================
# SETUP SYSTEMD # SETUP SYSTEMD
#================================================= #=================================================
ynh_script_progression --message="Configuring a systemd service..." --time --weight=1 ynh_script_progression --message="Configuring a systemd service..." --time --weight=1
### `ynh_systemd_config` is used to configure a systemd script for an app.
### It can be used for apps that use sysvinit (with adaptation) or systemd.
### Have a look at the app to be sure this app needs a systemd script.
### `ynh_systemd_config` will use the file conf/systemd.service
### If you're not using these lines:
### - You can remove those files in conf/.
### - Remove the section "BACKUP SYSTEMD" in the backup script
### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script
### - As well as the section "RESTORE SYSTEMD" in the restore script
### - And the section "SETUP SYSTEMD" in the upgrade script
# Create a dedicated systemd config # Create a dedicated systemd config
ynh_add_systemd_config ynh_add_systemd_config
#=================================================
# SETUP APPLICATION WITH CURL
#=================================================
### Use these lines only if the app installation needs to be finalized through
### web forms. We generally don't want to ask the final user,
### so we're going to use curl to automatically fill the fields and submit the
### forms.
# Set the app as temporarily public for curl call
ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
# Making the app public for curl
ynh_permission_update --permission="main" --add="visitors"
# Installation with curl
ynh_script_progression --message="Finalizing installation..." --time --weight=1
ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
# Remove the public access
ynh_permission_update --permission="main" --remove="visitors"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
@ -225,14 +143,6 @@ ynh_permission_update --permission="main" --remove="visitors"
#================================================= #=================================================
ynh_script_progression --message="Configuring log rotation..." --time --weight=1 ynh_script_progression --message="Configuring log rotation..." --time --weight=1
### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
### Use this helper only if there is effectively a log file for this app.
### If you're not using this helper:
### - Remove the section "BACKUP LOGROTATE" in the backup script
### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
### - And the section "SETUP LOGROTATE" in the upgrade script
# Use logrotate to manage application logfile(s) # Use logrotate to manage application logfile(s)
ynh_use_logrotate ynh_use_logrotate
@ -241,46 +151,13 @@ ynh_use_logrotate
#================================================= #=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
### `yunohost service add` integrates a service in YunoHost. It then gets yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" --needs_exposed_ports $ssbport
### displayed in the admin interface and through the others `yunohost service` commands.
### (N.B.: this line only makes sense if the app adds a service to the system!)
### If you're not using these lines:
### - You can remove these files in conf/.
### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script
### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script
### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
### Additional options starting with 3.8:
###
### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed
### which will then be checked by YunoHost's diagnosis system
### (N.B. DO NOT USE THIS is the port is only internal!!!)
###
### --test_status "some command" a custom command to check the status of the service
### (only relevant if 'systemctl status' doesn't do a good job)
###
### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service
###
### Re-calling 'yunohost service add' during the upgrade script is the right way
### to proceed if you later realize that you need to enable some flags that
### weren't enabled on old installs (be careful it'll override the existing
### service though so you should re-provide all relevant flags when doing so)
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
#================================================= #=================================================
ynh_script_progression --message="Starting a systemd service..." --time --weight=1 ynh_script_progression --message="Starting a systemd service..." --time --weight=1
### `ynh_systemd_action` is used to start a systemd service for an app.
### Only needed if you have configure a systemd service
### If you're not using these lines:
### - Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script
### - As well as the section "START SYSTEMD SERVICE" in the restore script
### - As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script
### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script
# Start a systemd service # Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
@ -289,24 +166,14 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap
#================================================= #=================================================
ynh_script_progression --message="Configuring permissions..." --time --weight=1 ynh_script_progression --message="Configuring permissions..." --time --weight=1
# Make app public if necessary # Make app public
if [ $is_public -eq 1 ]
then
# Everyone can access the app. # Everyone can access the app.
# The "main" permission is automatically created before the install script. # The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors" ynh_permission_update --permission="main" --add="visitors"
fi
### N.B. : the following extra permissions only make sense if your app # all users can access the /admin section, with or without SSO
### does have for example an admin interface or an api. # as go-ssb-room has its own authentication and user-system
# which operates outside of yunohost SSO
# Only the admin can access the admin panel of the app (if the app has an admin panel)
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
# Everyone can access to the api part
# We don't want to display the tile in the sso so we put --show_tile="false"
# And we don't want that the YunoHost Admin can remove visitors group to this permission, so we put --protected="true"
ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX

View file

@ -18,9 +18,9 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
port=$(ynh_app_setting_get --app=$app --key=port) port=$(ynh_app_setting_get --app=$app --key=port)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) ssbport=$(ynh_app_setting_get --app=$app --key=ssbport)
db_user=$db_name
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#================================================= #=================================================
# STANDARD REMOVE # STANDARD REMOVE
@ -51,14 +51,6 @@ ynh_script_progression --message="Removing logrotate configuration..." --time --
# Remove the app-specific logrotate config # Remove the app-specific logrotate config
ynh_remove_logrotate ynh_remove_logrotate
#=================================================
# REMOVE THE MYSQL DATABASE
#=================================================
ynh_script_progression --message="Removing the MySQL database..." --time --weight=1
# Remove a database if it exists, along with the associated user
ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name
#================================================= #=================================================
# REMOVE DEPENDENCIES # REMOVE DEPENDENCIES
#================================================= #=================================================
@ -75,21 +67,24 @@ ynh_script_progression --message="Removing app main directory..." --time --weigh
# Remove the app directory securely # Remove the app directory securely
ynh_secure_remove --file="$final_path" ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE DATA DIR
#=================================================
ynh_script_progression --message="Removing data directory..." --time --weight=1
# Remove the data directory securely
ynh_secure_remove --file="$datadir"
#================================================= #=================================================
# REMOVE NGINX CONFIGURATION # REMOVE NGINX CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1 ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1
# because ssbroom requires wildcard subdomains for aliases
# we need this custom function for creating/removing the ssbroom nginx config
# instead of the standard ynh_add_nginx_config
# Remove the dedicated NGINX config # Remove the dedicated NGINX config
ynh_remove_nginx_config remove_ssb_room_nginx_config $domain
#=================================================
# REMOVE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Removing PHP-FPM configuration..." --time --weight=1
# Remove the dedicated PHP-FPM config
ynh_remove_fpm_config
#================================================= #=================================================
# CLOSE A PORT # CLOSE A PORT
@ -101,13 +96,11 @@ then
ynh_exec_warn_less yunohost firewall disallow TCP $port ynh_exec_warn_less yunohost firewall disallow TCP $port
fi fi
#================================================= if yunohost firewall list | grep -q "\- $ssbport$"
# REMOVE FAIL2BAN CONFIGURATION then
#================================================= ynh_script_progression --message="Closing ssbport $ssbport..." --time --weight=1
ynh_script_progression --message="Removing Fail2ban configuration..." --time --weight=1 ynh_exec_warn_less yunohost firewall disallow TCP $ssbport
fi
# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config
#================================================= #=================================================
# SPECIFIC REMOVE # SPECIFIC REMOVE
@ -116,12 +109,6 @@ ynh_remove_fail2ban_config
#================================================= #=================================================
ynh_script_progression --message="Removing various files..." --time --weight=1 ynh_script_progression --message="Removing various files..." --time --weight=1
# Remove a cron file
ynh_secure_remove --file="/etc/cron.d/$app"
# Remove a directory securely
ynh_secure_remove --file="/etc/$app"
# Remove the log files # Remove the log files
ynh_secure_remove --file="/var/log/$app" ynh_secure_remove --file="/var/log/$app"