diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..dd90a77
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2010-2019 Mike Macgirvin
+All rights reserved.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
diff --git a/README.md b/README.md
index bc3a2ab..99fd6fc 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,62 @@
-# zap_ynh
-Zap is a full featured social network application with identity/content mirroring across multiple servers ("nomadic identity") but no "federate" with non-nomadic servers.
+# ZAP for YunoHost
+
+[](https://dash.yunohost.org/appci/app/zap)
+[](https://install-app.yunohost.org/?app=zap)
+
+> *This package allow you to install Nextcloud quickly and simply on a YunoHost server.
+If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
+
+Version: **2.6**
+
+### Interesting links
+
+- [YunoHost project](https://yunohost.org)
+- [Zap website](https://zotlabs.com/zap/)
+- [Zap code on Framagit](https://framagit.org/zot/zap)
+- [Zap addons on Framagit](https://framagit.org/zot/zap-addons)
+
+## ZAP
+[Zap](https://zotlabs.com/zap/) is a powerful platform for creating interconnected websites featuring a decentralized identity, communications, and permissions framework built using common webserver technology.
+
+## This app claims following features:
+- [X] Ldap integration
+- [X] Multi-instance
+- [X] Adeed php.log in the root folder for debugging php, with logrotate applied on it (can be accesssed by **admin->logs** and entering the **php.log**).
+- [X] Fail2ban
+
+
+
+## Installation
+Before installing, read the [ZAP installation instructions](https://framagit.org/zot/zap/blob/master/install/INSTALL.txt) for important information about
+
+
+### Register a new domain and add it to YunoHost
+- Zap requires a dedicated domain, so obtain one and add it using the YunoHost admin panel. **Domains -> Add domain**. As Hubzilla uses the full domain and is installed on the root, you can create a subdomain such as zap.domain.tld. Don't forget to update your DNS if you manage them manually.
+
+
+#### YunoHost >= 2.5 :
+Once the dedicated domain has been added to YunoHost, go again to the admin panel, go to domains then select your domain and click on "Install Let's Encrypt certificate".
+
+### Install the ZAP application
+Use the YunoHost admin panel to install Zap by entering the GitHub repo address in the custom app URL
+
+ https://github.com/YunoHost-Apps/zap_ynh
+
+Make sure to select your new domain created by the instruction in previous section as the application domain.
+
+**For admin rights**: When installation is complete, you will need to visit your new hub's page and login with the **admin account username** which was entered at the time of installation process. You should then be able to create your first channel and have the admin rights for the hub.
+
+**For normal YunoHost users:** Normal LDAP users can login through Ldap authentication and create there channels.
+
+**If the admin cannot access the admin settings:** If the admin cannot access the admin settings at `https://zap.example.com/admin` or you want to grant admin rights to any other user(s) on the hub, then you have to **manually add 4096** to the **account_roles** under **accounts** for that user in the **database through phpMYAdmin**.
+
+**For logs:** Go to **admin->logs** and enter the file name **php.log**.
+
+**Failed Database after Upgrade:** Some times databse upgrade fails after version upgrade. You can go to your hub eg. `https://zap.example.com/admin/dbsync/` and upgrade it manually.
+
+
+#### Supported architectures
+
+* x86-64b - [](https://ci-apps.yunohost.org/ci/apps/zap/)
+* ARMv8-A - [](https://ci-apps-arm.yunohost.org/ci/apps/zap/)
+* Jessie x86-64b - [](https://ci-stretch.nohost.me/ci/apps/zap/)
diff --git a/check_process b/check_process
new file mode 100644
index 0000000..3b35eb0
--- /dev/null
+++ b/check_process
@@ -0,0 +1,45 @@
+# See here for more information
+# https://github.com/YunoHost/package_check#syntax-check_process-file
+
+# Move this file from check_process.default to check_process when you have filled it.
+
+;; Test complet
+ ; Manifest
+ domain="domain.tld" (DOMAIN)
+ admin="john" (USER)
+ upload="256M"
+ ; Checks
+ pkg_linter=1
+ setup_sub_dir=0
+ setup_root=1
+ setup_nourl=0
+ setup_private=0
+ setup_public=1
+ upgrade=1
+ #upgrade=1 from_commit=CommitHash
+ backup_restore=1
+ multi_instance=1
+ incorrect_path=1
+ port_already_use=0
+ change_url=0
+;;; Levels
+ Level 1=auto
+ Level 2=auto
+ Level 3=auto
+# Level 4: If the app supports LDAP and SSOwat, turn level 4 to '1' and add a link to an issue or a part of your code to show it.
+# If the app does not use LDAP nor SSOwat, and can't use them, turn level 4 to 'na' and explain as well.
+ Level 4=1
+ Level 5=auto
+ Level 6=auto
+ Level 7=auto
+ Level 8=0
+ Level 9=0
+ Level 10=0
+;;; Options
+Email=anmol@datamol.org
+Notification=
+;;; Upgrade options
+ ; commit=CommitHash
+ name=Name and date of the commit.
+ manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666&
+
diff --git a/conf/app.src b/conf/app.src
new file mode 100644
index 0000000..2ce46a9
--- /dev/null
+++ b/conf/app.src
@@ -0,0 +1,6 @@
+SOURCE_URL=https://framagit.org/zot/zap/-/archive/2.6/zap-2.6.tar.gz
+SOURCE_SUM=813b81f923691fb09a14600c8c5db73323c8ac74aba716ca5c96d8b411c40ac3
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FORMAT=tar.gz
+SOURCE_IN_SUBDIR=
+SOURCE_FILENAME=
diff --git a/conf/app_addons.src b/conf/app_addons.src
new file mode 100644
index 0000000..d949fba
--- /dev/null
+++ b/conf/app_addons.src
@@ -0,0 +1,6 @@
+SOURCE_URL=https://framagit.org/zot/zap-addons/-/archive/master/zap-addons-master.tar.gz
+SOURCE_SUM=cc64695bbcb464ebcddcb8ef7db2e875bb2411ba4ba8aa1a94bb2fa5a5073cf8
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FORMAT=tar.gz
+SOURCE_IN_SUBDIR=
+SOURCE_FILENAME=
diff --git a/conf/ldap_conf.php b/conf/ldap_conf.php
new file mode 100644
index 0000000..a4688d6
--- /dev/null
+++ b/conf/ldap_conf.php
@@ -0,0 +1,7 @@
+App::$config['system']['addon'] = 'ldapauth';
+
+App::$config['ldapauth']['ldap_server'] = 'localhost';
+App::$config['ldapauth']['ldap_searchdn'] = 'ou=users,dc=yunohost,dc=org';
+App::$config['ldapauth']['ldap_userattr'] = 'uid';
+App::$config['ldapauth']['ldap_autocreateaccount_emailattribute'] = 'mail';
+App::$config['ldapauth']['create_account'] = '1';
diff --git a/conf/nginx.conf b/conf/nginx.conf
new file mode 100644
index 0000000..caa98d8
--- /dev/null
+++ b/conf/nginx.conf
@@ -0,0 +1,79 @@
+ location __PATH__
+ {
+ alias __FINALPATH__/;
+ # Force https
+ if ($scheme = http)
+
+ {
+ rewrite ^ https://$server_name$request_uri? permanent;
+ }
+
+ if (!-e $request_filename)
+
+ {
+ rewrite ^(.*)$ /index.php?q=$1;
+ }
+
+ client_max_body_size 20m;
+ client_body_buffer_size 128k;
+
+ # Default indexes and catch-all
+ index index.php;
+ charset utf-8;
+
+
+ # Example PHP configuration
+ location ~* \.php$
+ {
+ try_files $uri =404;
+ fastcgi_pass unix:/var/run/php5-fpm.sock;
+ fastcgi_index index.php;
+ include fastcgi_params;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ }
+
+ # make sure webfinger and other well known services aren't blocked
+ # by denying dot files and rewrite request to the front controller
+ location ^~ /.well-known/
+ {
+ allow all;
+ if (!-e $request_filename)
+ {
+ rewrite ^(.*)$ /index.php?q=$1;
+ }
+ }
+
+ # statically serve these file types when possible
+ # otherwise fall back to front controller
+ # allow browser to cache them
+ # added .htm for advanced source code editor library
+ # location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|map|ttf|woff|woff2|svg)$ {
+ # expires 30d;
+ # try_files $uri /index.php?q=$uri&$args;
+ # }
+
+ # block these file types
+ location ~* \.(tpl|md|tgz|log|out)$
+ {
+ deny all;
+ }
+
+ # deny access to all dot files
+ location ~ /\.
+ {
+ deny all;
+ }
+
+ #deny access to store
+ location ~ /store
+ {
+ deny all;
+ }
+
+ #deny access to util
+ location ~ /util {
+ deny all;
+ }
+
+ }
+
diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf
new file mode 100644
index 0000000..ab5dca9
--- /dev/null
+++ b/conf/php-fpm.conf
@@ -0,0 +1,430 @@
+; Start a new pool named 'www'.
+; the variable $pool can be used in any directive and will be replaced by the
+; pool name ('www' here)
+[__NAMETOCHANGE__]
+
+; Per pool prefix
+; It only applies on the following directives:
+; - 'access.log'
+; - 'slowlog'
+; - 'listen' (unixsocket)
+; - 'chroot'
+; - 'chdir'
+; - 'php_values'
+; - 'php_admin_values'
+; When not set, the global prefix (or /usr) applies instead.
+; Note: This directive can also be relative to the global prefix.
+; Default Value: none
+;prefix = /path/to/pools/$pool
+
+; Unix user/group of processes
+; Note: The user is mandatory. If the group is not set, the default user's group
+; will be used.
+user = __USER__
+group = __USER__
+
+; The address on which to accept FastCGI requests.
+; Valid syntaxes are:
+; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
+; a specific port;
+; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
+; a specific port;
+; 'port' - to listen on a TCP socket to all addresses
+; (IPv6 and IPv4-mapped) on a specific port;
+; '/path/to/unix/socket' - to listen on a unix socket.
+; Note: This value is mandatory.
+listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock
+
+; Set listen(2) backlog.
+; Default Value: 511 (-1 on FreeBSD and OpenBSD)
+;listen.backlog = 511
+
+; Set permissions for unix socket, if one is used. In Linux, read/write
+; permissions must be set in order to allow connections from a web server. Many
+; BSD-derived systems allow connections regardless of permissions.
+; Default Values: user and group are set as the running user
+; mode is set to 0660
+listen.owner = www-data
+listen.group = www-data
+;listen.mode = 0660
+; When POSIX Access Control Lists are supported you can set them using
+; these options, value is a comma separated list of user/group names.
+; When set, listen.owner and listen.group are ignored
+;listen.acl_users =
+;listen.acl_groups =
+
+; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
+; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
+; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
+; must be separated by a comma. If this value is left blank, connections will be
+; accepted from any ip address.
+; Default Value: any
+;listen.allowed_clients = 127.0.0.1
+
+; Specify the nice(2) priority to apply to the pool processes (only if set)
+; The value can vary from -19 (highest priority) to 20 (lower priority)
+; Note: - It will only work if the FPM master process is launched as root
+; - The pool processes will inherit the master process priority
+; unless it specified otherwise
+; Default Value: no set
+; process.priority = -19
+
+; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
+; or group is differrent than the master process user. It allows to create process
+; core dump and ptrace the process for the pool user.
+; Default Value: no
+; process.dumpable = yes
+
+; Choose how the process manager will control the number of child processes.
+; Possible Values:
+; static - a fixed number (pm.max_children) of child processes;
+; dynamic - the number of child processes are set dynamically based on the
+; following directives. With this process management, there will be
+; always at least 1 children.
+; pm.max_children - the maximum number of children that can
+; be alive at the same time.
+; pm.start_servers - the number of children created on startup.
+; pm.min_spare_servers - the minimum number of children in 'idle'
+; state (waiting to process). If the number
+; of 'idle' processes is less than this
+; number then some children will be created.
+; pm.max_spare_servers - the maximum number of children in 'idle'
+; state (waiting to process). If the number
+; of 'idle' processes is greater than this
+; number then some children will be killed.
+; ondemand - no children are created at startup. Children will be forked when
+; new requests will connect. The following parameter are used:
+; pm.max_children - the maximum number of children that
+; can be alive at the same time.
+; pm.process_idle_timeout - The number of seconds after which
+; an idle process will be killed.
+; Note: This value is mandatory.
+pm = dynamic
+
+; The number of child processes to be created when pm is set to 'static' and the
+; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
+; This value sets the limit on the number of simultaneous requests that will be
+; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
+; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
+; CGI. The below defaults are based on a server without much resources. Don't
+; forget to tweak pm.* to fit your needs.
+; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
+; Note: This value is mandatory.
+pm.max_children = 5
+
+; The number of child processes created on startup.
+; Note: Used only when pm is set to 'dynamic'
+; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
+pm.start_servers = 2
+
+; The desired minimum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+pm.min_spare_servers = 1
+
+; The desired maximum number of idle server processes.
+; Note: Used only when pm is set to 'dynamic'
+; Note: Mandatory when pm is set to 'dynamic'
+pm.max_spare_servers = 3
+
+; The number of seconds after which an idle process will be killed.
+; Note: Used only when pm is set to 'ondemand'
+; Default Value: 10s
+;pm.process_idle_timeout = 10s;
+
+; The number of requests each child process should execute before respawning.
+; This can be useful to work around memory leaks in 3rd party libraries. For
+; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
+; Default Value: 0
+;pm.max_requests = 500
+
+; The URI to view the FPM status page. If this value is not set, no URI will be
+; recognized as a status page. It shows the following informations:
+; pool - the name of the pool;
+; process manager - static, dynamic or ondemand;
+; start time - the date and time FPM has started;
+; start since - number of seconds since FPM has started;
+; accepted conn - the number of request accepted by the pool;
+; listen queue - the number of request in the queue of pending
+; connections (see backlog in listen(2));
+; max listen queue - the maximum number of requests in the queue
+; of pending connections since FPM has started;
+; listen queue len - the size of the socket queue of pending connections;
+; idle processes - the number of idle processes;
+; active processes - the number of active processes;
+; total processes - the number of idle + active processes;
+; max active processes - the maximum number of active processes since FPM
+; has started;
+; max children reached - number of times, the process limit has been reached,
+; when pm tries to start more children (works only for
+; pm 'dynamic' and 'ondemand');
+; Value are updated in real time.
+; Example output:
+; pool: www
+; process manager: static
+; start time: 01/Jul/2011:17:53:49 +0200
+; start since: 62636
+; accepted conn: 190460
+; listen queue: 0
+; max listen queue: 1
+; listen queue len: 42
+; idle processes: 4
+; active processes: 11
+; total processes: 15
+; max active processes: 12
+; max children reached: 0
+;
+; By default the status page output is formatted as text/plain. Passing either
+; 'html', 'xml' or 'json' in the query string will return the corresponding
+; output syntax. Example:
+; http://www.foo.bar/status
+; http://www.foo.bar/status?json
+; http://www.foo.bar/status?html
+; http://www.foo.bar/status?xml
+;
+; By default the status page only outputs short status. Passing 'full' in the
+; query string will also return status for each pool process.
+; Example:
+; http://www.foo.bar/status?full
+; http://www.foo.bar/status?json&full
+; http://www.foo.bar/status?html&full
+; http://www.foo.bar/status?xml&full
+; The Full status returns for each process:
+; pid - the PID of the process;
+; state - the state of the process (Idle, Running, ...);
+; start time - the date and time the process has started;
+; start since - the number of seconds since the process has started;
+; requests - the number of requests the process has served;
+; request duration - the duration in µs of the requests;
+; request method - the request method (GET, POST, ...);
+; request URI - the request URI with the query string;
+; content length - the content length of the request (only with POST);
+; user - the user (PHP_AUTH_USER) (or '-' if not set);
+; script - the main script called (or '-' if not set);
+; last request cpu - the %cpu the last request consumed
+; it's always 0 if the process is not in Idle state
+; because CPU calculation is done when the request
+; processing has terminated;
+; last request memory - the max amount of memory the last request consumed
+; it's always 0 if the process is not in Idle state
+; because memory calculation is done when the request
+; processing has terminated;
+; If the process is in Idle state, then informations are related to the
+; last request the process has served. Otherwise informations are related to
+; the current request being served.
+; Example output:
+; ************************
+; pid: 31330
+; state: Running
+; start time: 01/Jul/2011:17:53:49 +0200
+; start since: 63087
+; requests: 12808
+; request duration: 1250261
+; request method: GET
+; request URI: /test_mem.php?N=10000
+; content length: 0
+; user: -
+; script: /home/fat/web/docs/php/test_mem.php
+; last request cpu: 0.00
+; last request memory: 0
+;
+; Note: There is a real-time FPM status monitoring sample web page available
+; It's available in: /usr/share/php/7.0/fpm/status.html
+;
+; Note: The value must start with a leading slash (/). The value can be
+; anything, but it may not be a good idea to use the .php extension or it
+; may conflict with a real PHP file.
+; Default Value: not set
+;pm.status_path = /status
+
+; The ping URI to call the monitoring page of FPM. If this value is not set, no
+; URI will be recognized as a ping page. This could be used to test from outside
+; that FPM is alive and responding, or to
+; - create a graph of FPM availability (rrd or such);
+; - remove a server from a group if it is not responding (load balancing);
+; - trigger alerts for the operating team (24/7).
+; Note: The value must start with a leading slash (/). The value can be
+; anything, but it may not be a good idea to use the .php extension or it
+; may conflict with a real PHP file.
+; Default Value: not set
+;ping.path = /ping
+
+; This directive may be used to customize the response of a ping request. The
+; response is formatted as text/plain with a 200 response code.
+; Default Value: pong
+;ping.response = pong
+
+; The access log file
+; Default: not set
+;access.log = log/$pool.access.log
+
+; The access log format.
+; The following syntax is allowed
+; %%: the '%' character
+; %C: %CPU used by the request
+; it can accept the following format:
+; - %{user}C for user CPU only
+; - %{system}C for system CPU only
+; - %{total}C for user + system CPU (default)
+; %d: time taken to serve the request
+; it can accept the following format:
+; - %{seconds}d (default)
+; - %{miliseconds}d
+; - %{mili}d
+; - %{microseconds}d
+; - %{micro}d
+; %e: an environment variable (same as $_ENV or $_SERVER)
+; it must be associated with embraces to specify the name of the env
+; variable. Some exemples:
+; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
+; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
+; %f: script filename
+; %l: content-length of the request (for POST request only)
+; %m: request method
+; %M: peak of memory allocated by PHP
+; it can accept the following format:
+; - %{bytes}M (default)
+; - %{kilobytes}M
+; - %{kilo}M
+; - %{megabytes}M
+; - %{mega}M
+; %n: pool name
+; %o: output header
+; it must be associated with embraces to specify the name of the header:
+; - %{Content-Type}o
+; - %{X-Powered-By}o
+; - %{Transfert-Encoding}o
+; - ....
+; %p: PID of the child that serviced the request
+; %P: PID of the parent of the child that serviced the request
+; %q: the query string
+; %Q: the '?' character if query string exists
+; %r: the request URI (without the query string, see %q and %Q)
+; %R: remote IP address
+; %s: status (response code)
+; %t: server time the request was received
+; it can accept a strftime(3) format:
+; %d/%b/%Y:%H:%M:%S %z (default)
+; The strftime(3) format must be encapsuled in a %{}t tag
+; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
+; %T: time the log has been written (the request has finished)
+; it can accept a strftime(3) format:
+; %d/%b/%Y:%H:%M:%S %z (default)
+; The strftime(3) format must be encapsuled in a %{}t tag
+; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
+; %u: remote user
+;
+; Default: "%R - %u %t \"%m %r\" %s"
+;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
+
+; The log file for slow requests
+; Default Value: not set
+; Note: slowlog is mandatory if request_slowlog_timeout is set
+;slowlog = log/$pool.log.slow
+
+; The timeout for serving a single request after which a PHP backtrace will be
+; dumped to the 'slowlog' file. A value of '0s' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+;request_slowlog_timeout = 0
+
+; The timeout for serving a single request after which the worker process will
+; be killed. This option should be used when the 'max_execution_time' ini option
+; does not stop script execution for some reason. A value of '0' means 'off'.
+; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
+; Default Value: 0
+request_terminate_timeout = 1d
+
+; Set open file descriptor rlimit.
+; Default Value: system defined value
+;rlimit_files = 1024
+
+; Set max core size rlimit.
+; Possible Values: 'unlimited' or an integer greater or equal to 0
+; Default Value: system defined value
+;rlimit_core = 0
+
+; Chroot to this directory at the start. This value must be defined as an
+; absolute path. When this value is not set, chroot is not used.
+; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
+; of its subdirectories. If the pool prefix is not set, the global prefix
+; will be used instead.
+; Note: chrooting is a great security feature and should be used whenever
+; possible. However, all PHP paths will be relative to the chroot
+; (error_log, sessions.save_path, ...).
+; Default Value: not set
+;chroot =
+
+; Chdir to this directory at the start.
+; Note: relative path can be used.
+; Default Value: current directory or / when chroot
+chdir = __FINALPATH__
+
+; Redirect worker stdout and stderr into main error log. If not set, stdout and
+; stderr will be redirected to /dev/null according to FastCGI specs.
+; Note: on highloaded environement, this can cause some delay in the page
+; process time (several ms).
+; Default Value: no
+;catch_workers_output = yes
+
+; Clear environment in FPM workers
+; Prevents arbitrary environment variables from reaching FPM worker processes
+; by clearing the environment in workers before env vars specified in this
+; pool configuration are added.
+; Setting to "no" will make all environment variables available to PHP code
+; via getenv(), $_ENV and $_SERVER.
+; Default Value: yes
+;clear_env = no
+
+; Limits the extensions of the main script FPM will allow to parse. This can
+; prevent configuration mistakes on the web server side. You should only limit
+; FPM to .php extensions to prevent malicious users to use other extensions to
+; execute php code.
+; Note: set an empty value to allow all extensions.
+; Default Value: .php
+;security.limit_extensions = .php .php3 .php4 .php5 .php7
+
+; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
+; the current environment.
+; Default Value: clean env
+;env[HOSTNAME] = $HOSTNAME
+;env[PATH] = /usr/local/bin:/usr/bin:/bin
+;env[TMP] = /tmp
+;env[TMPDIR] = /tmp
+;env[TEMP] = /tmp
+
+; Additional php.ini defines, specific to this pool of workers. These settings
+; overwrite the values previously defined in the php.ini. The directives are the
+; same as the PHP SAPI:
+; php_value/php_flag - you can set classic ini defines which can
+; be overwritten from PHP call 'ini_set'.
+; php_admin_value/php_admin_flag - these directives won't be overwritten by
+; PHP call 'ini_set'
+; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
+
+; Defining 'extension' will load the corresponding shared extension from
+; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
+; overwrite previously defined php.ini values, but will append the new value
+; instead.
+
+; Note: path INI options can be relative and will be expanded with the prefix
+; (pool, global or /usr)
+
+; Default Value: nothing is defined by default except the values in php.ini and
+; specified at startup with the -d argument
+;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
+;php_flag[display_errors] = off
+;php_admin_value[error_log] = /var/log/fpm-php.www.log
+;php_admin_flag[log_errors] = on
+;php_admin_value[memory_limit] = 32M
+
+; Common values to change to increase file upload limit
+; php_admin_value[upload_max_filesize] = 50M
+; php_admin_value[post_max_size] = 50M
+; php_admin_flag[mail.add_x_header] = Off
+
+; Other common parameters
+; php_admin_value[max_execution_time] = 600
+; php_admin_value[max_input_time] = 300
+; php_admin_value[memory_limit] = 256M
+; php_admin_flag[short_open_tag] = On
diff --git a/conf/poller-cron b/conf/poller-cron
new file mode 100644
index 0000000..cd3d674
--- /dev/null
+++ b/conf/poller-cron
@@ -0,0 +1,2 @@
+# Run poller periodically to update Hubzilla
+*/10 * * * * __USER__ cd YNH_WWW_PATH; /usr/bin/php Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1
diff --git a/manifest.json b/manifest.json
new file mode 100644
index 0000000..071e599
--- /dev/null
+++ b/manifest.json
@@ -0,0 +1,45 @@
+{
+ "name": "Zap Social network app for Yunohost",
+ "id": "zap",
+ "packaging_format": 1,
+ "description": {
+ "en": "Zap is a full featured social network application with identity/content mirroring across multiple servers ("nomadic identity") but no "federate" with non-nomadic servers."
+ },
+ "version": "2.6~ynh1",
+ "url": "https://zotlabs.com/zap/",
+ "license": "MIT",
+ "maintainer": {
+ "name": "Anmol Sharma",
+ "email": "anmol@datamol.org",
+ "url": "https://datamol.org"
+ },
+ "requirements": {
+ "yunohost": ">= 3.4"
+ },
+ "multi_instance": true,
+ "services": [
+ "nginx",
+ "php7.0-fpm",
+ "mysql"
+ ],
+ "arguments": {
+ "install" : [
+ {
+ "name": "domain",
+ "type": "domain",
+ "ask": {
+ "en": "Choose a domain for your ZAP hub. ZAP must run in the root of this domain. It means no other app can be accessed/run from this domain. We advise to use a dedicated subdomain such as zap.domain.tld",
+ "fr": "Indiquez un domain pour ZAP. ZAP doit être installé à la racine du domaine. Cela implique qu'aucune autre app ne pourra être installée ou accessible sur ce domain. Nous conseillons un sous-domaine dédié par exemple zap.domain.tld."
+ }
+ },
+ {
+ "name": "admin",
+ "type": "user",
+ "ask": {
+ "en": "Choose the ZAP administrator (must be an existing YunoHost user)",
+ "fr": "Choisissez l'administrateur de ZAP (doit être un utilisateur YunoHost existant)"
+ }
+ }
+ ]
+ }
+}
diff --git a/scripts/_common.sh b/scripts/_common.sh
new file mode 100644
index 0000000..5a23916
--- /dev/null
+++ b/scripts/_common.sh
@@ -0,0 +1,80 @@
+#!/bin/bash
+
+#=================================================
+# COMMON VARIABLES
+#=================================================
+
+# dependencies used by the app
+pkg_dependencies=php-mbstring php5-cli 'php5-imagick|php-imagick' php5-gd php5-mcrypt 'php-xml|base-files(<<9.0)'
+
+#=================================================
+# PERSONAL HELPERS
+#=================================================
+
+#=================================================
+# EXPERIMENTAL HELPERS
+#=================================================
+
+# Create a dedicated fail2ban config (jail and filter conf files)
+#
+# usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]]
+# | arg: log_file - Log file to be checked by fail2ban
+# | arg: failregex - Failregex to be looked for by fail2ban
+# | arg: max_retry - Maximum number of retries allowed before banning IP address - default: 3
+# | arg: ports - Ports blocked for a banned IP address - default: http,https
+ynh_add_fail2ban_config () {
+ # Process parameters
+ logpath=$1
+ failregex=$2
+ max_retry=${3:-3}
+ ports=${4:-http,https}
+
+ test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
+ test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
+
+ finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
+ finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
+ ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1
+ ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1
+
+ sudo tee $finalfail2banjailconf <&2
+ echo "WARNING${fail2ban_error#*WARNING}" >&2
+ fi
+}
+
+# Remove the dedicated fail2ban config (jail and filter conf files)
+#
+# usage: ynh_remove_fail2ban_config
+ynh_remove_fail2ban_config () {
+ ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
+ ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
+ sudo systemctl restart fail2ban
+}
+
+#=================================================
+# FUTURE OFFICIAL HELPERS
+#=================================================
diff --git a/scripts/backup b/scripts/backup
new file mode 100755
index 0000000..7a706f8
--- /dev/null
+++ b/scripts/backup
@@ -0,0 +1,91 @@
+#!/bin/bash
+
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
+source ../settings/scripts/_common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
+
+ynh_clean_setup () {
+ ### Remove this function if there's nothing to clean before calling the remove script.
+ true
+}
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
+#=================================================
+# LOAD SETTINGS
+#=================================================
+ynh_print_info "Loading installation settings..."
+
+app=$YNH_APP_INSTANCE_NAME
+
+final_path=$(ynh_app_setting_get $app final_path)
+domain=$(ynh_app_setting_get $app domain)
+db_name=$(ynh_app_setting_get $app db_name)
+
+#=================================================
+# STANDARD BACKUP STEPS
+#=================================================
+# BACKUP THE APP MAIN DIR
+#=================================================
+ynh_print_info "Backing up the main app directory..."
+
+ynh_backup "$final_path"
+
+#=================================================
+# BACKUP THE NGINX CONFIGURATION
+#=================================================
+ynh_print_info "Backing up nginx web server configuration..."
+
+ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
+
+#=================================================
+# BACKUP THE PHP-FPM CONFIGURATION
+#=================================================
+ynh_print_info "Backing up php-fpm configuration..."
+
+ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf"
+
+#=================================================
+# BACKUP THE MYSQL DATABASE
+#=================================================
+ynh_print_info "Backing up the MySQL database..."
+
+ynh_mysql_dump_db "$db_name" > db.sql
+
+#=================================================
+# SPECIFIC BACKUP
+#=================================================
+# BACKUP LOGROTATE
+#=================================================
+ynh_print_info "Backing up logrotate configuration..."
+
+ynh_backup "/etc/logrotate.d/$app"
+
+#=================================================
+# BACKUP THE CRON FILE
+#=================================================
+
+ynh_backup "/etc/cron.d/$app"
+
+#=================================================
+# BACKUP FAIL2BAN CONFIGURATION
+#=================================================
+
+ynh_backup "/etc/fail2ban/jail.d/$app.conf"
+ynh_backup "/etc/fail2ban/filter.d/$app.conf"
+
+#=================================================
+# END OF SCRIPT
+#=================================================
+
+ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
diff --git a/scripts/install b/scripts/install
new file mode 100755
index 0000000..708d837
--- /dev/null
+++ b/scripts/install
@@ -0,0 +1,271 @@
+#!/bin/bash
+
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
+
+ynh_clean_setup () {
+ ### Remove this function if there's nothing to clean before calling the remove script.
+ true
+}
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
+#=================================================
+# RETRIEVE ARGUMENTS FROM THE MANIFEST
+#=================================================
+
+domain=$YNH_APP_ARG_DOMAIN
+path_url="/"
+admin=$YNH_APP_ARG_ADMIN
+email=$(sudo yunohost user info $admin | grep "mail:" | cut -d' ' -f2)
+upload="256M"
+database="1"
+
+# This is a multi-instance app, meaning it can be installed several times independently
+# The id of the app as stated in the manifest is available as $YNH_APP_ID
+# The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...)
+# The app instance name is available as $YNH_APP_INSTANCE_NAME
+# - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
+# - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
+# - ynhexample__{N} for the subsequent installations, with N=3,4, ...
+# The app instance name is probably what you are interested the most, since this is
+# guaranteed to be unique. This is a good unique identifier to define installation path,
+# db names, ...
+app=$YNH_APP_INSTANCE_NAME
+
+#=================================================
+# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
+#=================================================
+ynh_print_info "Validating installation parameters..."
+
+### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
+### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app"
+final_path=/var/www/$app
+test ! -e "$final_path" || ynh_die "This path already contains a folder"
+
+# Register (book) web path
+ynh_webpath_register $app $domain $path_url
+
+#=================================================
+# STORE SETTINGS FROM MANIFEST
+#=================================================
+ynh_print_info "Storing installation settings..."
+
+ynh_app_setting_set $app domain $domain
+ynh_app_setting_set $app path $path_url
+ynh_app_setting_set $app admin $admin
+ynh_app_setting_set $app email $email
+ynh_app_setting_set $app upload $upload
+ynh_app_setting_set $app database $database
+
+
+#=================================================
+# STANDARD MODIFICATIONS
+#=================================================
+# INSTALL DEPENDENCIES
+#=================================================
+ynh_print_info "Installing dependencies..."
+
+### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package.
+### Those deb packages will be installed as dependencies of this package.
+### If you're not using this helper:
+### - Remove the section "REMOVE DEPENDENCIES" in the remove script
+### - Remove the variable "pkg_dependencies" in _common.sh
+### - As well as the section "REINSTALL DEPENDENCIES" in the restore script
+### - And the section "UPGRADE DEPENDENCIES" in the upgrade script
+
+ynh_install_app_dependencies $pkg_dependencies
+
+#=================================================
+# CREATE A MYSQL DATABASE
+#=================================================
+ynh_print_info "Creating a MySQL database..."
+
+### Use these lines if you need a database for the application.
+### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password.
+### The password will be stored as 'mysqlpwd' into the app settings,
+### and will be available as $db_pwd
+### If you're not using these lines:
+### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script
+### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script
+### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script
+
+db_name=$(ynh_sanitize_dbid $app)
+ynh_app_setting_set $app db_name $db_name
+ynh_mysql_setup_db $db_name $db_name
+
+#=================================================
+# DOWNLOAD, CHECK AND UNPACK SOURCE
+#=================================================
+
+# 1 - Zap
+ynh_print_info "Setting up source files..."
+
+### `ynh_setup_source` is used to install an app from a zip or tar.gz file,
+### downloaded from an upstream source, like a git repository.
+### `ynh_setup_source` use the file conf/app.src
+
+ynh_app_setting_set $app final_path $final_path
+# Download, check integrity, uncompress and patch the source from app.src
+ynh_setup_source "$final_path"
+
+# 2 - Zap Addons
+
+# Make addon Directory and unpack the addons to this directory
+ynh_print_info "Create addon directory inside root folder..."
+sudo mkdir $final_path/addon
+ynh_print_info "Setting up addons source files..."
+ynh_setup_source "$final_path/addon" "app_addons"
+
+
+# 3 - Some extra folders
+ynh_print_info "Creating smarty3 folder for personal data..."
+sudo mkdir -p "${final_path}/store/[data]/smarty3"
+sudo chmod -R 777 $final_path/store
+
+# Import database schema
+ynh_print_info "Importing database..."
+ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < $final_path/install/schema_mysql.sql
+
+# Copy the template install/htconfig.sample.php to .htconfig.php
+ynh_print_info "Moving .htconfig.php to root folder ..."
+sudo cp $final_path/install/htconfig.sample.php $final_path/.htconfig.php
+
+# Create php.log inside for logs
+ynh_print_info "Create php.log for the debuging..."
+sudo touch "$final_path/php.log"
+
+#=================================================
+# MODIFY A CONFIG FILE
+#=================================================
+
+### `ynh_replace_string` is used to replace a string in a file.
+### (It's compatible with sed regular expressions syntax)
+
+ynh_print_info "Replace the .htconfig.php values...."
+sudo sed -i "s/your.mysqlhost.com/localhost/g" $final_path/.htconfig.php
+sudo sed -i "s/mysqlpassword/$db_pwd/g" $final_path/.htconfig.php
+sudo sed -i "s/mysqlusername/$db_name/g" $final_path/.htconfig.php
+sudo sed -i "s/mysqldatabasename/$db_name/g" $final_path/.htconfig.php
+sudo sed -i "s/mysite.example/$domain/g" $final_path/.htconfig.php
+sudo sed -i "s/if the auto install failed, put a unique random string here/$(ynh_string_random)$(ynh_string_random)$(ynh_string_random)/g" $final_path/.htconfig.php
+sudo sed -i "s/\['admin_email'\] = '';/\['admin_email'\] = '$email';/g" $final_path/.htconfig.php
+sudo sed -i "s@//error_reporting(E_ERROR | E_WARNING | E_PARSE );@error_reporting(E_ERROR | E_WARNING | E_PARSE );@g" $final_path/.htconfig.php
+sudo sed -i "s@//ini_set('error_log','php.out');@ini_set('error_log','php.log');@g" $final_path/.htconfig.php
+sudo sed -i "s@//ini_set('log_errors','1');@ini_set('log_errors','1');@g" $final_path/.htconfig.php
+sudo sed -i "s@//ini_set('display_errors', '0');@ini_set('display_errors', '0');@g" $final_path/.htconfig.php
+
+# Addon ldap config
+ynh_print_info "Push Ldap configuration to .htconfig.php..."
+sudo su -c "cat ../conf/ldap_conf.php >> $final_path/.htconfig.php"
+
+
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+ynh_print_info "Configuring nginx web server..."
+
+### `ynh_add_nginx_config` will use the file conf/nginx.conf
+
+# Create a dedicated nginx config
+ynh_add_nginx_config
+
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_print_info "Configuring system user..."
+
+# Create a system user
+ynh_system_user_create $app
+
+#=================================================
+# PHP-FPM CONFIGURATION
+#=================================================
+ynh_print_info "Configuring php-fpm..."
+
+### `ynh_add_fpm_config` is used to set up a PHP config.
+### You can remove it if your app doesn't use PHP.
+### `ynh_add_fpm_config` will use the files conf/php-fpm.conf and conf/php-fpm.ini
+### If you're not using these lines:
+### - You can remove these files in conf/.
+### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script
+### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script
+### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script
+### With the reload at the end of the script.
+### - And the section "PHP-FPM CONFIGURATION" in the upgrade script
+
+# Create a dedicated php-fpm config
+ynh_add_fpm_config
+
+# Set right permissions for the app
+ynh_print_info "Set the app rights..."
+chown -R $app: $final_path
+
+# Set up cron job
+ynh_print_info "Setting up cron job..."
+ynh_replace_string "YNH_WWW_PATH" "$final_path" ../conf/poller-cron
+ynh_replace_string "__USER__" "$app" ../conf/poller-cron
+sudo cp ../conf/poller-cron /etc/cron.d/$app
+
+#=================================================
+# STORE THE CONFIG FILE CHECKSUM
+#=================================================
+
+### `ynh_store_file_checksum` is used to store the checksum of a file.
+### That way, during the upgrade script, by using `ynh_backup_if_checksum_is_different`,
+### you can make a backup of this file before modifying it again if the admin had modified it.
+
+# Calculate and store the config file checksum into the app settings
+ynh_store_file_checksum "$final_path/.htconfig.php"
+
+#=================================================
+# SETUP LOGROTATE
+#=================================================
+ynh_print_info "Configuring log rotation..."
+
+### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
+### Use this helper only if there is effectively a log file for this app.
+### If you're not using this helper:
+### - Remove the section "BACKUP LOGROTATE" in the backup script
+### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
+### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
+### - And the section "SETUP LOGROTATE" in the upgrade script
+
+# Use logrotate to manage application logfile(s)
+ynh_use_logrotate "$final_path/php.log"
+
+#=================================================
+# SETUP FAIL2BAN
+#=================================================
+ynh_print_info "Add Fail2Ban..."
+ynh_add_fail2ban_config "$final_path/php.log" "^.*auth\.php.*failed login attempt.*from IP .*$" 5
+
+#=================================================
+# SETUP SSOWAT
+#=================================================
+# As Zap is social network and have its own permission there is no need to keep Zap behind SSO
+ynh_print_info "Configuring SSOwat..."
+ynh_app_setting_set $app skipped_uris "/"
+
+#=================================================
+# RELOAD NGINX
+#=================================================
+ynh_print_info "Reloading nginx web server..."
+
+systemctl reload nginx
+
+#=================================================
+# END OF SCRIPT
+#=================================================
+
+ynh_print_info "Installation of $app completed"
diff --git a/scripts/remove b/scripts/remove
new file mode 100755
index 0000000..cb3e234
--- /dev/null
+++ b/scripts/remove
@@ -0,0 +1,103 @@
+#!/bin/bash
+
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# LOAD SETTINGS
+#=================================================
+ynh_print_info "Loading installation settings..."
+
+app=$YNH_APP_INSTANCE_NAME
+
+domain=$(ynh_app_setting_get $app domain)
+db_name=$(ynh_app_setting_get $app db_name)
+db_user="$db_name"
+final_path=$(ynh_app_setting_get $app final_path)
+
+#=================================================
+# STANDARD REMOVE
+#=================================================
+
+#=================================================
+# REMOVE DEPENDENCIES
+#=================================================
+ynh_print_info "Removing dependencies"
+
+# Remove metapackage and its dependencies
+ynh_remove_app_dependencies
+
+#=================================================
+# REMOVE THE MYSQL DATABASE
+#=================================================
+ynh_print_info "Removing the MySQL database"
+
+# Remove a database if it exists, along with the associated user
+ynh_mysql_remove_db $db_user $db_name
+
+#=================================================
+# REMOVE APP MAIN DIR
+#=================================================
+ynh_print_info "Removing app main directory"
+
+# Remove the app directory securely
+ynh_secure_remove "$final_path"
+
+#=================================================
+# REMOVE NGINX CONFIGURATION
+#=================================================
+ynh_print_info "Removing nginx web server configuration"
+
+# Remove the dedicated nginx config
+ynh_remove_nginx_config
+
+#=================================================
+# REMOVE PHP-FPM CONFIGURATION
+#=================================================
+ynh_print_info "Removing php-fpm configuration"
+
+# Remove the dedicated php-fpm config
+ynh_remove_fpm_config
+
+#=================================================
+# REMOVE LOGROTATE CONFIGURATION
+#=================================================
+ynh_print_info "Removing logrotate configuration"
+
+# Remove the app-specific logrotate config
+ynh_remove_logrotate
+
+#=================================================
+# REMOVE THE CRON FILE
+#=================================================
+
+# Remove a cron file
+ynh_secure_remove "/etc/cron.d/$app"
+
+#=================================================
+# REMOVE FAIL2BAN CONFIGURATION
+#=================================================
+
+ynh_remove_fail2ban_config
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# REMOVE DEDICATED USER
+#=================================================
+ynh_print_info "Removing the dedicated system user"
+
+# Delete a system user
+ynh_system_user_delete $app
+
+#=================================================
+# END OF SCRIPT
+#=================================================
+
+ynh_print_info "Removal of $app completed"
diff --git a/scripts/restore b/scripts/restore
new file mode 100755
index 0000000..04d3450
--- /dev/null
+++ b/scripts/restore
@@ -0,0 +1,132 @@
+#!/bin/bash
+
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
+source ../settings/scripts/_common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# MANAGE SCRIPT FAILURE
+#=================================================
+
+ynh_clean_setup () {
+ #### Remove this function if there's nothing to clean before calling the remove script.
+ true
+}
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
+#=================================================
+# LOAD SETTINGS
+#=================================================
+ynh_print_info "Loading settings..."
+
+app=$YNH_APP_INSTANCE_NAME
+
+domain=$(ynh_app_setting_get $app domain)
+path_url=$(ynh_app_setting_get $app path)
+admin=$(ynh_app_setting_get $app admin)
+final_path=$(ynh_app_setting_get $app final_path)
+db_name=$(ynh_app_setting_get $app db_name)
+
+#=================================================
+# CHECK IF THE APP CAN BE RESTORED
+#=================================================
+ynh_print_info "Validating restoration parameters..."
+
+ynh_webpath_available $domain $path_url \
+ || ynh_die "Path not available: ${domain}${path_url}"
+test ! -d $final_path \
+ || ynh_die "There is already a directory: $final_path "
+
+#=================================================
+# STANDARD RESTORATION STEPS
+#=================================================
+# RESTORE THE NGINX CONFIGURATION
+#=================================================
+
+ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
+
+#=================================================
+# RESTORE THE APP MAIN DIR
+#=================================================
+ynh_print_info "Restoring the app main directory..."
+
+ynh_restore_file "$final_path"
+
+#=================================================
+# RESTORE THE MYSQL DATABASE
+#=================================================
+ynh_print_info "Restoring the MySQL database..."
+
+db_pwd=$(ynh_app_setting_get $app mysqlpwd)
+ynh_mysql_setup_db $db_name $db_name $db_pwd
+ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql
+
+#=================================================
+# RECREATE THE DEDICATED USER
+#=================================================
+ynh_print_info "Recreating the dedicated system user..."
+
+# Create the dedicated user (if not existing)
+ynh_system_user_create $app
+
+#=================================================
+# RESTORE THE PHP-FPM CONFIGURATION
+#=================================================
+
+ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf"
+
+#=================================================
+# SPECIFIC RESTORATION
+#=================================================
+# REINSTALL DEPENDENCIES
+#=================================================
+ynh_print_info "Reinstalling dependencies..."
+
+# Define and install dependencies
+ynh_install_app_dependencies $pkg_dependencies
+
+#=================================================
+# RESTORE THE CRON FILE
+#=================================================
+
+ynh_restore_file "/etc/cron.d/$app"
+
+#=================================================
+# RESTORE THE LOGROTATE CONFIGURATION
+#=================================================
+
+ynh_restore_file "/etc/logrotate.d/$app"
+
+#=================================================
+# RESTORE FAIL2BAN CONFIGURATION
+#=================================================
+
+ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
+ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
+systemctl restart fail2ban
+
+# Make app public
+ynh_app_setting_set $app skipped_uris "/"
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# RELOAD NGINX AND PHP-FPM
+#=================================================
+ynh_print_info "Reloading nginx web server and php-fpm..."
+
+systemctl reload php7.0-fpm
+systemctl reload nginx
+
+#=================================================
+# END OF SCRIPT
+#=================================================
+
+ynh_print_info "Restoration completed for $app"
diff --git a/scripts/upgrade b/scripts/upgrade
new file mode 100755
index 0000000..1c12d3d
--- /dev/null
+++ b/scripts/upgrade
@@ -0,0 +1,171 @@
+#!/bin/bash
+
+#=================================================
+# GENERIC START
+#=================================================
+# IMPORT GENERIC HELPERS
+#=================================================
+
+source _common.sh
+source /usr/share/yunohost/helpers
+
+#=================================================
+# LOAD SETTINGS
+#=================================================
+ynh_print_info "Loading installation settings..."
+
+app=$YNH_APP_INSTANCE_NAME
+
+domain=$(ynh_app_setting_get $app domain)
+path_url=$(ynh_app_setting_get $app path)
+final_path=$(ynh_app_setting_get $app final_path)
+upload=$(ynh_app_setting_get $app upload)
+db_name=$(ynh_app_setting_get $app db_name)
+db_pwd=$(ynh_app_setting_get $app mysqlpwd)
+
+#=================================================
+# ENSURE DOWNWARD COMPATIBILITY
+#=================================================
+
+# If db_name doesn't exist, create it
+if [ -z $db_name ]; then
+ db_name=$(ynh_sanitize_dbid $app)
+ ynh_app_setting_set $app db_name $db_name
+fi
+
+
+#=================================================
+# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
+#=================================================
+ynh_print_info "Backing up the app before upgrading (may take a while)..."
+
+# Backup the current version of the app
+ynh_backup_before_upgrade
+ynh_clean_setup () {
+ # restore it if the upgrade fails
+ ynh_restore_upgradebackup
+}
+# Exit if an error occurs during the execution of the script
+ynh_abort_if_errors
+
+
+#=================================================
+# STANDARD UPGRADE STEPS
+#=================================================
+# REMOVE APP MAIN DIR
+#=================================================
+ynh_print_info "Upgrading source files..."
+# Create a temporary directory
+tmpdir="$(mktemp -d)"
+# Backup the config file in the temp dir
+cp -a "$final_path/.htconfig.php" "$tmpdir/.htconfig.php"
+cp -a "$final_path/store" "$tmpdir/store"
+cp -a "$final_path/php.log" "$tmpdir/php.log"
+
+
+# Remove the app directory securely
+ynh_secure_remove "$final_path"
+
+# If final_path doesn't exist, create it
+if [ -z $final_path ]; then
+ final_path=/var/www/$app
+ ynh_app_setting_set $app final_path $final_path
+fi
+
+#=================================================
+# STANDARD UPGRADE STEPS
+#=================================================
+# DOWNLOAD, CHECK AND UNPACK SOURCE
+#=================================================
+
+# Download, check integrity, uncompress and patch the source from app.src
+ynh_setup_source "$final_path"
+sudo cp -a "$tmpdir/store" "${final_path}"
+sudo cp -a "$tmpdir/.htconfig.php" "${final_path}"
+sudo cp -a "$tmpdir/php.log" "${final_path}"
+sudo rm -Rf "$tmpdir"
+sudo chmod -R 777 $final_path/store
+sudo mkdir $final_path/addon
+ynh_setup_source "$final_path/addon" "app_addons"
+
+
+#=================================================
+# NGINX CONFIGURATION
+#=================================================
+ynh_print_info "Upgrading nginx web server configuration..."
+
+# Create a dedicated nginx config
+ynh_add_nginx_config
+
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_print_info "Making sure dedicated system user exists..."
+
+# Create a dedicated user (if not existing)
+ynh_system_user_create $app
+
+# Set right permissions for curl install
+chown -R $app: $final_path
+
+#=================================================
+# PHP-FPM CONFIGURATION
+#=================================================
+ynh_print_info "Upgrading php-fpm configuration..."
+
+# Create a dedicated php-fpm config
+ynh_add_fpm_config
+
+
+### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script.
+### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it.
+ynh_backup_if_checksum_is_different "$final_path/.htconfig.php"
+# Recalculate and store the config file checksum into the app settings
+ynh_store_file_checksum "$final_path/.htconfig.php"
+
+#=================================================
+# SETUP LOGROTATE
+#=================================================
+ynh_print_info "Upgrading logrotate configuration..."
+
+# Use logrotate to manage app-specific logfile(s)
+ynh_use_logrotate --non-append
+
+#=================================================
+# SETUP FAIL2BAN
+#=================================================
+ynh_print_info "Add Fail2Ban..."
+ynh_add_fail2ban_config "$final_path/php.log" "^.*auth\.php.*failed login attempt.*from IP .*$" 5
+
+# Set cron job
+ynh_print_info "Setting up cron job..."
+ynh_replace_string "YNH_WWW_PATH" "$final_path" ../conf/poller-cron
+ynh_replace_string "__USER__" "$app" ../conf/poller-cron
+sudo cp ../conf/poller-cron /etc/cron.d/$app
+
+#=================================================
+# UPGRADE DEPENDENCIES
+#=================================================
+ynh_print_info "Upgrading dependencies..."
+
+ynh_install_app_dependencies $pkg_dependencies
+
+#=================================================
+# SETUP SSOWAT
+#=================================================
+# As Hubzilla is social network and have its own permission there is no need to keep Hubzilla behind SSO
+ynh_print_info "Configuring SSOwat..."
+ynh_app_setting_set $app skipped_uris "/"
+
+#=================================================
+# RELOAD NGINX
+#=================================================
+ynh_print_info "Reloading nginx web server..."
+
+systemctl reload nginx
+
+#=================================================
+# END OF SCRIPT
+#=================================================
+
+ynh_print_info "Upgrade of $app completed"