diff --git a/conf/systemd.service b/conf/systemd.service deleted file mode 100644 index 8507e80..0000000 --- a/conf/systemd.service +++ /dev/null @@ -1,50 +0,0 @@ -[Unit] -Description=Synapse Admin -After=network.target - -[Service] -Type=simple -User=__APP__ -Group=__APP__ -WorkingDirectory=__INSTALL_DIR__ -Environment="PATH=__ENV_PATH__" -Environment="NODE_ENV=production" -ExecStart=/usr/bin/yarn start -p __PORT__ -Restart=always - -# Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline -# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html -NoNewPrivileges=yes -PrivateTmp=yes -PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK -RestrictNamespaces=yes -RestrictRealtime=yes -DevicePolicy=closed -ProtectClock=yes -ProtectHostname=yes -ProtectProc=invisible -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -LockPersonality=yes -SystemCallArchitectures=native -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged - -# Denying access to capabilities that should not be relevant for webapps -# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html -CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD -CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE -CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT -CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK -CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM -CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG -CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE -CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG - -[Install] -WantedBy=multi-user.target diff --git a/scripts/backup b/scripts/backup index 70268d1..427816a 100644 --- a/scripts/backup +++ b/scripts/backup @@ -33,12 +33,6 @@ ynh_backup --src_path="/etc/nginx/conf.d/${synapse_domain}.d/$app.endpoint.conf" ynh_backup --src_path="/etc/logrotate.d/$app" -#================================================= -# BACKUP SYSTEMD -#================================================= - -ynh_backup --src_path="/etc/systemd/system/$app.service" - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/change_url b/scripts/change_url index fb3d33c..4ba8cf7 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -9,15 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 - -ynh_systemd_action --service_name=$app --action=stop --log_path="systemd" - #================================================= # MODIFY URL IN NGINX CONF #================================================= @@ -25,16 +16,6 @@ ynh_script_progression --message="Updating NGINX web server configuration..." -- ynh_change_url_nginx_config -#================================================= -# GENERIC FINALISATION -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 - -# Start a systemd service -ynh_systemd_action --service_name=$app --action=start --log_path=systemd --line_match="HTTP Server listening" - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index 7b92c62..57bffee 100644 --- a/scripts/install +++ b/scripts/install @@ -75,14 +75,6 @@ ynh_add_config --template="../conf/.env" --destination="$install_dir/.env" chown -R $app:www-data "$install_dir" -#================================================= -# SETUP SYSTEMD -#================================================= -ynh_script_progression --message="Configuring a systemd service..." --weight=1 - -env_path="$PATH" -ynh_add_systemd_config - #================================================= # SETUP LOGROTATE #================================================= @@ -91,21 +83,6 @@ ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - -yunohost service add $app --description "UI admin for Synapse" --log="/var/log/$app/$app.log" - -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=2 - -# Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" #--line_match="HTTP Server listening" - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index 42605b9..bdc4abe 100644 --- a/scripts/remove +++ b/scripts/remove @@ -9,27 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# STANDARD REMOVE -#================================================= -# REMOVE SERVICE INTEGRATION IN YUNOHOST -#================================================= - -# Remove the service from the list of services known by Yunohost (added from `yunohost service add`) -if ynh_exec_warn_less yunohost service status $app >/dev/null -then - ynh_script_progression --message="Removing $app service..." --weight=1 - yunohost service remove $app -fi - -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 - -# Remove the dedicated systemd config -ynh_remove_systemd_config - #================================================= # REMOVE LOGROTATE CONFIGURATION #================================================= diff --git a/scripts/restore b/scripts/restore index 105d683..aa8a742 100644 --- a/scripts/restore +++ b/scripts/restore @@ -36,14 +36,6 @@ chown -R $app:www-data "$install_dir" # Install Nodejs ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -#================================================= -# RESTORE SYSTEMD -#================================================= -ynh_script_progression --message="Restoring the systemd configuration..." --weight=5 - -ynh_restore_file --origin_path="/etc/systemd/system/$app.service" -systemctl enable $app.service --quiet - #================================================= # RESTORE THE LOGROTATE CONFIGURATION #================================================= @@ -51,20 +43,6 @@ ynh_script_progression --message="Restoring the logrotate configuration..." --we ynh_restore_file --origin_path="/etc/logrotate.d/$app" -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - -yunohost service add $app --description "UI admin for Synapse" --log="/var/log/$app/$app.log" - -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 - -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" #--line_match="HTTP Server listening" - #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 3254d26..edf96c1 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -25,15 +25,6 @@ then ynh_die --message="Upgrade from version 0.8.3 is not possible. You must uninstall and reinstall Synapse-admin package manually" fi -#================================================= -# STANDARD UPGRADE STEPS -#================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 - -ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -62,7 +53,7 @@ ynh_add_config --template="endpoint.nginx.conf" --destination="/etc/nginx/conf.d #================================================= # UPGRADE DEPENDENCIES #================================================= -#REMOVEME? ynh_script_progression --message="Upgrading dependencies..." --weight=18 +ynh_script_progression --message="Upgrading dependencies..." --weight=18 # Install Nodejs ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version @@ -92,29 +83,6 @@ fi #chown -R $app:www-data "$install_dir" -#================================================= -# SETUP SYSTEMD -#================================================= -ynh_script_progression --message="Configuring a systemd service..." --weight=2 - -env_path="$PATH" -# Create a dedicated systemd config -ynh_add_systemd_config - -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - -yunohost service add $app --description "UI admin for Synapse" --log="/var/log/$app/$app.log" - -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 - -ynh_systemd_action --service_name=$app --action=start --log_path=systemd #--line_match="HTTP Server listening" - #================================================= # END OF SCRIPT #=================================================