diff --git a/conf/nginx.conf b/conf/nginx.conf index 1004e1c..53b5c56 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,9 +1,11 @@ -rewrite ^__PATH__$ __PATH__/ permanent; +#rewrite ^__PATH__$ __PATH__/ permanent; + +location = __PATH__/ { + more_set_headers "Content-Type: text/plain"; + return 200 'Syncstorage is running'; +} + location __PATH__/ { - - # Path to source - alias __INSTALL_DIR__/ ; - include uwsgi_params; # Needed for long running operations in admin interface proxy_pass http://127.0.0.1:__PORT__/; diff --git a/conf/systemd.service b/conf/systemd.service index 1a9f0ac..4c686b5 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -13,7 +13,7 @@ StandardOutput=append:/var/log/__APP__/__APP__.log StandardError=inherit Environment=PATH="__INSTALL_DIR__/venv/bin:$(PATH)" Environment=PYTHONPATH=$(PYTHON_SITE_PACKGES) -Environment=RUST_LOG=error +Environment=RUST_LOG=info Environment=RUST_BACKTRACE=full # Sandboxing options to harden security diff --git a/manifest.toml b/manifest.toml index a38d730..fe1970d 100644 --- a/manifest.toml +++ b/manifest.toml @@ -33,18 +33,7 @@ ram.runtime = "50M" [install] [install.domain] # this is a generic question - ask strings are automatically handled by YunoHost's core - type = "domain" - - [install.path] - # this is a generic question - ask strings are automatically handled by YunoHost's core - type = "path" - default = "/syncserver" - - [install.init_main_permission] - # this is a generic question - ask strings are automatically handled by YunoHost's core - # This won't be saved as setting and will instead be used to initialize the SSOwat permission - type = "group" - default = "visitors" + type = "domain" [resources] # See the packaging documentation for the full set @@ -72,6 +61,8 @@ ram.runtime = "50M" [resources.permissions] main.url = "/" main.show_tile = false + main.allowed = "visitors" + main.protected = true # This will pick a random port for reverse-proxying and store it as the $port setting [resources.ports] diff --git a/scripts/backup b/scripts/backup index 4eca8dd..6d7c8b0 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,8 +1,5 @@ #!/bin/bash -#### App file generated with YoloGen, the Yunohost app generator, version 0.6.5. -# This is the tutorial version of the app. -# It contains extra commands to explain what should be done in case you want to adjust some part of the script. -# Once you are done, you may remove them. + #================================================= # GENERIC START #================================================= @@ -18,10 +15,6 @@ source /usr/share/yunohost/helpers #================================================= ynh_print_info --message="Declaring files to be backed up..." -### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs -### to be backuped and not an actual copy of any file. The actual backup that -### creates and fill the archive with the files happens in the core after this -### script is called. Hence ynh_backups calls takes basically 0 seconds to run. #================================================= # BACKUP THE APP MAIN DIR #================================================= @@ -34,12 +27,6 @@ ynh_backup --src_path="$install_dir" ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# BACKUP FAIL2BAN CONFIGURATION -#================================================= - -ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" #================================================= # SPECIFIC BACKUP #================================================= @@ -47,19 +34,12 @@ ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" #================================================= ynh_backup --src_path="/etc/logrotate.d/$app" + #================================================= # BACKUP SYSTEMD #================================================= ynh_backup --src_path="/etc/systemd/system/$app.service" -#================================================= -# BACKUP VARIOUS FILES -#================================================= - -ynh_backup --src_path="/etc/cron.d/$app" - -ynh_backup --src_path="/etc/$app/" - #================================================= # BACKUP THE DATABASE @@ -70,6 +50,8 @@ ynh_print_info --message="Backing up the mysql database..." ### copy of the generated dump to the archive still happens later) ynh_mysql_dump_db --database="$db_name" > db.sql +ynh_mysql_dump_db --database="$db_name_tokenserver" > db_tokenserver.sql + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/change_url b/scripts/change_url index f0964a6..fcd0508 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -16,7 +16,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" --line_match="Server closing" #================================================= # MODIFY URL IN NGINX CONF @@ -28,9 +28,11 @@ ynh_change_url_nginx_config #================================================= # SPECIFIC MODIFICATIONS #================================================= -# ... +# Retarget worker nodes #================================================= +ynh_mysql_execute_as_root --sql="UPDATE nodes set node='https://$new_domain' WHERE node='https://$old_domain'" --database="$db_name_tokenserver"; + #================================================= # GENERIC FINALISATION #================================================= @@ -38,7 +40,7 @@ ynh_change_url_nginx_config #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Server running on http://127.0.0.1" #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 42cfea4..d8b6554 100644 --- a/scripts/install +++ b/scripts/install @@ -14,12 +14,15 @@ source /usr/share/yunohost/helpers secret=$(ynh_string_random --length=40) master_secret=$(ynh_string_random --length=40) db_name_tokenserver="${db_name}_tokenserver" + ynh_app_setting_set --app=$app --key=db_name_tokenserver --value=$db_name_tokenserver +ynh_app_setting_set --app=$app --key=secret --value=$secret +ynh_app_setting_set --app=$app --key=master_secret --value=$master_secret #================================================= # INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Installing dependencies..." --weight=10 +ynh_script_progression --message="Installing dependencies..." --weight=5 ynh_exec_warn_less ynh_exec_as $app RUSTUP_HOME="$install_dir"/.rustup CARGO_HOME="$install_dir"/.cargo bash -c 'curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -q -y' export PATH="$install_dir/.cargo/bin:$PATH" @@ -98,7 +101,7 @@ ynh_add_nginx_config # Create a dedicated systemd config ynh_add_systemd_config -mkdir /var/log/$app +mkdir -p /var/log/$app touch /var/log/$app/$app.log chown -R $app: /var/log/$app @@ -107,8 +110,6 @@ yunohost service add $app --description="Firefox Sync Server (Rust)" --log="/var # Use logrotate to manage application logfile(s) ynh_use_logrotate -# Create a dedicated Fail2Ban config -#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="" #================================================= # APP INITIAL CONFIGURATION #================================================= @@ -132,7 +133,8 @@ chown $app:$app "$install_dir/config.toml" ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Server running on http://127.0.0.1" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 0714e5f..4346d9e 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,8 +1,5 @@ #!/bin/bash -#### App file generated with YoloGen, the Yunohost app generator, version 0.6.5. -# This is the tutorial version of the app. -# It contains extra commands to explain what should be done in case you want to adjust some part of the script. -# Once you are done, you may remove them. + #================================================= # GENERIC START #================================================= @@ -20,18 +17,20 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" -# $install_dir will automatically be initialized with some decent -# permission by default ... however, you may need to recursively reapply -# ownership to all files such as after the ynh_setup_source step chown -R $app:www-data "$install_dir" #================================================= # RESTORE THE MYSQL DATABASE #================================================= - ynh_script_progression --message="Restoring the MySQL database..." --weight=1 +ynh_script_progression --message="Restoring the MySQL database..." --weight=1 ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql - #================================================= + +ynh_script_progression --message="Restoring tokenserver database..." --weight=1 +ynh_mysql_create_db "$db_name_tokenserver" "$db_user" "$db_pwd" +ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name_tokenserver < ./db_tokenserver.sql + +#================================================= # RESTORE SYSTEM CONFIGURATIONS #================================================= # RESTORE THE PHP-FPM CONFIGURATION @@ -45,15 +44,12 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet +mkdir -p /var/log/$app +touch /var/log/$app/$app.log +chown -R $app: /var/log/$app + yunohost service add $app --description="Firefox Sync Server (Rust)" --log="/var/log/$app/$app.log" ynh_restore_file --origin_path="/etc/logrotate.d/$app" -ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" -ynh_systemd_action --action=restart --service_name=fail2ban -# Other various files... - -ynh_restore_file --origin_path="/etc/cron.d/$app" -ynh_restore_file --origin_path="/etc/$app/" #================================================= # GENERIC FINALIZATION @@ -62,10 +58,11 @@ ynh_restore_file --origin_path="/etc/$app/" #================================================= ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 -# Typically you only have either $app or php-fpm but not both at the same time... -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=nginx --action=reload +# Typically you only have either $app or php-fpm but not both at the same time... +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Server running on http://127.0.0.1" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 1c17fd3..d710d77 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,8 +1,5 @@ #!/bin/bash -#### App file generated with YoloGen, the Yunohost app generator, version 0.6.5. -# This is the tutorial version of the app. -# It contains extra commands to explain what should be done in case you want to adjust some part of the script. -# Once you are done, you may remove them. + #================================================= # GENERIC START #================================================= @@ -12,57 +9,26 @@ source _common.sh source /usr/share/yunohost/helpers -# Settings are automatically loaded as bash variables -# in every app script context, therefore typically these will exist: -# - $domain -# - $path -# - $language -# - $install_dir -# - $port -# ... - -# In the context of upgrade, -# - resources are automatically provisioned / updated / deleted (depending on existing resources) -# - a safety backup is automatically created by the core and will be restored if the upgrade fails - -### This helper will compare the version of the currently installed app and the version of the upstream package. -### $upgrade_type can have 2 different values -### - UPGRADE_APP if the upstream app version has changed -### - UPGRADE_PACKAGE if only the YunoHost package has changed -### ynh_check_app_version_changed will stop the upgrade if the app is up to date. -### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. upgrade_type=$(ynh_check_app_version_changed) #================================================= # STANDARD UPGRADE STEPS #================================================= -# ENSURE DOWNWARD COMPATIBILITY -#================================================= -#ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 - -# -# N.B. : the followings setting migrations snippets are provided as *EXAMPLES* -# of what you may want to do in some cases (e.g. a setting was not defined on -# some legacy installs and you therefore want to initiaze stuff during upgrade) -# - -# If db_name doesn't exist, create it -#if [ -z "$db_name" ]; then -# db_name=$(ynh_sanitize_dbid --db_name=$app) -# ynh_app_setting_set --app=$app --key=db_name --value=$db_name -#fi - -# If install_dir doesn't exist, create it -#if [ -z "$install_dir" ]; then -# install_dir=/var/www/$app -# ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir -#fi -#================================================= # STOP SYSTEMD SERVICE #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" --line_match="Server closing" + +#================================================= +# INSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Installing dependencies..." --weight=5 + +ynh_exec_warn_less ynh_exec_as $app RUSTUP_HOME="$install_dir"/.rustup CARGO_HOME="$install_dir"/.cargo bash -c 'curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -q -y' +export PATH="$install_dir/.cargo/bin:$PATH" +ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH cargo install diesel_cli --no-default-features --features 'mysql' + #================================================= # "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...) #================================================= @@ -74,7 +40,7 @@ then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$install_dir" + ynh_setup_source --dest_dir="$install_dir/build" fi # $install_dir will automatically be initialized with some decent @@ -82,6 +48,39 @@ fi # ownership to all files such as after the ynh_setup_source step chown -R $app:www-data "$install_dir" +#================================================= +# BUILD +#================================================= + +ynh_script_progression --message="Building the sources (it will take some time)..." --weight=10 + +ynh_exec_as $app python -m venv "${install_dir}/venv" +( + set +o nounset + source "${install_dir}/venv/bin/activate" + set -o nounset + + ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH $install_dir/venv/bin/pip install --upgrade pip + ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH $install_dir/venv/bin/pip install --upgrade setuptools + pushd $install_dir/build + ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH $install_dir/venv/bin/pip install -r requirements.txt + ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH $install_dir/venv/bin/pip install -r tools/tokenserver/requirements.txt + ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH cargo install --path ./syncserver --locked --root $install_dir --no-default-features --features=syncstorage-db/mysql + + ynh_script_progression --message="Seeding the databases..." + # syncstorage db + diesel --database-url "mysql://$db_user:${db_pwd}@localhost/$db_name" migration --migration-dir syncstorage-mysql/migrations run + + # tokenserver db + diesel --database-url "mysql://$db_user:${db_pwd}@localhost/$db_name_tokenserver" migration --migration-dir tokenserver-db/migrations run + popd +) + +ynh_secure_remove --file="$install_dir/.cargo" +ynh_secure_remove --file="$install_dir/.rustup" +ynh_secure_remove --file="$install_dir/.cache" +ynh_secure_remove --file="$install_dir/build" + #================================================= # REAPPLY SYSTEM CONFIGURATIONS #================================================= @@ -92,10 +91,15 @@ ynh_add_nginx_config ynh_add_systemd_config +mkdir -p /var/log/$app +touch /var/log/$app/$app.log +chown -R $app: /var/log/$app + yunohost service add $app --description="Firefox Sync Server (Rust)" --log="/var/log/$app/$app.log" -ynh_use_logrotate --non-append -# Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="" + +# Use logrotate to manage application logfile(s) +ynh_use_logrotate + #================================================= # RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...) #================================================= @@ -103,30 +107,21 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg #================================================= ynh_script_progression --message="Updating a configuration file..." --weight=1 -### Same as during install -### -### The file will automatically be backed-up if it's found to be manually modified (because -### ynh_add_config keeps track of the file's checksum) -ynh_add_config --template="sync.ini" --destination="$install_dir/sync.ini" +ynh_add_config --template="config.toml" --destination="$install_dir/config.toml" # FIXME: this should be handled by the core in the future # You may need to use chmod 600 instead of 400, # for example if the app is expected to be able to modify its own config -chmod 400 "$install_dir/some_config_file" -chown $app:$app "$install_dir/some_config_file" +chmod 400 "$install_dir/config.toml" +chown $app:$app "$install_dir/config.toml" -### For more complex cases where you want to replace stuff using regexes, -### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) -### When doing so, you also need to manually call ynh_store_file_checksum -### -### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$install_dir/some_config_file" -### ynh_store_file_checksum --file="$install_dir/some_config_file" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Server running on http://127.0.0.1" + #================================================= # END OF SCRIPT #=================================================