mirror of
https://github.com/YunoHost-Apps/tandoor_ynh.git
synced 2024-09-03 20:35:56 +02:00
initial
This commit is contained in:
parent
66a9dcec27
commit
f5dd425bd8
8 changed files with 231 additions and 227 deletions
167
conf/.env.template
Normal file
167
conf/.env.template
Normal file
|
@ -0,0 +1,167 @@
|
|||
# only set this to true when testing/debugging
|
||||
# when unset: 1 (true) - dont unset this, just for development
|
||||
DEBUG=0
|
||||
SQL_DEBUG=0
|
||||
|
||||
# HTTP port to bind to
|
||||
TANDOOR_PORT=__PORT__
|
||||
|
||||
# hosts the application can run under e.g. recipes.mydomain.com,cooking.mydomain.com,...
|
||||
ALLOWED_HOSTS=*
|
||||
|
||||
# random secret key, use for example `base64 /dev/urandom | head -c50` to generate one
|
||||
# ---------------------------- REQUIRED -------------------------
|
||||
SECRET_KEY=__SECRETKEY__
|
||||
# ---------------------------------------------------------------
|
||||
|
||||
# your default timezone See https://timezonedb.com/time-zones for a list of timezones
|
||||
TIMEZONE=Europe/Berlin
|
||||
|
||||
# add only a database password if you want to run with the default postgres, otherwise change settings accordingly
|
||||
DB_ENGINE=django.db.backends.postgresql
|
||||
# DB_OPTIONS= {} # e.g. {"sslmode":"require"} to enable ssl
|
||||
POSTGRES_HOST=127.0.0.1
|
||||
POSTGRES_PORT=5432
|
||||
POSTGRES_USER=__DB_NAME__
|
||||
# ---------------------------- REQUIRED -------------------------
|
||||
POSTGRES_PASSWORD=__DB_PWD__
|
||||
# ---------------------------------------------------------------
|
||||
POSTGRES_DB=__DB_NAME__
|
||||
|
||||
# database connection string, when used overrides other database settings.
|
||||
# format might vary depending on backend
|
||||
# DATABASE_URL = engine://username:password@host:port/dbname
|
||||
|
||||
# the default value for the user preference 'fractions' (enable/disable fraction support)
|
||||
# default: disabled=0
|
||||
FRACTION_PREF_DEFAULT=0
|
||||
|
||||
# the default value for the user preference 'comments' (enable/disable commenting system)
|
||||
# default comments enabled=1
|
||||
COMMENT_PREF_DEFAULT=1
|
||||
|
||||
# Users can set a amount of time after which the shopping list is refreshed when they are in viewing mode
|
||||
# This is the minimum interval users can set. Setting this to low will allow users to refresh very frequently which
|
||||
# might cause high load on the server. (Technically they can obviously refresh as often as they want with their own scripts)
|
||||
SHOPPING_MIN_AUTOSYNC_INTERVAL=5
|
||||
|
||||
# Default for user setting sticky navbar
|
||||
# STICKY_NAV_PREF_DEFAULT=1
|
||||
|
||||
# If base URL is something other than just / (you are serving a subfolder in your proxy for instance http://recipe_app/recipes/)
|
||||
# Be sure to not have a trailing slash: e.g. '/recipes' instead of '/recipes/'
|
||||
SCRIPT_NAME=__PATH__
|
||||
|
||||
# If staticfiles are stored at a different location uncomment and change accordingly, MUST END IN /
|
||||
# this is not required if you are just using a subfolder
|
||||
# This can either be a relative path from the applications base path or the url of an external host
|
||||
# STATIC_URL=/static/
|
||||
|
||||
# If mediafiles are stored at a different location uncomment and change accordingly, MUST END IN /
|
||||
# this is not required if you are just using a subfolder
|
||||
# This can either be a relative path from the applications base path or the url of an external host
|
||||
# MEDIA_URL=/media/
|
||||
|
||||
# Serve mediafiles directly using gunicorn. Basically everyone recommends not doing this. Please use any of the examples
|
||||
# provided that include an additional nxginx container to handle media file serving.
|
||||
# If you know what you are doing turn this back on (1) to serve media files using djangos serve() method.
|
||||
# when unset: 1 (true) - this is temporary until an appropriate amount of time has passed for everyone to migrate
|
||||
GUNICORN_MEDIA=0
|
||||
|
||||
# GUNICORN SERVER RELATED SETTINGS (see https://docs.gunicorn.org/en/stable/design.html#how-many-workers for recommended settings)
|
||||
# GUNICORN_WORKERS=1
|
||||
# GUNICORN_THREADS=1
|
||||
|
||||
# S3 Media settings: store mediafiles in s3 or any compatible storage backend (e.g. minio)
|
||||
# as long as S3_ACCESS_KEY is not set S3 features are disabled
|
||||
# S3_ACCESS_KEY=
|
||||
# S3_SECRET_ACCESS_KEY=
|
||||
# S3_BUCKET_NAME=
|
||||
# S3_REGION_NAME= # default none, set your region might be required
|
||||
# S3_QUERYSTRING_AUTH=1 # default true, set to 0 to serve media from a public bucket without signed urls
|
||||
# S3_QUERYSTRING_EXPIRE=3600 # number of seconds querystring are valid for
|
||||
# S3_ENDPOINT_URL= # when using a custom endpoint like minio
|
||||
# S3_CUSTOM_DOMAIN= # when using a CDN/proxy to S3 (see https://github.com/TandoorRecipes/recipes/issues/1943)
|
||||
|
||||
# Email Settings, see https://docs.djangoproject.com/en/3.2/ref/settings/#email-host
|
||||
# Required for email confirmation and password reset (automatically activates if host is set)
|
||||
# EMAIL_HOST=
|
||||
# EMAIL_PORT=
|
||||
# EMAIL_HOST_USER=
|
||||
# EMAIL_HOST_PASSWORD=
|
||||
# EMAIL_USE_TLS=0
|
||||
# EMAIL_USE_SSL=0
|
||||
# email sender address (default 'webmaster@localhost')
|
||||
# DEFAULT_FROM_EMAIL=
|
||||
# prefix used for account related emails (default "[Tandoor Recipes] ")
|
||||
# ACCOUNT_EMAIL_SUBJECT_PREFIX=
|
||||
|
||||
# allow authentication via reverse proxy (e.g. authelia), leave off if you dont know what you are doing
|
||||
# see docs for more information https://vabene1111.github.io/recipes/features/authentication/
|
||||
# when unset: 0 (false)
|
||||
REVERSE_PROXY_AUTH=0
|
||||
|
||||
# Default settings for spaces, apply per space and can be changed in the admin view
|
||||
# SPACE_DEFAULT_MAX_RECIPES=0 # 0=unlimited recipes
|
||||
# SPACE_DEFAULT_MAX_USERS=0 # 0=unlimited users per space
|
||||
# SPACE_DEFAULT_MAX_FILES=0 # Maximum file storage for space in MB. 0 for unlimited, -1 to disable file upload.
|
||||
# SPACE_DEFAULT_ALLOW_SHARING=1 # Allow users to share recipes with public links
|
||||
|
||||
# allow people to create accounts on your application instance (without an invite link)
|
||||
# when unset: 0 (false)
|
||||
# ENABLE_SIGNUP=0
|
||||
|
||||
# If signup is enabled you might want to add a captcha to it to prevent spam
|
||||
# HCAPTCHA_SITEKEY=
|
||||
# HCAPTCHA_SECRET=
|
||||
|
||||
# if signup is enabled you might want to provide urls to data protection policies or terms and conditions
|
||||
# TERMS_URL=
|
||||
# PRIVACY_URL=
|
||||
# IMPRINT_URL=
|
||||
|
||||
# enable serving of prometheus metrics under the /metrics path
|
||||
# ATTENTION: view is not secured (as per the prometheus default way) so make sure to secure it
|
||||
# trough your web server (or leave it open of you dont care if the stats are exposed)
|
||||
# ENABLE_METRICS=0
|
||||
|
||||
# allows you to setup OAuth providers
|
||||
# see docs for more information https://vabene1111.github.io/recipes/features/authentication/
|
||||
# SOCIAL_PROVIDERS = allauth.socialaccount.providers.github, allauth.socialaccount.providers.nextcloud,
|
||||
|
||||
# Should a newly created user from a social provider get assigned to the default space and given permission by default ?
|
||||
# ATTENTION: This feature might be deprecated in favor of a space join and public viewing system in the future
|
||||
# default 0 (false), when 1 (true) users will be assigned space and group
|
||||
# SOCIAL_DEFAULT_ACCESS = 1
|
||||
|
||||
# if SOCIAL_DEFAULT_ACCESS is used, which group should be added
|
||||
# SOCIAL_DEFAULT_GROUP=guest
|
||||
|
||||
# Django session cookie settings. Can be changed to allow a single django application to authenticate several applications
|
||||
# when running under the same database
|
||||
# SESSION_COOKIE_DOMAIN=.example.com
|
||||
# SESSION_COOKIE_NAME=sessionid # use this only to not interfere with non unified django applications under the same top level domain
|
||||
|
||||
# by default SORT_TREE_BY_NAME is disabled this will store all Keywords and Food in the order they are created
|
||||
# enabling this setting makes saving new keywords and foods very slow, which doesn't matter in most usecases.
|
||||
# however, when doing large imports of recipes that will create new objects, can increase total run time by 10-15x
|
||||
# Keywords and Food can be manually sorted by name in Admin
|
||||
# This value can also be temporarily changed in Admin, it will revert the next time the application is started
|
||||
# This will be fixed/changed in the future by changing the implementation or finding a better workaround for sorting
|
||||
# SORT_TREE_BY_NAME=0
|
||||
# LDAP authentication
|
||||
# default 0 (false), when 1 (true) list of allowed users will be fetched from LDAP server
|
||||
LDAP_AUTH=1
|
||||
AUTH_LDAP_SERVER_URI="ldap://localhost:389"
|
||||
AUTH_LDAP_BIND_DN="ou=users,dc=yunohost,dc=org"
|
||||
AUTH_LDAP_BIND_PASSWORD=""
|
||||
AUTH_LDAP_USER_SEARCH_BASE_DN=""
|
||||
#AUTH_LDAP_TLS_CACERTFILE=
|
||||
|
||||
# Enables exporting PDF (see export docs)
|
||||
# Disabled by default, uncomment to enable
|
||||
# ENABLE_PDF_EXPORT=1
|
||||
|
||||
# Recipe exports are cached for a certain time by default, adjust time if needed
|
||||
# EXPORT_FILE_CACHE_DURATION=600
|
||||
|
|
@ -1,5 +1,5 @@
|
|||
SOURCE_URL=url of app's source
|
||||
SOURCE_SUM=sha256 checksum
|
||||
SOURCE_URL=https://github.com/TandoorRecipes/recipes/archive/refs/tags/1.3.3.tar.gz
|
||||
SOURCE_SUM=887df9ac51162605fc43fd4437d956db4fcfeac68955ed8ecac6305aeb9ad68c
|
||||
SOURCE_SUM_PRG=sha256sum
|
||||
SOURCE_FORMAT=tar.gz
|
||||
SOURCE_IN_SUBDIR=true
|
||||
|
|
|
@ -1,45 +1,16 @@
|
|||
[Unit]
|
||||
Description=Small description of the service
|
||||
Description=gunicorn daemon for recipes
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=__APP__
|
||||
Group=__APP__
|
||||
WorkingDirectory=__FINALPATH__/
|
||||
ExecStart=__FINALPATH__/script
|
||||
StandardOutput=append:/var/log/__APP__/__APP__.log
|
||||
StandardError=inherit
|
||||
|
||||
# Sandboxing options to harden security
|
||||
# Depending on specificities of your service/app, you may need to tweak these
|
||||
# .. but this should be a good baseline
|
||||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
NoNewPrivileges=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
DevicePolicy=closed
|
||||
ProtectSystem=full
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
LockPersonality=yes
|
||||
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
|
||||
|
||||
# Denying access to capabilities that should not be relevant for webapps
|
||||
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||
Restart=always
|
||||
RestartSec=3
|
||||
User=recipes
|
||||
Group=www-data
|
||||
WorkingDirectory=__FINAL_PATH__
|
||||
EnvironmentFile=__FINAL_PATH__/.env
|
||||
ExecStart=__FINAL_PATH__/bin/gunicorn --error-logfile /tmp/gunicorn_err.log --log-level debug --capture-output --bind unix:__FINAL_PATH__/recipes.sock recipes.wsgi:application
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
WantedBy=multi-user.target
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "Example app",
|
||||
"id": "example",
|
||||
"name": "Tandoor",
|
||||
"id": "tandoor",
|
||||
"packaging_format": 1,
|
||||
"description": {
|
||||
"en": "Explain in *a few (10~15) words* the purpose of the app or what it actually does (it is meant to give a rough idea to users browsing a catalog of 100+ apps)",
|
||||
|
@ -46,28 +46,6 @@
|
|||
"name": "is_public",
|
||||
"type": "boolean",
|
||||
"default": true
|
||||
},
|
||||
{
|
||||
"name": "language",
|
||||
"type": "string",
|
||||
"ask": {
|
||||
"en": "Choose the application language",
|
||||
"fr": "Choisissez la langue de l'application"
|
||||
},
|
||||
"choices": ["fr", "en"],
|
||||
"default": "fr"
|
||||
},
|
||||
{
|
||||
"name": "admin",
|
||||
"type": "user"
|
||||
},
|
||||
{
|
||||
"name": "password",
|
||||
"type": "password",
|
||||
"help": {
|
||||
"en": "Use the help field to add an information for the admin about this question.",
|
||||
"fr": "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question."
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
@ -3,25 +3,11 @@
|
|||
#=================================================
|
||||
# COMMON VARIABLES
|
||||
#=================================================
|
||||
# PHP APP SPECIFIC
|
||||
#=================================================
|
||||
# Depending on its version, YunoHost uses different default PHP version:
|
||||
## YunoHost version "11.X" => PHP 7.4
|
||||
## YunoHost version "4.X" => PHP 7.3
|
||||
#
|
||||
# This behaviour can be overridden by setting the YNH_PHP_VERSION variable
|
||||
#YNH_PHP_VERSION=7.3
|
||||
#YNH_PHP_VERSION=7.4
|
||||
#YNH_PHP_VERSION=8.0
|
||||
# For more information, see the PHP application helper: https://github.com/YunoHost/yunohost/blob/dev/helpers/php#L3-L6
|
||||
# Or this app package depending on PHP: https://github.com/YunoHost-Apps/grav_ynh/blob/master/scripts/_common.sh
|
||||
# PHP dependencies used by the app (must be on a single line)
|
||||
#php_dependencies="php$YNH_PHP_VERSION-deb1 php$YNH_PHP_VERSION-deb2"
|
||||
# or, if you do not need a custom YNH_PHP_VERSION:
|
||||
php_dependencies="php$YNH_DEFAULT_PHP_VERSION-deb1 php$YNH_DEFAULT_PHP_VERSION-deb2"
|
||||
|
||||
# dependencies used by the app (must be on a single line)
|
||||
pkg_dependencies="deb1 deb2 $php_dependencies"
|
||||
pkg_dependencies="git curl python3 python3-pip python3-venv libpq-dev postgresql libsasl2-dev python3-dev libldap2-dev libssl-dev"
|
||||
|
||||
nodejs_version=16
|
||||
|
||||
#=================================================
|
||||
# PERSONAL HELPERS
|
||||
|
|
164
scripts/install
164
scripts/install
|
@ -27,33 +27,14 @@ ynh_abort_if_errors
|
|||
domain=$YNH_APP_ARG_DOMAIN
|
||||
path_url=$YNH_APP_ARG_PATH
|
||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
||||
language=$YNH_APP_ARG_LANGUAGE
|
||||
admin=$YNH_APP_ARG_ADMIN
|
||||
password=$YNH_APP_ARG_PASSWORD
|
||||
|
||||
### If it's a multi-instance app, meaning it can be installed several times independently
|
||||
### The id of the app as stated in the manifest is available as $YNH_APP_ID
|
||||
### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...)
|
||||
### The app instance name is available as $YNH_APP_INSTANCE_NAME
|
||||
### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
|
||||
### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
|
||||
### - ynhexample__{N} for the subsequent installations, with N=3,4...
|
||||
### The app instance name is probably what interests you most, since this is
|
||||
### guaranteed to be unique. This is a good unique identifier to define installation path,
|
||||
### db names...
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
secretkey=$(ynh_string_random --length=12)
|
||||
|
||||
#=================================================
|
||||
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
||||
#=================================================
|
||||
### About --weight and --time
|
||||
### ynh_script_progression will show to your final users the progression of each scripts.
|
||||
### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script.
|
||||
### --time is a packager option, it will show you the execution time since the previous call.
|
||||
### This option should be removed before releasing your app.
|
||||
### Use the execution time, given by --time, to estimate the weight of a step.
|
||||
### A common way to do it is to set a weight equal to the execution time in second +1.
|
||||
### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call.
|
||||
ynh_script_progression --message="Validating installation parameters..." --time --weight=1
|
||||
|
||||
### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
|
||||
|
@ -71,8 +52,7 @@ ynh_script_progression --message="Storing installation settings..." --time --wei
|
|||
|
||||
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
||||
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
||||
ynh_app_setting_set --app=$app --key=language --value=$language
|
||||
ynh_app_setting_set --app=$app --key=admin --value=$admin
|
||||
ynh_app_setting_set --app=$app --key=secretkey --value=$secretkey
|
||||
|
||||
#=================================================
|
||||
# STANDARD MODIFICATIONS
|
||||
|
@ -81,38 +61,23 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
|
|||
#=================================================
|
||||
ynh_script_progression --message="Finding an available port..." --time --weight=1
|
||||
|
||||
### Use these lines if you have to open a port for the application
|
||||
### `ynh_find_port` will find the first available port starting from the given port.
|
||||
### If you're not using these lines:
|
||||
### - Remove the section "CLOSE A PORT" in the remove script
|
||||
|
||||
# Find an available port
|
||||
port=$(ynh_find_port --port=8095)
|
||||
ynh_app_setting_set --app=$app --key=port --value=$port
|
||||
|
||||
# Optional: Expose this port publicly
|
||||
# (N.B.: you only need to do this if the app actually needs to expose the port publicly.
|
||||
# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !)
|
||||
|
||||
# Open the port
|
||||
# ynh_script_progression --message="Configuring firewall..." --time --weight=1
|
||||
# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
|
||||
|
||||
#=================================================
|
||||
# INSTALL DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Installing dependencies..." --time --weight=1
|
||||
|
||||
### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package.
|
||||
### Those deb packages will be installed as dependencies of this package.
|
||||
### If you're not using this helper:
|
||||
### - Remove the section "REMOVE DEPENDENCIES" in the remove script
|
||||
### - Remove the variable "pkg_dependencies" in _common.sh
|
||||
### - As well as the section "REINSTALL DEPENDENCIES" in the restore script
|
||||
### - And the section "UPGRADE DEPENDENCIES" in the upgrade script
|
||||
ynh_script_progression --message="Installing dependencies..." --time --weight=5
|
||||
|
||||
ynh_install_app_dependencies $pkg_dependencies
|
||||
|
||||
# Install Nodejs
|
||||
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
|
||||
|
||||
# Install Yarn
|
||||
ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
|
||||
|
||||
#=================================================
|
||||
# CREATE DEDICATED USER
|
||||
#=================================================
|
||||
|
@ -122,66 +87,30 @@ ynh_script_progression --message="Configuring system user..." --time --weight=1
|
|||
ynh_system_user_create --username=$app --home_dir="$final_path"
|
||||
|
||||
#=================================================
|
||||
# CREATE A MYSQL DATABASE
|
||||
# CREATE A PostgreSQL DATABASE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Creating a MySQL database..." --time --weight=1
|
||||
|
||||
### Use these lines if you need a database for the application.
|
||||
### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password.
|
||||
### The password will be stored as 'mysqlpwd' into the app settings,
|
||||
### and will be available as $db_pwd
|
||||
### If you're not using these lines:
|
||||
### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script
|
||||
### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script
|
||||
### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script
|
||||
ynh_script_progression --message="Creating a PostgreSQL database..." --time --weight=1
|
||||
|
||||
db_name=$(ynh_sanitize_dbid --db_name=$app)
|
||||
db_user=$db_name
|
||||
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
|
||||
ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
|
||||
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name
|
||||
|
||||
ynh_psql_connect_as $db_user $db_pwd <<< "ALTER DATABASE $db_name OWNER TO $db_user;"
|
||||
|
||||
#=================================================
|
||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Setting up source files..." --time --weight=1
|
||||
|
||||
### `ynh_setup_source` is used to install an app from a zip or tar.gz file,
|
||||
### downloaded from an upstream source, like a git repository.
|
||||
### `ynh_setup_source` use the file conf/app.src
|
||||
|
||||
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
||||
# Download, check integrity, uncompress and patch the source from app.src
|
||||
ynh_setup_source --dest_dir="$final_path"
|
||||
|
||||
# FIXME: this should be managed by the core in the future
|
||||
# Here, as a packager, you may have to tweak the ownerhsip/permissions
|
||||
# such that the appropriate users (e.g. maybe www-data) can access
|
||||
# files in some cases.
|
||||
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
|
||||
# this will be treated as a security issue.
|
||||
chmod 750 "$final_path"
|
||||
chmod -R o-rwx "$final_path"
|
||||
chown -R $app:www-data "$final_path"
|
||||
|
||||
#=================================================
|
||||
# PHP-FPM CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring PHP-FPM..." --time --weight=1
|
||||
|
||||
### `ynh_add_fpm_config` is used to set up a PHP config.
|
||||
### You can remove it if your app doesn't use PHP.
|
||||
### `ynh_add_fpm_config` will use the files conf/php-fpm.conf
|
||||
### If you're not using these lines:
|
||||
### - You can remove these files in conf/.
|
||||
### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script
|
||||
### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script
|
||||
### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script
|
||||
### with the reload at the end of the script.
|
||||
### - And the section "PHP-FPM CONFIGURATION" in the upgrade script
|
||||
|
||||
# Create a dedicated PHP-FPM config
|
||||
ynh_add_fpm_config
|
||||
|
||||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
|
@ -192,11 +121,38 @@ ynh_script_progression --message="Configuring NGINX web server..." --time --weig
|
|||
# Create a dedicated NGINX config
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
# ADD A CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Adding a configuration file..." --time --weight=1
|
||||
|
||||
ynh_add_config --template=".env.template" --destination="$final_path/.env"
|
||||
|
||||
chmod 400 "$final_path/some_config_file"
|
||||
chown $app:$app "$final_path/some_config_file"
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC SETUP
|
||||
#=================================================
|
||||
# ...
|
||||
#=================================================
|
||||
ynh_script_progression --message="Setting up Tandoor dependencies..." --weight=1
|
||||
|
||||
ynh_exec_as $app python3 -m venv "$final_path/venv"
|
||||
|
||||
pushd "$final_path"
|
||||
ynh_exec_as $app "$final_path/venv/bin/pip3" install -r requirements.txt
|
||||
popd
|
||||
|
||||
pushd "$final_path/vue"
|
||||
ynh_use_nodejs
|
||||
yarn install
|
||||
yarn build
|
||||
popd
|
||||
|
||||
pushd "$final_path"
|
||||
ynh_exec_as $app "$final_path/venv/bin/python3" manage.py migrate
|
||||
ynh_psql_connect_as $db_user $db_pwd <<< "ALTER USER $app WITH NOSUPERUSER;"
|
||||
popd
|
||||
|
||||
|
||||
#=================================================
|
||||
# CREATE DATA DIRECTORY
|
||||
|
@ -226,38 +182,6 @@ chmod 750 "$datadir"
|
|||
chmod -R o-rwx "$datadir"
|
||||
chown -R $app:www-data "$datadir"
|
||||
|
||||
#=================================================
|
||||
# ADD A CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Adding a configuration file..." --time --weight=1
|
||||
|
||||
### You can add specific configuration files.
|
||||
###
|
||||
### Typically, put your template conf file in ../conf/your_config_file
|
||||
### The template may contain strings such as __FOO__ or __FOO_BAR__,
|
||||
### which will automatically be replaced by the values of $foo and $foo_bar
|
||||
###
|
||||
### ynh_add_config will also keep track of the config file's checksum,
|
||||
### which later during upgrade may allow to automatically backup the config file
|
||||
### if it's found that the file was manually modified
|
||||
###
|
||||
### Check the documentation of `ynh_add_config` for more info.
|
||||
|
||||
ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file"
|
||||
|
||||
# FIXME: this should be handled by the core in the future
|
||||
# You may need to use chmod 600 instead of 400,
|
||||
# for example if the app is expected to be able to modify its own config
|
||||
chmod 400 "$final_path/some_config_file"
|
||||
chown $app:$app "$final_path/some_config_file"
|
||||
|
||||
### For more complex cases where you want to replace stuff using regexes,
|
||||
### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
|
||||
### When doing so, you also need to manually call ynh_store_file_checksum
|
||||
###
|
||||
### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file"
|
||||
### ynh_store_file_checksum --file="$final_path/some_config_file"
|
||||
|
||||
#=================================================
|
||||
# SETUP SYSTEMD
|
||||
#=================================================
|
||||
|
|
|
@ -53,12 +53,12 @@ ynh_script_progression --message="Removing logrotate configuration..." --time --
|
|||
ynh_remove_logrotate
|
||||
|
||||
#=================================================
|
||||
# REMOVE THE MYSQL DATABASE
|
||||
# REMOVE THE PostgreSQL DATABASE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing the MySQL database..." --time --weight=1
|
||||
ynh_script_progression --message="Removing the PostgreSQL database..." --time --weight=1
|
||||
|
||||
# Remove a database if it exists, along with the associated user
|
||||
ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name
|
||||
ynh_psql_remove_db --db_user=$db_user --db_name=$db_name
|
||||
|
||||
#=================================================
|
||||
# REMOVE APP MAIN DIR
|
||||
|
@ -87,14 +87,6 @@ ynh_script_progression --message="Removing NGINX web server configuration..." --
|
|||
# Remove the dedicated NGINX config
|
||||
ynh_remove_nginx_config
|
||||
|
||||
#=================================================
|
||||
# REMOVE PHP-FPM CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing PHP-FPM configuration..." --time --weight=1
|
||||
|
||||
# Remove the dedicated PHP-FPM config
|
||||
ynh_remove_fpm_config
|
||||
|
||||
#=================================================
|
||||
# REMOVE DEPENDENCIES
|
||||
#=================================================
|
||||
|
@ -113,14 +105,6 @@ then
|
|||
ynh_exec_warn_less yunohost firewall disallow TCP $port
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# REMOVE FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing Fail2Ban configuration..." --time --weight=1
|
||||
|
||||
# Remove the dedicated Fail2Ban config
|
||||
ynh_remove_fail2ban_config
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC REMOVE
|
||||
#=================================================
|
||||
|
@ -128,12 +112,6 @@ ynh_remove_fail2ban_config
|
|||
#=================================================
|
||||
ynh_script_progression --message="Removing various files..." --time --weight=1
|
||||
|
||||
# Remove a cron file
|
||||
ynh_secure_remove --file="/etc/cron.d/$app"
|
||||
|
||||
# Remove a directory securely
|
||||
ynh_secure_remove --file="/etc/$app"
|
||||
|
||||
# Remove the log files
|
||||
ynh_secure_remove --file="/var/log/$app"
|
||||
|
||||
|
|
|
@ -128,7 +128,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
|||
#=================================================
|
||||
ynh_script_progression --message="Restoring the MySQL database..." --time --weight=1
|
||||
|
||||
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
|
||||
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
|
||||
ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
|
||||
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
|
||||
|
||||
|
|
Loading…
Reference in a new issue