mirror of
https://github.com/YunoHost-Apps/teampass_ynh.git
synced 2024-09-03 20:26:37 +02:00
246 lines
10 KiB
Bash
246 lines
10 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC STARTING
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source _common.sh
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# MANAGE FAILURE OF THE SCRIPT
|
|
#=================================================
|
|
|
|
ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est détectée.
|
|
|
|
#=================================================
|
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
|
#=================================================
|
|
|
|
domain=$YNH_APP_ARG_DOMAIN
|
|
path_url=$YNH_APP_ARG_PATH
|
|
ynh_print_OFF; password_admin=$YNH_APP_ARG_PASSWORD; ynh_print_ON
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
|
|
#=================================================
|
|
# CHECK IF THE APP CAN BE INSTALLED WITH THIS ARGS
|
|
#=================================================
|
|
ynh_script_progression --message="Validating installation parameters..." --weight=1
|
|
|
|
final_path=/var/www/$app
|
|
test ! -e "$final_path" || ynh_die "This path already contains a folder"
|
|
|
|
# Register (book) web path
|
|
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
|
|
|
|
#=================================================
|
|
# STORE SETTINGS FROM MANIFEST
|
|
#=================================================
|
|
#=================================================
|
|
ynh_script_progression --message="Storing installation settings..." --weight=1
|
|
|
|
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
|
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
|
|
|
#=================================================
|
|
# STANDARD MODIFICATIONS
|
|
#=================================================
|
|
# CREATE A MYSQL DATABASE
|
|
#=================================================
|
|
ynh_script_progression --message="Creating a MySQL database..." --weight=2
|
|
|
|
db_name=$(ynh_sanitize_dbid $app)
|
|
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
|
|
ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name
|
|
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
ynh_script_progression --message="Setting up source files..." --weight=7
|
|
|
|
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
|
# Download, check integrity, uncompress and patch the source from app.src
|
|
ynh_setup_source --dest_dir="$final_path"
|
|
|
|
# Delete the install directory.
|
|
ynh_secure_remove "$final_path/install"
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring NGINX web server..." --weight=2
|
|
|
|
# Create a dedicated NGINX config
|
|
ynh_add_nginx_config
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring system user..." --weight=2
|
|
|
|
# Create a system user
|
|
ynh_system_user_create --username=$app
|
|
|
|
#=================================================
|
|
# PHP-FPM CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring PHP-FPM..." --weight=2
|
|
|
|
ynh_add_fpm_config # Créer le fichier de configuration du pool php-fpm et le configure.
|
|
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
|
|
|
|
#=================================================
|
|
# SPECIFIC SETUP
|
|
#=================================================
|
|
# FILL THE DATABASE
|
|
#=================================================
|
|
|
|
# Remplacement des variables dans le fichier sql
|
|
if [ $(echo $LANG | cut -c1-2) == "fr" ]
|
|
then
|
|
langue=french
|
|
folders="partagés"
|
|
roles=utilisateurs
|
|
else
|
|
langue=english
|
|
folders=shared
|
|
roles=users
|
|
fi
|
|
ynh_replace_string "__APP__" "$app" ../conf/populate.sql
|
|
ynh_replace_string "__FINALPATH__" "$final_path" ../conf/populate.sql
|
|
ynh_replace_string "__DOMAIN__" "$domain" ../conf/populate.sql
|
|
ynh_replace_string "__PATH__" "$path_url" ../conf/populate.sql
|
|
ynh_replace_string "__FOLDERS__" "$folders" ../conf/populate.sql
|
|
ynh_replace_string "__ROLES__" "$roles" ../conf/populate.sql
|
|
ynh_replace_string "__VERSION__" "$(sed -n 3p $final_path/changelog.txt)" ../conf/populate.sql
|
|
ynh_replace_string "__TIMEZONE__" "$(cat /etc/timezone)" ../conf/populate.sql
|
|
ynh_replace_string "__BCRYPT_MDP__" "$(php $final_path/mdphash.php $password_admin)" ../conf/populate.sql
|
|
ynh_replace_string "__LANG__" "$langue" ../conf/populate.sql
|
|
ynh_replace_string "__TIME__" "$(date +%s)" ../conf/populate.sql
|
|
|
|
# Enregistre les infos dans la config YunoHost
|
|
ynh_app_setting_set $app langue $langue
|
|
|
|
# Import du fichier SQL
|
|
ynh_mysql_connect_as $db_name $db_pwd $db_name < ../conf/populate.sql
|
|
|
|
#=================================================
|
|
# CREATE TP.CONFIG.PHP FILE
|
|
#=================================================
|
|
|
|
# The file tp.config.php is a dump of the admin part of the database.
|
|
tp_config_file="$final_path/includes/config/tp.config.php"
|
|
|
|
echo "<?php
|
|
global \$SETTINGS;
|
|
\$SETTINGS = array (" > $tp_config_file
|
|
|
|
while read settings
|
|
do
|
|
echo -n " '$(echo $settings | awk '{ print $1 }')'" >> $tp_config_file
|
|
echo " => '$(echo $settings | cut -d' ' -f2-)'," >> $tp_config_file
|
|
done <<< "$(ynh_mysql_execute_as_root "SELECT intitule, valeur FROM teampass_misc" $app)"
|
|
echo ");" >> $tp_config_file
|
|
|
|
#=================================================
|
|
# CONFIGURE TEAMPASS
|
|
#=================================================
|
|
|
|
# Remplacement des variables dans les fichier settings.php et sk.php
|
|
ynh_replace_string "__DB_USER__" "$db_name" ../conf/settings.php
|
|
ynh_replace_string "__DB_PWD__" "$db_pwd" ../conf/settings.php
|
|
ynh_replace_string "__FINALPATH__" "$final_path" ../conf/settings.php
|
|
path_sk_file=/etc/$app/
|
|
mkdir $path_sk_file
|
|
ynh_replace_string "__SKPATH__" "$path_sk_file" ../conf/settings.php
|
|
|
|
#=================================================
|
|
# CREATE A SALTKEY
|
|
#=================================================
|
|
|
|
saltkey=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d '[A-Za-z0-9]' | sed -n 's/\(.\{32\}\).*/\1/p')
|
|
ynh_replace_string "__SALTKEY__" "$saltkey" ../conf/sk.php
|
|
|
|
#=================================================
|
|
# COPY THE FILES
|
|
#=================================================
|
|
|
|
cp ../conf/sk.php $path_sk_file/sk.php
|
|
chown -R $app $path_sk_file
|
|
chmod 750 $path_sk_file
|
|
cp ../conf/settings.php $final_path/includes/config/settings.php
|
|
ynh_store_file_checksum "$final_path/includes/config/settings.php" # Enregistre la somme de contrôle du fichier de config
|
|
cp $final_path/includes/libraries/csrfp/libs/csrfp.config.sample.php $final_path/includes/libraries/csrfp/libs/csrfp.config.php # Créer le fichier de config de csrfp
|
|
ynh_replace_string "CSRFP_TOKEN\" => \"" "&$(head -n40 /dev/urandom | tr -c -d 'a-f0-9' | head -c50)" $final_path/includes/libraries/csrfp/libs/csrfp.config.php # Renseigne un token, valide en hexadécimal
|
|
ynh_replace_string "jsUrl\" => \"" "&includes/libraries/csrfp/js/csrfprotector.js" $final_path/includes/libraries/csrfp/libs/csrfp.config.php # Renseigne l'adresse de csrfprotector.js
|
|
|
|
#=================================================
|
|
# CREATE THE USERS
|
|
#=================================================
|
|
|
|
# Not used anymore, because the current version support ldap.
|
|
# But still I keep that here, just in case...
|
|
|
|
# Ajout des utilisateurs actuels dans la base yunohost
|
|
# teampass_users=$(ldapsearch -h localhost -b ou=users,dc=yunohost,dc=org -x objectClass=mailAccount uid | grep uid: | sed 's/uid: //' | xargs)
|
|
# id=1
|
|
# for teampassuser in $teampass_users
|
|
# do
|
|
# real_password=$(ynh_string_random) # Génère un mot de passe aléatoire
|
|
# password=$(php $final_path/mdphash.php $real_password)
|
|
# mail=$(ldapsearch -h localhost -b ou=users,dc=yunohost,dc=org -x uid=$teampassuser mail | grep mail: | sed 's/mail: //' | head -n1)
|
|
# Creation de l'utilisateur
|
|
# ynh_mysql_execute_as_root "INSERT INTO teampass_users (id, login, pw, groupes_visibles, derniers, key_tempo, last_pw_change, last_pw, admin, fonction_id, groupes_interdits, last_connexion, gestionnaire, email, favourites, latest_items, personal_folder, can_create_root_folder) VALUES (NULL, '$teampassuser', '$password', '1', '', '', '', '', '0', '1', '', '', '0', '$mail', '', '', '1', '1');" $app
|
|
# Creation du repertoire personnel
|
|
# id_user=$(ynh_mysql_execute_as_root "SELECT id from teampass_users where login='$teampassuser';" $app)
|
|
# ynh_mysql_execute_as_root "INSERT INTO teampass_nested_tree (id, parent_id, title, nleft, nright, nlevel, bloquer_creation, bloquer_modification, personal_folder, renewal_period) VALUES (NULL, 0, '$id_user', 0, 0, 1, 0, 0, 1, 0);" $app
|
|
#
|
|
# ((id++))
|
|
# done
|
|
|
|
#=================================================
|
|
# CREATE A CRON FILE FOR AN AUTOMATIC BACKUP
|
|
#=================================================
|
|
|
|
echo "0 0 * * 0 $app cd $final_path/backups && php script.backup.php" > /etc/cron.d/$app
|
|
# Add also a clean of old backup.
|
|
|
|
#=================================================
|
|
# GENERIC FINALISATION
|
|
#=================================================
|
|
# SECURING FILES AND DIRECTORIES
|
|
#=================================================
|
|
|
|
# Les fichiers appartiennent à root
|
|
chown -R root: $final_path
|
|
# Sauf certains dossiers includes, files et upload
|
|
chown -R $app $final_path/{includes,files,upload}
|
|
# Restreint l'accès au dossier de backup
|
|
chmod 750 $final_path/backups
|
|
|
|
#=================================================
|
|
# RELOAD NGINX
|
|
#=================================================
|
|
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
|
|
|
|
ynh_systemd_action --service_name=nginx --action=reload
|
|
|
|
#=================================================
|
|
# SEND A README FOR THE ADMIN
|
|
#=================================================
|
|
|
|
message="If you facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/teampass_ynh
|
|
|
|
!!! Be carreful when using this app, we have encountered many issues with the last upgrade. The next upgrade could be also difficult, and may need to reinstall the app and migrate manually."
|
|
|
|
ynh_send_readme_to_admin --app_message="$message" --recipients="root"
|
|
|
|
#=================================================
|
|
# END OF SCRIPT
|
|
#=================================================
|
|
|
|
ynh_script_progression --message="Installation of $app completed" --last
|
|
|