From 1c6adb7d421559307e13f61ba61c0a738fc79af0 Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Mon, 4 Jul 2022 16:37:56 +0530 Subject: [PATCH] initial --- conf/app.src | 6 +- conf/systemd.service | 15 ++- manifest.json | 42 ++------ scripts/_common.sh | 3 - scripts/install | 229 ++++--------------------------------------- scripts/remove | 44 --------- 6 files changed, 39 insertions(+), 300 deletions(-) diff --git a/conf/app.src b/conf/app.src index 17489bf..b898c3f 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,7 +1,7 @@ -SOURCE_URL=url of app's source -SOURCE_SUM=sha256 checksum +SOURCE_URL=https://download.technitium.com/dns/archive/8.1.4/DnsServerPortable.tar.gz +SOURCE_SUM=f244e358a8f7ae5891e3b6a86ac8445a3ea515b9f62d7e14225f1ca24f5c50ac SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= +#SOURCE_FILENAME= SOURCE_EXTRACT=true diff --git a/conf/systemd.service b/conf/systemd.service index 7bb448e..ffccea1 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,5 +1,5 @@ [Unit] -Description=Small description of the service +Description=Technitium DNS Server After=network.target [Service] @@ -7,14 +7,15 @@ Type=simple User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__/ -ExecStart=__FINALPATH__/script +ExecStart=/usr/bin/dotnet __FINALPATH__/DnsServerApp.dll +Restart=always +# Restart service after 10 seconds if the dotnet service crashes: +RestartSec=10 +KillSignal=SIGINT +SyslogIdentifier=dns-server StandardOutput=append:/var/log/__APP__/__APP__.log StandardError=inherit -# Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline -# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html NoNewPrivileges=yes PrivateTmp=yes PrivateDevices=yes @@ -38,8 +39,6 @@ CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE -CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] WantedBy=multi-user.target diff --git a/manifest.json b/manifest.json index 9fdc46e..4da04ac 100644 --- a/manifest.json +++ b/manifest.json @@ -1,16 +1,16 @@ { - "name": "Example app", - "id": "example", + "name": "Technitium DNS", + "id": "technitium-dns", "packaging_format": 1, "description": { - "en": "Explain in *a few (10~15) words* the purpose of the app or what it actually does (it is meant to give a rough idea to users browsing a catalog of 100+ apps)", + "en": "Block ads & malware at DNS level for your entire network! Self host a DNS server for privacy & security", "fr": "Expliquez en *quelques* (10~15) mots l'utilité de l'app ou ce qu'elle fait (l'objectif est de donner une idée grossière pour des utilisateurs qui naviguent dans un catalogue de 100+ apps)" }, - "version": "1.0~ynh1", - "url": "https://example.com", + "version": "8.1.4~ynh1", + "url": "https://technitium.com/dns/", "upstream": { "license": "free", - "website": "https://example.com", + "website": "https://technitium.com/dns/", "demo": "https://demo.example.com", "admindoc": "https://yunohost.org/packaging_apps", "userdoc": "https://yunohost.org/apps", @@ -18,17 +18,15 @@ }, "license": "free", "maintainer": { - "name": "John doe", - "email": "john.doe@example.com" + "name": "Navan Chauhan", + "email": "technitiumdns@navan.email" }, "requirements": { "yunohost": ">= 4.3.0" }, "multi_instance": true, "services": [ - "nginx", - "php7.3-fpm", - "mysql" + "nginx" ], "arguments": { "install": [ @@ -46,28 +44,6 @@ "name": "is_public", "type": "boolean", "default": true - }, - { - "name": "language", - "type": "string", - "ask": { - "en": "Choose the application language", - "fr": "Choisissez la langue de l'application" - }, - "choices": ["fr", "en"], - "default": "fr" - }, - { - "name": "admin", - "type": "user" - }, - { - "name": "password", - "type": "password", - "help": { - "en": "Use the help field to add an information for the admin about this question.", - "fr": "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question." - } } ] } diff --git a/scripts/_common.sh b/scripts/_common.sh index 7e55ac0..944a65e 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,9 +4,6 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app -pkg_dependencies="deb1 deb2 php$YNH_DEFAULT_PHP_VERSION-deb1 php$YNH_DEFAULT_PHP_VERSION-deb2" - #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/install b/scripts/install index af6ca03..3962b92 100755 --- a/scripts/install +++ b/scripts/install @@ -13,10 +13,6 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true -} # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -27,38 +23,16 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC -language=$YNH_APP_ARG_LANGUAGE -admin=$YNH_APP_ARG_ADMIN -password=$YNH_APP_ARG_PASSWORD -### If it's a multi-instance app, meaning it can be installed several times independently -### The id of the app as stated in the manifest is available as $YNH_APP_ID -### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...) -### The app instance name is available as $YNH_APP_INSTANCE_NAME -### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -### - ynhexample__{N} for the subsequent installations, with N=3,4... -### The app instance name is probably what interests you most, since this is -### guaranteed to be unique. This is a good unique identifier to define installation path, -### db names... app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -### About --weight and --time -### ynh_script_progression will show to your final users the progression of each scripts. -### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script. -### --time is a packager option, it will show you the execution time since the previous call. -### This option should be removed before releasing your app. -### Use the execution time, given by --time, to estimate the weight of a step. -### A common way to do it is to set a weight equal to the execution time in second +1. -### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call. + ynh_script_progression --message="Validating installation parameters..." --time --weight=1 -### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". -### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app" -final_path=/var/www/$app +final_path=/opt/yunohost/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path @@ -71,8 +45,6 @@ ynh_script_progression --message="Storing installation settings..." --time --wei ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=language --value=$language -ynh_app_setting_set --app=$app --key=admin --value=$admin #================================================= # STANDARD MODIFICATIONS @@ -81,19 +53,10 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin #================================================= ynh_script_progression --message="Finding an available port..." --time --weight=1 -### Use these lines if you have to open a port for the application -### `ynh_find_port` will find the first available port starting from the given port. -### If you're not using these lines: -### - Remove the section "CLOSE A PORT" in the remove script - # Find an available port -port=$(ynh_find_port --port=8095) +port=$(ynh_find_port --port=5380) ynh_app_setting_set --app=$app --key=port --value=$port -# Optional: Expose this port publicly -# (N.B.: you only need to do this if the app actually needs to expose the port publicly. -# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !) - # Open the port # ynh_script_progression --message="Configuring firewall..." --time --weight=1 # ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port @@ -103,15 +66,24 @@ ynh_app_setting_set --app=$app --key=port --value=$port #================================================= ynh_script_progression --message="Installing dependencies..." --time --weight=1 -### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package. -### Those deb packages will be installed as dependencies of this package. -### If you're not using this helper: -### - Remove the section "REMOVE DEPENDENCIES" in the remove script -### - Remove the variable "pkg_dependencies" in _common.sh -### - As well as the section "REINSTALL DEPENDENCIES" in the restore script -### - And the section "UPGRADE DEPENDENCIES" in the upgrade script +DEB_VERSION=$(sed 's/\..*//' /etc/debian_version) -ynh_install_app_dependencies $pkg_dependencies +case DEB_VERSION in + + 10) + repo="https://packages.microsoft.com/debian/10/prod buster main" + ;; + + 11) + repo="https://packages.microsoft.com/debian/11/prod bullseye main" + ;; + + *) + repo="" + ;; +esac + +ynh_install_extra_app_dependencies --repo=$repo --package="aspnetcore-runtime-6.0" #================================================= # CREATE DEDICATED USER @@ -121,24 +93,6 @@ ynh_script_progression --message="Configuring system user..." --time --weight=1 # Create a system user ynh_system_user_create --username=$app --home_dir="$final_path" -#================================================= -# CREATE A MYSQL DATABASE -#================================================= -ynh_script_progression --message="Creating a MySQL database..." --time --weight=1 - -### Use these lines if you need a database for the application. -### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password. -### The password will be stored as 'mysqlpwd' into the app settings, -### and will be available as $db_pwd -### If you're not using these lines: -### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script -### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script -### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script - -db_name=$(ynh_sanitize_dbid --db_name=$app) -db_user=$db_name -ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -163,25 +117,6 @@ chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" -#================================================= -# PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Configuring PHP-FPM..." --time --weight=1 - -### `ynh_add_fpm_config` is used to set up a PHP config. -### You can remove it if your app doesn't use PHP. -### `ynh_add_fpm_config` will use the files conf/php-fpm.conf -### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script -### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script -### with the reload at the end of the script. -### - And the section "PHP-FPM CONFIGURATION" in the upgrade script - -# Create a dedicated PHP-FPM config -ynh_add_fpm_config - #================================================= # NGINX CONFIGURATION #================================================= @@ -192,112 +127,14 @@ ynh_script_progression --message="Configuring NGINX web server..." --time --weig # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# SPECIFIC SETUP -#================================================= -# ... -#================================================= - -#================================================= -# CREATE DATA DIRECTORY -#================================================= -ynh_script_progression --message="Creating a data directory..." --time --weight=1 - -### Use these lines if you need to create a directory to store "persistent files" for the application. -### Usually this directory is used to store uploaded files or any file that won't be updated during -### an upgrade and that won't be deleted during app removal unless "--purge" option is used. -### If you're not using these lines: -### - Remove the section "BACKUP THE DATA DIR" in the backup script -### - Remove the section "RESTORE THE DATA DIRECTORY" in the restore script -### - As well as the section "REMOVE DATA DIR" in the remove script - -datadir=/home/yunohost.app/$app -ynh_app_setting_set --app=$app --key=datadir --value=$datadir - -mkdir -p $datadir - -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. -chmod 750 "$datadir" -chmod -R o-rwx "$datadir" -chown -R $app:www-data "$datadir" - -#================================================= -# ADD A CONFIGURATION -#================================================= -ynh_script_progression --message="Adding a configuration file..." --time --weight=1 - -### You can add specific configuration files. -### -### Typically, put your template conf file in ../conf/your_config_file -### The template may contain strings such as __FOO__ or __FOO_BAR__, -### which will automatically be replaced by the values of $foo and $foo_bar -### -### ynh_add_config will also keep track of the config file's checksum, -### which later during upgrade may allow to automatically backup the config file -### if it's found that the file was manually modified -### -### Check the documentation of `ynh_add_config` for more info. - -ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file" - -# FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config -chmod 400 "$final_path/some_config_file" -chown $app:$app "$final_path/some_config_file" - -### For more complex cases where you want to replace stuff using regexes, -### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) -### When doing so, you also need to manually call ynh_store_file_checksum -### -### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file" -### ynh_store_file_checksum --file="$final_path/some_config_file" - #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Configuring a systemd service..." --time --weight=1 -### `ynh_systemd_config` is used to configure a systemd script for an app. -### It can be used for apps that use sysvinit (with adaptation) or systemd. -### Have a look at the app to be sure this app needs a systemd script. -### `ynh_systemd_config` will use the file conf/systemd.service -### If you're not using these lines: -### - You can remove those files in conf/. -### - Remove the section "BACKUP SYSTEMD" in the backup script -### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script -### - As well as the section "RESTORE SYSTEMD" in the restore script -### - And the section "SETUP SYSTEMD" in the upgrade script - # Create a dedicated systemd config ynh_add_systemd_config -#================================================= -# SETUP APPLICATION WITH CURL -#================================================= - -### Use these lines only if the app installation needs to be finalized through -### web forms. We generally don't want to ask the final user, -### so we're going to use curl to automatically fill the fields and submit the -### forms. - -# Set the app as temporarily public for curl call -ynh_script_progression --message="Configuring SSOwat..." --time --weight=1 -# Making the app public for curl -ynh_permission_update --permission="main" --add="visitors" - -# Installation with curl -ynh_script_progression --message="Finalizing installation..." --time --weight=1 -ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" - -# Remove the public access -ynh_permission_update --permission="main" --remove="visitors" - #================================================= # GENERIC FINALIZATION #================================================= @@ -305,15 +142,6 @@ ynh_permission_update --permission="main" --remove="visitors" #================================================= ynh_script_progression --message="Configuring log rotation..." --time --weight=1 -### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. -### Use this helper only if there is effectively a log file for this app. -### If you're not using this helper: -### - Remove the section "BACKUP LOGROTATE" in the backup script -### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script -### - And the section "SETUP LOGROTATE" in the upgrade script - -# Use logrotate to manage application logfile(s) ynh_use_logrotate #================================================= @@ -321,15 +149,6 @@ ynh_use_logrotate #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 -### `yunohost service add` integrates a service in YunoHost. It then gets -### displayed in the admin interface and through the others `yunohost service` commands. -### (N.B.: this line only makes sense if the app adds a service to the system!) -### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script -### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script -### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script - yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" ### Additional options starting with 3.8: @@ -364,14 +183,6 @@ ynh_script_progression --message="Starting a systemd service..." --time --weight # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" -#================================================= -# SETUP FAIL2BAN -#================================================= -ynh_script_progression --message="Configuring Fail2Ban..." --time --weight=1 - -# Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" - #================================================= # SETUP SSOWAT #================================================= diff --git a/scripts/remove b/scripts/remove index 29da1fd..77751fc 100755 --- a/scripts/remove +++ b/scripts/remove @@ -18,10 +18,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) port=$(ynh_app_setting_get --app=$app --key=port) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name final_path=$(ynh_app_setting_get --app=$app --key=final_path) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # STANDARD REMOVE @@ -52,14 +49,6 @@ ynh_script_progression --message="Removing logrotate configuration..." --time -- # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# REMOVE THE MYSQL DATABASE -#================================================= -ynh_script_progression --message="Removing the MySQL database..." --time --weight=1 - -# Remove a database if it exists, along with the associated user -ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name - #================================================= # REMOVE APP MAIN DIR #================================================= @@ -68,17 +57,6 @@ ynh_script_progression --message="Removing app main directory..." --time --weigh # Remove the app directory securely ynh_secure_remove --file="$final_path" -#================================================= -# REMOVE DATA DIR -#================================================= - -# Remove the data directory if --purge option is used -if [ "${YNH_APP_PURGE:-0}" -eq 1 ] -then - ynh_script_progression --message="Removing app data directory..." --time --weight=1 - ynh_secure_remove --file="$datadir" -fi - #================================================= # REMOVE NGINX CONFIGURATION #================================================= @@ -87,14 +65,6 @@ ynh_script_progression --message="Removing NGINX web server configuration..." -- # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Removing PHP-FPM configuration..." --time --weight=1 - -# Remove the dedicated PHP-FPM config -ynh_remove_fpm_config - #================================================= # REMOVE DEPENDENCIES #================================================= @@ -113,14 +83,6 @@ then ynh_exec_warn_less yunohost firewall disallow TCP $port fi -#================================================= -# REMOVE FAIL2BAN CONFIGURATION -#================================================= -ynh_script_progression --message="Removing Fail2Ban configuration..." --time --weight=1 - -# Remove the dedicated Fail2Ban config -ynh_remove_fail2ban_config - #================================================= # SPECIFIC REMOVE #================================================= @@ -128,12 +90,6 @@ ynh_remove_fail2ban_config #================================================= ynh_script_progression --message="Removing various files..." --time --weight=1 -# Remove a cron file -ynh_secure_remove --file="/etc/cron.d/$app" - -# Remove a directory securely -ynh_secure_remove --file="/etc/$app" - # Remove the log files ynh_secure_remove --file="/var/log/$app"