From c73325fae1ab7bad09ef9317011d0740cf0eedf7 Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Mon, 4 Jul 2022 18:48:35 +0530 Subject: [PATCH] added data dir --- conf/systemd.service | 34 ++-------------------------------- scripts/backup | 25 ------------------------- scripts/install | 28 ++++++++++++++++++++++++++++ scripts/remove | 12 ++++++++++++ scripts/restore | 40 +--------------------------------------- 5 files changed, 43 insertions(+), 96 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index ffccea1..1c896e9 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,44 +1,14 @@ [Unit] Description=Technitium DNS Server -After=network.target [Service] -Type=simple -User=__APP__ -Group=__APP__ WorkingDirectory=__FINALPATH__/ -ExecStart=/usr/bin/dotnet __FINALPATH__/DnsServerApp.dll +ExecStart=/usr/bin/dotnet __FINALPATH__/DnsServerApp.dll __DATADIR__ Restart=always # Restart service after 10 seconds if the dotnet service crashes: RestartSec=10 KillSignal=SIGINT SyslogIdentifier=dns-server -StandardOutput=append:/var/log/__APP__/__APP__.log -StandardError=inherit - -NoNewPrivileges=yes -PrivateTmp=yes -PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 -RestrictNamespaces=yes -RestrictRealtime=yes -DevicePolicy=closed -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -LockPersonality=yes -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap - -# Denying access to capabilities that should not be relevant for webapps -# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html -CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD -CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE -CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT -CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK -CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM -CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG -CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE [Install] -WantedBy=multi-user.target +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/backup b/scripts/backup index f99225d..0a4ca68 100755 --- a/scripts/backup +++ b/scripts/backup @@ -30,8 +30,6 @@ app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get --app=$app --key=final_path) domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= @@ -62,19 +60,6 @@ ynh_backup --src_path="$datadir" --is_big ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# BACKUP THE PHP-FPM CONFIGURATION -#================================================= - -ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" - -#================================================= -# BACKUP FAIL2BAN CONFIGURATION -#================================================= - -ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" - #================================================= # SPECIFIC BACKUP #================================================= @@ -97,16 +82,6 @@ ynh_backup --src_path="/etc/cron.d/$app" ynh_backup --src_path="/etc/$app/" -#================================================= -# BACKUP THE MYSQL DATABASE -#================================================= -ynh_print_info --message="Backing up the MySQL database..." - -### (However, things like MySQL dumps *do* take some time to run, though the -### copy of the generated dump to the archive still happens later) - -ynh_mysql_dump_db --database="$db_name" > db.sql - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index 63a768c..f73b46a 100755 --- a/scripts/install +++ b/scripts/install @@ -112,6 +112,34 @@ ynh_script_progression --message="Configuring NGINX web server..." --time --weig # Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# CREATE DATA DIRECTORY +#================================================= +ynh_script_progression --message="Creating a data directory..." --time --weight=1 + +### Use these lines if you need to create a directory to store "persistent files" for the application. +### Usually this directory is used to store uploaded files or any file that won't be updated during +### an upgrade and that won't be deleted during app removal unless "--purge" option is used. +### If you're not using these lines: +### - Remove the section "BACKUP THE DATA DIR" in the backup script +### - Remove the section "RESTORE THE DATA DIRECTORY" in the restore script +### - As well as the section "REMOVE DATA DIR" in the remove script + +datadir=/home/yunohost.app/$app +ynh_app_setting_set --app=$app --key=datadir --value=$datadir + +mkdir -p $datadir + +# FIXME: this should be managed by the core in the future +# Here, as a packager, you may have to tweak the ownerhsip/permissions +# such that the appropriate users (e.g. maybe www-data) can access +# files in some cases. +# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - +# this will be treated as a security issue. +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $app:www-data "$datadir" + #================================================= # SETUP SYSTEMD #================================================= diff --git a/scripts/remove b/scripts/remove index 395c437..b4ca3b8 100755 --- a/scripts/remove +++ b/scripts/remove @@ -19,6 +19,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) port=$(ynh_app_setting_get --app=$app --key=port) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # STANDARD REMOVE @@ -57,6 +58,17 @@ ynh_script_progression --message="Removing app main directory..." --time --weigh # Remove the app directory securely ynh_secure_remove --file="$final_path" +#================================================= +# REMOVE DATA DIR +#================================================= + +# Remove the data directory if --purge option is used +if [ "${YNH_APP_PURGE:-0}" -eq 1 ] +then + ynh_script_progression --message="Removing app data directory..." --time --weight=1 + ynh_secure_remove --file="$datadir" +fi + #================================================= # REMOVE NGINX CONFIGURATION #================================================= diff --git a/scripts/restore b/scripts/restore index d0c948c..42e420c 100755 --- a/scripts/restore +++ b/scripts/restore @@ -31,9 +31,6 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= @@ -90,15 +87,6 @@ chmod 750 "$datadir" chmod -R o-rwx "$datadir" chown -R $app:www-data "$datadir" -#================================================= -# RESTORE FAIL2BAN CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the Fail2Ban configuration..." --time --weight=1 - -ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" -ynh_systemd_action --action=restart --service_name=fail2ban - #================================================= # SPECIFIC RESTORATION #================================================= @@ -109,13 +97,6 @@ ynh_script_progression --message="Reinstalling dependencies..." --time --weight= # Define and install dependencies ynh_install_app_dependencies $pkg_dependencies -#================================================= -# RESTORE THE PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the PHP-FPM configuration..." --time --weight=1 - -ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" - #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= @@ -123,24 +104,6 @@ ynh_script_progression --message="Restoring the NGINX web server configuration.. ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RESTORE THE MYSQL DATABASE -#================================================= -ynh_script_progression --message="Restoring the MySQL database..." --time --weight=1 - -db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) -ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd -ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql - -#================================================= -# RESTORE VARIOUS FILES -#================================================= -ynh_script_progression --message="Restoring various files..." --time --weight=1 - -ynh_restore_file --origin_path="/etc/cron.d/$app" - -ynh_restore_file --origin_path="/etc/$app/" - #================================================= # RESTORE SYSTEMD #================================================= @@ -175,9 +138,8 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --time --weight=1 +ynh_script_progression --message="Reloading NGINX web server" --time --weight=1 -ynh_systemd_action --service_name=php$phpversion-fpm --action=reload ynh_systemd_action --service_name=nginx --action=reload #=================================================