From 196e1e7b7945a3cb298b7c1f68b349d42e6c5208 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Thu, 25 Nov 2021 10:08:00 +0100 Subject: [PATCH] Fix --- conf/config.yaml.default | 71 ++++ conf/turtl.service | 11 +- scripts/_common.sh | 842 +-------------------------------------- scripts/install | 409 +++++++++++-------- 4 files changed, 329 insertions(+), 1004 deletions(-) create mode 100644 conf/config.yaml.default diff --git a/conf/config.yaml.default b/conf/config.yaml.default new file mode 100644 index 0000000..216bb2a --- /dev/null +++ b/conf/config.yaml.default @@ -0,0 +1,71 @@ +--- +server: + # Per default, turtl will listen on all IP addresses + # You can choose the IP it will use with this parameter + host: + port: __PORT__ + +db: + connstr: 'postgres://__DB_USER__:__DB_PWD__@127.0.0.1:5432/turtl' + pool: 24 + +loglevel: 'debug' + +app: + # ALWAYS false in production. Always. + # Set to 'I UNDERSTAND THIS VIOLATES THE PRIVACY OF MY USERS' to enable + enable_bookmarker_proxy: false + # no trailing slash + api_url: 'http://api.__DOMAIN__:8181' + www_url: 'https://__DOMAIN__' + login: + # Max failed login attemps. Set to -1 to disable + max_attemps: 5 + # User locked for this duration in seconds + lock_duration: 60 + emails: + admin: 'admin@turtlapp.com' + info: 'Turtl ' + invites: 'invites@turtlapp.com' + # TODO: replace this with a long, unique value. seriously. write down a dream + # you had, or the short story you came up with during your creative writing + # class in your freshmen year of college. have fun with it. + secure_hash_salt: "Plaque is a figment of the liberal media and the dental industry to scare you into buying useless appliances and pastes. Now, I've read the arguments on both sides and I haven't found any evidence yet to support the need to brush your teeth. Ever." + # set to true if you think it's ok to SEND invites if you have not confirmed + # your account. great for testing, not so great for production. but what do + # i know... + allow_unconfirmed_invites: false + +sync: + # how many sync records can a client send at a time? it's a good idea to have + # a limit here, lest a rogue client flood the server with sync items + max_bulk_sync_records: 32 + +plugins: + plugin_location: '/var/www/turtl/server/plugins' + # each key here corresponds to a folder name in the plugins folder, so `email` + # below would be a plugin at /var/www/turtl/server/plugins/email (see the + # example-plugins/ folder for an email plugin you can use) + email: + enabled: false + endpoint: 'smtps://user:password@smtp.gmail.com/?pool=true' + defaults: {} + +uploads: + # if set to a path, files will be uploaded to the local filesystem instead of + # S3. otherwise, set to false + local: '/var/www/turtl/server/public/uploads' + # if true, downloading local files will be proxied through the turtl server. + # this avoids needing to set up any CORS config in your favorite webserver, + # but may slightly affect performance on high-demand servers. + local_proxy: true + # if local_proxy is false, this is should be the url path the uploaded files + # are publicly available on + url: 'http://api.turtl.dev/uploads' + +s3: + token: 'IHADAPETSNAKEBUTHEDIEDNOOOOO' + secret: '' + bucket: '' + endpoint: 'https://s3.amazonaws.com' + pathstyle: false diff --git a/conf/turtl.service b/conf/turtl.service index c6d5917..17ccd26 100644 --- a/conf/turtl.service +++ b/conf/turtl.service @@ -1,15 +1,14 @@ [Unit] Description=Note taking service Documentation=http://turtl.it -Requires=network.target -Requires=rethinkdb.service -After=network.target -After=rethinkdb.service +Requires=network.target rethinkdb.service +After=network.target rethinkdb.service [Service] Type=simple -User=www-data -WorkingDirectory=/var/www/turtl/api/ +User=__APP__ +Group=__APP__ +WorkingDirectory=__FINALPATH__/api/ ExecStart=/usr/bin/ccl -Q -b --load start.lisp Restart=on-failure diff --git a/scripts/_common.sh b/scripts/_common.sh index 266a076..00c09fa 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,850 +1,22 @@ #!/bin/bash #================================================= -#================================================= -# TESTING -#================================================= +# COMMON VARIABLES #================================================= -ynh_fpm_config () { - finalphpconf="/etc/php5/fpm/pool.d/$app.conf" - ynh_backup_if_checksum_is_different "$finalphpconf" 1 - sudo cp ../conf/php-fpm.conf "$finalphpconf" - ynh_replace_string "__NAMETOCHANGE__" "$app" "$finalphpconf" - ynh_replace_string "__FINALPATH__" "$final_path" "$finalphpconf" - ynh_replace_string "__USER__" "$app" "$finalphpconf" - sudo chown root: "$finalphpconf" - ynh_store_file_checksum "$finalphpconf" +# dependencies used by the app +pkg_dependencies="postgresql" - if [ -e "../conf/php-fpm.ini" ] - then - finalphpini="/etc/php5/fpm/conf.d/20-$app.ini" - ynh_backup_if_checksum_is_different "$finalphpini" 1 - sudo cp ../conf/php-fpm.ini "$finalphpini" - sudo chown root: "$finalphpini" - ynh_store_file_checksum "$finalphpini" - fi - - sudo systemctl reload php5-fpm -} - -ynh_remove_fpm_config () { - ynh_secure_remove "/etc/php5/fpm/pool.d/$app.conf" - ynh_secure_remove "/etc/php5/fpm/conf.d/20-$app.ini" - sudo systemctl reload php5-fpm -} - -ynh_nginx_config () { - finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf" - ynh_backup_if_checksum_is_different "$finalnginxconf" 1 - sudo cp ../conf/nginx.conf "$finalnginxconf" - - # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. - # Substitute in a nginx config file only if the variable is not empty - if test -n "${path_url:-}"; then - ynh_replace_string "__PATH__" "$path_url" "$finalnginxconf" - fi - if test -n "${domain:-}"; then - ynh_replace_string "__DOMAIN__" "$domain" "$finalnginxconf" - fi - if test -n "${port:-}"; then - ynh_replace_string "__PORT__" "$port" "$finalnginxconf" - fi - if test -n "${app:-}"; then - ynh_replace_string "__NAME__" "$app" "$finalnginxconf" - fi - if test -n "${final_path:-}"; then - ynh_replace_string "__FINALPATH__" "$final_path" "$finalnginxconf" - fi - ynh_store_file_checksum "$finalnginxconf" - - sudo systemctl reload nginx -} - -ynh_remove_nginx_config () { - ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf" - sudo systemctl reload nginx -} - -ynh_systemd_config () { - finalsystemdconf="/etc/systemd/system/$app.service" - ynh_backup_if_checksum_is_different "$finalsystemdconf" 1 - sudo cp ../conf/systemd.service "$finalsystemdconf" - - # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. - # Substitute in a nginx config file only if the variable is not empty - if test -n "${final_path:-}"; then - ynh_replace_string "__FINALPATH__" "$final_path" "$finalsystemdconf" - fi - if test -n "${app:-}"; then - ynh_replace_string "__APP__" "$app" "$finalsystemdconf" - fi - ynh_store_file_checksum "$finalsystemdconf" - - sudo chown root: "$finalsystemdconf" - sudo systemctl enable $app - sudo systemctl daemon-reload -} - -ynh_remove_systemd_config () { - finalsystemdconf="/etc/systemd/system/$app.service" - if [ -e "$finalsystemdconf" ]; then - sudo systemctl stop $app - sudo systemctl disable $app - ynh_secure_remove "$finalsystemdconf" - fi -} +nodejs_version=14 #================================================= +# PERSONAL HELPERS #================================================= #================================================= -# CHECKING +# EXPERIMENTAL HELPERS #================================================= -CHECK_DOMAINPATH () { # Vérifie la disponibilité du path et du domaine. - if sudo yunohost app --help | grep --quiet url-available - then - # Check availability of a web path - ynh_webpath_available $domain $path_url - # Register/book a web path for an app - ynh_webpath_register $app $domain $path_url - else - # Use the legacy command - sudo yunohost app checkurl $domain$path_url -a $app - fi -} - -CHECK_FINALPATH () { # Vérifie que le dossier de destination n'est pas déjà utilisé. - final_path=/var/www/$app - test ! -e "$final_path" || ynh_die "This path already contains a folder" -} - #================================================= -# DISPLAYING +# FUTURE OFFICIAL HELPERS #================================================= - -NO_PRINT () { # Supprime l'affichage dans stdout pour la commande en argument. - set +x - $@ - set -x -} - -WARNING () { # Écrit sur le canal d'erreur pour passer en warning. - $@ >&2 -} - -SUPPRESS_WARNING () { # Force l'écriture sur la sortie standard - $@ 2>&1 -} - -QUIET () { # Redirige la sortie standard dans /dev/null - $@ > /dev/null -} - -ALL_QUIET () { # Redirige la sortie standard et d'erreur dans /dev/null - $@ > /dev/null 2>&1 -} - -#================================================= -# BACKUP -#================================================= - -BACKUP_FAIL_UPGRADE () { - WARNING echo "Upgrade failed." - app_bck=${app//_/-} # Replace all '_' by '-' - if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number; then # Vérifie l'existence de l'archive avant de supprimer l'application et de restaurer - sudo yunohost app remove $app # Supprime l'application avant de la restaurer. - sudo yunohost backup restore --ignore-hooks $app_bck-pre-upgrade$backup_number --apps $app --force # Restore the backup if upgrade failed - ynh_die "The app was restored to the way it was before the failed upgrade." - fi -} - -BACKUP_BEFORE_UPGRADE () { # Backup the current version of the app, restore it if the upgrade fails - backup_number=1 - old_backup_number=2 - app_bck=${app//_/-} # Replace all '_' by '-' - if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1; then # Vérifie l'existence d'une archive déjà numéroté à 1. - backup_number=2 # Et passe le numéro de l'archive à 2 - old_backup_number=1 - fi - - sudo yunohost backup create --ignore-hooks --apps $app --name $app_bck-pre-upgrade$backup_number # Créer un backup différent de celui existant. - if [ "$?" -eq 0 ]; then # Si le backup est un succès, supprime l'archive précédente. - if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number; then # Vérifie l'existence de l'ancienne archive avant de la supprimer, pour éviter une erreur. - QUIET sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number - fi - else # Si le backup a échoué - ynh_die "Backup failed, the upgrade process was aborted." - fi -} - -HUMAN_SIZE () { # Transforme une taille en Ko en une taille lisible pour un humain - human=$(numfmt --to=iec --from-unit=1K $1) - echo $human -} - -CHECK_SIZE () { # Vérifie avant chaque backup que l'espace est suffisant - file_to_analyse=$1 - backup_size=$(sudo du --summarize "$file_to_analyse" | cut -f1) - free_space=$(sudo df --output=avail "/home/yunohost.backup" | sed 1d) - - if [ $free_space -le $backup_size ] - then - WARNING echo "Espace insuffisant pour sauvegarder $file_to_analyse." - WARNING echo "Espace disponible: $(HUMAN_SIZE $free_space)" - ynh_die "Espace nécessaire: $(HUMAN_SIZE $backup_size)" - fi -} - -# Ce helper est temporaire et sert de remplacement à la véritable fonction ynh_restore_file. Le temps qu'elle arrive... -ynh_restore_file () { - if [ -f "$1" ]; then - ynh_die "There is already a file at this path: $1" - fi - sudo cp -a "${YNH_APP_BACKUP_DIR}$1" "$1" -} - -#================================================= -# PACKAGE CHECK BYPASSING... -#================================================= - -IS_PACKAGE_CHECK () { # Détermine une exécution en conteneur (Non testé) - return $(uname -n | grep -c 'pchecker_lxc') -} - -#================================================= -# NODEJS -#================================================= - -sudo_path () { - sudo env "PATH=$PATH" $@ -} - -# INFOS -# n (Node version management) utilise la variable PATH pour stocker le path de la version de node à utiliser. -# C'est ainsi qu'il change de version -# En attendant une généralisation de root, il est possible d'utiliser sudo avec le helper temporaire sudo_path -# Il permet d'utiliser sudo en gardant le $PATH modifié -# ynh_install_nodejs installe la version de nodejs demandée en argument, avec n -# ynh_use_nodejs active une version de nodejs dans le script courant -# 3 variables sont mises à disposition, et 2 sont stockées dans la config de l'app -# - nodejs_path: Le chemin absolu de cette version de node -# Utilisé pour des appels directs à node. -# - nodejs_version: Simplement le numéro de version de nodejs pour cette application -# - nodejs_use_version: Un alias pour charger une version de node dans le shell courant. -# Utilisé pour démarrer un service ou un script qui utilise node ou npm -# Dans ce cas, c'est $PATH qui contient le chemin de la version de node. Il doit être propagé sur les autres shell si nécessaire. - -n_install_dir="/opt/node_n" -ynh_use_nodejs () { - nodejs_version=$(ynh_app_setting_get $app nodejs_version) - - load_n_path="[[ :$PATH: == *\":$n_install_dir/bin:\"* ]] || PATH+=\":$n_install_dir/bin\"" - - nodejs_use_version="n $nodejs_version" - - # "Load" a version of node - eval $load_n_path; $nodejs_use_version - eval $load_n_path; sudo env "PATH=$PATH" $nodejs_use_version - - # Get the absolute path of this version of node - nodejs_path="$(n bin $nodejs_version)" - - # Make an alias for node use - ynh_node_exec="eval $load_n_path; n use $nodejs_version" - sudo_ynh_node_exec="eval $load_n_path; sudo env \"PATH=$PATH\" n use $nodejs_version" -} - -ynh_install_nodejs () { - # Use n, https://github.com/tj/n to manage the nodejs versions - local nodejs_version="$1" - local n_install_script="https://git.io/n-install" - - # Create $n_install_dir - sudo mkdir -p "$n_install_dir" - - # Load n path in PATH - PATH+=":$n_install_dir/bin" - - # If n is not previously setup, install it - n --version > /dev/null 2>&1 || \ - ( echo "Installation of N - Node.js version management" >&2; \ - curl -sL $n_install_script | sudo N_PREFIX="$n_install_dir" bash -s -- -y $nodejs_version ) - - # Install the requested version of nodejs (except for the first installation of n, which installed the requested version of node.) - sudo env "PATH=$PATH" n $nodejs_version - - # Use the real installed version. Sometimes slightly different - nodejs_version=$(node --version | cut -c2-) - - # Store the ID of this app and the version of node requested for it - echo "$YNH_APP_ID:$nodejs_version" | sudo tee --append "$n_install_dir/ynh_app_version" - - # Store nodejs_version into the config of this app - ynh_app_setting_set $app nodejs_version $nodejs_version - - ynh_use_nodejs -} - -ynh_remove_nodejs () { - ynh_use_nodejs - - # Remove the line for this app - sudo sed --in-place "/$YNH_APP_ID:$nodejs_version/d" "$n_install_dir/ynh_app_version" - - # If none another app uses this version of nodejs, remove it. - if ! grep --quiet "$nodejs_version" "$n_install_dir/ynh_app_version" - then - n rm $nodejs_version - fi - - # If none another app uses n, remove n - if [ ! -s "$n_install_dir/ynh_app_version" ] - then - ynh_secure_remove "$n_install_dir" - sudo sed --in-place "/N_PREFIX/d" /root/.bashrc - fi -} - -#================================================= -#================================================= -# FUTUR YNH HELPERS -#================================================= -# Importer ce fichier de fonction avant celui des helpers officiel -# Ainsi, les officiels prendront le pas sur ceux-ci le cas échéant -#================================================= - -# Normalize the url path syntax -# Handle the slash at the beginning of path and its absence at ending -# Return a normalized url path -# -# example: url_path=$(ynh_normalize_url_path $url_path) -# ynh_normalize_url_path example -> /example -# ynh_normalize_url_path /example -> /example -# ynh_normalize_url_path /example/ -> /example -# ynh_normalize_url_path / -> / -# -# usage: ynh_normalize_url_path path_to_normalize -# | arg: url_path_to_normalize - URL path to normalize before using it -ynh_normalize_url_path () { - path_url=$1 - test -n "$path_url" || ynh_die "ynh_normalize_url_path expect a URL path as first argument and received nothing." - if [ "${path_url:0:1}" != "/" ]; then # If the first character is not a / - path_url="/$path_url" # Add / at begin of path variable - fi - if [ "${path_url:${#path_url}-1}" == "/" ] && [ ${#path_url} -gt 1 ]; then # If the last character is a / and that not the only character. - path_url="${path_url:0:${#path_url}-1}" # Delete the last character - fi - echo $path_url -} - -# Check if a mysql user exists -# -# usage: ynh_mysql_user_exists user -# | arg: user - the user for which to check existence -function ynh_mysql_user_exists() -{ - local user=$1 - if [[ -z $(ynh_mysql_execute_as_root "SELECT User from mysql.user WHERE User = '$user';") ]] - then - return 1 - else - return 0 - fi -} - -# Create a database, an user and its password. Then store the password in the app's config -# -# After executing this helper, the password of the created database will be available in $db_pwd -# It will also be stored as "mysqlpwd" into the app settings. -# -# usage: ynh_mysql_setup_db user name [pwd] -# | arg: user - Owner of the database -# | arg: name - Name of the database -# | arg: pwd - Password of the database. If not given, a password will be generated -ynh_mysql_setup_db () { - local db_user="$1" - local db_name="$2" - local new_db_pwd=$(ynh_string_random) # Generate a random password - db_pwd="${3:-$new_db_pwd}" - ynh_mysql_create_db "$db_name" "$db_user" "$db_pwd" # Create the database - ynh_app_setting_set $app mysqlpwd $db_pwd # Store the password in the app's config -} - -# Remove a database if it exists, and the associated user -# -# usage: ynh_mysql_remove_db user name -# | arg: user - Owner of the database -# | arg: name - Name of the database -ynh_mysql_remove_db () { - local db_user="$1" - local db_name="$2" - local mysql_root_password=$(sudo cat $MYSQL_ROOT_PWD_FILE) - if mysqlshow -u root -p$mysql_root_password | grep -q "^| $db_name"; then # Check if the database exists - echo "Removing database $db_name" >&2 - ynh_mysql_drop_db $db_name # Remove the database - else - echo "Database $db_name not found" >&2 - fi - - # Remove mysql user if it exists - if $(ynh_mysql_user_exists $db_user); then - ynh_mysql_drop_user $db_user - fi -} - -# Correct the name given in argument for mariadb -# -# Avoid invalid name for your database -# -# Exemple: dbname=$(ynh_make_valid_dbid $app) -# -# usage: ynh_make_valid_dbid name -# | arg: name - name to correct -# | ret: the corrected name -ynh_sanitize_dbid () { - dbid=${1//[-.]/_} # We should avoid having - and . in the name of databases. They are replaced by _ - echo $dbid -} - -# Manage a fail of the script -# -# Print a warning to inform that the script was failed -# Execute the ynh_clean_setup function if used in the app script -# -# usage of ynh_clean_setup function -# This function provide a way to clean some residual of installation that not managed by remove script. -# To use it, simply add in your script: -# ynh_clean_setup () { -# instructions... -# } -# This function is optionnal. -# -# Usage: ynh_exit_properly is used only by the helper ynh_abort_if_errors. -# You must not use it directly. -ynh_exit_properly () { - exit_code=$? - if [ "$exit_code" -eq 0 ]; then - exit 0 # Exit without error if the script ended correctly - fi - - trap '' EXIT # Ignore new exit signals - set +eu # Do not exit anymore if a command fail or if a variable is empty - - echo -e "!!\n $app's script has encountered an error. Its execution was cancelled.\n!!" >&2 - - if type -t ynh_clean_setup > /dev/null; then # Check if the function exist in the app script. - ynh_clean_setup # Call the function to do specific cleaning for the app. - fi - - ynh_die # Exit with error status -} - -# Exit if an error occurs during the execution of the script. -# -# Stop immediatly the execution if an error occured or if a empty variable is used. -# The execution of the script is derivate to ynh_exit_properly function before exit. -# -# Usage: ynh_abort_if_errors -ynh_abort_if_errors () { - set -eu # Exit if a command fail, and if a variable is used unset. - trap ynh_exit_properly EXIT # Capturing exit signals on shell script -} - -# Define and install dependencies with a equivs control file -# This helper can/should only be called once per app -# -# usage: ynh_install_app_dependencies dep [dep [...]] -# | arg: dep - the package name to install in dependence -ynh_install_app_dependencies () { - dependencies=$@ - manifest_path="../manifest.json" - if [ ! -e "$manifest_path" ]; then - manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place - fi - version=$(sudo grep '\"version\": ' "$manifest_path" | cut -d '"' -f 4) # Retrieve the version number in the manifest file. - dep_app=${app//_/-} # Replace all '_' by '-' - - if ynh_package_is_installed "${dep_app}-ynh-deps"; then - echo "A package named ${dep_app}-ynh-deps is already installed" >&2 - else - cat > ./${dep_app}-ynh-deps.control << EOF # Make a control file for equivs-build -Section: misc -Priority: optional -Package: ${dep_app}-ynh-deps -Version: ${version} -Depends: ${dependencies// /, } -Architecture: all -Description: Fake package for ${app} (YunoHost app) dependencies - This meta-package is only responsible of installing its dependencies. -EOF - ynh_package_install_from_equivs ./${dep_app}-ynh-deps.control \ - || ynh_die "Unable to install dependencies" # Install the fake package and its dependencies - ynh_app_setting_set $app apt_dependencies $dependencies - fi -} - -# Remove fake package and its dependencies -# -# Dependencies will removed only if no other package need them. -# -# usage: ynh_remove_app_dependencies -ynh_remove_app_dependencies () { - dep_app=${app//_/-} # Replace all '_' by '-' - ynh_package_autoremove ${dep_app}-ynh-deps # Remove the fake package and its dependencies if they not still used. -} - -# Use logrotate to manage the logfile -# -# usage: ynh_use_logrotate [logfile] -# | arg: logfile - absolute path of logfile -# -# If no argument provided, a standard directory will be use. /var/log/${app} -# You can provide a path with the directory only or with the logfile. -# /parentdir/logdir/ -# /parentdir/logdir/logfile.log -# -# It's possible to use this helper several times, each config will added to same logrotate config file. -ynh_use_logrotate () { - if [ "$#" -gt 0 ]; then - if [ "$(echo ${1##*.})" == "log" ]; then # Keep only the extension to check if it's a logfile - logfile=$1 # In this case, focus logrotate on the logfile - else - logfile=$1/.log # Else, uses the directory and all logfile into it. - fi - else - logfile="/var/log/${app}/*.log" # Without argument, use a defaut directory in /var/log - fi - cat > ./${app}-logrotate << EOF # Build a config file for logrotate -$logfile { - # Rotate if the logfile exceeds 100Mo - size 100M - # Keep 12 old log maximum - rotate 12 - # Compress the logs with gzip - compress - # Compress the log at the next cycle. So keep always 2 non compressed logs - delaycompress - # Copy and truncate the log to allow to continue write on it. Instead of move the log. - copytruncate - # Do not do an error if the log is missing - missingok - # Not rotate if the log is empty - notifempty - # Keep old logs in the same dir - noolddir -} -EOF - sudo mkdir -p $(dirname "$logfile") # Create the log directory, if not exist - cat ${app}-logrotate | sudo tee -a /etc/logrotate.d/$app > /dev/null # Append this config to the others for this app. If a config file already exist -} - -# Remove the app's logrotate config. -# -# usage: ynh_remove_logrotate -ynh_remove_logrotate () { - if [ -e "/etc/logrotate.d/$app" ]; then - sudo rm "/etc/logrotate.d/$app" - fi -} - -# Find a free port and return it -# -# example: port=$(ynh_find_port 8080) -# -# usage: ynh_find_port begin_port -# | arg: begin_port - port to start to search -ynh_find_port () { - port=$1 - test -n "$port" || ynh_die "The argument of ynh_find_port must be a valid port." - while netcat -z 127.0.0.1 $port # Check if the port is free - do - port=$((port+1)) # Else, pass to next port - done - echo $port -} - -# Create a system user -# -# usage: ynh_system_user_create user_name [home_dir] -# | arg: user_name - Name of the system user that will be create -# | arg: home_dir - Path of the home dir for the user. Usually the final path of the app. If this argument is omitted, the user will be created without home -ynh_system_user_create () { - if ! ynh_system_user_exists "$1" # Check if the user exists on the system - then # If the user doesn't exist - if [ $# -ge 2 ]; then # If a home dir is mentioned - user_home_dir="-d $2" - else - user_home_dir="--no-create-home" - fi - sudo useradd $user_home_dir --system --user-group $1 --shell /usr/sbin/nologin || ynh_die "Unable to create $1 system account" - fi -} - -# Delete a system user -# -# usage: ynh_system_user_delete user_name -# | arg: user_name - Name of the system user that will be create -ynh_system_user_delete () { - if ynh_system_user_exists "$1" # Check if the user exists on the system - then - echo "Remove the user $1" >&2 - sudo userdel $1 - else - echo "The user $1 was not found" >&2 - fi -} - -# Curl abstraction to help with POST requests to local pages (such as installation forms) -# -# $domain and $path_url should be defined externally (and correspond to the domain.tld and the /path (of the app?)) -# -# example: ynh_local_curl "/install.php?installButton" "foo=$var1" "bar=$var2" -# -# usage: ynh_local_curl "page_uri" "key1=value1" "key2=value2" ... -# | arg: page_uri - Path (relative to $path_url) of the page where POST data will be sent -# | arg: key1=value1 - (Optionnal) POST key and corresponding value -# | arg: key2=value2 - (Optionnal) Another POST key and corresponding value -# | arg: ... - (Optionnal) More POST keys and values -ynh_local_curl () { - # Define url of page to curl - full_page_url=https://localhost$path_url$1 - - # Concatenate all other arguments with '&' to prepare POST data - POST_data="" - for arg in "${@:2}" - do - POST_data="${POST_data}${arg}&" - done - if [ -n "$POST_data" ] - then - # Add --data arg and remove the last character, which is an unecessary '&' - POST_data="--data \"${POST_data::-1}\"" - fi - - # Curl the URL - curl --silent --show-error -kL -H "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" -} - -# Substitute/replace a string by another in a file -# -# usage: ynh_replace_string match_string replace_string target_file -# | arg: match_string - String to be searched and replaced in the file -# | arg: replace_string - String that will replace matches -# | arg: target_file - File in which the string will be replaced. -ynh_replace_string () { - delimit=@ - match_string=${1//${delimit}/"\\${delimit}"} # Escape the delimiter if it's in the string. - replace_string=${2//${delimit}/"\\${delimit}"} - workfile=$3 - - sudo sed --in-place "s${delimit}${match_string}${delimit}${replace_string}${delimit}g" "$workfile" -} - -# Remove a file or a directory securely -# -# usage: ynh_secure_remove path_to_remove -# | arg: path_to_remove - File or directory to remove -ynh_secure_remove () { - path_to_remove=$1 - forbidden_path=" \ - /var/www \ - /home/yunohost.app" - - if [[ "$forbidden_path" =~ "$path_to_remove" \ - # Match all paths or subpaths in $forbidden_path - || "$path_to_remove" =~ ^/[[:alnum:]]+$ \ - # Match all first level paths from / (Like /var, /root, etc...) - || "${path_to_remove:${#path_to_remove}-1}" = "/" ]] - # Match if the path finishes by /. Because it seems there is an empty variable - then - echo "Avoid deleting $path_to_remove." >&2 - else - if [ -e "$path_to_remove" ] - then - sudo rm -R "$path_to_remove" - else - echo "$path_to_remove wasn't deleted because it doesn't exist." >&2 - fi - fi -} - -# Download, check integrity, uncompress and patch the source from app.src -# -# The file conf/app.src need to contains: -# -# SOURCE_URL=Address to download the app archive -# SOURCE_SUM=Control sum -# # (Optional) Programm to check the integrity (sha256sum, md5sum$YNH_EXECUTION_DIR/...) -# # default: sha256 -# SOURCE_SUM_PRG=sha256 -# # (Optional) Archive format -# # default: tar.gz -# SOURCE_FORMAT=tar.gz -# # (Optional) Put false if source are directly in the archive root -# # default: true -# SOURCE_IN_SUBDIR=false -# # (Optionnal) Name of the local archive (offline setup support) -# # default: ${src_id}.${src_format} -# SOURCE_FILENAME=example.tar.gz -# -# Details: -# This helper download sources from SOURCE_URL if there is no local source -# archive in /opt/yunohost-apps-src/APP_ID/SOURCE_FILENAME -# -# Next, it check the integrity with "SOURCE_SUM_PRG -c --status" command. -# -# If it's ok, the source archive will be uncompress in $dest_dir. If the -# SOURCE_IN_SUBDIR is true, the first level directory of the archive will be -# removed. -# -# Finally, patches named sources/patches/${src_id}-*.patch and extra files in -# sources/extra_files/$src_id will be applyed to dest_dir -# -# -# usage: ynh_setup_source dest_dir [source_id] -# | arg: dest_dir - Directory where to setup sources -# | arg: source_id - Name of the app, if the package contains more than one app -YNH_EXECUTION_DIR="." -ynh_setup_source () { - local dest_dir=$1 - local src_id=${2:-app} # If the argument is not given, source_id equal "app" - - # Load value from configuration file (see above for a small doc about this file - # format) - local src_url=$(grep 'SOURCE_URL=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-) - local src_sum=$(grep 'SOURCE_SUM=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-) - local src_sumprg=$(grep 'SOURCE_SUM_PRG=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-) - local src_format=$(grep 'SOURCE_FORMAT=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-) - local src_in_subdir=$(grep 'SOURCE_IN_SUBDIR=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-) - local src_filename=$(grep 'SOURCE_FILENAME=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-) - - # Default value - src_sumprg=${src_sumprg:-sha256sum} - src_in_subdir=${src_in_subdir:-true} - src_format=${src_format:-tar.gz} - src_format=$(echo "$src_format" | tr '[:upper:]' '[:lower:]') - if [ "$src_filename" = "" ] ; then - src_filename="${src_id}.${src_format}" - fi - local local_src="/opt/yunohost-apps-src/${YNH_APP_ID}/${src_filename}" - - if test -e "$local_src" - then # Use the local source file if it is present - cp $local_src $src_filename - else # If not, download the source - wget -nv -O $src_filename $src_url - fi - - # Check the control sum - echo "${src_sum} ${src_filename}" | ${src_sumprg} -c --status \ - || ynh_die "Corrupt source" - - # Extract source into the app dir - sudo mkdir -p "$dest_dir" - if [ "$src_format" = "zip" ] - then - # Zip format - # Using of a temp directory, because unzip doesn't manage --strip-components - if $src_in_subdir ; then - local tmp_dir=$(mktemp -d) - sudo unzip -quo $src_filename -d "$tmp_dir" - sudo cp -a $tmp_dir/*/. "$dest_dir" - ynh_secure_remove "$tmp_dir" - else - sudo unzip -quo $src_filename -d "$dest_dir" - fi - else - local strip="" - if $src_in_subdir ; then - strip="--strip-components 1" - fi - if [[ "$src_format" =~ ^tar.gz|tar.bz2|tar.xz$ ]] ; then - sudo tar -xf $src_filename -C "$dest_dir" $strip - else - ynh_die "Archive format unrecognized." - fi - fi - - # Apply patches - if (( $(find $YNH_EXECUTION_DIR/../sources/patches/ -type f -name "${src_id}-*.patch" 2> /dev/null | wc -l) > "0" )); then - local old_dir=$(pwd) - (cd "$dest_dir" \ - && for p in $YNH_EXECUTION_DIR/../sources/patches/${src_id}-*.patch; do \ - sudo patch -p1 < $p; done) \ - || ynh_die "Unable to apply patches" - cd $old_dir - fi - - # Add supplementary files - if test -e "$YNH_EXECUTION_DIR/../sources/extra_files/${src_id}"; then - sudo cp -a $YNH_EXECUTION_DIR/../sources/extra_files/$src_id/. "$dest_dir" - fi -} - -# Check availability of a web path -# -# example: ynh_webpath_available some.domain.tld /coffee -# -# usage: ynh_webpath_available domain path -# | arg: domain - the domain/host of the url -# | arg: path - the web path to check the availability of -ynh_webpath_available () { - local domain=$1 - local path=$2 - sudo yunohost domain url-available $domain $path -} - -# Register/book a web path for an app -# -# example: ynh_webpath_register wordpress some.domain.tld /coffee -# -# usage: ynh_webpath_register app domain path -# | arg: app - the app for which the domain should be registered -# | arg: domain - the domain/host of the web path -# | arg: path - the web path to be registered -ynh_webpath_register () { - local app=$1 - local domain=$2 - local path=$3 - sudo yunohost app register-url $app $domain $path -} - -# Calculate and store a file checksum into the app settings -# -# $app should be defined when calling this helper -# -# usage: ynh_store_file_checksum file -# | arg: file - The file on which the checksum will performed, then stored. -ynh_store_file_checksum () { - local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' - ynh_app_setting_set $app $checksum_setting_name $(sudo md5sum "$1" | cut -d' ' -f1) -} - -# Verify the checksum and backup the file if it's different -# This helper is primarily meant to allow to easily backup personalised/manually -# modified config files. -# -# $app should be defined when calling this helper -# -# usage: ynh_backup_if_checksum_is_different file -# | arg: file - The file on which the checksum test will be perfomed. -# -# | ret: Return the name a the backup file, or nothing -ynh_backup_if_checksum_is_different () { - local file=$1 - local checksum_setting_name=checksum_${file//[\/ ]/_} # Replace all '/' and ' ' by '_' - local checksum_value=$(ynh_app_setting_get $app $checksum_setting_name) - if [ -n "$checksum_value" ] - then # Proceed only if a value was stored into the app settings - if ! echo "$checksum_value $file" | sudo md5sum -c --status - then # If the checksum is now different - backup_file="/home/yunohost.conf/backup/$file.backup.$(date '+%Y%m%d.%H%M%S')" - sudo mkdir -p "$(dirname "$backup_file")" - sudo cp -a "$file" "$backup_file" # Backup the current file - echo "File $file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_file" >&2 - echo "$backup_file" # Return the name of the backup file - fi - fi -} diff --git a/scripts/install b/scripts/install index 2180c4e..2596be5 100755 --- a/scripts/install +++ b/scripts/install @@ -1,7 +1,7 @@ #!/bin/bash -set -eu - +#================================================= +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -10,198 +10,281 @@ source _common.sh source /usr/share/yunohost/helpers #================================================= -# MANAGE FAILURE OF THE SCRIPT +# MANAGE SCRIPT FAILURE #================================================= -ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est détectée. +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= +domain=$YNH_APP_ARG_DOMAIN +path_url=$YNH_APP_ARG_PATH +admin=$YNH_APP_ARG_ADMIN +is_public=$YNH_APP_ARG_IS_PUBLIC +language=$YNH_APP_ARG_LANGUAGE +password=$YNH_APP_ARG_PASSWORD + app=$YNH_APP_INSTANCE_NAME -path=$YNH_APP_ARG_PATH -domain=$YNH_APP_ARG_DOMAIN -is_public=$YNH_APP_ARG_IS_PUBLIC +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= +ynh_script_progression --message="Validating installation parameters..." --time --weight=1 + +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die --message="This path already contains a folder" + +# Register (book) web path +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= -# CHECK THE DEBIAN'S CODENAME +# STORE SETTINGS FROM MANIFEST #================================================= +ynh_script_progression --message="Storing installation settings..." --time --weight=1 -codename=$(lsb_release -a 2>/dev/null | grep Codename | cut -f 2) -test -z "$codename" && (ynh_die "codename empty") -if [ $codename != 'jessie' ] -then - ynh_die "Sorry, it can only be installed on Debian Jessie" -fi -archi=$(uname -m) -pwd=$(pwd) -wwwhome=~www-data +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=admin --value=$admin +ynh_app_setting_set --app=$app --key=language --value=$language #================================================= # FIND AND OPEN A PORT #================================================= +ynh_script_progression --message="Finding an available port..." --weight=2 -port=$(ynh_find_port 8181) # Cherche un port libre. - -# Store infos in YunoHost config -ynh_app_setting_set $app port $port -ynh_app_setting_set $app path ${path} -ynh_app_setting_set $app domain ${domain} -ynh_app_setting_set $app is_public ${is_public} +# Find an available port +port=$(ynh_find_port --port=8181) +ynh_app_setting_set --app=$app --key=port --value=$port #================================================= -# DEPENDENCIES +# INSTALL DEPENDENCIES #================================================= -# Activate backports sources.list -cp -a "../conf/turtl.list" "/etc/apt/sources.list.d/$app.list" -cp -a "../conf/turtl-preferences" "/etc/apt/preferences.d/00TurtlPinning" -if [ $archi == "armv7l" ] +ynh_script_progression --message="Installing dependencies..." --time --weight=1 + +ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies + +# Install Nodejs +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --time --weight=1 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + +#================================================= +# CREATE A POSTGRESQL DATABASE +#================================================= +ynh_script_progression --message="Creating a PostgreSQL database..." --weight=2 + +db_name=$(ynh_sanitize_dbid --db_name=$app) +ynh_app_setting_set --app=$app --key=db_name --value=$db_name +ynh_psql_test_if_first_run +ynh_psql_setup_db --db_user=$db_name --db_name=$db_name + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= +ynh_script_progression --message="Setting up source files..." --time --weight=1 + +ynh_app_setting_set --app=$app --key=final_path --value=$final_path +# Download, check integrity, uncompress and patch the source from app.src +#ynh_setup_source --dest_dir="$final_path" +git clone https://github.com/turtl/server "$final_path" --quiet + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1 + +### `ynh_add_nginx_config` will use the file conf/nginx.conf + +# Create a dedicated NGINX config +ynh_add_nginx_config + +#================================================= +# SPECIFIC SETUP +#================================================= +# ... +#================================================= +ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=20 + +pushd $final_path/server + ynh_use_nodejs + ynh_exec_as $app env $ynh_node_load_PATH npm install --unsafe-perm 2>/dev/null +popd + +#================================================= +# ADD A CONFIGURATION +#================================================= +ynh_script_progression --message="Adding a configuration file..." --time --weight=1 + +cp config/config.yaml.default config/config.yaml +ynh_add_config --template="../conf/config.yaml.default" --destination="$final_path/config/config.yaml" + +chmod 400 "$final_path/config/config.yaml" +chown $app:$app "$final_path/config/config.yaml" + +#================================================= +# SETUP SYSTEMD +#================================================= +ynh_script_progression --message="Configuring a systemd service..." --time --weight=1 + +### `ynh_systemd_config` is used to configure a systemd script for an app. +### It can be used for apps that use sysvinit (with adaptation) or systemd. +### Have a look at the app to be sure this app needs a systemd script. +### `ynh_systemd_config` will use the file conf/systemd.service +### If you're not using these lines: +### - You can remove those files in conf/. +### - Remove the section "BACKUP SYSTEMD" in the backup script +### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script +### - As well as the section "RESTORE SYSTEMD" in the restore script +### - And the section "SETUP SYSTEMD" in the upgrade script + +# Create a dedicated systemd config +ynh_add_systemd_config + +#================================================= +# SETUP APPLICATION WITH CURL +#================================================= + +### Use these lines only if the app installation needs to be finalized through +### web forms. We generally don't want to ask the final user, +### so we're going to use curl to automatically fill the fields and submit the +### forms. + +# Set the app as temporarily public for curl call +ynh_script_progression --message="Configuring SSOwat..." --time --weight=1 +# Making the app public for curl +ynh_permission_update --permission="main" --add="visitors" + +# Installation with curl +ynh_script_progression --message="Finalizing installation..." --time --weight=1 +ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" + +# Remove the public access +ynh_permission_update --permission="main" --remove="visitors" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_script_progression --message="Configuring log rotation..." --time --weight=1 + +### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. +### Use this helper only if there is effectively a log file for this app. +### If you're not using this helper: +### - Remove the section "BACKUP LOGROTATE" in the backup script +### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script +### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script +### - And the section "SETUP LOGROTATE" in the upgrade script + +# Use logrotate to manage application logfile(s) +ynh_use_logrotate + +#================================================= +# INTEGRATE SERVICE IN YUNOHOST +#================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 + +### `yunohost service add` integrates a service in YunoHost. It then gets +### displayed in the admin interface and through the others `yunohost service` commands. +### (N.B.: this line only makes sense if the app adds a service to the system!) +### If you're not using these lines: +### - You can remove these files in conf/. +### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script +### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script +### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script + +yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" + +### Additional options starting with 3.8: +### +### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed +### which will then be checked by YunoHost's diagnosis system +### (N.B. DO NOT USE THIS is the port is only internal!!!) +### +### --test_status "some command" a custom command to check the status of the service +### (only relevant if 'systemctl status' doesn't do a good job) +### +### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service +### +### Re-calling 'yunohost service add' during the upgrade script is the right way +### to proceed if you later realize that you need to enable some flags that +### weren't enabled on old installs (be careful it'll override the existing +### service though so you should re-provide all relevant flags when doing so) + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --time --weight=1 + +### `ynh_systemd_action` is used to start a systemd service for an app. +### Only needed if you have configure a systemd service +### If you're not using these lines: +### - Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script +### - As well as the section "START SYSTEMD SERVICE" in the restore script +### - As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script +### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script + +# Start a systemd service +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_script_progression --message="Configuring Fail2Ban..." --time --weight=1 + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" + +#================================================= +# SETUP SSOWAT +#================================================= +ynh_script_progression --message="Configuring permissions..." --time --weight=1 + +# Make app public if necessary +if [ $is_public -eq 1 ] then - gpg --list-keys 7638D0442B90D010 > /dev/null 2>&1 - if [ $? != 0 ] - then - gpg --keyserver pgpkeys.mit.edu --recv-key 7638D0442B90D010 - fi - gpg --list-keys 8B48AD6246925553 > /dev/null 2>&1 - if [ $? != 0 ] - then - gpg --keyserver pgpkeys.mit.edu --recv-key 8B48AD6246925553 - fi - if [ $(apt-key finger | grep "7638 D044 2B90 D010" -c) == 0 ] - then - gpg -a --export 7638D0442B90D010 | apt-key add - - fi - if [ $(apt-key finger | grep "8B48 AD62 4692 5553" -c) == 0 ] - then - gpg -a --export 8B48AD6246925553 | apt-key add - - fi + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" fi -if [ $archi == "armv7l" ] -then - # Install RethinkDB - dpkg -i ../conf/rethinkdb_2.3.6_armhf.deb -else - # Activate RethinkDB sources.list - release=$(lsb_release -cs) - echo "deb http://download.rethinkdb.com/apt $release main" | tee /etc/apt/sources.list.d/rethinkdb.list - wget -qO- https://download.rethinkdb.com/apt/pubkey.gpg | apt-key add - - ynh_package_update -fi +### N.B. : the following extra permissions only make sense if your app +### does have for example an admin interface or an API. -# Install dependencies -ynh_package_update -ynh_install_app_dependencies wget git build-essential rethinkdb libuv1-dev python-pip +# Only the admin can access the admin panel of the app (if the app has an admin panel) +ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin - -# Install Clozure Common Lisp -cd /opt -if [ $archi == "armv7l" ] -then - wget -q ftp://ftp.clozure.com/pub/release/1.11/ccl-1.11-linuxarm.tar.gz - tar xf ccl-1.11-linuxarm.tar.gz -else - wget -q ftp://ftp.clozure.com/pub/release/1.11/ccl-1.11-linuxx86.tar.gz - tar xf ccl-1.11-linuxx86.tar.gz -fi - -cd ccl -if [ $(grep -c "flags.* lm .*" /proc/cpuinfo) -eq 0 ] -then - cp scripts/ccl /usr/bin/ccl -else - cp scripts/ccl64 /usr/bin/ccl -fi -sed -e "s@CCL_DEFAULT_DIRECTORY=/usr/local/src/ccl@CCL_DEFAULT_DIRECTORY=/opt/ccl@" -i /usr/bin/ccl - -# Install QuickLisp -cd $pwd -cp -a ../conf/ccl-init.lisp $wwwhome/.ccl-init.lisp -cp -a ../conf/quicklisp.lisp /tmp/quicklisp.lisp -cp -a ../conf/quicklisp.lisp.asc /tmp/quicklisp.lisp.asc - -mkdir $wwwhome/quicklisp $wwwhome/.cache/ -chown www-data: $wwwhome/quicklisp $wwwhome/.cache/ $wwwhome/.ccl-init.lisp - -gpg --keyserver pgpkeys.mit.edu --recv-key 307965AB028B5FF7 -gpg --verify /tmp/quicklisp.lisp.asc /tmp/quicklisp.lisp - -su -c 'echo -e "(quicklisp-quickstart:install)\n(quit)" | ccl --load /tmp/quicklisp.lisp' -s /bin/bash www-data - -echo "(pushnew \"./\" asdf :*central-registry* :test #'equal)" >> $wwwhome/.ccl-init.lisp - -rm -f /tmp/quicklisp /tmp/quicklisp.lisp.asc - -# Configure RethinkDB -echo "http-port=8091" > /etc/rethinkdb/instances.d/turtl.conf -service rethinkdb restart - -# Install RethinkDB tools (needed for backup) -pip install rethinkdb - -# Install Turtl -cd $wwwhome -mkdir turtl/data -p -cd turtl -git clone https://github.com/turtl/api.git +# Everyone can access the API part +# We don't want to display the tile in the SSO so we put --show_tile="false" +# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true" +ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" #================================================= -# CONFIGURE TURTL +# RELOAD NGINX #================================================= -cd api +ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 -# Copions le modèle de fichier de configuration -cp config/config.default.lisp config/config.lisp - -# Modifie la configuration de turtl -sed -e "s@\*server-port\* 8181@*server-port* $port@" \ - -e "s@\*server-bind\* nil@*server-bind* \"127.0.0.1\"@" \ - -e "s@\*production-error-handling\* nil@*production-error-handling* t@" \ - -e "s@\*site-url\* \"http://turtl.dev:8181\"@*site-url* \"https://$domain\"@" \ - -e "s@\*smtp-host\* nil@*smtp-host* \"localhost\"@" \ - -e "s@\*display-errors\* t@*display-errors* nil@" \ - -e "s@\*local-upload\* nil@*local-upload* \"$wwwhome/turtl/data\"@" \ - -e "s@\*local-upload-url\* nil@*local-upload-url* \"https://$domain\"@" \ - -i config/config.lisp - -if [ $path != '/' ] -then - sed -e "s@\*api-path\* \"\"@\*api-path\* \"$path\"@" -i config/config.lisp -fi +ynh_systemd_action --service_name=nginx --action=reload #================================================= -# LOG HANDLING +# END OF SCRIPT #================================================= -cd $pwd -cp "../conf/rsyslogd.conf" "/etc/rsyslog.d/$app.conf" -service rsyslog restart -mkdir /var/log/turtl/ -p -cp "../conf/logrotate.conf" "/etc/logrotate.d/$app" -#================================================= -# ENABLE SERVICE IN ADMIN PANEL -#================================================= -# Add service to Yunohost monitoring -cp "../conf/turtl.service" "/etc/systemd/system/$app.service" -systemctl daemon-reload -yunohost service add turtl --log "/var/log/turtl/$app.log" -yunohost service start turtl - -#================================================= -# NGINX -#================================================= -# Copy Nginx conf -cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf - -# Change variables in Nginx configuration -if [ $is_public -eq 1 ]; -then - ynh_app_setting_set "$app" unprotected_uris "$path" -fi -sed -i "s@__PATH__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf -sed -i "s@__PORT__@$port@g" /etc/nginx/conf.d/$domain.d/$app.conf - -# Reload Nginx -service nginx reload +ynh_script_progression --message="Installation of $app completed" --time --last