#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= ynh_clean_setup () { ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN path_url=/ is_public=$YNH_APP_ARG_IS_PUBLIC server_name=$YNH_APP_ARG_SERVER_NAME interface=$YNH_APP_ARG_INTERFACE app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." --weight=1 final_path=/opt/yunohost/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url #will be used when restoring #================================================= # STANDARD MODIFICATIONS #================================================= # FIND AND OPEN A PORT #================================================= ynh_script_progression --message="Finding an available port..." --weight=1 # Find an available port #port_web is used for the web interface while port_rend is used by video renderer port_web=$(ynh_find_port --port=9001) ynh_app_setting_set --app=$app --key=port_web --value=$port_web port_rend=$(ynh_find_port --port=5001) ynh_app_setting_set --app=$app --key=port_rend --value=$port_rend # Open the port -- TO BE CHECKED IF REQUIRED ynh_script_progression --message="Configuring firewall..." --weight=3 #ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_web ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port_rend #================================================= # INSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Installing dependencies..." --weight=30 ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user #UMS require a home path for the user as config files are stored in there ynh_system_user_create --username=$app --home_dir=/home/$app #================================================= #SETTING MULTIMEDIA DIRECTORY #================================================= ynh_script_progression --message="Setting up Multimedia directory..." --weight=9 ynh_multimedia_build_main_dir ynh_multimedia_addaccess $app #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=12 # Download, check integrity, uncompress and patch the source from app.src # Create an app.src for the correct compiled version of UMS # match string are fulfilled in _common.sh cp ../conf/app.src.default ../conf/app.src ynh_replace_string --match_string="__MACH__" --replace_string="$MACH" --target_file="../conf/app.src" ynh_replace_string --match_string="__SHA256_SUM__" --replace_string="$SHA256" --target_file="../conf/app.src" ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" tar xfvz $final_path/app.tgz --strip-component=1 --directory=$final_path/ rm $final_path/app.tgz chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R root:$app "$final_path" chown root:$app "$final_path/UMS.sh" #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=4 ### `ynh_add_nginx_config` will use the file conf/nginx.conf # Create a dedicated NGINX config ynh_add_nginx_config "port_web" #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Configuring a systemd service..." --weight=1 # Create a dedicated systemd config ynh_add_systemd_config #================================================= # ADD A CONFIGURATION #================================================= ynh_script_progression --message="Setting up configuration file.." --weight=5 #UMS read config file from .config/UMS folder mkdir -p "/home/$app/.config/UMS" ynh_add_config --template="UMS.conf.default" --destination="/home/$app/.config/UMS/UMS.conf" ynh_add_config --template="WEB.conf.default" --destination="/home/$app/.config/UMS/WEB.conf" ynh_add_config --template="VirtualFolders.conf.default" --destination="/home/$app/.config/UMS/VirtualFolders.conf" chown -R $app:$app "/home/$app/.config" chmod -R 700 "/home/$app/.config" #chmod 600 "/home/$app/.config/UMS/*" #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= ynh_script_progression --message="Configuring log rotation..." --weight=1 #TO BE CHECKED : debug.log file in ~/.config/UMS/ # Use logrotate to manage application logfile(s) ynh_use_logrotate #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 yunohost service add $app --description="A DLNA, UPnP and HTTP(S) Media Server." --log="/var/log/$app/$app.log" --needs_exposed_ports "$port_web" "$port_rend" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" #================================================= # SETUP FAIL2BAN #================================================= #ynh_script_progression --message="Configuring Fail2Ban..." --time --weight=1 # Create a dedicated Fail2Ban config #ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 # Make app public if necessary if [ $is_public -eq 1 ] then # Everyone can access the app. # The "main" permission is automatically created before the install script. ynh_permission_update --permission="main" --add="visitors" fi ### N.B. : the following extra permissions only make sense if your app ### does have for example an admin interface or an api. # Only the admin can access the admin panel of the app (if the app has an admin panel) #ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin # Everyone can access to the api part # We don't want to display the tile in the sso so we put --show_tile="false" # And we don't want that the YunoHost Admin can remove visitors group to this permission, so we put --protected="true" #ynh_permission_create --permission="api" --url "/api" --allowed="visitors" --show_tile="false" --protected="true" #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed" --last