mirror of
https://github.com/YunoHost-Apps/vaultwarden_ynh.git
synced 2024-09-03 18:26:31 +02:00
230 lines
8.1 KiB
Text
230 lines
8.1 KiB
Text
|
#!/bin/bash
|
||
|
|
||
|
#=================================================
|
||
|
# GENERIC START
|
||
|
#=================================================
|
||
|
# IMPORT GENERIC HELPERS
|
||
|
#=================================================
|
||
|
|
||
|
source _common.sh
|
||
|
source /usr/share/yunohost/helpers
|
||
|
|
||
|
#=================================================
|
||
|
# LOAD SETTINGS
|
||
|
#=================================================
|
||
|
ynh_script_progression --message="Loading installation settings..." --time --weight=1
|
||
|
|
||
|
app=$YNH_APP_INSTANCE_NAME
|
||
|
|
||
|
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||
|
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||
|
admin=$(ynh_app_setting_get --app=$app --key=admin)
|
||
|
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
||
|
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||
|
|
||
|
admin_token=$(ynh_app_setting_get --app=$app --key=admin_token)
|
||
|
rocket_port=$(ynh_app_setting_get --app=$app --key=rocket_port)
|
||
|
websocket_port=$(ynh_app_setting_get --app=$app --key=websocket_port)
|
||
|
|
||
|
#=================================================
|
||
|
# CHECK VERSION
|
||
|
#=================================================
|
||
|
|
||
|
upgrade_type=$(ynh_check_app_version_changed)
|
||
|
|
||
|
#=================================================
|
||
|
# ENSURE DOWNWARD COMPATIBILITY
|
||
|
#=================================================
|
||
|
ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
|
||
|
|
||
|
# Fix is_public as a boolean value
|
||
|
if [ "$is_public" = "Yes" ]; then
|
||
|
ynh_app_setting_set --app=$app --key=is_public --value=1
|
||
|
is_public=1
|
||
|
elif [ "$is_public" = "No" ]; then
|
||
|
ynh_app_setting_set --app=$app --key=is_public --value=0
|
||
|
is_public=0
|
||
|
fi
|
||
|
|
||
|
# If final_path doesn't exist, create it
|
||
|
if [ -z "$final_path" ]; then
|
||
|
final_path=/var/www/$app
|
||
|
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
||
|
fi
|
||
|
|
||
|
#=================================================
|
||
|
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
||
|
#=================================================
|
||
|
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1
|
||
|
|
||
|
# Backup the current version of the app
|
||
|
ynh_backup_before_upgrade
|
||
|
ynh_clean_setup () {
|
||
|
ynh_clean_check_starting
|
||
|
# restore it if the upgrade fails
|
||
|
ynh_restore_upgradebackup
|
||
|
}
|
||
|
# Exit if an error occurs during the execution of the script
|
||
|
ynh_abort_if_errors
|
||
|
|
||
|
#=================================================
|
||
|
# STANDARD UPGRADE STEPS
|
||
|
#=================================================
|
||
|
# STOP SYSTEMD SERVICE
|
||
|
#=================================================
|
||
|
ynh_script_progression --message="Stopping a systemd service..." --time --weight=1
|
||
|
|
||
|
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --line_match=="Stopped Bitwarden Server"
|
||
|
|
||
|
#=================================================
|
||
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||
|
#=================================================
|
||
|
|
||
|
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
||
|
then
|
||
|
ynh_script_progression --message="Upgrading source files..." --time --weight=1
|
||
|
|
||
|
# Download, check integrity, uncompress and patch the source from app.src
|
||
|
ynh_setup_source --dest_dir="$final_path/build/" --source_id=app
|
||
|
ynh_setup_source --dest_dir="$final_path/live/web-vault/" --source_id=web
|
||
|
fi
|
||
|
|
||
|
#=================================================
|
||
|
# NGINX CONFIGURATION
|
||
|
#=================================================
|
||
|
ynh_script_progression --message="Upgrading nginx web server configuration..." --time --weight=1
|
||
|
|
||
|
# Create a dedicated nginx config
|
||
|
ynh_add_nginx_config
|
||
|
|
||
|
#=================================================
|
||
|
# UPGRADE DEPENDENCIES
|
||
|
#=================================================
|
||
|
ynh_script_progression --message="Upgrading dependencies..." --time --weight=1
|
||
|
|
||
|
ynh_install_app_dependencies $pkg_dependencies
|
||
|
|
||
|
#=================================================
|
||
|
# CREATE DEDICATED USER
|
||
|
#=================================================
|
||
|
ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1
|
||
|
|
||
|
# Create a dedicated user (if not existing)
|
||
|
ynh_system_user_create --username=$app --home_dir=$final_path
|
||
|
|
||
|
#=================================================
|
||
|
# SPECIFIC UPGRADE
|
||
|
#=================================================
|
||
|
# MAKE INSTALL
|
||
|
#=================================================
|
||
|
|
||
|
# Set right permissions
|
||
|
chown -R "$app":"$app" $final_path
|
||
|
|
||
|
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
||
|
then
|
||
|
# Install
|
||
|
pushd $final_path
|
||
|
sudo -u "$app" RUSTUP_HOME=$final_path/.rustup CARGO_HOME=$final_path/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain=nightly'
|
||
|
popd
|
||
|
|
||
|
export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin"
|
||
|
|
||
|
pushd $final_path/build
|
||
|
sudo -u "$app" env PATH=$PATH cargo build --release
|
||
|
popd
|
||
|
|
||
|
cp -a $final_path/build/target/release/. $final_path/live/.
|
||
|
|
||
|
ynh_secure_remove --file=$final_path/build/
|
||
|
fi
|
||
|
|
||
|
#=================================================
|
||
|
# MODIFY A CONFIG FILE
|
||
|
#=================================================
|
||
|
|
||
|
config="$final_path/live/bitwarden_rs.env"
|
||
|
|
||
|
ynh_backup_if_checksum_is_different --file="$config"
|
||
|
|
||
|
cp -f ../conf/bitwarden_rs.env "$config"
|
||
|
|
||
|
ynh_replace_string --match_string="__ADMIN_TOKEN__" --replace_string="$admin_token" --target_file="$config"
|
||
|
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
|
||
|
ynh_replace_string --match_string="__WEBSOCKET_PORT__" --replace_string="$websocket_port" --target_file="$config"
|
||
|
ynh_replace_string --match_string="__ROCKET_PORT__" --replace_string="$rocket_port" --target_file="$config"
|
||
|
|
||
|
#=================================================
|
||
|
# STORE THE CONFIG FILE CHECKSUM
|
||
|
#=================================================
|
||
|
|
||
|
# Recalculate and store the checksum of the file for the next upgrade.
|
||
|
ynh_store_file_checksum --file="$config"
|
||
|
|
||
|
#=================================================
|
||
|
# SETUP LOGROTATE
|
||
|
#=================================================
|
||
|
ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1
|
||
|
|
||
|
# Use logrotate to manage app-specific logfile(s)
|
||
|
ynh_use_logrotate --non-append
|
||
|
|
||
|
#=================================================
|
||
|
# SETUP SYSTEMD
|
||
|
#=================================================
|
||
|
ynh_script_progression --message="Upgrading systemd configuration..." --time --weight=1
|
||
|
|
||
|
# Create a dedicated systemd config
|
||
|
ynh_add_systemd_config
|
||
|
|
||
|
#=================================================
|
||
|
# GENERIC FINALIZATION
|
||
|
#=================================================
|
||
|
# UPGRADE FAIL2BAN
|
||
|
#=================================================
|
||
|
ynh_script_progression --message="Reconfiguring fail2ban..." --time --weight=1
|
||
|
|
||
|
# Create a dedicated fail2ban config
|
||
|
ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$"
|
||
|
|
||
|
#=================================================
|
||
|
# SECURE FILES AND DIRECTORIES
|
||
|
#=================================================
|
||
|
|
||
|
# Set permissions on app files
|
||
|
chown -R "$app":"$app" $final_path
|
||
|
mkdir -p "/var/log/$app"
|
||
|
chown -R "$app":"$app" /var/log/$app
|
||
|
|
||
|
#=================================================
|
||
|
# SETUP SSOWAT
|
||
|
#=================================================
|
||
|
ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1
|
||
|
|
||
|
# Make app public if necessary
|
||
|
if [ $is_public -eq 1 ]
|
||
|
then
|
||
|
# unprotected_uris allows SSO credentials to be passed anyway
|
||
|
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
|
||
|
fi
|
||
|
|
||
|
#=================================================
|
||
|
# START SYSTEMD SERVICE
|
||
|
#=================================================
|
||
|
ynh_script_progression --message="Starting a systemd service..." --time --weight=1
|
||
|
|
||
|
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Listening for new connections on"
|
||
|
|
||
|
#=================================================
|
||
|
# RELOAD NGINX
|
||
|
#=================================================
|
||
|
ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
|
||
|
|
||
|
ynh_systemd_action --service_name=nginx --action=reload
|
||
|
|
||
|
#=================================================
|
||
|
# END OF SCRIPT
|
||
|
#=================================================
|
||
|
|
||
|
ynh_script_progression --message="Upgrade of $app completed" --time --last
|