From bad0ac4dbc822f8e67d6eaea5091b71b42dfb348 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 15 Sep 2023 14:39:06 +0200 Subject: [PATCH] fix --- conf/vaultwarden.env | 2 +- scripts/install | 18 +++++++--------- scripts/remove | 25 +++------------------- scripts/restore | 49 ++++++++++---------------------------------- scripts/upgrade | 39 ++++++++--------------------------- 5 files changed, 31 insertions(+), 102 deletions(-) diff --git a/conf/vaultwarden.env b/conf/vaultwarden.env index b2158c2..ae0aa40 100644 --- a/conf/vaultwarden.env +++ b/conf/vaultwarden.env @@ -23,7 +23,7 @@ DATA_FOLDER=__DATA_DIR__ ## Details: ## - https://docs.diesel.rs/diesel/pg/struct.PgConnection.html ## - https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING -# DATABASE_URL=postgresql://user:password@host[:port]/database_name +# DATABASE_URL=postgresql://__DB_USER:__DB_PWD__@host[:port]/__DB_NAME__ ## Database max connections ## Define the size of the connection pool used for connecting to the database. diff --git a/scripts/install b/scripts/install index 01e6261..c4cb003 100644 --- a/scripts/install +++ b/scripts/install @@ -59,6 +59,13 @@ chown -R $app:$app "/var/log/$app" ynh_use_logrotate +# Create a dedicated Fail2Ban config +mkdir -p "/var/log/$app" +touch "/var/log/$app/$app.log" +chown -R $app:$app "/var/log/$app" + +ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$" + yunohost service add $app --description="$app daemon for vaultwarden" --log="/var/log/$app/$app.log" #================================================= @@ -91,17 +98,6 @@ ynh_script_progression --message="Starting a systemd service..." # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" --length=100 -#================================================= -# SETUP FAIL2BAN -#================================================= -ynh_script_progression --message="Configuring Fail2Ban..." - -# Create a dedicated Fail2Ban config -mkdir -p "/var/log/$app" -touch "/var/log/$app/$app.log" -chown -R $app:$app "/var/log/$app" -ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$" - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index 0d6e071..a0047d1 100644 --- a/scripts/remove +++ b/scripts/remove @@ -22,40 +22,21 @@ then yunohost service remove $app fi -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." - # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." - # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE FAIL2BAN CONFIGURATION -#================================================= -ynh_script_progression --message="Removing Fail2Ban configuration..." - # Remove the dedicated Fail2Ban config ynh_remove_fail2ban_config -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE VARIOUS FILES -#================================================= -ynh_script_progression --message="Removing various files..." - # Remove the log files ynh_secure_remove --file="/var/log/$app" +# Remove the config file +ynh_secure_remove --file="/$data_dir/config.json" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 5ec75a6..c71a448 100644 --- a/scripts/restore +++ b/scripts/restore @@ -30,9 +30,18 @@ ynh_restore_file --origin_path="$data_dir" --not_mandatory chown -R $app:$app "$data_dir" #================================================= -# RESTORE FAIL2BAN CONFIGURATION +# RESTORE THE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the Fail2Ban configuration..." +ynh_script_progression --message="Restoring the NGINX web server configuration..." + +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" + +ynh_restore_file --origin_path="/etc/systemd/system/$app.service" +systemctl enable $app.service --quiet + +mkdir -p "/var/log/$app" +chown -R $app:$app "/var/log/$app" +ynh_restore_file --origin_path="/etc/logrotate.d/$app" # Create a dedicated Fail2Ban config mkdir -p "/var/log/$app" @@ -43,35 +52,6 @@ ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" ynh_systemd_action --action=restart --service_name=fail2ban -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX web server configuration..." - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" - -#================================================= -# RESTORE SYSTEMD -#================================================= -ynh_script_progression --message="Restoring the systemd configuration..." - -ynh_restore_file --origin_path="/etc/systemd/system/$app.service" -systemctl enable $app.service --quiet - -#================================================= -# RESTORE THE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the logrotate configuration..." - -mkdir -p "/var/log/$app" -chown -R $app:$app "/var/log/$app" -ynh_restore_file --origin_path="/etc/logrotate.d/$app" - -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - yunohost service add $app --description="$app daemon for vaultwarden" --log="/var/log/$app/$app.log" #================================================= @@ -81,13 +61,6 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" --length=100 -#================================================= -# GENERIC FINALIZATION -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - ynh_systemd_action --service_name=nginx --action=reload #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index b53427c..f3a301e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -46,14 +46,6 @@ fi chmod -R o-rwx "$install_dir" chown -R $app:$app "$install_dir" -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." - -# Create a dedicated NGINX config -ynh_add_nginx_config - #================================================= # SPECIFIC UPGRADE #================================================= @@ -88,25 +80,23 @@ chown $app:$app "$install_dir/live/.env" #================================================= ynh_script_progression --message="Upgrading systemd configuration..." +# Create a dedicated NGINX config +ynh_add_nginx_config + # Create a dedicated systemd config ynh_add_systemd_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Upgrading logrotate configuration..." - mkdir -p "/var/log/$app" chown -R $app:$app "/var/log/$app" # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." +mkdir -p "/var/log/$app" +touch "/var/log/$app/$app.log" +chown -R $app:$app "/var/log/$app" + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$" yunohost service add $app --description="$app daemon for vaultwarden" --log="/var/log/$app/$app.log" @@ -117,17 +107,6 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" --length=100 -#================================================= -# UPGRADE FAIL2BAN -#================================================= -ynh_script_progression --message="Reconfiguring Fail2Ban..." - -mkdir -p "/var/log/$app" -touch "/var/log/$app/$app.log" -chown -R $app:$app "/var/log/$app" -# Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$" - #================================================= # END OF SCRIPT #=================================================