YunoHost-Apps/vaultwarden_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/vaultwarden_ynh.git synced 2024-09-03 18:26:31 +02:00
Code Issues Activity Actions

Merge pull request #243 from YunoHost-Apps/testing

Browse source 
Testing
This commit is contained in:
eric_G 2023-10-24 14:41:59 +02:00 committed by GitHub
commit e2d75e1c8e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
30 changed files with 203 additions and 1378 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

65
.github/workflows/updater.sh vendored
View file

@ -1,65 +0,0 @@
#!/bin/bash
#=================================================
# PACKAGE UPDATING HELPER
#=================================================
# This script is meant to be run by GitHub Actions
# The YunoHost-Apps organisation offers a template Action to run this script periodically
# Since each app is different, maintainers can adapt its contents so as to perform
# automatic actions when a new upstream release is detected.
#=================================================
# FETCHING LATEST RELEASE AND ITS ASSETS
#=================================================
# Fetching information
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
# Later down the script, we assume the version has only digits and dots
# Sometimes the release name starts with a "v", so let's filter it out.
# You may need more tweaks here if the upstream repository has different naming conventions.
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
version=${version:1}
fi
# Setting up the environment variables
echo "Current version: $current_version"
echo "Latest release from upstream: $version"
echo "VERSION=$version" >> $GITHUB_ENV
echo "REPO=$repo" >> $GITHUB_ENV
# For the time being, let's assume the script will fail
echo "PROCEED=false" >> $GITHUB_ENV
# Proceed only if the retrieved version is greater than the current one
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
echo "::warning ::No new version available"
exit 0
# Proceed only if a PR for this new version does not already exist
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
echo "::warning ::A branch already exists for this update"
exit 0
fi
#=================================================
# SPECIFIC UPDATE STEPS
#=================================================
# Any action on the app's source code can be done.
# The GitHub Action workflow takes care of committing all changes after this script ends.
#=================================================
# GENERIC FINALIZATION
#=================================================
# Replace new version in manifest
echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
# No need to update the README, yunohost-bot takes care of it
# The Action will proceed only if the PROCEED environment variable is set to true
echo "PROCEED=true" >> $GITHUB_ENV
exit 0

50
.github/workflows/updater.yml vendored
View file

@ -1,50 +0,0 @@
# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected.
# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization.
# This file should be enough by itself, but feel free to tune it to your needs.
# It calls updater.sh, which is where you should put the app-specific update steps.
name: Check for new upstream releases
on:
# Allow to manually trigger the workflow
workflow_dispatch:
# Run it every day at 6:00 UTC
schedule:
- cron: '0 6 * * *'
jobs:
updater:
runs-on: ubuntu-latest
steps:
- name: Fetch the source code
uses: actions/checkout@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run the updater script
id: run_updater
run: |
# Setting up Git user
git config --global user.name 'yunohost-bot'
git config --global user.email 'yunohost-bot@users.noreply.github.com'
# Run the updater script
/bin/bash .github/workflows/updater.sh
- name: Commit changes
id: commit
if: ${{ env.PROCEED == 'true' }}
run: |
git commit -am "Upgrade to v$VERSION"
- name: Create Pull Request
id: cpr
if: ${{ env.PROCEED == 'true' }}
uses: peter-evans/create-pull-request@v4
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: Update to version ${{ env.VERSION }}
committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
signoff: false
base: testing
branch: ci-auto-update-v${{ env.VERSION }}
delete-branch: true
title: 'Upgrade to version ${{ env.VERSION }}'
body: |
Upgrade to v${{ env.VERSION }}
draft: false

25
README.md
View file

@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
**Shipped version:** 1.29.1~ynh1
**Shipped version:** 1.29.1~ynh2
**Demo:** https://vault.bitwarden.com/#/register
@ -26,34 +26,11 @@ Alternative implementation of the Bitwarden server API written in Rust and compa
![Screenshot of Vaultwarden](./doc/screenshots/screenshot1.png)
## Disclaimers / important information
### Install
This package compile Vaultwarden from sources, that can take a long time on a small computer :
* When installing on a Raspberry Pi 3, this can take more than 1 hour.
* When installing from the webadmin, you can encounter the "504 Gateway Timeout": this is fine, just let it finish in the background.
### Migrate from Bitwarden
This package handle the migration from Bitwarden to Vaultwarden.
For that, you will have to upgrade your Bitwarden application with this repository.
This can only be done from the command-line interface - e.g. through SSH.
Once you're connected, you simply have to execute the following:
```bash
sudo yunohost app upgrade bitwarden -u https://github.com/YunoHost-Apps/vaultwarden_ynh --debug
```
The `--debug` option will let you see the full output. If you encounter any issue, please paste it.
## Documentation and resources
* Official user documentation: <https://help.bitwarden.com/>
* Official admin documentation: <https://github.com/dani-garcia/vaultwarden/wiki>
* Upstream app code repository: <https://github.com/dani-garcia/vaultwarden>
* YunoHost documentation for this app: <https://yunohost.org/app_vaultwarden>
* Report a bug: <https://github.com/YunoHost-Apps/vaultwarden_ynh/issues>
## Developer info

27
README_fr.md
View file

@ -16,9 +16,9 @@ Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
## Vue densemble
Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal.
Implémentation alternative de l'API du serveur Bitwarden écrite en Rust et compatible avec les clients Bitwarden en amont*, parfaite pour un déploiement auto-hébergé où l'exécution du service officiel gourmand en ressources n'est peut-être pas idéale.
**Version incluse :** 1.29.1~ynh1
**Version incluse :** 1.29.1~ynh2
**Démo :** https://vault.bitwarden.com/#/register
@ -26,34 +26,11 @@ Alternative implementation of the Bitwarden server API written in Rust and compa
![Capture décran de Vaultwarden](./doc/screenshots/screenshot1.png)
## Avertissements / informations importantes
### Install
This package compile Vaultwarden from sources, that can take a long time on a small computer :
* When installing on a Raspberry Pi 3, this can take more than 1 hour.
* When installing from the webadmin, you can encounter the "504 Gateway Timeout": this is fine, just let it finish in the background.
### Migrate from Bitwarden
This package handle the migration from Bitwarden to Vaultwarden.
For that, you will have to upgrade your Bitwarden application with this repository.
This can only be done from the command-line interface - e.g. through SSH.
Once you're connected, you simply have to execute the following:
```bash
sudo yunohost app upgrade bitwarden -u https://github.com/YunoHost-Apps/vaultwarden_ynh --debug
```
The `--debug` option will let you see the full output. If you encounter any issue, please paste it.
## Documentations et ressources
* Documentation officielle utilisateur : <https://help.bitwarden.com/>
* Documentation officielle de ladmin : <https://github.com/dani-garcia/vaultwarden/wiki>
* Dépôt de code officiel de lapp : <https://github.com/dani-garcia/vaultwarden>
* Documentation YunoHost pour cette app : <https://yunohost.org/app_vaultwarden>
* Signaler un bug : <https://github.com/YunoHost-Apps/vaultwarden_ynh/issues>
## Informations pour les développeurs

31
check_process
View file

@ -1,31 +0,0 @@
;; Test complet
; Manifest
domain="domain.tld"
path="/path"
is_public=1
admin="john"
; Checks
pkg_linter=1
setup_sub_dir=1
setup_root=1
setup_nourl=0
setup_private=1
setup_public=1
upgrade=1
# Bitwarden 1.20.0~ynh4
#upgrade=1 from_commit=d5e1fa7d327c55d8e5ae4c24e7c6aaac006256db
# 1.21.0~ynh1
upgrade=1 from_commit=3f7d7d2740a1cb3f16a290b64c89e84422d06ede
# 1.21.0~ynh2
upgrade=1 from_commit=703d5a9cb86d127c7723bb380d7c392a8eb9e703
# 1.23.0~ynh1
upgrade=1 from_commit=2808a3a8e985bb5431f6d8f2353b07201355afe4
# 1.23.0~ynh3
upgrade=1 from_commit=7492e0d21c795696f4ff44912edc199437d4bb71
backup_restore=1
multi_instance=1
port_already_use=0
change_url=1
;;; Options
Email=
Notification=none

15
conf/bitwarden_migration
View file

@ -1,15 +0,0 @@
# App main directory
/var/www/$app
# NGINX web server configuration
/etc/nginx/conf.d/$domain.d/$app.conf
# App logs
/var/log/$app/
# Service configuration
/etc/systemd/system/$app.service
# Fail2Ban configuration
/etc/fail2ban/jail.d/$app.conf
/etc/fail2ban/filter.d/$app.conf

38
conf/bitwarden_post_migration.sh
View file

@ -1,38 +0,0 @@
#!/bin/bash
# Ending the migration process from Bitwarden to Vaultwarden
set -u
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
#=================================================
# SET VARIABLES
#=================================================
old_app="__OLD_APP__"
new_app="__NEW_APP__"
script_name="$0"
#=================================================
# DELETE OLD APP'S SETTINGS
#=================================================
ynh_secure_remove --file="/etc/yunohost/apps/$old_app"
yunohost app ssowatconf
#=================================================
# REMOVE THE OLD USER
#=================================================
ynh_system_user_delete --username="$old_app"
#=================================================
# DELETE THIS SCRIPT
#=================================================
echo "rm $script_name" | at now + 1 minutes

5
conf/msg_install
View file

@ -1,5 +0,0 @@
vaultwarden was successfully installed :)
Please open https://__DOMAIN____PATH_URL__/admin
The admin token is: __ADMIN_TOKEN__
You will be able to invite users to your vaultwarden instance.
If you facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/vaultwarden_ynh

15
conf/nginx.conf
View file

@ -2,7 +2,7 @@
location __PATH__/ {
# Path to source
alias __FINALPATH__/;
alias __INSTALL_DIR__/;
# Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
client_max_body_size 100M;
@ -11,21 +11,18 @@ location __PATH__/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:__ROCKET_PORT__;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
proxy_pass http://127.0.0.1:__PORT_ROCKET__;
}
location __FINALPATH__/notifications/hub {
location __INSTALL_DIR__/notifications/hub {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://127.0.0.1:__WEBSOCKET_PORT__;
proxy_pass http://127.0.0.1:__PORT_WEBSOCKET__;
}
location __FINALPATH__/notifications/hub/negotiate {
proxy_pass http://127.0.0.1:__ROCKET_PORT__;
location __INSTALL_DIR__/notifications/hub/negotiate {
proxy_pass http://127.0.0.1:__PORT_ROCKET__;
}

10
conf/systemd.service
View file

@ -1,5 +1,5 @@
[Unit]
Description=vaultwarden Server (Rust Edition)
Description=Vaultwarden Server (Rust Edition)
Documentation=https://github.com/dani-garcia/vaultwarden
After=network.target
@ -7,10 +7,10 @@ After=network.target
# The user/group vaultwarden is run under. the working directory (see below) should allow write and read access to this user/group
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__/live/
ReadWriteDirectories=__FINALPATH__/live/ __DATADIR__/ /var/log/__APP__/
EnvironmentFile=__FINALPATH__/live/.env
ExecStart=__FINALPATH__/live/vaultwarden
WorkingDirectory=__INSTALL_DIR__/live/
ReadWriteDirectories=__INSTALL_DIR__/live/ __DATA_DIR__/ /var/log/__APP__/
EnvironmentFile=__INSTALL_DIR__/live/.env
ExecStart=__INSTALL_DIR__/live/vaultwarden
# Set reasonable connection and process limits
LimitNOFILE=1048576

12
conf/vaultwarden.env
View file

@ -10,7 +10,7 @@
## vaultwarden.
## Main data folder
DATA_FOLDER=__DATADIR__
DATA_FOLDER=__DATA_DIR__
## Database URL
## When using SQLite, this is the path to the DB file, default to %DATA_FOLDER%/db.sqlite3
@ -69,7 +69,7 @@ WEBSOCKET_ENABLED=true
## Controls the WebSocket server address and port
WEBSOCKET_ADDRESS=127.0.0.1
WEBSOCKET_PORT=__WEBSOCKET_PORT__
WEBSOCKET_PORT=__PORT_WEBSOCKET__
## Controls whether users are allowed to create Bitwarden Sends.
## This setting applies globally to all users.
@ -283,7 +283,7 @@ ADMIN_TOKEN=__ADMIN_TOKEN__
## It's recommended to configure this value, otherwise certain functionality might not work,
## like attachment downloads, email links and U2F.
## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
DOMAIN=https://__DOMAIN____PATH_URL__
DOMAIN=https://__DOMAIN____PATH__
## Allowed iframe ancestors (Know the risks!)
## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
@ -337,7 +337,7 @@ DOMAIN=https://__DOMAIN____PATH_URL__
## Rocket specific settings
## See https://rocket.rs/v0.4/guide/configuration/ for more details.
ROCKET_ADDRESS=127.0.0.1
ROCKET_PORT=__ROCKET_PORT__
ROCKET_PORT=__PORT_ROCKET__
ROCKET_WORKERS=1
# ROCKET_TLS={certs="/path/to/certs.pem",key="/path/to/key.pem"}
@ -349,8 +349,8 @@ SMTP_FROM=vaultwarden-rs@__DOMAIN__
SMTP_FROM_NAME=Vaultwarden
SMTP_SECURITY=off
SMTP_PORT=25
# SMTP_USERNAME=username
# SMTP_PASSWORD=password
SMTP_USERNAME=__APP__
SMTP_PASSWORD=__MAIL_PWD__
# SMTP_TIMEOUT=15
## Defaults for SSL is "Plain" and "Login" and nothing for Non-SSL connections.

1
doc/DESCRIPTION_fr.md Normal file
View file

@ -0,0 +1 @@
Implémentation alternative de l'API du serveur Bitwarden écrite en Rust et compatible avec les clients Bitwarden en amont*, parfaite pour un déploiement auto-hébergé où l'exécution du service officiel gourmand en ressources n'est peut-être pas idéale.

19
doc/DISCLAIMER.md
View file

@ -1,19 +0,0 @@
### Install
This package compile Vaultwarden from sources, that can take a long time on a small computer :
* When installing on a Raspberry Pi 3, this can take more than 1 hour.
* When installing from the webadmin, you can encounter the "504 Gateway Timeout": this is fine, just let it finish in the background.
### Migrate from Bitwarden
This package handle the migration from Bitwarden to Vaultwarden.
For that, you will have to upgrade your Bitwarden application with this repository.
This can only be done from the command-line interface - e.g. through SSH.
Once you're connected, you simply have to execute the following:
```bash
sudo yunohost app upgrade bitwarden -u https://github.com/YunoHost-Apps/vaultwarden_ynh --debug
```
The `--debug` option will let you see the full output. If you encounter any issue, please paste it.

3
doc/POST_INSTALL.md Normal file
View file

@ -0,0 +1,3 @@
Please open https://__DOMAIN____PATH__/admin
The admin token is: __ADMIN_TOKEN__
You will be able to invite users to your vaultwarden instance.

3
doc/POST_INSTALL_fr.md Normal file
View file

@ -0,0 +1,3 @@
Veuillez ouvrir https://__DOMAIN____PATH__/admin
Le jeton d'administration est : __ADMIN_TOKEN__
Vous pourrez inviter des utilisateurs dans votre instance de Vaultwarden.

4
doc/PRE_INSTALL.md Normal file
View file

@ -0,0 +1,4 @@
This package compiles Vaultwarden from sources, that can take a long time on a small computer :
* When installing on a Raspberry Pi 3, this can take more than 1 hour.
* When installing from the webadmin, you can encounter the "504 Gateway Timeout": this is fine, just let it finish in the background.

4
doc/PRE_INSTALL_fr.md Normal file
View file

@ -0,0 +1,4 @@
Ce package compile Vaultwarden à partir des sources, ce qui peut prendre beaucoup de temps sur un petit ordinateur :
* Lors de l'installation sur un Raspberry Pi 3, cela peut prendre plus d'une heure.
* Lors de l'installation depuis l'administrateur Web, vous pouvez rencontrer le "504 Gateway Timeout" : c'est très bien, laissez-le simplement se terminer en arrière-plan.

52
manifest.json
View file

@ -1,52 +0,0 @@
{
"name": "Vaultwarden",
"id": "vaultwarden",
"packaging_format": 1,
"description": {
"en": "Manage passwords and other sensitive informations",
"fr": "Gérez les mots de passe et autres informations sensibles"
},
"version": "1.29.1~ynh1",
"url": "https://github.com/dani-garcia/vaultwarden",
"upstream": {
"license": "GPL-3.0-or-later",
"demo": "https://vault.bitwarden.com/#/register",
"admindoc": "https://github.com/dani-garcia/vaultwarden/wiki",
"userdoc": "https://help.bitwarden.com/",
"code": "https://github.com/dani-garcia/vaultwarden"
},
"license": "GPL-3.0-or-later",
"maintainer": {
"name": "yalh76"
},
"requirements": {
"yunohost": ">= 11.1.21"
},
"multi_instance": true,
"services": [
"nginx"
],
"arguments": {
"install": [
{
"name": "domain",
"type": "domain"
},
{
"name": "path",
"type": "path",
"example": "/vaultwarden",
"default": "/vaultwarden"
},
{
"name": "is_public",
"type": "boolean",
"default": true
},
{
"name": "admin",
"type": "user"
}
]
}
}

70
manifest.toml Normal file
View file

@ -0,0 +1,70 @@
packaging_format = 2
id = "vaultwarden"
name = "Vaultwarden"
description.en = "Manage passwords and other sensitive informations"
description.fr = "Gérez les mots de passe et autres informations sensibles"
version = "1.29.1~ynh2"
maintainers = ["yalh76"]
[upstream]
license = "GPL-3.0-or-later"
demo = "https://vault.bitwarden.com/#/register"
admindoc = "https://github.com/dani-garcia/vaultwarden/wiki"
userdoc = "https://help.bitwarden.com/"
code = "https://github.com/dani-garcia/vaultwarden"
[integration]
yunohost = ">= 11.2"
architectures = "all"
multi_instance = true
ldap = false
sso = false
disk = "50M"
ram.build = "50M"
ram.runtime = "50M"
[install]
[install.domain]
type = "domain"
[install.path]
type = "path"
default = "/vaultwarden"
[install.init_main_permission]
type = "group"
default = "visitors"
[install.admin]
type = "user"
[resources]
[resources.system_user]
allow_email = true
[resources.install_dir]
[resources.data_dir]
[resources.ports]
websocket.default = 3012
rocket.default = 8095
[resources.permissions]
main.url = "/"
api.url = "/api"
api.additional_urls = ["/identity"]
api.allowed = "visitors"
api.auth_header = false
api.show_tile = false
api.protected = true
admin.url = "/admin"
admin.allowed = "admins"
admin.show_tile = false
[resources.apt]
packages = "libpq5, rsync"

3
scripts/_common.sh
View file

@ -4,9 +4,6 @@
# COMMON VARIABLES
#=================================================
# dependencies used by the app
pkg_dependencies="libpq5 rsync"
pkg_image="vaultwarden/server"
#=================================================

25
scripts/backup
View file

@ -10,27 +10,6 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
@ -40,13 +19,13 @@ ynh_print_info --message="Declaring files to be backed up..."
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup --src_path="$final_path"
ynh_backup --src_path="$install_dir"
#=================================================
# BACKUP THE DATA DIR
#=================================================
ynh_backup --src_path="$datadir" --is_big
ynh_backup --src_path="$data_dir" --is_big
#=================================================
# BACKUP THE NGINX CONFIGURATION

104
scripts/change_url
View file

@ -9,66 +9,6 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
old_domain=$YNH_APP_OLD_DOMAIN
old_path=$YNH_APP_OLD_PATH
new_domain=$YNH_APP_NEW_DOMAIN
new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
# Add settings here as needed by your application
#db_name=$(ynh_app_setting_get --app=$app --key=db_name)
#db_user=$db_name
#db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
rocket_port=$(ynh_app_setting_get --app=$app --key=rocket_port)
websocket_port=$(ynh_app_setting_get --app=$app --key=websocket_port)
#=================================================
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK WHICH PARTS SHOULD BE CHANGED
#=================================================
change_domain=0
if [ "$old_domain" != "$new_domain" ]
then
change_domain=1
fi
change_path=0
if [ "$old_path" != "$new_path" ]
then
change_path=1
fi
#=================================================
# STANDARD MODIFICATIONS
#=================================================
@ -76,36 +16,14 @@ fi
#=================================================
ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --line_match="Stopped vaultwarden Server"
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"
#=================================================
# MODIFY URL IN NGINX CONF
#=================================================
ynh_script_progression --message="Updating NGINX web server configuration..."
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# Change the path in the NGINX config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original NGINX config file if modified
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
# Set global variables for NGINX helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated NGINX config
ynh_add_nginx_config
fi
# Change the domain for NGINX
if [ $change_domain -eq 1 ]
then
# Delete file checksum for the old conf file location
ynh_delete_file_checksum --file="$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
ynh_change_url_nginx_config
#=================================================
# SPECIFIC MODIFICATIONS
@ -114,14 +32,17 @@ fi
#=================================================
ynh_script_progression --message="Modifying a config file..."
config="$final_path/live/.env"
ynh_add_config --template="vaultwarden.env" --destination="$install_dir/live/.env"
ynh_backup_if_checksum_is_different --file="$config"
chmod 400 "$install_dir/live/.env"
chown $app:$app "$install_dir/live/.env"
ynh_replace_string --match_string="DOMAIN=https://$old_domain$old_path" --replace_string="DOMAIN=https://$new_domain$new_path" --target_file="$config"
#ynh_backup_if_checksum_is_different --file="$install_dir/live/.env"
#ynh_replace_string --match_string="DOMAIN=https://$old_domain$old_path" --replace_string="DOMAIN=https://$new_domain$new_path" --target_file="$install_dir/live/.env"
# Recalculate and store the checksum of the file for the next upgrade.
ynh_store_file_checksum --file="$config"
#ynh_store_file_checksum --file="$install_dir/live/.env"
#=================================================
# GENERIC FINALISATION
@ -133,13 +54,6 @@ ynh_script_progression --message="Starting a systemd service..."
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" --length=100
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================

188
scripts/install
View file

@ -8,176 +8,87 @@
source _common.sh
source ynh_docker_image_extract
source ynh_send_readme_to_admin__2
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
admin=$YNH_APP_ARG_ADMIN
app=$YNH_APP_INSTANCE_NAME
admin_mail=$(ynh_user_get_info --username=$admin --key=mail)
admin_token=$(ynh_string_random --length=48 | base64)
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..."
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=admin_token --value=$admin_token
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding an available port..."
# Find an available port
websocket_port=$(ynh_find_port --port=3012)
ynh_app_setting_set --app=$app --key=websocket_port --value="$websocket_port"
# Find an available port
rocket_port=$(ynh_find_port --port=8095)
ynh_app_setting_set --app=$app --key=rocket_port --value="$rocket_port"
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..."
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..."
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
docker_arg=""
if [ $YNH_ARCH == "armhf" ]
then
docker_arg="--os_arch_variant=linux/arm/v7"
fi
ynh_docker_image_extract --dest_dir="$final_path/build/" --image_spec="$pkg_image:$(ynh_app_upstream_version)" $docker_arg
mkdir -p "$final_path/live/"
ynh_docker_image_extract --dest_dir="$install_dir/build/" --image_spec="$pkg_image:$(ynh_app_upstream_version)" $docker_arg
mkdir -p "$install_dir/live/"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app:$app "$install_dir"
#=================================================
# NGINX CONFIGURATION
# SYSTEM CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..."
ynh_script_progression --message="Adding system configurations related to $app..." --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
#=================================================
# CREATE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Creating a data directory..."
# Create a dedicated systemd config
ynh_add_systemd_config
datadir=/home/yunohost.app/$app
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
# Use logrotate to manage application logfile(s)
mkdir -p "/var/log/$app"
chown -R $app:$app "/var/log/$app"
mkdir -p $datadir
ynh_use_logrotate
chmod 750 "$datadir"
chmod -R o-rwx "$datadir"
chown -R $app:$app "$datadir"
# Create a dedicated Fail2Ban config
mkdir -p "/var/log/$app"
touch "/var/log/$app/$app.log"
chown -R $app:$app "/var/log/$app"
ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$"
yunohost service add $app --description="$app daemon for vaultwarden" --log="/var/log/$app/$app.log"
#=================================================
# MAKE INSTALL
#=================================================
ynh_script_progression --message="Making install..."
mv -f "$final_path/build/vaultwarden" "$final_path/live/vaultwarden"
rsync -a "$final_path/build/web-vault/" "$final_path/live/web-vault/"
ynh_secure_remove --file="$final_path/build"
mv -f "$install_dir/build/vaultwarden" "$install_dir/live/vaultwarden"
rsync -a "$install_dir/build/web-vault/" "$install_dir/live/web-vault/"
ynh_secure_remove --file="$install_dir/build"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
chmod -R o-rwx "$install_dir"
chown -R $app:$app "$install_dir"
#=================================================
# ADD A CONFIGURATION
#=================================================
ynh_script_progression --message="Adding a configuration file..."
ynh_add_config --template="../conf/vaultwarden.env" --destination="$final_path/live/.env"
ynh_add_config --template="vaultwarden.env" --destination="$install_dir/live/.env"
chmod 400 "$final_path/live/.env"
chown $app:$app "$final_path/live/.env"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Configuring a systemd service..."
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..."
# Use logrotate to manage application logfile(s)
mkdir -p "/var/log/$app"
chown -R $app:$app "/var/log/$app"
ynh_use_logrotate
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --description="$app daemon for vaultwarden" --log="/var/log/$app/$app.log"
chmod 400 "$install_dir/live/.env"
chown $app:$app "$install_dir/live/.env"
#=================================================
# START SYSTEMD SERVICE
@ -187,47 +98,6 @@ ynh_script_progression --message="Starting a systemd service..."
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" --length=100
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring Fail2Ban..."
# Create a dedicated Fail2Ban config
mkdir -p "/var/log/$app"
touch "/var/log/$app/$app.log"
chown -R $app:$app "/var/log/$app"
ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..."
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors"
fi
ynh_permission_create --permission="api" --url="/api" --additional_urls="/identity" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --show_tile="false"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# SEND A README FOR THE ADMIN
#=================================================
ynh_script_progression --message="Sending a readme for the admin..."
ynh_send_readme_to_admin --app_message="../conf/msg_install" --recipients="$admin_mail" --type='install'
#=================================================
# END OF SCRIPT
#=================================================

76
scripts/remove
View file

@ -10,21 +10,11 @@ source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
# REMOVE SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
# REMOVE SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
@ -33,76 +23,20 @@ then
yunohost service remove $app
fi
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
ynh_script_progression --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config
ynh_remove_systemd_config
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..."
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE DATA DIR
#=================================================
# Remove the data directory if --purge option is used
if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
then
ynh_script_progression --message="Removing app data directory..."
ynh_secure_remove --file="$datadir"
fi
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..."
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..."
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Removing Fail2Ban configuration..."
# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config
#=================================================
# SPECIFIC REMOVE
#=================================================
# REMOVE VARIOUS FILES
#=================================================
ynh_script_progression --message="Removing various files..."
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..."
# Delete a system user
ynh_system_user_delete --username=$app
# Remove the config file
ynh_secure_remove --file="/$data_dir/config.json"
#=================================================
# END OF SCRIPT

116
scripts/restore
View file

@ -10,74 +10,40 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..."
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir=$final_path
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..."
ynh_restore_file --origin_path="$final_path"
ynh_restore_file --origin_path="$install_dir"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
chmod -R o-rwx "$install_dir"
chown -R $app:$app "$install_dir"
#=================================================
# RESTORE THE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Restoring the data directory..."
ynh_restore_file --origin_path="$datadir" --not_mandatory
ynh_restore_file --origin_path="$data_dir" --not_mandatory
mkdir -p $datadir
chmod 750 "$datadir"
chmod -R o-rwx "$datadir"
chown -R $app:$app "$datadir"
chown -R $app:$app "$data_dir"
#=================================================
# RESTORE FAIL2BAN CONFIGURATION
# RESTORE SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Restoring the Fail2Ban configuration..."
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet
mkdir -p "/var/log/$app"
chown -R $app:$app "/var/log/$app"
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
# Create a dedicated Fail2Ban config
mkdir -p "/var/log/$app"
@ -88,45 +54,6 @@ ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
ynh_systemd_action --action=restart --service_name=fail2ban
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..."
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the NGINX web server configuration..."
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE SYSTEMD
#=================================================
ynh_script_progression --message="Restoring the systemd configuration..."
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..."
mkdir -p "/var/log/$app"
chown -R $app:$app "/var/log/$app"
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --description="$app daemon for vaultwarden" --log="/var/log/$app/$app.log"
#=================================================
@ -136,13 +63,6 @@ ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" --length=100
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================

215
scripts/upgrade
View file

@ -8,48 +8,14 @@
source _common.sh
source ynh_docker_image_extract
source ynh_handle_app_migration
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
admin_token=$(ynh_app_setting_get --app=$app --key=admin_token)
rocket_port=$(ynh_app_setting_get --app=$app --key=rocket_port)
websocket_port=$(ynh_app_setting_get --app=$app --key=websocket_port)
#=================================================
# CHECK VERSION
#=================================================
ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
@ -59,83 +25,6 @@ ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --line_match="Stopped"
#=================================================
# HANDLE MIGRATION FROM BITWARDEN
#=================================================
ynh_handle_app_migration --migration_id="bitwarden" --migration_list="bitwarden_migration"
if [ $migration_process -eq 1 ]
then
# If a migration has been perform
# Reload some values changed by the migration process
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
# Move config file
mv $final_path/live/bitwarden_rs.env $final_path/live/.env
ynh_delete_file_checksum --file="/var/www/$old_app/live/bitwarden_rs.env"
ynh_store_file_checksum --file="$final_path/live/.env"
ynh_secure_remove --file="$final_path/live/bitwarden_rs"
# Manage permissions
ynh_permission_update --permission="main" --add="all_users"
ynh_permission_update --permission="main" --add="visitors"
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $old_app >/dev/null
then
ynh_script_progression --message="Removing $old_app service integration..."
yunohost service remove $old_app
fi
fi
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..."
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi
if ! ynh_permission_exists --permission="admin"; then
# Create the required permissions
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin --show_tile="false"
fi
# Create a permission if needed
if ! ynh_permission_exists --permission="api"; then
ynh_permission_create --permission="api" --url="/api" --additional_urls="/identity" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
else
ynh_permission_url --permission="api" --remove_url="/identity/connect/token" --add_url="/identity"
fi
# If datadir doesn't exist, create it
if [ -z $datadir ]; then
ynh_script_progression --message="Making sure data directory exists..."
datadir=/home/yunohost.app/$app
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
mkdir -p $datadir
rsync -arz "$final_path/live/data/" "$datadir/" --delete-after --remove-source-files
ynh_secure_remove --file="$final_path/live/data"
ynh_system_user_create --username=$app --home_dir="$final_path"
chmod 750 "$datadir"
chmod -R o-rwx "$datadir"
chown -R $app:$app "$datadir"
fi
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -150,28 +39,12 @@ then
then
docker_arg="--os_arch_variant=linux/arm/v7"
fi
ynh_docker_image_extract --dest_dir="$final_path/build/" --image_spec="$pkg_image:$(ynh_app_upstream_version)" $docker_arg
mkdir -p "$final_path/live/"
ynh_docker_image_extract --dest_dir="$install_dir/build/" --image_spec="$pkg_image:$(ynh_app_upstream_version)" $docker_arg
mkdir -p "$install_dir/live/"
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..."
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated NGINX config
ynh_add_nginx_config
chmod -R o-rwx "$install_dir"
chown -R $app:$app "$install_dir"
#=================================================
# SPECIFIC UPGRADE
@ -182,50 +55,48 @@ ynh_script_progression --message="Making upgrade..."
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
mv -f "$final_path/build/vaultwarden" "$final_path/live/vaultwarden"
ynh_secure_remove --file="$final_path/live/web-vault/"
rsync -a "$final_path/build/web-vault/" "$final_path/live/web-vault/"
ynh_secure_remove --file="$final_path/build"
mv -f "$install_dir/build/vaultwarden" "$install_dir/live/vaultwarden"
ynh_secure_remove --file="$install_dir/live/web-vault/"
rsync -a "$install_dir/build/web-vault/" "$install_dir/live/web-vault/"
ynh_secure_remove --file="$install_dir/build"
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app:$app "$install_dir"
#=================================================
# UPDATE A CONFIG FILE
#=================================================
ynh_script_progression --message="Updating a configuration file..."
ynh_add_config --template="../conf/vaultwarden.env" --destination="$final_path/live/.env"
ynh_add_config --template="vaultwarden.env" --destination="$install_dir/live/.env"
chmod 400 "$final_path/live/.env"
chown $app:$app "$final_path/live/.env"
chmod 400 "$install_dir/live/.env"
chown $app:$app "$install_dir/live/.env"
#=================================================
# SETUP SYSTEMD
# REAPPLY SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Upgrading systemd configuration..."
ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..."
mkdir -p "/var/log/$app"
chown -R $app:$app "/var/log/$app"
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
mkdir -p "/var/log/$app"
touch "/var/log/$app/$app.log"
chown -R $app:$app "/var/log/$app"
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$"
yunohost service add $app --description="$app daemon for vaultwarden" --log="/var/log/$app/$app.log"
@ -236,42 +107,6 @@ ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" --length=100
#=================================================
# UPGRADE FAIL2BAN
#=================================================
ynh_script_progression --message="Reconfiguring Fail2Ban..."
mkdir -p "/var/log/$app"
touch "/var/log/$app/$app.log"
chown -R $app:$app "/var/log/$app"
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# FINISH MIGRATION PROCESS
#=================================================
if [ $migration_process -eq 1 ]
then
ynh_script_progression --message="Bitwarden has been successfully migrated to Vaultwarden! \
A last scheduled operation will run in a couple of minutes to finish the \
migration in YunoHost side. Do not proceed any application operation while \
you don't see Vaultwarden as installed."
script_post_migration=bitwarden_post_migration.sh
cp ../conf/$script_post_migration /tmp
ynh_replace_string --match_string="__OLD_APP__" --replace_string="$old_app" --target_file=/tmp/$script_post_migration
ynh_replace_string --match_string="__NEW_APP__" --replace_string="$app" --target_file=/tmp/$script_post_migration
chmod +x /tmp/$script_post_migration
(cd /tmp; echo "/tmp/$script_post_migration > /tmp/$script_post_migration.log 2>&1" | at now + 2 minutes)
fi
#=================================================
# END OF SCRIPT
#=================================================

2
scripts/ynh_docker_image_extract
View file

@ -42,7 +42,7 @@ ynh_docker_image_extract() {
# Extract source into the app dir
mkdir --parents "$dest_dir"
if [ -n "${final_path:-}" ] && [ "$dest_dir" == "$final_path" ]; then
if [ -n "${install_dir:-}" ] && [ "$dest_dir" == "$install_dir" ]; then
_ynh_apply_default_permissions $dest_dir
fi

265
scripts/ynh_handle_app_migration
View file

@ -1,265 +0,0 @@
#!/bin/bash
# Need also the helper https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/ynh_handle_getopts_args/ynh_handle_getopts_args
# Make the main steps to migrate an app to its fork.
#
# This helper has to be used for an app which needs to migrate to a new name or a new fork
# (like owncloud to nextcloud or zerobin to privatebin).
#
# This helper will move the files of an app to its new name
# or recreate the things it can't move.
#
# To specify which files it has to move, you have to create a "migration file", stored in ../conf
# This file is a simple list of each file it has to move,
# except that file names must reference the $app variable instead of the real name of the app,
# and every instance-specific variables (like $domain).
# $app is especially important because it's this variable which will be used to identify the old place and the new one for each file.
#
# If a database exists for this app, it will be dumped and then imported in a newly created database, with a new name and new user.
# Don't forget you have to then apply these changes to application-specific settings (depends on the packaged application)
#
# Same things for an existing user, a new one will be created.
# But the old one can't be removed unless it's not used. See below.
#
# If you have some dependencies for your app, it's possible to change the fake debian package which manages them.
# You have to fill the $pkg_dependencies variable, and then a new fake package will be created and installed,
# and the old one will be removed.
# If you don't have a $pkg_dependencies variable, the helper can't know what the app dependencies are.
#
# The app settings.yml will be modified as follows:
# - finalpath will be changed according to the new name (but only if the existing $final_path contains the old app name)
# - The checksums of php-fpm and nginx config files will be updated too.
# - If there is a $db_name value, it will be changed.
# - And, of course, the ID will be changed to the new name too.
#
# Finally, the $app variable will take the value of the new name.
# The helper will set the $migration_process variable to 1 if a migration has been successfully handled.
#
# You have to handle by yourself all the migrations not done by this helper, like configuration or special values in settings.yml
# Also, at the end of the upgrade script, you have to add a post_migration script to handle all the things the helper can't do during YunoHost upgrade (mostly for permission reasons),
# especially remove the old user, move some hooks and remove the old configuration directory
# To launch this script, you have to move it elsewhere and start it after the upgrade script.
# `cp ../conf/$script_post_migration /tmp`
# `(cd /tmp; echo "/tmp/$script_post_migration" | at now + 2 minutes)`
#
# usage: ynh_handle_app_migration migration_id migration_list
# | arg: -i, --migration_id= - ID from which to migrate
# | arg: -l, --migration_list= - File specifying every file to move (one file per line)
ynh_handle_app_migration () {
# Need for end of install
ynh_package_install at
#=================================================
# LOAD SETTINGS
#=================================================
old_app=$YNH_APP_INSTANCE_NAME
local old_app_id=$YNH_APP_ID
local old_app_number=$YNH_APP_INSTANCE_NUMBER
# Declare an array to define the options of this helper.
declare -Ar args_array=( [i]=migration_id= [l]=migration_list= )
# Get the id from which to migrate
local migration_id
# And the file with the paths to move
local migration_list
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
# Get the new app id in the manifest
local new_app_id=$(grep \"id\": ../manifest.json | cut -d\" -f4)
if [ $old_app_number -eq 1 ]; then
local new_app=$new_app_id
else
local new_app=${new_app_id}__${old_app_number}
fi
#=================================================
# CHECK IF IT HAS TO MIGRATE
#=================================================
migration_process=0
if [ "$old_app_id" == "$new_app_id" ]
then
# If the 2 id are the same
# No migration to do.
echo 0
return 0
else
if [ "$old_app_id" != "$migration_id" ]
then
# If the new app is not the authorized id, fail.
ynh_die --message="Incompatible application for migration from $old_app_id to $new_app_id"
fi
ynh_print_info --message="Migrate from $old_app_id to $new_app_id" >&2
#=================================================
# CHECK IF THE MIGRATION CAN BE DONE
#=================================================
# TODO Handle multi instance apps...
# Check that there is not already an app installed for this id.
(yunohost app list | grep -q -w "id: $new_app") \
&& ynh_die --message="$new_app is already installed"
#=================================================
# CHECK THE LIST OF FILES TO MOVE
#=================================================
local temp_migration_list="$(tempfile)"
# Build the list by removing blank lines and comment lines
sed '/^#.*\|^$/d' "../conf/$migration_list" > "$temp_migration_list"
# Check if there is no file in the destination
local file_to_move=""
while read file_to_move
do
# Replace all occurences of $app by $new_app in each file to move.
local move_to_destination="${file_to_move//\$app/$new_app}"
test -e "$move_to_destination" && ynh_die --message="A file named $move_to_destination already exists."
done < "$temp_migration_list"
#=================================================
# COPY YUNOHOST SETTINGS FOR THIS APP
#=================================================
local settings_dir="/etc/yunohost/apps"
cp -a "$settings_dir/$old_app" "$settings_dir/$new_app"
cp -a ../{scripts,conf,manifest.json} "$settings_dir/$new_app"
# Replace the old id by the new one
ynh_replace_string --match_string="\(^id: .*\)$old_app" --replace_string="\1$new_app" --target_file="$settings_dir/$new_app/settings.yml"
# INFO: There a special behavior with yunohost app setting:
# if the id given in argument does not match with the id
# stored in the config file, the config file will be purged.
# That's why we use sed instead of app setting here.
# https://github.com/YunoHost/yunohost/blob/c6b5284be8da39cf2da4e1036a730eb5e0515096/src/yunohost/app.py#L1316-L1321
# Change the label if it's simply the name of the app
old_label=$(ynh_app_setting_get --app=$new_app --key=label)
if [ "${old_label,,}" == "$old_app_id" ]
then
# Build the new label from the id of the app. With the first character as upper case
new_label=$(echo $new_app_id | cut -c1 | tr [:lower:] [:upper:])$(echo $new_app_id | cut -c2-)
ynh_app_setting_set --app=$new_app --key=label --value=$new_label
fi
permissions_name=$(yunohost user permission list $old_app --short --output-as plain)
for permission_name in $permissions_name
do
yunohost tools shell -c "from yunohost.permission import permission_delete; permission_delete('$permission_name', force=True, sync_perm=False)"
done
yunohost tools shell -c "from yunohost.permission import permission_create; permission_create('$new_app.main', url='/' , show_tile=True , sync_perm=True)"
#=================================================
# MOVE FILES TO THE NEW DESTINATION
#=================================================
while read file_to_move
do
# Replace all occurence of $app by $new_app in each file to move.
move_to_destination="$(eval echo "${file_to_move//\$app/$new_app}")"
local real_file_to_move="$(eval echo "${file_to_move//\$app/$old_app}")"
ynh_print_info --message="Move file $real_file_to_move to $move_to_destination" >&2
mv "$real_file_to_move" "$move_to_destination"
done < "$temp_migration_list"
#=================================================
# UPDATE SETTINGS KNOWN ENTRIES
#=================================================
# Replace nginx checksum
ynh_replace_string --match_string="\(^checksum__etc_nginx.*\)_$old_app" --replace_string="\1_$new_app" --target_file="$settings_dir/$new_app/settings.yml"
# Replace php-fpm checksums
ynh_replace_string --match_string="\(^checksum__etc_php.*[-_]\)$old_app" --replace_string="\1$new_app" --target_file="$settings_dir/$new_app/settings.yml"
# Replace final_path
ynh_replace_string --match_string="\(^final_path: .*\)$old_app" --replace_string="\1$new_app" --target_file="$settings_dir/$new_app/settings.yml"
# Replace fail2ban_filter
ynh_replace_string --match_string="\(^checksum__etc_fail2ban_filter.*\)_$old_app" --replace_string="\1_$new_app" --target_file="$settings_dir/$new_app/settings.yml"
# Replace fail2ban_jail
ynh_replace_string --match_string="\(^checksum__etc_fail2ban_jail.*\)_$old_app" --replace_string="\1_$new_app" --target_file="$settings_dir/$new_app/settings.yml"
# Replace systemd
ynh_replace_string --match_string="\(^checksum__etc_systemd_system.*\)_$old_app" --replace_string="\1_$new_app" --target_file="$settings_dir/$new_app/settings.yml"
#=================================================
# MOVE THE MYSQL DATABASE
#=================================================
old_db_name=$(ynh_app_setting_get --app=$old_app --key=db_name)
# Check if a database exists before trying to move it
if [ -n "$old_db_name" ] && mysqlshow | grep -q "^| $old_db_name"
then
old_db_user=$old_db_name
db_pwd=$(ynh_app_setting_get --app=$old_app --key=mysqlpwd)
new_db_name=$(ynh_sanitize_dbid --db_name=$new_app)
new_db_user=$new_db_name
ynh_print_info --message="Rename the database $db_name to $new_db_name" >&2
local sql_dump="/tmp/${db_name}-$(date '+%s').sql"
# Dump the old database
ynh_mysql_dump_db --database="$old_db_name" > "$sql_dump"
# Create a new database
ynh_mysql_setup_db --db_user=$new_db_user --db_name=$new_db_name --db_pwd=$db_pwd
# Then restore the old one into the new one
ynh_mysql_connect_as --user=$new_db_user --password=$db_pwd --database=$new_db_name < "$sql_dump"
# Remove the old database
ynh_mysql_remove_db --db_user=$old_db_user --db_name=$old_db_name
# And the dump
ynh_secure_remove --file="$sql_dump"
# Update the value of $db_name
db_name=$new_db_name
db_user=$new_db_user
ynh_app_setting_set --app=$new_app --key=db_name --value=$db_name
fi
#=================================================
# CHANGE THE FAKE DEPENDENCIES PACKAGE
#=================================================
# Check if a variable $pkg_dependencies exists
# If this variable doesn't exist, this part shall be managed in the upgrade script.
if [ -n "${pkg_dependencies:-}" ]
then
# Define the name of the package
local old_package_name="${old_app//_/-}-ynh-deps"
local new_package_name="${new_app//_/-}-ynh-deps"
if ynh_package_is_installed --package="$old_package_name"
then
# Install a new fake package
app=$new_app
ynh_install_app_dependencies $pkg_dependencies
# Then remove the old one
app=$old_app
ynh_remove_app_dependencies
fi
fi
#=================================================
# UPDATE THE ID OF THE APP
#=================================================
app=$new_app
# Set migration_process to 1 to inform that an upgrade has been made
migration_process=1
fi
}

129
scripts/ynh_send_readme_to_admin__2
View file

@ -1,129 +0,0 @@
#!/bin/bash
# Send an email to inform the administrator
#
# usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type]
# | arg: -m --app_message= - The file with the content to send to the administrator.
# | arg: -r, --recipients= - The recipients of this email. Use spaces to separate multiples recipients. - default: root
# example: "root admin@domain"
# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you
# example: "root admin@domain user1 user2"
# | arg: -t, --type= - Type of mail, could be 'backup', 'change_url', 'install', 'remove', 'restore', 'upgrade'
#
# Requires YunoHost version 4.1.0 or higher.
ynh_send_readme_to_admin() {
# Declare an array to define the options of this helper.
declare -Ar args_array=( [m]=app_message= [r]=recipients= [t]=type= )
local app_message
local recipients
local type
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
app_message="${app_message:-}"
recipients="${recipients:-root}"
type="${type:-install}"
# Get the value of admin_mail_html
admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
admin_mail_html="${admin_mail_html:-0}"
# Retrieve the email of users
find_mails () {
local list_mails="$1"
local mail
local recipients=" "
# Read each mail in argument
for mail in $list_mails
do
# Keep root or a real email address as it is
if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@"
then
recipients="$recipients $mail"
else
# But replace an user name without a domain after by its email
if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null)
then
recipients="$recipients $mail"
fi
fi
done
echo "$recipients"
}
recipients=$(find_mails "$recipients")
# Subject base
local mail_subject="☁️🆈🅽🅷☁️: \`$app\`"
# Adapt the subject according to the type of mail required.
if [ "$type" = "backup" ]; then
mail_subject="$mail_subject has just been backup."
elif [ "$type" = "change_url" ]; then
mail_subject="$mail_subject has just been moved to a new URL!"
elif [ "$type" = "remove" ]; then
mail_subject="$mail_subject has just been removed!"
elif [ "$type" = "restore" ]; then
mail_subject="$mail_subject has just been restored!"
elif [ "$type" = "upgrade" ]; then
mail_subject="$mail_subject has just been upgraded!"
else # install
mail_subject="$mail_subject has just been installed!"
fi
ynh_add_config --template="$app_message" --destination="../conf/msg__to_send"
ynh_delete_file_checksum --file="../conf/msg__to_send"
local mail_message="This is an automated message from your beloved YunoHost server.
Specific information for the application $app.
$(cat "../conf/msg__to_send")"
# Store the message into a file for further modifications.
echo "$mail_message" > mail_to_send
# If a html email is required. Apply html tags to the message.
if [ "$admin_mail_html" -eq 1 ]
then
# Insert 'br' tags at each ending of lines.
ynh_replace_string "$" "<br>" mail_to_send
# Insert starting HTML tags
sed --in-place '1s@^@<!DOCTYPE html>\n<html>\n<head></head>\n<body>\n@' mail_to_send
# Keep tabulations
ynh_replace_string " " "\&#160;\&#160;" mail_to_send
ynh_replace_string "\t" "\&#160;\&#160;" mail_to_send
# Insert url links tags
ynh_replace_string "__URL_TAG1__\(.*\)__URL_TAG2__\(.*\)__URL_TAG3__" "<a href=\"\2\">\1</a>" mail_to_send
# Insert finishing HTML tags
echo -e "\n</body>\n</html>" >> mail_to_send
# Otherwise, remove tags to keep a plain text.
else
# Remove URL tags
ynh_replace_string "__URL_TAG[1,3]__" "" mail_to_send
ynh_replace_string "__URL_TAG2__" ": " mail_to_send
fi
# Define binary to use for mail command
if [ -e /usr/bin/bsd-mailx ]
then
local mail_bin=/usr/bin/bsd-mailx
else
local mail_bin=/usr/bin/mail.mailutils
fi
if [ "$admin_mail_html" -eq 1 ]
then
content_type="text/html"
else
content_type="text/plain"
fi
# Send the email to the recipients
cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients"
}

9
tests.toml Normal file
View file

@ -0,0 +1,9 @@
test_format = 1.0
[default]
# -------------------------------
# Commits to test upgrade from
# -------------------------------
test_upgrade_from.8899759a3264b9200920cf5f546fc519297b78ac.name = "Upgrade from 1.28.1~ynh1"