#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source ynh_send_readme_to_admin__2 source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= ynh_clean_setup () { ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN path_url="/" admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME admin_mail=$(ynh_user_get_info $admin 'mail') admin_token=$(ynh_string_random --length=48 | base64) #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." --weight=1 final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=admin_token --value=$admin_token #================================================= # STANDARD MODIFICATIONS #================================================= # FIND AND OPEN A PORT #================================================= ynh_script_progression --message="Configuring firewall..." --weight=1 # Find a free port websocket_port=$(ynh_find_port --port=3012) ynh_app_setting_set --app=$app --key=websocket_port --value=$websocket_port # Find a free port rocket_port=$(ynh_find_port --port=8095) ynh_app_setting_set --app=$app --key=rocket_port --value=$rocket_port #================================================= # INSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Installing dependencies..." --weight=10 ynh_install_app_dependencies $pkg_dependencies #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=3 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress the source of bitwarden_rs from app.src to his build directory ynh_setup_source --dest_dir="$final_path/build/" --source_id=app # Download, check integrity, uncompress and patch the source from web.src ynh_setup_source --dest_dir="$final_path/live/web-vault/" --source_id=web #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring nginx web server..." --weight=2 # Create a dedicated nginx config ynh_add_nginx_config "websocket_port rocket_port" #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." --weight=2 # Create a system user ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # SPECIFIC SETUP #================================================= # MAKE INSTALL #================================================= ynh_script_progression --message="Making install..." --weight=780 # Set right permissions chown -R "$app":"$app" $final_path # Install rustup with the toolchain needed by bitwarden_rs pushd $final_path sudo -u "$app" RUSTUP_HOME=$final_path/.rustup CARGO_HOME=$final_path/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain=$(cat build/rust-toolchain)' popd export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin" # Compile bitwarden_rs pushd $final_path/build sudo -u "$app" env PATH=$PATH cargo build --release popd # Install bitwarden_rs cp -a $final_path/build/target/release/. $final_path/live/. # Remove build files and rustup ynh_secure_remove --file="$final_path/build" ynh_secure_remove --file="$final_path/.cargo" ynh_secure_remove --file="$final_path/.rustup" #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Configuring a systemd service..." --weight=2 # Create a dedicated systemd config ynh_add_systemd_config #================================================= # MODIFY A CONFIG FILE #================================================= config="$final_path/live/bitwarden_rs.env" cp -f ../conf/bitwarden_rs.env "$config" ynh_replace_string --match_string="__ADMIN_TOKEN__" --replace_string="$admin_token" --target_file="$config" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config" ynh_replace_string --match_string="__WEBSOCKET_PORT__" --replace_string="$websocket_port" --target_file="$config" ynh_replace_string --match_string="__ROCKET_PORT__" --replace_string="$rocket_port" --target_file="$config" ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$config" #================================================= # STORE THE CONFIG FILE CHECKSUM #================================================= # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="$config" #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Set permissions to app files chown -R "$app":"$app" $final_path mkdir -p "/var/log/$app" chown -R "$app":"$app" "/var/log/$app" #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." --weight=2 # Use logrotate to manage application logfile(s) ynh_use_logrotate #================================================= # ADVERTISE SERVICE IN ADMIN PANEL #================================================= yunohost service add $app --description "$app daemon for Bitwarden" --log "/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=2 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring fail2ban..." --weight=5 # Create a dedicated fail2ban config touch /var/log/$app/$app.log ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$" #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring SSOwat..." --weight=1 # Make app public if necessary if [ $is_public -eq 1 ] then # unprotected_uris allows SSO credentials to be passed anyway. ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" fi #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading nginx web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload #================================================= # SEND A README FOR THE ADMIN #================================================= ynh_script_progression --message="Sending a readme for the admin..." --weight=17 ynh_replace_string --match_string="__ADMIN_MAIL__" --replace_string="$admin_mail" --target_file="../conf/message" ynh_replace_string --match_string="__ADMIN_TOKEN__" --replace_string="$admin_token" --target_file="../conf/message" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/message" ynh_send_readme_to_admin --app_message="../conf/message" --recipients=$admin_mail --type='install' #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed" --last