#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source ynh_send_readme_to_admin__2 source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= ynh_clean_setup () { ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME admin_mail=$(ynh_user_get_info --username=$admin --key=mail) admin_token=$(ynh_string_random --length=48 | base64) #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=admin_token --value=$admin_token #================================================= # STANDARD MODIFICATIONS #================================================= # FIND AND OPEN A PORT #================================================= ynh_script_progression --message="Finding an available port..." # Find an available port websocket_port=$(ynh_find_port --port=3012) ynh_app_setting_set --app=$app --key=websocket_port --value="$websocket_port" # Find an available port rocket_port=$(ynh_find_port --port=8095) ynh_app_setting_set --app=$app --key=rocket_port --value="$rocket_port" #================================================= # INSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Installing dependencies..." ynh_install_app_dependencies $pkg_dependencies #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress the source of bitwarden_rs from app.src to his build directory ynh_setup_source --dest_dir="$final_path/build/" --source_id="app" # Download, check integrity, uncompress and patch the source from web.src ynh_setup_source --dest_dir="$final_path/live/web-vault/" --source_id="web" #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated NGINX config ynh_add_nginx_config "websocket_port rocket_port" #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." # Create a system user ynh_system_user_create --username="$app" --home_dir="$final_path" #================================================= # SPECIFIC SETUP #================================================= # MAKE INSTALL #================================================= ynh_script_progression --message="Making install..." # Set right permissions chown -R "$app":"$app" "$final_path" # Install rustup with the toolchain needed by bitwarden_rs pushd "$final_path" sudo -u "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly' popd export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin" # Compile bitwarden_rs pushd "$final_path"/build sudo -u "$app" env PATH="$PATH" cargo build --features sqlite --release popd read -p "key" # Install bitwarden_rs cp -a "$final_path"/build/target/release/bitwarden_rs "$final_path"/live/bitwarden_rs # Remove build files and rustup ynh_secure_remove --file="$final_path/build" ynh_secure_remove --file="$final_path/.cargo" ynh_secure_remove --file="$final_path/.rustup" #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Configuring a systemd service..." # Create a dedicated systemd config ynh_add_systemd_config #================================================= # MODIFY A CONFIG FILE #================================================= ynh_script_progression --message="Modifying a config file..." config="$final_path/live/bitwarden_rs.env" cp -f ../conf/bitwarden_rs.env "$config" ynh_replace_string --match_string="__ADMIN_TOKEN__" --replace_string="$admin_token" --target_file="$config" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config" ynh_replace_string --match_string="__PATH_URL__" --replace_string="$path_url" --target_file="$config" ynh_replace_string --match_string="__WEBSOCKET_PORT__" --replace_string="$websocket_port" --target_file="$config" ynh_replace_string --match_string="__ROCKET_PORT__" --replace_string="$rocket_port" --target_file="$config" ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$config" #================================================= # STORE THE CONFIG FILE CHECKSUM #================================================= ynh_script_progression --message="Storing the config file checksum..." # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="$config" #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= ynh_script_progression --message="Securing files and directories..." # Set permissions to app files chown -R "$app":"$app" "$final_path" mkdir -p "/var/log/$app" chown -R "$app":"$app" "/var/log/$app" #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." # Use logrotate to manage application logfile(s) ynh_use_logrotate #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add $app --description "$app daemon for Bitwarden" --log "/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" --length=100 #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2Ban..." # Create a dedicated Fail2Ban config touch /var/log/"$app"/"$app".log ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$" #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring SSOwat..." # Make app public if necessary if [ $is_public -eq 1 ] then ynh_permission_update --permission="main" --add="visitors" fi ynh_permission_create --permission="api" --url="/api" --additional_urls="/identity/connect/token" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --show_tile="false" #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload #================================================= # SEND A README FOR THE ADMIN #================================================= ynh_script_progression --message="Sending a readme for the admin..." ynh_replace_string --match_string="__ADMIN_MAIL__" --replace_string="$admin_mail" --target_file="../conf/message" ynh_replace_string --match_string="__ADMIN_TOKEN__" --replace_string="$admin_token" --target_file="../conf/message" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/message" ynh_replace_string --match_string="__PATH_URL__" --replace_string="$path_url" --target_file="../conf/message" ynh_send_readme_to_admin --app_message="../conf/message" --recipients="$admin_mail" --type='install' #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed"