#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) admin=$(ynh_app_setting_get --app=$app --key=admin) final_path=$(ynh_app_setting_get --app=$app --key=final_path) admin_token=$(ynh_app_setting_get --app=$app --key=admin_token) rocket_port=$(ynh_app_setting_get --app=$app --key=rocket_port) websocket_port=$(ynh_app_setting_get --app=$app --key=websocket_port) #================================================= # CHECK VERSION #================================================= ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." # Cleaning legacy permissions if ynh_legacy_permissions_exists; then ynh_legacy_permissions_delete_all ynh_app_setting_delete --app=$app --key=is_public fi # Create a permission if needed if ! ynh_permission_exists --permission="api"; then ynh_permission_create --permission="api" --url="/api" --additional_urls="/identity/connect/token" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" fi if ! ynh_permission_exists --permission="admin"; then ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --show_tile="false" fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { ynh_clean_check_starting # restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # STANDARD UPGRADE STEPS #================================================= # STOP SYSTEMD SERVICE #================================================= ynh_script_progression --message="Stopping a systemd service..." ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --line_match="Stopped Bitwarden Server" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." # Download, check integrity, uncompress the source of bitwarden_rs from app.src to his build directory ynh_setup_source --dest_dir="$final_path/build/" --source_id="app" # Download, check integrity, uncompress and patch the source from web.src ynh_setup_source --dest_dir="$final_path/live/web-vault/" --source_id="web" fi #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." # Create a dedicated NGINX config ynh_add_nginx_config "websocket_port rocket_port" #================================================= # UPGRADE DEPENDENCIES #================================================= ynh_script_progression --message="Upgrading dependencies..." ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # SPECIFIC UPGRADE #================================================= # MAKE UPGRADE #================================================= ynh_script_progression --message="Making upgrade..." # Set right permissions chown -R "$app":"$app" "$final_path" if [ "$upgrade_type" == "UPGRADE_APP" ] then # Install rustup with the toolchain needed by bitwarden_rs pushd "$final_path" sudo -u "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly' popd export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin" # Compile bitwarden_rs pushd "$final_path"/build sudo -u "$app" env PATH="$PATH" cargo build --features sqlite --release popd # Remove old generated files before copying the new ones ynh_secure_remove --file="$final_path/live/build" ynh_secure_remove --file="$final_path/live/deps" ynh_secure_remove --file="$final_path/live/.fingerprint" # Install bitwarden_rs cp -af "$final_path"/build/target/release/. "$final_path"/live/. # Remove build files and rustup ynh_secure_remove --file="$final_path/build" ynh_secure_remove --file="$final_path/.cargo" ynh_secure_remove --file="$final_path/.rustup" fi #================================================= # SETUP SYSTEMD #================================================= ynh_script_progression --message="Upgrading systemd configuration..." # Create a dedicated systemd config ynh_add_systemd_config #================================================= # MODIFY A CONFIG FILE #================================================= ynh_script_progression --message="Modifying a config file..." config="$final_path/live/bitwarden_rs.env" ynh_backup_if_checksum_is_different --file="$config" cp -f ../conf/bitwarden_rs.env "$config" ynh_replace_string --match_string="__ADMIN_TOKEN__" --replace_string="$admin_token" --target_file="$config" ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config" ynh_replace_string --match_string="__PATH_URL__" --replace_string="$path_url" --target_file="$config" ynh_replace_string --match_string="__WEBSOCKET_PORT__" --replace_string="$websocket_port" --target_file="$config" ynh_replace_string --match_string="__ROCKET_PORT__" --replace_string="$rocket_port" --target_file="$config" ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$config" #================================================= # STORE THE CONFIG FILE CHECKSUM #================================================= ynh_script_progression --message="Storing the config file checksum..." # Recalculate and store the checksum of the file for the next upgrade. ynh_store_file_checksum --file="$config" #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= ynh_script_progression --message="Securing files and directories..." # Set permissions on app files chown -R "$app":"$app" "$final_path" mkdir -p "/var/log/$app" chown -R "$app":"$app" /var/log/"$app" #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Upgrading logrotate configuration..." # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." yunohost service add $app --description "$app daemon for Bitwarden" --log "/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" --length=100 #================================================= # UPGRADE FAIL2BAN #================================================= ynh_script_progression --message="Reconfiguring Fail2Ban..." # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$" #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Upgrade of $app completed"