1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/vaultwarden_ynh.git synced 2024-09-03 18:26:31 +02:00
vaultwarden_ynh/scripts/install
2020-04-17 12:44:17 +02:00

253 lines
9.4 KiB
Bash

#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source ynh_send_readme_to_admin__2
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_print_info --message="Managing script failure..."
ynh_clean_setup () {
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
ynh_print_info --message="Retrieving arguments from the manifest..."
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
admin=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC
app=$YNH_APP_INSTANCE_NAME
admin_mail=$(ynh_user_get_info "$admin" 'mail')
admin_token=$(ynh_string_random --length=48 | base64)
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_print_info --message="Validating installation parameters..."
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_print_info --message="Storing installation settings..."
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=admin_token --value=$admin_token
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_print_info --message="Configuring firewall..."
# Find an available port
websocket_port=$(ynh_find_port --port=3012)
ynh_app_setting_set --app=$app --key=websocket_port --value="$websocket_port"
# Find an available port
rocket_port=$(ynh_find_port --port=8095)
ynh_app_setting_set --app=$app --key=rocket_port --value="$rocket_port"
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_print_info --message="Installing dependencies..."
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_print_info --message="Setting up source files..."
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress the source of bitwarden_rs from app.src to his build directory
ynh_setup_source --dest_dir="$final_path/build/" --source_id="app"
# Download, check integrity, uncompress and patch the source from web.src
ynh_setup_source --dest_dir="$final_path/live/web-vault/" --source_id="web"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_print_info --message="Configuring nginx web server..."
# Create a dedicated nginx config
ynh_add_nginx_config "websocket_port rocket_port"
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_print_info --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username="$app" --home_dir="$final_path"
#=================================================
# SPECIFIC SETUP
#=================================================
# MAKE INSTALL
#=================================================
ynh_print_info --message="Making install..."
# Set right permissions
chown -R "$app":"$app" "$final_path"
# Install rustup with the toolchain needed by bitwarden_rs
pushd "$final_path"
sudo -u "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain=$(cat build/rust-toolchain)'
popd
export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin"
# Compile bitwarden_rs
pushd "$final_path"/build
sudo -u "$app" env PATH="$PATH" cargo build --features sqlite --release
popd
# Install bitwarden_rs
cp -a "$final_path"/build/target/release/. "$final_path"/live/.
# Remove build files and rustup
ynh_secure_remove --file="$final_path/build"
ynh_secure_remove --file="$final_path/.cargo"
ynh_secure_remove --file="$final_path/.rustup"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_print_info --message="Configuring a systemd service..."
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# MODIFY A CONFIG FILE
#=================================================
ynh_print_info --message="Modifying a config file..."
config="$final_path/live/bitwarden_rs.env"
cp -f ../conf/bitwarden_rs.env "$config"
ynh_replace_string --match_string="__ADMIN_TOKEN__" --replace_string="$admin_token" --target_file="$config"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$config"
ynh_replace_string --match_string="__PATH_URL__" --replace_string="$path_url" --target_file="$config"
ynh_replace_string --match_string="__WEBSOCKET_PORT__" --replace_string="$websocket_port" --target_file="$config"
ynh_replace_string --match_string="__ROCKET_PORT__" --replace_string="$rocket_port" --target_file="$config"
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$config"
#=================================================
# STORE THE CONFIG FILE CHECKSUM
#=================================================
ynh_print_info --message="Storing the config file checksum..."
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum --file="$config"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
ynh_print_info --message="Securing files and directories..."
# Set permissions to app files
chown -R "$app":"$app" "$final_path"
mkdir -p "/var/log/$app"
chown -R "$app":"$app" "/var/log/$app"
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_print_info --message="Configuring log rotation..."
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_print_info --message="Integrating service in YunoHost..."
yunohost service add $app --description "$app daemon for Bitwarden" --log "/var/log/$app/$app.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_print_info --message="Starting a systemd service..."
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" --length=100
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_print_info --message="Configuring fail2ban..."
# Create a dedicated fail2ban config
touch /var/log/"$app"/"$app".log
ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_print_info --message="Configuring SSOwat..."
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# unprotected_uris allows SSO credentials to be passed anyway.
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
fi
#=================================================
# RELOAD NGINX
#=================================================
ynh_print_info --message="Reloading nginx web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# SEND A README FOR THE ADMIN
#=================================================
ynh_print_info --message="Sending a readme for the admin..."
ynh_replace_string --match_string="__ADMIN_MAIL__" --replace_string="$admin_mail" --target_file="../conf/message"
ynh_replace_string --match_string="__ADMIN_TOKEN__" --replace_string="$admin_token" --target_file="../conf/message"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="../conf/message"
ynh_replace_string --match_string="__PATH_URL__" --replace_string="$path_url" --target_file="../conf/message"
ynh_send_readme_to_admin --app_message="../conf/message" --recipients="$admin_mail" --type='install'
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info --message="Installation of $app completed"