mirror of
https://github.com/YunoHost-Apps/vaultwarden_ynh.git
synced 2024-09-03 18:26:31 +02:00
229 lines
8.3 KiB
Bash
229 lines
8.3 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source _common.sh
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# LOAD SETTINGS
|
|
#=================================================
|
|
ynh_script_progression --message="Loading installation settings..."
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
|
|
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
|
admin=$(ynh_app_setting_get --app=$app --key=admin)
|
|
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
|
|
|
admin_token=$(ynh_app_setting_get --app=$app --key=admin_token)
|
|
rocket_port=$(ynh_app_setting_get --app=$app --key=rocket_port)
|
|
websocket_port=$(ynh_app_setting_get --app=$app --key=websocket_port)
|
|
|
|
#=================================================
|
|
# CHECK VERSION
|
|
#=================================================
|
|
ynh_script_progression --message="Checking version..."
|
|
|
|
upgrade_type=$(ynh_check_app_version_changed)
|
|
|
|
#=================================================
|
|
# ENSURE DOWNWARD COMPATIBILITY
|
|
#=================================================
|
|
ynh_script_progression --message="Ensuring downward compatibility..."
|
|
|
|
# Cleaning legacy permissions
|
|
if ynh_legacy_permissions_exists; then
|
|
ynh_legacy_permissions_delete_all
|
|
|
|
ynh_app_setting_delete --app=$app --key=is_public
|
|
fi
|
|
|
|
if ! ynh_permission_exists --permission="admin"; then
|
|
# Create the required permissions
|
|
ynh_permission_create --permission="admin" --url="/admin" --allowed="$admin" --show_tile="false"
|
|
fi
|
|
|
|
# Create a permission if needed
|
|
if ! ynh_permission_exists --permission="api"; then
|
|
ynh_permission_create --permission="api" --url="/api" --additional_urls="/identity/connect/token" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
|
|
fi
|
|
|
|
#=================================================
|
|
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
|
#=================================================
|
|
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
|
|
|
|
# Backup the current version of the app
|
|
ynh_backup_before_upgrade
|
|
ynh_clean_setup () {
|
|
ynh_clean_check_starting
|
|
# restore it if the upgrade fails
|
|
ynh_restore_upgradebackup
|
|
}
|
|
# Exit if an error occurs during the execution of the script
|
|
ynh_abort_if_errors
|
|
|
|
#=================================================
|
|
# STANDARD UPGRADE STEPS
|
|
#=================================================
|
|
# STOP SYSTEMD SERVICE
|
|
#=================================================
|
|
ynh_script_progression --message="Stopping a systemd service..."
|
|
|
|
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --line_match="Stopped Bitwarden Server"
|
|
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
|
|
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
|
then
|
|
ynh_script_progression --message="Upgrading source files..."
|
|
|
|
# Download, check integrity, uncompress the source of bitwarden_rs from app.src to his build directory
|
|
ynh_setup_source --dest_dir="$final_path/build/" --source_id="app"
|
|
|
|
# Download, check integrity, uncompress and patch the source from web.src
|
|
ynh_setup_source --dest_dir="$final_path/live/web-vault/" --source_id="web"
|
|
fi
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Upgrading NGINX web server configuration..."
|
|
|
|
# Create a dedicated NGINX config
|
|
ynh_add_nginx_config "websocket_port rocket_port"
|
|
|
|
#=================================================
|
|
# UPGRADE DEPENDENCIES
|
|
#=================================================
|
|
ynh_script_progression --message="Upgrading dependencies..."
|
|
|
|
ynh_install_app_dependencies $pkg_dependencies
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
ynh_script_progression --message="Making sure dedicated system user exists..."
|
|
|
|
# Create a dedicated user (if not existing)
|
|
ynh_system_user_create --username=$app --home_dir="$final_path"
|
|
|
|
#=================================================
|
|
# SPECIFIC UPGRADE
|
|
#=================================================
|
|
# MAKE UPGRADE
|
|
#=================================================
|
|
ynh_script_progression --message="Making upgrade..."
|
|
|
|
# Set right permissions
|
|
chown -R "$app":"$app" "$final_path"
|
|
|
|
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
|
then
|
|
# Install rustup with the toolchain needed by bitwarden_rs
|
|
pushd "$final_path"
|
|
sudo -u "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly'
|
|
popd
|
|
|
|
export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin"
|
|
|
|
# Compile bitwarden_rs
|
|
pushd "$final_path"/build
|
|
ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --features sqlite --release
|
|
popd
|
|
|
|
# Remove old generated files before copying the new ones
|
|
ynh_secure_remove --file="$final_path/live/.fingerprint"
|
|
ynh_secure_remove --file="$final_path/live/build"
|
|
ynh_secure_remove --file="$final_path/live/deps"
|
|
ynh_secure_remove --file="$final_path/live/examples"
|
|
ynh_secure_remove --file="$final_path/live/incremental"
|
|
ynh_secure_remove --file="$final_path/live/.cargo-lock"
|
|
ynh_secure_remove --file="$final_path/live/bitwarden_rs.d"
|
|
|
|
# Install bitwarden_rs
|
|
cp -af "$final_path/build/target/release/bitwarden_rs" "$final_path/live/bitwarden_rs"
|
|
|
|
# Remove build files and rustup
|
|
ynh_secure_remove --file="$final_path/build"
|
|
ynh_secure_remove --file="$final_path/.cargo"
|
|
ynh_secure_remove --file="$final_path/.rustup"
|
|
fi
|
|
|
|
#=================================================
|
|
# SETUP SYSTEMD
|
|
#=================================================
|
|
ynh_script_progression --message="Upgrading systemd configuration..."
|
|
|
|
# Create a dedicated systemd config
|
|
ynh_add_systemd_config
|
|
|
|
#=================================================
|
|
# MODIFY A CONFIG FILE
|
|
#=================================================
|
|
ynh_script_progression --message="Modifying a config file..."
|
|
|
|
ynh_add_config --template="../conf/bitwarden_rs.env" --destination="$final_path/live/bitwarden_rs.env"
|
|
|
|
#=================================================
|
|
# GENERIC FINALIZATION
|
|
#=================================================
|
|
# SECURE FILES AND DIRECTORIES
|
|
#=================================================
|
|
ynh_script_progression --message="Securing files and directories..."
|
|
|
|
# Set permissions on app files
|
|
chown -R "$app":"$app" "$final_path"
|
|
mkdir -p "/var/log/$app"
|
|
chown -R "$app":"$app" /var/log/"$app"
|
|
|
|
#=================================================
|
|
# SETUP LOGROTATE
|
|
#=================================================
|
|
ynh_script_progression --message="Upgrading logrotate configuration..."
|
|
|
|
# Use logrotate to manage app-specific logfile(s)
|
|
ynh_use_logrotate --non-append
|
|
|
|
#=================================================
|
|
# INTEGRATE SERVICE IN YUNOHOST
|
|
#=================================================
|
|
ynh_script_progression --message="Integrating service in YunoHost..."
|
|
|
|
yunohost service add $app --description "$app daemon for Bitwarden" --log "/var/log/$app/$app.log"
|
|
|
|
#=================================================
|
|
# START SYSTEMD SERVICE
|
|
#=================================================
|
|
ynh_script_progression --message="Starting a systemd service..."
|
|
|
|
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Rocket has launched from" --length=100
|
|
|
|
#=================================================
|
|
# UPGRADE FAIL2BAN
|
|
#=================================================
|
|
ynh_script_progression --message="Reconfiguring Fail2Ban..."
|
|
|
|
# Create a dedicated Fail2Ban config
|
|
ynh_add_fail2ban_config --logpath="/var/log/$app/$app.log" --failregex="^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$"
|
|
|
|
#=================================================
|
|
# RELOAD NGINX
|
|
#=================================================
|
|
ynh_script_progression --message="Reloading NGINX web server..."
|
|
|
|
ynh_systemd_action --service_name=nginx --action=reload
|
|
|
|
#=================================================
|
|
# END OF SCRIPT
|
|
#=================================================
|
|
|
|
ynh_script_progression --message="Upgrade of $app completed"
|