diff --git a/manifest.toml b/manifest.toml index 907a849..4703e6d 100644 --- a/manifest.toml +++ b/manifest.toml @@ -4,12 +4,12 @@ packaging_format = 2 id = "wallabag2" name = "Wallabag" -description.en = "A self hostable read-it-later app" -description.fr = "Une application de lecture-plus-tard auto-hébergeable" +description.en = "Save and classify articles. Read them later" +description.fr = "Enregistrez et classez les articles. Lisez-les plus tard" version = "2.5.4~ynh3" -maintainers = ["Lapineige"] +maintainers = ["lapineige"] [upstream] license = "MIT" @@ -25,8 +25,8 @@ yunohost = ">= 11.2" architectures = "all" multi_instance = true ldap = true -sso = false -disk = "50M" +sso = true +disk = "200M" ram.build = "150M" ram.runtime = "50M" @@ -61,19 +61,19 @@ ram.runtime = "50M" [resources.apt] packages = [ - "php7.4-cli", - "php7.4-mysql", - "php7.4-json", - "php7.4-gd", - "php7.4-tidy", - "php7.4-curl", - "php7.4-gettext", - "php7.4-redis", - "php7.4-xml", - "php7.4-mbstring", - "php7.4-ldap", - "php7.4-intl", "mariadb-server", + "php7.4-cli", + "php7.4-curl", + "php7.4-gd", + "php7.4-gettext", + "php7.4-intl", + "php7.4-json", + "php7.4-ldap", + "php7.4-mbstring", + "php7.4-mysql", + "php7.4-redis", + "php7.4-tidy", + "php7.4-xml", ] [resources.database] diff --git a/scripts/_common.sh b/scripts/_common.sh index bddccb0..7760641 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -10,18 +10,6 @@ wb_conf="$install_dir/app/config/parameters.yml" # PERSONAL HELPERS #================================================= -function set_permissions { - # Set permissions to app files - chown -R $app:www-data $install_dir - chmod -R g=u,g-w,o-rwx $install_dir - - # Restrict rights to Wallabag user only - chmod 600 $wb_conf - if [ -e $install_dir/var/cache/prod/appProdProjectContainer.php ]; then - chmod 700 $install_dir/var/cache/prod/appProdProjectContainer.php - fi -} - #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/change_url b/scripts/change_url index e699a1e..ded4d93 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -7,8 +7,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# STANDARD MODIFICATIONS #================================================= # MODIFY URL IN NGINX CONF #================================================= diff --git a/scripts/install b/scripts/install index fd4c526..21f3764 100644 --- a/scripts/install +++ b/scripts/install @@ -27,12 +27,18 @@ ynh_setup_source --dest_dir="$install_dir" mkdir -p "$install_dir/var/logs/" touch "$install_dir/var/logs/prod.log" +# Set permissions to app files chown -R "$app:www-data" "$install_dir" +# Restrict rights to Wallabag user only +if [ -e "$install_dir/var/cache/prod/appProdProjectContainer.php" ]; then + chmod 700 "$install_dir/var/cache/prod/appProdProjectContainer.php" +fi + #================================================= -# CONFIGURE WALLABAG +# APP INITIAL CONFIGURATION #================================================= -ynh_script_progression --message="Configuring wallabag..." --weight=35 +ynh_script_progression --message="Adding $app's configuration files..." --weight=1 # Copy and set Wallabag dist configuration cp "$install_dir/app/config/parameters.yml.dist" "$wb_conf" @@ -45,13 +51,14 @@ ynh_replace_string --target_file="$wb_conf" --match_string="database_table_prefi ynh_replace_string --target_file="$wb_conf" --match_string="secret: ovmpmAWXRCabNlMgzlzFXDYmCFfzGv" --replace_string="secret: $deskey" ynh_replace_string --target_file="$wb_conf" --match_string="domain_name: https://your-wallabag-url-instance.com" --replace_string="domain_name: https://$domain$path" +chmod 600 "$wb_conf" chown -R "$app:www-data" "$install_dir" # Alias for php-cli execution command -php_exec=("php$YNH_PHP_VERSION" "$install_dir/bin/console" --no-interaction --env=prod) +php_exec=("php$phpversion" "$install_dir/bin/console" --no-interaction --env=prod) # Install dependencies and Wallabag -ynh_exec_as "$app" "${php_exec[@]}" wallabag:install +ynh_exec_warn_less ynh_exec_as "$app" "${php_exec[@]}" wallabag:install # Add users to Wallabag for username in $(ynh_user_list); do @@ -68,7 +75,8 @@ ynh_exec_as "$app" "${php_exec[@]}" fos:user:promote --super "$admin" ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" \ <<< "UPDATE internal_setting SET value = 'https://$domain$path' WHERE name = 'wallabag_url'" -set_permissions +# Set permissions to app files +chown -R "$app:www-data" "$install_dir" #================================================= # SETUP HOOKS diff --git a/scripts/restore b/scripts/restore index e1d1346..d9fc61c 100644 --- a/scripts/restore +++ b/scripts/restore @@ -15,7 +15,15 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$install_dir" -set_permissions +# Set permissions to app files +chown -R "$app:www-data" "$install_dir" + +# Restrict rights to Wallabag user only +if [ -e "$install_dir/var/cache/prod/appProdProjectContainer.php" ]; then + chmod 700 "$install_dir/var/cache/prod/appProdProjectContainer.php" +fi + +chmod 600 "$wb_conf" #================================================= # RESTORE THE MYSQL DATABASE diff --git a/scripts/upgrade b/scripts/upgrade index 518db49..c1a989b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -24,12 +24,18 @@ ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep="app/config/p mkdir -p "$install_dir/var/logs/" touch "$install_dir/var/logs/prod.log" +# Set permissions to app files chown -R "$app:www-data" "$install_dir" +# Restrict rights to Wallabag user only +if [ -e "$install_dir/var/cache/prod/appProdProjectContainer.php" ]; then + chmod 700 "$install_dir/var/cache/prod/appProdProjectContainer.php" +fi + #================================================= -# CONFIGURE WALLABAG +# UPDATE A CONFIG FILE #================================================= -ynh_script_progression --message="Reconfiguring wallabag..." --weight=11 +ynh_script_progression --message="Reconfiguring $app..." --weight=1 # Copy and set Wallabag dist configuration cp "$install_dir/app/config/parameters.yml.dist" "$wb_conf" @@ -42,21 +48,20 @@ ynh_replace_string --target_file="$wb_conf" --match_string="database_table_prefi ynh_replace_string --target_file="$wb_conf" --match_string="secret: ovmpmAWXRCabNlMgzlzFXDYmCFfzGv" --replace_string="secret: $deskey" ynh_replace_string --target_file="$wb_conf" --match_string="domain_name: https://your-wallabag-url-instance.com" --replace_string="domain_name: https://$domain$path" +chmod 600 "$wb_conf" chown -R "$app:www-data" "$install_dir" # Alias for php-cli execution command -php_exec=("php$YNH_PHP_VERSION" "$install_dir/bin/console" --no-interaction --env=prod) +php_exec=("php$phpversion" "$install_dir/bin/console" --no-interaction --env=prod) # Upgrade database and clear the cache ynh_exec_as "$app" "${php_exec[@]}" doctrine:migrations:migrate ynh_exec_as "$app" "${php_exec[@]}" cache:clear # Configure Wallabag instance URL -ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name"\ +ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name" \ <<< "UPDATE internal_setting SET value = 'https://$domain$path' WHERE name = 'wallabag_url'" -set_permissions - #================================================= # SETUP HOOKS #================================================= @@ -75,7 +80,7 @@ ynh_add_nginx_config # Create a dedicated PHP-FPM config ynh_add_fpm_config -ynh_use_logrotate --non-append +ynh_use_logrotate --non-append --logfile="$install_dir/var/logs/prod.log" # Add fail2ban config ynh_add_fail2ban_config --logpath="$install_dir/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP ""' --max_retry=5 # same as install config