mirror of
https://github.com/YunoHost-Apps/wallabag2_ynh.git
synced 2024-10-01 13:35:06 +02:00
ae76c98612
* Readme: Add welcome UI screenshoot It's always nice to have a quick look at the UI of the software you're going to install :) * Testing (#56) * Fix 413 request entity too large (#55) * [fix] 413 Request Entity Too Large * Remove ini file for php (#57) Have a look to YunoHost-Apps/nextcloud_ynh#138 for more information * Add fail2ban config * Add Fail2ban config removal helper * Enhance fail2ban config look * Add fail2ban backup * Restore fail2ban config * Add fail2ban config during upgrade To make sure any older version will get fail2ban support * Update minimum version to 3.5 This is needed for fail2ban helpers * Add fail2ban info * Fail2ban: Fix missing log file during install * Fix feil2ban regex * Fix fail2ban regex - 2 * Use ynh_systemd_action * Use long getopts arguments * Fix duplicated comment and remove blank space * Fix fail2ban regex in upgrade script * Improve regex - install This allow empty username (not possible, but may still block some extra brute force spammers) and username with spaces * Improve regex - upgrade This allow empty username (not possible, but may still block some extra brute force spammers) and username with spaces * Fix missing log file for fail2ban * Indentation and variable usage
171 lines
5.6 KiB
Bash
171 lines
5.6 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC STARTING
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source _common.sh
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# MANAGE SCRIPT FAILURE
|
|
#=================================================
|
|
|
|
ynh_abort_if_errors # Stop script if an error is detected
|
|
|
|
#=================================================
|
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
|
#=================================================
|
|
|
|
# Retrieve app id
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
|
|
# Retrieve arguments
|
|
domain=$YNH_APP_ARG_DOMAIN
|
|
path_url=$YNH_APP_ARG_PATH
|
|
admin=$YNH_APP_ARG_ADMIN
|
|
|
|
#=================================================
|
|
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
|
#=================================================
|
|
|
|
final_path=/var/www/$app
|
|
test ! -e "$final_path" || ynh_die "This path already contains a folder"
|
|
|
|
path_url=$(ynh_normalize_url_path $path_url) # Check and normalize path
|
|
|
|
# Check web path availability
|
|
ynh_webpath_available $domain $path_url
|
|
# Register (book) web path
|
|
ynh_webpath_register $app $domain $path_url
|
|
|
|
#=================================================
|
|
# STORE SETTINGS FROM MANIFEST
|
|
#=================================================
|
|
|
|
ynh_app_setting_set $app domain "$domain"
|
|
ynh_app_setting_set $app path_url "$path_url"
|
|
ynh_app_setting_set $app admin "$admin"
|
|
|
|
#=================================================
|
|
# STANDARD MODIFICATIONS
|
|
#=================================================
|
|
# INSTALL DEPENDENCIES
|
|
#=================================================
|
|
|
|
ynh_install_app_dependencies "$PKG_DEPENDENCIES"
|
|
|
|
#=================================================
|
|
# CREATE A MYSQL DB
|
|
#=================================================
|
|
|
|
db_name=$(ynh_sanitize_dbid $app)
|
|
db_user="$db_name"
|
|
|
|
# Generate random DES key & password
|
|
deskey=$(ynh_string_random 24)
|
|
ynh_app_setting_set "$app" deskey "$deskey"
|
|
ynh_app_setting_set "$app" db_name "$db_name"
|
|
|
|
# Initialize database
|
|
ynh_mysql_setup_db "$db_user" "$db_name"
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
|
|
ynh_app_setting_set $app final_path "$final_path"
|
|
# Create tmp directory and fetch app inside
|
|
TMPDIR=$(mktemp -d)
|
|
ynh_setup_source "$TMPDIR"
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
|
|
ynh_system_user_create $app # Create a dedicated system user
|
|
|
|
#=================================================
|
|
# SPECIFIC SETUP
|
|
#=================================================
|
|
|
|
# Copy and set Wallabag dist configuration
|
|
wb_conf="${TMPDIR}/app/config/parameters.yml"
|
|
cp ${TMPDIR}/app/config/parameters.yml.dist $wb_conf
|
|
|
|
ynh_replace_string "fosuser_registration: true" "fosuser_registration: false" "$wb_conf"
|
|
ynh_replace_string "database_name: wallabag" "database_name: ${db_name}" "$wb_conf"
|
|
ynh_replace_string "database_user: root" "database_user: ${db_user}" "$wb_conf"
|
|
ynh_replace_string "database_password: ~" "database_password: ${db_pwd}" "$wb_conf"
|
|
ynh_replace_string "database_table_prefix: wallabag_" "database_table_prefix: null" "$wb_conf"
|
|
ynh_replace_string "secret: ovmpmAWXRCabNlMgzlzFXDYmCFfzGv" "secret: ${deskey}" "$wb_conf"
|
|
ynh_replace_string "domain_name: https://your-wallabag-url-instance.com" "domain_name: https://$domain$path_url" "$wb_conf"
|
|
|
|
# Restrict rights to Wallabag user only
|
|
chmod 600 "$wb_conf"
|
|
|
|
# Install files and set permissions
|
|
mv "$TMPDIR" "$final_path"
|
|
|
|
# Set rights on directory
|
|
chown -R $app: $final_path
|
|
chmod 755 $final_path
|
|
|
|
# Install dependencies and Wallabag
|
|
exec_console $app "$final_path" wallabag:install
|
|
|
|
# Add users to Wallabag
|
|
for username in $(ynh_user_list); do
|
|
user_email=$(yunohost user info "$username" --output-as plain \
|
|
| ynh_get_plain_key mail)
|
|
user_pass=$(ynh_string_random)
|
|
exec_console $app "$final_path" fos:user:create \
|
|
"$username" "$user_email" "$user_pass"
|
|
done
|
|
|
|
# Set admin user
|
|
exec_console $app "$final_path" fos:user:promote --super "$admin"
|
|
|
|
# Configure Wallabag instance URL
|
|
ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_user" <<< "UPDATE craue_config_setting SET value = 'https://$domain$path_url' WHERE name = 'wallabag_url'"
|
|
|
|
#=================================================
|
|
# CONFIGURE FAIL2BAN
|
|
#=================================================
|
|
|
|
# Create the log file is not already existing during install
|
|
mkdir -p "/var/www/$app/var/logs/"
|
|
touch "/var/www/$app/var/logs/prod.log"
|
|
chown $app: "/var/www/$app/var/logs/prod.log"
|
|
# Add fail2ban config
|
|
ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP "<HOST>"' --max_retry=5
|
|
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
|
|
ynh_add_nginx_config
|
|
if [ "$path_url" = "/" ]
|
|
then
|
|
# Replace "//" location (due to nginx template)
|
|
# Prevent from replacing in "http://" expressions by excluding ":" as preceding character
|
|
sed --in-place "s@\([^:]\)//@\1/@g" /etc/nginx/conf.d/$domain.d/$app.conf
|
|
else
|
|
# Move prefix comment #for-subdir at end of lines
|
|
sed --in-place "s/#for-subdir\(.*\)/\1 #for-subdir/g" /etc/nginx/conf.d/$domain.d/$app.conf
|
|
fi
|
|
ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
|
|
|
|
# Copy and set php-fpm configuration
|
|
ynh_add_fpm_config
|
|
|
|
# Set SSOwat rules
|
|
ynh_app_setting_set "$app" unprotected_uris "/"
|
|
|
|
#=================================================
|
|
# RELOAD NGINX
|
|
#=================================================
|
|
systemctl restart php5-fpm
|
|
systemctl reload nginx
|