diff --git a/README.md b/README.md index 8cae7a8..f929164 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to ## Overview Wekan is an open-source kanban board (task manager and organizer) -**Shipped version:** 2.37 +**Shipped version:** 2.40 ## Screenshots diff --git a/conf/.env b/conf/.env new file mode 100644 index 0000000..17d1c80 --- /dev/null +++ b/conf/.env @@ -0,0 +1,338 @@ +# The Node Environnement +NODE_ENV=production + +# The path to NODEJS +PATH=__NODEJS_PATH__ + +# Activate Debug mode +#DEBUG=true + +# URL of the mongodb +MONGO_URL=mongodb://127.0.0.1:27017/__DB_NAME__ + +# Root URL +ROOT_URL=https://__DOMAIN_URI__ + +# Mail URL +MAIL_URL='smtp://user:pass@mailserver.example.com:25/' + +# This is local port where Wekan Node.js runs +PORT=__PORT__ + +#--------------------------------------------- +# Wekan Export Board works when WITH_API=true. +# If you disable Wekan API with false, Export Board does not work. +WITH_API='true' + +#--------------------------------------------- +# CORS: Set Access-Control-Allow-Origin header. Example: * +#CORS=* + +#--------------------------------------------- +## Optional: Integration with Matomo https://matomo.org that is installed to your server +## The address of the server where Matomo is hosted: +# Example: MATOMO_ADDRESS=https://example.com/matomo +#MATOMO_ADDRESS= + +## The value of the site ID given in Matomo server for Wekan +# Example: MATOMO_SITE_ID=123456789 +#MATOMO_SITE_ID='' + +## The option do not track which enables users to not be tracked by matomo" +#Example: MATOMO_DO_NOT_TRACK=false +#MATOMO_DO_NOT_TRACK=true + +## The option that allows matomo to retrieve the username: +# Example: MATOMO_WITH_USERNAME=true +#MATOMO_WITH_USERNAME='false' + +#--------------------------------------------- +# Enable browser policy and allow one trusted URL that can have iframe that has Wekan embedded inside. +# Setting this to false is not recommended, it also disables all other browser policy protections +# and allows all iframing etc. See wekan/server/policy.js +# Default value: true +BROWSER_POLICY_ENABLED=true + +# When browser policy is enabled, HTML code at this Trusted URL can have iframe that embeds Wekan inside. +# Example: TRUSTED_URL=http://example.com +TRUSTED_URL='' + +# What to send to Outgoing Webhook, or leave out. Example, that includes all that are default: cardId,listId,oldListId,boardId,comment,user,card,commentId . +# Example: WEBHOOKS_ATTRIBUTES=cardId,listId,oldListId,boardId,comment,user,card,commentId +WEBHOOKS_ATTRIBUTES='' + +#--------------------------------------------- +# ==== OAUTH2 AZURE ==== +# https://github.com/wekan/wekan/wiki/Azure +# 1) Register the application with Azure. Make sure you capture +# the application ID as well as generate a secret key. +# 2) Configure the environment variables. This differs slightly +# by installation type, but make sure you have the following: +#OAUTH2_ENABLED=true + +# Application GUID captured during app registration: +#OAUTH2_CLIENT_ID=xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx + +# Secret key generated during app registration: +#OAUTH2_SECRET=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx +#OAUTH2_SERVER_URL=https://login.microsoftonline.com/ +#OAUTH2_AUTH_ENDPOINT=/oauth2/v2.0/authorize +#OAUTH2_USERINFO_ENDPOINT=https://graph.microsoft.com/oidc/userinfo +#OAUTH2_TOKEN_ENDPOINT=/oauth2/v2.0/token + +# The claim name you want to map to the unique ID field: +#OAUTH2_ID_MAP=email + +# The claim name you want to map to the username field: +#OAUTH2_USERNAME_MAP=email + +# The claim name you want to map to the full name field: +#OAUTH2_FULLNAME_MAP=name + +# The claim name you want to map to the email field: +#OAUTH2_EMAIL_MAP=email + +#----------------------------------------------------------------- +# ==== OAUTH2 KEYCLOAK ==== +# https://github.com/wekan/wekan/wiki/Keycloak <== MAPPING INFO, REQUIRED +#OAUTH2_ENABLED=true +#OAUTH2_CLIENT_ID= +#OAUTH2_SERVER_URL=/auth +#OAUTH2_AUTH_ENDPOINT=/realms//protocol/openid-connect/auth +#OAUTH2_USERINFO_ENDPOINT=/realms//protocol/openid-connect/userinfo +#OAUTH2_TOKEN_ENDPOINT=/realms//protocol/openid-connect/token +#OAUTH2_SECRET= + +#----------------------------------------------------------------- +# ==== OAUTH2 DOORKEEPER ==== +# https://github.com/wekan/wekan/issues/1874 +# https://github.com/wekan/wekan/wiki/OAuth2 +# Enable the OAuth2 connection +#OAUTH2_ENABLED=true + +# OAuth2 docs: https://github.com/wekan/wekan/wiki/OAuth2 +# OAuth2 Client ID. +#OAUTH2_CLIENT_ID=abcde12345 + +# OAuth2 Secret. +#OAUTH2_SECRET=54321abcde + +# OAuth2 Server URL. +#OAUTH2_SERVER_URL=https://chat.example.com + +# OAuth2 Authorization Endpoint. +#OAUTH2_AUTH_ENDPOINT=/oauth/authorize + +# OAuth2 Userinfo Endpoint. +#OAUTH2_USERINFO_ENDPOINT=/oauth/userinfo + +# OAuth2 Token Endpoint. +#OAUTH2_TOKEN_ENDPOINT=/oauth/token + +# OAuth2 ID Mapping +#OAUTH2_ID_MAP= + +# OAuth2 Username Mapping +#OAUTH2_USERNAME_MAP= + +# OAuth2 Fullname Mapping +#OAUTH2_FULLNAME_MAP= + +# OAuth2 Email Mapping +#OAUTH2_EMAIL_MAP= + +#--------------------------------------------- +# LDAP_ENABLE : Enable or not the connection by the LDAP +# example : LDAP_ENABLE=true +#LDAP_ENABLE=false + +# LDAP_PORT : The port of the LDAP server +# example : LDAP_PORT=389 +#LDAP_PORT=389 + +# LDAP_HOST : The host server for the LDAP server +# example : LDAP_HOST=localhost +#LDAP_HOST= + +# LDAP_BASEDN : The base DN for the LDAP Tree +# example : LDAP_BASEDN=ou=user,dc=example,dc=org +#LDAP_BASEDN= + +# LDAP_LOGIN_FALLBACK : Fallback on the default authentication method +# example : LDAP_LOGIN_FALLBACK=true +#LDAP_LOGIN_FALLBACK=false + +# LDAP_RECONNECT : Reconnect to the server if the connection is lost +# example : LDAP_RECONNECT=false +#LDAP_RECONNECT=true + +# LDAP_TIMEOUT : Overall timeout, in milliseconds +# example : LDAP_TIMEOUT=12345 +#LDAP_TIMEOUT=10000 + +# LDAP_IDLE_TIMEOUT : Specifies the timeout for idle LDAP connections in milliseconds +# example : LDAP_IDLE_TIMEOUT=12345 +#LDAP_IDLE_TIMEOUT=10000 + +# LDAP_CONNECT_TIMEOUT : Connection timeout, in milliseconds +# example : LDAP_CONNECT_TIMEOUT=12345 +#LDAP_CONNECT_TIMEOUT=10000 + +# LDAP_AUTHENTIFICATION : If the LDAP needs a user account to search +# example : LDAP_AUTHENTIFICATION=true +#LDAP_AUTHENTIFICATION=false + +# LDAP_AUTHENTIFICATION_USERDN : The search user DN +# example : LDAP_AUTHENTIFICATION_USERDN=cn=admin,dc=example,dc=org +#LDAP_AUTHENTIFICATION_USERDN= + +# LDAP_AUTHENTIFICATION_PASSWORD : The password for the search user +# example : AUTHENTIFICATION_PASSWORD=admin +#LDAP_AUTHENTIFICATION_PASSWORD= + +# LDAP_LOG_ENABLED : Enable logs for the module +# example : LDAP_LOG_ENABLED=true +#LDAP_LOG_ENABLED=false + +# LDAP_BACKGROUND_SYNC : If the sync of the users should be done in the background +# example : LDAP_BACKGROUND_SYNC=true +#LDAP_BACKGROUND_SYNC=false + +# LDAP_BACKGROUND_SYNC_INTERVAL : At which interval does the background task sync in milliseconds +# example : LDAP_BACKGROUND_SYNC_INTERVAL=12345 +#LDAP_BACKGROUND_SYNC_INTERVAL=100 + +# LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED : +# example : LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=true +#LDAP_BACKGROUND_SYNC_KEEP_EXISTANT_USERS_UPDATED=false + +# LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS : +# example : LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=true +#LDAP_BACKGROUND_SYNC_IMPORT_NEW_USERS=false + +# LDAP_ENCRYPTION : If using LDAPS +# example : LDAP_ENCRYPTION=ssl +#LDAP_ENCRYPTION=false + +# LDAP_CA_CERT : The certification for the LDAPS server. Certificate needs to be included in this docker-compose.yml file. +# example : LDAP_CA_CERT=-----BEGIN CERTIFICATE-----MIIE+zCCA+OgAwIBAgIkAhwR/6TVLmdRY6hHxvUFWc0+Enmu/Hu6cj+G2FIdAgIC...-----END CERTIFICATE----- +#LDAP_CA_CERT= + +# LDAP_REJECT_UNAUTHORIZED : Reject Unauthorized Certificate +# example : LDAP_REJECT_UNAUTHORIZED=true +#LDAP_REJECT_UNAUTHORIZED=false + +# LDAP_USER_SEARCH_FILTER : Optional extra LDAP filters. Don't forget the outmost enclosing parentheses if needed +# example : LDAP_USER_SEARCH_FILTER= +#LDAP_USER_SEARCH_FILTER= + +# LDAP_USER_SEARCH_SCOPE : base (search only in the provided DN), one (search only in the provided DN and one level deep), or sub (search the whole subtree) +# example : LDAP_USER_SEARCH_SCOPE=one +#LDAP_USER_SEARCH_SCOPE= + +# LDAP_USER_SEARCH_FIELD : Which field is used to find the user +# example : LDAP_USER_SEARCH_FIELD=uid +#LDAP_USER_SEARCH_FIELD= + +# LDAP_SEARCH_PAGE_SIZE : Used for pagination (0=unlimited) +# example : LDAP_SEARCH_PAGE_SIZE=12345 +#LDAP_SEARCH_PAGE_SIZE=0 + +# LDAP_SEARCH_SIZE_LIMIT : The limit number of entries (0=unlimited) +# example : LDAP_SEARCH_SIZE_LIMIT=12345 +#LDAP_SEARCH_SIZE_LIMIT=0 + +# LDAP_GROUP_FILTER_ENABLE : Enable group filtering +# example : LDAP_GROUP_FILTER_ENABLE=true +#LDAP_GROUP_FILTER_ENABLE=false + +# LDAP_GROUP_FILTER_OBJECTCLASS : The object class for filtering +# example : LDAP_GROUP_FILTER_OBJECTCLASS=group +#LDAP_GROUP_FILTER_OBJECTCLASS= + +# LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE : +# example : +#LDAP_GROUP_FILTER_GROUP_ID_ATTRIBUTE= + +# LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE : +# example : +#LDAP_GROUP_FILTER_GROUP_MEMBER_ATTRIBUTE= + +# LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT : +# example : +#LDAP_GROUP_FILTER_GROUP_MEMBER_FORMAT= + +# LDAP_GROUP_FILTER_GROUP_NAME : +# example : +#LDAP_GROUP_FILTER_GROUP_NAME= + +# LDAP_UNIQUE_IDENTIFIER_FIELD : This field is sometimes class GUID (Globally Unique Identifier) +# example : LDAP_UNIQUE_IDENTIFIER_FIELD=guid +#LDAP_UNIQUE_IDENTIFIER_FIELD= + +# LDAP_UTF8_NAMES_SLUGIFY : Convert the username to utf8 +# example : LDAP_UTF8_NAMES_SLUGIFY=false +#LDAP_UTF8_NAMES_SLUGIFY=true + +# LDAP_USERNAME_FIELD : Which field contains the ldap username +# example : LDAP_USERNAME_FIELD=username +#LDAP_USERNAME_FIELD= + +# LDAP_FULLNAME_FIELD : Which field contains the ldap fullname +# example : LDAP_FULLNAME_FIELD=fullname +#LDAP_FULLNAME_FIELD= + +# LDAP_MERGE_EXISTING_USERS : +# example : LDAP_MERGE_EXISTING_USERS=true +#LDAP_MERGE_EXISTING_USERS=false + +# LDAP_EMAIL_MATCH_ENABLE : allow existing account matching by e-mail address when username does not match +# example: LDAP_EMAIL_MATCH_ENABLE=true +#LDAP_EMAIL_MATCH_ENABLE=false + +# LDAP_EMAIL_MATCH_REQUIRE : require existing account matching by e-mail address when username does match +# example: LDAP_EMAIL_MATCH_REQUIRE=true +#LDAP_EMAIL_MATCH_REQUIRE=false + +# LDAP_EMAIL_MATCH_VERIFIED : require existing account email address to be verified for matching +# example: LDAP_EMAIL_MATCH_VERIFIED=true +#LDAP_EMAIL_MATCH_VERIFIED=false + +# LDAP_EMAIL_FIELD : which field contains the LDAP e-mail address +# example: LDAP_EMAIL_FIELD=mail +#LDAP_EMAIL_FIELD= + +# LDAP_SYNC_USER_DATA : +# example : LDAP_SYNC_USER_DATA=true +#LDAP_SYNC_USER_DATA=false + +# LDAP_SYNC_USER_DATA_FIELDMAP : +# example : LDAP_SYNC_USER_DATA_FIELDMAP={"cn":"name", "mail":"email"} +#LDAP_SYNC_USER_DATA_FIELDMAP= + +# LDAP_SYNC_GROUP_ROLES : +# example : +#LDAP_SYNC_GROUP_ROLES= + +# LDAP_DEFAULT_DOMAIN : The default domain of the ldap it is used to create email if the field is not map correctly with the LDAP_SYNC_USER_DATA_FIELDMAP +# example : +#LDAP_DEFAULT_DOMAIN= + +# Enable/Disable syncing of admin status based on ldap groups: +#LDAP_SYNC_ADMIN_STATUS=true + +# Comma separated list of admin group names to sync. +#LDAP_SYNC_ADMIN_GROUPS=group1,group2 + +# LOGOUT_WITH_TIMER : Enables or not the option logout with timer +# example : LOGOUT_WITH_TIMER=true +#LOGOUT_WITH_TIMER= + +# LOGOUT_IN : The number of days +# example : LOGOUT_IN=1 +#LOGOUT_IN= +#LOGOUT_ON_HOURS= + +# LOGOUT_ON_MINUTES : The number of minutes +# example : LOGOUT_ON_MINUTES=55 +#LOGOUT_ON_MINUTES= diff --git a/conf/app.src b/conf/app.src index 990cf9d..e608dae 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,7 +1,7 @@ # This is on YunoHost server just to avoid the file from disappearing # Original source is https://releases.wekan.team/ -SOURCE_URL=https://raw.githubusercontent.com/yalh76/wekan_ynh/2.37/conf/wekan-2.37.tar.gz -SOURCE_SUM=471c3c9190119da0b988a9ae0c28aa80388e07bd8d3720ff44e8a9ecac681c5b +SOURCE_URL=https://raw.githubusercontent.com/yalh76/wekan_ynh/2.40/conf/wekan-2.40.tar.gz +SOURCE_SUM=d49ca72918f979ad1488dfa0f23b099e241eef1eabcbc865fa42f32e6c490018 SOURCE_SUM_PRG=sha256sum ARCH_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/systemd.service b/conf/systemd.service index 0fb4618..5abbcbf 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,10 +7,7 @@ After=network.target mongodb.service Type=simple User=__APP__ Group=__APP__ -Environment="PATH=__ENV_PATH__" -Environment=NODE_ENV=production -Environment=MONGO_URL=mongodb://127.0.0.1:27017/__DB_NAME__ -Environment=ROOT_URL=https://__DOMAIN_URI__ PORT=__PORT__ +EnvironmentFile=__FINALPATH__/.env WorkingDirectory=__FINALPATH__ ExecStart=/opt/node_n/bin/node __FINALPATH__/main.js Restart=on-failure diff --git a/conf/wekan-2.37.tar.gz b/conf/wekan-2.40.tar.gz similarity index 83% rename from conf/wekan-2.37.tar.gz rename to conf/wekan-2.40.tar.gz index 7dce409..dde1f3d 100644 Binary files a/conf/wekan-2.37.tar.gz and b/conf/wekan-2.40.tar.gz differ diff --git a/manifest.json b/manifest.json index da2e4bc..0c2898b 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Trello-like kanban", "fr": "Un kanban similaire à Trello" }, - "version": "2.37~ynh1", + "version": "2.40~ynh1", "url": "https://wekan.io", "license": "MIT", "maintainer": { diff --git a/scripts/install b/scripts/install index 9dff508..50253e4 100755 --- a/scripts/install +++ b/scripts/install @@ -166,16 +166,11 @@ ynh_system_user_create $app "$final_path" #================================================= # SPECIFIC SETUP #================================================= -# INSTALL WEKAN NPM DEPENDENCIES -#================================================= -ynh_print_info "Installing wekan npm dependencies ..." -# Install wekan dependencies -chown -R $app $final_path -pushd $final_path/programs/server - ynh_use_nodejs - npm install -popd +# Start mogodb +ynh_print_info "Starting mongodb ..." +systemctl enable mongodb +systemctl restart mongodb #================================================= # SETUP SYSTEMD @@ -194,13 +189,32 @@ ynh_print_info "Configuring a systemd service..." ### - And the section "SETUP SYSTEMD" in the upgrade script # Create a dedicated systemd config -ynh_print_info "Adding wekan systemd service ..." -ynh_replace_string "__ENV_PATH__" "$nodejs_path" "../conf/systemd.service" -ynh_replace_string "__DB_NAME__" "$db_name" "../conf/systemd.service" -ynh_replace_string "__DOMAIN_URI__" "$domain$path_url" "../conf/systemd.service" -ynh_replace_string "__PORT__" "$port" "../conf/systemd.service" ynh_add_systemd_config +#================================================= +# MODIFY A CONFIG FILE +#================================================= + +### `ynh_replace_string` is used to replace a string in a file. +### (It's compatible with sed regular expressions syntax) +cp "../conf/.env" "$final_path/.env" + +ynh_replace_string "__NODEJS_PATH__" "$nodejs_path" "$final_path/.env" +ynh_replace_string "__DB_NAME__" "$db_name" "$final_path/.env" +ynh_replace_string "__DOMAIN_URI__" "$domain$path_url" "$final_path/.env" +ynh_replace_string "__PORT__" "$port" "$final_path/.env" + +#================================================= +# STORE THE CONFIG FILE CHECKSUM +#================================================= + +### `ynh_store_file_checksum` is used to store the checksum of a file. +### That way, during the upgrade script, by using `ynh_backup_if_checksum_is_different`, +### you can make a backup of this file before modifying it again if the admin had modified it. + +# Calculate and store the config file checksum into the app settings +ynh_store_file_checksum "$final_path/.env" + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index fb7948c..283007e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -72,11 +72,15 @@ if ynh_version_gt "0.77-2" "${previous_version}" ; then ynh_install_nodejs 8.14.1 ynh_use_nodejs # Create a dedicated systemd config - ynh_replace_string "__ENV_PATH__" "$nodejs_path" "../conf/systemd.service" - ynh_replace_string "__DB_NAME__" "$db_name" "../conf/systemd.service" - ynh_replace_string "__DOMAIN_URI__" "$domain$path_url" "../conf/systemd.service" - ynh_replace_string "__PORT__" "$port" "../conf/systemd.service" ynh_add_systemd_config + # Create a dedicated .env config + ynh_backup_if_checksum_is_different "$final_path/.env" + cp "../conf/.env" "$final_path/.env" + ynh_replace_string "__NODEJS_PATH__" "$nodejs_path" "$final_path/.env" + ynh_replace_string "__DB_NAME__" "$db_name" "$final_path/.env" + ynh_replace_string "__DOMAIN_URI__" "$domain$path_url" "$final_path/.env" + ynh_replace_string "__PORT__" "$port" "$final_path/.env" + ynh_store_file_checksum "$final_path/.env" fi if ynh_version_gt "1.07~ynh2" "${previous_version}" ; then @@ -134,17 +138,6 @@ chown -R $app: "$final_path" chmod -R 640 "$final_path" find "$final_path" -type d -print0 | xargs -0 chmod 750 -#================================================= -# INSTALL WEKAN NPM DEPENDENCIES -#================================================= -ynh_print_info "Installing wekan npm dependencies ..." - -# Relaunch a npm install -pushd $final_path/programs/server - ynh_use_nodejs - npm install -popd - #================================================= # SETUP SSOWAT #=================================================