YunoHost-Apps/wireguard_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/wireguard_ynh.git synced 2024-09-03 20:35:58 +02:00
Code Issues Activity Actions

Merge pull request #16 from YunoHost-Apps/testing

Browse source 
Testing
This commit is contained in:
tituspijean 2021-03-31 11:42:19 +02:00 committed by GitHub
commit 23ec812357
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 105 additions and 89 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -31,8 +31,9 @@ WireGuard can be configured via a non-official web UI. Avoid altering the config
```bash ```bash
sudo nano /etc/sysctl.conf sudo nano /etc/sysctl.conf
# It should have an uncommented line: # Uncomment the following lines:
net.ipv4.ip_forward = 1 net.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
# Save and quit (CTRL+O, CTRL+X) # Save and quit (CTRL+O, CTRL+X)
sudo sysctl -p sudo sysctl -p
``` ```

5
conf/sudoers.conf
View file

@ -1,3 +1,2 @@
Cmnd_Alias WIREGUARDSERVICE = /bin/systemctl restart wg-quick@wg0.service Cmnd_Alias WIREGUARDSERVICE = /usr/bin/systemctl restart wg-quick@wg0.service
%__USER__ ALL = NOPASSWD: WIREGUARDSERVICE
__USER__ ALL = NOPASSWD: WIREGUARDSERVICE

2
conf/wireguard_ui.service
View file

@ -7,7 +7,7 @@ Type=simple
User=__APP__ User=__APP__
Group=__APP__ Group=__APP__
WorkingDirectory=__FINALPATH__/ WorkingDirectory=__FINALPATH__/
ExecStart=__FINALPATH__/wireguard-ui --bind-address="127.0.0.1:__PORT__" --disable-login >> /var/log/__APP__/ui.log 2>&1 ExecStart=__FINALPATH__/wireguard-ui --bind-address="127.0.0.1:__PORT__" --disable-login
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

0
conf/wireguard.path → conf/wireguard_ui_conf.path
View file

2
conf/wireguard.service → conf/wireguard_ui_conf.service
View file

@ -6,4 +6,4 @@ After=network.target
Type=oneshot Type=oneshot
User=__APP__ User=__APP__
Group=__APP__ Group=__APP__
ExecStart=/bin/systemctl restart wg-quick@wg0.service ExecStart=/usr/bin/systemctl restart wg-quick@wg0.service

26
manifest.json
View file

@ -6,7 +6,7 @@
"en": "Virtual Private Networks (VPN) via WireGuard, with a web UI", "en": "Virtual Private Networks (VPN) via WireGuard, with a web UI",
"fr": "Réseaux Privés Virtuels (VPN) via WireGuard, avec une web UI" "fr": "Réseaux Privés Virtuels (VPN) via WireGuard, avec une web UI"
}, },
"version": "0.2.7~ynh2", "version": "0.2.7~ynh3",
"url": "https://github.com/ngoduykhanh/wireguard-ui", "url": "https://github.com/ngoduykhanh/wireguard-ui",
"license": "MIT", "license": "MIT",
"maintainer": { "maintainer": {
@ -33,33 +33,15 @@
{ {
"name": "domain", "name": "domain",
"type": "domain", "type": "domain",
"ask": { "example": "wg.example.com",
"en": "Choose a domain name for WireGuard UI",
"fr": "Choisissez un nom de domaine pour WireGuard UI"
},
"example": "example.com"
},
{
"name": "path",
"type": "path",
"ask": {
"en": "Choose a path for WireGuard UI",
"fr": "Choisissez un chemin pour WireGuard UI"
},
"example": "/example",
"default": "/",
"help": { "help": {
"en": "For the time being, leave the root of a domain. The web UI will not work otherwise.", "en": "The web UI requires its own dedicated domain.",
"fr": "Pour l'instant, gardez la racine d'un domaine. La web UI ne fonctionnera pas sinon." "fr": "L'interface web nécessite son propre domaine."
} }
}, },
{ {
"name": "admin", "name": "admin",
"type": "user", "type": "user",
"ask": {
"en": "Choose an admin user",
"fr": "Choisissez ladministrateur"
},
"example": "johndoe" "example": "johndoe"
} }
] ]

41
scripts/_common.sh
View file

@ -11,6 +11,47 @@ pkg_dependencies="wireguard-dkms wireguard"
# PERSONAL HELPERS # PERSONAL HELPERS
#================================================= #=================================================
# Add gpg keys for repositories
#
# [internal]
#
# usage: ynh_install_repo_gpg --key=key_url --name=name [--append]
# | arg: -k, --key= - url to get the public key.
# | arg: -n, --name= - Name for the files for this repo, $app as default value.
# | arg: -a, --append - Do not overwrite existing files.
#
# Requires YunoHost version 3.8.1 or higher.
ynh_install_repo_gpg () {
# Declare an array to define the options of this helper.
local legacy_args=kna
local -A args_array=( [k]=key= [n]=name= [a]=append )
local key
local name
local append
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
name="${name:-$app}"
append=${append:-0}
key=${key:-}
if [ $append -eq 1 ]
then
append="--append"
wget_append="tee --append"
else
append=""
wget_append="tee"
fi
# Get the public key for the repo
if [ -n "$key" ]
then
mkdir --parents "/etc/apt/trusted.gpg.d"
# Timeout option is here to enforce the timeout on dns query and tcp connect (c.f. man wget)
wget --timeout 900 --quiet "$key" --output-document=- | gpg --dearmor | $wget_append /etc/apt/trusted.gpg.d/$name.gpg > /dev/null
fi
}
#================================================= #=================================================
# EXPERIMENTAL HELPERS # EXPERIMENTAL HELPERS
#================================================= #=================================================

10
scripts/backup
View file

@ -50,19 +50,13 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#================================================= #=================================================
# SPECIFIC BACKUP # SPECIFIC BACKUP
#=================================================
# BACKUP LOGROTATE
#=================================================
ynh_backup --src_path="/etc/logrotate.d/$app"
#================================================= #=================================================
# BACKUP SYSTEMD # BACKUP SYSTEMD
#================================================= #=================================================
ynh_backup --src_path="/etc/systemd/system/$app.service"
ynh_backup --src_path=/etc/systemd/system/wireguard_ui.service ynh_backup --src_path=/etc/systemd/system/wireguard_ui.service
ynh_backup --src_path=/etc/systemd/system/wireguard.path ynh_backup --src_path=/etc/systemd/system/wireguard_ui_conf.path
ynh_backup --src_path=/etc/systemd/system/wireguard_ui_conf.service
ynh_backup --src_path="/etc/sudoers.d/${app}_ynh" ynh_backup --src_path="/etc/sudoers.d/${app}_ynh"
#================================================= #=================================================

31
scripts/install
View file

@ -25,7 +25,7 @@ ynh_abort_if_errors
#================================================= #=================================================
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH #TODO: Check if possible with wireguard_ui to use sub path path_url="/"
admin=$YNH_APP_ARG_ADMIN admin=$YNH_APP_ARG_ADMIN
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
@ -62,7 +62,7 @@ port_wg=$(ynh_find_port --port=8095)
ynh_app_setting_set --app=$app --key=port_wg --value=$port_wg ynh_app_setting_set --app=$app --key=port_wg --value=$port_wg
# Find an available port for WireGuard UI # Find an available port for WireGuard UI
port=$(ynh_find_port --port=8096) port=$(ynh_find_port --port=$(($port_wg+1)))
ynh_app_setting_set --app=$app --key=port --value=$port ynh_app_setting_set --app=$app --key=port --value=$port
# Open the WireGuard port # Open the WireGuard port
@ -73,6 +73,9 @@ ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_wg
#================================================= #=================================================
ynh_script_progression --message="Installing dependencies..." --weight=7 ynh_script_progression --message="Installing dependencies..." --weight=7
# Add buster-backports gpg key
ynh_install_repo_gpg --key="https://ftp-master.debian.org/keys/archive-key-10.asc" --name="$app"
# Add buster-backports repo # Add buster-backports repo
ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app" ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app"
@ -132,7 +135,7 @@ ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --ta
# Create WireGuard configuration directory # Create WireGuard configuration directory
mkdir -p /etc/wireguard mkdir -p /etc/wireguard
# Add interace configuration file for WireGuard # Add interface configuration file for WireGuard
cp ../conf/wg0.conf /etc/wireguard/wg0.conf cp ../conf/wg0.conf /etc/wireguard/wg0.conf
ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --target_file="/etc/wireguard/wg0.conf" ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --target_file="/etc/wireguard/wg0.conf"
ynh_replace_string --match_string="__PRIVATE_KEY__" --replace_string="$(wg genkey)" --target_file="/etc/wireguard/wg0.conf" ynh_replace_string --match_string="__PRIVATE_KEY__" --replace_string="$(wg genkey)" --target_file="/etc/wireguard/wg0.conf"
@ -146,11 +149,11 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=1
ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service --others_var="port" ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service --others_var="port"
# Create a dedicated systemd config for monitoring WireGuard's configuration # Create a dedicated systemd config for monitoring WireGuard's configuration
cp ../conf/wireguard.path /etc/systemd/system/wireguard.path cp ../conf/wireguard_ui_conf.path /etc/systemd/system/wireguard_ui_conf.path
systemctl enable --quiet wireguard.path systemctl enable --quiet wireguard_ui_conf.path
# Create a dedicated systemd config for restarting WireGuard # Create a dedicated systemd config for restarting WireGuard when its configuration changes
ynh_add_systemd_config --service=wireguard --template=wireguard.service --others_var="port_wg" ynh_add_systemd_config --service=wireguard_ui_conf --template=wireguard_ui_conf.service --others_var="port_wg"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
@ -165,21 +168,13 @@ chmod -R 750 $final_path/db
chown -R $app:$app /etc/wireguard chown -R $app:$app /etc/wireguard
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=1
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
#================================================= #=================================================
# INTEGRATE SERVICE IN YUNOHOST # INTEGRATE SERVICE IN YUNOHOST
#================================================= #=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add wireguard --description "WireGuard" --needs_exposed_ports $port_wg --test_status "wg show | grep wg0" yunohost service add wg-quick@wg0 --description "WireGuard VPN" --needs_exposed_ports $port_wg --test_status "wg show | grep wg0"
yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log" yunohost service add wireguard_ui --description "WireGuard UI"
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
@ -207,4 +202,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_script_progression --message="Installation of $app completed" --last ynh_script_progression --message="Installation of $app completed. You may need to reboot your server before being able to start the WireGuard service." --last

17
scripts/remove
View file

@ -27,26 +27,33 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
# REMOVE SERVICE INTEGRATION IN YUNOHOST # REMOVE SERVICE INTEGRATION IN YUNOHOST
#================================================= #=================================================
# Remove the service from the list of services known by Yunohost (added from `yunohost service add`) # Remove the services from the list of services known by Yunohost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status wireguard_ui >/dev/null if ynh_exec_warn_less yunohost service status wireguard_ui >/dev/null
then then
ynh_script_progression --message="Removing WireGuard UI service integration..." --weight=1 ynh_script_progression --message="Removing WireGuard UI service integration..." --weight=1
yunohost service remove wireguard_ui yunohost service remove wireguard_ui
fi fi
if ynh_exec_warn_less yunohost service status wg-quick@wg0 >/dev/null
then
ynh_script_progression --message="Removing WireGuard service integration..." --weight=1
yunohost service remove wg-quick@wg0
fi
#================================================= #=================================================
# STOP AND REMOVE SERVICE # STOP AND REMOVE SERVICE
#================================================= #=================================================
ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
# YunoHost does not handle services not ending with .service, let's remove it manually # YunoHost does not handle services not ending with .service, let's remove it manually
systemctl stop wireguard.path systemctl stop wireguard_ui_conf.path
systemctl disable wireguard.path --quiet systemctl disable wireguard_ui_conf.path --quiet
ynh_secure_remove --file="/etc/systemd/system/wireguard.path" ynh_secure_remove --file="/etc/systemd/system/wireguard_ui_conf.path"
systemctl daemon-reload systemctl daemon-reload
# Remove the dedicated systemd configs # Remove the dedicated systemd configs
ynh_remove_systemd_config --service=wireguard ynh_remove_systemd_config --service=wireguard_ui_conf
ynh_remove_systemd_config --service=wireguard_ui ynh_remove_systemd_config --service=wireguard_ui
#================================================= #=================================================

23
scripts/restore
View file

@ -88,6 +88,9 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=5
# Define and install dependencies # Define and install dependencies
# Add buster-backports gpg key
ynh_install_repo_gpg --key="https://ftp-master.debian.org/keys/archive-key-10.asc" --name="$app"
#Add buster-backports repo #Add buster-backports repo
ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app" ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app"
@ -108,18 +111,20 @@ ynh_remove_extra_repo --name=$app
ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui.service ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui.service
ynh_restore_file --origin_path=/etc/systemd/system/wireguard.path ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui_conf.path
ynh_restore_file --origin_path="/etc/systemd/system/$app.service" ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui_conf.service
systemctl enable --quiet wireguard.path systemctl enable --quiet wireguard_ui.service
systemctl enable --quiet wireguard_ui_conf.path
systemctl enable --quiet wireguard_ui_conf.service
#================================================= #=================================================
# INTEGRATE SERVICE IN YUNOHOST # INTEGRATE SERVICE IN YUNOHOST
#================================================= #=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add wireguard --description "WireGuard" --needs_exposed_ports $port_wg --test_status "wg show | grep wg0" yunohost service add wg-quick@wg0 --description "WireGuard VPN" --needs_exposed_ports "$port_wg" --test_status "wg show | grep wg0"
yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log" yunohost service add wireguard_ui --description "WireGuard UI"
#================================================= #=================================================
# RESTORE VARIOUS FILES # RESTORE VARIOUS FILES
@ -135,12 +140,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30 ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
sleep 5 sleep 5
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
@ -154,4 +153,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_script_progression --message="Restoration completed for $app" --last ynh_script_progression --message="Restoration completed for $app. You may need to reboot your server before being able to start the WireGuard service." --last

34
scripts/upgrade
View file

@ -84,6 +84,13 @@ if [ -f "/etc/sudoers.d/${app}_ynh" ]; then
ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
fi fi
# Remove deprecated services
if systemctl list-units --full -all | grep -Fq "wireguard.path"; then
systemctl disable --now --quiet wireguard.path
ynh_secure_remove --file="/etc/systemd/system/wireguard.path"
fi
ynh_remove_systemd_config --service="wireguard.service"
#================================================= #=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#================================================= #=================================================
@ -106,8 +113,7 @@ ynh_abort_if_errors
ynh_script_progression --message="Stopping a systemd service..." --weight=1 ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=wireguard_ui --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd" --timeout=30 ynh_systemd_action --service_name=wireguard_ui --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd" --timeout=30
systemctl disable --now --quiet wireguard.path ynh_systemd_action --service_name=wg-quick@wg0 --action="stop" --line_match="Stopped WireGuard via wg-quick(8) for wg0." --log_path="systemd" --timeout=30
ynh_systemd_action --service_name=wireguard --action="stop"
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
@ -136,6 +142,9 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=7
#TODO: remove buster-backports kernel #TODO: remove buster-backports kernel
# Add buster-backports gpg key
ynh_install_repo_gpg --key="https://ftp-master.debian.org/keys/archive-key-10.asc" --name="$app"
# Add buster-backports repo # Add buster-backports repo
ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app" ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app"
@ -167,11 +176,8 @@ ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service --others_var="port" ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service --others_var="port"
# Create a dedicated systemd config for monitoring WireGuard's configuration # Create a dedicated systemd config for monitoring WireGuard's configuration
cp ../conf/wireguard.path /etc/systemd/system/wireguard.path cp ../conf/wireguard_ui_conf.path /etc/systemd/system/wireguard_ui_conf.path
systemctl enable --quiet wireguard.path systemctl enable --quiet wireguard_ui_conf.path
# Create a dedicated systemd config for restarting WireGuard
ynh_add_systemd_config --service=wireguard --template=wireguard.service --others_var="port_wg"
#================================================= #=================================================
# CONFIGURING WIREGUARD # CONFIGURING WIREGUARD
@ -195,21 +201,13 @@ chown -R root: $final_path
chown -R $app: $final_path/db chown -R $app: $final_path/db
chmod -R 750 $final_path/db chmod -R 750 $final_path/db
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
#================================================= #=================================================
# INTEGRATE SERVICE IN YUNOHOST # INTEGRATE SERVICE IN YUNOHOST
#================================================= #=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add wireguard --description "WireGuard" --needs_exposed_ports "$port_wg" --test_status "wg show | grep wg0" yunohost service add wg-quick@wg0 --description "WireGuard VPN" --needs_exposed_ports "$port_wg" --test_status "wg show | grep wg0"
yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log" yunohost service add wireguard_ui --description "WireGuard UI"
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
@ -231,4 +229,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_script_progression --message="Upgrade of $app completed" --last ynh_script_progression --message="Upgrade of $app completed. You may need to reboot your server before being able to start the WireGuard service." --last