YunoHost-Apps/wireguard_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/wireguard_ynh.git synced 2024-09-03 20:35:58 +02:00
Code Issues Activity Actions

Merge pull request #86 from YunoHost-Apps/testing

Browse source 
Upgrade to v0.5.0 and packaging v2
This commit is contained in:
tituspijean 2023-06-17 22:13:17 +02:00 committed by GitHub
commit 2999fb3b54
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
23 changed files with 105 additions and 692 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

139
.github/workflows/updater.sh vendored
View file

@ -1,139 +0,0 @@
#!/bin/bash
#=================================================
# PACKAGE UPDATING HELPER
#=================================================
# This script is meant to be run by GitHub Actions
# The YunoHost-Apps organisation offers a template Action to run this script periodically
# Since each app is different, maintainers can adapt its contents so as to perform
# automatic actions when a new upstream release is detected.
#=================================================
# FETCHING LATEST RELEASE AND ITS ASSETS
#=================================================
# Fetching information
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'"))
# Later down the script, we assume the version has only digits and dots
# Sometimes the release name starts with a "v", so let's filter it out.
# You may need more tweaks here if the upstream repository has different naming conventions.
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
version=${version:1}
fi
# Setting up the environment variables
echo "Current version: $current_version"
echo "Latest release from upstream: $version"
echo "VERSION=$version" >> $GITHUB_ENV
# For the time being, let's assume the script will fail
echo "PROCEED=false" >> $GITHUB_ENV
# Proceed only if the retrieved version is greater than the current one
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
echo "::warning ::No new version available"
exit 0
# Proceed only if a PR for this new version does not already exist
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
echo "::warning ::A branch already exists for this update"
exit 0
fi
# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
echo "${#assets[@]} available asset(s)"
#=================================================
# UPDATE SOURCE FILES
#=================================================
# Here we use the $assets variable to get the resources published in the upstream release.
# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like.
# Let's loop over the array of assets URLs
for asset_url in ${assets[@]}; do
echo "Handling asset at $asset_url"
# Assign the asset to a source file in conf/ directory
# Here we base the source file name upon a unique keyword in the assets url (admin vs. update)
# Leave $src empty to ignore the asset
case $asset_url in
*"linux-amd64.tar.gz")
src="amd64"
;;
*"linux-arm64.tar.gz")
src="arm64"
;;
*"linux-arm.tar.gz")
src="armhf"
;;
*"linux-386.tar.gz")
src="i386"
;;
*)
src=""
;;
esac
# If $src is not empty, let's process the asset
if [ ! -z "$src" ]; then
# Create the temporary directory
tempdir="$(mktemp -d)"
# Download sources and calculate checksum
filename=${asset_url##*/}
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
# Delete temporary directory
rm -rf $tempdir
# Get extension
if [[ $filename == *.tar.gz ]]; then
extension=tar.gz
else
extension=${filename##*.}
fi
# Rewrite source file
cat <<EOT > conf/$src.src
SOURCE_URL=$asset_url
SOURCE_SUM=$checksum
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=$extension
SOURCE_IN_SUBDIR=false
SOURCE_FILENAME=
EOT
echo "... conf/$src.src updated"
else
echo "... asset ignored"
fi
done
#=================================================
# SPECIFIC UPDATE STEPS
#=================================================
# Any action on the app's source code can be done.
# The GitHub Action workflow takes care of committing all changes after this script ends.
#=================================================
# GENERIC FINALIZATION
#=================================================
# Replace new version in manifest
echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
# No need to update the README, yunohost-bot takes care of it
# The Action will proceed only if the PROCEED environment variable is set to true
echo "PROCEED=true" >> $GITHUB_ENV
exit 0

49
.github/workflows/updater.yml vendored
View file

@ -1,49 +0,0 @@
# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected.
# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization.
# This file should be enough by itself, but feel free to tune it to your needs.
# It calls updater.sh, which is where you should put the app-specific update steps.
name: Check for new upstream releases
on:
# Allow to manually trigger the workflow
workflow_dispatch:
# Run it every day at 6:00 UTC
schedule:
- cron: '0 6 * * *'
jobs:
updater:
runs-on: ubuntu-latest
steps:
- name: Fetch the source code
uses: actions/checkout@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run the updater script
id: run_updater
run: |
# Setting up Git user
git config --global user.name 'yunohost-bot'
git config --global user.email 'yunohost-bot@users.noreply.github.com'
# Run the updater script
/bin/bash .github/workflows/updater.sh
- name: Commit changes
id: commit
if: ${{ env.PROCEED == 'true' }}
run: |
git commit -am "Upgrade to v$VERSION"
- name: Create Pull Request
id: cpr
if: ${{ env.PROCEED == 'true' }}
uses: peter-evans/create-pull-request@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
commit-message: Update to version ${{ env.VERSION }}
committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
signoff: false
base: testing
branch: ci-auto-update-v${{ env.VERSION }}
delete-branch: true
title: 'Upgrade to version ${{ env.VERSION }}'
body: |
Upgrade to v${{ env.VERSION }}
draft: false

15
README.md
View file

@ -18,24 +18,11 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
WireGuard® is fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN.
**Shipped version:** 0.4.0~ynh1
**Shipped version:** 0.5.0~ynh1
## Screenshots
![Screenshot of WireGuard](./doc/screenshots/screenshot.png)
![Screenshot of WireGuard](./doc/screenshots/screenshot.png:Zone.Identifier)
## Disclaimers / important information
* WireGuard for YunoHost will add a DMKS module to your Linux kernel.
* You may need to reboot your server for WireGuard to be able to start.
* The package includes WireGuard and non-official web UI to configure it.
* Do not manually alter the configuration files.
* Use YunoHost permissions panel to allow users to access the web UI.
* Only one network interface, *wg0*, can be managed with this app at the moment.
* `Status` page is not working for the time being.
After installation, you need to `Apply Config` once in the UI before the VPN service can be started.
## Documentation and resources

15
README_fr.md
View file

@ -18,24 +18,11 @@ Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po
WireGuard® is fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN.
**Version incluse :** 0.4.0~ynh1
**Version incluse :** 0.5.0~ynh1
## Captures décran
![Capture décran de WireGuard](./doc/screenshots/screenshot.png)
![Capture décran de WireGuard](./doc/screenshots/screenshot.png:Zone.Identifier)
## Avertissements / informations importantes
* Cette application ajoutera un module DMKS à votre noyau Linux.
* Vous devriez redémarrer votre serveur pour que WireGuard puisse se lancer.
* Cette application inclut WireGuard et une interface web non-officielle pour le configurer.
* Ne modifiez pas les fichiers de configuration à la main.
* Utiliser le panneau de permissions de YunoHost pour autoriser des utilisateurs à accéder à WireGuard UI.
* Une seule interface réseau, *wg0*, peut actuellement être gérée par cette app.
* La page `Status` demeure non fonctionnelle pour l'instant.
Après installation, vous devrez cliquer sur `Apply Config` une fois dans l'UI avant que le service VPN puisse être démarré.
## Documentations et ressources

20
check_process
View file

@ -1,20 +0,0 @@
;; Test complet
; Manifest
domain="domain.tld"
path="/"
admin="john"
; Checks
pkg_linter=1
setup_sub_dir=0
setup_root=1
setup_nourl=0
setup_private=1
setup_public=0
upgrade=1
upgrade=1 from_commit=7462d84582a89e822424480e3192c008634384e1
backup_restore=1
multi_instance=0
change_url=0
;;; Upgrade options
; commit=7462d84582a89e822424480e3192c008634384e1
manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=0&

6
conf/amd64.src
View file

@ -1,6 +0,0 @@
SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.4.0/wireguard-ui-v0.4.0-linux-amd64.tar.gz
SOURCE_SUM=30f0d124f6180dfd6fd1e383c1fd261d71d817ce3683e844e57af5d612297d08
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=false
SOURCE_FILENAME=

6
conf/arm64.src
View file

@ -1,6 +0,0 @@
SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.4.0/wireguard-ui-v0.4.0-linux-arm64.tar.gz
SOURCE_SUM=813ee07d8abe7ac4e1095d5fb92555170fed7f7cfed4d2d82ca003c5eb6c9a40
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=false
SOURCE_FILENAME=

6
conf/armhf.src
View file

@ -1,6 +0,0 @@
SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.4.0/wireguard-ui-v0.4.0-linux-arm.tar.gz
SOURCE_SUM=a73e48f24352c3a795f02c26db0a37d5cea5f9f662708fc8f3e10f7e5ad0c2b4
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=false
SOURCE_FILENAME=

6
conf/i386.src
View file

@ -1,6 +0,0 @@
SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.4.0/wireguard-ui-v0.4.0-linux-386.tar.gz
SOURCE_SUM=6cd9dce46166a4b84a457cb53406ba0af4f4fb21aa74d9cde33e185e146a6309
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=false
SOURCE_FILENAME=

6
conf/wireguard_ui.service
View file

@ -6,9 +6,9 @@ After=network.target wireguard.service
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__/
EnvironmentFile=__FINALPATH__/wireguard-ui.env
ExecStart=__FINALPATH__/wireguard-ui
WorkingDirectory=__INSTALL_DIR__/
EnvironmentFile=__INSTALL_DIR__/wireguard-ui.env
ExecStart=__INSTALL_DIR__/wireguard-ui
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these

0
doc/DISCLAIMER.md → doc/ADMIN.md
View file

0
doc/DISCLAIMER_fr.md → doc/ADMIN_fr.md
View file

3
doc/screenshots/screenshot.png:Zone.Identifier
View file

@ -1,3 +0,0 @@
[ZoneTransfer]
ZoneId=3
HostUrl=https://user-images.githubusercontent.com/6447444/80270680-76adf980-86e4-11ea-8ca1-9237f0dfa249.png

40
manifest.json
View file

@ -1,40 +0,0 @@
{
"name": "WireGuard",
"id": "wireguard",
"packaging_format": 1,
"description": {
"en": "Fast and modern VPN server, including a configuration webapp",
"fr": "Serveur VPN rapide et moderne, incluant une webapp pour le configurer"
},
"version": "0.4.0~ynh1",
"url": "https://github.com/ngoduykhanh/wireguard-ui",
"upstream": {
"license": "MIT",
"website": "https://www.wireguard.com/",
"code": "https://github.com/ngoduykhanh/wireguard-ui"
},
"license": "MIT",
"maintainer": {
"name": "tituspijean",
"email": "tituspijean@outlook.com"
},
"requirements": {
"yunohost": ">= 11"
},
"multi_instance": false,
"services": [
"nginx"
],
"arguments": {
"install": [
{
"name": "domain",
"type": "domain"
},
{
"name": "admin",
"type": "user"
}
]
}
}

61
manifest.toml Normal file
View file

@ -0,0 +1,61 @@
packaging_format = 2
id = "wireguard"
name = "WireGuard"
description.en = "Fast and modern VPN server, including a configuration webapp"
description.fr = "Serveur VPN rapide et moderne, incluant une webapp pour le configurer"
version = "0.5.0~ynh1"
maintainers = ["tituspijean"]
[upstream]
license = "MIT"
website = "https://www.wireguard.com/"
code = "https://github.com/ngoduykhanh/wireguard-ui"
[integration]
yunohost = ">= 11.1.19"
architectures = "all"
multi_instance = false
ldap = false
sso = false
disk = "50M"
ram.build = "50M"
ram.runtime = "50M"
[install]
[install.domain]
type = "domain"
full_domain = true
[install.admin]
type = "user"
[resources]
[resources.sources.main]
in_subdir = false
arm64.url = "https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.5.0/wireguard-ui-v0.5.0-linux-arm64.tar.gz"
arm64.sha256 = "1a49f6cfc6b3abfe0c4a0ce5998e0f82c29cd59735c8fa3bdbf05ef1d2087224"
amd64.url = "https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.5.0/wireguard-ui-v0.5.0-linux-amd64.tar.gz"
amd64.sha256 = "fd974152d57a8fba9f9797c3ef1d330542639cb8863c36e99782152de0e17460"
armhf.url = "https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.5.0/wireguard-ui-v0.5.0-linux-arm.tar.gz"
armhf.sha256 = "0695da19fe9348048d0700dccead116bf7b59436dd5ccbc8c9bdc232315bac4d"
i386.url = "https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.5.0/wireguard-ui-v0.5.0-linux-386.tar.gz"
i386.sha256 = "595493c3a197049d0f02ad15c01080456e1f7ea23a8eaf0d05b51f7ce35875e2"
[resources.ports]
main.default = 8096
wg.default = 8095
wg.exposed = "UDP"
[resources.system_user]
[resources.install_dir]
[resources.permissions]
main.url = "/"
main.allowed = "admins"
[resources.apt]
packages = "wireguard"

9
scripts/_common.sh
View file

@ -4,13 +4,6 @@
# COMMON VARIABLES
#=================================================
interface=$(ip route | awk '/default/ { print $5 }' | head -n1)
main_domain=$(cat /etc/yunohost/current_host)
# dependencies used by the app
pkg_dependencies="wireguard"
#=================================================
# PERSONAL HELPERS
#=================================================
@ -42,7 +35,7 @@ ynh_send_readme_to_admin() {
type="${type:-install}"
# Get the value of admin_mail_html
admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
#REMOVEME? admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
admin_mail_html="${admin_mail_html:-0}"
# Retrieve the email of users

25
scripts/backup
View file

@ -10,27 +10,6 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
@ -40,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..."
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup --src_path="$final_path"
ynh_backup --src_path="$install_dir"
#=================================================
# BACKUP THE NGINX CONFIGURATION
@ -66,7 +45,7 @@ ynh_backup --src_path=/etc/systemd/system/wireguard@.service
ynh_backup --src_path="/etc/wireguard"
# Backing up specific config file, in case of it is not in /etc/wireguard
ynh_backup --src_path="$(jq -r ".config_file_path" $final_path/db/server/global_settings.json)" --not_mandatory
ynh_backup --src_path="$(jq -r ".config_file_path" $install_dir/db/server/global_settings.json)" --not_mandatory
# Backup the sysctl config file to enable port forwarding
ynh_backup --src_path="/etc/sysctl.d/$app.conf"

98
scripts/change_url
View file

@ -9,121 +9,33 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
old_domain=$YNH_APP_OLD_DOMAIN
old_path=$YNH_APP_OLD_PATH
new_domain=$YNH_APP_NEW_DOMAIN
new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --time --weight=1
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." --time --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK WHICH PARTS SHOULD BE CHANGED
#=================================================
change_domain=0
if [ "$old_domain" != "$new_domain" ]
then
change_domain=1
fi
change_path=0
if [ "$old_path" != "$new_path" ]
then
change_path=1
fi
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --time --weight=1
ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=wireguard_ui --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd" --timeout=30
#=================================================
# MODIFY URL IN NGINX CONF
#=================================================
ynh_script_progression --message="Updating nginx web server configuration..." --time --weight=1
ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# Change the path in the nginx config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original nginx config file if modified
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
# Set global variables for nginx helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated nginx config
ynh_add_nginx_config
fi
# Change the domain for nginx
if [ $change_domain -eq 1 ]
then
# Delete file checksum for the old conf file location
ynh_delete_file_checksum --file="$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
#=================================================
# SPECIFIC MODIFICATIONS
#=================================================
# ...
#=================================================
ynh_change_url_nginx_config
#=================================================
# GENERIC FINALISATION
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --time --weight=1
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Change of URL completed for $app" --time --last
ynh_script_progression --message="Change of URL completed for $app" --last

99
scripts/install
View file

@ -9,83 +9,26 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url="/"
admin=$YNH_APP_ARG_ADMIN
architecture=$YNH_ARCH
app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=1
final_path=/opt/yunohost/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
interface=$(ip route | awk '/default/ { print $5 }' | head -n1)
main_domain=$(cat /etc/yunohost/current_host)
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=interface --value=$interface
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding an available port..." --weight=1
# Find an available port for WireGuard
port_wg=$(ynh_find_port --port=8095)
ynh_app_setting_set --app=$app --key=port_wg --value=$port_wg
# Find an available port for WireGuard UI
port=$(ynh_find_port --port=$(($port_wg+1)))
ynh_app_setting_set --app=$app --key=port --value=$port
# Open the WireGuard port
ynh_script_progression --message="Configuring firewall..." --weight=1
ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_wg
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=7
ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=1
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path" --source_id="$architecture"
ynh_setup_source --dest_dir="$install_dir"
#=================================================
# NGINX CONFIGURATION
@ -95,14 +38,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user
ynh_system_user_create --username=$app
#=================================================
# SPECIFIC SETUP
#=================================================
@ -110,14 +45,14 @@ ynh_system_user_create --username=$app
#=================================================
# Create db directory for securing it later
mkdir -p $final_path/db/server
mkdir -p $install_dir/db/server
# Add interface configuration file for the Web UI
ynh_add_config --template="../conf/interfaces.json" --destination="$final_path/db/server/interfaces.json"
ynh_delete_file_checksum --file="$final_path/db/server/interfaces.json"
ynh_add_config --template="../conf/interfaces.json" --destination="$install_dir/db/server/interfaces.json"
ynh_delete_file_checksum --file="$install_dir/db/server/interfaces.json"
# Add configuration for the Web UI
ynh_add_config --template="../conf/wireguard-ui.env" --destination="$final_path/wireguard-ui.env"
ynh_add_config --template="../conf/wireguard-ui.env" --destination="$install_dir/wireguard-ui.env"
# Create WireGuard configuration directory
mkdir -p /etc/wireguard
@ -152,9 +87,9 @@ sysctl -p /etc/sysctl.d/$app.conf
#=================================================
# Set permissions to app files
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app: "$final_path"
chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app: "$install_dir"
chmod 750 /etc/wireguard
chmod -R o-rwx /etc/wireguard
@ -176,20 +111,6 @@ ynh_script_progression --message="Starting the systemd service for the UI..." --
# Start a systemd service
ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1
ynh_permission_update --permission="main" --remove="all_users" --add="$admin"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================

43
scripts/remove
View file

@ -9,18 +9,6 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
port=$(ynh_app_setting_get --app=$app --key=port)
port_wg=$(ynh_app_setting_get --app=$app --key=port_wg)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# STANDARD REMOVE
#=================================================
@ -57,22 +45,11 @@ ynh_secure_remove --file="/etc/systemd/system/wireguard@.service"
ynh_remove_systemd_config --service=wireguard_ui
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=6
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..." --weight=1
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
# Remove WireGuard configuration directory securely
ynh_secure_remove --file="/etc/wireguard"
@ -92,16 +69,6 @@ ynh_script_progression --message="Removing logrotate configuration..." --weight=
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# CLOSE WIREGUARD PORT
#=================================================
if yunohost firewall list | grep -q "\- $port_wg$"
then
ynh_script_progression --message="Closing port $port_wg..." --weight=1
ynh_exec_warn_less yunohost firewall disallow UDP $port_wg
fi
#=================================================
# SPECIFIC REMOVE
#=================================================
@ -114,16 +81,6 @@ ynh_secure_remove --file="/etc/sudoers.d/${app}_ynh"
# Remove sysctl file for port forwarding
ynh_secure_remove --file="/etc/sysctl.d/$app.conf"
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..." --weight=1
# Delete a system user
ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT
#=================================================

58
scripts/restore
View file

@ -10,37 +10,6 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
#### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
port=$(ynh_app_setting_get --app=$app --key=port)
port_wg=$(ynh_app_setting_get --app=$app --key=port_wg)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=1
test ! -d $final_path || ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
@ -54,39 +23,22 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_restore_file --origin_path="$final_path"
ynh_restore_file --origin_path="$install_dir"
ynh_restore_file --origin_path="/etc/wireguard"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# RESTORE USER RIGHTS
#=================================================
# Restore permissions on app files
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app: "$final_path"
chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app: "$install_dir"
chmod 750 /etc/wireguard
chmod -R o-rwx /etc/wireguard
chown -R $app: /etc/wireguard
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=5
ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# RESTORE SYSTEMD
#=================================================
@ -122,7 +74,7 @@ yunohost service add wireguard_ui --description="WireGuard UI"
# RESTORE VARIOUS FILES
#=================================================
ynh_restore_file --origin_path=$(jq -r ".config_file_path" $final_path/db/server/global_settings.json) --not_mandatory
ynh_restore_file --origin_path=$(jq -r ".config_file_path" $install_dir/db/server/global_settings.json) --not_mandatory
#=================================================
# START UI SYSTEMD SERVICE

84
scripts/upgrade
View file

@ -9,67 +9,17 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
port=$(ynh_app_setting_get --app=$app --key=port)
port_wg=$(ynh_app_setting_get --app=$app --key=port_wg)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
architecture=$YNH_ARCH
#=================================================
# CHECK VERSION
#=================================================
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
final_path=/opt/yunohost/$app
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
# Change port if WireGuard port is the same as WireGuard UI's
if [ $port -eq $port_wg ]
then
ynh_app_setting_delete --app=$app --key=port
port=$(ynh_find_port --port=$(($port_wg+1)))
ynh_app_setting_set --app=$app --key=port --value=$port
# Let's remove the unused is_public key too
ynh_app_setting_delete --app=$app --key=is_public
fi
# WireGuard UI should be private, really.
if ynh_permission_has_user --permission=main --user=visitors
then
ynh_permission_update --permission=main --remove=visitors
fi
# Drop sudoers file if present
if [ -f "/etc/sudoers.d/${app}_ynh" ]; then
ynh_secure_remove /etc/sudoers.d/${app}_ynh
@ -110,7 +60,7 @@ then
ynh_script_progression --message="Upgrading source files..." --weight=1
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path" --source_id="$architecture"
ynh_setup_source --dest_dir="$install_dir"
fi
#=================================================
@ -118,8 +68,10 @@ fi
#=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1
main_domain=$(cat /etc/yunohost/current_host)
# Update configuration for the Web UI
ynh_add_config --template="../conf/wireguard-ui.env" --destination="$final_path/wireguard-ui.env"
ynh_add_config --template="../conf/wireguard-ui.env" --destination="$install_dir/wireguard-ui.env"
#=================================================
# NGINX CONFIGURATION
@ -129,21 +81,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=7
ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# SETUP SYSTEMD
#=================================================
@ -174,9 +111,9 @@ sysctl -p /etc/sysctl.d/$app.conf
#=================================================
# Set permissions to app files
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app: "$final_path"
chmod 750 "$install_dir"
chmod -R o-rwx "$install_dir"
chown -R $app: "$install_dir"
chmod 750 /etc/wireguard
chmod -R o-rwx /etc/wireguard
@ -198,13 +135,6 @@ ynh_script_progression --message="Starting the systemd service for the UI..." --
# Start a systemd service
ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================

9
tests.toml Normal file
View file

@ -0,0 +1,9 @@
test_format = 1.0
[default]
# -------------------------------
# Commits to test upgrade from
# -------------------------------
test_upgrade_from.15d9c1a09457fb9d71fd0519cd16a0492669a8a9.name = "Upgrade from 0.4.0~ynh1"