diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh deleted file mode 100644 index 8777d7a..0000000 --- a/.github/workflows/updater.sh +++ /dev/null @@ -1,139 +0,0 @@ -#!/bin/bash - -#================================================= -# PACKAGE UPDATING HELPER -#================================================= - -# This script is meant to be run by GitHub Actions -# The YunoHost-Apps organisation offers a template Action to run this script periodically -# Since each app is different, maintainers can adapt its contents so as to perform -# automatic actions when a new upstream release is detected. - -#================================================= -# FETCHING LATEST RELEASE AND ITS ASSETS -#================================================= - -# Fetching information -current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') -repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') -# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) -version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) - -# Later down the script, we assume the version has only digits and dots -# Sometimes the release name starts with a "v", so let's filter it out. -# You may need more tweaks here if the upstream repository has different naming conventions. -if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} -fi - -# Setting up the environment variables -echo "Current version: $current_version" -echo "Latest release from upstream: $version" -echo "VERSION=$version" >> $GITHUB_ENV -# For the time being, let's assume the script will fail -echo "PROCEED=false" >> $GITHUB_ENV - -# Proceed only if the retrieved version is greater than the current one -if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "::warning ::No new version available" - exit 0 -# Proceed only if a PR for this new version does not already exist -elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then - echo "::warning ::A branch already exists for this update" - exit 0 -fi - -# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) -echo "${#assets[@]} available asset(s)" - -#================================================= -# UPDATE SOURCE FILES -#================================================= - -# Here we use the $assets variable to get the resources published in the upstream release. -# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. - -# Let's loop over the array of assets URLs -for asset_url in ${assets[@]}; do - -echo "Handling asset at $asset_url" - -# Assign the asset to a source file in conf/ directory -# Here we base the source file name upon a unique keyword in the assets url (admin vs. update) -# Leave $src empty to ignore the asset -case $asset_url in - *"linux-amd64.tar.gz") - src="amd64" - ;; - *"linux-arm64.tar.gz") - src="arm64" - ;; - *"linux-arm.tar.gz") - src="armhf" - ;; - *"linux-386.tar.gz") - src="i386" - ;; - *) - src="" - ;; -esac - -# If $src is not empty, let's process the asset -if [ ! -z "$src" ]; then - -# Create the temporary directory -tempdir="$(mktemp -d)" - -# Download sources and calculate checksum -filename=${asset_url##*/} -curl --silent -4 -L $asset_url -o "$tempdir/$filename" -checksum=$(sha256sum "$tempdir/$filename" | head -c 64) - -# Delete temporary directory -rm -rf $tempdir - -# Get extension -if [[ $filename == *.tar.gz ]]; then - extension=tar.gz -else - extension=${filename##*.} -fi - -# Rewrite source file -cat < conf/$src.src -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension -SOURCE_IN_SUBDIR=false -SOURCE_FILENAME= -EOT -echo "... conf/$src.src updated" - -else -echo "... asset ignored" -fi - -done - -#================================================= -# SPECIFIC UPDATE STEPS -#================================================= - -# Any action on the app's source code can be done. -# The GitHub Action workflow takes care of committing all changes after this script ends. - -#================================================= -# GENERIC FINALIZATION -#================================================= - -# Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json - -# No need to update the README, yunohost-bot takes care of it - -# The Action will proceed only if the PROCEED environment variable is set to true -echo "PROCEED=true" >> $GITHUB_ENV -exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml deleted file mode 100644 index fb72ba0..0000000 --- a/.github/workflows/updater.yml +++ /dev/null @@ -1,49 +0,0 @@ -# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. -# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. -# This file should be enough by itself, but feel free to tune it to your needs. -# It calls updater.sh, which is where you should put the app-specific update steps. -name: Check for new upstream releases -on: - # Allow to manually trigger the workflow - workflow_dispatch: - # Run it every day at 6:00 UTC - schedule: - - cron: '0 6 * * *' -jobs: - updater: - runs-on: ubuntu-latest - steps: - - name: Fetch the source code - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run the updater script - id: run_updater - run: | - # Setting up Git user - git config --global user.name 'yunohost-bot' - git config --global user.email 'yunohost-bot@users.noreply.github.com' - # Run the updater script - /bin/bash .github/workflows/updater.sh - - name: Commit changes - id: commit - if: ${{ env.PROCEED == 'true' }} - run: | - git commit -am "Upgrade to v$VERSION" - - name: Create Pull Request - id: cpr - if: ${{ env.PROCEED == 'true' }} - uses: peter-evans/create-pull-request@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: Update to version ${{ env.VERSION }} - committer: 'yunohost-bot ' - author: 'yunohost-bot ' - signoff: false - base: testing - branch: ci-auto-update-v${{ env.VERSION }} - delete-branch: true - title: 'Upgrade to version ${{ env.VERSION }}' - body: | - Upgrade to v${{ env.VERSION }} - draft: false diff --git a/README.md b/README.md index 2182090..fc8f055 100644 --- a/README.md +++ b/README.md @@ -18,24 +18,11 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in WireGuard® is fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN. -**Shipped version:** 0.4.0~ynh1 +**Shipped version:** 0.5.0~ynh1 ## Screenshots ![Screenshot of WireGuard](./doc/screenshots/screenshot.png) -![Screenshot of WireGuard](./doc/screenshots/screenshot.png:Zone.Identifier) - -## Disclaimers / important information - -* WireGuard for YunoHost will add a DMKS module to your Linux kernel. - * You may need to reboot your server for WireGuard to be able to start. -* The package includes WireGuard and non-official web UI to configure it. - * Do not manually alter the configuration files. -* Use YunoHost permissions panel to allow users to access the web UI. -* Only one network interface, *wg0*, can be managed with this app at the moment. -* `Status` page is not working for the time being. - -After installation, you need to `Apply Config` once in the UI before the VPN service can be started. ## Documentation and resources diff --git a/README_fr.md b/README_fr.md index d42ec2c..acd6be3 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,24 +18,11 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po WireGuard® is fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN. -**Version incluse :** 0.4.0~ynh1 +**Version incluse :** 0.5.0~ynh1 ## Captures d’écran ![Capture d’écran de WireGuard](./doc/screenshots/screenshot.png) -![Capture d’écran de WireGuard](./doc/screenshots/screenshot.png:Zone.Identifier) - -## Avertissements / informations importantes - -* Cette application ajoutera un module DMKS à votre noyau Linux. - * Vous devriez redémarrer votre serveur pour que WireGuard puisse se lancer. -* Cette application inclut WireGuard et une interface web non-officielle pour le configurer. - * Ne modifiez pas les fichiers de configuration à la main. -* Utiliser le panneau de permissions de YunoHost pour autoriser des utilisateurs à accéder à WireGuard UI. -* Une seule interface réseau, *wg0*, peut actuellement être gérée par cette app. -* La page `Status` demeure non fonctionnelle pour l'instant. - -Après installation, vous devrez cliquer sur `Apply Config` une fois dans l'UI avant que le service VPN puisse être démarré. ## Documentations et ressources diff --git a/check_process b/check_process deleted file mode 100644 index 84adfaa..0000000 --- a/check_process +++ /dev/null @@ -1,20 +0,0 @@ -;; Test complet - ; Manifest - domain="domain.tld" - path="/" - admin="john" - ; Checks - pkg_linter=1 - setup_sub_dir=0 - setup_root=1 - setup_nourl=0 - setup_private=1 - setup_public=0 - upgrade=1 - upgrade=1 from_commit=7462d84582a89e822424480e3192c008634384e1 - backup_restore=1 - multi_instance=0 - change_url=0 -;;; Upgrade options - ; commit=7462d84582a89e822424480e3192c008634384e1 - manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=0& diff --git a/conf/amd64.src b/conf/amd64.src deleted file mode 100644 index aa64ec4..0000000 --- a/conf/amd64.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.4.0/wireguard-ui-v0.4.0-linux-amd64.tar.gz -SOURCE_SUM=30f0d124f6180dfd6fd1e383c1fd261d71d817ce3683e844e57af5d612297d08 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=false -SOURCE_FILENAME= diff --git a/conf/arm64.src b/conf/arm64.src deleted file mode 100644 index 5e0b572..0000000 --- a/conf/arm64.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.4.0/wireguard-ui-v0.4.0-linux-arm64.tar.gz -SOURCE_SUM=813ee07d8abe7ac4e1095d5fb92555170fed7f7cfed4d2d82ca003c5eb6c9a40 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=false -SOURCE_FILENAME= diff --git a/conf/armhf.src b/conf/armhf.src deleted file mode 100644 index 7152eea..0000000 --- a/conf/armhf.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.4.0/wireguard-ui-v0.4.0-linux-arm.tar.gz -SOURCE_SUM=a73e48f24352c3a795f02c26db0a37d5cea5f9f662708fc8f3e10f7e5ad0c2b4 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=false -SOURCE_FILENAME= diff --git a/conf/i386.src b/conf/i386.src deleted file mode 100644 index 5fd9e8e..0000000 --- a/conf/i386.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.4.0/wireguard-ui-v0.4.0-linux-386.tar.gz -SOURCE_SUM=6cd9dce46166a4b84a457cb53406ba0af4f4fb21aa74d9cde33e185e146a6309 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=false -SOURCE_FILENAME= diff --git a/conf/wireguard_ui.service b/conf/wireguard_ui.service index 8ac6385..4338659 100644 --- a/conf/wireguard_ui.service +++ b/conf/wireguard_ui.service @@ -6,9 +6,9 @@ After=network.target wireguard.service Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/ -EnvironmentFile=__FINALPATH__/wireguard-ui.env -ExecStart=__FINALPATH__/wireguard-ui +WorkingDirectory=__INSTALL_DIR__/ +EnvironmentFile=__INSTALL_DIR__/wireguard-ui.env +ExecStart=__INSTALL_DIR__/wireguard-ui # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these diff --git a/doc/DISCLAIMER.md b/doc/ADMIN.md similarity index 100% rename from doc/DISCLAIMER.md rename to doc/ADMIN.md diff --git a/doc/DISCLAIMER_fr.md b/doc/ADMIN_fr.md similarity index 100% rename from doc/DISCLAIMER_fr.md rename to doc/ADMIN_fr.md diff --git a/doc/screenshots/screenshot.png:Zone.Identifier b/doc/screenshots/screenshot.png:Zone.Identifier deleted file mode 100644 index 5ff913c..0000000 --- a/doc/screenshots/screenshot.png:Zone.Identifier +++ /dev/null @@ -1,3 +0,0 @@ -[ZoneTransfer] -ZoneId=3 -HostUrl=https://user-images.githubusercontent.com/6447444/80270680-76adf980-86e4-11ea-8ca1-9237f0dfa249.png diff --git a/manifest.json b/manifest.json deleted file mode 100644 index 485a754..0000000 --- a/manifest.json +++ /dev/null @@ -1,40 +0,0 @@ -{ - "name": "WireGuard", - "id": "wireguard", - "packaging_format": 1, - "description": { - "en": "Fast and modern VPN server, including a configuration webapp", - "fr": "Serveur VPN rapide et moderne, incluant une webapp pour le configurer" - }, - "version": "0.4.0~ynh1", - "url": "https://github.com/ngoduykhanh/wireguard-ui", - "upstream": { - "license": "MIT", - "website": "https://www.wireguard.com/", - "code": "https://github.com/ngoduykhanh/wireguard-ui" - }, - "license": "MIT", - "maintainer": { - "name": "tituspijean", - "email": "tituspijean@outlook.com" - }, - "requirements": { - "yunohost": ">= 11" - }, - "multi_instance": false, - "services": [ - "nginx" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "admin", - "type": "user" - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..bec8039 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,61 @@ +packaging_format = 2 + +id = "wireguard" +name = "WireGuard" +description.en = "Fast and modern VPN server, including a configuration webapp" +description.fr = "Serveur VPN rapide et moderne, incluant une webapp pour le configurer" + +version = "0.5.0~ynh1" + +maintainers = ["tituspijean"] + +[upstream] +license = "MIT" +website = "https://www.wireguard.com/" +code = "https://github.com/ngoduykhanh/wireguard-ui" + +[integration] +yunohost = ">= 11.1.19" +architectures = "all" +multi_instance = false +ldap = false +sso = false +disk = "50M" +ram.build = "50M" +ram.runtime = "50M" + +[install] + [install.domain] + type = "domain" + full_domain = true + + [install.admin] + type = "user" + +[resources] + [resources.sources.main] + in_subdir = false + arm64.url = "https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.5.0/wireguard-ui-v0.5.0-linux-arm64.tar.gz" + arm64.sha256 = "1a49f6cfc6b3abfe0c4a0ce5998e0f82c29cd59735c8fa3bdbf05ef1d2087224" + amd64.url = "https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.5.0/wireguard-ui-v0.5.0-linux-amd64.tar.gz" + amd64.sha256 = "fd974152d57a8fba9f9797c3ef1d330542639cb8863c36e99782152de0e17460" + armhf.url = "https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.5.0/wireguard-ui-v0.5.0-linux-arm.tar.gz" + armhf.sha256 = "0695da19fe9348048d0700dccead116bf7b59436dd5ccbc8c9bdc232315bac4d" + i386.url = "https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.5.0/wireguard-ui-v0.5.0-linux-386.tar.gz" + i386.sha256 = "595493c3a197049d0f02ad15c01080456e1f7ea23a8eaf0d05b51f7ce35875e2" + + [resources.ports] + main.default = 8096 + wg.default = 8095 + wg.exposed = "UDP" + + [resources.system_user] + + [resources.install_dir] + + [resources.permissions] + main.url = "/" + main.allowed = "admins" + + [resources.apt] + packages = "wireguard" diff --git a/scripts/_common.sh b/scripts/_common.sh index ee62c6f..24e2509 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,13 +4,6 @@ # COMMON VARIABLES #================================================= -interface=$(ip route | awk '/default/ { print $5 }' | head -n1) - -main_domain=$(cat /etc/yunohost/current_host) - -# dependencies used by the app -pkg_dependencies="wireguard" - #================================================= # PERSONAL HELPERS #================================================= @@ -42,7 +35,7 @@ ynh_send_readme_to_admin() { type="${type:-install}" # Get the value of admin_mail_html - admin_mail_html=$(ynh_app_setting_get $app admin_mail_html) +#REMOVEME? admin_mail_html=$(ynh_app_setting_get $app admin_mail_html) admin_mail_html="${admin_mail_html:-0}" # Retrieve the email of users diff --git a/scripts/backup b/scripts/backup index 0e9ebff..05345fe 100644 --- a/scripts/backup +++ b/scripts/backup @@ -10,27 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -40,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE NGINX CONFIGURATION @@ -66,7 +45,7 @@ ynh_backup --src_path=/etc/systemd/system/wireguard@.service ynh_backup --src_path="/etc/wireguard" # Backing up specific config file, in case of it is not in /etc/wireguard -ynh_backup --src_path="$(jq -r ".config_file_path" $final_path/db/server/global_settings.json)" --not_mandatory +ynh_backup --src_path="$(jq -r ".config_file_path" $install_dir/db/server/global_settings.json)" --not_mandatory # Backup the sysctl config file to enable port forwarding ynh_backup --src_path="/etc/sysctl.d/$app.conf" diff --git a/scripts/change_url b/scripts/change_url index f77be7b..107b19d 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -9,121 +9,33 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH - -new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 - -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." --time --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - - # restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# CHECK WHICH PARTS SHOULD BE CHANGED -#================================================= - -change_domain=0 -if [ "$old_domain" != "$new_domain" ] -then - change_domain=1 -fi - -change_path=0 -if [ "$old_path" != "$new_path" ] -then - change_path=1 -fi - #================================================= # STANDARD MODIFICATIONS #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --time --weight=1 +ynh_script_progression --message="Stopping a systemd service..." --weight=1 ynh_systemd_action --service_name=wireguard_ui --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd" --timeout=30 #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating nginx web server configuration..." --time --weight=1 +ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -# Change the path in the nginx config file -if [ $change_path -eq 1 ] -then - # Make a backup of the original nginx config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for nginx helper - domain="$old_domain" - path_url="$new_path" - # Create a dedicated nginx config - ynh_add_nginx_config -fi - -# Change the domain for nginx -if [ $change_domain -eq 1 ] -then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" -fi - -#================================================= -# SPECIFIC MODIFICATIONS -#================================================= -# ... -#================================================= +ynh_change_url_nginx_config #================================================= # GENERIC FINALISATION #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --time --weight=1 +ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30 -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading nginx web server..." --time --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --time --last +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/install b/scripts/install index 242a382..20ea640 100644 --- a/scripts/install +++ b/scripts/install @@ -9,83 +9,26 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -domain=$YNH_APP_ARG_DOMAIN -path_url="/" -admin=$YNH_APP_ARG_ADMIN -architecture=$YNH_ARCH - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." --weight=1 - -final_path=/opt/yunohost/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url +interface=$(ip route | awk '/default/ { print $5 }' | head -n1) +main_domain=$(cat /etc/yunohost/current_host) #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_script_progression --message="Storing installation settings..." --weight=1 -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=interface --value=$interface -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." --weight=1 - -# Find an available port for WireGuard -port_wg=$(ynh_find_port --port=8095) -ynh_app_setting_set --app=$app --key=port_wg --value=$port_wg - -# Find an available port for WireGuard UI -port=$(ynh_find_port --port=$(($port_wg+1))) -ynh_app_setting_set --app=$app --key=port --value=$port - -# Open the WireGuard port -ynh_script_progression --message="Configuring firewall..." --weight=1 -ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_wg - -#================================================= -# INSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Installing dependencies..." --weight=7 - -ynh_install_app_dependencies "$pkg_dependencies" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 -ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" --source_id="$architecture" +ynh_setup_source --dest_dir="$install_dir" #================================================= # NGINX CONFIGURATION @@ -95,14 +38,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated nginx config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # SPECIFIC SETUP #================================================= @@ -110,14 +45,14 @@ ynh_system_user_create --username=$app #================================================= # Create db directory for securing it later -mkdir -p $final_path/db/server +mkdir -p $install_dir/db/server # Add interface configuration file for the Web UI -ynh_add_config --template="../conf/interfaces.json" --destination="$final_path/db/server/interfaces.json" -ynh_delete_file_checksum --file="$final_path/db/server/interfaces.json" +ynh_add_config --template="../conf/interfaces.json" --destination="$install_dir/db/server/interfaces.json" +ynh_delete_file_checksum --file="$install_dir/db/server/interfaces.json" # Add configuration for the Web UI -ynh_add_config --template="../conf/wireguard-ui.env" --destination="$final_path/wireguard-ui.env" +ynh_add_config --template="../conf/wireguard-ui.env" --destination="$install_dir/wireguard-ui.env" # Create WireGuard configuration directory mkdir -p /etc/wireguard @@ -152,9 +87,9 @@ sysctl -p /etc/sysctl.d/$app.conf #================================================= # Set permissions to app files -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app: "$final_path" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R $app: "$install_dir" chmod 750 /etc/wireguard chmod -R o-rwx /etc/wireguard @@ -176,20 +111,6 @@ ynh_script_progression --message="Starting the systemd service for the UI..." -- # Start a systemd service ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30 -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 - -ynh_permission_update --permission="main" --remove="all_users" --add="$admin" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index 4d9d468..81e67fd 100644 --- a/scripts/remove +++ b/scripts/remove @@ -9,18 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -port=$(ynh_app_setting_get --app=$app --key=port) -port_wg=$(ynh_app_setting_get --app=$app --key=port_wg) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - #================================================= # STANDARD REMOVE #================================================= @@ -57,22 +45,11 @@ ynh_secure_remove --file="/etc/systemd/system/wireguard@.service" ynh_remove_systemd_config --service=wireguard_ui -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=6 - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - #================================================= # REMOVE APP MAIN DIR #================================================= ynh_script_progression --message="Removing app main directory..." --weight=1 -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - # Remove WireGuard configuration directory securely ynh_secure_remove --file="/etc/wireguard" @@ -92,16 +69,6 @@ ynh_script_progression --message="Removing logrotate configuration..." --weight= # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# CLOSE WIREGUARD PORT -#================================================= - -if yunohost firewall list | grep -q "\- $port_wg$" -then - ynh_script_progression --message="Closing port $port_wg..." --weight=1 - ynh_exec_warn_less yunohost firewall disallow UDP $port_wg -fi - #================================================= # SPECIFIC REMOVE #================================================= @@ -114,16 +81,6 @@ ynh_secure_remove --file="/etc/sudoers.d/${app}_ynh" # Remove sysctl file for port forwarding ynh_secure_remove --file="/etc/sysctl.d/$app.conf" -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." --weight=1 - -# Delete a system user -ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index e4e888b..4914e8c 100644 --- a/scripts/restore +++ b/scripts/restore @@ -10,37 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - #### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -port=$(ynh_app_setting_get --app=$app --key=port) -port_wg=$(ynh_app_setting_get --app=$app --key=port_wg) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=1 - -test ! -d $final_path || ynh_die --message="There is already a directory: $final_path " - #================================================= # STANDARD RESTORATION STEPS #================================================= @@ -54,39 +23,22 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" ynh_restore_file --origin_path="/etc/wireguard" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # RESTORE USER RIGHTS #================================================= # Restore permissions on app files -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app: "$final_path" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R $app: "$install_dir" chmod 750 /etc/wireguard chmod -R o-rwx /etc/wireguard chown -R $app: /etc/wireguard -#================================================= -# SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Reinstalling dependencies..." --weight=5 - -ynh_install_app_dependencies "$pkg_dependencies" - #================================================= # RESTORE SYSTEMD #================================================= @@ -122,7 +74,7 @@ yunohost service add wireguard_ui --description="WireGuard UI" # RESTORE VARIOUS FILES #================================================= -ynh_restore_file --origin_path=$(jq -r ".config_file_path" $final_path/db/server/global_settings.json) --not_mandatory +ynh_restore_file --origin_path=$(jq -r ".config_file_path" $install_dir/db/server/global_settings.json) --not_mandatory #================================================= # START UI SYSTEMD SERVICE diff --git a/scripts/upgrade b/scripts/upgrade index 8a94fbc..14bd6d1 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,67 +9,17 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -port=$(ynh_app_setting_get --app=$app --key=port) -port_wg=$(ynh_app_setting_get --app=$app --key=port_wg) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -architecture=$YNH_ARCH - #================================================= # CHECK VERSION #================================================= upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 -# If final_path doesn't exist, create it -if [ -z "$final_path" ]; then - final_path=/opt/yunohost/$app - ynh_app_setting_set --app=$app --key=final_path --value=$final_path -fi - -# Change port if WireGuard port is the same as WireGuard UI's -if [ $port -eq $port_wg ] -then - ynh_app_setting_delete --app=$app --key=port - port=$(ynh_find_port --port=$(($port_wg+1))) - ynh_app_setting_set --app=$app --key=port --value=$port - # Let's remove the unused is_public key too - ynh_app_setting_delete --app=$app --key=is_public -fi - -# WireGuard UI should be private, really. -if ynh_permission_has_user --permission=main --user=visitors -then - ynh_permission_update --permission=main --remove=visitors -fi - # Drop sudoers file if present if [ -f "/etc/sudoers.d/${app}_ynh" ]; then ynh_secure_remove /etc/sudoers.d/${app}_ynh @@ -110,7 +60,7 @@ then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" --source_id="$architecture" + ynh_setup_source --dest_dir="$install_dir" fi #================================================= @@ -118,8 +68,10 @@ fi #================================================= ynh_script_progression --message="Updating a configuration file..." --weight=1 +main_domain=$(cat /etc/yunohost/current_host) + # Update configuration for the Web UI -ynh_add_config --template="../conf/wireguard-ui.env" --destination="$final_path/wireguard-ui.env" +ynh_add_config --template="../conf/wireguard-ui.env" --destination="$install_dir/wireguard-ui.env" #================================================= # NGINX CONFIGURATION @@ -129,21 +81,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated nginx config ynh_add_nginx_config -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=7 - -ynh_install_app_dependencies "$pkg_dependencies" - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # SETUP SYSTEMD #================================================= @@ -174,9 +111,9 @@ sysctl -p /etc/sysctl.d/$app.conf #================================================= # Set permissions to app files -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app: "$final_path" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R $app: "$install_dir" chmod 750 /etc/wireguard chmod -R o-rwx /etc/wireguard @@ -198,13 +135,6 @@ ynh_script_progression --message="Starting the systemd service for the UI..." -- # Start a systemd service ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30 -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading nginx web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..54d6f3e --- /dev/null +++ b/tests.toml @@ -0,0 +1,9 @@ +test_format = 1.0 + +[default] + + # ------------------------------- + # Commits to test upgrade from + # ------------------------------- + + test_upgrade_from.15d9c1a09457fb9d71fd0519cd16a0492669a8a9.name = "Upgrade from 0.4.0~ynh1"