diff --git a/README.md b/README.md
index 675b4b6..ef2bccc 100644
--- a/README.md
+++ b/README.md
@@ -1,11 +1,13 @@
# WireGuard for YunoHost
[](https://dash.yunohost.org/appci/app/wireguard)  
-[](https://install-app.yunohost.org/?app=wireguard)
+[](https://install-app.yunohost.org/?app=wireguard)
*[Lire ce readme en français.](./README_fr.md)*
-:warning: This app is still experimental. WireGuard requires upgrading your Linux kernel to another major version. Check its compatibility before running it on a production system. :warning:
+:warning: This app is still experimental. Check its compatibility before running it on a production system. :warning:
+
+:exclamation: WireGuard for YunoHost will add a DMKS module to your Linux kernel.
> *This package allows you to install WireGuard quickly and simply on a YunoHost server.
If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
diff --git a/README_fr.md b/README_fr.md
index 2f72da3..9cc1ee7 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -1,11 +1,13 @@
# WireGuard pour YunoHost
[](https://dash.yunohost.org/appci/app/wireguard)  
-[](https://install-app.yunohost.org/?app=wireguard)
+[](https://install-app.yunohost.org/?app=wireguard)
*[Read this readme in english.](./README.md)*
-:warning: Cette app est encore expérimentale. WireGuard requiert de mettre à niveau votre noyau Linux. Vérifiez sa compatibilté avant de lancer l'installation sur un serveur de production. :warning:
+:warning: Cette app est encore expérimentale. Vérifiez sa compatibilté avant de lancer l'installation sur un serveur de production. :warning:
+
+:exclamation: WireGuard pour YunoHost ajoutera un module DKMS à votre noyau Linux.
> *Ce package vous permet d'installer WireGuard rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.*
@@ -78,5 +80,5 @@ Pour essayer la branche testing, procédez comme suit.
```
sudo yunohost app install https://github.com/YunoHost-Apps/wireguard_ynh/tree/testing --debug
ou
-sudo yunohost app upgrade REPLACEBYYOURAPP -u https://github.com/YunoHost-Apps/wireguard_ynh/tree/testing --debug
+sudo yunohost app upgrade wireguard -u https://github.com/YunoHost-Apps/wireguard_ynh/tree/testing --debug
```
diff --git a/check_process b/check_process
index a462e8b..89c76a4 100644
--- a/check_process
+++ b/check_process
@@ -8,23 +8,17 @@
domain="domain.tld" (DOMAIN)
path="/" (PATH)
admin="john" (USER)
- #language="fr"
- #is_public=1 (PUBLIC|public=1|private=0)
- #password="pass"
- #port="666" (PORT)
; Checks
pkg_linter=1
setup_sub_dir=0
setup_root=1
setup_nourl=0
setup_private=1
- setup_public=1
+ setup_public=0
upgrade=1
- #upgrade=1 from_commit=CommitHash
+ upgrade=1 from_commit=797a3e5990571629a8525764ce6e8d359277313f
backup_restore=1
- multi_instance=1
- # This test is no longer necessary since the version 2.7 (PR: https://github.com/YunoHost/yunohost/pull/304), you can still do it if your app could be installed with this version.
- # incorrect_path=1
+ multi_instance=0
port_already_use=0
change_url=0
;;; Levels
@@ -34,7 +28,7 @@
Email=
Notification=none
;;; Upgrade options
- ; commit=CommitHash
- name=Name and date of the commit.
- manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666&
+ ; commit=797a3e5990571629a8525764ce6e8d359277313f
+ name=a version using backport kernel
+ manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=0&
diff --git a/conf/app.src b/conf/app.src
deleted file mode 100644
index 5bda8ec..0000000
--- a/conf/app.src
+++ /dev/null
@@ -1,6 +0,0 @@
-SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.2.5/wireguard-ui-v0.2.5-linux-amd64.tar.gz
-SOURCE_SUM=BEB3B73E173B115B355F83DFE2D7E6AA2125D692E389319930ABBFA215F1657B
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FORMAT=tar.gz
-SOURCE_IN_SUBDIR=false
-SOURCE_FILENAME=
diff --git a/conf/sudoers.conf b/conf/sudoers.conf
new file mode 100644
index 0000000..cb80189
--- /dev/null
+++ b/conf/sudoers.conf
@@ -0,0 +1,3 @@
+Cmnd_Alias WIREGUARDSERVICE = /bin/systemctl restart wg-quick@wg0.service
+
+__USER__ ALL = NOPASSWD: WIREGUARDSERVICE
diff --git a/conf/wireguard.service b/conf/wireguard.service
index f2afa4d..7711fbf 100644
--- a/conf/wireguard.service
+++ b/conf/wireguard.service
@@ -4,4 +4,6 @@ After=network.target
[Service]
Type=oneshot
+User=__APP__
+Group=__APP__
ExecStart=/bin/systemctl restart wg-quick@wg0.service
diff --git a/conf/wireguard_ui.service b/conf/wireguard_ui.service
index a894e3b..eb79f7a 100644
--- a/conf/wireguard_ui.service
+++ b/conf/wireguard_ui.service
@@ -1,6 +1,6 @@
[Unit]
Description=WireGuard UI
-After=network.target wireguard.service wireguard_path.service
+After=network.target wireguard.service
[Service]
Type=simple
diff --git a/manifest.json b/manifest.json
index 029b6a7..a52fa6c 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
"en": "Virtual Private Networks (VPN) via WireGuard, with a web UI",
"fr": "Réseaux Privés Virtuels (VPN) via WireGuard, avec une web UI"
},
- "version": "0.2.7~ynh1",
+ "version": "0.2.7~ynh2",
"url": "https://github.com/ngoduykhanh/wireguard-ui",
"license": "MIT",
"maintainer": {
@@ -14,7 +14,7 @@
"email": "tituspijean@outlook.com"
},
"requirements": {
- "yunohost": ">= 3.8.1"
+ "yunohost": ">= 4.0.8"
},
"multi_instance": false,
"services": [
@@ -22,6 +22,14 @@
],
"arguments": {
"install" : [
+ {
+ "name": "warning",
+ "type": "display_text",
+ "ask": {
+ "en": "WireGuard installs a Linux kernel module and will most likely require a reboot of your server to work properly.",
+ "fr": "WireGuard installe un module au noyau Linux et nécessite probablement un redémarrage du serveur pour fonctionner correctement."
+ }
+ },
{
"name": "domain",
"type": "domain",
diff --git a/scripts/_common.sh b/scripts/_common.sh
index e47fc5c..40b5c9c 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -5,7 +5,7 @@
#=================================================
# dependencies used by the app
-pkg_dependencies="wireguard"
+pkg_dependencies="wireguard-dkms wireguard"
#=================================================
# PERSONAL HELPERS
@@ -39,6 +39,145 @@ ynh_detect_arch(){
echo $architecture
}
+# Send an email to inform the administrator
+#
+# usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type]
+# | arg: -m --app_message= - The file with the content to send to the administrator.
+# | arg: -r, --recipients= - The recipients of this email. Use spaces to separate multiples recipients. - default: root
+# example: "root admin@domain"
+# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you
+# example: "root admin@domain user1 user2"
+# | arg: -t, --type= - Type of mail, could be 'backup', 'change_url', 'install', 'remove', 'restore', 'upgrade'
+ynh_send_readme_to_admin() {
+ # Declare an array to define the options of this helper.
+ declare -Ar args_array=( [m]=app_message= [r]=recipients= [t]=type= )
+ local app_message
+ local recipients
+ local type
+ # Manage arguments with getopts
+
+ ynh_handle_getopts_args "$@"
+ app_message="${app_message:-}"
+ recipients="${recipients:-root}"
+ type="${type:-install}"
+
+ # Get the value of admin_mail_html
+ admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
+ admin_mail_html="${admin_mail_html:-0}"
+
+ # Retrieve the email of users
+ find_mails () {
+ local list_mails="$1"
+ local mail
+ local recipients=" "
+ # Read each mail in argument
+ for mail in $list_mails
+ do
+ # Keep root or a real email address as it is
+ if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@"
+ then
+ recipients="$recipients $mail"
+ else
+ # But replace an user name without a domain after by its email
+ if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null)
+ then
+ recipients="$recipients $mail"
+ fi
+ fi
+ done
+ echo "$recipients"
+ }
+ recipients=$(find_mails "$recipients")
+
+ # Subject base
+ local mail_subject="☁️🆈🅽🅷☁️: \`$app\`"
+
+ # Adapt the subject according to the type of mail required.
+ if [ "$type" = "backup" ]; then
+ mail_subject="$mail_subject has just been backup."
+ elif [ "$type" = "change_url" ]; then
+ mail_subject="$mail_subject has just been moved to a new URL!"
+ elif [ "$type" = "remove" ]; then
+ mail_subject="$mail_subject has just been removed!"
+ elif [ "$type" = "restore" ]; then
+ mail_subject="$mail_subject has just been restored!"
+ elif [ "$type" = "upgrade" ]; then
+ mail_subject="$mail_subject has just been upgraded!"
+ else # install
+ mail_subject="$mail_subject has just been installed!"
+ fi
+
+ local mail_message="This is an automated message from your beloved YunoHost server.
+
+Specific information for the application $app.
+
+$(if [ -n "$app_message" ]
+then
+ cat "$app_message"
+else
+ echo "...No specific information..."
+fi)
+
+---
+Automatic diagnosis data from YunoHost
+
+__PRE_TAG1__$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')__PRE_TAG2__"
+
+ # Store the message into a file for further modifications.
+ echo "$mail_message" > mail_to_send
+
+ # If a html email is required. Apply html tags to the message.
+ if [ "$admin_mail_html" -eq 1 ]
+ then
+ # Insert 'br' tags at each ending of lines.
+ ynh_replace_string "$" "
" mail_to_send
+
+ # Insert starting HTML tags
+ sed --in-place '1s@^@\n\n\n\n@' mail_to_send
+
+ # Keep tabulations
+ ynh_replace_string " " "\ \ " mail_to_send
+ ynh_replace_string "\t" "\ \ " mail_to_send
+
+ # Insert url links tags
+ ynh_replace_string "__URL_TAG1__\(.*\)__URL_TAG2__\(.*\)__URL_TAG3__" "\1" mail_to_send
+
+ # Insert pre tags
+ ynh_replace_string "__PRE_TAG1__" "" mail_to_send
+ ynh_replace_string "__PRE_TAG2__" "<\pre>" mail_to_send
+
+ # Insert finishing HTML tags
+ echo -e "\n\n" >> mail_to_send
+
+ # Otherwise, remove tags to keep a plain text.
+ else
+ # Remove URL tags
+ ynh_replace_string "__URL_TAG[1,3]__" "" mail_to_send
+ ynh_replace_string "__URL_TAG2__" ": " mail_to_send
+
+ # Remove PRE tags
+ ynh_replace_string "__PRE_TAG[1-2]__" "" mail_to_send
+ fi
+
+ # Define binary to use for mail command
+ if [ -e /usr/bin/bsd-mailx ]
+ then
+ local mail_bin=/usr/bin/bsd-mailx
+ else
+ local mail_bin=/usr/bin/mail.mailutils
+ fi
+
+ if [ "$admin_mail_html" -eq 1 ]
+ then
+ content_type="text/html"
+ else
+ content_type="text/plain"
+ fi
+
+ # Send the email to the recipients
+ cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients"
+}
+
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================
diff --git a/scripts/backup b/scripts/backup
index 91f71c1..6fc9a1d 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -48,13 +48,6 @@ ynh_backup --src_path="$final_path"
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
-#=================================================
-# BACKUP FAIL2BAN CONFIGURATION
-#=================================================
-
-ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
-ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
-
#=================================================
# SPECIFIC BACKUP
#=================================================
@@ -68,6 +61,9 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
#=================================================
ynh_backup --src_path="/etc/systemd/system/$app.service"
+ynh_backup --src_path=/etc/systemd/system/wireguard_ui.service
+ynh_backup --src_path=/etc/systemd/system/wireguard.path
+ynh_backup --src_path="/etc/sudoers.d/${app}_ynh"
#=================================================
# BACKUP VARIOUS FILES
diff --git a/scripts/change_url b/scripts/change_url
index 3f21bc8..1fdf39e 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -29,11 +29,6 @@ ynh_script_progression --message="Loading installation settings..." --time --wei
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-# Add settings here as needed by your application
-#db_name=$(ynh_app_setting_get --app=$app --key=db_name)
-#db_user=$db_name
-#db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
-
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
@@ -74,7 +69,7 @@ fi
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --time --weight=1
-ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd" --timeout=30
#=================================================
# MODIFY URL IN NGINX CONF
@@ -118,7 +113,7 @@ fi
#=================================================
ynh_script_progression --message="Starting a systemd service..." --time --weight=1
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
#=================================================
# RELOAD NGINX
diff --git a/scripts/install b/scripts/install
index dd2531e..d742264 100644
--- a/scripts/install
+++ b/scripts/install
@@ -25,7 +25,7 @@ ynh_abort_if_errors
#=================================================
domain=$YNH_APP_ARG_DOMAIN
-path_url=$YNH_APP_ARG_PATH
+path_url=$YNH_APP_ARG_PATH #TODO: Check if possible with wireguard_ui to use sub path
admin=$YNH_APP_ARG_ADMIN
app=$YNH_APP_INSTANCE_NAME
@@ -33,7 +33,7 @@ app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
-ynh_script_progression --message="Validating installation parameters..." --time --weight=1
+ynh_script_progression --message="Validating installation parameters..." --weight=1
final_path=/opt/yunohost/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
@@ -44,7 +44,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
-ynh_script_progression --message="Storing installation settings..." --time --weight=1
+ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
@@ -55,14 +55,14 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
#=================================================
# FIND AND OPEN A PORT
#=================================================
-ynh_script_progression --message="Configuring firewall..." --time --weight=1
+ynh_script_progression --message="Configuring firewall..." --weight=1
# Find an available port for WireGuard
port_wg=$(ynh_find_port --port=8095)
ynh_app_setting_set --app=$app --key=port_wg --value=$port_wg
-# Find an available port
-port=$(ynh_find_port --port=8095)
+# Find an available port for WireGuard UI
+port=$(ynh_find_port --port=8096)
ynh_app_setting_set --app=$app --key=port --value=$port
# Open the WireGuard port
@@ -71,14 +71,26 @@ ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_wg
#=================================================
# INSTALL DEPENDENCIES
#=================================================
-ynh_script_progression --message="Installing dependencies..." --time --weight=1
+ynh_script_progression --message="Installing dependencies..." --weight=7
-ynh_install_extra_app_dependencies --repo="http://deb.debian.org/debian buster-backports main" --package="$pkg_dependencies"
+# Add buster-backports repo
+ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app"
+
+# Add pin-priority for wireguard packages
+ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" --priority=995 --name="$app"
+
+# Update the list of package with the new repo
+ynh_package_update
+
+ynh_add_app_dependencies --package="$pkg_dependencies"
+
+# Remove buster-backports repo and pin-priority
+ynh_remove_extra_repo --name=$app
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
-ynh_script_progression --message="Setting up source files..." --time --weight=1
+ynh_script_progression --message="Setting up source files..." --weight=1
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
@@ -87,7 +99,7 @@ ynh_setup_source --dest_dir="$final_path" --source_id="$(ynh_detect_arch)"
#=================================================
# NGINX CONFIGURATION
#=================================================
-ynh_script_progression --message="Configuring nginx web server..." --time --weight=1
+ynh_script_progression --message="Configuring nginx web server..." --weight=1
# Create a dedicated nginx config
ynh_add_nginx_config
@@ -95,11 +107,15 @@ ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
-ynh_script_progression --message="Configuring system user..." --time --weight=1
+ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user
ynh_system_user_create --username=$app
+# Ensure the system user has enough permissions
+install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
+ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
+
#=================================================
# SPECIFIC SETUP
#=================================================
@@ -113,7 +129,7 @@ mkdir -p $final_path/db/server
cp ../conf/interfaces.json $final_path/db/server/interfaces.json
ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --target_file="$final_path/db/server/interfaces.json"
-# Create wireguard configuration directory
+# Create WireGuard configuration directory
mkdir -p /etc/wireguard
# Add interace configuration file for WireGuard
@@ -124,14 +140,14 @@ ynh_replace_string --match_string="__PRIVATE_KEY__" --replace_string="$(wg genke
#=================================================
# SETUP SYSTEMD
#=================================================
-ynh_script_progression --message="Configuring a systemd service..." --time --weight=1
+ynh_script_progression --message="Configuring a systemd service..." --weight=1
# Create a dedicated systemd config for the web UI
ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service --others_var="port"
# Create a dedicated systemd config for monitoring WireGuard's configuration
cp ../conf/wireguard.path /etc/systemd/system/wireguard.path
-systemctl enable wireguard.path
+systemctl enable --quiet wireguard.path
# Create a dedicated systemd config for restarting WireGuard
ynh_add_systemd_config --service=wireguard --template=wireguard.service --others_var="port_wg"
@@ -142,10 +158,6 @@ ynh_add_systemd_config --service=wireguard --template=wireguard.service --others
# SECURE FILES AND DIRECTORIES
#=================================================
-### For security reason, any app should set the permissions to root: before anything else.
-### Then, if write authorization is needed, any access should be given only to directories
-### that really need such authorization.
-
# Set permissions to app files
chown -R root: $final_path
chown -R $app: $final_path/db
@@ -156,15 +168,7 @@ chown -R $app:$app /etc/wireguard
#=================================================
# SETUP LOGROTATE
#=================================================
-ynh_script_progression --message="Configuring log rotation..." --time --weight=1
-
-### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
-### Use this helper only if there is effectively a log file for this app.
-### If you're not using this helper:
-### - Remove the section "BACKUP LOGROTATE" in the backup script
-### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
-### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
-### - And the section "SETUP LOGROTATE" in the upgrade script
+ynh_script_progression --message="Configuring log rotation..." --weight=1
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
@@ -172,46 +176,30 @@ ynh_use_logrotate
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
-ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
+ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
+yunohost service add wireguard --description "WireGuard" --needs_exposed_ports $port_wg --test_status "wg show | grep wg0"
yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log"
-### Additional options starting with 3.8:
-###
-### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed
-### which will then be checked by YunoHost's diagnosis system
-### (N.B. DO NOT USE THIS is the port is only internal !!!)
-###
-### --test_status "some command" a custom command to check the status of the service
-### (only relevant if 'systemctl status' doesn't do a good job)
-###
-### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service
-###
-### Re-calling 'yunohost service add' during the upgrade script is the right way
-### to proceed if you later realize that you need to enable some flags that
-### weren't enabled on old installs (be careful it'll override the existing
-### service though so you should re-provide all relevant flags when doing so)
-###
-
#=================================================
# START SYSTEMD SERVICE
#=================================================
-ynh_script_progression --message="Starting a systemd service..." --time --weight=1
+ynh_script_progression --message="Starting a systemd service..." --weight=1
# Start a systemd service
-ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var/log/$app/ui.log"
+ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
#=================================================
# SETUP SSOWAT
#=================================================
-ynh_script_progression --message="Configuring permissions..." --time --weight=1
+ynh_script_progression --message="Configuring permissions..." --weight=1
ynh_permission_update --permission "main" --remove "all_users" --add "$admin"
#=================================================
# RELOAD NGINX
#=================================================
-ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
+ynh_script_progression --message="Reloading nginx web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
@@ -219,4 +207,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT
#=================================================
-ynh_script_progression --message="Installation of $app completed" --time --last
+ynh_script_progression --message="Installation of $app completed" --last
diff --git a/scripts/remove b/scripts/remove
index 43ff782..0a11336 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
-ynh_script_progression --message="Loading installation settings..." --time --weight=1
+ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
@@ -30,28 +30,29 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
# Remove the service from the list of services known by Yunohost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status wireguard_ui >/dev/null
then
- ynh_script_progression --message="Removing WireGuard UI service integration..." --time --weight=1
+ ynh_script_progression --message="Removing WireGuard UI service integration..." --weight=1
yunohost service remove wireguard_ui
fi
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
-ynh_script_progression --message="Stopping and removing the systemd service..." --time --weight=1
-
-# Remove the dedicated systemd configs
-ynh_remove_systemd_config --service=wireguard
-ynh_remove_systemd_config --service=wireguard_ui
+ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
+# YunoHost does not handle services not ending with .service, let's remove it manually
systemctl stop wireguard.path
systemctl disable wireguard.path --quiet
ynh_secure_remove --file="/etc/systemd/system/wireguard.path"
systemctl daemon-reload
+# Remove the dedicated systemd configs
+ynh_remove_systemd_config --service=wireguard
+ynh_remove_systemd_config --service=wireguard_ui
+
#=================================================
# REMOVE DEPENDENCIES
#=================================================
-ynh_script_progression --message="Removing dependencies..." --time --weight=1
+ynh_script_progression --message="Removing dependencies..." --weight=6
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
@@ -59,7 +60,7 @@ ynh_remove_app_dependencies
#=================================================
# REMOVE APP MAIN DIR
#=================================================
-ynh_script_progression --message="Removing app main directory..." --time --weight=1
+ynh_script_progression --message="Removing app main directory..." --weight=1
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
@@ -70,7 +71,7 @@ ynh_secure_remove --file="/etc/wireguard"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
-ynh_script_progression --message="Removing nginx web server configuration..." --time --weight=1
+ynh_script_progression --message="Removing nginx web server configuration..." --weight=1
# Remove the dedicated nginx config
ynh_remove_nginx_config
@@ -78,7 +79,7 @@ ynh_remove_nginx_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
-ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1
+ynh_script_progression --message="Removing logrotate configuration..." --weight=1
# Remove the app-specific logrotate config
ynh_remove_logrotate
@@ -89,16 +90,25 @@ ynh_remove_logrotate
if yunohost firewall list | grep -q "\- $port_wg$"
then
- ynh_script_progression --message="Closing port $port_wg..." --time --weight=1
+ ynh_script_progression --message="Closing port $port_wg..." --weight=1
ynh_exec_warn_less yunohost firewall disallow TCP $port_wg
fi
+#=================================================
+# SPECIFIC REMOVE
+#=================================================
+# REMOVE VARIOUS FILES
+#=================================================
+
+# Remove sudoers file
+ynh_secure_remove --file="/etc/sudoers.d/${app}_ynh"
+
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
-ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1
+ynh_script_progression --message="Removing the dedicated system user..." --weight=1
# Delete a system user
ynh_system_user_delete --username=$app
@@ -107,4 +117,4 @@ ynh_system_user_delete --username=$app
# END OF SCRIPT
#=================================================
-ynh_script_progression --message="Removal of $app completed" --time --last
+ynh_script_progression --message="Removal of $app completed" --last
diff --git a/scripts/restore b/scripts/restore
index 4668d35..ea14736 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -24,18 +24,20 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
-ynh_script_progression --message="Loading installation settings..." --time --weight=1
+ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
+port=$(ynh_app_setting_get --app=$app --key=port)
+port_wg=$(ynh_app_setting_get --app=$app --key=port_wg)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
-ynh_script_progression --message="Validating restoration parameters..." --time --weight=1
+ynh_script_progression --message="Validating restoration parameters..." --weight=1
ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die --message="Path not available: ${domain}${path_url}"
@@ -53,18 +55,21 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
-ynh_script_progression --message="Restoring the app main directory..." --time --weight=1
+ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_restore_file --origin_path="$final_path"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
-ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1
+ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app
+# Restore sudoers file
+ynh_restore_file --origin_path="/etc/sudoers.d/${app}_ynh"
+
#=================================================
# RESTORE USER RIGHTS
#=================================================
@@ -72,32 +77,49 @@ ynh_system_user_create --username=$app
# Restore permissions on app files
chown -R root: $final_path
chown -R $app: $final_path/db
-chmod 660 -R $final_path/db
+chmod -R 750 $final_path/db
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
-ynh_script_progression --message="Reinstalling dependencies..." --time --weight=1
+ynh_script_progression --message="Reinstalling dependencies..." --weight=5
# Define and install dependencies
-ynh_install_extra_app_dependencies --repo="http://http.debian.net/debian buster-backports main" --package=$pkg_dependencies
+
+#Add buster-backports repo
+ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app"
+
+#Add pin-priority for wireguard packages
+ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" --priority=995 --name="$app"
+
+# Update the list of package with the new repo
+ynh_package_update
+
+ynh_add_app_dependencies --package="$pkg_dependencies"
+
+#Remove buster-backports repo and pin-priority
+ynh_remove_extra_repo --name=$app
#=================================================
# RESTORE SYSTEMD
#=================================================
-ynh_script_progression --message="Restoring the systemd configuration..." --time --weight=1
+ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
+ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui.service
+ynh_restore_file --origin_path=/etc/systemd/system/wireguard.path
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
-systemctl enable $app.service
+
+systemctl enable --quiet wireguard.path
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
-ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
+ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
-yunohost service add $app --description "WireGuard UI" --log "/var/log/$app/$app.log"
+yunohost service add wireguard --description "WireGuard" --needs_exposed_ports $port_wg --test_status "wg show | grep wg0"
+yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log"
#=================================================
# RESTORE VARIOUS FILES
@@ -108,9 +130,10 @@ ynh_restore_file --origin_path=$(jq -r ".config_file_path" $final_path/db/server
#=================================================
# START SYSTEMD SERVICE
#=================================================
-ynh_script_progression --message="Starting a systemd service..." --time --weight=1
+ynh_script_progression --message="Starting a systemd service..." --weight=1
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
+sleep 5
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
@@ -123,7 +146,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
-ynh_script_progression --message="Reloading nginx web server and php-fpm..." --time --weight=1
+ynh_script_progression --message="Reloading nginx web server and php-fpm..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
@@ -131,4 +154,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT
#=================================================
-ynh_script_progression --message="Restoration completed for $app" --time --last
+ynh_script_progression --message="Restoration completed for $app" --last
diff --git a/scripts/upgrade b/scripts/upgrade
index 55f435c..9704782 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -12,30 +12,26 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
-ynh_script_progression --message="Loading installation settings..." --time --weight=1
+ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
+port=$(ynh_app_setting_get --app=$app --key=port)
+port_wg=$(ynh_app_setting_get --app=$app --key=port_wg)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# CHECK VERSION
#=================================================
-### This helper will compare the version of the currently installed app and the version of the upstream package.
-### $upgrade_type can have 2 different values
-### - UPGRADE_APP if the upstream app version has changed
-### - UPGRADE_PACKAGE if only the YunoHost package has changed
-### ynh_check_app_version_changed will stop the upgrade if the app is up to date.
-### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do.
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
-ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
+ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
@@ -43,10 +39,55 @@ if [ -z "$final_path" ]; then
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
+# Change port if WireGuard port is the same as WireGuard UI's
+if [ $port -eq $port_wg ]
+then
+ ynh_app_setting_delete --app=$app --key=port
+ port=$(ynh_find_port --port=$(($port_wg+1)))
+ ynh_app_setting_set --app=$app --key=port --value=$port
+ # Let's remove the unused is_public key too
+ ynh_app_setting_delete --app=$app --key=is_public
+fi
+
+# WireGuard UI should be private, really.
+if ynh_permission_has_user --permission=main --user=visitors
+then
+ ynh_permission_update --permission=main --remove=visitors
+fi
+
+# Downgrade linux-image-$arch if updated to the buster-backports version
+arch=$(ynh_detect_arch)
+linuximage_version=$(ynh_package_version --package=linux-image-$arch)
+if [[ $linuximage_version == *"bpo10"* ]]
+then
+ # Downgrading using ynh_package_install apt command without "--no-remove" and with "--allow-downgrades"
+ # It will remove wireguard-ynh-deps and wireguard but they will be reinstalled throught upgrade process
+ ynh_apt --allow-downgrades --option Dpkg::Options::=--force-confdef \
+ --option Dpkg::Options::=--force-confold install linux-image-$arch/stable
+
+ #Remove backports kernel if running on it and send a mail to the admin to ask him to reboot
+ linuxkernel_version=$(uname -r)
+ if [[ $linuxkernel_version == *"bpo"* ]]
+ then
+ ynh_package_remove linux-image-$linuxkernel_version
+
+ echo "You've been using an experimental version of wireguard_ynh, which was using the backports version of the linux kernel.
+Now wireguard_ynh use a DKMS module allowing itself to be used with the stable kernel, then the backports one was removed and a reboot is needed to go back to the stable one." > mail_to_send
+
+ ynh_send_readme_to_admin --app_message="mail_to_send" --recipients="admin" --type=upgrade
+ fi
+fi
+
+# Add sudoers file if missing
+if [ -f "/etc/sudoers.d/${app}_ynh" ]; then
+ install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
+ ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
+fi
+
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
-ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1
+ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
@@ -62,11 +103,11 @@ ynh_abort_if_errors
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
-ynh_script_progression --message="Stopping a systemd service..." --time --weight=1
+ynh_script_progression --message="Stopping a systemd service..." --weight=1
-ynh_systemd_action --service_name=wireguard_ui --action="stop" --log_path="/var/log/$app/ui.log"
+ynh_systemd_action --service_name=wireguard_ui --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd" --timeout=30
+systemctl disable --now --quiet wireguard.path
ynh_systemd_action --service_name=wireguard --action="stop"
-ynh_systemd_action --service_name=wireguard_path --action="stop"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
@@ -74,16 +115,16 @@ ynh_systemd_action --service_name=wireguard_path --action="stop"
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
- ynh_script_progression --message="Upgrading source files..." --time --weight=1
+ ynh_script_progression --message="Upgrading source files..." --weight=1
# Download, check integrity, uncompress and patch the source from app.src
- ynh_setup_source --dest_dir="$final_path"
+ ynh_setup_source --dest_dir="$final_path" --source_id="$(ynh_detect_arch)"
fi
#=================================================
# NGINX CONFIGURATION
#=================================================
-ynh_script_progression --message="Upgrading nginx web server configuration..." --time --weight=1
+ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=1
# Create a dedicated nginx config
ynh_add_nginx_config
@@ -91,14 +132,28 @@ ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
-ynh_script_progression --message="Upgrading dependencies..." --time --weight=1
+ynh_script_progression --message="Upgrading dependencies..." --weight=7
-ynh_install_extra_app_dependencies --repo="http://deb.debian.org/debian buster-backports main" --package="$pkg_dependencies"
+#TODO: remove buster-backports kernel
+
+# Add buster-backports repo
+ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app"
+
+# Add pin-priority for wireguard packages
+ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" --priority=995 --name="$app"
+
+# Update the list of package with the new repo
+ynh_package_update
+
+ynh_add_app_dependencies --package="$pkg_dependencies"
+
+# Remove buster-backports repo and pin-priority
+ynh_remove_extra_repo --name=$app
#=================================================
# CREATE DEDICATED USER
#=================================================
-ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1
+ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
@@ -106,20 +161,17 @@ ynh_system_user_create --username=$app
#=================================================
# SETUP SYSTEMD
#=================================================
-ynh_script_progression --message="Upgrading systemd configuration..." --time --weight=1
+ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
# Create a dedicated systemd config for the web UI
ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service --others_var="port"
# Create a dedicated systemd config for monitoring WireGuard's configuration
cp ../conf/wireguard.path /etc/systemd/system/wireguard.path
-systemctl enable wireguard.path
+systemctl enable --quiet wireguard.path
# Create a dedicated systemd config for restarting WireGuard
-cp ../conf/wireguard.service /etc/systemd/system/wireguard.service
-ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --target_file="/etc/systemd/system/wireguard.service"
-systemctl enable wireguard.service
-#ynh_exec_fully_quiet ynh_add_systemd_config --service=wireguard --template=wireguard.service --others_var="port_wg"
+ynh_add_systemd_config --service=wireguard --template=wireguard.service --others_var="port_wg"
#=================================================
# CONFIGURING WIREGUARD
@@ -141,12 +193,12 @@ ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --ta
# Set permissions on app files
chown -R root: $final_path
chown -R $app: $final_path/db
-chmod 750 -R $final_path/db
+chmod -R 750 $final_path/db
#=================================================
# SETUP LOGROTATE
#=================================================
-ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1
+ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
@@ -154,23 +206,24 @@ ynh_use_logrotate --non-append
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
-ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
+ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
-yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/$app.log"
-yunohost service add wireguard --description "WireGuard" --needs_exposed_ports "$port_wg"
+yunohost service add wireguard --description "WireGuard" --needs_exposed_ports "$port_wg" --test_status "wg show | grep wg0"
+yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
-ynh_script_progression --message="Starting a systemd service..." --time --weight=1
+ynh_script_progression --message="Starting a systemd service..." --weight=1
# Start a systemd service
-ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
+sleep 5
#=================================================
# RELOAD NGINX
#=================================================
-ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
+ynh_script_progression --message="Reloading nginx web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
@@ -178,4 +231,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT
#=================================================
-ynh_script_progression --message="Upgrade of $app completed" --time --last
+ynh_script_progression --message="Upgrade of $app completed" --last