From 83d7c912c5185b268df846fdffae66538470675c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 27 Dec 2020 12:02:17 +0100 Subject: [PATCH 01/54] Set SVG badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 675b4b6..7c8e144 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # WireGuard for YunoHost [![Integration level](https://dash.yunohost.org/integration/wireguard.svg)](https://dash.yunohost.org/appci/app/wireguard) ![](https://ci-apps.yunohost.org/ci/badges/wireguard.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/wireguard.maintain.svg) -[![Install WireGuard with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=wireguard) +[![Install WireGuard with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=wireguard) *[Lire ce readme en français.](./README_fr.md)* From bb41f2bce76ae90c3fd9ff49a9a5ff762d37df19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sun, 27 Dec 2020 12:03:00 +0100 Subject: [PATCH 02/54] Set SVG badge --- README_fr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README_fr.md b/README_fr.md index 2f72da3..4b3ba84 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,7 +1,7 @@ # WireGuard pour YunoHost [![Niveau d'intégration](https://dash.yunohost.org/integration/wireguard.svg)](https://dash.yunohost.org/appci/app/wireguard) ![](https://ci-apps.yunohost.org/ci/badges/wireguard.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/wireguard.maintain.svg) -[![Installer WireGuard avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=wireguard) +[![Installer WireGuard avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=wireguard) *[Read this readme in english.](./README.md)* From f222956185f7548489f694dc5d5d9b0b6b7e5de3 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Tue, 29 Dec 2020 17:42:37 +0100 Subject: [PATCH 03/54] fix: change port for WireGuard UI I changed the UI one because it's behind nginx reverse proxy --- scripts/install | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index dd2531e..b8cd990 100644 --- a/scripts/install +++ b/scripts/install @@ -61,8 +61,8 @@ ynh_script_progression --message="Configuring firewall..." --time --weight=1 port_wg=$(ynh_find_port --port=8095) ynh_app_setting_set --app=$app --key=port_wg --value=$port_wg -# Find an available port -port=$(ynh_find_port --port=8095) +# Find an available port for WireGuard UI +port=$(ynh_find_port --port=8096) ynh_app_setting_set --app=$app --key=port --value=$port # Open the WireGuard port From e88dc07bcc61398006aeb72e5f88f87115e3a207 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Tue, 29 Dec 2020 17:56:36 +0100 Subject: [PATCH 04/54] fix(level 1-2): use is_public to pass some check For example: root installation doesn't seem to support private install --- check_process | 10 ++++------ manifest.json | 13 +++++++++++++ scripts/install | 12 ++++++++++-- 3 files changed, 27 insertions(+), 8 deletions(-) diff --git a/check_process b/check_process index a462e8b..053d9ca 100644 --- a/check_process +++ b/check_process @@ -9,7 +9,7 @@ path="/" (PATH) admin="john" (USER) #language="fr" - #is_public=1 (PUBLIC|public=1|private=0) + is_public=1 (PUBLIC|public=1|private=0) #password="pass" #port="666" (PORT) ; Checks @@ -18,13 +18,11 @@ setup_root=1 setup_nourl=0 setup_private=1 - setup_public=1 + setup_public=0 upgrade=1 #upgrade=1 from_commit=CommitHash - backup_restore=1 - multi_instance=1 - # This test is no longer necessary since the version 2.7 (PR: https://github.com/YunoHost/yunohost/pull/304), you can still do it if your app could be installed with this version. - # incorrect_path=1 + backup_restore=1 #TODO: Manipulate wg0.conf in backup_restore and remove ? + multi_instance=0 #No need of multi-instance this port_already_use=0 change_url=0 ;;; Levels diff --git a/manifest.json b/manifest.json index 029b6a7..93c2c77 100644 --- a/manifest.json +++ b/manifest.json @@ -53,6 +53,19 @@ "fr": "Choisissez l’administrateur" }, "example": "johndoe" + }, + { + "name": "is_public", + "type": "boolean", + "ask": { + "en": "Is it a public application?", + "fr": "Est-ce une application publique ?" + }, + "help": { + "en": "Use the help field to add an information for the admin about this question.", + "fr": "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question." + }, + "default": false } ] } diff --git a/scripts/install b/scripts/install index b8cd990..ebe9f9c 100644 --- a/scripts/install +++ b/scripts/install @@ -25,8 +25,9 @@ ynh_abort_if_errors #================================================= domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH +path_url=$YNH_APP_ARG_PATH #TODO: Check if possible with wireguard_ui to use sub path admin=$YNH_APP_ARG_ADMIN +is_public=$YNH_APP_ARG_IS_PUBLIC # Forced to use it to pass root installation check as public app=$YNH_APP_INSTANCE_NAME @@ -49,6 +50,7 @@ ynh_script_progression --message="Storing installation settings..." --time --wei ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin +ynh_app_setting_set --app=$app --key=is_public --value=$is_public # Forced to use it to pass root installation check as public #================================================= # STANDARD MODIFICATIONS @@ -206,7 +208,13 @@ ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var #================================================= ynh_script_progression --message="Configuring permissions..." --time --weight=1 -ynh_permission_update --permission "main" --remove "all_users" --add "$admin" +# Make app public if necessary to pass root installation check +if [ $is_public -eq 1 ] +then + ynh_permission_update --permission "main" --add visitors +else + ynh_permission_update --permission "main" --remove "all_users" --add "$admin" +fi #================================================= # RELOAD NGINX From e4f1425180fa8a1b5f2e3608c54016007dd168d8 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Tue, 29 Dec 2020 18:07:35 +0100 Subject: [PATCH 05/54] fix(level 5): remove some inconsistencies --- scripts/install | 1 + scripts/restore | 6 ++++-- scripts/upgrade | 5 +++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/scripts/install b/scripts/install index ebe9f9c..0695e7a 100644 --- a/scripts/install +++ b/scripts/install @@ -176,6 +176,7 @@ ynh_use_logrotate #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 +yunohost service add wireguard --description "WireGuard" --needs_exposed_ports $port_wg yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log" ### Additional options starting with 3.8: diff --git a/scripts/restore b/scripts/restore index 4668d35..21159ea 100644 --- a/scripts/restore +++ b/scripts/restore @@ -30,6 +30,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) +port_wg=$(ynh_app_setting_get --app=$app --key=port_wg) final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= @@ -97,7 +98,8 @@ systemctl enable $app.service #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 -yunohost service add $app --description "WireGuard UI" --log "/var/log/$app/$app.log" +yunohost service add wireguard --description "WireGuard" --needs_exposed_ports $port_wg +yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log" #================================================= # RESTORE VARIOUS FILES @@ -110,7 +112,7 @@ ynh_restore_file --origin_path=$(jq -r ".config_file_path" $final_path/db/server #================================================= ynh_script_progression --message="Starting a systemd service..." --time --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var/log/$app/ui.log" #================================================= # RESTORE THE LOGROTATE CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 55f435c..c1b8263 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -18,6 +18,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) +port_wg=$(ynh_app_setting_get --app=$app --key=port_wg) final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= @@ -156,8 +157,8 @@ ynh_use_logrotate --non-append #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 -yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/$app.log" yunohost service add wireguard --description "WireGuard" --needs_exposed_ports "$port_wg" +yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log" #================================================= # START SYSTEMD SERVICE @@ -165,7 +166,7 @@ yunohost service add wireguard --description "WireGuard" --needs_exposed_ports " ynh_script_progression --message="Starting a systemd service..." --time --weight=1 # Start a systemd service -ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var/log/$app/ui.log" #================================================= # RELOAD NGINX From 8d4b70de05d18a0c6821a857bbc12a5d7d35c283 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Tue, 29 Dec 2020 18:10:49 +0100 Subject: [PATCH 06/54] fix(level 5): add --quiet to systemctl in install --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index 0695e7a..96aca65 100644 --- a/scripts/install +++ b/scripts/install @@ -133,7 +133,7 @@ ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service -- # Create a dedicated systemd config for monitoring WireGuard's configuration cp ../conf/wireguard.path /etc/systemd/system/wireguard.path -systemctl enable wireguard.path +systemctl enable --quiet wireguard.path # Create a dedicated systemd config for restarting WireGuard ynh_add_systemd_config --service=wireguard --template=wireguard.service --others_var="port_wg" From ce1dcbca7ba2ea2b55377ab4f96de4f89cf1c770 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Tue, 29 Dec 2020 18:16:39 +0100 Subject: [PATCH 07/54] fix(level 3-4): unify files permissions --- scripts/restore | 2 +- scripts/upgrade | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/restore b/scripts/restore index 21159ea..6670309 100644 --- a/scripts/restore +++ b/scripts/restore @@ -73,7 +73,7 @@ ynh_system_user_create --username=$app # Restore permissions on app files chown -R root: $final_path chown -R $app: $final_path/db -chmod 660 -R $final_path/db +chmod -R 750 $final_path/db #================================================= # SPECIFIC RESTORATION diff --git a/scripts/upgrade b/scripts/upgrade index c1b8263..7bd5d7f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -142,7 +142,7 @@ ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --ta # Set permissions on app files chown -R root: $final_path chown -R $app: $final_path/db -chmod 750 -R $final_path/db +chmod -R 750 $final_path/db #================================================= # SETUP LOGROTATE From dfbc0bae8fc3d6f7b9a7a5a7d3386b5f76dd46e9 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Tue, 29 Dec 2020 18:18:57 +0100 Subject: [PATCH 08/54] fix(level 4): add missing WG UI port in restore Needed for nginx config --- scripts/restore | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/restore b/scripts/restore index 6670309..7842d5f 100644 --- a/scripts/restore +++ b/scripts/restore @@ -30,6 +30,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) +port=$(ynh_app_setting_get --app=$app --key=port) port_wg=$(ynh_app_setting_get --app=$app --key=port_wg) final_path=$(ynh_app_setting_get --app=$app --key=final_path) From 2737fee5382d6a27bb4837e1c04e524dfa06a0e8 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Tue, 29 Dec 2020 18:21:42 +0100 Subject: [PATCH 09/54] fix(level 4): add missing files --- scripts/backup | 2 ++ scripts/restore | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/backup b/scripts/backup index 91f71c1..4760bd3 100644 --- a/scripts/backup +++ b/scripts/backup @@ -68,6 +68,8 @@ ynh_backup --src_path="/etc/logrotate.d/$app" #================================================= ynh_backup --src_path="/etc/systemd/system/$app.service" +ynh_backup --src_path=/etc/systemd/system/wireguard_ui.service +ynh_backup --src_path=/etc/systemd/system/wireguard.path #================================================= # BACKUP VARIOUS FILES diff --git a/scripts/restore b/scripts/restore index 7842d5f..b0b8979 100644 --- a/scripts/restore +++ b/scripts/restore @@ -91,8 +91,11 @@ ynh_install_extra_app_dependencies --repo="http://http.debian.net/debian buster- #================================================= ynh_script_progression --message="Restoring the systemd configuration..." --time --weight=1 +ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui.service +ynh_restore_file --origin_path=/etc/systemd/system/wireguard.path ynh_restore_file --origin_path="/etc/systemd/system/$app.service" -systemctl enable $app.service + +systemctl enable wireguard.path #================================================= # INTEGRATE SERVICE IN YUNOHOST From 5257fd9a122bdfda50d2810e3673bdae1a6c8fa8 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Tue, 29 Dec 2020 18:25:07 +0100 Subject: [PATCH 10/54] fix: correct filenames in wireguard_ui.service --- conf/wireguard_ui.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/wireguard_ui.service b/conf/wireguard_ui.service index a894e3b..be59370 100644 --- a/conf/wireguard_ui.service +++ b/conf/wireguard_ui.service @@ -1,6 +1,6 @@ [Unit] Description=WireGuard UI -After=network.target wireguard.service wireguard_path.service +After=network.target wireguard.service wireguard.path [Service] Type=simple From 4b6e8af05156160c15c24c75041e13bd03b26e3e Mon Sep 17 00:00:00 2001 From: tytan652 Date: Tue, 29 Dec 2020 18:56:27 +0100 Subject: [PATCH 11/54] fix(level 3): add missing WG UI port in upgrade --- scripts/upgrade | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/upgrade b/scripts/upgrade index 7bd5d7f..4b29da4 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -18,6 +18,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) +port=$(ynh_app_setting_get --app=$app --key=port) #TODO: update port for 8095 one port_wg=$(ynh_app_setting_get --app=$app --key=port_wg) final_path=$(ynh_app_setting_get --app=$app --key=final_path) From c8a39fe6138015ca2e55e80a5d01212973da076a Mon Sep 17 00:00:00 2001 From: tytan652 Date: Tue, 29 Dec 2020 20:07:37 +0100 Subject: [PATCH 12/54] fix(level 3): add disable wireguard.path --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 4b29da4..3e925e8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -67,8 +67,8 @@ ynh_abort_if_errors ynh_script_progression --message="Stopping a systemd service..." --time --weight=1 ynh_systemd_action --service_name=wireguard_ui --action="stop" --log_path="/var/log/$app/ui.log" +systemctl disable --now --quiet wireguard.path ynh_systemd_action --service_name=wireguard --action="stop" -ynh_systemd_action --service_name=wireguard_path --action="stop" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE From de7a77364cbe5c4e890930b8b2c41c3547902bce Mon Sep 17 00:00:00 2001 From: tytan652 Date: Tue, 29 Dec 2020 20:10:01 +0100 Subject: [PATCH 13/54] refactor(level 3): WG service set in upgrade --- scripts/upgrade | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 3e925e8..9c37805 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -118,10 +118,7 @@ cp ../conf/wireguard.path /etc/systemd/system/wireguard.path systemctl enable wireguard.path # Create a dedicated systemd config for restarting WireGuard -cp ../conf/wireguard.service /etc/systemd/system/wireguard.service -ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --target_file="/etc/systemd/system/wireguard.service" -systemctl enable wireguard.service -#ynh_exec_fully_quiet ynh_add_systemd_config --service=wireguard --template=wireguard.service --others_var="port_wg" +ynh_add_systemd_config --service=wireguard --template=wireguard.service --others_var="port_wg" #================================================= # CONFIGURING WIREGUARD From cda825fed3f0e2208f250ba17c3d02909a32cf74 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Tue, 29 Dec 2020 20:58:54 +0100 Subject: [PATCH 14/54] Add is_public help key --- manifest.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.json b/manifest.json index 93c2c77..07b0a3e 100644 --- a/manifest.json +++ b/manifest.json @@ -62,8 +62,8 @@ "fr": "Est-ce une application publique ?" }, "help": { - "en": "Use the help field to add an information for the admin about this question.", - "fr": "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question." + "en": "It is strongly advised to keep the configuration UI private.", + "fr": "Il est fortement conseillé de garder l'interface de configuration privée." }, "default": false } From dc1278c60a3db456fd47666d8b3805f4ccd46a6a Mon Sep 17 00:00:00 2001 From: tytan652 Date: Wed, 30 Dec 2020 09:46:01 +0100 Subject: [PATCH 15/54] feat(level 4): add is_public in restore --- scripts/restore | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/scripts/restore b/scripts/restore index b0b8979..4d0dee4 100644 --- a/scripts/restore +++ b/scripts/restore @@ -33,6 +33,7 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) port=$(ynh_app_setting_get --app=$app --key=port) port_wg=$(ynh_app_setting_get --app=$app --key=port_wg) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +is_public=$(ynh_app_setting_get --app=$app --key=is_public) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -118,6 +119,18 @@ ynh_script_progression --message="Starting a systemd service..." --time --weight ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var/log/$app/ui.log" +#================================================= +# SETUP SSOWAT +#================================================= +ynh_script_progression --message="Configuring permissions..." --time --weight=1 + +if [ $is_public -eq 1 ] +then + ynh_permission_update --permission "main" --add visitors +else + ynh_permission_update --permission "main" --remove "all_users" --add "$admin" +fi + #================================================= # RESTORE THE LOGROTATE CONFIGURATION #================================================= From a49c6c50ce61aa7e763c953ea38d47c2e5f0b090 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Wed, 30 Dec 2020 11:21:59 +0100 Subject: [PATCH 16/54] feat(level 3): add new port setter in upgrade --- scripts/upgrade | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 9c37805..8f52c9c 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -18,10 +18,18 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -port=$(ynh_app_setting_get --app=$app --key=port) #TODO: update port for 8095 one +port=$(ynh_app_setting_get --app=$app --key=port) port_wg=$(ynh_app_setting_get --app=$app --key=port_wg) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +# Change port for WireGuard UI because 8095 is default port for WireGuard VPN +if [ $port -eq 8095 ] +then + ynh_app_setting_delete --app=$app --key=port + port=$(ynh_find_port --port=8096) + ynh_app_setting_set --app=$app --key=port --value=$port +fi + #================================================= # CHECK VERSION #================================================= From 8dea86302602c498d6ce1885f2dbb2485bf7bde1 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Wed, 30 Dec 2020 12:48:17 +0100 Subject: [PATCH 17/54] refactor(level 3): move some code to right section --- scripts/upgrade | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 8f52c9c..af11b4c 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -22,14 +22,6 @@ port=$(ynh_app_setting_get --app=$app --key=port) port_wg=$(ynh_app_setting_get --app=$app --key=port_wg) final_path=$(ynh_app_setting_get --app=$app --key=final_path) -# Change port for WireGuard UI because 8095 is default port for WireGuard VPN -if [ $port -eq 8095 ] -then - ynh_app_setting_delete --app=$app --key=port - port=$(ynh_find_port --port=8096) - ynh_app_setting_set --app=$app --key=port --value=$port -fi - #================================================= # CHECK VERSION #================================================= @@ -53,6 +45,15 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi +# Change port for WireGuard UI because 8095 is default port for WireGuard VPN +if [ $port -eq 8095 ] +then + ynh_app_setting_delete --app=$app --key=port + port=$(ynh_find_port --port=8096) + ynh_app_setting_set --app=$app --key=port --value=$port + ynh_app_setting_set --app=$app --key=is_public --value=0 +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -78,6 +79,10 @@ ynh_systemd_action --service_name=wireguard_ui --action="stop" --log_path="/var/ systemctl disable --now --quiet wireguard.path ynh_systemd_action --service_name=wireguard --action="stop" +ynh_remove_systemd_config --service=wireguard_ui +ynh_secure_remove --file="/etc/systemd/system/wireguard.path" +ynh_remove_systemd_config --service=wireguard + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -123,7 +128,7 @@ ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service -- # Create a dedicated systemd config for monitoring WireGuard's configuration cp ../conf/wireguard.path /etc/systemd/system/wireguard.path -systemctl enable wireguard.path +systemctl enable --quiet wireguard.path # Create a dedicated systemd config for restarting WireGuard ynh_add_systemd_config --service=wireguard --template=wireguard.service --others_var="port_wg" From 6af8da90dc323371e56d90d1afaaafae9dc72e85 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Wed, 30 Dec 2020 15:23:24 +0100 Subject: [PATCH 18/54] fix(level 3): use the right src file --- conf/app.src | 6 ------ scripts/upgrade | 6 +----- 2 files changed, 1 insertion(+), 11 deletions(-) delete mode 100644 conf/app.src diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index 5bda8ec..0000000 --- a/conf/app.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.2.5/wireguard-ui-v0.2.5-linux-amd64.tar.gz -SOURCE_SUM=BEB3B73E173B115B355F83DFE2D7E6AA2125D692E389319930ABBFA215F1657B -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=false -SOURCE_FILENAME= diff --git a/scripts/upgrade b/scripts/upgrade index af11b4c..412f897 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -79,10 +79,6 @@ ynh_systemd_action --service_name=wireguard_ui --action="stop" --log_path="/var/ systemctl disable --now --quiet wireguard.path ynh_systemd_action --service_name=wireguard --action="stop" -ynh_remove_systemd_config --service=wireguard_ui -ynh_secure_remove --file="/etc/systemd/system/wireguard.path" -ynh_remove_systemd_config --service=wireguard - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -92,7 +88,7 @@ then ynh_script_progression --message="Upgrading source files..." --time --weight=1 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" + ynh_setup_source --dest_dir="$final_path" --source_id="$(ynh_detect_arch)" fi #================================================= From 31ad24bcadee9ddc562e02bc247d4c65d34fdc30 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Wed, 30 Dec 2020 15:28:34 +0100 Subject: [PATCH 19/54] fix(level 5): add --quiet to systemctl in restore --- scripts/restore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/restore b/scripts/restore index 4d0dee4..20eb2bf 100644 --- a/scripts/restore +++ b/scripts/restore @@ -96,7 +96,7 @@ ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui.service ynh_restore_file --origin_path=/etc/systemd/system/wireguard.path ynh_restore_file --origin_path="/etc/systemd/system/$app.service" -systemctl enable wireguard.path +systemctl enable --quiet wireguard.path #================================================= # INTEGRATE SERVICE IN YUNOHOST From 39d8e2298673a9233ff3f9f0c495a1118f84ee08 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Wed, 30 Dec 2020 20:26:03 +0100 Subject: [PATCH 20/54] build(level 5): set --weight and remove --time --- scripts/install | 28 ++++++++++++++-------------- scripts/remove | 20 ++++++++++---------- scripts/restore | 22 +++++++++++----------- scripts/upgrade | 28 ++++++++++++++-------------- 4 files changed, 49 insertions(+), 49 deletions(-) diff --git a/scripts/install b/scripts/install index 96aca65..7ca753a 100644 --- a/scripts/install +++ b/scripts/install @@ -34,7 +34,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -ynh_script_progression --message="Validating installation parameters..." --time --weight=1 +ynh_script_progression --message="Validating installation parameters..." --weight=1 final_path=/opt/yunohost/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" @@ -45,7 +45,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_script_progression --message="Storing installation settings..." --time --weight=1 +ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url @@ -57,7 +57,7 @@ ynh_app_setting_set --app=$app --key=is_public --value=$is_public # Forced to us #================================================= # FIND AND OPEN A PORT #================================================= -ynh_script_progression --message="Configuring firewall..." --time --weight=1 +ynh_script_progression --message="Configuring firewall..." --weight=1 # Find an available port for WireGuard port_wg=$(ynh_find_port --port=8095) @@ -73,14 +73,14 @@ ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_wg #================================================= # INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Installing dependencies..." --time --weight=1 +ynh_script_progression --message="Installing dependencies..." --weight=7 ynh_install_extra_app_dependencies --repo="http://deb.debian.org/debian buster-backports main" --package="$pkg_dependencies" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --time --weight=1 +ynh_script_progression --message="Setting up source files..." --weight=1 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src @@ -89,7 +89,7 @@ ynh_setup_source --dest_dir="$final_path" --source_id="$(ynh_detect_arch)" #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring nginx web server..." --time --weight=1 +ynh_script_progression --message="Configuring nginx web server..." --weight=1 # Create a dedicated nginx config ynh_add_nginx_config @@ -97,7 +97,7 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Configuring system user..." --time --weight=1 +ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user ynh_system_user_create --username=$app @@ -126,7 +126,7 @@ ynh_replace_string --match_string="__PRIVATE_KEY__" --replace_string="$(wg genke #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Configuring a systemd service..." --time --weight=1 +ynh_script_progression --message="Configuring a systemd service..." --weight=1 # Create a dedicated systemd config for the web UI ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service --others_var="port" @@ -158,7 +158,7 @@ chown -R $app:$app /etc/wireguard #================================================= # SETUP LOGROTATE #================================================= -ynh_script_progression --message="Configuring log rotation..." --time --weight=1 +ynh_script_progression --message="Configuring log rotation..." --weight=1 ### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. ### Use this helper only if there is effectively a log file for this app. @@ -174,7 +174,7 @@ ynh_use_logrotate #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 +ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 yunohost service add wireguard --description "WireGuard" --needs_exposed_ports $port_wg yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log" @@ -199,7 +199,7 @@ yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$ #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --time --weight=1 +ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var/log/$app/ui.log" @@ -207,7 +207,7 @@ ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring permissions..." --time --weight=1 +ynh_script_progression --message="Configuring permissions..." --weight=1 # Make app public if necessary to pass root installation check if [ $is_public -eq 1 ] @@ -220,7 +220,7 @@ fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --time --weight=1 +ynh_script_progression --message="Reloading nginx web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -228,4 +228,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" --time --last +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index 43ff782..c46bce2 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME @@ -30,14 +30,14 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) # Remove the service from the list of services known by Yunohost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status wireguard_ui >/dev/null then - ynh_script_progression --message="Removing WireGuard UI service integration..." --time --weight=1 + ynh_script_progression --message="Removing WireGuard UI service integration..." --weight=1 yunohost service remove wireguard_ui fi #================================================= # STOP AND REMOVE SERVICE #================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." --time --weight=1 +ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 # Remove the dedicated systemd configs ynh_remove_systemd_config --service=wireguard @@ -51,7 +51,7 @@ systemctl daemon-reload #================================================= # REMOVE DEPENDENCIES #================================================= -ynh_script_progression --message="Removing dependencies..." --time --weight=1 +ynh_script_progression --message="Removing dependencies..." --weight=6 # Remove metapackage and its dependencies ynh_remove_app_dependencies @@ -59,7 +59,7 @@ ynh_remove_app_dependencies #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing app main directory..." --time --weight=1 +ynh_script_progression --message="Removing app main directory..." --weight=1 # Remove the app directory securely ynh_secure_remove --file="$final_path" @@ -70,7 +70,7 @@ ynh_secure_remove --file="/etc/wireguard" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing nginx web server configuration..." --time --weight=1 +ynh_script_progression --message="Removing nginx web server configuration..." --weight=1 # Remove the dedicated nginx config ynh_remove_nginx_config @@ -78,7 +78,7 @@ ynh_remove_nginx_config #================================================= # REMOVE LOGROTATE CONFIGURATION #================================================= -ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1 +ynh_script_progression --message="Removing logrotate configuration..." --weight=1 # Remove the app-specific logrotate config ynh_remove_logrotate @@ -89,7 +89,7 @@ ynh_remove_logrotate if yunohost firewall list | grep -q "\- $port_wg$" then - ynh_script_progression --message="Closing port $port_wg..." --time --weight=1 + ynh_script_progression --message="Closing port $port_wg..." --weight=1 ynh_exec_warn_less yunohost firewall disallow TCP $port_wg fi @@ -98,7 +98,7 @@ fi #================================================= # REMOVE DEDICATED USER #================================================= -ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1 +ynh_script_progression --message="Removing the dedicated system user..." --weight=1 # Delete a system user ynh_system_user_delete --username=$app @@ -107,4 +107,4 @@ ynh_system_user_delete --username=$app # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --time --last +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index 20eb2bf..912ce2a 100644 --- a/scripts/restore +++ b/scripts/restore @@ -24,7 +24,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME @@ -38,7 +38,7 @@ is_public=$(ynh_app_setting_get --app=$app --key=is_public) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_script_progression --message="Validating restoration parameters..." --time --weight=1 +ynh_script_progression --message="Validating restoration parameters..." --weight=1 ynh_webpath_available --domain=$domain --path_url=$path_url \ || ynh_die --message="Path not available: ${domain}${path_url}" @@ -56,14 +56,14 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory..." --time --weight=1 +ynh_script_progression --message="Restoring the app main directory..." --weight=1 ynh_restore_file --origin_path="$final_path" #================================================= # RECREATE THE DEDICATED USER #================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1 +ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 # Create the dedicated user (if not existing) ynh_system_user_create --username=$app @@ -82,7 +82,7 @@ chmod -R 750 $final_path/db #================================================= # REINSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Reinstalling dependencies..." --time --weight=1 +ynh_script_progression --message="Reinstalling dependencies..." --weight=5 # Define and install dependencies ynh_install_extra_app_dependencies --repo="http://http.debian.net/debian buster-backports main" --package=$pkg_dependencies @@ -90,7 +90,7 @@ ynh_install_extra_app_dependencies --repo="http://http.debian.net/debian buster- #================================================= # RESTORE SYSTEMD #================================================= -ynh_script_progression --message="Restoring the systemd configuration..." --time --weight=1 +ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 ynh_restore_file --origin_path=/etc/systemd/system/wireguard_ui.service ynh_restore_file --origin_path=/etc/systemd/system/wireguard.path @@ -101,7 +101,7 @@ systemctl enable --quiet wireguard.path #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 +ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 yunohost service add wireguard --description "WireGuard" --needs_exposed_ports $port_wg yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log" @@ -115,14 +115,14 @@ ynh_restore_file --origin_path=$(jq -r ".config_file_path" $final_path/db/server #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --time --weight=1 +ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var/log/$app/ui.log" #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring permissions..." --time --weight=1 +ynh_script_progression --message="Configuring permissions..." --weight=1 if [ $is_public -eq 1 ] then @@ -142,7 +142,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading nginx web server and php-fpm..." --time --weight=1 +ynh_script_progression --message="Reloading nginx web server and php-fpm..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -150,4 +150,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --time --last +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index 412f897..5d0d816 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME @@ -37,7 +37,7 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 +ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # If final_path doesn't exist, create it if [ -z "$final_path" ]; then @@ -57,7 +57,7 @@ fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1 +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 # Backup the current version of the app ynh_backup_before_upgrade @@ -73,7 +73,7 @@ ynh_abort_if_errors #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --time --weight=1 +ynh_script_progression --message="Stopping a systemd service..." --weight=1 ynh_systemd_action --service_name=wireguard_ui --action="stop" --log_path="/var/log/$app/ui.log" systemctl disable --now --quiet wireguard.path @@ -85,7 +85,7 @@ ynh_systemd_action --service_name=wireguard --action="stop" if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_script_progression --message="Upgrading source files..." --time --weight=1 + ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" --source_id="$(ynh_detect_arch)" @@ -94,7 +94,7 @@ fi #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading nginx web server configuration..." --time --weight=1 +ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=1 # Create a dedicated nginx config ynh_add_nginx_config @@ -102,14 +102,14 @@ ynh_add_nginx_config #================================================= # UPGRADE DEPENDENCIES #================================================= -ynh_script_progression --message="Upgrading dependencies..." --time --weight=1 +ynh_script_progression --message="Upgrading dependencies..." --weight=7 ynh_install_extra_app_dependencies --repo="http://deb.debian.org/debian buster-backports main" --package="$pkg_dependencies" #================================================= # CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1 +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 # Create a dedicated user (if not existing) ynh_system_user_create --username=$app @@ -117,7 +117,7 @@ ynh_system_user_create --username=$app #================================================= # SETUP SYSTEMD #================================================= -ynh_script_progression --message="Upgrading systemd configuration..." --time --weight=1 +ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 # Create a dedicated systemd config for the web UI ynh_add_systemd_config --service=wireguard_ui --template=wireguard_ui.service --others_var="port" @@ -154,7 +154,7 @@ chmod -R 750 $final_path/db #================================================= # SETUP LOGROTATE #================================================= -ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1 +ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1 # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append @@ -162,7 +162,7 @@ ynh_use_logrotate --non-append #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 +ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 yunohost service add wireguard --description "WireGuard" --needs_exposed_ports "$port_wg" yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log" @@ -170,7 +170,7 @@ yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$ #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --time --weight=1 +ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var/log/$app/ui.log" @@ -178,7 +178,7 @@ ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --time --weight=1 +ynh_script_progression --message="Reloading nginx web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -186,4 +186,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --time --last +ynh_script_progression --message="Upgrade of $app completed" --last From b19e90561c0e76aeb3352cf06a55707789f9fd94 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Fri, 1 Jan 2021 13:54:05 +0100 Subject: [PATCH 21/54] Add test_status for wireguard service --- scripts/install | 2 +- scripts/restore | 2 +- scripts/upgrade | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index 7ca753a..60ec5e7 100644 --- a/scripts/install +++ b/scripts/install @@ -176,7 +176,7 @@ ynh_use_logrotate #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add wireguard --description "WireGuard" --needs_exposed_ports $port_wg +yunohost service add wireguard --description "WireGuard" --needs_exposed_ports $port_wg --test_status "wg show | grep wg0" yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log" ### Additional options starting with 3.8: diff --git a/scripts/restore b/scripts/restore index 912ce2a..cf2939c 100644 --- a/scripts/restore +++ b/scripts/restore @@ -103,7 +103,7 @@ systemctl enable --quiet wireguard.path #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add wireguard --description "WireGuard" --needs_exposed_ports $port_wg +yunohost service add wireguard --description "WireGuard" --needs_exposed_ports $port_wg --test_status "wg show | grep wg0" yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log" #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 5d0d816..88152f6 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -164,7 +164,7 @@ ynh_use_logrotate --non-append #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add wireguard --description "WireGuard" --needs_exposed_ports "$port_wg" +yunohost service add wireguard --description "WireGuard" --needs_exposed_ports "$port_wg" --test_status "wg show | grep wg0" yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log" #================================================= From 80782d4fc5f16a65e836cb19b7805c6562c3540f Mon Sep 17 00:00:00 2001 From: tytan652 Date: Fri, 1 Jan 2021 21:49:12 +0100 Subject: [PATCH 22/54] doc: remove and edit some comments --- check_process | 4 ++-- scripts/install | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/check_process b/check_process index 053d9ca..d0267fe 100644 --- a/check_process +++ b/check_process @@ -21,8 +21,8 @@ setup_public=0 upgrade=1 #upgrade=1 from_commit=CommitHash - backup_restore=1 #TODO: Manipulate wg0.conf in backup_restore and remove ? - multi_instance=0 #No need of multi-instance this + backup_restore=1 + multi_instance=0 port_already_use=0 change_url=0 ;;; Levels diff --git a/scripts/install b/scripts/install index 60ec5e7..777f1d1 100644 --- a/scripts/install +++ b/scripts/install @@ -115,7 +115,7 @@ mkdir -p $final_path/db/server cp ../conf/interfaces.json $final_path/db/server/interfaces.json ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --target_file="$final_path/db/server/interfaces.json" -# Create wireguard configuration directory +# Create WireGuard configuration directory mkdir -p /etc/wireguard # Add interace configuration file for WireGuard From 9b30e20e260931a95a1f955c64a055246c5db061 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 2 Jan 2021 14:10:12 +0100 Subject: [PATCH 23/54] Swap service removal order Prevents warning about wireguard.service being still activable if wireguard.path is not removed first --- scripts/remove | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/scripts/remove b/scripts/remove index c46bce2..0c0fe93 100644 --- a/scripts/remove +++ b/scripts/remove @@ -39,15 +39,16 @@ fi #================================================= ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 -# Remove the dedicated systemd configs -ynh_remove_systemd_config --service=wireguard -ynh_remove_systemd_config --service=wireguard_ui - +# YunoHost does not handle services not ending with .service, let's remove it manually systemctl stop wireguard.path systemctl disable wireguard.path --quiet ynh_secure_remove --file="/etc/systemd/system/wireguard.path" systemctl daemon-reload +# Remove the dedicated systemd configs +ynh_remove_systemd_config --service=wireguard +ynh_remove_systemd_config --service=wireguard_ui + #================================================= # REMOVE DEPENDENCIES #================================================= From b026186df2471ada17bdd5d7f7f431e51d1c4fbf Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 2 Jan 2021 14:21:02 +0100 Subject: [PATCH 24/54] There is no Fail2Ban config to back up --- scripts/backup | 7 ------- 1 file changed, 7 deletions(-) diff --git a/scripts/backup b/scripts/backup index 4760bd3..fae85a1 100644 --- a/scripts/backup +++ b/scripts/backup @@ -48,13 +48,6 @@ ynh_backup --src_path="$final_path" ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# BACKUP FAIL2BAN CONFIGURATION -#================================================= - -ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" - #================================================= # SPECIFIC BACKUP #================================================= From 2bcf958a789dbe76e9605c113dc58528ea3e31ba Mon Sep 17 00:00:00 2001 From: tituspijean Date: Fri, 8 Jan 2021 20:47:46 +0100 Subject: [PATCH 25/54] Bump package version --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 07b0a3e..19abe13 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Virtual Private Networks (VPN) via WireGuard, with a web UI", "fr": "Réseaux Privés Virtuels (VPN) via WireGuard, avec une web UI" }, - "version": "0.2.7~ynh1", + "version": "0.2.7~ynh2", "url": "https://github.com/ngoduykhanh/wireguard-ui", "license": "MIT", "maintainer": { From 00b1c670455694e1363040ea16a8a22fc43cfe59 Mon Sep 17 00:00:00 2001 From: tytan652 <17492366+tytan652@users.noreply.github.com> Date: Tue, 22 Dec 2020 20:56:58 +0100 Subject: [PATCH 26/54] build: bump yunohost version requirement --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 19abe13..1af88fb 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "tituspijean@outlook.com" }, "requirements": { - "yunohost": ">= 3.8.1" + "yunohost": ">= 4.0.8" }, "multi_instance": false, "services": [ From ffe90adfc30b96f4704aef76718ba188db8b36ae Mon Sep 17 00:00:00 2001 From: tytan652 <17492366+tytan652@users.noreply.github.com> Date: Tue, 22 Dec 2020 20:59:40 +0100 Subject: [PATCH 27/54] build: add wireguard-dkms as dependencie --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index e47fc5c..71c2c12 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # dependencies used by the app -pkg_dependencies="wireguard" +pkg_dependencies="wireguard-dkms wireguard" #================================================= # PERSONAL HELPERS From 1eefdce4090099ac98a7e70edc0fc68dc4f628d3 Mon Sep 17 00:00:00 2001 From: tytan652 <17492366+tytan652@users.noreply.github.com> Date: Tue, 22 Dec 2020 21:20:13 +0100 Subject: [PATCH 28/54] build: set extra repo priotity to -1 --- scripts/install | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index 777f1d1..3a06a80 100644 --- a/scripts/install +++ b/scripts/install @@ -75,7 +75,11 @@ ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_wg #================================================= ynh_script_progression --message="Installing dependencies..." --weight=7 -ynh_install_extra_app_dependencies --repo="http://deb.debian.org/debian buster-backports main" --package="$pkg_dependencies" +ynh_install_extra_repo --repo="http://deb.debian.org/debian buster-backports main"--priority=-1 --name=$app + +ynh_add_app_dependencies --package="$pkg_dependencies" + +ynh_remove_extra_repo --name=$app #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE From ab195dd21fbb4d3b5020df2d2b2ae0fd67002670 Mon Sep 17 00:00:00 2001 From: tytan652 <17492366+tytan652@users.noreply.github.com> Date: Tue, 22 Dec 2020 21:28:17 +0100 Subject: [PATCH 29/54] Revert "build: set extra repo priotity to -1" This reverts commit f23ed373284c45dd51e4c06a90f61279c002a707. --- scripts/install | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/scripts/install b/scripts/install index 3a06a80..777f1d1 100644 --- a/scripts/install +++ b/scripts/install @@ -75,11 +75,7 @@ ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_wg #================================================= ynh_script_progression --message="Installing dependencies..." --weight=7 -ynh_install_extra_repo --repo="http://deb.debian.org/debian buster-backports main"--priority=-1 --name=$app - -ynh_add_app_dependencies --package="$pkg_dependencies" - -ynh_remove_extra_repo --name=$app +ynh_install_extra_app_dependencies --repo="http://deb.debian.org/debian buster-backports main" --package="$pkg_dependencies" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE From 11e947d4f9abddefd926e20b65c3f53e415d53b3 Mon Sep 17 00:00:00 2001 From: tytan652 <17492366+tytan652@users.noreply.github.com> Date: Tue, 22 Dec 2020 21:44:25 +0100 Subject: [PATCH 30/54] build: add repo with custom package pin-priority --- scripts/install | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index 777f1d1..5291e6b 100644 --- a/scripts/install +++ b/scripts/install @@ -75,7 +75,20 @@ ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_wg #================================================= ynh_script_progression --message="Installing dependencies..." --weight=7 -ynh_install_extra_app_dependencies --repo="http://deb.debian.org/debian buster-backports main" --package="$pkg_dependencies" +# ynh_install_extra_app_dependencies --repo="http://deb.debian.org/debian buster-backports main" --package="$pkg_dependencies" + +#Add buster-backports repo +ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app" + +#Add pin-priority for wireguard package +ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" 995 --name="$app" + +# Update the list of package with the new repo +ynh_package_update + +ynh_add_app_dependencies --package="$pkg_dependencies" + +ynh_remove_extra_repo --name=$app #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE From 44a050d71c26cc7eebf560139cbebb46f5b31f02 Mon Sep 17 00:00:00 2001 From: tytan652 <17492366+tytan652@users.noreply.github.com> Date: Tue, 22 Dec 2020 22:06:35 +0100 Subject: [PATCH 31/54] build: update restore and upgrade script --- scripts/install | 3 +-- scripts/restore | 15 ++++++++++++++- scripts/upgrade | 16 +++++++++++++++- 3 files changed, 30 insertions(+), 4 deletions(-) diff --git a/scripts/install b/scripts/install index 5291e6b..3b8a9d6 100644 --- a/scripts/install +++ b/scripts/install @@ -75,8 +75,6 @@ ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_wg #================================================= ynh_script_progression --message="Installing dependencies..." --weight=7 -# ynh_install_extra_app_dependencies --repo="http://deb.debian.org/debian buster-backports main" --package="$pkg_dependencies" - #Add buster-backports repo ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app" @@ -88,6 +86,7 @@ ynh_package_update ynh_add_app_dependencies --package="$pkg_dependencies" +#Remove buster-backports repo and pin-priority ynh_remove_extra_repo --name=$app #================================================= diff --git a/scripts/restore b/scripts/restore index cf2939c..60dfc13 100644 --- a/scripts/restore +++ b/scripts/restore @@ -85,7 +85,20 @@ chmod -R 750 $final_path/db ynh_script_progression --message="Reinstalling dependencies..." --weight=5 # Define and install dependencies -ynh_install_extra_app_dependencies --repo="http://http.debian.net/debian buster-backports main" --package=$pkg_dependencies + +#Add buster-backports repo +ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app" + +#Add pin-priority for wireguard package +ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" 995 --name="$app" + +# Update the list of package with the new repo +ynh_package_update + +ynh_add_app_dependencies --package="$pkg_dependencies" + +#Remove buster-backports repo and pin-priority +ynh_remove_extra_repo --name=$app #================================================= # RESTORE SYSTEMD diff --git a/scripts/upgrade b/scripts/upgrade index 88152f6..a2b1000 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -104,7 +104,21 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Upgrading dependencies..." --weight=7 -ynh_install_extra_app_dependencies --repo="http://deb.debian.org/debian buster-backports main" --package="$pkg_dependencies" +#TODO: remove buster-backports kernel + +#Add buster-backports repo +ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app" + +#Add pin-priority for wireguard package +ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" 995 --name="$app" + +# Update the list of package with the new repo +ynh_package_update + +ynh_add_app_dependencies --package="$pkg_dependencies" + +#Remove buster-backports repo and pin-priority +ynh_remove_extra_repo --name=$app #================================================= # CREATE DEDICATED USER From 9726a65f3eadf14c5d4de7ee544cb33ffec20385 Mon Sep 17 00:00:00 2001 From: tytan652 <17492366+tytan652@users.noreply.github.com> Date: Wed, 23 Dec 2020 17:13:58 +0100 Subject: [PATCH 32/54] fix: add --priority= on ynh_pin_repo call --- scripts/install | 2 +- scripts/restore | 2 +- scripts/upgrade | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index 3b8a9d6..7f60ec7 100644 --- a/scripts/install +++ b/scripts/install @@ -79,7 +79,7 @@ ynh_script_progression --message="Installing dependencies..." --weight=7 ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app" #Add pin-priority for wireguard package -ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" 995 --name="$app" +ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" --priority=995 --name="$app" # Update the list of package with the new repo ynh_package_update diff --git a/scripts/restore b/scripts/restore index 60dfc13..fef3b92 100644 --- a/scripts/restore +++ b/scripts/restore @@ -90,7 +90,7 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=5 ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app" #Add pin-priority for wireguard package -ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" 995 --name="$app" +ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" --priority=995 --name="$app" # Update the list of package with the new repo ynh_package_update diff --git a/scripts/upgrade b/scripts/upgrade index a2b1000..5a930e9 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -110,7 +110,7 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=7 ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app" #Add pin-priority for wireguard package -ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" 995 --name="$app" +ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" --priority=995 --name="$app" # Update the list of package with the new repo ynh_package_update From ae1cc8ddaeb10179c98132f9319ef5e7d74f03e6 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Sat, 9 Jan 2021 08:45:54 +0100 Subject: [PATCH 33/54] build: add a way to restore the right linux-image --- scripts/upgrade | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 5a930e9..8915a4b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -54,6 +54,15 @@ then ynh_app_setting_set --app=$app --key=is_public --value=0 fi +# Downgrade linux-image-$arch if updated to the buster-backports version +arch=$(ynh_detect_arch) +linuximage_version=$(ynh_package_version --package=linux-image-$arch) +if [[ $linuximage_version == *"bpo10"* ]] +then + ynh_package_remove linux-image-$arch + ynh_package_install linux-image-$arch +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= From f9256d4466e2dded423da993b618a0282c127edd Mon Sep 17 00:00:00 2001 From: tytan652 Date: Sat, 9 Jan 2021 10:02:11 +0100 Subject: [PATCH 34/54] build: remove the removal of linux-image-$arch --- scripts/upgrade | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 8915a4b..cefe056 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -59,8 +59,7 @@ arch=$(ynh_detect_arch) linuximage_version=$(ynh_package_version --package=linux-image-$arch) if [[ $linuximage_version == *"bpo10"* ]] then - ynh_package_remove linux-image-$arch - ynh_package_install linux-image-$arch + ynh_package_install linux-image-$arch/stable fi #================================================= From b8b855f59bb35a0eae558b103068c0ad188fd6df Mon Sep 17 00:00:00 2001 From: tytan652 Date: Sat, 9 Jan 2021 11:18:28 +0100 Subject: [PATCH 35/54] fix: remove "--no-remove" for linux-image install If we let it this way it may prevent linux-image-$arch to be downgraded --- scripts/upgrade | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index cefe056..b6cc37e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -59,7 +59,10 @@ arch=$(ynh_detect_arch) linuximage_version=$(ynh_package_version --package=linux-image-$arch) if [[ $linuximage_version == *"bpo10"* ]] then - ynh_package_install linux-image-$arch/stable + # Downgrading using ynh_package_install (exploded) without "--no-remove" + # It will remove wireguard-ynh-deps and wireguard but they will be reinstalled throught upgrade process + ynh_apt --option Dpkg::Options::=--force-confdef \ + --option Dpkg::Options::=--force-confold install linux-image-$arch/stable fi #================================================= From f633f6c40b71344f2115797c9b2c2edd983cbea1 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Sat, 9 Jan 2021 11:24:27 +0100 Subject: [PATCH 36/54] fix: allow downgrade for linux-image install --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index b6cc37e..854e0f7 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -61,7 +61,7 @@ if [[ $linuximage_version == *"bpo10"* ]] then # Downgrading using ynh_package_install (exploded) without "--no-remove" # It will remove wireguard-ynh-deps and wireguard but they will be reinstalled throught upgrade process - ynh_apt --option Dpkg::Options::=--force-confdef \ + ynh_apt --allow-downgrades --option Dpkg::Options::=--force-confdef \ --option Dpkg::Options::=--force-confold install linux-image-$arch/stable fi From 58ef74e9611da1a66413b7db86e3489bcc87b491 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Sun, 10 Jan 2021 10:57:05 +0100 Subject: [PATCH 37/54] doc: replace new kernel mentions by dkms ones --- README.md | 4 +++- README_fr.md | 4 +++- scripts/install | 2 +- scripts/restore | 2 +- scripts/upgrade | 2 +- 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 7c8e144..ef2bccc 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,9 @@ *[Lire ce readme en français.](./README_fr.md)* -:warning: This app is still experimental. WireGuard requires upgrading your Linux kernel to another major version. Check its compatibility before running it on a production system. :warning: +:warning: This app is still experimental. Check its compatibility before running it on a production system. :warning: + +:exclamation: WireGuard for YunoHost will add a DMKS module to your Linux kernel. > *This package allows you to install WireGuard quickly and simply on a YunoHost server. If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* diff --git a/README_fr.md b/README_fr.md index 4b3ba84..546c13a 100644 --- a/README_fr.md +++ b/README_fr.md @@ -5,7 +5,9 @@ *[Read this readme in english.](./README.md)* -:warning: Cette app est encore expérimentale. WireGuard requiert de mettre à niveau votre noyau Linux. Vérifiez sa compatibilté avant de lancer l'installation sur un serveur de production. :warning: +:warning: Cette app est encore expérimentale. Vérifiez sa compatibilté avant de lancer l'installation sur un serveur de production. :warning: + +:exclamation: WireGuard pour YunoHost ajoutera un module DKMS à votre noyau Linux. > *Ce package vous permet d'installer WireGuard rapidement et simplement sur un serveur YunoHost. Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.* diff --git a/scripts/install b/scripts/install index 7f60ec7..2b3d54a 100644 --- a/scripts/install +++ b/scripts/install @@ -78,7 +78,7 @@ ynh_script_progression --message="Installing dependencies..." --weight=7 #Add buster-backports repo ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app" -#Add pin-priority for wireguard package +#Add pin-priority for wireguard packages ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" --priority=995 --name="$app" # Update the list of package with the new repo diff --git a/scripts/restore b/scripts/restore index fef3b92..7338b94 100644 --- a/scripts/restore +++ b/scripts/restore @@ -89,7 +89,7 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=5 #Add buster-backports repo ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app" -#Add pin-priority for wireguard package +#Add pin-priority for wireguard packages ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" --priority=995 --name="$app" # Update the list of package with the new repo diff --git a/scripts/upgrade b/scripts/upgrade index 854e0f7..7d806c3 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -59,7 +59,7 @@ arch=$(ynh_detect_arch) linuximage_version=$(ynh_package_version --package=linux-image-$arch) if [[ $linuximage_version == *"bpo10"* ]] then - # Downgrading using ynh_package_install (exploded) without "--no-remove" + # Downgrading using ynh_package_install apt command without "--no-remove" and with "--allow-downgrades" # It will remove wireguard-ynh-deps and wireguard but they will be reinstalled throught upgrade process ynh_apt --allow-downgrades --option Dpkg::Options::=--force-confdef \ --option Dpkg::Options::=--force-confold install linux-image-$arch/stable From 1f5416ebc2ef3fb079ac4766a6861a17bc0964a5 Mon Sep 17 00:00:00 2001 From: tytan652 Date: Sun, 10 Jan 2021 10:58:55 +0100 Subject: [PATCH 38/54] feat: remove backports kernel if in use --- scripts/_common.sh | 139 +++++++++++++++++++++++++++++++++++++++++++++ scripts/upgrade | 14 ++++- 2 files changed, 152 insertions(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 71c2c12..40b5c9c 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -39,6 +39,145 @@ ynh_detect_arch(){ echo $architecture } +# Send an email to inform the administrator +# +# usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type] +# | arg: -m --app_message= - The file with the content to send to the administrator. +# | arg: -r, --recipients= - The recipients of this email. Use spaces to separate multiples recipients. - default: root +# example: "root admin@domain" +# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you +# example: "root admin@domain user1 user2" +# | arg: -t, --type= - Type of mail, could be 'backup', 'change_url', 'install', 'remove', 'restore', 'upgrade' +ynh_send_readme_to_admin() { + # Declare an array to define the options of this helper. + declare -Ar args_array=( [m]=app_message= [r]=recipients= [t]=type= ) + local app_message + local recipients + local type + # Manage arguments with getopts + + ynh_handle_getopts_args "$@" + app_message="${app_message:-}" + recipients="${recipients:-root}" + type="${type:-install}" + + # Get the value of admin_mail_html + admin_mail_html=$(ynh_app_setting_get $app admin_mail_html) + admin_mail_html="${admin_mail_html:-0}" + + # Retrieve the email of users + find_mails () { + local list_mails="$1" + local mail + local recipients=" " + # Read each mail in argument + for mail in $list_mails + do + # Keep root or a real email address as it is + if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@" + then + recipients="$recipients $mail" + else + # But replace an user name without a domain after by its email + if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null) + then + recipients="$recipients $mail" + fi + fi + done + echo "$recipients" + } + recipients=$(find_mails "$recipients") + + # Subject base + local mail_subject="☁️🆈🅽🅷☁️: \`$app\`" + + # Adapt the subject according to the type of mail required. + if [ "$type" = "backup" ]; then + mail_subject="$mail_subject has just been backup." + elif [ "$type" = "change_url" ]; then + mail_subject="$mail_subject has just been moved to a new URL!" + elif [ "$type" = "remove" ]; then + mail_subject="$mail_subject has just been removed!" + elif [ "$type" = "restore" ]; then + mail_subject="$mail_subject has just been restored!" + elif [ "$type" = "upgrade" ]; then + mail_subject="$mail_subject has just been upgraded!" + else # install + mail_subject="$mail_subject has just been installed!" + fi + + local mail_message="This is an automated message from your beloved YunoHost server. + +Specific information for the application $app. + +$(if [ -n "$app_message" ] +then + cat "$app_message" +else + echo "...No specific information..." +fi) + +--- +Automatic diagnosis data from YunoHost + +__PRE_TAG1__$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')__PRE_TAG2__" + + # Store the message into a file for further modifications. + echo "$mail_message" > mail_to_send + + # If a html email is required. Apply html tags to the message. + if [ "$admin_mail_html" -eq 1 ] + then + # Insert 'br' tags at each ending of lines. + ynh_replace_string "$" "
" mail_to_send + + # Insert starting HTML tags + sed --in-place '1s@^@\n\n\n\n@' mail_to_send + + # Keep tabulations + ynh_replace_string " " "\ \ " mail_to_send + ynh_replace_string "\t" "\ \ " mail_to_send + + # Insert url links tags + ynh_replace_string "__URL_TAG1__\(.*\)__URL_TAG2__\(.*\)__URL_TAG3__" "\1" mail_to_send + + # Insert pre tags + ynh_replace_string "__PRE_TAG1__" "
" mail_to_send
+		ynh_replace_string "__PRE_TAG2__" "<\pre>" mail_to_send
+
+		# Insert finishing HTML tags
+		echo -e "\n\n" >> mail_to_send
+
+	# Otherwise, remove tags to keep a plain text.
+	else
+		# Remove URL tags
+		ynh_replace_string "__URL_TAG[1,3]__" "" mail_to_send
+		ynh_replace_string "__URL_TAG2__" ": " mail_to_send
+
+		# Remove PRE tags
+		ynh_replace_string "__PRE_TAG[1-2]__" "" mail_to_send
+	fi
+
+	# Define binary to use for mail command
+	if [ -e /usr/bin/bsd-mailx ]
+	then
+		local mail_bin=/usr/bin/bsd-mailx
+	else
+		local mail_bin=/usr/bin/mail.mailutils
+	fi
+
+	if [ "$admin_mail_html" -eq 1 ]
+	then
+		content_type="text/html"
+	else
+		content_type="text/plain"
+	fi
+
+	# Send the email to the recipients
+	cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients"
+}
+
 #=================================================
 # FUTURE OFFICIAL HELPERS
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 7d806c3..d830ccb 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -63,6 +63,18 @@ then
 	# It will remove wireguard-ynh-deps and wireguard but they will be reinstalled throught upgrade process
 	ynh_apt --allow-downgrades --option Dpkg::Options::=--force-confdef \
         --option Dpkg::Options::=--force-confold install linux-image-$arch/stable
+
+	#Remove backports kernel if running on it and send a mail to the admin to ask him to reboot
+	linuxkernel_version = $(uname -r)
+	if [[ $linuxkernel_version == *"bpo"* ]]
+	then
+		ynh_package_remove linux-image-$linuxkernel_version
+
+		echo "You've been using an experimental version of wireguard_ynh, which was using the backports version of the linux kernel.
+Now wireguard_ynh use a DKMS module allowing itself to be used with the stable kernel, then the backports one was removed and a reboot is needed to go back to the stable one." > mail_to_send
+
+		ynh_send_readme_to_admin --app_message="mail_to_send" --recipients="admin" --type=upgrade
+	fi
 fi
 
 #=================================================
@@ -120,7 +132,7 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=7
 #Add buster-backports repo
 ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app"
 
-#Add pin-priority for wireguard package
+#Add pin-priority for wireguard packages
 ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" --priority=995 --name="$app"
 
 # Update the list of package with the new repo

From 2204e15983025e9e7fe1ce297e14b886da131bc3 Mon Sep 17 00:00:00 2001
From: tytan652 
Date: Sun, 10 Jan 2021 11:09:35 +0100
Subject: [PATCH 39/54] fix: backports kernel removal

---
 scripts/upgrade | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index d830ccb..07f5987 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -68,7 +68,7 @@ then
 	linuxkernel_version = $(uname -r)
 	if [[ $linuxkernel_version == *"bpo"* ]]
 	then
-		ynh_package_remove linux-image-$linuxkernel_version
+		ynh_package_remove "linux-image-$linuxkernel_version"
 
 		echo "You've been using an experimental version of wireguard_ynh, which was using the backports version of the linux kernel.
 Now wireguard_ynh use a DKMS module allowing itself to be used with the stable kernel, then the backports one was removed and a reboot is needed to go back to the stable one." > mail_to_send

From 758aef11a8f4884cde910fc00ff2ebba6b56744a Mon Sep 17 00:00:00 2001
From: tytan652 
Date: Sun, 10 Jan 2021 11:17:34 +0100
Subject: [PATCH 40/54] fix(really): backports kernel removal

Just forget how to create bash variable
---
 scripts/upgrade | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 07f5987..12791f6 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -65,10 +65,10 @@ then
         --option Dpkg::Options::=--force-confold install linux-image-$arch/stable
 
 	#Remove backports kernel if running on it and send a mail to the admin to ask him to reboot
-	linuxkernel_version = $(uname -r)
+	linuxkernel_version=$(uname -r)
 	if [[ $linuxkernel_version == *"bpo"* ]]
 	then
-		ynh_package_remove "linux-image-$linuxkernel_version"
+		ynh_package_remove linux-image-$linuxkernel_version
 
 		echo "You've been using an experimental version of wireguard_ynh, which was using the backports version of the linux kernel.
 Now wireguard_ynh use a DKMS module allowing itself to be used with the stable kernel, then the backports one was removed and a reboot is needed to go back to the stable one." > mail_to_send

From 72f45bfc19ceb1a2bb6589a646904f9de4419abf Mon Sep 17 00:00:00 2001
From: tytan652 
Date: Sun, 10 Jan 2021 12:05:32 +0100
Subject: [PATCH 41/54] build: add a check for upgrade

---
 check_process | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/check_process b/check_process
index d0267fe..9b28d6d 100644
--- a/check_process
+++ b/check_process
@@ -20,7 +20,7 @@
 		setup_private=1
 		setup_public=0
 		upgrade=1
-		#upgrade=1	from_commit=CommitHash
+		upgrade=1	from_commit=797a3e5990571629a8525764ce6e8d359277313f
 		backup_restore=1
 		multi_instance=0
 		port_already_use=0
@@ -32,7 +32,7 @@
 Email=
 Notification=none
 ;;; Upgrade options
-	; commit=CommitHash
-		name=Name and date of the commit.
-		manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666&
+	; commit=797a3e5990571629a8525764ce6e8d359277313f
+		name=a version using backport kernel
+		manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=1&
 

From 55cf0e83819023fb16232d6a5418c09344184886 Mon Sep 17 00:00:00 2001
From: tytan652 
Date: Mon, 11 Jan 2021 21:43:02 +0100
Subject: [PATCH 42/54] doc: replace REPLACEBYYOURAPP by wireguard

---
 README_fr.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README_fr.md b/README_fr.md
index 546c13a..9cc1ee7 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -80,5 +80,5 @@ Pour essayer la branche testing, procédez comme suit.
 ```
 sudo yunohost app install https://github.com/YunoHost-Apps/wireguard_ynh/tree/testing --debug
 ou
-sudo yunohost app upgrade REPLACEBYYOURAPP -u https://github.com/YunoHost-Apps/wireguard_ynh/tree/testing --debug
+sudo yunohost app upgrade wireguard -u https://github.com/YunoHost-Apps/wireguard_ynh/tree/testing --debug
 ```

From 823fe2e97eb1a31f88c3d28bb2f3a74ac00faaac Mon Sep 17 00:00:00 2001
From: tituspijean 
Date: Mon, 11 Jan 2021 21:41:29 +0100
Subject: [PATCH 43/54] No need for permissions handling in restore

---
 scripts/restore | 12 ------------
 1 file changed, 12 deletions(-)

diff --git a/scripts/restore b/scripts/restore
index 7338b94..f825a58 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -132,18 +132,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
 
 ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var/log/$app/ui.log"
 
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Configuring permissions..." --weight=1
-
-if [ $is_public -eq 1 ]
-then
-	ynh_permission_update --permission "main" --add visitors
-else
-	ynh_permission_update --permission "main" --remove "all_users" --add "$admin"
-fi
-
 #=================================================
 # RESTORE THE LOGROTATE CONFIGURATION
 #=================================================

From c7c7cd7e3f049b431d8533df99b83a0e304f1f4f Mon Sep 17 00:00:00 2001
From: tituspijean 
Date: Mon, 11 Jan 2021 22:20:30 +0100
Subject: [PATCH 44/54] User directive in WireGuard service

---
 conf/sudoers.conf      | 3 +++
 conf/wireguard.service | 2 ++
 scripts/backup         | 1 +
 scripts/install        | 4 ++++
 scripts/remove         | 9 +++++++++
 scripts/restore        | 3 +++
 scripts/upgrade        | 6 ++++++
 7 files changed, 28 insertions(+)
 create mode 100644 conf/sudoers.conf

diff --git a/conf/sudoers.conf b/conf/sudoers.conf
new file mode 100644
index 0000000..cb80189
--- /dev/null
+++ b/conf/sudoers.conf
@@ -0,0 +1,3 @@
+Cmnd_Alias WIREGUARDSERVICE = /bin/systemctl restart wg-quick@wg0.service
+
+__USER__ ALL = NOPASSWD: WIREGUARDSERVICE
diff --git a/conf/wireguard.service b/conf/wireguard.service
index f2afa4d..7711fbf 100644
--- a/conf/wireguard.service
+++ b/conf/wireguard.service
@@ -4,4 +4,6 @@ After=network.target
 
 [Service]
 Type=oneshot
+User=__APP__
+Group=__APP__
 ExecStart=/bin/systemctl restart wg-quick@wg0.service
diff --git a/scripts/backup b/scripts/backup
index fae85a1..6fc9a1d 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -63,6 +63,7 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
 ynh_backup --src_path="/etc/systemd/system/$app.service"
 ynh_backup --src_path=/etc/systemd/system/wireguard_ui.service
 ynh_backup --src_path=/etc/systemd/system/wireguard.path
+ynh_backup --src_path="/etc/sudoers.d/${app}_ynh"
 
 #=================================================
 # BACKUP VARIOUS FILES
diff --git a/scripts/install b/scripts/install
index 2b3d54a..06f107e 100644
--- a/scripts/install
+++ b/scripts/install
@@ -114,6 +114,10 @@ ynh_script_progression --message="Configuring system user..." --weight=1
 # Create a system user
 ynh_system_user_create --username=$app
 
+# Ensure the system user has enough permissions
+install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
+ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
+
 #=================================================
 # SPECIFIC SETUP
 #=================================================
diff --git a/scripts/remove b/scripts/remove
index 0c0fe93..0a11336 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -94,6 +94,15 @@ then
 	ynh_exec_warn_less yunohost firewall disallow TCP $port_wg
 fi
 
+#=================================================
+# SPECIFIC REMOVE
+#=================================================
+# REMOVE VARIOUS FILES
+#=================================================
+
+# Remove sudoers file
+ynh_secure_remove --file="/etc/sudoers.d/${app}_ynh"
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index f825a58..e350e8e 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -68,6 +68,9 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei
 # Create the dedicated user (if not existing)
 ynh_system_user_create --username=$app
 
+# Restore sudoers file
+ynh_restore_file --origin_path="/etc/sudoers.d/${app}_ynh"
+
 #=================================================
 # RESTORE USER RIGHTS
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 12791f6..40bd3e8 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -77,6 +77,12 @@ Now wireguard_ynh use a DKMS module allowing itself to be used with the stable k
 	fi
 fi
 
+# Add sudoers file if missing
+if [ -f "/etc/sudoers.d/${app}_ynh" ]; then
+	install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
+	ynh_replace_string "__USER__" "${app}" /etc/sudoers.d/${app}_ynh
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================

From 831a048693518a178d802c567620326ffdb69e48 Mon Sep 17 00:00:00 2001
From: tituspijean 
Date: Mon, 11 Jan 2021 23:16:53 +0100
Subject: [PATCH 45/54] Comments cleanup

---
 scripts/change_url |  5 -----
 scripts/install    | 35 +++--------------------------------
 scripts/upgrade    | 12 +++---------
 3 files changed, 6 insertions(+), 46 deletions(-)

diff --git a/scripts/change_url b/scripts/change_url
index 3f21bc8..6f73f5b 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -29,11 +29,6 @@ ynh_script_progression --message="Loading installation settings..." --time --wei
 # Needed for helper "ynh_add_nginx_config"
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 
-# Add settings here as needed by your application
-#db_name=$(ynh_app_setting_get --app=$app --key=db_name)
-#db_user=$db_name
-#db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
-
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
diff --git a/scripts/install b/scripts/install
index 06f107e..3f4e882 100644
--- a/scripts/install
+++ b/scripts/install
@@ -75,10 +75,10 @@ ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_wg
 #=================================================
 ynh_script_progression --message="Installing dependencies..." --weight=7
 
-#Add buster-backports repo
+# Add buster-backports repo
 ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app"
 
-#Add pin-priority for wireguard packages
+# Add pin-priority for wireguard packages
 ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" --priority=995 --name="$app"
 
 # Update the list of package with the new repo
@@ -86,7 +86,7 @@ ynh_package_update
 
 ynh_add_app_dependencies --package="$pkg_dependencies"
 
-#Remove buster-backports repo and pin-priority
+# Remove buster-backports repo and pin-priority
 ynh_remove_extra_repo --name=$app
 
 #=================================================
@@ -160,10 +160,6 @@ ynh_add_systemd_config --service=wireguard --template=wireguard.service --others
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-### For security reason, any app should set the permissions to root: before anything else.
-### Then, if write authorization is needed, any access should be given only to directories
-### that really need such authorization.
-
 # Set permissions to app files
 chown -R root: $final_path
 chown -R $app: $final_path/db
@@ -176,14 +172,6 @@ chown -R $app:$app /etc/wireguard
 #=================================================
 ynh_script_progression --message="Configuring log rotation..." --weight=1
 
-### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
-### Use this helper only if there is effectively a log file for this app.
-### If you're not using this helper:
-###		- Remove the section "BACKUP LOGROTATE" in the backup script
-###		- Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
-###		- As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
-###		- And the section "SETUP LOGROTATE" in the upgrade script
-
 # Use logrotate to manage application logfile(s)
 ynh_use_logrotate
 
@@ -195,23 +183,6 @@ ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
 yunohost service add wireguard --description "WireGuard" --needs_exposed_ports $port_wg --test_status "wg show | grep wg0"
 yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$app/ui.log"
 
-### Additional options starting with 3.8:
-###
-### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed
-###                               which will then be checked by YunoHost's diagnosis system
-###                               (N.B. DO NOT USE THIS is the port is only internal !!!)
-###
-### --test_status "some command"  a custom command to check the status of the service
-###                               (only relevant if 'systemctl status' doesn't do a good job)
-###
-### --test_conf "some command"    some command similar to "nginx -t" that validates the conf of the service
-###
-### Re-calling 'yunohost service add' during the upgrade script is the right way
-### to proceed if you later realize that you need to enable some flags that
-### weren't enabled on old installs (be careful it'll override the existing
-### service though so you should re-provide all relevant flags when doing so)
-###
-
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 40bd3e8..f64df02 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -26,12 +26,6 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 # CHECK VERSION
 #=================================================
 
-### This helper will compare the version of the currently installed app and the version of the upstream package.
-### $upgrade_type can have 2 different values
-### - UPGRADE_APP if the upstream app version has changed
-### - UPGRADE_PACKAGE if only the YunoHost package has changed
-### ynh_check_app_version_changed will stop the upgrade if the app is up to date.
-### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do.
 upgrade_type=$(ynh_check_app_version_changed)
 
 #=================================================
@@ -135,10 +129,10 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=7
 
 #TODO: remove buster-backports kernel
 
-#Add buster-backports repo
+# Add buster-backports repo
 ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app"
 
-#Add pin-priority for wireguard packages
+# Add pin-priority for wireguard packages
 ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" --priority=995 --name="$app"
 
 # Update the list of package with the new repo
@@ -146,7 +140,7 @@ ynh_package_update
 
 ynh_add_app_dependencies --package="$pkg_dependencies"
 
-#Remove buster-backports repo and pin-priority
+# Remove buster-backports repo and pin-priority
 ynh_remove_extra_repo --name=$app
 
 #=================================================

From 079b888683f609e84cca41bf03a06c3a5fef3f62 Mon Sep 17 00:00:00 2001
From: tituspijean 
Date: Thu, 14 Jan 2021 18:36:36 +0100
Subject: [PATCH 46/54] Add warning in manifest

---
 manifest.json | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/manifest.json b/manifest.json
index 1af88fb..4665bbf 100644
--- a/manifest.json
+++ b/manifest.json
@@ -22,6 +22,14 @@
     ],
     "arguments": {
         "install" : [
+            {
+                "name": "warning",
+                "type": "display_text",
+                "ask": {
+                    "en": "WireGuard is still experimental. The WireGuard package for YunoHost will add a DMKS module to your Linux kernel.\n\nCheck its compatibility before installing it on a production system.",
+                    "fr": "WireGuard est encore expérimental. Le package WireGuard pour YunoHost va installer un module DKMS à votre kernel Linux.\n\nVérifiez sa compatibilité avant de l'installer sur un serveur de production."
+                }
+            },
             {
                 "name": "domain",
                 "type": "domain",

From e811a176d5ae4c83c75476e73621e150d9b6fd8b Mon Sep 17 00:00:00 2001
From: tituspijean 
Date: Thu, 21 Jan 2021 19:39:11 +0100
Subject: [PATCH 47/54] Better detection of ports conflict

---
 scripts/upgrade | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index f64df02..d83ca95 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -39,11 +39,11 @@ if [ -z "$final_path" ]; then
 	ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 fi
 
-# Change port for WireGuard UI because 8095 is default port for WireGuard VPN
-if [ $port -eq 8095 ]
+# Change port if WireGuard port is the same as WireGuard UI's
+if [ $port -eq $port_wg ]
 then
 	ynh_app_setting_delete --app=$app --key=port
-	port=$(ynh_find_port --port=8096)
+	port=$(ynh_find_port --port=$(($port_wg+1)))
 	ynh_app_setting_set --app=$app --key=port --value=$port
 	ynh_app_setting_set --app=$app --key=is_public --value=0
 fi

From d2b10120d757a3ec7fc24ce0b03a5b58c3408984 Mon Sep 17 00:00:00 2001
From: tituspijean 
Date: Thu, 21 Jan 2021 19:55:16 +0100
Subject: [PATCH 48/54] Remove is_public argument

---
 check_process   |  6 +-----
 manifest.json   | 13 -------------
 scripts/install | 10 +---------
 scripts/restore |  1 -
 scripts/upgrade |  3 ++-
 5 files changed, 4 insertions(+), 29 deletions(-)

diff --git a/check_process b/check_process
index 9b28d6d..89c76a4 100644
--- a/check_process
+++ b/check_process
@@ -8,10 +8,6 @@
 		domain="domain.tld"	(DOMAIN)
 		path="/"	(PATH)
 		admin="john"	(USER)
-		#language="fr"
-		is_public=1	(PUBLIC|public=1|private=0)
-		#password="pass"
-		#port="666"	(PORT)
 	; Checks
 		pkg_linter=1
 		setup_sub_dir=0
@@ -34,5 +30,5 @@ Notification=none
 ;;; Upgrade options
 	; commit=797a3e5990571629a8525764ce6e8d359277313f
 		name=a version using backport kernel
-		manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=1&
+		manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=0&
 
diff --git a/manifest.json b/manifest.json
index 4665bbf..1866839 100644
--- a/manifest.json
+++ b/manifest.json
@@ -61,19 +61,6 @@
                     "fr": "Choisissez l’administrateur"
                 },
                 "example": "johndoe"
-            },
-            {
-                "name": "is_public",
-                "type": "boolean",
-                "ask": {
-                    "en": "Is it a public application?",
-                    "fr": "Est-ce une application publique ?"
-                },
-                "help": {
-                    "en": "It is strongly advised to keep the configuration UI private.",
-                    "fr": "Il est fortement conseillé de garder l'interface de configuration privée."
-                },
-                "default": false
             }
         ]
     }
diff --git a/scripts/install b/scripts/install
index 3f4e882..ef8f203 100644
--- a/scripts/install
+++ b/scripts/install
@@ -27,7 +27,6 @@ ynh_abort_if_errors
 domain=$YNH_APP_ARG_DOMAIN
 path_url=$YNH_APP_ARG_PATH #TODO: Check if possible with wireguard_ui to use sub path
 admin=$YNH_APP_ARG_ADMIN
-is_public=$YNH_APP_ARG_IS_PUBLIC # Forced to use it to pass root installation check as public
 
 app=$YNH_APP_INSTANCE_NAME
 
@@ -50,7 +49,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=1
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
 ynh_app_setting_set --app=$app --key=admin --value=$admin
-ynh_app_setting_set --app=$app --key=is_public --value=$is_public # Forced to use it to pass root installation check as public
 
 #=================================================
 # STANDARD MODIFICATIONS
@@ -196,13 +194,7 @@ ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var
 #=================================================
 ynh_script_progression --message="Configuring permissions..." --weight=1
 
-# Make app public if necessary to pass root installation check
-if [ $is_public -eq 1 ]
-then
-	ynh_permission_update --permission "main" --add visitors
-else
-	ynh_permission_update --permission "main" --remove "all_users" --add "$admin"
-fi
+ynh_permission_update --permission "main" --remove "all_users" --add "$admin"
 
 #=================================================
 # RELOAD NGINX
diff --git a/scripts/restore b/scripts/restore
index e350e8e..b033d2d 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -33,7 +33,6 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
 port=$(ynh_app_setting_get --app=$app --key=port)
 port_wg=$(ynh_app_setting_get --app=$app --key=port_wg)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-is_public=$(ynh_app_setting_get --app=$app --key=is_public)
 
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
diff --git a/scripts/upgrade b/scripts/upgrade
index d83ca95..a31f684 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -45,7 +45,8 @@ then
 	ynh_app_setting_delete --app=$app --key=port
 	port=$(ynh_find_port --port=$(($port_wg+1)))
 	ynh_app_setting_set --app=$app --key=port --value=$port
-	ynh_app_setting_set --app=$app --key=is_public --value=0
+	# Let's remove the unused is_public key too
+	ynh_app_setting_delete --app=$app --key=is_public
 fi
 
 # Downgrade linux-image-$arch if updated to the buster-backports version

From b36f91407f9bb0f14f30325159302bd489413113 Mon Sep 17 00:00:00 2001
From: tituspijean 
Date: Thu, 21 Jan 2021 21:34:52 +0100
Subject: [PATCH 49/54] Detect successful start or stop of UI service

---
 scripts/change_url | 4 ++--
 scripts/install    | 2 +-
 scripts/restore    | 2 +-
 scripts/upgrade    | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/scripts/change_url b/scripts/change_url
index 6f73f5b..e74175d 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -69,7 +69,7 @@ fi
 #=================================================
 ynh_script_progression --message="Stopping a systemd service..." --time --weight=1
 
-ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd"
 
 #=================================================
 # MODIFY URL IN NGINX CONF
@@ -113,7 +113,7 @@ fi
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --time --weight=1
 
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="start" --line_match="http server started" --log_path="systemd"
 
 #=================================================
 # RELOAD NGINX
diff --git a/scripts/install b/scripts/install
index ef8f203..5955510 100644
--- a/scripts/install
+++ b/scripts/install
@@ -187,7 +187,7 @@ yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$
 ynh_script_progression --message="Starting a systemd service..." --weight=1
 
 # Start a systemd service
-ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var/log/$app/ui.log"
+ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd"
 
 #=================================================
 # SETUP SSOWAT
diff --git a/scripts/restore b/scripts/restore
index b033d2d..1c1abb1 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -132,7 +132,7 @@ ynh_restore_file --origin_path=$(jq -r ".config_file_path" $final_path/db/server
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --weight=1
 
-ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var/log/$app/ui.log"
+ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd"
 
 #=================================================
 # RESTORE THE LOGROTATE CONFIGURATION
diff --git a/scripts/upgrade b/scripts/upgrade
index a31f684..3864bef 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -99,7 +99,7 @@ ynh_abort_if_errors
 #=================================================
 ynh_script_progression --message="Stopping a systemd service..." --weight=1
 
-ynh_systemd_action --service_name=wireguard_ui --action="stop" --log_path="/var/log/$app/ui.log"
+ynh_systemd_action --service_name=wireguard_ui --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd"
 systemctl disable --now --quiet wireguard.path
 ynh_systemd_action --service_name=wireguard --action="stop"
 
@@ -211,7 +211,7 @@ yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$
 ynh_script_progression --message="Starting a systemd service..." --weight=1
 
 # Start a systemd service
-ynh_systemd_action --service_name=wireguard_ui --action="start" --log_path="/var/log/$app/ui.log"
+ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd"
 
 #=================================================
 # RELOAD NGINX

From 4ea4acffccffcf4bac569bfe3c7678ee0ac48f79 Mon Sep 17 00:00:00 2001
From: tituspijean 
Date: Thu, 21 Jan 2021 21:35:22 +0100
Subject: [PATCH 50/54] Make sure the app stay private

---
 scripts/upgrade | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scripts/upgrade b/scripts/upgrade
index 3864bef..0cae1b1 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -49,6 +49,11 @@ then
 	ynh_app_setting_delete --app=$app --key=is_public
 fi
 
+# WireGuard UI should be private, really.
+if [ $(ynh_permission_has_user --permission=main --user=visitors) -eq 1 ]; then
+        ynh_permission_update --permission=main --remove=visitors
+fi
+
 # Downgrade linux-image-$arch if updated to the buster-backports version
 arch=$(ynh_detect_arch)
 linuximage_version=$(ynh_package_version --package=linux-image-$arch)

From 36e0600016b5ec552523684d8ccd05cc3686c0d5 Mon Sep 17 00:00:00 2001
From: tituspijean 
Date: Thu, 21 Jan 2021 22:04:04 +0100
Subject: [PATCH 51/54] Improve visitor permission removal

---
 scripts/upgrade | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/scripts/upgrade b/scripts/upgrade
index 0cae1b1..58647a0 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -50,7 +50,8 @@ then
 fi
 
 # WireGuard UI should be private, really.
-if [ $(ynh_permission_has_user --permission=main --user=visitors) -eq 1 ]; then
+if ynh_permission_has_user --permission=main --user=visitors
+then
         ynh_permission_update --permission=main --remove=visitors
 fi
 

From 12f5f3566a7e694a229f320fde75e9ea9f3b7fb6 Mon Sep 17 00:00:00 2001
From: tituspijean 
Date: Thu, 21 Jan 2021 22:15:43 +0100
Subject: [PATCH 52/54] Try to appease the CI

---
 scripts/change_url | 4 ++--
 scripts/install    | 2 +-
 scripts/restore    | 3 ++-
 scripts/upgrade    | 5 +++--
 4 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/scripts/change_url b/scripts/change_url
index e74175d..1fdf39e 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -69,7 +69,7 @@ fi
 #=================================================
 ynh_script_progression --message="Stopping a systemd service..." --time --weight=1
 
-ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd"
+ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd" --timeout=30
 
 #=================================================
 # MODIFY URL IN NGINX CONF
@@ -113,7 +113,7 @@ fi
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --time --weight=1
 
-ynh_systemd_action --service_name=$app --action="start" --line_match="http server started" --log_path="systemd"
+ynh_systemd_action --service_name=$app --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
 
 #=================================================
 # RELOAD NGINX
diff --git a/scripts/install b/scripts/install
index 5955510..d742264 100644
--- a/scripts/install
+++ b/scripts/install
@@ -187,7 +187,7 @@ yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$
 ynh_script_progression --message="Starting a systemd service..." --weight=1
 
 # Start a systemd service
-ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd"
+ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
 
 #=================================================
 # SETUP SSOWAT
diff --git a/scripts/restore b/scripts/restore
index 1c1abb1..ea14736 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -132,7 +132,8 @@ ynh_restore_file --origin_path=$(jq -r ".config_file_path" $final_path/db/server
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --weight=1
 
-ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd"
+ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
+sleep 5
 
 #=================================================
 # RESTORE THE LOGROTATE CONFIGURATION
diff --git a/scripts/upgrade b/scripts/upgrade
index 58647a0..9704782 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -105,7 +105,7 @@ ynh_abort_if_errors
 #=================================================
 ynh_script_progression --message="Stopping a systemd service..." --weight=1
 
-ynh_systemd_action --service_name=wireguard_ui --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd"
+ynh_systemd_action --service_name=wireguard_ui --action="stop" --line_match="Stopped WireGuard UI" --log_path="systemd" --timeout=30
 systemctl disable --now --quiet wireguard.path
 ynh_systemd_action --service_name=wireguard --action="stop"
 
@@ -217,7 +217,8 @@ yunohost service add wireguard_ui --description "WireGuard UI" --log "/var/log/$
 ynh_script_progression --message="Starting a systemd service..." --weight=1
 
 # Start a systemd service
-ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd"
+ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="http server started" --log_path="systemd" --timeout=30
+sleep 5
 
 #=================================================
 # RELOAD NGINX

From c2a434afe6362522670030804beff5b27c37ea64 Mon Sep 17 00:00:00 2001
From: tituspijean 
Date: Fri, 22 Jan 2021 21:12:50 +0100
Subject: [PATCH 53/54] No need to start UI after wireguard.path service

---
 conf/wireguard_ui.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/wireguard_ui.service b/conf/wireguard_ui.service
index be59370..eb79f7a 100644
--- a/conf/wireguard_ui.service
+++ b/conf/wireguard_ui.service
@@ -1,6 +1,6 @@
 [Unit]
 Description=WireGuard UI
-After=network.target wireguard.service wireguard.path
+After=network.target wireguard.service
 
 [Service]
 Type=simple

From dbbb1ced45a67efbd35fa7b1bf6cbbcc3c5c4187 Mon Sep 17 00:00:00 2001
From: tituspijean 
Date: Fri, 22 Jan 2021 21:23:38 +0100
Subject: [PATCH 54/54] Update warnings

---
 manifest.json | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/manifest.json b/manifest.json
index 1866839..a52fa6c 100644
--- a/manifest.json
+++ b/manifest.json
@@ -26,8 +26,8 @@
                 "name": "warning",
                 "type": "display_text",
                 "ask": {
-                    "en": "WireGuard is still experimental. The WireGuard package for YunoHost will add a DMKS module to your Linux kernel.\n\nCheck its compatibility before installing it on a production system.",
-                    "fr": "WireGuard est encore expérimental. Le package WireGuard pour YunoHost va installer un module DKMS à votre kernel Linux.\n\nVérifiez sa compatibilité avant de l'installer sur un serveur de production."
+                    "en": "WireGuard installs a Linux kernel module and will most likely require a reboot of your server to work properly.",
+                    "fr": "WireGuard installe un module au noyau Linux et nécessite probablement un redémarrage du serveur pour fonctionner correctement."
                 }
             },
             {