From 10a1fe6bf94a8b2eed2386b614771a51e093d958 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Fri, 17 Apr 2020 12:53:19 +0200 Subject: [PATCH] New reset actions --- actions.toml | 30 +++++++ scripts/actions/reset_default_app | 128 +++++++++++++++++++++++++++ scripts/actions/reset_default_system | 80 +++++++++++++++++ scripts/backup | 2 +- scripts/restore | 2 +- 5 files changed, 240 insertions(+), 2 deletions(-) create mode 100755 scripts/actions/reset_default_app create mode 100755 scripts/actions/reset_default_system diff --git a/actions.toml b/actions.toml index f10fb3d..b9b966c 100644 --- a/actions.toml +++ b/actions.toml @@ -9,3 +9,33 @@ description = "Change the public access of the app." type = "boolean" ask = "Is it a public app ?" default = true + + +[reset_default_nginx] +name = "Reset the nginx config for this app." +command = "/bin/bash scripts/actions/reset_default_system nginx" +# user = "root" # optional +# cwd = "/" # optional +# accepted_return_codes = [0, 1, 2, 3] # optional +accepted_return_codes = [0] +description = "Reset the nginx config for this app." + + +[reset_default_phpfpm] +name = "Reset the php-fpm config for this app." +command = "/bin/bash scripts/actions/reset_default_system phpfpm" +# user = "root" # optional +# cwd = "/" # optional +# accepted_return_codes = [0, 1, 2, 3] # optional +accepted_return_codes = [0] +description = "Reset the php-fpm config for this app." + + +[reset_default_app] +name = "Reset the app with a default configuration." +command = "/bin/bash scripts/actions/reset_default_app" +# user = "root" # optional +# cwd = "/" # optional +# accepted_return_codes = [0, 1, 2, 3] # optional +accepted_return_codes = [0] +description = "Reset the app to its default configuration to try to fix potential issues.
This action won't remove any data added to the app.
However, if you have modified any configuration, it will be overwritten." diff --git a/scripts/actions/reset_default_app b/scripts/actions/reset_default_app new file mode 100755 index 0000000..bb63459 --- /dev/null +++ b/scripts/actions/reset_default_app @@ -0,0 +1,128 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source scripts/_common.sh +source /usr/share/yunohost/helpers +source scripts/_ynh_add_fpm_config + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} + +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +is_public=$(ynh_app_setting_get --app=$app --key=is_public) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +#================================================= +# SPECIFIC ACTION +#================================================= +# ACTIVATE MAINTENANCE MODE +#================================================= +ynh_script_progression --message="Activating maintenance mode..." + +ynh_maintenance_mode_ON + +#================================================= +# NGINX CONFIGURATION +#================================================= + +ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=1 + +# Create a dedicated nginx config +yunohost app action run $app reset_default_nginx + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +ynh_script_progression --message="Upgrading php-fpm configuration..." --weight=2 + +# Create a dedicated php-fpm config +yunohost app action run $app reset_default_phpfpm + +#================================================= +# CREATE A CRON TASK FOR AUTOMATIC UPDATE +#================================================= + +echo "# Reach everyday wp-cron.php?doing_wp_cron to trig the internal wordpress cron. +0 3 * * * root wget -q -O - https://$domain$path_url/wp-cron.php?doing_wp_cron >/dev/null 2>&1" > /etc/cron.d/$app + +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set permissions to app files +# Files have to be own by the user of wordpress. To allow upgrade from the app. +chown -R $app: $final_path +# Except the file config wp-config.php +chown root: $final_path/wp-config.php + +# Reset permissions +find $final_path/ -type f -print0 | xargs -0 chmod 0644 +find $final_path/ -type d -print0 | xargs -0 chmod 0755 + +#================================================= +# UPGRADE FAIL2BAN +#================================================= +ynh_script_progression --message="Reconfiguring fail2ban..." --weight=5 + +# Create a dedicated fail2ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="PHP message: Leed: wrong login for .* client: " --max_retry=5 + +#================================================= +# SETUP SSOWAT +#================================================= +ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1 + +# Remove skipped_uris if it's still present +ynh_app_setting_delete --app=$app --key=skipped_uris +if [ $is_public -eq 0 ]; then + # Remove the public access + ynh_app_setting_delete --app=$app --key=unprotected_uris +else + # Or replace skipped_uris by unprotected_uris + ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" +fi + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading nginx web server..." + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# DEACTIVE MAINTENANCE MODE +#================================================= +ynh_script_progression --message="Disabling maintenance mode..." + +ynh_maintenance_mode_OFF + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Execution completed" --last diff --git a/scripts/actions/reset_default_system b/scripts/actions/reset_default_system new file mode 100755 index 0000000..1dd2617 --- /dev/null +++ b/scripts/actions/reset_default_system @@ -0,0 +1,80 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source scripts/_common.sh +source /usr/share/yunohost/helpers +source scripts/_ynh_add_fpm_config + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +app=${YNH_APP_INSTANCE_NAME:-$YNH_APP_ID} + +type=$1 + +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +multisite=$(ynh_app_setting_get --app=$app --key=multisite) +is_public=$(ynh_app_setting_get --app=$app --key=is_public) + +#================================================= +# SPECIFIC ACTION +#================================================= +# RESET THE CONFIG FILE +#================================================= + +if [ $type == nginx ]; then + name=Nginx +elif [ $type == phpfpm ]; then + name=PHP-FPM +else + ynh_die --message="The type $type is not recognized" +fi + +ynh_script_progression --message="Resetting the specific configuration of $name for the app $app..." --weight=3 + +if [ $type == nginx ] +then + (cd scripts; ynh_add_nginx_config) + + if [ $multisite -eq 1 ] + then + ynh_replace_string --match_string="#--MULTISITE--" --replace_string="" --target_file=/etc/nginx/conf.d/$domain.d/$app.conf + + ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" + + ynh_systemd_action --service_name=nginx --action=reload + fi + +elif [ $type == phpfpm ] +then + # If the app is private, set the usage to low, otherwise to high. + if [ $is_public -eq 0 ] + then + usage=low + else + usage=high + fi + (cd scripts; ynh_add_fpm_config --usage=$usage --footprint=medium) +fi + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Execution completed" --last diff --git a/scripts/backup b/scripts/backup index f98be64..eeea16b 100644 --- a/scripts/backup +++ b/scripts/backup @@ -77,4 +77,4 @@ ynh_backup "/etc/cron.d/$app" # END OF SCRIPT #================================================= -ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --time --last +ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last diff --git a/scripts/restore b/scripts/restore index f02810a..616904a 100644 --- a/scripts/restore +++ b/scripts/restore @@ -33,7 +33,7 @@ admin_wordpress=$(ynh_app_setting_get --app=$app --key=admin) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_script_progression --message="Validating restoration parameters..." --time --weight=1 +ynh_script_progression --message="Validating restoration parameters..." ynh_webpath_available --domain=$domain --path_url=$path_url \ || ynh_die --message="Path not available: ${domain}${path_url}"