mirror of
https://github.com/YunoHost-Apps/ztncui_ynh.git
synced 2024-09-03 18:06:05 +02:00
Appease linter
This commit is contained in:
tituspijean
parent
d791fc51fd
commit
97c4bbaa52
6 changed files with 46 additions and 29 deletions
|
|
@ -4,11 +4,41 @@ After=network.target
|
|||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=ztncui
|
||||
Group=ztncui
|
||||
User=__APP__
|
||||
Group=__APP__
|
||||
Environment="__YNH_NODE_LOAD_PATH__"
|
||||
WorkingDirectory=__FINALPATH__/src/
|
||||
ExecStart=__YNH_NPM__ start
|
||||
StandardOutput=append:/var/log/__APP__/__APP__.log
|
||||
StandardError=inherit
|
||||
|
||||
# Sandboxing options to harden security
|
||||
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||
NoNewPrivileges=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||
RestrictNamespaces=yes
|
||||
RestrictRealtime=yes
|
||||
DevicePolicy=closed
|
||||
ProtectSystem=full
|
||||
ProtectControlGroups=yes
|
||||
ProtectKernelModules=yes
|
||||
ProtectKernelTunables=yes
|
||||
LockPersonality=yes
|
||||
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
|
||||
|
||||
# Denying access to capabilities that should not be relevant for webapps
|
||||
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
|||
|
|
@ -8,13 +8,18 @@
|
|||
},
|
||||
"version": "20210310~ynh1",
|
||||
"url": "https://key-networks.com/ztncui",
|
||||
"upstream": {
|
||||
"license": "GPL-3.0-only",
|
||||
"website": "https://key-networks.com/ztncui/",
|
||||
"code": "https://github.com/key-networks/ztncui"
|
||||
},
|
||||
"license": "GPL-3.0-only",
|
||||
"maintainer": {
|
||||
"name": "tituspijean",
|
||||
"email": "tituspijean@outlook.com"
|
||||
},
|
||||
"requirements": {
|
||||
"yunohost": ">= 4.1.2"
|
||||
"yunohost": ">= 4.1.7"
|
||||
},
|
||||
"services": [],
|
||||
"multi_instance": false,
|
||||
|
|
@ -34,8 +39,7 @@
|
|||
"help": {
|
||||
"en": "Ztncui can only be installed at the root of a domain.",
|
||||
"fr": "Ztncui ne peut être installée qu'à la racine d'un domaine."
|
||||
},
|
||||
"example": "zt.example.com"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "is_public",
|
||||
|
|
@ -48,8 +52,7 @@
|
|||
},
|
||||
{
|
||||
"name": "admin",
|
||||
"type": "user",
|
||||
"example": "johndoe"
|
||||
"type": "user"
|
||||
},
|
||||
{
|
||||
"name": "password",
|
||||
|
|
@ -57,8 +60,7 @@
|
|||
"help": {
|
||||
"en": "It will always be asked by Ztncui, in addition to your YunoHost credentials if set to private.",
|
||||
"fr": "Il sera toujours demandé par Ztncui, en plus des identifiants YunoHost si l'app est privée."
|
||||
},
|
||||
"example": "Choose a password"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@
|
|||
# COMMON VARIABLES
|
||||
#=================================================
|
||||
|
||||
nodejs_version=12
|
||||
nodejs_version=14
|
||||
|
||||
# dependencies used by the app
|
||||
pkg_dependencies="g++"
|
||||
|
|
@ -17,21 +17,6 @@ pkg_dependencies="g++"
|
|||
# EXPERIMENTAL HELPERS
|
||||
#=================================================
|
||||
|
||||
#!/bin/bash
|
||||
|
||||
# Execute a command as another user
|
||||
# usage: exec_as USER COMMAND [ARG ...]
|
||||
ynh_exec_as() {
|
||||
local USER=$1
|
||||
shift 1
|
||||
|
||||
if [[ $USER = $(whoami) ]]; then
|
||||
eval "$@"
|
||||
else
|
||||
sudo -u "$USER" "$@"
|
||||
fi
|
||||
}
|
||||
|
||||
#=================================================
|
||||
# FUTURE OFFICIAL HELPERS
|
||||
#=================================================
|
||||
|
|
|
|||
|
|
@ -171,7 +171,6 @@ chown -R $app: $final_path
|
|||
#=================================================
|
||||
ynh_script_progression --message="Configuring log rotation..." --weight=1
|
||||
|
||||
|
||||
# Use logrotate to manage application logfile(s)
|
||||
ynh_use_logrotate
|
||||
|
||||
|
|
|
|||
|
|
@ -37,8 +37,6 @@ nodejs_version=$(ynh_app_setting_get --app=$app --key=nodejs_version)
|
|||
#=================================================
|
||||
ynh_script_progression --message="Validating restoration parameters..." --weight=1
|
||||
|
||||
ynh_webpath_available --domain=$domain --path_url=$path_url \
|
||||
|| ynh_die --message="Path not available: ${domain}${path_url}"
|
||||
test ! -d $final_path \
|
||||
|| ynh_die --message="There is already a directory: $final_path "
|
||||
|
||||
|
|
|
|||
|
|
@ -114,7 +114,10 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=2
|
|||
|
||||
ynh_install_app_dependencies $pkg_dependencies
|
||||
|
||||
if [ $nodejs_version != $(ynh_app_setting_get --app=$app --key=nodejs_version) ]; then
|
||||
ynh_remove_nodejs
|
||||
ynh_install_nodejs --nodejs_version=$nodejs_version
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# CREATE DEDICATED USER
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue