#!/bin/bash set -e do_init_regen() { if [[ $EUID -ne 0 ]]; then echo "You must be root to run this script" 1>&2 exit 1 fi cd /usr/share/yunohost/conf/yunohost [[ -d /etc/yunohost ]] || mkdir -p /etc/yunohost # set default current_host [[ -f /etc/yunohost/current_host ]] \ || echo "yunohost.org" >/etc/yunohost/current_host # copy default services and firewall [[ -f /etc/yunohost/firewall.yml ]] \ || cp firewall.yml /etc/yunohost/firewall.yml # allow users to access /media directory [[ -d /etc/skel/media ]] \ || (mkdir -p /media && ln -s /media /etc/skel/media) # Cert folders mkdir -p /etc/yunohost/certs chown -R root:ssl-cert /etc/yunohost/certs chmod 750 /etc/yunohost/certs # App folders mkdir -p /etc/yunohost/apps chmod 700 /etc/yunohost/apps mkdir -p /home/yunohost.app chmod 755 /home/yunohost.app # Domain settings mkdir -p /etc/yunohost/domains chmod 700 /etc/yunohost/domains # Backup folders mkdir -p /home/yunohost.backup/archives chmod 750 /home/yunohost.backup/archives chown root:root /home/yunohost.backup/archives # This is later changed to root:admins once the admins group exists # Empty ssowat json persistent conf echo "{}" >'/etc/ssowat/conf.json.persistent' chmod 644 /etc/ssowat/conf.json.persistent chown root:root /etc/ssowat/conf.json.persistent # Empty service conf touch /etc/yunohost/services.yml mkdir -p /var/cache/yunohost/repo chown root:root /var/cache/yunohost chmod 700 /var/cache/yunohost cp yunohost-api.service /etc/systemd/system/yunohost-api.service cp yunohost-firewall.service /etc/systemd/system/yunohost-firewall.service cp yunoprompt.service /etc/systemd/system/yunoprompt.service systemctl daemon-reload systemctl enable yunohost-api.service --quiet systemctl start yunohost-api.service # Yunohost-firewall is enabled only during postinstall, not init, not 100% sure why cp dpkg-origins /etc/dpkg/origins/yunohost # Change dpkg vendor # see https://wiki.debian.org/Derivatives/Guidelines#Vendor if readlink -f /etc/dpkg/origins/default | grep -q debian; then rm -f /etc/dpkg/origins/default ln -s /etc/dpkg/origins/yunohost /etc/dpkg/origins/default fi } do_pre_regen() { pending_dir=$1 cd /usr/share/yunohost/conf/yunohost mkdir -p $pending_dir/etc/systemd/system mkdir -p $pending_dir/etc/cron.d/ mkdir -p $pending_dir/etc/cron.daily/ # add cron job for diagnosis to be ran at 7h and 19h + a random delay between # 0 and 20min, meant to avoid every instances running their diagnosis at # exactly the same time, which may overload the diagnosis server. cat >$pending_dir/etc/cron.d/yunohost-diagnosis < /dev/null 2>/dev/null || echo "Running the automatic diagnosis failed miserably" EOF # Cron job that upgrade the app list everyday cat >$pending_dir/etc/cron.daily/yunohost-fetch-apps-catalog < /dev/null EOF # Cron job that renew lets encrypt certificates if there's any that needs renewal cat >$pending_dir/etc/cron.daily/yunohost-certificate-renew </dev/null; then cat >$pending_dir/etc/cron.d/yunohost-dyndns </dev/null 2>&1 || test -e /var/run/moulinette_yunohost.lock || yunohost dyndns update >> /dev/null EOF else # (Delete cron if no dyndns domain found) touch $pending_dir/etc/cron.d/yunohost-dyndns fi # Skip ntp if inside a container (inspired from the conf of systemd-timesyncd) if systemctl | grep -q 'ntp.service' then mkdir -p ${pending_dir}/etc/systemd/system/ntp.service.d/ cat >${pending_dir}/etc/systemd/system/ntp.service.d/ynh-override.conf <${pending_dir}/etc/systemd/system/nftables.service.d/ynh-override.conf <${pending_dir}/etc/systemd/logind.conf.d/ynh-override.conf </dev/null | grep -vw mdns.yml) chmod 600 $(ls /etc/yunohost/{*.yml,*.yaml,*.json,mysql,psql} 2>/dev/null) # Apps folder, custom hooks folder [[ ! -e /etc/yunohost/hooks.d ]] || (chown root /etc/yunohost/hooks.d && chmod 700 /etc/yunohost/hooks.d) [[ ! -e /etc/yunohost/apps ]] || (chown root /etc/yunohost/apps && chmod 700 /etc/yunohost/apps) [[ ! -e /etc/yunohost/domains ]] || (chown root /etc/yunohost/domains && chmod 700 /etc/yunohost/domains) # Create ssh.app and sftp.app groups if they don't exist yet grep -q '^ssh.app:' /etc/group || groupadd ssh.app grep -q '^sftp.app:' /etc/group || groupadd sftp.app # Propagates changes in systemd service config overrides if systemctl | grep -q 'ntp.service' then [[ ! "$regen_conf_files" =~ "ntp.service.d/ynh-override.conf" ]] || { systemctl daemon-reload systemctl restart ntp } fi [[ ! "$regen_conf_files" =~ "nftables.service.d/ynh-override.conf" ]] || systemctl daemon-reload [[ ! "$regen_conf_files" =~ "login.conf.d/ynh-override.conf" ]] || { systemctl daemon-reload systemctl restart systemd-logind } [[ ! "$regen_conf_files" =~ "yunohost-firewall.service" ]] || systemctl daemon-reload [[ ! "$regen_conf_files" =~ "yunohost-api.service" ]] || systemctl daemon-reload if [[ "$regen_conf_files" =~ "yunoprompt.service" ]]; then systemctl daemon-reload action=$([[ -e /etc/systemd/system/yunoprompt.service ]] && echo 'enable' || echo 'disable') systemctl $action yunoprompt --quiet --now fi if [[ "$regen_conf_files" =~ "proc-hidepid.service" ]]; then systemctl daemon-reload action=$([[ -e /etc/systemd/system/proc-hidepid.service ]] && echo 'enable' || echo 'disable') systemctl $action proc-hidepid --quiet --now fi # Change dpkg vendor # see https://wiki.debian.org/Derivatives/Guidelines#Vendor if readlink -f /etc/dpkg/origins/default | grep -q debian; then rm -f /etc/dpkg/origins/default ln -s /etc/dpkg/origins/yunohost /etc/dpkg/origins/default fi if test -e /etc/yunohost/installed && test -e /etc/profile.d/check_yunohost_is_installed.sh then rm /etc/profile.d/check_yunohost_is_installed.sh fi } do_$1_regen ${@:2}