diff --git a/manifest.json b/manifest.json index e53eb66..9e4531f 100644 --- a/manifest.json +++ b/manifest.json @@ -18,7 +18,8 @@ "ask": { "en": "Choose a domain for huginn" }, - "example": "example.com" + "example": "example.com", + "default": "huginn.wotest.weblibre.ca" }, { "name": "path", @@ -34,21 +35,24 @@ "ask": { "en": "Choose an admin user" }, - "example": "johndoe" + "example": "johndoe", + "default": "gab" }, { "name": "password", "ask": { "en": "Choose an admin password" }, - "example": "supersecretpassword" + "example": "supersecretpassword", + "default": "gabgabgabgab" }, { "name": "invitation", "ask": { "en": "Choose an invitation code for new users" }, - "example": "invitationcode" + "example": "invitationcode", + "default": "1234567890" }, { "name": "is_public", @@ -56,7 +60,7 @@ "en": "Is it a public application ?" }, "choices": ["Yes", "No"], - "default": "No" + "default": "Yes" } ] } diff --git a/scripts/_common.sh b/scripts/_common.sh index 409abe2..52b390c 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,90 +3,4 @@ # COMMON VARIABLES #================================================= -pkg_dependencies="zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libreadline-dev libncurses5-dev libffi-dev libxml2-dev libxslt1-dev libcurl4-openssl-dev libicu-dev python-docutils pkg-config cmake nodejs graphviz ruby2.5 bundler default-libmysqlclient-dev runit" - ----------------- - - -YNH_PHP_VERSION="7.3" -extra_php_dependencies="php${YNH_PHP_VERSION}-bz2 php${YNH_PHP_VERSION}-imap php${YNH_PHP_VERSION}-smbclient php${YNH_PHP_VERSION}-gmp php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-apcu php${YNH_PHP_VERSION}-redis php${YNH_PHP_VERSION}-ldap php${YNH_PHP_VERSION}-imagick php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-igbinary php${YNH_PHP_VERSION}-bcmath" - -#================================================= -# EXPERIMENTAL HELPERS -#================================================= - -# Check if an URL is already handled -# usage: is_url_handled --domain=DOMAIN --path=PATH_URI -is_url_handled() { - # Declare an array to define the options of this helper. - local legacy_args=dp - declare -Ar args_array=( [d]=domain= [p]=path= ) - local domain - local path - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - - # Try to get the url with curl, and keep the http code and an eventual redirection url. - local curl_output="$(curl --insecure --silent --output /dev/null \ - --write-out '%{http_code};%{redirect_url}' https://127.0.0.1$path --header "Host: $domain" --resolve $domain:443:127.0.0.1)" - - # Cut the output and keep only the first part to keep the http code - local http_code="${curl_output%%;*}" - # Do the same thing but keep the second part, the redirection url - local redirection="${curl_output#*;}" - - # Return 1 if the url isn't handled. - # Which means either curl got a 404 (or the admin) or the sso. - # A handled url should redirect to a publicly accessible url. - # Return 1 if the url has returned 404 - if [ "$http_code" = "404" ] || [[ $redirection =~ "/yunohost/admin" ]]; then - return 1 - # Return 1 if the url is redirected to the SSO - elif [[ $redirection =~ "/yunohost/sso" ]]; then - return 1 - fi -} - - -#================================================= - -# Check available space before creating a temp directory. -# -# usage: ynh_smart_mktemp --min_size="Min size" -# -# | arg: -s, --min_size= - Minimal size needed for the temporary directory, in Mb -ynh_smart_mktemp () { - # Declare an array to define the options of this helper. - declare -Ar args_array=( [s]=min_size= ) - local min_size - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - - min_size="${min_size:-300}" - # Transform the minimum size from megabytes to kilobytes - min_size=$(( $min_size * 1024 )) - - # Check if there's enough free space in a directory - is_there_enough_space () { - local free_space=$(df --output=avail "$1" | sed 1d) - test $free_space -ge $min_size - } - - if is_there_enough_space /tmp; then - local tmpdir=/tmp - elif is_there_enough_space /var; then - local tmpdir=/var - elif is_there_enough_space /; then - local tmpdir=/ - elif is_there_enough_space /home; then - local tmpdir=/home - else - ynh_die "Insufficient free space to continue..." - fi - - echo "$(mktemp --directory --tmpdir="$tmpdir")" -} - -#================================================= -# FUTURE OFFICIAL HELPERS -#================================================= +pkg_dependencies="zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libreadline-dev libncurses5-dev libffi-dev libxml2-dev libxslt1-dev libcurl4-openssl-dev libicu-dev python-docutils pkg-config cmake nodejs graphviz ruby2.5 bundler default-libmysqlclient-dev runit-systemd" \ No newline at end of file diff --git a/scripts/install b/scripts/install index 3c4eddc..03c808a 100755 --- a/scripts/install +++ b/scripts/install @@ -37,10 +37,10 @@ app=$YNH_APP_INSTANCE_NAME ynh_script_progression --message="Validating installation parameters..." final_path=/home/huginn -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" +#test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url +ynh_webpath_register --app=$app --domain=$domain --path_url=$path #================================================= # STORE SETTINGS FROM MANIFEST @@ -64,6 +64,9 @@ ynh_script_progression --message="Installing dependencies..." --weight=10 ynh_install_app_dependencies $pkg_dependencies +systemctl enable runit +systemctl start runit + #Install foreman gem gem install foreman @@ -75,6 +78,9 @@ ynh_script_progression --message="Configuring system user..." --weight=3 # Create a system user ynh_system_user_create --username=$app --home_dir=/home/huginn +mkdir /home/huginn +chown huginn: /home/huginn + #================================================= # CREATE A MYSQL DATABASE #================================================= @@ -92,194 +98,98 @@ ynh_script_progression --message="Setting up source files..." cd /home/huginn # Clone Huginn repository -sudo sudo -u huginn -H git clone https://github.com/cantino/huginn.git -b master huginn +sudo -u huginn -H git clone https://github.com/cantino/huginn.git -b master huginn # Go to Huginn installation folder cd /home/huginn/huginn # Copy the example Huginn config -sudo sudo -u huginn -H cp .env.example .env +sudo -u huginn -H cp .env.example .env # Create the log/, tmp/pids/ and tmp/sockets/ directories -sudo sudo -u huginn mkdir -p log tmp/pids tmp/sockets +sudo -u huginn mkdir -p log tmp/pids tmp/sockets # Make sure Huginn can write to the log/ and tmp/ directories sudo chown -R huginn log/ tmp/ -sudo chmod -R u+rwX,go-w log/ tmp/ +chmod -R u+rwX,go-w log/ tmp/ # Make sure permissions are set correctly -sudo chmod -R u+rwX,go-w log/ -sudo chmod -R u+rwX tmp/ -sudo sudo -u huginn -H chmod o-rwx .env +chmod -R u+rwX,go-w log/ +chmod -R u+rwX tmp/ +sudo -u huginn -H chmod o-rwx .env # Copy the example Unicorn config -sudo sudo -u huginn -H cp config/unicorn.rb.example config/unicorn.rb +sudo -u huginn -H cp config/unicorn.rb.example config/unicorn.rb #Install Gems -#sudo sudo -u huginn -H bundle install --deployment --without development test +#sudo -u huginn -H bundle install --deployment --without development test #RUN bundle install --path vendor/bundle --deployment --without development test sudo -u huginn -H bundle lock --update rails sudo -u huginn -H bundle install --path vendor/bundle #rake secret -RAKE_SECRET=$(sudo sudo -u huginn -H rake secret) +RAKE_SECRET=$(sudo -u huginn -H rake secret) #Edit .env -sudo sudo -u huginn -H sed -i "s/\(DATABASE_PASSWORD *= *\).*/\1\"$db_pwd\"/" .env -sudo sudo -u huginn -H sed -i "s/\(DATABASE_USERNAME *= *\).*/\1\"huginn\"/" .env -sudo sudo -u huginn -H sed -i "s/\(DATABASE_NAME *= *\).*/\1huginn/" .env -sudo sudo -u huginn -H sed -i "s/\(APP_SECRET_TOKEN *= *\).*/\1$RAKE_SECRET/" .env -sudo sudo -u huginn -H sed -i "s/\(INVITATION_CODE *= *\).*/\1$invitation/" .env +sudo -u huginn -H sed -i "s/\(DATABASE_PASSWORD *= *\).*/\1\"$db_pwd\"/" .env +sudo -u huginn -H sed -i "s/\(DATABASE_USERNAME *= *\).*/\1\"huginn\"/" .env +sudo -u huginn -H sed -i "s/\(DATABASE_NAME *= *\).*/\1huginn/" .env +sudo -u huginn -H sed -i "s/\(APP_SECRET_TOKEN *= *\).*/\1$RAKE_SECRET/" .env +sudo -u huginn -H sed -i "s/\(INVITATION_CODE *= *\).*/\1$invitation/" .env #uncomment RAILS_ENV -sudo sudo -u huginn -H sed -i '/# RAILS_ENV=production/s/^# //' .env +sudo -u huginn -H sed -i '/# RAILS_ENV=production/s/^# //' .env # Create the database -sudo sudo -u huginn -H bundle exec rake db:create RAILS_ENV=production +sudo -u huginn -H bundle exec rake db:create RAILS_ENV=production # Migrate to the latest version -sudo sudo -u huginn -H bundle exec rake db:migrate RAILS_ENV=production +sudo -u huginn -H bundle exec rake db:migrate RAILS_ENV=production # Create admin user and example agents -sudo sudo -u huginn -H bundle exec rake db:seed RAILS_ENV=production SEED_USERNAME=$admin SEED_PASSWORD=$admin_pwd +sudo -u huginn -H bundle exec rake db:seed RAILS_ENV=production SEED_USERNAME=$admin SEED_PASSWORD=$admin_pwd # Compile Assets -sudo sudo -u huginn -H bundle exec rake assets:precompile RAILS_ENV=production +sudo -u huginn -H bundle exec rake assets:precompile RAILS_ENV=production #Edit the `Procfile` cd $old_pwd -sudo cp ../conf/Procfile /home/huginn/huginn/ +cp ../conf/Procfile /home/huginn/huginn/ cd /home/huginn/huginn/ #Export the init scripts: sudo rake production:export - - - - - -#USER root -CMD ["bundle", "exec", "foreman", "start"] - - - - - - - - - - - - - - - #================================================= -# SETUP LOGROTATE +# NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring log rotation..." - -# Use logrotate to manage application logfile(s) -ynh_use_logrotate --logfile="$datadir/huginn.log" - - - +ynh_script_progression --message="Configuring NGINX web server..." --weight=2 # Modify Nginx configuration file and copy it to Nginx conf directory cd $old_pwd sed -i "s@YNH_WWW_PATH@$path@g" ../conf/nginx.conf sed -i "s@YNH_WWW_ALIAS@$final_path/@g" ../conf/nginx.conf -sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$APP.conf +cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf +#================================================= +# SETUP LOGROTATE +#================================================= +#ynh_script_progression --message="Configuring log rotation..." + +# Use logrotate to manage application logfile(s) +#ynh_use_logrotate --logfile="$datadir/huginn.log" # If APP is public, add url to SSOWat conf as skipped_uris if [ "$is_public" = "Yes" ]; then # unprotected_uris allows SSO credentials to be passed anyway. - sudo yunohost app setting $APP unprotected_uris -v "/" + yunohost app setting $app unprotected_uris -v "/" fi -#don't know where to desactivate the default in nginx, so i just delete it -sudo rm /usr/share/nginx/html/index.html - # Restart services -sudo service nginx reload -sudo yunohost app ssowatconf - - ---------------- - - - - - -# Enable YunoHost patches on Nextcloud sources -cp -a ../sources/patches_last_version/* ../sources/patches -# Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" - - -#================================================= -# PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Configuring PHP-FPM..." --weight=50 - -# Create a dedicated php-fpm config -ynh_add_fpm_config --usage=medium --footprint=high --phpversion=$YNH_PHP_VERSION --package="$extra_php_dependencies" -# Used by ynh_add_nginx_config -phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) - -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=2 - -# Check if .well-known is available for this domain -if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" -then - ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book." - - # Remove lines about .well-known/carddav and caldav with sed. - sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf" -fi - -# Create a dedicated NGINX config -ynh_add_nginx_config - - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Fix app ownerships & permissions -chown -R $app: "$final_path" "$datadir" -find $final_path/ -type f -print0 | xargs -0 chmod 0644 -find $final_path/ -type d -print0 | xargs -0 chmod 0755 -find $datadir/ -type f -print0 | xargs -0 chmod 0640 -find $datadir/ -type d -print0 | xargs -0 chmod 0750 -chmod 640 "$final_path/config/config.php" -chmod 755 /home/yunohost.app - -#================================================= -# SETUP FAIL2BAN -#================================================= -ynh_script_progression --message="Configuring Fail2Ban..." --weight=8 - -# Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring SSOwat..." - -ynh_permission_create --permission="api" --label="api" --url="re:$domain\/.well-known\/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true" +yunohost app ssowatconf #================================================= # RELOAD NGINX @@ -293,3 +203,9 @@ ynh_systemd_action --service_name=nginx --action=reload #================================================= ynh_script_progression --message="Installation of $app completed" --last + +# SSOWat? +# Fail2ban? + + +# sudo rm /usr/share/nginx/html/index.html \ No newline at end of file diff --git a/scripts/remove b/scripts/remove index 035f84e..1e70ad7 100755 --- a/scripts/remove +++ b/scripts/remove @@ -16,7 +16,7 @@ sudo rake production:stop sudo rm -rf /home/$app root_pwd=$(sudo cat /etc/yunohost/mysql) -mysql -u root -p$root_pwd -e "DROP DATABASE huginn_production ; DROP USER $APP@localhost ;" +mysql -u root -p$root_pwd -e "DROP DATABASE huginn ; DROP USER $APP@localhost ;" sudo userdel huginn