#!/bin/bash old_pwd=$(pwd) #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN path=$YNH_APP_ARG_PATH admin=$YNH_APP_ARG_ADMIN admin_pwd=$YNH_APP_ARG_PASSWORD invitation=$YNH_APP_ARG_INVITATION is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=admin_pwd --value=$admin_pwd ynh_app_setting_set --app=$app --key=invitation --value=$invitation ynh_app_setting_set --app=$app --key=is_public --value=$is_public #================================================= # STANDARD MODIFICATIONS #================================================= # INSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Installing dependencies..." --weight=10 #Import node.js repository (can be skipped on Ubuntu and Debian Jessie): # curl -sL https://deb.nodesource.com/setup_0.12 | sudo bash - ynh_install_app_dependencies $pkg_dependencies # Install the bundler and foreman gems: gem install rake foreman --no-document gem install bundler -v '< 2' --no-document # Update rubygems: gem update --system --no-document #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." --weight=3 # Create a system user ynh_system_user_create --username=$app --home_dir=/home/huginn #================================================= # CREATE A MYSQL DATABASE #================================================= ynh_script_progression --message="Creating a MySQL database..." --weight=2 ynh_app_setting_set --app=$app --key=db_name --value=huginn ynh_mysql_setup_db --db_user=huginn --db_name=huginn # We'll install Huginn into the home directory of the user "huginn" cd /home/huginn # Clone Huginn repository sudo sudo -u huginn -H git clone https://github.com/cantino/huginn.git -b master huginn # Go to Huginn installation folder cd /home/huginn/huginn # Copy the example Huginn config sudo sudo -u huginn -H cp .env.example .env # Create the log/, tmp/pids/ and tmp/sockets/ directories sudo sudo -u huginn mkdir -p log tmp/pids tmp/sockets # Make sure Huginn can write to the log/ and tmp/ directories sudo chown -R huginn log/ tmp/ sudo chmod -R u+rwX,go-w log/ tmp/ # Make sure permissions are set correctly sudo chmod -R u+rwX,go-w log/ sudo chmod -R u+rwX tmp/ sudo sudo -u huginn -H chmod o-rwx .env # Copy the example Unicorn config sudo sudo -u huginn -H cp config/unicorn.rb.example config/unicorn.rb #Install Gems sudo sudo -u huginn -H bundle install --deployment --without development test #rake secret RAKE_SECRET=$(sudo sudo -u huginn -H rake secret) #Edit .env sudo sudo -u huginn -H sed -i "s/\(DATABASE_PASSWORD *= *\).*/\1\"$db_pwd\"/" .env sudo sudo -u huginn -H sed -i "s/\(DATABASE_USERNAME *= *\).*/\1\"huginn\"/" .env sudo sudo -u huginn -H sed -i "s/\(DATABASE_NAME *= *\).*/\1huginn/" .env sudo sudo -u huginn -H sed -i "s/\(APP_SECRET_TOKEN *= *\).*/\1$RAKE_SECRET/" .env sudo sudo -u huginn -H sed -i "s/\(INVITATION_CODE *= *\).*/\1$invitation/" .env #uncomment RAILS_ENV sudo sudo -u huginn -H sed -i '/# RAILS_ENV=production/s/^# //' .env # Create the database sudo sudo -u huginn -H bundle exec rake db:create RAILS_ENV=production # Migrate to the latest version sudo sudo -u huginn -H bundle exec rake db:migrate RAILS_ENV=production # Create admin user and example agents sudo sudo -u huginn -H bundle exec rake db:seed RAILS_ENV=production SEED_USERNAME=$admin SEED_PASSWORD=$admin_pwd # Compile Assets sudo sudo -u huginn -H bundle exec rake assets:precompile RAILS_ENV=production #Edit the `Procfile` cd $old_pwd sudo cp ../conf/Procfile /home/huginn/huginn/ cd /home/huginn/huginn/ #Export the init scripts: sudo rake production:export #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." # Use logrotate to manage application logfile(s) ynh_use_logrotate --logfile="$datadir/huginn.log" # Modify Nginx configuration file and copy it to Nginx conf directory cd $old_pwd sed -i "s@YNH_WWW_PATH@$path@g" ../conf/nginx.conf sed -i "s@YNH_WWW_ALIAS@$final_path/@g" ../conf/nginx.conf sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$APP.conf # If APP is public, add url to SSOWat conf as skipped_uris if [ "$is_public" = "Yes" ]; then # unprotected_uris allows SSO credentials to be passed anyway. sudo yunohost app setting $APP unprotected_uris -v "/" fi #don't know where to desactivate the default in nginx, so i just delete it sudo rm /usr/share/nginx/html/index.html # Restart services sudo service nginx reload sudo yunohost app ssowatconf --------------- #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." # Load the last available version source upgrade.d/upgrade.last.sh # Create an app.src for the last version of nextcloud cat > ../conf/app.src << EOF SOURCE_URL=https://download.nextcloud.com/server/releases/nextcloud-$next_version.tar.bz2 SOURCE_SUM=$nextcloud_source_sha256 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.bz2 SOURCE_IN_SUBDIR=true EOF ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Enable YunoHost patches on Nextcloud sources cp -a ../sources/patches_last_version/* ../sources/patches # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Configuring PHP-FPM..." --weight=50 # Create a dedicated php-fpm config ynh_add_fpm_config --usage=medium --footprint=high --phpversion=$YNH_PHP_VERSION --package="$extra_php_dependencies" # Used by ynh_add_nginx_config phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=2 # Check if .well-known is available for this domain if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" then ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book." # Remove lines about .well-known/carddav and caldav with sed. sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf" fi # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # SPECIFIC SETUP #================================================= # INSTALL NEXTCLOUD #================================================= ynh_script_progression --message="Installing Nextcloud..." --weight=30 # Define a function to execute commands with `occ` exec_occ() { (cd "$final_path" && ynh_exec_as "$app" \ php${phpversion} occ --no-interaction --no-ansi "$@") } # Set write access for the following commands chown -R $app: "$final_path" "$datadir" # Define password in an intermediate var # The fact that it's called _password allows it to be # picked up by Yunohost's auto-redact mecanism admin_password="$(ynh_string_random --length=6)" # Install Nextcloud using a temporary admin user exec_occ maintenance:install \ --database "mysql" --database-name $db_name \ --database-user $db_name --database-pass "$db_pwd" \ --admin-user "admin" --admin-pass "$admin_password" \ --data-dir "$datadir" \ || ynh_die --message="Unable to install Nextcloud" #================================================= # CONFIGURE NEXTCLOUD #================================================= ynh_script_progression --message="Configuring Nextcloud..." --weight=8 # Ensure that UpdateNotification app is disabled exec_occ app:disable updatenotification # Enable LDAP plugin exec_occ app:enable user_ldap exec_occ ldap:create-empty-config # Load the installation config file in Nextcloud nc_conf="$final_path/config_install.json" ynh_add_config --template="../conf/config_install.json" --destination="$nc_conf" exec_occ config:import "$nc_conf" # Then remove the config file ynh_secure_remove --file="$nc_conf" # Load the additional config file (used also for upgrade) nc_conf="$final_path/config.json" ynh_add_config --template="../conf/config.json" --destination="$nc_conf" exec_occ config:import "$nc_conf" # Then remove the config file ynh_secure_remove --file="$nc_conf" #================================================= # ADD A CRON JOB #================================================= cron_path="/etc/cron.d/$app" ynh_add_config --template="../conf/nextcloud.cron" --destination="$cron_path" chown root: "$cron_path" chmod 644 "$cron_path" exec_occ background:cron #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Fix app ownerships & permissions chown -R $app: "$final_path" "$datadir" find $final_path/ -type f -print0 | xargs -0 chmod 0644 find $final_path/ -type d -print0 | xargs -0 chmod 0755 find $datadir/ -type f -print0 | xargs -0 chmod 0640 find $datadir/ -type d -print0 | xargs -0 chmod 0750 chmod 640 "$final_path/config/config.php" chmod 755 /home/yunohost.app #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2Ban..." --weight=8 # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring SSOwat..." ynh_permission_create --permission="api" --label="api" --url="re:$domain\/.well-known\/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true" #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed" --last