#!/bin/bash old_pwd=$(pwd) #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN path=$YNH_APP_ARG_PATH admin=$YNH_APP_ARG_ADMIN admin_pwd=$YNH_APP_ARG_PASSWORD invitation=$YNH_APP_ARG_INVITATION is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." final_path=/home/huginn test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=admin_pwd --value=$admin_pwd ynh_app_setting_set --app=$app --key=invitation --value=$invitation ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=final_path --value=$final_path #================================================= # STANDARD MODIFICATIONS #================================================= # INSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Installing dependencies..." --weight=10 ynh_install_app_dependencies $pkg_dependencies #Install foreman gem gem install foreman #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Configuring system user..." --weight=3 # Create a system user ynh_system_user_create --username=$app --home_dir=/home/huginn #================================================= # CREATE A MYSQL DATABASE #================================================= ynh_script_progression --message="Creating a MySQL database..." --weight=2 ynh_app_setting_set --app=$app --key=db_name --value=huginn ynh_mysql_setup_db --db_user=huginn --db_name=huginn #================================================= # DOWNLOAD SOURCE #================================================= ynh_script_progression --message="Setting up source files..." # We'll install Huginn into the home directory of the user "huginn" cd /home/huginn # Clone Huginn repository sudo sudo -u huginn -H git clone https://github.com/cantino/huginn.git -b master huginn # Go to Huginn installation folder cd /home/huginn/huginn # Copy the example Huginn config sudo sudo -u huginn -H cp .env.example .env # Create the log/, tmp/pids/ and tmp/sockets/ directories sudo sudo -u huginn mkdir -p log tmp/pids tmp/sockets # Make sure Huginn can write to the log/ and tmp/ directories sudo chown -R huginn log/ tmp/ sudo chmod -R u+rwX,go-w log/ tmp/ # Make sure permissions are set correctly sudo chmod -R u+rwX,go-w log/ sudo chmod -R u+rwX tmp/ sudo sudo -u huginn -H chmod o-rwx .env # Copy the example Unicorn config sudo sudo -u huginn -H cp config/unicorn.rb.example config/unicorn.rb #Install Gems #sudo sudo -u huginn -H bundle install --deployment --without development test #RUN bundle install --path vendor/bundle --deployment --without development test sudo -u huginn -H bundle lock --update rails sudo -u huginn -H bundle install --path vendor/bundle #rake secret RAKE_SECRET=$(sudo sudo -u huginn -H rake secret) #Edit .env sudo sudo -u huginn -H sed -i "s/\(DATABASE_PASSWORD *= *\).*/\1\"$db_pwd\"/" .env sudo sudo -u huginn -H sed -i "s/\(DATABASE_USERNAME *= *\).*/\1\"huginn\"/" .env sudo sudo -u huginn -H sed -i "s/\(DATABASE_NAME *= *\).*/\1huginn/" .env sudo sudo -u huginn -H sed -i "s/\(APP_SECRET_TOKEN *= *\).*/\1$RAKE_SECRET/" .env sudo sudo -u huginn -H sed -i "s/\(INVITATION_CODE *= *\).*/\1$invitation/" .env #uncomment RAILS_ENV sudo sudo -u huginn -H sed -i '/# RAILS_ENV=production/s/^# //' .env # Create the database sudo sudo -u huginn -H bundle exec rake db:create RAILS_ENV=production # Migrate to the latest version sudo sudo -u huginn -H bundle exec rake db:migrate RAILS_ENV=production # Create admin user and example agents sudo sudo -u huginn -H bundle exec rake db:seed RAILS_ENV=production SEED_USERNAME=$admin SEED_PASSWORD=$admin_pwd # Compile Assets sudo sudo -u huginn -H bundle exec rake assets:precompile RAILS_ENV=production #Edit the `Procfile` cd $old_pwd sudo cp ../conf/Procfile /home/huginn/huginn/ cd /home/huginn/huginn/ #Export the init scripts: sudo rake production:export #USER root CMD ["bundle", "exec", "foreman", "start"] #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Configuring log rotation..." # Use logrotate to manage application logfile(s) ynh_use_logrotate --logfile="$datadir/huginn.log" # Modify Nginx configuration file and copy it to Nginx conf directory cd $old_pwd sed -i "s@YNH_WWW_PATH@$path@g" ../conf/nginx.conf sed -i "s@YNH_WWW_ALIAS@$final_path/@g" ../conf/nginx.conf sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$APP.conf # If APP is public, add url to SSOWat conf as skipped_uris if [ "$is_public" = "Yes" ]; then # unprotected_uris allows SSO credentials to be passed anyway. sudo yunohost app setting $APP unprotected_uris -v "/" fi #don't know where to desactivate the default in nginx, so i just delete it sudo rm /usr/share/nginx/html/index.html # Restart services sudo service nginx reload sudo yunohost app ssowatconf --------------- # Enable YunoHost patches on Nextcloud sources cp -a ../sources/patches_last_version/* ../sources/patches # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Configuring PHP-FPM..." --weight=50 # Create a dedicated php-fpm config ynh_add_fpm_config --usage=medium --footprint=high --phpversion=$YNH_PHP_VERSION --package="$extra_php_dependencies" # Used by ynh_add_nginx_config phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=2 # Check if .well-known is available for this domain if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" then ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book." # Remove lines about .well-known/carddav and caldav with sed. sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf" fi # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Fix app ownerships & permissions chown -R $app: "$final_path" "$datadir" find $final_path/ -type f -print0 | xargs -0 chmod 0644 find $final_path/ -type d -print0 | xargs -0 chmod 0755 find $datadir/ -type f -print0 | xargs -0 chmod 0640 find $datadir/ -type d -print0 | xargs -0 chmod 0750 chmod 640 "$final_path/config/config.php" chmod 755 /home/yunohost.app #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2Ban..." --weight=8 # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring SSOwat..." ynh_permission_create --permission="api" --label="api" --url="re:$domain\/.well-known\/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true" #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Installation of $app completed" --last