huginn_ynh/scripts/install

#!/bin/bash

old_pwd=$(pwd)

#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================

source _common.sh
source /usr/share/yunohost/helpers

#=================================================
# MANAGE SCRIPT FAILURE
#=================================================

# Exit if an error occurs during the execution of the script
ynh_abort_if_errors

#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================

domain=$YNH_APP_ARG_DOMAIN
path=$YNH_APP_ARG_PATH
admin=$YNH_APP_ARG_ADMIN
admin_pwd=$YNH_APP_ARG_PASSWORD
invitation=$YNH_APP_ARG_INVITATION
is_public=$YNH_APP_ARG_IS_PUBLIC

app=$YNH_APP_INSTANCE_NAME

#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..."

final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"

# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url

#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..."

ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=admin_pwd --value=$admin_pwd
ynh_app_setting_set --app=$app --key=invitation --value=$invitation
ynh_app_setting_set --app=$app --key=is_public --value=$is_public

#=================================================
# STANDARD MODIFICATIONS
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=10

#Import node.js repository (can be skipped on Ubuntu and Debian Jessie):
# curl -sL https://deb.nodesource.com/setup_0.12 | sudo bash -

ynh_install_app_dependencies $pkg_dependencies

# Install the bundler and foreman gems:

gem install rake foreman --no-document
gem install bundler -v '< 2' --no-document

# Update rubygems:

gem update --system --no-document

#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=3

# Create a system user
ynh_system_user_create --username=$app --home_dir=/home/huginn

#=================================================
# CREATE A MYSQL DATABASE
#=================================================
ynh_script_progression --message="Creating a MySQL database..." --weight=2

ynh_app_setting_set --app=$app --key=db_name --value=huginn
ynh_mysql_setup_db --db_user=huginn --db_name=huginn

# We'll install Huginn into the home directory of the user "huginn"
cd /home/huginn

# Clone Huginn repository
sudo sudo -u huginn -H git clone https://github.com/cantino/huginn.git -b master huginn

# Go to Huginn installation folder
cd /home/huginn/huginn

# Copy the example Huginn config
sudo sudo -u huginn -H cp .env.example .env

# Create the log/, tmp/pids/ and tmp/sockets/ directories
sudo sudo -u huginn mkdir -p log tmp/pids tmp/sockets

# Make sure Huginn can write to the log/ and tmp/ directories
sudo chown -R huginn log/ tmp/
sudo chmod -R u+rwX,go-w log/ tmp/

# Make sure permissions are set correctly
sudo chmod -R u+rwX,go-w log/
sudo chmod -R u+rwX tmp/
sudo sudo -u huginn -H chmod o-rwx .env

# Copy the example Unicorn config
sudo sudo -u huginn -H cp config/unicorn.rb.example config/unicorn.rb

#Install Gems
sudo sudo -u huginn -H bundle install --deployment --without development test

#rake secret
RAKE_SECRET=$(sudo sudo -u huginn -H rake secret)

#Edit .env

sudo sudo -u huginn -H sed -i "s/\(DATABASE_PASSWORD *= *\).*/\1\"$db_pwd\"/" .env
sudo sudo -u huginn -H sed -i "s/\(DATABASE_USERNAME *= *\).*/\1\"huginn\"/" .env
sudo sudo -u huginn -H sed -i "s/\(DATABASE_NAME *= *\).*/\1huginn/" .env
sudo sudo -u huginn -H sed -i "s/\(APP_SECRET_TOKEN *= *\).*/\1$RAKE_SECRET/" .env
sudo sudo -u huginn -H sed -i "s/\(INVITATION_CODE *= *\).*/\1$invitation/" .env

#uncomment RAILS_ENV
sudo sudo -u huginn -H sed -i '/# RAILS_ENV=production/s/^# //' .env

# Create the database
sudo sudo -u huginn -H bundle exec rake db:create RAILS_ENV=production

# Migrate to the latest version
sudo sudo -u huginn -H bundle exec rake db:migrate RAILS_ENV=production

# Create admin user and example agents
sudo sudo -u huginn -H bundle exec rake db:seed RAILS_ENV=production SEED_USERNAME=$admin SEED_PASSWORD=$admin_pwd

# Compile Assets
sudo sudo -u huginn -H bundle exec rake assets:precompile RAILS_ENV=production

#Edit the `Procfile` 
cd $old_pwd
sudo cp ../conf/Procfile /home/huginn/huginn/
cd /home/huginn/huginn/

#Export the init scripts:
sudo rake production:export

#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..."

# Use logrotate to manage application logfile(s)
ynh_use_logrotate --logfile="$datadir/huginn.log"




# Modify Nginx configuration file and copy it to Nginx conf directory
cd $old_pwd
sed -i "s@YNH_WWW_PATH@$path@g" ../conf/nginx.conf
sed -i "s@YNH_WWW_ALIAS@$final_path/@g" ../conf/nginx.conf

sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$APP.conf


# If APP is public, add url to SSOWat conf as skipped_uris
if [ "$is_public" = "Yes" ];
then
  # unprotected_uris allows SSO credentials to be passed anyway.
  sudo yunohost app setting $APP unprotected_uris -v "/"
fi

#don't know where to desactivate the default in nginx, so i just delete it
sudo rm /usr/share/nginx/html/index.html

# Restart services
sudo service nginx reload
sudo yunohost app ssowatconf


---------------




#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..."

# Load the last available version
source upgrade.d/upgrade.last.sh

# Create an app.src for the last version of nextcloud
cat > ../conf/app.src << EOF
SOURCE_URL=https://download.nextcloud.com/server/releases/nextcloud-$next_version.tar.bz2
SOURCE_SUM=$nextcloud_source_sha256
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.bz2
SOURCE_IN_SUBDIR=true
EOF

ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Enable YunoHost patches on Nextcloud sources
cp -a ../sources/patches_last_version/* ../sources/patches
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"


#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring PHP-FPM..." --weight=50

# Create a dedicated php-fpm config
ynh_add_fpm_config --usage=medium --footprint=high --phpversion=$YNH_PHP_VERSION --package="$extra_php_dependencies"
# Used by ynh_add_nginx_config
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)

#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=2

# Check if .well-known is available for this domain
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
    ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book."

    # Remove lines about .well-known/carddav and caldav with sed.
    sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf"
fi

# Create a dedicated NGINX config
ynh_add_nginx_config

#=================================================
# SPECIFIC SETUP
#=================================================
# INSTALL NEXTCLOUD
#=================================================
ynh_script_progression --message="Installing Nextcloud..." --weight=30

# Define a function to execute commands with `occ`
exec_occ() {
  (cd "$final_path" && ynh_exec_as "$app" \
      php${phpversion} occ --no-interaction --no-ansi "$@")
}

# Set write access for the following commands
chown -R $app: "$final_path" "$datadir"

# Define password in an intermediate var
# The fact that it's called _password allows it to be
# picked up by Yunohost's auto-redact mecanism
admin_password="$(ynh_string_random --length=6)"

# Install Nextcloud using a temporary admin user
exec_occ maintenance:install \
    --database "mysql" --database-name $db_name \
    --database-user $db_name --database-pass "$db_pwd" \
    --admin-user "admin" --admin-pass "$admin_password" \
    --data-dir "$datadir" \
    || ynh_die --message="Unable to install Nextcloud"

#=================================================
# CONFIGURE NEXTCLOUD
#=================================================
ynh_script_progression --message="Configuring Nextcloud..." --weight=8

# Ensure that UpdateNotification app is disabled
exec_occ app:disable updatenotification

# Enable LDAP plugin
exec_occ app:enable user_ldap
exec_occ ldap:create-empty-config

# Load the installation config file in Nextcloud
nc_conf="$final_path/config_install.json"
ynh_add_config --template="../conf/config_install.json" --destination="$nc_conf"

exec_occ config:import "$nc_conf"

# Then remove the config file
ynh_secure_remove --file="$nc_conf"

# Load the additional config file (used also for upgrade)
nc_conf="$final_path/config.json"
ynh_add_config --template="../conf/config.json" --destination="$nc_conf"

exec_occ config:import "$nc_conf"

# Then remove the config file
ynh_secure_remove --file="$nc_conf"

#=================================================
# ADD A CRON JOB
#=================================================

cron_path="/etc/cron.d/$app"
ynh_add_config --template="../conf/nextcloud.cron" --destination="$cron_path"
chown root: "$cron_path"
chmod 644 "$cron_path"

exec_occ background:cron


#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================

# Fix app ownerships & permissions
chown -R $app: "$final_path" "$datadir"
find $final_path/ -type f -print0 | xargs -0 chmod 0644
find $final_path/ -type d -print0 | xargs -0 chmod 0755
find $datadir/ -type f -print0 | xargs -0 chmod 0640
find $datadir/ -type d -print0 | xargs -0 chmod 0750
chmod 640 "$final_path/config/config.php"
chmod 755 /home/yunohost.app

#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring Fail2Ban..." --weight=8

# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: '<HOST>'.*$" --max_retry=5

#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring SSOwat..."

ynh_permission_create --permission="api" --label="api" --url="re:$domain\/.well-known\/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true"

#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."

ynh_systemd_action --service_name=nginx --action=reload

#=================================================
# END OF SCRIPT
#=================================================

ynh_script_progression --message="Installation of $app completed" --last