diff --git a/conf/nginx.conf b/conf/nginx.conf index 86f404e..1e6eee0 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -8,7 +8,7 @@ location __PATH__/ { index index.php; # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file - #client_max_body_size 50M; + # client_max_body_size 50M; try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { diff --git a/conf/systemd.service b/conf/systemd.service index f100e84..97d2900 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -11,9 +11,9 @@ ExecStart=__INSTALL_DIR__/script StandardOutput=append:/var/log/__APP__/__APP__.log StandardError=inherit +### Depending on specificities of your service/app, you may need to tweak these +### .. but this should be a good baseline # Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html NoNewPrivileges=yes PrivateTmp=yes diff --git a/manifest.toml b/manifest.toml index 0ba3d6a..dd9ddc2 100644 --- a/manifest.toml +++ b/manifest.toml @@ -92,19 +92,19 @@ ram.runtime = "50M" [resources.sources] - [resources.sources.main] - # This will pre-fetch the asset which can then be deployed during the install/upgrade scripts with : - # ynh_setup_source --dest_dir="$install_dir" - # You can also define other assets than "main" and add --source_id="foobar" in the previous command - url = "https://github.com/foo/bar/archive/refs/tags/v1.2.3.tar.gz" - sha256 = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" + [resources.sources.main] + # This will pre-fetch the asset which can then be deployed during the install/upgrade scripts with : + # ynh_setup_source --dest_dir="$install_dir" + # You can also define other assets than "main" and add --source_id="foobar" in the previous command + url = "https://github.com/foo/bar/archive/refs/tags/v1.2.3.tar.gz" + sha256 = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" - # These infos are used by https://github.com/YunoHost/apps/blob/master/tools/autoupdate_app_sources/autoupdate_app_sources.py - # to auto-update the previous asset urls and sha256sum + manifest version - # assuming the upstream's code repo is on github and relies on tags or releases - # See the 'sources' resource documentation for more details + # These infos are used by https://github.com/YunoHost/apps/blob/master/tools/autoupdate_app_sources/autoupdate_app_sources.py + # to auto-update the previous asset urls and sha256sum + manifest version + # assuming the upstream's code repo is on github and relies on tags or releases + # See the 'sources' resource documentation for more details - # autoupdate.strategy = "latest_github_tag" + # autoupdate.strategy = "latest_github_tag" [resources.system_user] # This will provision/deprovision a unix system user diff --git a/scripts/backup b/scripts/backup index cf5e5c5..a675fe7 100755 --- a/scripts/backup +++ b/scripts/backup @@ -30,7 +30,7 @@ ynh_backup --src_path="$install_dir" # BACKUP THE DATA DIR #================================================= -# Only relevant if there is a "data_dir" resource for this app +### Only relevant if there is a "data_dir" resource for this app ynh_backup --src_path="$data_dir" --is_big #================================================= @@ -40,7 +40,6 @@ ynh_backup --src_path="$data_dir" --is_big # Backup the PHP-FPM configuration ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" - # Backup the nginx configuration ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" @@ -62,8 +61,8 @@ ynh_backup --src_path="/etc/cron.d/$app" ynh_backup --src_path="/etc/$app/" -# For apps with huge logs, you might want to pass --is_big, -# and in restore script, mkdir and pass --not_mandatory to ynh_restore_file. +### For apps with huge logs, you might want to pass --is_big, +### and in restore script, mkdir and pass --not_mandatory to ynh_restore_file. ynh_backup --src_path="/var/log/$app/" #================================================= diff --git a/scripts/config b/scripts/config index abbf5b2..29f78f8 100644 --- a/scripts/config +++ b/scripts/config @@ -1,10 +1,10 @@ #!/bin/bash -# In simple cases, you don't need a config script. +# In simple cases, you don't need a config script. -# With a simple config_panel.toml, you can write in the app settings, in the +# With a simple config_panel.toml, you can write in the app settings, in the # upstream config file or replace complete files (logo ...) and restart services. -# The config scripts allows you to go further, to handle specific cases +# The config scripts allows you to go further, to handle specific cases # (validation of several interdependent fields, specific getter/setter for a value, # display dynamic informations or choices, pre-loading of config type .cube... ). @@ -33,8 +33,7 @@ get__amount() { local amount=200 # It's possible to change some properties of the question by overriding it: - if [ "$amount" -gt 100 ] - then + if [ "$amount" -gt 100 ]; then cat << EOF style: success value: $amount @@ -54,8 +53,7 @@ EOF get__prices() { local prices prices="$(grep "DONATION\['" "$install_dir/settings.py" | sed -r "s@^DONATION\['([^']*)'\]\['([^']*)'\] = '([^']*)'@\1/\2/\3@g" | sed -z 's/\n/,/g;s/,$/\n/')" - if [ "$prices" == "," ]; - then + if [ "$prices" == "," ]; then # Return YNH_NULL if you prefer to not return a value at all. echo YNH_NULL else @@ -90,7 +88,7 @@ set__prices() { echo "DONATION['$frequency']['$currency'] = '$price_id'" >> "$install_dir/settings.py" done - + #--------------------------------------------- # IMPORTANT: to be able to upgrade properly, you have to save the value in settings too #--------------------------------------------- diff --git a/scripts/install b/scripts/install index 9d4bdf3..923f4d6 100755 --- a/scripts/install +++ b/scripts/install @@ -9,26 +9,24 @@ source _common.sh source /usr/share/yunohost/helpers -# Install parameters are automatically saved as settings -# -# Settings are automatically loaded as bash variables -# in every app script context, therefore typically these will exist: -# - $domain -# - $path -# - $language -# ... etc -# -# Resources defined in the manifest are provisioned prior to this script -# and corresponding settings are also available, such as: -# - $install_dir -# - $port -# - $db_name -# ... - -# -# $app is the app id (i.e. 'example' for first install, -# or 'example__2', '__3', ... for multi-instance installs) -# +### Install parameters are automatically saved as settings +### +### Settings are automatically loaded as bash variables +### in every app script context, therefore typically these will exist: +### - $domain +### - $path +### - $language +### ... etc +### +### Resources defined in the manifest are provisioned prior to this script +### and corresponding settings are also available, such as: +### - $install_dir +### - $port +### - $db_name +### ... +### +### $app is the app id (i.e. 'example' for first install, +### or 'example__2', '__3', ... for multi-instance installs) #================================================= # INITIALIZE AND STORE SETTINGS @@ -53,9 +51,9 @@ ynh_script_progression --message="Setting up source files..." --weight=1 # Download, check integrity, uncompress and patch the source from manifest.toml ynh_setup_source --dest_dir="$install_dir" -# $install_dir will automatically be initialized with some decent -# permission by default ... however, you may need to recursively reapply -# ownership to all files such as after the ynh_setup_source step +### $install_dir will automatically be initialized with some decent +### permission by default ... however, you may need to recursively reapply +### ownership to all files such as after the ynh_setup_source step chown -R "$app:www-data" "$install_dir" #================================================= @@ -67,12 +65,12 @@ ynh_script_progression --message="Adding system configurations related to $app.. ### You can remove it if your app doesn't use PHP. ### `ynh_add_fpm_config` will use the files conf/extra_php-fpm.conf ### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script -### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script -### with the reload at the end of the script. -### - And the section "PHP-FPM CONFIGURATION" in the upgrade script +### - You can remove these files in conf/. +### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script +### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script +### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script +### with the reload at the end of the script. +### - And the section "PHP-FPM CONFIGURATION" in the upgrade script # Create a PHP-FPM config (with conf/extra_php-fpm.conf being appended to it) ynh_add_fpm_config @@ -85,11 +83,11 @@ ynh_add_nginx_config ### Have a look at the app to be sure this app needs a systemd script. ### `ynh_systemd_config` will use the file conf/systemd.service ### If you're not using these lines: -### - You can remove those files in conf/. -### - Remove the section "BACKUP SYSTEMD" in the backup script -### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script -### - As well as the section "RESTORE SYSTEMD" in the restore script -### - And the section "SETUP SYSTEMD" in the upgrade script +### - You can remove those files in conf/. +### - Remove the section "BACKUP SYSTEMD" in the backup script +### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script +### - As well as the section "RESTORE SYSTEMD" in the restore script +### - And the section "SETUP SYSTEMD" in the upgrade script # Create a dedicated systemd config ynh_add_systemd_config @@ -98,12 +96,10 @@ ynh_add_systemd_config ### displayed in the admin interface and through the others `yunohost service` commands. ### (N.B.: this line only makes sense if the app adds a service to the system!) ### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script -### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script -### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script - -yunohost service add "$app" --description="A short description of the app" --log="/var/log/$app/$app.log" +### - You can remove these files in conf/. +### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script +### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script +### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script ### Additional options starting with 3.8: ### @@ -120,14 +116,15 @@ yunohost service add "$app" --description="A short description of the app" --log ### to proceed if you later realize that you need to enable some flags that ### weren't enabled on old installs (be careful it'll override the existing ### service though so you should re-provide all relevant flags when doing so) +yunohost service add "$app" --description="A short description of the app" --log="/var/log/$app/$app.log" ### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. ### Use this helper only if there is effectively a log file for this app. ### If you're not using this helper: -### - Remove the section "BACKUP LOGROTATE" in the backup script -### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script -### - And the section "SETUP LOGROTATE" in the upgrade script +### - Remove the section "BACKUP LOGROTATE" in the backup script +### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script +### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script +### - And the section "SETUP LOGROTATE" in the upgrade script # Use logrotate to manage application logfile(s) ynh_use_logrotate @@ -157,8 +154,8 @@ ynh_script_progression --message="Adding a configuration file..." --weight=1 ynh_add_config --template="some_config_file" --destination="$install_dir/some_config_file" # FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config +### You may need to use chmod 600 instead of 400, +### for example if the app is expected to be able to modify its own config chmod 400 "$install_dir/some_config_file" chown "$app:$app" "$install_dir/some_config_file" @@ -192,10 +189,10 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ### `ynh_systemd_action` is used to start a systemd service for an app. ### Only needed if you have configure a systemd service ### If you're not using these lines: -### - Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script -### - As well as the section "START SYSTEMD SERVICE" in the restore script -### - As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script -### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script +### - Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script +### - As well as the section "START SYSTEMD SERVICE" in the restore script +### - As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script +### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script # Start a systemd service ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" diff --git a/scripts/remove b/scripts/remove index b7d321e..9369d1b 100755 --- a/scripts/remove +++ b/scripts/remove @@ -9,31 +9,30 @@ source _common.sh source /usr/share/yunohost/helpers -# Settings are automatically loaded as bash variables -# in every app script context, therefore typically these will exist: -# - $domain -# - $path -# - $language -# - $install_dir -# - $port -# ... +### Settings are automatically loaded as bash variables +### in every app script context, therefore typically these will exist: +### - $domain +### - $path +### - $language +### - $install_dir +### - $port +### ... -# For remove operations : -# - the core will deprovision every resource defined in the manifest **after** this script is ran -# this includes removing the install directory, and data directory (if --purge was used) +### For remove operations : +### - the core will deprovision every resource defined in the manifest **after** this script is ran +### this includes removing the install directory, and data directory (if --purge was used) #================================================= # REMOVE SYSTEM CONFIGURATIONS #================================================= ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 -# This should be a symetric version of what happens in the install script +### This should be a symetric version of what happens in the install script # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) -if ynh_exec_warn_less yunohost service status "$app" >/dev/null -then - ynh_script_progression --message="Removing $app service integration..." --weight=1 - yunohost service remove "$app" +if ynh_exec_warn_less yunohost service status "$app" >/dev/null; then + ynh_script_progression --message="Removing $app service integration..." --weight=1 + yunohost service remove "$app" fi ynh_remove_fail2ban_config diff --git a/scripts/restore b/scripts/restore index 645e23d..d37b841 100755 --- a/scripts/restore +++ b/scripts/restore @@ -17,9 +17,9 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" -# $install_dir will automatically be initialized with some decent -# permissions by default ... however, you may need to recursively reapply -# ownership to all files such as after the ynh_setup_source step +### $install_dir will automatically be initialized with some decent +### permissions by default ... however, you may need to recursively reapply +### ownership to all files such as after the ynh_setup_source step chown -R "$app:www-data" "$install_dir" #================================================= @@ -29,7 +29,7 @@ ynh_script_progression --message="Restoring the data directory..." --weight=1 ynh_restore_file --origin_path="$data_dir" --not_mandatory -# (Same as for install dir) +### (Same as for install dir) chown -R "$app:www-data" "$data_dir" #================================================= @@ -44,7 +44,7 @@ ynh_mysql_connect_as --user="$db_user" --password="$db_pwd" --database="$db_name #================================================= ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 -# This should be a symetric version of what happens in the install script +### This should be a symetric version of what happens in the install script ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" @@ -68,13 +68,13 @@ ynh_systemd_action --action=restart --service_name=fail2ban ynh_restore_file --origin_path="/etc/cron.d/$app" ynh_restore_file --origin_path="/etc/$app/" -# For apps with huge logs, you might want to not backup logs every time: -# The mkdir call is just here in case the log directory was not backed up. -# mkdir -p "/var/log/$app" -# chown $app:www-data "/var/log/$app" -# ynh_restore_file --src_path="/var/log/$app/" --not_mandatory -# -# For other apps, the simple way is better: +### For apps with huge logs, you might want to not backup logs every time: +### The mkdir call is just here in case the log directory was not backed up. +### mkdir -p "/var/log/$app" +### chown $app:www-data "/var/log/$app" +### ynh_restore_file --src_path="/var/log/$app/" --not_mandatory +### +### For other apps, the simple way is better: ynh_restore_file --origin_path="/var/log/$app/" @@ -92,7 +92,7 @@ ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./ #================================================= ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 -# Typically you only have either $app or php-fpm but not both at the same time... +### Typically you only have either $app or php-fpm but not both at the same time... ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name="php$phpversion-fpm" --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index 45f990a..1cfde47 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,18 +9,18 @@ source _common.sh source /usr/share/yunohost/helpers -# Settings are automatically loaded as bash variables -# in every app script context, therefore typically these will exist: -# - $domain -# - $path -# - $language -# - $install_dir -# - $port -# ... +### Settings are automatically loaded as bash variables +### in every app script context, therefore typically these will exist: +### - $domain +### - $path +### - $language +### - $install_dir +### - $port +### ... -# In the context of upgrade, -# - resources are automatically provisioned / updated / deleted (depending on existing resources) -# - a safety backup is automatically created by the core and will be restored if the upgrade fails +### In the context of upgrade, +### - resources are automatically provisioned / updated / deleted (depending on existing resources) +### - a safety backup is automatically created by the core and will be restored if the upgrade fails ### This helper will compare the version of the currently installed app and the version of the upstream package. ### $upgrade_type can have 2 different values @@ -37,23 +37,21 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= #ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 -# -# N.B. : the following setting migration snippets are provided as *EXAMPLES* -# of what you may want to do in some cases (e.g. a setting was not defined on -# some legacy installs and you therefore want to initiaze stuff during upgrade) -# +### N.B. : the following setting migration snippets are provided as *EXAMPLES* +### of what you may want to do in some cases (e.g. a setting was not defined on +### some legacy installs and you therefore want to initiaze stuff during upgrade) # If db_name doesn't exist, create it -#if [ -z "$db_name" ]; then -# db_name=$(ynh_sanitize_dbid --db_name=$app) -# ynh_app_setting_set --app=$app --key=db_name --value=$db_name -#fi +# if [ -z "$db_name" ]; then +# db_name=$(ynh_sanitize_dbid --db_name=$app) +# ynh_app_setting_set --app=$app --key=db_name --value=$db_name +# fi # If install_dir doesn't exist, create it -#if [ -z "$install_dir" ]; then -# install_dir=/var/www/$app -# ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir -#fi +# if [ -z "$install_dir" ]; then +# install_dir=/var/www/$app +# ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir +# fi #================================================= # STOP SYSTEMD SERVICE @@ -68,17 +66,16 @@ ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$a # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Upgrading source files..." --weight=1 +if [ "$upgrade_type" == "UPGRADE_APP" ]; then + ynh_script_progression --message="Upgrading source files..." --weight=1 - # Download, check integrity, uncompress and patch the source from manifest.toml - ynh_setup_source --dest_dir="$install_dir" + # Download, check integrity, uncompress and patch the source from manifest.toml + ynh_setup_source --dest_dir="$install_dir" fi -# $install_dir will automatically be initialized with some decent -# permissions by default ... however, you may need to recursively reapply -# ownership to all files such as after the ynh_setup_source step +### $install_dir will automatically be initialized with some decent +### permissions by default ... however, you may need to recursively reapply +### ownership to all files such as after the ynh_setup_source step chown -R "$app:www-data" "$install_dir" #================================================= @@ -86,7 +83,7 @@ chown -R "$app:www-data" "$install_dir" #================================================= ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1 -# This should be a literal copypaste of what happened in the install's "System configuration" section +### This should be a literal copypaste of what happened in the install's "System configuration" section ynh_add_fpm_config @@ -115,8 +112,8 @@ ynh_script_progression --message="Updating a configuration file..." --weight=1 ynh_add_config --template="some_config_file" --destination="$install_dir/some_config_file" # FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config +### You may need to use chmod 600 instead of 400, +### for example if the app is expected to be able to modify its own config chmod 400 "$install_dir/some_config_file" chown "$app:$app" "$install_dir/some_config_file"