diff options
Diffstat (limited to 'scripts/install')
| -rw-r--r-- | scripts/install | 276 |
1 files changed, 145 insertions, 131 deletions
diff --git a/scripts/install b/scripts/install index 0cb4675..c05feee 100644 --- a/scripts/install +++ b/scripts/install @@ -7,46 +7,53 @@ #================================================= source _common.sh +source ynh_install_ruby +source ynh_add_secure_repos__3 +source ynh_systemd_action source /usr/share/yunohost/helpers -source _future.sh #================================================= # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + ynh_clean_check_starting +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors - #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================ +#================================================= domain=$YNH_APP_ARG_DOMAIN -admin_mastodon=$YNH_APP_ARG_ADMIN -admin_mastodon_mail=$(ynh_user_get_info $admin_mastodon 'mail') +path_url="/" +admin=$YNH_APP_ARG_ADMIN +is_public=$YNH_APP_ARG_IS_PUBLIC language=$YNH_APP_ARG_LANGUAGE -port_web=$(ynh_find_port 3000) -port_stream=$(ynh_find_port 4000) -path_url="/" +admin_mail=$(ynh_user_get_info $admin 'mail') app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= +ynh_print_info "Validating installation parameters..." final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" -# TODO : to be factorized into a helper someday ? ;) -MEM=$(free | grep "^Mem" | awk '{print $2}') -SWAP=$(free | grep "^Swap" | awk '{print $2}') -TOTAL_MEM_AND_SWAP=$(( ( $MEM+$SWAP ) / 1024 )) # In MB +if [ "$admin" != "package_checker" ] +then + # TODO : to be factorized into a helper someday ? ;) + MEM=$(free | grep "^Mem" | awk '{print $2}') + SWAP=$(free | grep "^Swap" | awk '{print $2}') + TOTAL_MEM_AND_SWAP=$(( ( $MEM+$SWAP ) / 1024 )) # In MB -[[ $TOTAL_MEM_AND_SWAP -gt 2500 ]] || ynh_die "You need at least 2500 Mo of RAM+Swap to install Mastodon. Please consult the README to learn how to add swap." + [[ $TOTAL_MEM_AND_SWAP -gt 2500 ]] || ynh_die "You need at least 2500 Mo of RAM+Swap to install Mastodon. Please consult the README to learn how to add swap." +fi # Normalize the url path syntax path_url=$(ynh_normalize_url_path $path_url) @@ -58,24 +65,32 @@ ynh_webpath_register $app $domain $path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= +ynh_print_info "Storing installation settings..." ynh_app_setting_set $app domain $domain -ynh_app_setting_set $app admin $admin_mastodon +ynh_app_setting_set $app path $path_url +ynh_app_setting_set $app admin $admin +ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app language $language -ynh_app_setting_set $app port_web $port_web -ynh_app_setting_set $app port_stream $port_stream - #================================================= # STANDARD MODIFICATIONS #================================================= +# FIND AND OPEN A PORT +#================================================= +ynh_print_info "Configuring firewall..." +# Find a free port +port_web=$(ynh_find_port 3000) +port_stream=$(ynh_find_port 4000) +# Open this port +ynh_app_setting_set $app port_web $port_web +ynh_app_setting_set $app port_stream $port_stream #================================================= # INSTALL DEPENDENCIES #================================================= - -# TODO: add in a clean way backports and yarn +ynh_print_info "Installing dependencies..." # Import debian archive pubkey, need on ARM arch arch=$(uname -m) @@ -84,35 +99,21 @@ if [[ "$arch" = arm* ]]; then apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 fi -# Install source.list debian package backports & yarn +# Install extra_repo debian package backports & yarn if [ "$(lsb_release --codename --short)" == "jessie" ]; then - echo "deb http://httpredir.debian.org/debian jessie-backports main" | tee /etc/apt/sources.list.d/jessie-backports.list + ynh_install_extra_repo --repo="deb http://httpredir.debian.org/debian jessie-backports main" --append fi -curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - -echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list -ynh_package_update +ynh_install_extra_repo --repo="deb https://dl.yarnpkg.com/debian/ stable main" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" --append # install nodejs ynh_install_nodejs 8 -# TODO: use the same mecanism with other files -ynh_install_app_dependencies \ - `# debian packages ` \ - imagemagick libpq-dev libxml2-dev libxslt1-dev file curl apt-transport-https pkg-config libprotobuf-dev protobuf-compiler libicu-dev libidn11-dev \ - `# redis ` \ - redis-server redis-tools \ - `# postgresql ` \ - postgresql postgresql-contrib \ - `# Ruby ` \ - autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev \ - `# ffmpeg from backports ` \ - ffmpeg \ - `# Yarn ` \ - yarn - +ynh_install_app_dependencies $pkg_dependencies + #================================================= -# DATABASE SETUP +# CREATE A POSTGRESQL DATABASE #================================================= +ynh_print_info "Creating a PostgreSQL database..." # Create postgresql database db_name="${app}_production" @@ -127,18 +128,17 @@ ynh_psql_execute_as_root \ #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_print_info "Setting up source files..." -# Creates the destination directory and stores its location. -ynh_app_setting_set "$app" final_path "$final_path" -# Download all sources rbenv, ruby and mastodon - -ynh_setup_source "$final_path/.rbenv" "app-rbenv" -ynh_setup_source "$final_path/.rbenv/plugins/ruby-build" "app-ruby-build" -ynh_setup_source "$final_path/live" "app-mastodon" +ynh_app_setting_set $app final_path $final_path +# Download, check integrity, uncompress and patch the source from app.src +mkdir $final_path +ynh_setup_source "$final_path/live" #================================================= # NGINX CONFIGURATION #================================================= +ynh_print_info "Configuring nginx web server..." # Create a dedicated nginx config ynh_replace_string "__PORT_WEB__" "$port_web" "../conf/nginx.conf" @@ -148,143 +148,151 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= +ynh_print_info "Configuring system user..." # Create a system user -adduser $app --home $final_path --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password - -chown -R "$app": "$final_path" +ynh_system_user_create $app $final_path -# TODO: try to use ynh_install_ruby from https://github.com/YunoHost-Apps/Experimental_helpers -# Install de rbenv -( - cd $final_path/.rbenv - src/configure && make -C src - - echo "export PATH=\"$final_path/.rbenv/bin:$final_path/live/bin:\$PATH\" -eval \"\$(rbenv init -)\"" > $final_path/.profile - echo "export PATH=\"$final_path/.rbenv/bin:$final_path/live/bin:\$PATH\"" > $final_path/.bashrc -) - -# Install ruby-build -( - exec_as "$app" $final_path/.rbenv/bin/rbenv install 2.6.0 || true - exec_as "$app" $final_path/.rbenv/bin/rbenv global 2.6.0 || true - exec_as "$app" $final_path/.rbenv/versions/2.6.0/bin/ruby -v -) +#================================================= +# SPECIFIC SETUP +#================================================= +# INSTALLING RUBY AND BUNDLER +#================================================= -# Create symlink for ruby -rm /usr/bin/ruby || true -ln -s $final_path/.rbenv/versions/2.6.0/bin/ruby /usr/bin/ruby || true +ynh_install_ruby --ruby_version=2.6.0 +/opt/rbenv/versions/2.6.0/bin/gem update --system +#/opt/rbenv/versions/2.6.0/bin/gem install bundler --no-document -# Adjust Mastodon config +#================================================= +# MODIFY A CONFIG FILE +#================================================= -cp -a $final_path/live/.env.production.sample $final_path/live/.env.production -ynh_replace_string "REDIS_HOST=redis" "REDIS_HOST=127.0.0.1" "${final_path}/live/.env.production" -ynh_replace_string "DB_HOST=db" "DB_HOST=/var/run/postgresql" "${final_path}/live/.env.production" -ynh_replace_string "DB_USER=postgres" "DB_USER=${app}" "${final_path}/live/.env.production" -ynh_replace_string "DB_NAME=postgres" "DB_NAME=${db_name}" "${final_path}/live/.env.production" -ynh_replace_string "DB_PASS=" "DB_PASS=${db_pwd}" "${final_path}/live/.env.production" -ynh_replace_string "LOCAL_DOMAIN=example.com" "LOCAL_DOMAIN=${domain}" "${final_path}/live/.env.production" +cp -f ../conf/.env.production.sample "$final_path/live/.env.production" +ynh_replace_string "__DB_USER__" "$app" "$final_path/live/.env.production" +ynh_replace_string "__DB_NAME__" "$db_name" "$final_path/live/.env.production" +ynh_replace_string "__DB_PWD__" "$db_pwd" "$final_path/live/.env.production" +ynh_replace_string "__DOMAIN__" "$domain" "$final_path/live/.env.production" +ynh_replace_string "__SMTP_FROM_ADDRESS__" "$admin_mail" "${final_path}/live/.env.production" language="$(echo $language | head -c 2)" -ynh_replace_string "# DEFAULT_LOCALE=de" "DEFAULT_LOCALE=${language}" "${final_path}/live/.env.production" +ynh_replace_string "__LANGUAGE__" "$language" "$final_path/live/.env.production" paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) +ynh_replace_string "PAPERCLIP_SECRET=" "PAPERCLIP_SECRET=$paperclip_secret" "${final_path}/live/.env.production" +ynh_app_setting_set "$app" paperclip_secret "$paperclip_secret" + secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) +ynh_replace_string "__SECRET_KEY_BASE__" "$secret_key_base" "$final_path/live/.env.production" +ynh_app_setting_set "$app" secret_key_base "$secret_key_base" + otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) -ynh_replace_string "PAPERCLIP_SECRET=" "PAPERCLIP_SECRET=$paperclip_secret" "${final_path}/live/.env.production" -ynh_replace_string "SECRET_KEY_BASE=" "SECRET_KEY_BASE=$secret_key_base" "${final_path}/live/.env.production" -ynh_replace_string "OTP_SECRET=" "OTP_SECRET=$otp_secret" "${final_path}/live/.env.production" +ynh_replace_string "__OTP_SECRET__" "$otp_secret" "$final_path/live/.env.production" +ynh_app_setting_set "$app" otp_secret "$otp_secret" -ynh_replace_string "SMTP_LOGIN=" "#SMTP_LOGIN=" "${final_path}/live/.env.production" -ynh_replace_string "SMTP_PASSWORD=" "#SMTP_PASSWORD=" "${final_path}/live/.env.production" -ynh_replace_string "SMTP_SERVER=smtp.mailgun.org" "SMTP_SERVER=localhost" "${final_path}/live/.env.production" -ynh_replace_string "SMTP_PORT=587" "SMTP_PORT=25" "${final_path}/live/.env.production" -ynh_replace_string "SMTP_FROM_ADDRESS=notifications@example.com" "SMTP_FROM_ADDRESS=$admin_mastodon@$domain" "${final_path}/live/.env.production" -ynh_replace_string "#SMTP_AUTH_METHOD=plain" "SMTP_AUTH_METHOD=none" "${final_path}/live/.env.production" -ynh_replace_string "#SMTP_OPENSSL_VERIFY_MODE=peer" "SMTP_OPENSSL_VERIFY_MODE=none" "${final_path}/live/.env.production" +#================================================= +# INSTALLING MASTODON +#================================================= +ynh_print_info "Installing Mastodon..." -# Preconfig CSS & JS -# Install Mastodon -# Give right permission for the app chown -R "$app": "$final_path" -( - cd "$final_path/live" - su mastodon <<INSTALL - $final_path/.rbenv/versions/2.6.0/bin/gem install bundler:1.16.6 --no-ri --no-rdoc - $final_path/.rbenv/versions/2.6.0/bin/gem install bundler - $final_path/.rbenv/versions/2.6.0/bin/bundle install \ - -j$(getconf _NPROCESSORS_ONLN) \ - --deployment --without development test - yarn install --pure-lockfile - echo "SAFETY_ASSURED=1">> .env.production - RAILS_ENV=production $final_path/.rbenv/versions/2.6.0/bin/bundle exec rails db:migrate --quiet - RAILS_ENV=production $final_path/.rbenv/versions/2.6.0/bin/bundle exec rails assets:precompile --quiet -INSTALL -) +pushd "$final_path/live" + ynh_use_nodejs + sudo -u "$app" env PATH=$PATH /opt/rbenv/versions/2.6.0/bin/bundle install -j$(getconf _NPROCESSORS_ONLN) --deployment --without development test + sudo -u "$app" env PATH=$PATH yarn install --pure-lockfile + sudo -u "$app" echo "SAFETY_ASSURED=1">> .env.production + sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails db:migrate --quiet + sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rails assets:precompile --quiet + sudo -u "$app" env PATH=$PATH RAILS_ENV=production /opt/rbenv/versions/2.6.0/bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt + sudo -u "$app" env PATH=$PATH RAILS_ENV=production bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=admin > acc.txt +popd + +admin_pass=$( tail -1 $final_path/live/acc.txt | head -1 | cut -c 15- ) +ynh_secure_remove "$final_path/live/acc.txt" + +vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K\w+" "$final_path/live/key.txt") +vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K\w+" "$final_path/live/key.txt") + +ynh_replace_string "__VAPID_PRIVATE_KEY__" "$vapid_private_key" "${final_path}/live/.env.production" +ynh_replace_string "__VAPID_PUBLIC_KEY__" "$vapid_public_key" "${final_path}/live/.env.production" + +ynh_app_setting_set "$app" vapid_private_key "$vapid_private_key" +ynh_app_setting_set "$app" vapid_public_key "$vapid_public_key" + +ynh_secure_remove "$final_path/live/key.txt" + +#================================================= +# SETUP CRON JOB FOR REMOVING CACHE +#================================================= +ynh_print_info "Setuping a cron job for rem0ving cache..." + +ynh_replace_string "__FINAL_PATH__" "$final_path" ../conf/cron +ynh_replace_string "__USER__" "$app" ../conf/cron +sudo cp -f ../conf/cron /etc/cron.d/$app #================================================= # SETUP SYSTEMD #================================================= +ynh_print_info "Configuring a systemd service..." # Create a dedicated systemd config ynh_replace_string "__PORT_WEB__" "$port_web" "../conf/mastodon-web.service" ynh_replace_string "__PORT_STREAM__" "$port_stream" "../conf/mastodon-streaming.service" +ynh_replace_string "__NODEJS_PATH__" "$nodejs_path" "../conf/mastodon-streaming.service" ynh_add_systemd_config "$app-web" "mastodon-web.service" ynh_add_systemd_config "$app-sidekiq" "mastodon-sidekiq.service" ynh_add_systemd_config "$app-streaming" "mastodon-streaming.service" -systemctl start "$app-web.service" "$app-sidekiq.service" "$app-streaming.service" +#================================================= +# START MASTODON SERVICES +#================================================= +ynh_print_info "Starting Mastodon services..." + +ynh_systemd_action --action=start --service_name=${app}-web --line_match="Listening on tcp" --log_path=systemd +ynh_systemd_action --action=start --service_name=${app}-sidekiq --line_match="Starting processing" --log_path=systemd +ynh_systemd_action --action=start --service_name=${app}-streaming --line_match="Worker 1 now listening" --log_path=systemd + +#================================================= +# STORE THE CONFIG FILE CHECKSUM +#================================================= -# Create user -( - cd "$final_path/live" - su mastodon <<SETADMIN -( RAILS_ENV=production bin/tootctl accounts create '$admin_mastodon' --email='$admin_mastodon_mail' > acc.txt ) -RAILS_ENV=production bin/tootctl accounts modify $admin_mastodon --confirm -RAILS_ENV=production bin/tootctl accounts modify $admin_mastodon --role admin -SETADMIN -) -admin_pass=$( cd $final_path/live && tail -1 acc.txt | head -1 | cut -c 15- ) +# Calculate and store the config file checksum into the app settings +ynh_store_file_checksum "${final_path}/live/.env.production" -(cd $final_path/live && rm -f acc.txt) #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= -# TODO:Set permissions to app files +# Set permissions to app files chown -R "$app": "$final_path" #================================================= # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -# Add service YunoHost yunohost service add "$app-web" yunohost service add "$app-sidekiq" yunohost service add "$app-streaming" -# SETUP CRON JOB FOR REMOVING CACHE -ynh_replace_string "__FINAL_PATH__" "$final_path" ../conf/cron -ynh_replace_string "__USER__" "$app" ../conf/cron -sudo cp -f ../conf/cron /etc/cron.d/$app - #================================================= # SETUP SSOWAT #================================================= +ynh_print_info "Configuring SSOwat..." -# TODO: all private install -# Unprotected url -ynh_app_setting_set "$app" unprotected_uris "/" +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_set $app unprotected_uris "/" +fi #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." -# Reload Nginx systemctl reload nginx #================================================= @@ -293,8 +301,14 @@ systemctl reload nginx message="Mastodon was successfully installed :) Please open 'https://$domain$path_url' -The admin username is: $admin_mastodon_mail +The admin email is: $admin_mail The admin password is: $admin_pass If you facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/mastodon_ynh" -ynh_send_readme_to_admin "$message" "$admin_mastodon" +ynh_send_readme_to_admin "$message" "$admin" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Installation of $app completed" |