diff options
Diffstat (limited to 'scripts/install')
| -rw-r--r-- | scripts/install | 372 |
1 files changed, 206 insertions, 166 deletions
diff --git a/scripts/install b/scripts/install index 03f91bd..5d5bf1e 100644 --- a/scripts/install +++ b/scripts/install @@ -1,17 +1,26 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -source .fonctions # Loads the generic functions usually used in the script -source /usr/share/yunohost/helpers # Source app helpers +source _common.sh +source /usr/share/yunohost/helpers +source _future.sh -CLEAN_SETUP () { - # Clean installation residues that are not supported by the remove script. - # Clean hosts - echo "" -} -TRAP_ON # Active trap to stop the script if an error is detected. +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================ domain=$YNH_APP_ARG_DOMAIN admin_mastodon=$YNH_APP_ARG_ADMIN @@ -19,128 +28,160 @@ admin_mastodon_mail=$(ynh_user_get_info $admin_mastodon 'mail') admin_pass=$YNH_APP_ARG_PASSWD language=$YNH_APP_ARG_LANGUAGE +path_url="/" + app=$YNH_APP_INSTANCE_NAME -CHECK_VAR "$app" "app name not set" +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= + +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" + +# TODO: remove this test, don't as password anymore, generate it and send it by email to admin with: https://github.com/YunoHost-Apps/Experimental_helpers/tree/master/send_readme_to_admin +[[ ${#admin_pass} -gt 7 ]] || ynh_die "Password is too weak, must be longer than 7 characters" -CHECK_USER "$admin_mastodon" +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) -CHECK_DOMAINPATH +# Check web path availability +ynh_webpath_available $domain $path_url +# Register (book) web path +ynh_webpath_register $app $domain $path_url -CHECK_FINALPATH +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= ynh_app_setting_set $app domain $domain ynh_app_setting_set $app admin $admin_mastodon ynh_app_setting_set $app pass $admin_pass ynh_app_setting_set $app language $language +ynh_app_setting_set $app path $path_url -[[ ${#admin_pass} -gt 7 ]] || ynh_die \ -"The password is too weak, it must be longer than 7 characters" -# Create user unix -sudo adduser $app --home /opt/$app --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password --disabled-login - -# Install debian package -ynh_package_install imagemagick libpq-dev libxml2-dev libxslt1-dev file curl apt-transport-https pkg-config libprotobuf-dev protobuf-compiler libicu-dev libidn11-dev +#================================================= +# STANDARD MODIFICATIONS +#================================================= -# Install redis package -ynh_package_install redis-server redis-tools -# Install postgresql -ynh_package_install postgresql postgresql-contrib postgresql-server-dev-all +#================================================= +# INSTALL DEPENDENCIES +#================================================= -# Install Ruby -ynh_package_install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev +# TODO: add in a clean way backports and yarn # Import debian archive pubkey, need on ARM arch arch=$(uname -m) -if [[ $arch = arm* ]]; then - sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 - sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 +if [[ "$arch" = arm* ]]; then + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 fi -# Install source.list debian yarn package -sudo curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - -sudo cp ../conf/yarn.list /etc/apt/sources.list.d/ - -# Install source.list debian jessie package backports +# Install source.list debian package backports & yarn if [ "$(lsb_release --codename --short)" == "jessie" ]; then -sudo cp ../conf/backports.list /etc/apt/sources.list.d/ -ynh_package_update -sudo apt-get -t jessie-backports -y install ffmpeg -else -ynh_package_update -ynh_package_install ffmpeg + echo "deb http://httpredir.debian.org/debian jessie-backports main" | tee /etc/apt/sources.list.d/jessie-backports.list fi - -# Install Yarn -ynh_package_install yarn +curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - +echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list +ynh_package_update # Creates the destination directory and stores its location. -ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set "$app" final_path "$final_path" # Install de Node.js -pushd /opt -curl -sL https://deb.nodesource.com/setup_6.x | sudo bash - -sudo apt-get -y install nodejs +# TODO: use https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/ynh_install_nodejs/ynh_install_nodejs +( + cd /opt + curl -sL https://deb.nodesource.com/setup_6.x | bash - + apt-get -y install nodejs +) + +# TODO: use the same mecanism with other files +ynh_install_app_dependencies \ + `# debian packages ` \ + imagemagick libpq-dev libxml2-dev libxslt1-dev file curl apt-transport-https pkg-config libprotobuf-dev protobuf-compiler libicu-dev libidn11-dev \ + `# redis ` \ + redis-server redis-tools \ + `# postgresql ` \ + postgresql \ + `# Ruby ` \ + autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev \ + `# ffmpeg from backports ` \ + ffmpeg \ + `# Yarn ` \ + yarn +#================================================= +# CREATE A DATABASE +#================================================= + +# TODO: use non-official https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/postgres/postgres +# TODO: this commands doesn't looks like a requirement, you may fully remove it # Set UTF8 encoding by default -sudo su -c "psql" postgres <<< \ - "update pg_database set datistemplate='false' where datname='template1';" -sudo su -c "psql" postgres <<< \ - "drop database template1;" -sudo su -c "psql" postgres <<< \ - "create database template1 encoding='UTF8' template template0;" -sudo su -c "psql" postgres <<< \ - "update pg_database set datistemplate='true' where datname='template1';" -# Create DB without password -ynh_psql_create_db_without_password "$app" -sudo systemctl restart postgresql +ynh_psql_test_if_first_run + +db_user=$(ynh_sanitize_dbid "$app") +db_name="${app}_production" +db_name=$(ynh_sanitize_dbid "$db_name") +db_pwd=$(ynh_string_random) +ynh_app_setting_set $app db_name $db_name +ynh_app_setting_set $app db_pwd $db_pwd +ynh_psql_setup_db "$db_user" "$db_name" "$db_pwd" + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= # Download all sources rbenv, ruby and mastodon -sudo su - $app <<CLONECOMMANDS -git clone https://github.com/rbenv/rbenv.git $final_path/.rbenv -git clone https://github.com/rbenv/ruby-build.git $final_path/.rbenv/plugins/ruby-build -git clone https://github.com/tootsuite/mastodon.git $final_path/live -CLONECOMMANDS -# Switch branch to tagged release -cd $final_path/live -version=$(curl -s https://api.github.com/repos/tootsuite/mastodon/releases/latest | grep tag_name | cut -d\" -f4) -sudo su - $app <<SWITCHCOMMANDS -pushd ~/live -git checkout $version -SWITCHCOMMANDS +ynh_setup_source "$final_path/.rbenv" "app-rbenv" +ynh_setup_source "$final_path/.rbenv/plugins/ruby-build" "app-ruby-build" +ynh_setup_source "$final_path/live" "app-mastodon" -# Be king rewind (/var/cache/yunohost/from_file/scripts) -popd +#================================================= +# NGINX CONFIGURATION +#================================================= + +# TODO: use official helper ynh_add_nginx_config +# Modify Nginx configuration file and copy it to Nginx conf directory +sed -i "s@__PATH__@$app@g" ../conf/nginx.conf* +sed -i "s@__FINALPATH__@$final_path@g" ../conf/nginx.conf* +cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf + +#================================================= +# CREATE DEDICATED USER +#================================================= +# TODO: use official helper ynh_system_user_create +# Create user unix +adduser $app --home $final_path --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password + +chown -R "$app" "$final_path" + +# TODO: try to use ynh_install_ruby from https://github.com/YunoHost-Apps/Experimental_helpers # Install de rbenv -sudo su - $app <<COMMANDS -pushd ~/.rbenv -src/configure && make -C src -echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.profile -echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.bashrc -echo 'eval "\$(rbenv init -)"' >> ~/.profile -COMMANDS +( + cd $final_path/.rbenv + src/configure && make -C src + + echo "export PATH=\"$final_path/.rbenv/bin:$final_path/live/bin:\$PATH\" +eval \"\$(rbenv init -)\"" > $final_path/.profile + echo "export PATH=\"$final_path/.rbenv/bin:$final_path/live/bin:\$PATH\"" > $final_path/.bashrc +) # Install ruby-build -sudo su - $app <<RCOMMANDS -/opt/mastodon/.rbenv/bin/rbenv install 2.5.1 -/opt/mastodon/.rbenv/versions/2.5.1/bin/ruby -v -RCOMMANDS +( + exec_as "$app" $final_path/.rbenv/bin/rbenv install 2.5.1 + exec_as "$app" $final_path/.rbenv/bin/rbenv global 2.5.1 + exec_as "$app" $final_path/.rbenv/versions/2.5.1/bin/ruby -v +) # Create symlink for ruby -sudo rm /usr/bin/ruby || true -sudo ln -s /opt/mastodon/.rbenv/versions/2.5.1/bin/ruby /usr/bin/ruby || true - -# Install Mastodon -sudo su - $app <<MCOMMANDS -pushd ~/live -/opt/mastodon/.rbenv/versions/2.5.1/bin/gem install bundler -bin/bundle install --deployment --without development test -MCOMMANDS +rm /usr/bin/ruby || true +ln -s $final_path/.rbenv/versions/2.5.1/bin/ruby /usr/bin/ruby || true # Yarn install on root pushd $final_path/live @@ -148,101 +189,100 @@ yarn install --pure-lockfile popd # Adjust Mastodon config -pushd $final_path/live/ -sudo cp -a .env.production.sample .env.production -sudo sed -i "s@REDIS_HOST=redis@REDIS_HOST=127.0.0.1@g" "${final_path}/live/.env.production" -sudo sed -i "s@DB_HOST=db@DB_HOST=/var/run/postgresql@g" "${final_path}/live/.env.production" -sudo sed -i "s@DB_USER=postgres@DB_USER=${app}@g" "${final_path}/live/.env.production" -sudo sed -i "s@DB_NAME=postgres@DB_NAME=${app}_production@g" "${final_path}/live/.env.production" -sudo sed -i "s@LOCAL_DOMAIN=example.com@LOCAL_DOMAIN=${domain}@g" "${final_path}/live/.env.production" +# TODO: use official helper ynh_replace_string +# TODO: save the config file in conf folder, to make replacement easier to read +# TODO: use ynh_string_random +cp -a $final_path/live/.env.production.sample $final_path/live/.env.production +sed -i "s@REDIS_HOST=redis@REDIS_HOST=127.0.0.1@g" "${final_path}/live/.env.production" +sed -i "s@DB_HOST=db@DB_HOST=/var/run/postgresql@g" "${final_path}/live/.env.production" +sed -i "s@DB_USER=postgres@DB_USER=${db_user}@g" "${final_path}/live/.env.production" +sed -i "s@DB_NAME=postgres@DB_NAME=${db_name}@g" "${final_path}/live/.env.production" +sed -i "s@DB_PASS=@DB_PASS=${db_pwd}@g" "${final_path}/live/.env.production" +sed -i "s@LOCAL_DOMAIN=example.com@LOCAL_DOMAIN=${domain}@g" "${final_path}/live/.env.production" language="$(echo $language | head -c 2)" -sudo sed -i "s@# DEFAULT_LOCALE=de@DEFAULT_LOCALE=${language}@g" "${final_path}/live/.env.production" +sed -i "s@# DEFAULT_LOCALE=de@DEFAULT_LOCALE=${language}@g" "${final_path}/live/.env.production" paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) -sudo sed -i "s@PAPERCLIP_SECRET=@PAPERCLIP_SECRET=${paperclip_secret}@g" "${final_path}/live/.env.production" -sudo sed -i "s@SECRET_KEY_BASE=@SECRET_KEY_BASE=${secret_key_base}@g" "${final_path}/live/.env.production" -sudo sed -i "s@OTP_SECRET=@OTP_SECRET=${otp_secret}@g" "${final_path}/live/.env.production" +sed -i "s@PAPERCLIP_SECRET=@PAPERCLIP_SECRET=${paperclip_secret}@g" "${final_path}/live/.env.production" +sed -i "s@SECRET_KEY_BASE=@SECRET_KEY_BASE=${secret_key_base}@g" "${final_path}/live/.env.production" +sed -i "s@OTP_SECRET=@OTP_SECRET=${otp_secret}@g" "${final_path}/live/.env.production" -sudo sed -i "s@SMTP_LOGIN=@#SMTP_LOGIN=@g" "${final_path}/live/.env.production" -sudo sed -i "s@SMTP_PASSWORD=@#SMTP_PASSWORD=@g" "${final_path}/live/.env.production" -sudo sed -i "s@SMTP_SERVER=smtp.mailgun.org@SMTP_SERVER=localhost@g" "${final_path}/live/.env.production" -sudo sed -i "s@SMTP_PORT=587@SMTP_PORT=25@g" "${final_path}/live/.env.production" -sudo sed -i 's,SMTP_FROM_ADDRESS=notifications@example.com,SMTP_FROM_ADDRESS='${admin_mastodon}'@'${domain}',' "${final_path}/live/.env.production" -sudo sed -i "s@#SMTP_AUTH_METHOD=plain@SMTP_AUTH_METHOD=none@g" "${final_path}/live/.env.production" -sudo sed -i "s@#SMTP_OPENSSL_VERIFY_MODE=peer@SMTP_OPENSSL_VERIFY_MODE=none@g" "${final_path}/live/.env.production" +sed -i "s@SMTP_LOGIN=@#SMTP_LOGIN=@g" "${final_path}/live/.env.production" +sed -i "s@SMTP_PASSWORD=@#SMTP_PASSWORD=@g" "${final_path}/live/.env.production" +sed -i "s@SMTP_SERVER=smtp.mailgun.org@SMTP_SERVER=localhost@g" "${final_path}/live/.env.production" +sed -i "s@SMTP_PORT=587@SMTP_PORT=25@g" "${final_path}/live/.env.production" +sed -i 's,SMTP_FROM_ADDRESS=notifications@example.com,SMTP_FROM_ADDRESS='${admin_mastodon}'@'${domain}',' "${final_path}/live/.env.production" +sed -i "s@#SMTP_AUTH_METHOD=plain@SMTP_AUTH_METHOD=none@g" "${final_path}/live/.env.production" +sed -i "s@#SMTP_OPENSSL_VERIFY_MODE=peer@SMTP_OPENSSL_VERIFY_MODE=none@g" "${final_path}/live/.env.production" -# Create database # Preconfig CSS & JS -sudo su - $app <<CCOMMANDS -pushd ~/live -echo "SAFETY_ASSURED=1">> .env.production -RAILS_ENV=production bin/bundle exec rails db:setup -CCOMMANDS - -# Rails precompile on root -pushd $final_path/live -RAILS_ENV=production bin/bundle exec rails --trace assets:precompile -popd - -# init rbenv & create bundle -sudo su - $app <<BCOMMANDS -. ~/.profile -type rbenv -BCOMMANDS - -# Add Services -popd +# Install Mastodon +( + cd "$final_path/live" + su mastodon <<INSTALL + $final_path/.rbenv/versions/2.5.1/bin/gem install bundler + $final_path/live/bin/bundle install -j$(getconf _NPROCESSORS_ONLN) --deployment --without development test --quiet + yarn install --production --no-progress --non-interactive --silent + echo "SAFETY_ASSURED=1">> .env.production + RAILS_ENV=production $final_path/live/bin/bundle exec rails db:migrate --quiet + RAILS_ENV=production $final_path/live/bin/bundle exec rails assets:precompile --quiet +INSTALL +) -sudo cp ../conf/mastodon-web.service /etc/systemd/system/mastodon-web.service -sudo chown root: /etc/systemd/system/mastodon-web.service -sudo cp ../conf/mastodon-sidekiq.service /etc/systemd/system/mastodon-sidekiq.service -sudo chown root: /etc/systemd/system/mastodon-sidekiq.service -sudo cp ../conf/mastodon-streaming.service /etc/systemd/system/mastodon-streaming.service -sudo chown root: /etc/systemd/system/mastodon-streaming.service +# TODO: use ynh_find_port to have generic port selection for RAILS +ynh_add_systemd_config "$app-web" "mastodon-web.service" +# TODO: use ynh_find_port to have generic port selection for NODES +ynh_add_systemd_config "$app-sidekiq" "mastodon-sidekiq.service" +ynh_add_systemd_config "$app-streaming" "mastodon-streaming.service" -sudo systemctl daemon-reload -sudo systemctl enable mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service -sudo systemctl start mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service -# debug -sudo systemctl status mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service - -# Add service YunoHost -sudo yunohost service add mastodon-web -sudo yunohost service add mastodon-sidekiq -sudo yunohost service add mastodon-streaming +systemctl start "$app-web.service" "$app-sidekiq.service" "$app-streaming.service" # Create user -sudo su - $app <<UCOMMANDS -pushd ~/live -RAILS_ENV=production bundle exec rails c +( + cd "$final_path/live" + su mastodon <<CREATEUSER +RAILS_ENV=production bin/bundle exec rails c account = Account.create!(username: '$admin_mastodon') user = User.create!(email: '$admin_mastodon_mail', password: '$admin_pass', account: account) -UCOMMANDS - -# Create administrator & confirm user -sudo su - $app <<ACOMMANDS -pushd ~/live +CREATEUSER + su mastodon <<SETADMIN RAILS_ENV=production bin/bundle exec rails mastodon:make_admin USERNAME=$admin_mastodon RAILS_ENV=production bin/bundle exec rails mastodon:confirm_email USER_EMAIL=$admin_mastodon_mail -ACOMMANDS +SETADMIN +) -# Modify Nginx configuration file and copy it to Nginx conf directory -sudo sed -i "s@__PATH__@$app@g" ../conf/nginx.conf* -sudo sed -i "s@__FINALPATH__@$final_path@g" ../conf/nginx.conf* -sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# TODO:Set permissions to app files +chown -R "$app" "$final_path" + +#================================================= +# ADVERTISE SERVICE IN ADMIN PANEL +#================================================= + +# Add service YunoHost +yunohost service add "$app-web" +yunohost service add "$app-sidekiq" +yunohost service add "$app-streaming" -# Install crontab -sudo cp ../conf/crontab_mastodon /etc/cron.d/$app -sudo sed -i "s@__APP__@$app@g" /etc/cron.d/$app +#================================================= +# SETUP SSOWAT +#================================================= +# TODO: all private install # Unprotected url ynh_app_setting_set "$app" unprotected_uris "/" -# Reload SSOwat configuration -sudo yunohost app ssowatconf +#================================================= +# RELOAD NGINX +#================================================= # Reload Nginx -sudo systemctl reload nginx +systemctl reload nginx |