diff options
Diffstat (limited to 'scripts')
| -rw-r--r-- | scripts/.fonctions | 28 | ||||
| -rw-r--r-- | scripts/backup | 20 | ||||
| -rw-r--r-- | scripts/install | 84 | ||||
| -rw-r--r-- | scripts/remove | 22 | ||||
| -rw-r--r-- | scripts/restore | 85 | ||||
| -rw-r--r-- | scripts/upgrade | 61 |
6 files changed, 200 insertions, 100 deletions
diff --git a/scripts/.fonctions b/scripts/.fonctions index 8013e27..20f9ea0 100644 --- a/scripts/.fonctions +++ b/scripts/.fonctions @@ -233,3 +233,31 @@ ynh_psql_drop_db() { ynh_psql_drop_user() { sudo su -c "dropuser ${1}" postgres } + +# Remove a file or a directory securely +# +# usage: ynh_secure_remove path_to_remove +# | arg: path_to_remove - File or directory to remove +ynh_secure_remove () { + path_to_remove=$1 + forbidden_path=" \ + /var/www \ + /home/yunohost.app" + + if [[ "$forbidden_path" =~ "$path_to_remove" \ + # Match all path or subpath in $forbidden_path + || "$path_to_remove" =~ ^/[[:alnum:]]+$ \ + # Match all first level path from / (Like /var, /root, etc...) + || "${path_to_remove:${#path_to_remove}-1}" = "/" ]] + # Match if the path finish by /. Because it's seems there is an empty variable + then + echo "Avoid deleting of $path_to_remove." >&2 + else + if [ -e "$path_to_remove" ] + then + sudo rm -R "$path_to_remove" + else + echo "$path_to_remove doesn't deleted because it's not exist." >&2 + fi + fi +}
\ No newline at end of file diff --git a/scripts/backup b/scripts/backup index 2ef6b86..bb90997 100644 --- a/scripts/backup +++ b/scripts/backup @@ -3,12 +3,19 @@ # Exit on command errors and treat unset variables as an error set -eu -# Get multi-instances specific variables -app=$YNH_APP_INSTANCE_NAME - +if [ ! -e .fonctions ]; then + # Get file fonction if not been to the current directory + sudo cp ../settings/scripts/.fonctions ./.fonctions + sudo chmod a+rx .fonctions +fi +# Loads the generic functions usually used in the script +source .fonctions # Source app helpers source /usr/share/yunohost/helpers +# Get multi-instances specific variables +app=$YNH_APP_INSTANCE_NAME + # Retrieve app settings domain=$(ynh_app_setting_get "$app" domain) @@ -18,13 +25,14 @@ ynh_backup "$final_path" "sources" 1 # Copy the nginx conf files ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" -ynh_backup "/etc/cron.d/${app}.conf" "cron.conf" +ynh_backup "/etc/cron.d/${app}" "cron.conf" ynh_backup "/etc/systemd/system/mastodon-web.service" "systemd_web.service" ynh_backup "/etc/systemd/system/mastodon-sidekiq.service" "systemd_sidekiq.service" ynh_backup "/etc/systemd/system/mastodon-streaming.service" "systemd_streaming.service" # Backup db sudo su - postgres <<COMMANDS -pg_dump mastodon_production > /home/backup/mastodon_db.sql +pg_dump --role=mastodon -U postgres --no-password mastodon_production > mastodon_db.sql COMMANDS -ynh_backup "/home/backup/mastodon_db.sql" "mastodon_db.sql"
\ No newline at end of file +ynh_backup "/var/lib/postgresql/${app}_db.sql" "${app}_db.sql" +ynh_secure_remove /var/lib/postgresql/mastodon_db.sql
\ No newline at end of file diff --git a/scripts/install b/scripts/install index caeec25..2fd4b23 100644 --- a/scripts/install +++ b/scripts/install @@ -17,7 +17,6 @@ domain=$YNH_APP_ARG_DOMAIN admin_mastodon=$YNH_APP_ARG_ADMIN admin_pass=$YNH_APP_ARG_PASSWD language=$YNH_APP_ARG_LANGUAGE -is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME @@ -33,7 +32,9 @@ ynh_app_setting_set $app domain $domain ynh_app_setting_set $app admin $admin_mastodon ynh_app_setting_set $app pass $admin_pass ynh_app_setting_set $app language $language -ynh_app_setting_set $app is_public $is_public + +[[ ${#admin_pass} -gt 8 ]] || ynh_die \ +"The password is too weak, it must be longer than 8 characters" # Create user unix sudo adduser $app --home /opt/$app --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password --disabled-login @@ -72,33 +73,32 @@ ynh_package_install yarn # Set UTF8 encoding by default sudo su -c "psql" postgres <<< \ - "update pg_database set datistemplate='false' where datname='template1';" + "update pg_database set datistemplate='false' where datname='template1';" sudo su -c "psql" postgres <<< \ - "drop database template1;" + "drop database template1;" sudo su -c "psql" postgres <<< \ - "create database template1 encoding='UTF8' template template0;" + "create database template1 encoding='UTF8' template template0;" sudo su -c "psql" postgres <<< \ - "update pg_database set datistemplate='true' where datname='template1';" + "update pg_database set datistemplate='true' where datname='template1';" # Create DB without password ynh_psql_create_db_without_password "$app" sudo systemctl restart postgresql -# Download all Ruby source +# Download all sources rbenv, ruby and mastodon sudo su - $app <<CLONECOMMANDS git clone https://github.com/rbenv/rbenv.git $final_path/.rbenv git clone https://github.com/rbenv/ruby-build.git $final_path/.rbenv/plugins/ruby-build git clone https://github.com/tootsuite/mastodon.git $final_path/live CLONECOMMANDS +# Switch to tagged release +cd $final_path/live +sudo git checkout $(git tag | tail -n 1) + # Be king rewind (/var/cache/yunohost/from_file/scripts) popd -# Get Mastodon last version -# sudo mkdir "${final_path}/live" -# SETUP_SOURCE -# sudo chown -R $app: "${final_path}" - # Install de rbenv sudo su - $app <<COMMANDS pushd ~/.rbenv @@ -137,9 +137,12 @@ sudo sed -i "s@LOCAL_DOMAIN=example.com@LOCAL_DOMAIN=${domain}@g" "${final_path} language="$(echo $language | head -c 2)" sudo sed -i "s@# DEFAULT_LOCALE=de@DEFAULT_LOCALE=${language}@g" "${final_path}/live/.env.production" -sudo sed -i "s@PAPERCLIP_SECRET=@PAPERCLIP_SECRET=$(head -n128 /dev/urandom | tr -dc -d 'a-z0-9' | head -c128)@g" "${final_path}/live/.env.production" -sudo sed -i "s@SECRET_KEY_BASE=@SECRET_KEY_BASE=$(head -n128 /dev/urandom | tr -dc -d 'a-z0-9' | head -c128)@g" "${final_path}/live/.env.production" -sudo sed -i "s@OTP_SECRET=@OTP_SECRET=$(head -n128 /dev/urandom | tr -dc -d 'a-z0-9' | head -c128)@g" "${final_path}/live/.env.production" +paperclip_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) +secret_key_base=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) +otp_secret=$(head -n128 /dev/urandom | tail -n +1 | tr -dc -d 'a-z0-9' | head -c128) +sudo sed -i "s@PAPERCLIP_SECRET=@PAPERCLIP_SECRET=${paperclip_secret}@g" "${final_path}/live/.env.production" +sudo sed -i "s@SECRET_KEY_BASE=@SECRET_KEY_BASE=${secret_key_base}@g" "${final_path}/live/.env.production" +sudo sed -i "s@OTP_SECRET=@OTP_SECRET=${otp_secret}@g" "${final_path}/live/.env.production" sudo sed -i 's,SMTP_LOGIN=,SMTP_LOGIN='${admin_mastodon}'@'${domain}',' "${final_path}/live/.env.production" sudo sed -i "s@SMTP_PASSWORD=@SMTP_PASSWORD=${admin_pass}@g" "${final_path}/live/.env.production" @@ -162,7 +165,7 @@ type rbenv BCOMMANDS # Add Services -pushd $(popd) +popd sudo cp ../conf/mastodon-web.service /etc/systemd/system/mastodon-web.service sudo chown root: /etc/systemd/system/mastodon-web.service @@ -182,6 +185,21 @@ sudo yunohost service add mastodon-web sudo yunohost service add mastodon-sidekiq sudo yunohost service add mastodon-streaming +# Create user +sudo su - $app <<UCOMMANDS +pushd ~/live +RAILS_ENV=production bundle exec rails c +account = Account.create!(username: '$admin_mastodon') +user = User.create!(email: '$admin_mastodon@$domain', password: '$admin_pass', account: account) +UCOMMANDS + +# Create administrator & confirm user +sudo su - $app <<ACOMMANDS +pushd ~/live +RAILS_ENV=production bin/bundle exec rails mastodon:make_admin USERNAME=$admin_mastodon +RAILS_ENV=production bin/bundle exec rails mastodon:confirm_email USER_EMAIL=$admin_mastodon@$domain +ACOMMANDS + # Copy nginx config sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf @@ -189,41 +207,11 @@ sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf sudo cp ../conf/crontab_mastodon /etc/cron.d/$app sudo sed -i "s@__APP__@$app@g" /etc/cron.d/$app -# Private or not -if [ "$is_public" = "Yes" ]; -then - sudo sed -i "s@#--PRIVATE--@@g" /etc/nginx/conf.d/$domain.d/$app.conf -fi - -# Setup SSOwat -ynh_app_setting_set "$app" is_public "$is_public" -if [ "$is_public" = "Yes" ]; -then - ynh_app_setting_set "$app" unprotected_uris "/" -fi +# Unprotected url +ynh_app_setting_set "$app" unprotected_uris "/" # Reload SSOwat configuration sudo yunohost app ssowatconf # Reload Nginx sudo systemctl reload nginx - -# all services start, please -sleep 30 - -# Mastodon need a user for creating an administator account -# rake create user is not up for the moment -# See PR: https://github.com/tootsuite/mastodon/pull/1482 -CREATE_USER - -# Create admin user -# Create confirm email -sudo su - $app <<ACOMMANDS -pushd ~/live - -# RAILS_ENV=production bin/bundle exec rails mastodon:make_admin USERNAME=$admin_mastodon -# RAILS_ENV=production bin/bundle exec rails mastodon:confirm_email USER_EMAIL=$admin_mastodon@$domain -ACOMMANDS - -# Restart crontab -sudo systemctl restart cron
\ No newline at end of file diff --git a/scripts/remove b/scripts/remove index a65bf14..373d028 100644 --- a/scripts/remove +++ b/scripts/remove @@ -17,7 +17,7 @@ domain=$(ynh_app_setting_get "$app" domain) if [ -e "/etc/systemd/system/mastodon-web.service" ]; then echo "Delete systemd script" sudo systemctl stop mastodon-web.service - sudo rm "/etc/systemd/system/mastodon-web.service" + ynh_secure_remove "/etc/systemd/system/mastodon-web.service" sudo systemctl disable mastodon-web.service fi @@ -25,15 +25,15 @@ fi if [ -e "/etc/systemd/system/mastodon-sidekiq.service" ]; then echo "Delete systemd script" sudo systemctl stop mastodon-sidekiq.service - sudo rm "/etc/systemd/system/mastodon-sidekiq.service" + ynh_secure_remove "/etc/systemd/system/mastodon-sidekiq.service" sudo systemctl disable mastodon-sidekiq.service fi # Stop mastodon-sidekiq if [ -e "/etc/systemd/system/mastodon-streaming.service" ]; then echo "Delete systemd script" - sudo systemctl stop mastodon-sidekiq.streaming - sudo rm "/etc/systemd/system/mastodon-streaming.service" + sudo systemctl stop mastodon-streaming.service + ynh_secure_remove "/etc/systemd/system/mastodon-streaming.service" sudo systemctl disable mastodon-streaming.service fi @@ -73,27 +73,25 @@ sudo apt-get remove --purge -y yarn #sudo apt-get remove --purge -y autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev # Delete app directory and configurations -SECURE_REMOVE '/opt/$app' +ynh_secure_remove /opt/$app [[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf" # Delete nginx configuration REMOVE_NGINX_CONF -# Delete log -SECURE_REMOVE '/var/log/$app/' # Delete cronlog -SECURE_REMOVE '/etc/cron.d/$app' +ynh_secure_remove /etc/cron.d/$app # Delete source.list -sudo rm /etc/apt/sources.list.d/backports.list -sudo rm /etc/apt/sources.list.d/yarn.list +ynh_secure_remove /etc/apt/sources.list.d/backports.list +ynh_secure_remove /etc/apt/sources.list.d/yarn.list # Delete ruby exec -sudo rm /usr/bin/ruby +ynh_secure_remove /usr/bin/ruby # Remove user sudo userdel -f $app # Reload services -sudo service nginx reload +sudo systemctl reload nginx echo -e "\e[0m" # Restore normal color diff --git a/scripts/restore b/scripts/restore index f1c80ee..946a62b 100644 --- a/scripts/restore +++ b/scripts/restore @@ -4,12 +4,19 @@ # Exit on command errors and treat unset variables as an error set -eu -# The parameter $app is the id of the app instance ex: ynhexample__2 -app=$YNH_APP_INSTANCE_NAME - +if [ ! -e .fonctions ]; then + # Get file fonction if not been to the current directory + sudo cp ../settings/scripts/.fonctions ./.fonctions + sudo chmod a+rx .fonctions +fi +# Loads the generic functions usually used in the script +source .fonctions # Source app helpers source /usr/share/yunohost/helpers +# The parameter $app is the id of the app instance ex: ynhexample__2 +app=$YNH_APP_INSTANCE_NAME + # Get old parameter of the app domain=$(ynh_app_setting_get $app domain) path=$(ynh_app_setting_get $app path) @@ -17,7 +24,7 @@ is_public=$(ynh_app_setting_get $app is_public) # Check domain/path availability sudo yunohost app checkurl "${domain}${path}" -a "$app" \ - || ynh_die "Path not available: ${domain}${path}" + || ynh_die "Path not available: ${domain}${path}" # Check $final_path final_path="/opt/${app}" @@ -30,7 +37,7 @@ nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" if [ -f $nginx_conf ]; then ynh_die "The NGINX configuration already exists at '${nginx_conf}'. You should safely delete it before restoring this app." - +fi # Check configuration files php-fpm crontab_conf="/etc/cron.d/${app}" if [ -f $crontab_conf ]; then @@ -55,17 +62,38 @@ if [ -f "${streaming_systemd}" ]; then You should safely delete it before restoring this app." fi +# Create user unix +sudo adduser $app --home /opt/$app --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password --disabled-login + # Restore sources & data -sudo cp -a ./sources "$final_path" +sudo cp -a ./sources/. "$final_path" # Set permissions sudo chown -R $app: "$final_path" -# Restore db +# Debug +sudo ls -alh "$final_path" + +# Change directory for create user & database postgresql + +# Set UTF8 encoding by default +sudo su -c "psql" postgres <<< \ + "update pg_database set datistemplate='false' where datname='template1';" +sudo su -c "psql" postgres <<< \ + "drop database template1;" +sudo su -c "psql" postgres <<< \ + "create database template1 encoding='UTF8' template template0;" +sudo su -c "psql" postgres <<< \ + "update pg_database set datistemplate='true' where datname='template1';" + +# Create user for db postgresql ynh_psql_create_db_without_password "$app" -sudo su - postgres <<COMMANDS -pg_dump mastodon_production < ./mastodon_db.sql -COMMANDS + +# Setup database +sudo su - $app <<SCOMMANDS +cd ~/live +RAILS_ENV=production bin/bundle exec rails db:setup +SCOMMANDS # Restore Mastodon sudo su - $app <<RCOMMANDS @@ -74,10 +102,45 @@ RAILS_ENV=production bin/bundle exec rails db:migrate RAILS_ENV=production bin/bundle exec rails assets:precompile RCOMMANDS +# copy database +sudo cp $YNH_APP_BACKUP_DIR/mastodon_db.sql $final_path +sudo chmod a+r $final_path/mastodon_db.sql + +# Restore database +sudo su - $app <<RECOMMANDS +dropdb mastodon_production +createdb mastodon_production +psql mastodon_production < $final_path/mastodon_db.sql +RECOMMANDS + +# Remove dump +sudo rm $final_path/mastodon_db.sql + +# Create symlink for ruby +sudo ln -s /opt/mastodon/.rbenv/versions/2.4.1/bin/ruby /usr/bin/ruby || true + # Restore nginx configuration files sudo cp -a ./nginx.conf "$nginx_conf" # Restore crontab sudo cp -a ./cron.conf "$crontab_conf" +sudo cp ./systemd_web.service /etc/systemd/system/mastodon-web.service +sudo chown root: /etc/systemd/system/mastodon-web.service +sudo cp ./systemd_sidekiq.service /etc/systemd/system/mastodon-sidekiq.service +sudo chown root: /etc/systemd/system/mastodon-sidekiq.service +sudo cp ./systemd_streaming.service /etc/systemd/system/mastodon-streaming.service +sudo chown root: /etc/systemd/system/mastodon-streaming.service + +sudo systemctl daemon-reload +sudo systemctl enable /etc/systemd/system/mastodon-*.service +sudo systemctl start mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service +# debug +sudo systemctl status mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service + +# Add service YunoHost +sudo yunohost service add mastodon-web +sudo yunohost service add mastodon-sidekiq +sudo yunohost service add mastodon-streaming + # Reload services -sudo systemctl reload nginx
\ No newline at end of file +sudo systemctl reload nginx diff --git a/scripts/upgrade b/scripts/upgrade index 771b98b..b5d1b31 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -3,8 +3,10 @@ # Exit on command errors and treat unset variables as an error set -eu -source .fonctions # Loads the generic functions usually used in the script -source /usr/share/yunohost/helpers # Source YunoHost helpers +# Loads the generic functions usually used in the script +source .fonctions +# Source YunoHost helpers +source /usr/share/yunohost/helpers # See comments in install script app=$YNH_APP_INSTANCE_NAME @@ -13,12 +15,12 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get "$app" domain) path=$(ynh_app_setting_get "$app" path) admin=$(ynh_app_setting_get "$app" admin) -is_public=$(ynh_app_setting_get "$app" is_public) +language=$(ynh_app_setting_get "$app" language) CHECK_PATH # Checks and corrects the syntax of the path. # Check if admin is not null -if [[ "$admin" = "" || "$is_public" = "" || "$language" = "" ]]; then +if [[ "$admin" = "" || "$language" = "" ]]; then echo "Unable to upgrade, please contact support" ynh_die fi @@ -30,31 +32,44 @@ db_name=$app # Modify Nginx configuration file and copy it to Nginx conf directory sudo sed -i "s@__PATH__@$app@g" ../conf/nginx.conf* sudo sed -i "s@__FINALPATH__@$final_path/@g" ../conf/nginx.conf* +sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf # Stop Mastodon Services -sudo systemctl stop /etc/systemd/system/mastodon-*.service +sudo systemctl stop mastodon-*.service -# Update Mastodon -sudo su - $app <<COMMANDS +# Change owner of live folder +sudo chown -R $app: $final_path/live + +# Download Mastodon +sudo su - $app <<PULLCOMMANDS pushd ~/live -git pull -RAILS_ENV=production bin/bundle exec rails db:migrate -RAILS_ENV=production bin/bundle exec rails assets:precompile -COMMANDS +git fetch +git reset --hard origin/master +git pull https://github.com/tootsuite/mastodon.git master +PULLCOMMANDS -# Start Mastodon Services -sudo systemctl start /etc/systemd/system/mastodon-*.service +# Switch branch to tagged release +cd $final_path/live +sudo git checkout $(git tag | tail -n 1) -# If app is public, add url to SSOWat conf as skipped_uris -if [ $is_public = "Yes" ]; -then - ynh_app_setting_set "$app" unprotected_uris "/" - sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf -else - sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf -fi +# Apply Mastodon upgrade +sudo su - $app <<COMMANDS +pushd ~/live +bin/bundle install +yarn install --pure-lockfile +RAILS_ENV=production bundle exec rails assets:clean +RAILS_ENV=production bundle exec rails assets:precompile +RAILS_ENV=production bundle exec rails db:migrate +COMMANDS # Reload Nginx sudo systemctl reload nginx -# Reload Mastodon -sudo systemctl restart mastodon-*.service + +# Set app public +ynh_app_setting_set "$app" unprotected_uris "/" + +# Reload SSOwat configuration +sudo yunohost app ssowatconf + +# Restart Mastodon +sudo systemctl start mastodon-*.service |