install 3.95 KB
Newer Older
1
#!/bin/bash
Laurent Peuch's avatar
init  
Laurent Peuch committed
2

3
4
5
6
7
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
8

9
source _common.sh
10
source /usr/share/yunohost/helpers
11

12
13
14
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
Laurent Peuch's avatar
Laurent Peuch committed
15

16
17
18
19
20
21
22
ynh_abort_if_errors

#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================

domain=$YNH_APP_ARG_DOMAIN
23
path_url=$YNH_APP_ARG_PATH
24
25
26
27
28
29
30
app=$YNH_APP_INSTANCE_NAME
app_user=$app

#==================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#==================================================

31
final_path=/var/www/$app
32
[[ ! -e $final_path ]] || ynh_die "The path $final_path already contains a folder"
33

34
opt_path=/opt/$app
35
[[ ! -e $opt_path ]] || ynh_die "The path $opt_path already contains a folder"
36

37
38
# Register (book) web path
ynh_webpath_register $app $domain $path_url
39

40
41
42
#=================================================
# STORE SETTINGS
#=================================================
43

44
ynh_app_setting_set $app domain $domain
45
ynh_app_setting_set $app path $path_url
46
ynh_app_setting_set $app app_user $app_user
47
ynh_app_setting_set $app final_path $final_path
48
ynh_app_setting_set $app opt_path $opt_path
Laurent Peuch's avatar
Laurent Peuch committed
49

50
51
52
53
54
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# INSTALL DEPENDENCIES
#=================================================
Laurent Peuch's avatar
Laurent Peuch committed
55

HgO's avatar
HgO committed
56
ynh_script_progression "Installing dependencies…"
Laurent Peuch's avatar
init  
Laurent Peuch committed
57

58
ynh_install_app_dependencies git python3-openssl python3-requests
Laurent Peuch's avatar
Laurent Peuch committed
59

60
61
62
#=================================================
# CREATE DEDICATED USER
#=================================================
63

HgO's avatar
HgO committed
64
ynh_script_progression "Creating app's user…"
Laurent Peuch's avatar
init  
Laurent Peuch committed
65

66
67
mkdir -p $final_path
ynh_system_user_create $app_user $final_path
Laurent Peuch's avatar
init  
Laurent Peuch committed
68

69
70
71
#=================================================
# INSTALL STATIC FILE
#=================================================
Laurent Peuch's avatar
init  
Laurent Peuch committed
72

HgO's avatar
HgO committed
73
ynh_script_progression "Installing static site…"
74

75
76
77
78
cp -r ../sources/. $final_path
chown -R $app_user:www-data $final_path
find ${final_path} -type d -exec chmod 0750 {} \;
find ${final_path} -type f -exec chmod 0640 {} \;
Laurent Peuch's avatar
init  
Laurent Peuch committed
79

80
ynh_add_nginx_config
Laurent Peuch's avatar
Laurent Peuch committed
81

82
83
84
#=================================================
# INSTALL RENEW CERT
#=================================================
Laurent Peuch's avatar
init  
Laurent Peuch committed
85

HgO's avatar
HgO committed
86
renew_cert_repo="https://gitlab.domainepublic.net/Neutrinet/renew_cert.git"
87
88
89
renew_cert_version=$(jq .version ../manifest.json -r -e | cut -d '~' -f 1)
renew_cert_path="$opt_path/renew_cert"
renew_cert_cron_script="renew_cert_cron.sh"
Laurent Peuch's avatar
init  
Laurent Peuch committed
90

HgO's avatar
HgO committed
91
ynh_script_progression "Installing automatic VPN certificate renewal…"
92

93
94
ynh_exec_warn_less git clone $renew_cert_repo $renew_cert_path
ynh_exec_warn_less git -C $renew_cert_path checkout $renew_cert_version
95

96
97
98
# We wrap the python3 script that actually renew the VPN certificate
# This wrapper will be used as a daily cron task
cp $renew_cert_cron_script $renew_cert_path/$renew_cert_cron_script
Laurent Peuch's avatar
init  
Laurent Peuch committed
99

HgO's avatar
HgO committed
100
ynh_script_progression "Setting up permissions"
101
chown -R $app_user: $opt_path
102

103
104
chmod 0755 $renew_cert_path/$renew_cert_cron_script
chown root: $renew_cert_path/$renew_cert_cron_script
Laurent Peuch's avatar
init  
Laurent Peuch committed
105

106
107
108
109
#=================================================
# SETTING UP CRONTAB
#=================================================

HgO's avatar
HgO committed
110
ynh_script_progression "Setting up cron job for certificate renewal…"
111
112
113
114

cat <<EOF > /etc/cron.daily/$app-renew-cert
#!/bin/bash
cd $renew_cert_path
HgO's avatar
HgO committed
115
$renew_cert_path/$renew_cert_cron_script -q
116
117
118
119
120
121
122
123
124
EOF

chown root:root /etc/cron.daily/$app-renew-cert
chmod 0755 /etc/cron.daily/$app-renew-cert

#=================================================
# FINALIZATION
#=================================================

HgO's avatar
HgO committed
125
ynh_script_progression "Checking certificates…"
126

127
# (This is expected to fail during CI tests because no credential available)
128
129
130
131
if [[ ${PACKAGE_CHECK_EXEC:-0} -eq 0 ]]
then
    /etc/cron.daily/$app-renew-cert
fi