x0rg/send_ynh_agr
1
0
Fork 0
forked from Git/send_ynh
Code Pull Requests Activity

Merge pull request #2 from YunoHost-Apps/patch

Browse Source 
Patch
This commit is contained in:
Éric Gaspar 2021-08-26 10:19:39 +02:00 committed by GitHub
commit 8a531cdbe8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 120 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
conf/config.js
View File

@ -106,7 +106,7 @@ const conf = convict({
}, },
redis_db: { redis_db: {
format: String, format: String,
default: '', default: '__REDIS_DB__',
env: 'REDIS_DB' env: 'REDIS_DB'
}, },
redis_event_expire: { redis_event_expire: {
@ -147,7 +147,7 @@ const conf = convict({
}, },
env: { env: {
format: ['production', 'development', 'test'], format: ['production', 'development', 'test'],
default: 'development', default: 'production',
env: 'NODE_ENV' env: 'NODE_ENV'
}, },
max_file_size: { max_file_size: {

8
conf/nginx.conf
View File

@ -1,16 +1,10 @@
location / { location / {
proxy_pass http://127.0.0.1:__PORT__; proxy_pass http://127.0.0.1:__PORT__;
proxy_redirect off;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
} }
location /api/ws { location /api/ws {

32
conf/systemd.service
View File

@ -6,11 +6,41 @@ After=syslog.target network.target
Type=simple Type=simple
User=__APP__ User=__APP__
Group=__APP__ Group=__APP__
WorkingDirectory=__FINALPATH__ WorkingDirectory=__FINALPATH__/
Environment="NODE_ENV=production" Environment="NODE_ENV=production"
#Environment="__YNH_NODE_LOAD_PATH__" #Environment="__YNH_NODE_LOAD_PATH__"
ExecStart=__YNH_NODE__ __FINALPATH__/server/bin/prod.js ExecStart=__YNH_NODE__ __FINALPATH__/server/bin/prod.js
Restart=always Restart=always
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

43
scripts/_common.sh
View File

@ -10,8 +10,7 @@
nodejs_version=15 nodejs_version=15
# dependencies used by the app # dependencies used by the app
#pkg_dependencies="redis-server" pkg_dependencies="redis-server"
#================================================= #=================================================
# PERSONAL HELPERS # PERSONAL HELPERS
@ -24,3 +23,43 @@ nodejs_version=15
#================================================= #=================================================
# FUTURE OFFICIAL HELPERS # FUTURE OFFICIAL HELPERS
#================================================= #=================================================
#!/bin/bash
# get the first available redis database
#
# usage: ynh_redis_get_free_db
# | returns: the database number to use
ynh_redis_get_free_db() {
local result max db
result=$(redis-cli INFO keyspace)
# get the num
max=$(cat /etc/redis/redis.conf | grep ^databases | grep -Eow "[0-9]+")
db=0
# default Debian setting is 15 databases
for i in $(seq 0 "$max")
do
if ! echo "$result" | grep -q "db$i"
then
db=$i
break 1
fi
db=-1
done
test "$db" -eq -1 && ynh_die --message="No available Redis databases..."
echo "$db"
}
# Create a master password and set up global settings
# Please always call this script in install and restore scripts
#
# usage: ynh_redis_remove_db database
# | arg: database - the database to erase
ynh_redis_remove_db() {
local db=$1
redis-cli -n "$db" flushall
}

2
scripts/change_url
View File

@ -29,6 +29,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
# Needed for helper "ynh_add_nginx_config" # Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port) port=$(ynh_app_setting_get --app=$app --key=port)
redis_db=$(ynh_app_setting_get --app=$app --key=redis_db)
#================================================= #=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
@ -106,6 +107,7 @@ fi
#================================================= #=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=2 ynh_script_progression --message="Adding a configuration file..." --weight=2
domain=$new_domain
ynh_add_config --template="../conf/config.js" --destination="$final_path/server/config.js" ynh_add_config --template="../conf/config.js" --destination="$final_path/server/config.js"
chmod 400 "$final_path/server/config.js" chmod 400 "$final_path/server/config.js"

23
scripts/install
View File

@ -64,11 +64,20 @@ ynh_app_setting_set --app=$app --key=port --value=$port
#================================================= #=================================================
ynh_script_progression --message="Installing dependencies..." --weight=20 ynh_script_progression --message="Installing dependencies..." --weight=20
#ynh_install_app_dependencies $pkg_dependencies ynh_install_app_dependencies $pkg_dependencies
# Install Nodejs # Install Nodejs
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
#=================================================
# CREATE A REDIS DATABASE
#=================================================
ynh_script_progression --message="Creating a Redis database..." --weight=5
# Configure redis
redis_db=$(ynh_redis_get_free_db)
ynh_app_setting_set --app="$app" --key=redis_db --value="$redis_db"
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
#================================================= #=================================================
@ -116,10 +125,16 @@ chown $app "$final_path/server/config.js"
#============================================== #==============================================
ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=20 ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=20
#pushd "$final_path"
# ynh_use_nodejs
# ynh_exec_warn_less ynh_npm install
# ynh_exec_warn_less ynh_npm run build
#popd
pushd "$final_path" pushd "$final_path"
ynh_use_nodejs ynh_use_nodejs
ynh_exec_warn_less ynh_npm install ynh_exec_warn_less ynh_exec_as $app env "$ynh_node_load_PATH" npm install
ynh_exec_warn_less ynh_npm run build ynh_exec_warn_less ynh_exec_as $app env "$ynh_node_load_PATH" npm run build
popd popd
#================================================= #=================================================
@ -155,6 +170,8 @@ then
ynh_permission_update --permission "main" --add "visitors" ynh_permission_update --permission "main" --add "visitors"
fi fi
ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true"
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX
#================================================= #=================================================

9
scripts/remove
View File

@ -47,10 +47,17 @@ ynh_remove_systemd_config
ynh_script_progression --message="Removing dependencies..." --weight=1 ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies # Remove metapackage and its dependencies
#ynh_remove_app_dependencies ynh_remove_app_dependencies
ynh_remove_nodejs ynh_remove_nodejs
#=================================================
# REMOVE THE REDIS DATABASE
#=================================================
ynh_script_progression --message="Removing the Redis database..." --weight=1
ynh_redis_remove_db "$redis_db"
#================================================= #=================================================
# REMOVE APP MAIN DIR # REMOVE APP MAIN DIR
#================================================= #=================================================

2
scripts/restore
View File

@ -77,7 +77,7 @@ chmod +x "$final_path/server/bin/prod.js"
ynh_script_progression --message="Reinstalling dependencies..." --weight=7 ynh_script_progression --message="Reinstalling dependencies..." --weight=7
# Define and install dependencies # Define and install dependencies
#ynh_install_app_dependencies $pkg_dependencies ynh_install_app_dependencies $pkg_dependencies
# Install Nodejs # Install Nodejs
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version

13
scripts/upgrade
View File

@ -103,7 +103,7 @@ ynh_add_nginx_config
#================================================= #=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=18 ynh_script_progression --message="Upgrading dependencies..." --weight=18
#ynh_install_app_dependencies $pkg_dependencies ynh_install_app_dependencies $pkg_dependencies
# Install Nodejs # Install Nodejs
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
@ -118,11 +118,16 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
then then
ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=16 ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=16
#pushd "$final_path"
# ynh_use_nodejs
# ynh_exec_warn_less ynh_npm install
# ynh_exec_warn_less ynh_npm run build
#popd
pushd "$final_path" pushd "$final_path"
ynh_use_nodejs ynh_use_nodejs
ynh_exec_warn_less ynh_npm install ynh_exec_warn_less ynh_exec_as $app env "$ynh_node_load_PATH" npm install
ynh_exec_warn_less ynh_npm run build ynh_exec_warn_less ynh_exec_as $app env "$ynh_node_load_PATH" npm run build
popd popd
fi fi
#================================================= #=================================================