diff --git a/check_process b/check_process index e5f1fc9..03eabce 100644 --- a/check_process +++ b/check_process @@ -1,40 +1,33 @@ ;; Test complet - ; pre-install - echo -n "Si j'avais des commandes à exécuter ce serait ici " - ; Manifest - domain="domain.tld" (DOMAIN) - path="/vpnconfig" (PATH) - ; Checks - pkg_linter=1 - setup_sub_dir=1 - setup_root=0 - setup_nourl=0 - setup_private=1 - setup_public=0 - upgrade=1 - upgrade=1 from_commit=355b24ea0cd3467d7ba1390ab7d34dd4b2500229 - upgrade=1 from_commit=1fc458110660ce775f7613091cde3c5fdcfbe4e6 - backup_restore=1 - multi_instance=0 - incorrect_path=1 - port_already_use=0 - change_url=0 + ; Manifest + domain="domain.tld" (DOMAIN) + path="/vpnconfig" (PATH) + ; Checks + pkg_linter=1 + setup_sub_dir=1 + setup_root=1 + setup_nourl=0 + setup_private=1 + setup_public=0 + upgrade=1 + upgrade=1 from_commit=623d8a30453a26ee21aa2ce1142674a2ffdb85b9 + upgrade=1 from_commit=73aa672346e40fc1857aef7441c449f0bd322082 + backup_restore=1 + multi_instance=0 + incorrect_path=1 + port_already_use=0 + change_url=0 ;;; Levels - Level 1=auto - Level 2=auto - Level 3=auto - Level 4=na - Level 5=auto - Level 6=auto - Level 7=auto - Level 8=0 - Level 9=0 - Level 10=0 + Level 1=auto + Level 2=auto + Level 3=auto + Level 4=na + Level 5=auto + Level 6=auto + Level 7=auto + Level 8=0 + Level 9=0 + Level 10=0 ;;; Options Email=pitchum@gramaton.org -Notification=down -#;;; Upgrade options -# ; commit=65c382d138596fcb32b4c97c39398815a1dcd4e8 -# name=Name of this previous version -# manifest_arg=domain=DOMAIN&path=PATH&admin=USER&password=pass&is_public=1& -# +Notification=down \ No newline at end of file diff --git a/conf/nginx_vpnadmin.conf b/conf/nginx.conf similarity index 80% rename from conf/nginx_vpnadmin.conf rename to conf/nginx.conf index 1185d29..96ad003 100644 --- a/conf/nginx_vpnadmin.conf +++ b/conf/nginx.conf @@ -1,34 +1,40 @@ -# VPN Client app for YunoHost +# VPN Client app for YunoHost # Copyright (C) 2015 Julien Vaubourg # Contribute at https://github.com/labriqueinternet/vpnclient_ynh -# +# # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. -# +# # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. -# +# # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . -location { - alias ; +location __PATH__ { + # Path to source + alias __FINALPATH__/ ; + + # Force usage of https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } + # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file client_max_body_size 10G; + index index.php; + try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-.sock; + fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_read_timeout 600; @@ -37,5 +43,6 @@ location { fastcgi_param SCRIPT_FILENAME $request_filename; } + # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; } diff --git a/conf/phpfpm_vpnadmin.conf b/conf/php-fpm.conf similarity index 97% rename from conf/phpfpm_vpnadmin.conf rename to conf/php-fpm.conf index a53e4fc..70adb50 100644 --- a/conf/phpfpm_vpnadmin.conf +++ b/conf/php-fpm.conf @@ -1,24 +1,24 @@ -; VPN Client app for YunoHost +; VPN Client app for YunoHost ; Copyright (C) 2015 Julien Vaubourg ; Contribute at https://github.com/labriqueinternet/vpnclient_ynh -; +; ; This program is free software: you can redistribute it and/or modify ; it under the terms of the GNU Affero General Public License as published by ; the Free Software Foundation, either version 3 of the License, or ; (at your option) any later version. -; +; ; This program is distributed in the hope that it will be useful, ; but WITHOUT ANY WARRANTY; without even the implied warranty of ; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ; GNU Affero General Public License for more details. -; +; ; You should have received a copy of the GNU Affero General Public License ; along with this program. If not, see . - -; Start a new pool named ''. + +; Start a new pool named 'www'. ; the variable $pool can we used in any directive and will be replaced by the ; pool name ('www' here) -[] +[__NAMETOCHANGE__] ; The address on which to accept FastCGI requests. ; Valid syntaxes are: @@ -28,7 +28,7 @@ ; specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-.sock +listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many @@ -42,8 +42,8 @@ listen.mode = 0600 ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. -user = -group = +user = __USER__ +group = __USER__ ; Choose how the process manager will control the number of child processes. ; Possible Values: @@ -157,7 +157,7 @@ request_slowlog_timeout = 0 ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/.slow.log +slowlog = /var/log/nginx/[__NAMETOCHANGE__].slow.log ; Set open file descriptor rlimit. ; Default Value: system defined value @@ -171,7 +171,7 @@ rlimit_core = 0 ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot -chdir = +chdir = __FINALPATH__ ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. diff --git a/conf/ynh-vpnclient b/conf/ynh-vpnclient index a75823c..628c740 100644 --- a/conf/ynh-vpnclient +++ b/conf/ynh-vpnclient @@ -238,10 +238,10 @@ ynh_setting_set() { if [ "$1" != restart ]; then - # Restart php5-fpm at the first start (it needs to be restarted after the slapd start) + # Restart php-fpm at the first start (it needs to be restarted after the slapd start) if [ ! -e /tmp/.ynh-vpnclient-boot ]; then touch /tmp/.ynh-vpnclient-boot - systemctl restart php5-fpm + systemctl restart php7.0-fpm fi # Check configuration consistency diff --git a/manifest.json b/manifest.json index d8ad69f..a417c34 100644 --- a/manifest.json +++ b/manifest.json @@ -2,11 +2,12 @@ "name": "VPN Client", "id": "vpnclient", "packaging_format": 1, - "version": "1.3.2", + "version": "1.4.0", "description": { "en": "Tunnel the internet traffic through a VPN", "fr": "Fais passer le traffic internet à travers un VPN" }, + "url": "https://labriqueinter.net", "license": "AGPL-3.0", "maintainer": { "name": "pitchum", @@ -18,8 +19,7 @@ }, "services": [ "nginx", - "php5-fpm", - "ynh-vpnclient" + "php7.0-fpm" ], "arguments": { "install": [ diff --git a/scripts/_common.sh b/scripts/_common.sh index 6be8a1d..1f12ecb 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,23 +3,11 @@ # Common variables and helpers # -pkg_dependencies="php5-fpm sipcalc dnsutils openvpn curl fake-hwclock" +pkg_dependencies="php7.0-fpm sipcalc dnsutils openvpn curl fake-hwclock" -log() { - echo "${1}" -} +service_name="ynh-vpnclient" +service_checker_name=$service_name"-checker" -info() { - log "[INFO] ${1}" -} - -warn() { - log "[WARN] ${1}" -} - -err() { - log "[ERR] ${1}" -} to_logs() { # When yunohost --verbose or bash -x @@ -52,7 +40,7 @@ ynh_abort_if_up_to_date () { version=$(read_json "/etc/yunohost/apps/$YNH_APP_INSTANCE_NAME/manifest.json" 'version' 2> /dev/null || echo '20160501-7') last_version=$(read_manifest 'version') if [ "${version}" = "${last_version}" ]; then - info "Up-to-date, nothing to do" + ynh_print_info "Up-to-date, nothing to do" ynh_die "" 0 fi } @@ -63,9 +51,9 @@ ynh_abort_if_up_to_date () { # | arg: manifest - Path of the manifest to read # | arg: key - Name of the key to find ynh_read_manifest () { - manifest="$1" - key="$2" - python3 -c "import sys, json;print(json.load(open('$manifest', encoding='utf-8'))['$key'])" + manifest="$1" + key="$2" + python3 -c "import sys, json;print(json.load(open('$manifest', encoding='utf-8'))['$key'])" } # Read the upstream version from the manifest @@ -78,7 +66,7 @@ ynh_read_manifest () { ynh_app_upstream_version () { manifest_path="../manifest.json" if [ ! -e "$manifest_path" ]; then - manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place + manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place fi version_key=$(ynh_read_manifest "$manifest_path" "version") echo "${version_key/~ynh*/}" @@ -94,7 +82,7 @@ ynh_app_upstream_version () { ynh_app_package_version () { manifest_path="../manifest.json" if [ ! -e "$manifest_path" ]; then - manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place + manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place fi version_key=$(ynh_read_manifest "$manifest_path" "version") echo "${version_key/*~ynh/}" @@ -111,24 +99,24 @@ ynh_app_package_version () { # # usage: ynh_abort_if_up_to_date ynh_abort_if_up_to_date () { - local force_upgrade=${YNH_FORCE_UPGRADE:-0} - local package_check=${PACKAGE_CHECK_EXEC:-0} + local force_upgrade=${YNH_FORCE_UPGRADE:-0} + local package_check=${PACKAGE_CHECK_EXEC:-0} - local version=$(ynh_read_manifest "/etc/yunohost/apps/$YNH_APP_INSTANCE_NAME/manifest.json" "version" || echo 1.0) - local last_version=$(ynh_read_manifest "../manifest.json" "version" || echo 1.0) - if [ "$version" = "$last_version" ] - then - if [ "$force_upgrade" != "0" ] - then - echo "Upgrade forced by YNH_FORCE_UPGRADE." >&2 - unset YNH_FORCE_UPGRADE - elif [ "$package_check" != "0" ] - then - echo "Upgrade forced for package check." >&2 - else - ynh_die "Up-to-date, nothing to do" 0 - fi - fi + local version=$(ynh_read_manifest "/etc/yunohost/apps/$YNH_APP_INSTANCE_NAME/manifest.json" "version" || echo 1.0) + local last_version=$(ynh_read_manifest "../manifest.json" "version" || echo 1.0) + if [ "$version" = "$last_version" ] + then + if [ "$force_upgrade" != "0" ] + then + echo "Upgrade forced by YNH_FORCE_UPGRADE." >&2 + unset YNH_FORCE_UPGRADE + elif [ "$package_check" != "0" ] + then + echo "Upgrade forced for package check." >&2 + else + ynh_die "Up-to-date, nothing to do" 0 + fi + fi } # Operations needed by both 'install' and 'upgrade' scripts @@ -136,7 +124,9 @@ function vpnclient_deploy_files_and_services() { local domain=$1 local app=$2 + local service_name=$3 local sysuser="${app}" + local service_checker_name="$service_name-checker" # Ensure vpnclient_ynh has its own system user if ! ynh_system_user_exists ${sysuser} @@ -153,7 +143,7 @@ function vpnclient_deploy_files_and_services() install -o root -g root -m 0755 ../conf/ipv6_compressed /usr/local/bin/ # Install command-line cube file loader - install -o root -g root -m 0755 ../conf/ynh-vpnclient-loadcubefile.sh /usr/local/bin/ + install -o root -g root -m 0755 ../conf/$service_name-loadcubefile.sh /usr/local/bin/ # Copy confs mkdir -pm 0755 /var/log/nginx/ @@ -163,8 +153,6 @@ function vpnclient_deploy_files_and_services() install -b -o root -g ${sysuser} -m 0664 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl install -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl.restore - install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf "/etc/nginx/conf.d/${domain}.d/${app}.conf" - install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/${app}.conf install -b -o root -g root -m 0755 ../conf/hook_post-iptable-rules /etc/yunohost/hooks.d/90-vpnclient.tpl install -b -o root -g root -m 0644 ../conf/openvpn@.service /etc/systemd/system/ @@ -183,36 +171,35 @@ function vpnclient_deploy_files_and_services() #================================================= # NGINX CONFIGURATION #================================================= + ynh_print_info "Configuring nginx web server..." - sed "s||${path_url}|g" -i "/etc/nginx/conf.d/${domain}.d/${app}.conf" - sed "s||/var/www/${app}/|g" -i "/etc/nginx/conf.d/${domain}.d/${app}.conf" - sed "s||${app}|g" -i "/etc/nginx/conf.d/${domain}.d/${app}.conf" + ynh_add_nginx_config #================================================= # PHP-FPM CONFIGURATION #================================================= + ynh_print_info "Configuring php-fpm..." - sed "s||${app}|g" -i /etc/php5/fpm/pool.d/${app}.conf - sed "s||${sysuser}|g" -i /etc/php5/fpm/pool.d/${app}.conf - sed "s||${sysuser}|g" -i /etc/php5/fpm/pool.d/${app}.conf - sed "s||/var/www/${app}/|g" -i /etc/php5/fpm/pool.d/${app}.conf + ynh_add_fpm_config + + #================================================= # Fix sources - sed "s||${path_url}|g" -i /var/www/${app}/config.php + ynh_replace_string "__PATH__" "${path_url}" "/var/www/${app}/config.php" # Copy init script - install -o root -g root -m 0755 ../conf/ynh-vpnclient /usr/local/bin/ - install -o root -g root -m 0644 ../conf/ynh-vpnclient.service /etc/systemd/system/ + install -o root -g root -m 0755 ../conf/$service_name /usr/local/bin/ # Copy checker timer - install -o root -g root -m 0755 ../conf/ynh-vpnclient-checker.sh /usr/local/bin/ - install -o root -g root -m 0644 ../conf/ynh-vpnclient-checker.service /etc/systemd/system/ - install -o root -g root -m 0644 ../conf/ynh-vpnclient-checker.timer /etc/systemd/system/ + install -o root -g root -m 0755 ../conf/$service_checker_name.sh /usr/local/bin/ + install -o root -g root -m 0644 ../conf/$service_checker_name.timer /etc/systemd/system/ - # Reload systemd configuration - systemctl daemon-reload -} + #================================================= + # SETUP SYSTEMD + #================================================= + ynh_print_info "Configuring a systemd service..." -function service_is_managed_by_yunohost() { - yunohost service status $1 >/dev/null 2>&1 + ynh_add_systemd_config $service_name "$service_name.service" + + ynh_add_systemd_config $service_checker_name "$service_checker_name.service" } diff --git a/scripts/backup b/scripts/backup index 48705b4..cbaa1ef 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,3 +1,4 @@ +#!/bin/bash #================================================= # GENERIC START @@ -5,16 +6,9 @@ # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -ynh_die "backup script is not implemented yet" - #================================================= # MANAGE SCRIPT FAILURE #================================================= @@ -25,20 +19,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get $app final_path) -domain=$(ynh_app_setting_get $app domain) -db_name=$(ynh_app_setting_get $app db_name) - -#================================================= -# STANDARD BACKUP STEPS -#================================================= -# BACKUP THE APP MAIN DIR -#================================================= -# LOAD SETTINGS -#================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -50,29 +31,53 @@ domain=$(ynh_app_setting_get $app domain) #================================================= # BACKUP THE APP MAIN DIR #================================================= +ynh_print_info "Backing up the main app directory..." ynh_backup "$final_path" +ynh_backup "/etc/sudoers.d/${app}_ynh" + +ynh_backup "/usr/local/bin/ipv6_expanded" +ynh_backup "/usr/local/bin/ipv6_compressed" +ynh_backup "/usr/local/bin/$service_name-loadcubefile.sh" + +ynh_backup "/etc/yunohost/hooks.d/90-vpnclient.tpl" + +ynh_backup "/etc/openvpn/client.conf.tpl" +ynh_backup "/etc/openvpn/client.conf.tpl.restore" +ynh_backup "/etc/openvpn/keys/" + +ynh_backup "/usr/local/bin/$service_name" +ynh_backup "/usr/local/bin/$service_checker_name.sh" + #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= +ynh_print_info "Backing up nginx web server configuration..." -ynh_backup "/etc/nginx/conf.d/$domain.d/${app}.conf" +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Backing up php-fpm configuration..." -ynh_backup "/etc/php5/fpm/pool.d/$app.conf" +ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # SPECIFIC BACKUP #================================================= # BACKUP SYSTEMD #================================================= +ynh_print_info "Backing up systemd configuration..." -ynh_backup "/etc/systemd/system/ynh-vpnclient.service" -ynh_backup "/etc/systemd/system/ynh-vpnclient-checker.service" -ynh_backup "/etc/systemd/system/ynh-vpnclient-checker.timer" +ynh_backup "/etc/systemd/system/$service_name.service" +ynh_backup "/etc/systemd/system/$service_checker_name.service" +ynh_backup "/etc/systemd/system/$service_checker_name.timer" +ynh_backup "/etc/systemd/system/openvpn@.service" -ynh_backup "/etc/cron.d/$app" +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." \ No newline at end of file diff --git a/scripts/install b/scripts/install index f7e7c80..fda83fe 100644 --- a/scripts/install +++ b/scripts/install @@ -38,17 +38,15 @@ ynh_abort_if_errors #================================================= # Retrieve arguments -domain=$1 -path_url=$(ynh_normalize_url_path "$2") +domain=$YNH_APP_ARG_DOMAIN +path_url=$(ynh_normalize_url_path "$YNH_APP_ARG_PATH") app=$YNH_APP_INSTANCE_NAME final_path="/var/www/$app" -service_name="ynh-vpnclient" -service_checker_name=$service_name"-checker" - #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= +ynh_print_info "Validating installation parameters..." # Check destination directory test ! -e "$final_path" || ynh_die "Path is already in use: ${final_path}." @@ -59,6 +57,7 @@ ynh_webpath_register "$app" "$domain" "$path_url" #================================================= # STORE SETTINGS FROM MANIFEST #================================================= +ynh_print_info "Storing installation settings..." ynh_app_setting_set "$app" domain "$domain" ynh_app_setting_set "$app" final_path "$final_path" @@ -68,15 +67,21 @@ ynh_app_setting_set "$app" final_path "$final_path" #================================================= # INSTALL DEPENDENCIES #================================================= +ynh_print_info "Installing dependencies..." ynh_install_app_dependencies "$pkg_dependencies" #================================================= # DEPLOY FILES FROM PACKAGE #================================================= +ynh_print_info "Deploy files from package..." -vpnclient_deploy_files_and_services "${domain}" "${app}" +vpnclient_deploy_files_and_services "${domain}" "${app}" "${service_name}" +#================================================= +# RELOAD SERVICES +#================================================= +ynh_print_info "Reloading services..." # Set default inits # The boot order of these services are important, so they are disabled by default @@ -84,22 +89,24 @@ vpnclient_deploy_files_and_services "${domain}" "${app}" systemctl disable openvpn systemctl stop openvpn -systemctl enable php5-fpm -systemctl restart php5-fpm - +systemctl restart php7.0-fpm systemctl reload nginx # main service -yunohost service add $service_name --description "tunnels the internet traffic through a VPN" --need_lock +yunohost service add $service_name --description "Tunnels the internet traffic through a VPN" --need_lock yunohost service enable $service_name # checker service -yunohost service add $service_checker_name --description "makes sure that the VPN service is running" --need_lock +yunohost service add $service_checker_name --description "Makes sure that the VPN service is running" --need_lock yunohost service start $service_checker_name yunohost service enable $service_checker_name systemctl start $service_checker_name.timer systemctl enable $service_checker_name.timer -yunohost app ssowatconf +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index 054fe96..359a8f3 100644 --- a/scripts/remove +++ b/scripts/remove @@ -29,16 +29,15 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get $app domain) -service_name="ynh-vpnclient" -service_checker_name=$service_name"-checker" - #================================================= - -# Stop and remove yunohost services +# STOP AND REMOVE SERVICES +#================================================= +ynh_print_info "Stopping and removing services" yunohost service stop $service_checker_name yunohost service disable $service_checker_name @@ -55,19 +54,45 @@ do ynh_secure_remove "$FILE" done -# Remove confs +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= +ynh_print_info "Removing nginx web server configuration" + +# Remove the dedicated nginx config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= +ynh_print_info "Removing php-fpm configuration" + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config + +#================================================= +# SPECIFIC REMOVE +#================================================ +ynh_print_info "Removing openvpn configuration" + +# Remove openvpn configurations ynh_secure_remove /etc/openvpn/client.conf ynh_secure_remove /etc/openvpn/client.conf.tpl ynh_secure_remove /etc/openvpn/client.conf.tpl.restore -ynh_secure_remove /etc/nginx/conf.d/${domain}.d/${app}.conf -ynh_secure_remove /etc/php5/fpm/pool.d/${app}.conf + +# Remove YunoHost hook ynh_secure_remove /etc/yunohost/hooks.d/90-vpnclient.tpl + +# Remove openvpn service ynh_secure_remove /etc/systemd/system/openvpn@.service -# Remove certificates +# Remove openvpn certificates ynh_secure_remove /etc/openvpn/keys -# Remove packages +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_print_info "Removing dependencies" ynh_remove_app_dependencies # Remove sources @@ -79,9 +104,21 @@ systemctl daemon-reload # Restart services # (this must happen before deleting the user, otherwise the user is # being used by one of the php pool process) -systemctl restart php5-fpm +systemctl restart php7.0-fpm systemctl reload nginx -# Removed system user +#================================================= +# REMOVE DEDICATED USER +#================================================= + +ynh_print_info "Removing the dedicated system user" + +# Delete a system user ynh_system_user_delete ${app} ynh_secure_remove "/etc/sudoers.d/${app}_ynh" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Removal of $app completed" diff --git a/scripts/restore b/scripts/restore index c3ca633..884e0f9 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,19 +1,14 @@ #!/bin/bash +#================================================= +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Fetch helpers file if not in current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -ynh_die "restore script is not implemented yet" - #================================================= # MANAGE SCRIPT FAILURE #================================================= @@ -21,23 +16,121 @@ ynh_die "restore script is not implemented yet" # Exit if an error occurs during the execution of the script ynh_abort_if_errors -#sysuser="${app}" -sysuser="vpnclient" # XXX hard-coded variable +#================================================= +# LOAD SETTINGS +#================================================= +ynh_print_info "Loading settings..." -backup_dir="${1}/apps/vpnclient" +app=$YNH_APP_INSTANCE_NAME -mkdir -p /etc/openvpn/ -cp -a "${backup_dir}/keys/" /etc/openvpn/ -cp -a "${backup_dir}/client.conf.tpl" /etc/openvpn/ -chown -R root:${sysuser} /etc/openvpn/keys/ +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +final_path=$(ynh_app_setting_get $app final_path) -gitcommit=$(grep revision /etc/yunohost/apps/vpnclient/status.json | sed 's/.*"revision": "\([^"]\+\)".*/\1/') -tmpdir=$(mktemp -dp /tmp/ vpnclient-restore-XXXXX) +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= +ynh_print_info "Validating restoration parameters..." -git clone https://github.com/labriqueinternet/vpnclient_ynh.git "${tmpdir}/" -git --work-tree "${tmpdir}/" --git-dir "${tmpdir}/.git/" reset --hard "${gitcommit}" +ynh_webpath_available $domain $path_url \ + || ynh_die "Path not available: ${domain}${path_url}" +test ! -d $final_path \ + || ynh_die "There is already a directory: $final_path " -cd "${tmpdir}/scripts/" -bash ./upgrade +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= -rm -r "${tmpdir}/" +ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= +ynh_print_info "Restoring the app main directory..." + +ynh_restore_file "$final_path" + +ynh_restore_file "/etc/sudoers.d/${app}_ynh" + +ynh_restore_file "/usr/local/bin/ipv6_expanded" +ynh_restore_file "/usr/local/bin/ipv6_compressed" +ynh_restore_file "/usr/local/bin/$service_name-loadcubefile.sh" + +ynh_restore_file "/etc/yunohost/hooks.d/90-vpnclient.tpl" + +ynh_restore_file "/etc/openvpn/client.conf.tpl" +ynh_restore_file "/etc/openvpn/client.conf.tpl.restore" +ynh_restore_file "/etc/openvpn/keys/" + +ynh_restore_file "/usr/local/bin/$service_name" +ynh_restore_file "/usr/local/bin/$service_checker_name.sh" + +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_print_info "Recreating the dedicated system user..." + +# Create the dedicated user (if not existing) +ynh_system_user_create $app + +#================================================= +# RESTORE USER RIGHTS +#================================================= + +# Restore permissions on app files +chown -R $app: $final_path + +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= + +ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" + +#================================================= +# SPECIFIC RESTORATION +#================================================= +# REINSTALL DEPENDENCIES +#================================================= +ynh_print_info "Reinstalling dependencies..." + +# Define and install dependencies +ynh_install_app_dependencies "$pkg_dependencies" + +#================================================= +# RESTORE SYSTEMD +#================================================= +ynh_print_info "Restoring the systemd configuration..." + +ynh_restore_file "/etc/systemd/system/$service_name.service" +ynh_restore_file "/etc/systemd/system/$service_checker_name.service" +ynh_restore_file "/etc/systemd/system/$service_checker_name.timer" +ynh_restore_file "/etc/systemd/system/openvpn@.service" +systemctl daemon-reload +systemctl enable "$service_name.service" +systemctl enable "$service_checker_name.service" +systemctl enable "openvpn@.service" + +#================================================= +# ADVERTISE SERVICE IN ADMIN PANEL +#================================================= + +yunohost service add $service_name --description "Tunnels the internet traffic through a VPN" --need_lock +yunohost service add $service_checker_name --description "Makes sure that the VPN service is running" --need_lock + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= +ynh_print_info "Reloading nginx web server and php-fpm..." + +systemctl restart php7.0-fpm +systemctl reload nginx + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index eef179d..d54dd75 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,6 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -19,10 +20,6 @@ domain=$(ynh_app_setting_get $app domain) path_url=$(ynh_app_setting_get $app path) is_public=$(ynh_app_setting_get $app is_public) final_path=$(ynh_app_setting_get $app final_path) -server_name=$(ynh_app_setting_get $app server_name) - -service_name="ynh-vpnclient" -service_checker_name=$service_name"-checker" #================================================= # SPECIAL UPGRADE FOR VERSIONS < 1.2.0 @@ -30,16 +27,20 @@ service_checker_name=$service_name"-checker" # Apply renaming that occured in v1.2.0 ("vpnadmin" -> "${app}") if [ -f /etc/nginx/conf.d/${domain}.d/vpnadmin.conf ]; then - sed "s|/var/www/vpnadmin/|/var/www/${app}/|g" -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf" - sed "s|vpnadmin.sock|${app}.sock|g" -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf" + ynh_replace_string "/var/www/vpnadmin/" "/var/www/${app}/" "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf" + ynh_replace_string "vpnadmin.sock" "${app}.sock" "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf" mv /etc/nginx/conf.d/${domain}.d/vpnadmin.conf /etc/nginx/conf.d/${domain}.d/${app}.conf fi + if [ -f /etc/php5/fpm/pool.d/vpnadmin.conf ]; then - sed "s|/var/www/vpnadmin/|/var/www/${app}/|g" -i /etc/php5/fpm/pool.d/vpnadmin.conf - sed "s|vpnadmin.sock|${app}.sock|g" -i /etc/php5/fpm/pool.d/vpnadmin.conf - mv /etc/php5/fpm/pool.d/vpnadmin.conf /etc/php5/fpm/pool.d/${app}.conf + ynh_replace_string "/var/www/vpnadmin/" "/var/www/${app}/" /etc/php5/fpm/pool.d/vpnadmin.conf + ynh_replace_string "vpnadmin.sock" "${app}.sock" /etc/php5/fpm/pool.d/vpnadmin.conf + mv /etc/php5/fpm/pool.d/vpnadmin.conf /etc/php/7.0/fpm/pool.d/${app}.conf +fi + +if [ -d /var/www/vpnadmin ]; then + mv /var/www/vpnadmin /var/www/${app} fi -test -d /var/www/vpnadmin && mv /var/www/vpnadmin /var/www/${app} ## Versions known to have a buggy backup script #buggy_versions="1.0.0 1.0.1 1.1.0" @@ -64,6 +65,7 @@ ynh_abort_if_errors #================================================= # INSTALL DEPENDENCIES #================================================= +ynh_print_info "Installing dependencies..." ynh_install_app_dependencies "$pkg_dependencies" @@ -76,7 +78,7 @@ tmpdir=$(mktemp -d /tmp/vpnclient-upgrade-XXX) cp -r /etc/openvpn/client* ${tmpdir} # Deploy files from package -vpnclient_deploy_files_and_services "${domain}" "${app}" +vpnclient_deploy_files_and_services "${domain}" "${app}" "${service_name}" # Restore previously existing config files cp -r ${tmpdir}/client* /etc/openvpn/ @@ -85,27 +87,18 @@ ynh_secure_remove ${tmpdir} #================================================= # RELOAD RELEVANT SERVICES #================================================= +ynh_print_info "Reload services..." -systemctl reload php5-fpm +systemctl reload php7.0-fpm systemctl reload nginx ### Make sure that the yunohost services have a description and need-lock enabled # main service - -if service_is_managed_by_yunohost $service_name -then - yunohost service remove $service_name -fi -yunohost service add $service_name --description "tunnels the internet traffic through a VPN" --need_lock +yunohost service add $service_name --description "Tunnels the internet traffic through a VPN" --need_lock # checker service - -if service_is_managed_by_yunohost $service_checker_name -then - yunohost service remove $service_checker_name -fi -yunohost service add $service_checker_name --description "makes sure that the VPN service is running" --need_lock +yunohost service add $service_checker_name --description "Makes sure that the VPN service is running" --need_lock # Reload systemd configuration @@ -133,3 +126,9 @@ if systemctl is-active $service_name.timer >/dev/null; then yunohost service restart $service_checker_name.timer fi + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Upgrade of $app completed" diff --git a/sources/config.php b/sources/config.php index dce0aa6..eb790cf 100644 --- a/sources/config.php +++ b/sources/config.php @@ -1,19 +1,19 @@ * Contribute at https://github.com/labriqueinternet/vpnclient_ynh - * + * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. - * + * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ @@ -22,11 +22,11 @@ function configure() { option('env', ENV_PRODUCTION); option('debug', false); - option('base_uri', '/'); + option('base_uri', '__PATH__/'); layout('layout.html.php'); - define('PUBLIC_DIR', '/public'); + define('PUBLIC_DIR', '__PATH__/public'); } // Before routing