norbipeti/snikket_ynh
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix reachability & prepare

Browse source 
- Added placeholder Nginx configs for the subdomains
- Added additional URLs to the SSO permissions
This commit is contained in:
Norbi Peti 2024-05-28 00:00:22 +02:00
parent 31282c3cb3
commit 008a113068
5 changed files with 65 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
conf/nginx.groups.conf Normal file
View file

@ -0,0 +1,14 @@
location / { # TODO
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 1M; # default is 1M
proxy_connect_timeout 10m;
proxy_send_timeout 10m;
proxy_read_timeout 10m;
send_timeout 10m;
proxy_pass http://127.0.0.1:__PORT__;
}

14
conf/nginx.share.conf Normal file
View file

@ -0,0 +1,14 @@
location / { # TODO
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
client_max_body_size 1M; # default is 1M
proxy_connect_timeout 10m;
proxy_send_timeout 10m;
proxy_read_timeout 10m;
send_timeout 10m;
proxy_pass http://127.0.0.1:__PORT__;
}

11
manifest.toml
View file

@ -39,6 +39,9 @@ ram.runtime = "50M"
type = "email" type = "email"
ask.en = "Administrator E-mail" ask.en = "Administrator E-mail"
help.en = "Provide an E-mail address where users can contact you" help.en = "Provide an E-mail address where users can contact you"
[install.init_main_permission]
type = "group"
default = "visitors"
[resources] [resources]
[resources.sources.main] [resources.sources.main]
@ -50,6 +53,9 @@ ram.runtime = "50M"
[resources.sources.prosody-modules] [resources.sources.prosody-modules]
url = "https://hg.prosody.im/prosody-modules/archive/095030677ae6.tar.gz" url = "https://hg.prosody.im/prosody-modules/archive/095030677ae6.tar.gz"
sha256 = "8c2a51ef72cbe86a3b2a8e5c4d8656ee1d167f153223b481b5e8c4c5ed85f11d" sha256 = "8c2a51ef72cbe86a3b2a8e5c4d8656ee1d167f153223b481b5e8c4c5ed85f11d"
[resources.sources.snikket-portal]
url = "https://github.com/snikket-im/snikket-web-portal/archive/7c0310a141d45d71ccf4505f56267d2f4213ca08.tar.gz"
sha256 = "3b0afaf99c7360b5813cf7e10021827fa9bd13e40e169ef68004ffec3bb6fa92"
[resources.system_user] [resources.system_user]
@ -67,10 +73,13 @@ ram.runtime = "50M"
server.default=5269 server.default=5269
server.exposed="TCP" server.exposed="TCP"
server.fixed=true server.fixed=true
main.default=5280 http.default=5280
main.default=80
# TODO: Need to remove/disable Metronome *before* installation starts because of the port allocation here # TODO: Need to remove/disable Metronome *before* installation starts because of the port allocation here
[resources.permissions] [resources.permissions]
main.url = "/"
main.additional_urls = [ "groups.__DOMAIN__/", "share.__DOMAIN__/" ]
[resources.apt] [resources.apt]
packages = "libicu-dev, libidn11-dev, libssl-dev, openssl, txt2man, lua-luaossl, lua-readline, dns-root-data, lua-dbi-sqlite3" packages = "libicu-dev, libidn11-dev, libssl-dev, openssl, txt2man, lua-luaossl, lua-readline, dns-root-data, lua-dbi-sqlite3"

17
scripts/_common.sh
View file

@ -18,12 +18,25 @@ install_certificates() {
domains=("$domain" "groups.$domain" "share.$domain") domains=("$domain" "groups.$domain" "share.$domain")
for d in "${domains[@]}" for d in "${domains[@]}"
do do
cp "/etc/yunohost/certs/$d/crt.pem" "/etc/snikket/certs/${d}.crt" error_message="No certificate found for domain $d! Please set up the domain and install a Let's Encrypt certificate for it."
cp "/etc/yunohost/certs/$d/key.pem" "/etc/snikket/certs/${d}.key" cp "/etc/yunohost/certs/$d/crt.pem" "/etc/snikket/certs/${d}.crt" || ynh_print_warn --message="$error_message"
cp "/etc/yunohost/certs/$d/key.pem" "/etc/snikket/certs/${d}.key" || ynh_print_warn --message="$error_message"
done done
chown $app /etc/snikket/certs/* chown $app /etc/snikket/certs/*
} }
### Add Nginx configuration for other domains. This is necessary because at the moment Snikket requires two additional
### subdomains to function fully. Does not reload Nginx configuration.
### Usage: add_extra_nginx_config <domain>
add_extra_nginx_config() {
local extra_domain="$1"
local finalnginxconf="/etc/nginx/conf.d/$extra_domain.d/$app.conf"
ynh_add_config --template="nginx.$extra_domain.conf" --destination="$finalnginxconf"
ynh_store_file_checksum --file="$finalnginxconf"
}
#================================================= #=================================================
# EXPERIMENTAL HELPERS # EXPERIMENTAL HELPERS
#================================================= #=================================================

23
scripts/install
View file

@ -61,14 +61,15 @@ ynh_secure_remove --file="$builddir"
ynh_script_progression --message="Adding Prosody configuration..." ynh_script_progression --message="Adding Prosody configuration..."
config_path=/etc/$app config_path=/etc/$app
ynh_app_setting_set --app=$app --key=config_path --value=$config_path ynh_app_setting_set --app=$app --key=config_path --value="$config_path"
mkdir -p $config_path mkdir -p "$config_path"
mkdir -p $config_path/{certs,conf.avail,conf.d} mkdir -p "$config_path"/{certs,conf.avail,conf.d}
mkdir -p $config_path/firewall mkdir -p "$config_path"/firewall
# TODO: ynh_replace_string
sed -i -e 's#/snikket/prosody#/var/lib/snikket#g' "$snikketdir/ansible/files/prosody.cfg.lua" prosody_config="$snikketdir/ansible/files/prosody.cfg.lua"
sed -i -e 's#/var/run/prosody/prosody.pid#/var/run/snikket/prosody.pid#g' "$snikketdir/ansible/files/prosody.cfg.lua" ynh_replace_string --match_string="/snikket/prosody" --replace_string="/var/lib/snikket" --target_file="$prosody_config"
sed -i -e 's#/etc/prosody/#/etc/snikket/#g' "$snikketdir/ansible/files/prosody.cfg.lua" ynh_replace_string --match_string="/var/run/prosody/prosody.pid" --replace_string="/var/run/snikket/prosody.pid" --target_file="$prosody_config"
ynh_replace_string --match_string="/etc/prosody/" --replace_string="/etc/snikket/" --target_file="$prosody_config"
ynh_add_config --template="$snikketdir/ansible/files/prosody.cfg.lua" --destination="$config_path/prosody.cfg.lua" ynh_add_config --template="$snikketdir/ansible/files/prosody.cfg.lua" --destination="$config_path/prosody.cfg.lua"
ynh_add_config --template="$snikketdir/ansible/files/restricted_users.pfw" --destination="$config_path/restricted_users.pfw" ynh_add_config --template="$snikketdir/ansible/files/restricted_users.pfw" --destination="$config_path/restricted_users.pfw"
@ -120,7 +121,7 @@ EOF
#================================================= #=================================================
ynh_script_progression --message="Installing certificates..." ynh_script_progression --message="Installing certificates..."
# Create a dedicated systemd config # Install certificates for Prosody to use (taken from the web certs)
install_certificates install_certificates
#================================================= #=================================================
@ -154,7 +155,7 @@ ynh_use_logrotate
#================================================= #=================================================
ynh_script_progression --message="Integrating service in YunoHost..." ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --description="Chat that is simple, secure, and private" --log="/var/log/$app/$app.log" yunohost service add "$app" --description="Chat that is simple, secure, and private" --log="/var/log/$app/$app.log"
#================================================= #=================================================
# START SYSTEMD SERVICE # START SYSTEMD SERVICE
@ -162,7 +163,7 @@ yunohost service add $app --description="Chat that is simple, secure, and privat
ynh_script_progression --message="Starting a systemd service..." ynh_script_progression --message="Starting a systemd service..."
# Start a systemd service # Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/$app.log"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT