diff --git a/LICENSE b/LICENSE
index 7d1e40b..be3f7b2 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,4 +1,661 @@
-File containing the license of your package.
+ GNU AFFERO GENERAL PUBLIC LICENSE
+ Version 3, 19 November 2007
-More information here:
-https://yunohost.org/packaging_apps_guidelines#yep-1-3
+ Copyright (C) 2007 Free Software Foundation, Inc.
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The GNU Affero General Public License is a free, copyleft license for
+software and other kinds of works, specifically designed to ensure
+cooperation with the community in the case of network server software.
+
+ The licenses for most software and other practical works are designed
+to take away your freedom to share and change the works. By contrast,
+our General Public Licenses are intended to guarantee your freedom to
+share and change all versions of a program--to make sure it remains free
+software for all its users.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+them if you wish), that you receive source code or can get it if you
+want it, that you can change the software or use pieces of it in new
+free programs, and that you know you can do these things.
+
+ Developers that use our General Public Licenses protect your rights
+with two steps: (1) assert copyright on the software, and (2) offer
+you this License which gives you legal permission to copy, distribute
+and/or modify the software.
+
+ A secondary benefit of defending all users' freedom is that
+improvements made in alternate versions of the program, if they
+receive widespread use, become available for other developers to
+incorporate. Many developers of free software are heartened and
+encouraged by the resulting cooperation. However, in the case of
+software used on network servers, this result may fail to come about.
+The GNU General Public License permits making a modified version and
+letting the public access it on a server without ever releasing its
+source code to the public.
+
+ The GNU Affero General Public License is designed specifically to
+ensure that, in such cases, the modified source code becomes available
+to the community. It requires the operator of a network server to
+provide the source code of the modified version running there to the
+users of that server. Therefore, public use of a modified version, on
+a publicly accessible server, gives the public access to the source
+code of the modified version.
+
+ An older license, called the Affero General Public License and
+published by Affero, was designed to accomplish similar goals. This is
+a different license, not a version of the Affero GPL, but Affero has
+released a new version of the Affero GPL which permits relicensing under
+this license.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ TERMS AND CONDITIONS
+
+ 0. Definitions.
+
+ "This License" refers to version 3 of the GNU Affero General Public License.
+
+ "Copyright" also means copyright-like laws that apply to other kinds of
+works, such as semiconductor masks.
+
+ "The Program" refers to any copyrightable work licensed under this
+License. Each licensee is addressed as "you". "Licensees" and
+"recipients" may be individuals or organizations.
+
+ To "modify" a work means to copy from or adapt all or part of the work
+in a fashion requiring copyright permission, other than the making of an
+exact copy. The resulting work is called a "modified version" of the
+earlier work or a work "based on" the earlier work.
+
+ A "covered work" means either the unmodified Program or a work based
+on the Program.
+
+ To "propagate" a work means to do anything with it that, without
+permission, would make you directly or secondarily liable for
+infringement under applicable copyright law, except executing it on a
+computer or modifying a private copy. Propagation includes copying,
+distribution (with or without modification), making available to the
+public, and in some countries other activities as well.
+
+ To "convey" a work means any kind of propagation that enables other
+parties to make or receive copies. Mere interaction with a user through
+a computer network, with no transfer of a copy, is not conveying.
+
+ An interactive user interface displays "Appropriate Legal Notices"
+to the extent that it includes a convenient and prominently visible
+feature that (1) displays an appropriate copyright notice, and (2)
+tells the user that there is no warranty for the work (except to the
+extent that warranties are provided), that licensees may convey the
+work under this License, and how to view a copy of this License. If
+the interface presents a list of user commands or options, such as a
+menu, a prominent item in the list meets this criterion.
+
+ 1. Source Code.
+
+ The "source code" for a work means the preferred form of the work
+for making modifications to it. "Object code" means any non-source
+form of a work.
+
+ A "Standard Interface" means an interface that either is an official
+standard defined by a recognized standards body, or, in the case of
+interfaces specified for a particular programming language, one that
+is widely used among developers working in that language.
+
+ The "System Libraries" of an executable work include anything, other
+than the work as a whole, that (a) is included in the normal form of
+packaging a Major Component, but which is not part of that Major
+Component, and (b) serves only to enable use of the work with that
+Major Component, or to implement a Standard Interface for which an
+implementation is available to the public in source code form. A
+"Major Component", in this context, means a major essential component
+(kernel, window system, and so on) of the specific operating system
+(if any) on which the executable work runs, or a compiler used to
+produce the work, or an object code interpreter used to run it.
+
+ The "Corresponding Source" for a work in object code form means all
+the source code needed to generate, install, and (for an executable
+work) run the object code and to modify the work, including scripts to
+control those activities. However, it does not include the work's
+System Libraries, or general-purpose tools or generally available free
+programs which are used unmodified in performing those activities but
+which are not part of the work. For example, Corresponding Source
+includes interface definition files associated with source files for
+the work, and the source code for shared libraries and dynamically
+linked subprograms that the work is specifically designed to require,
+such as by intimate data communication or control flow between those
+subprograms and other parts of the work.
+
+ The Corresponding Source need not include anything that users
+can regenerate automatically from other parts of the Corresponding
+Source.
+
+ The Corresponding Source for a work in source code form is that
+same work.
+
+ 2. Basic Permissions.
+
+ All rights granted under this License are granted for the term of
+copyright on the Program, and are irrevocable provided the stated
+conditions are met. This License explicitly affirms your unlimited
+permission to run the unmodified Program. The output from running a
+covered work is covered by this License only if the output, given its
+content, constitutes a covered work. This License acknowledges your
+rights of fair use or other equivalent, as provided by copyright law.
+
+ You may make, run and propagate covered works that you do not
+convey, without conditions so long as your license otherwise remains
+in force. You may convey covered works to others for the sole purpose
+of having them make modifications exclusively for you, or provide you
+with facilities for running those works, provided that you comply with
+the terms of this License in conveying all material for which you do
+not control copyright. Those thus making or running the covered works
+for you must do so exclusively on your behalf, under your direction
+and control, on terms that prohibit them from making any copies of
+your copyrighted material outside their relationship with you.
+
+ Conveying under any other circumstances is permitted solely under
+the conditions stated below. Sublicensing is not allowed; section 10
+makes it unnecessary.
+
+ 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
+
+ No covered work shall be deemed part of an effective technological
+measure under any applicable law fulfilling obligations under article
+11 of the WIPO copyright treaty adopted on 20 December 1996, or
+similar laws prohibiting or restricting circumvention of such
+measures.
+
+ When you convey a covered work, you waive any legal power to forbid
+circumvention of technological measures to the extent such circumvention
+is effected by exercising rights under this License with respect to
+the covered work, and you disclaim any intention to limit operation or
+modification of the work as a means of enforcing, against the work's
+users, your or third parties' legal rights to forbid circumvention of
+technological measures.
+
+ 4. Conveying Verbatim Copies.
+
+ You may convey verbatim copies of the Program's source code as you
+receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice;
+keep intact all notices stating that this License and any
+non-permissive terms added in accord with section 7 apply to the code;
+keep intact all notices of the absence of any warranty; and give all
+recipients a copy of this License along with the Program.
+
+ You may charge any price or no price for each copy that you convey,
+and you may offer support or warranty protection for a fee.
+
+ 5. Conveying Modified Source Versions.
+
+ You may convey a work based on the Program, or the modifications to
+produce it from the Program, in the form of source code under the
+terms of section 4, provided that you also meet all of these conditions:
+
+ a) The work must carry prominent notices stating that you modified
+ it, and giving a relevant date.
+
+ b) The work must carry prominent notices stating that it is
+ released under this License and any conditions added under section
+ 7. This requirement modifies the requirement in section 4 to
+ "keep intact all notices".
+
+ c) You must license the entire work, as a whole, under this
+ License to anyone who comes into possession of a copy. This
+ License will therefore apply, along with any applicable section 7
+ additional terms, to the whole of the work, and all its parts,
+ regardless of how they are packaged. This License gives no
+ permission to license the work in any other way, but it does not
+ invalidate such permission if you have separately received it.
+
+ d) If the work has interactive user interfaces, each must display
+ Appropriate Legal Notices; however, if the Program has interactive
+ interfaces that do not display Appropriate Legal Notices, your
+ work need not make them do so.
+
+ A compilation of a covered work with other separate and independent
+works, which are not by their nature extensions of the covered work,
+and which are not combined with it such as to form a larger program,
+in or on a volume of a storage or distribution medium, is called an
+"aggregate" if the compilation and its resulting copyright are not
+used to limit the access or legal rights of the compilation's users
+beyond what the individual works permit. Inclusion of a covered work
+in an aggregate does not cause this License to apply to the other
+parts of the aggregate.
+
+ 6. Conveying Non-Source Forms.
+
+ You may convey a covered work in object code form under the terms
+of sections 4 and 5, provided that you also convey the
+machine-readable Corresponding Source under the terms of this License,
+in one of these ways:
+
+ a) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by the
+ Corresponding Source fixed on a durable physical medium
+ customarily used for software interchange.
+
+ b) Convey the object code in, or embodied in, a physical product
+ (including a physical distribution medium), accompanied by a
+ written offer, valid for at least three years and valid for as
+ long as you offer spare parts or customer support for that product
+ model, to give anyone who possesses the object code either (1) a
+ copy of the Corresponding Source for all the software in the
+ product that is covered by this License, on a durable physical
+ medium customarily used for software interchange, for a price no
+ more than your reasonable cost of physically performing this
+ conveying of source, or (2) access to copy the
+ Corresponding Source from a network server at no charge.
+
+ c) Convey individual copies of the object code with a copy of the
+ written offer to provide the Corresponding Source. This
+ alternative is allowed only occasionally and noncommercially, and
+ only if you received the object code with such an offer, in accord
+ with subsection 6b.
+
+ d) Convey the object code by offering access from a designated
+ place (gratis or for a charge), and offer equivalent access to the
+ Corresponding Source in the same way through the same place at no
+ further charge. You need not require recipients to copy the
+ Corresponding Source along with the object code. If the place to
+ copy the object code is a network server, the Corresponding Source
+ may be on a different server (operated by you or a third party)
+ that supports equivalent copying facilities, provided you maintain
+ clear directions next to the object code saying where to find the
+ Corresponding Source. Regardless of what server hosts the
+ Corresponding Source, you remain obligated to ensure that it is
+ available for as long as needed to satisfy these requirements.
+
+ e) Convey the object code using peer-to-peer transmission, provided
+ you inform other peers where the object code and Corresponding
+ Source of the work are being offered to the general public at no
+ charge under subsection 6d.
+
+ A separable portion of the object code, whose source code is excluded
+from the Corresponding Source as a System Library, need not be
+included in conveying the object code work.
+
+ A "User Product" is either (1) a "consumer product", which means any
+tangible personal property which is normally used for personal, family,
+or household purposes, or (2) anything designed or sold for incorporation
+into a dwelling. In determining whether a product is a consumer product,
+doubtful cases shall be resolved in favor of coverage. For a particular
+product received by a particular user, "normally used" refers to a
+typical or common use of that class of product, regardless of the status
+of the particular user or of the way in which the particular user
+actually uses, or expects or is expected to use, the product. A product
+is a consumer product regardless of whether the product has substantial
+commercial, industrial or non-consumer uses, unless such uses represent
+the only significant mode of use of the product.
+
+ "Installation Information" for a User Product means any methods,
+procedures, authorization keys, or other information required to install
+and execute modified versions of a covered work in that User Product from
+a modified version of its Corresponding Source. The information must
+suffice to ensure that the continued functioning of the modified object
+code is in no case prevented or interfered with solely because
+modification has been made.
+
+ If you convey an object code work under this section in, or with, or
+specifically for use in, a User Product, and the conveying occurs as
+part of a transaction in which the right of possession and use of the
+User Product is transferred to the recipient in perpetuity or for a
+fixed term (regardless of how the transaction is characterized), the
+Corresponding Source conveyed under this section must be accompanied
+by the Installation Information. But this requirement does not apply
+if neither you nor any third party retains the ability to install
+modified object code on the User Product (for example, the work has
+been installed in ROM).
+
+ The requirement to provide Installation Information does not include a
+requirement to continue to provide support service, warranty, or updates
+for a work that has been modified or installed by the recipient, or for
+the User Product in which it has been modified or installed. Access to a
+network may be denied when the modification itself materially and
+adversely affects the operation of the network or violates the rules and
+protocols for communication across the network.
+
+ Corresponding Source conveyed, and Installation Information provided,
+in accord with this section must be in a format that is publicly
+documented (and with an implementation available to the public in
+source code form), and must require no special password or key for
+unpacking, reading or copying.
+
+ 7. Additional Terms.
+
+ "Additional permissions" are terms that supplement the terms of this
+License by making exceptions from one or more of its conditions.
+Additional permissions that are applicable to the entire Program shall
+be treated as though they were included in this License, to the extent
+that they are valid under applicable law. If additional permissions
+apply only to part of the Program, that part may be used separately
+under those permissions, but the entire Program remains governed by
+this License without regard to the additional permissions.
+
+ When you convey a copy of a covered work, you may at your option
+remove any additional permissions from that copy, or from any part of
+it. (Additional permissions may be written to require their own
+removal in certain cases when you modify the work.) You may place
+additional permissions on material, added by you to a covered work,
+for which you have or can give appropriate copyright permission.
+
+ Notwithstanding any other provision of this License, for material you
+add to a covered work, you may (if authorized by the copyright holders of
+that material) supplement the terms of this License with terms:
+
+ a) Disclaiming warranty or limiting liability differently from the
+ terms of sections 15 and 16 of this License; or
+
+ b) Requiring preservation of specified reasonable legal notices or
+ author attributions in that material or in the Appropriate Legal
+ Notices displayed by works containing it; or
+
+ c) Prohibiting misrepresentation of the origin of that material, or
+ requiring that modified versions of such material be marked in
+ reasonable ways as different from the original version; or
+
+ d) Limiting the use for publicity purposes of names of licensors or
+ authors of the material; or
+
+ e) Declining to grant rights under trademark law for use of some
+ trade names, trademarks, or service marks; or
+
+ f) Requiring indemnification of licensors and authors of that
+ material by anyone who conveys the material (or modified versions of
+ it) with contractual assumptions of liability to the recipient, for
+ any liability that these contractual assumptions directly impose on
+ those licensors and authors.
+
+ All other non-permissive additional terms are considered "further
+restrictions" within the meaning of section 10. If the Program as you
+received it, or any part of it, contains a notice stating that it is
+governed by this License along with a term that is a further
+restriction, you may remove that term. If a license document contains
+a further restriction but permits relicensing or conveying under this
+License, you may add to a covered work material governed by the terms
+of that license document, provided that the further restriction does
+not survive such relicensing or conveying.
+
+ If you add terms to a covered work in accord with this section, you
+must place, in the relevant source files, a statement of the
+additional terms that apply to those files, or a notice indicating
+where to find the applicable terms.
+
+ Additional terms, permissive or non-permissive, may be stated in the
+form of a separately written license, or stated as exceptions;
+the above requirements apply either way.
+
+ 8. Termination.
+
+ You may not propagate or modify a covered work except as expressly
+provided under this License. Any attempt otherwise to propagate or
+modify it is void, and will automatically terminate your rights under
+this License (including any patent licenses granted under the third
+paragraph of section 11).
+
+ However, if you cease all violation of this License, then your
+license from a particular copyright holder is reinstated (a)
+provisionally, unless and until the copyright holder explicitly and
+finally terminates your license, and (b) permanently, if the copyright
+holder fails to notify you of the violation by some reasonable means
+prior to 60 days after the cessation.
+
+ Moreover, your license from a particular copyright holder is
+reinstated permanently if the copyright holder notifies you of the
+violation by some reasonable means, this is the first time you have
+received notice of violation of this License (for any work) from that
+copyright holder, and you cure the violation prior to 30 days after
+your receipt of the notice.
+
+ Termination of your rights under this section does not terminate the
+licenses of parties who have received copies or rights from you under
+this License. If your rights have been terminated and not permanently
+reinstated, you do not qualify to receive new licenses for the same
+material under section 10.
+
+ 9. Acceptance Not Required for Having Copies.
+
+ You are not required to accept this License in order to receive or
+run a copy of the Program. Ancillary propagation of a covered work
+occurring solely as a consequence of using peer-to-peer transmission
+to receive a copy likewise does not require acceptance. However,
+nothing other than this License grants you permission to propagate or
+modify any covered work. These actions infringe copyright if you do
+not accept this License. Therefore, by modifying or propagating a
+covered work, you indicate your acceptance of this License to do so.
+
+ 10. Automatic Licensing of Downstream Recipients.
+
+ Each time you convey a covered work, the recipient automatically
+receives a license from the original licensors, to run, modify and
+propagate that work, subject to this License. You are not responsible
+for enforcing compliance by third parties with this License.
+
+ An "entity transaction" is a transaction transferring control of an
+organization, or substantially all assets of one, or subdividing an
+organization, or merging organizations. If propagation of a covered
+work results from an entity transaction, each party to that
+transaction who receives a copy of the work also receives whatever
+licenses to the work the party's predecessor in interest had or could
+give under the previous paragraph, plus a right to possession of the
+Corresponding Source of the work from the predecessor in interest, if
+the predecessor has it or can get it with reasonable efforts.
+
+ You may not impose any further restrictions on the exercise of the
+rights granted or affirmed under this License. For example, you may
+not impose a license fee, royalty, or other charge for exercise of
+rights granted under this License, and you may not initiate litigation
+(including a cross-claim or counterclaim in a lawsuit) alleging that
+any patent claim is infringed by making, using, selling, offering for
+sale, or importing the Program or any portion of it.
+
+ 11. Patents.
+
+ A "contributor" is a copyright holder who authorizes use under this
+License of the Program or a work on which the Program is based. The
+work thus licensed is called the contributor's "contributor version".
+
+ A contributor's "essential patent claims" are all patent claims
+owned or controlled by the contributor, whether already acquired or
+hereafter acquired, that would be infringed by some manner, permitted
+by this License, of making, using, or selling its contributor version,
+but do not include claims that would be infringed only as a
+consequence of further modification of the contributor version. For
+purposes of this definition, "control" includes the right to grant
+patent sublicenses in a manner consistent with the requirements of
+this License.
+
+ Each contributor grants you a non-exclusive, worldwide, royalty-free
+patent license under the contributor's essential patent claims, to
+make, use, sell, offer for sale, import and otherwise run, modify and
+propagate the contents of its contributor version.
+
+ In the following three paragraphs, a "patent license" is any express
+agreement or commitment, however denominated, not to enforce a patent
+(such as an express permission to practice a patent or covenant not to
+sue for patent infringement). To "grant" such a patent license to a
+party means to make such an agreement or commitment not to enforce a
+patent against the party.
+
+ If you convey a covered work, knowingly relying on a patent license,
+and the Corresponding Source of the work is not available for anyone
+to copy, free of charge and under the terms of this License, through a
+publicly available network server or other readily accessible means,
+then you must either (1) cause the Corresponding Source to be so
+available, or (2) arrange to deprive yourself of the benefit of the
+patent license for this particular work, or (3) arrange, in a manner
+consistent with the requirements of this License, to extend the patent
+license to downstream recipients. "Knowingly relying" means you have
+actual knowledge that, but for the patent license, your conveying the
+covered work in a country, or your recipient's use of the covered work
+in a country, would infringe one or more identifiable patents in that
+country that you have reason to believe are valid.
+
+ If, pursuant to or in connection with a single transaction or
+arrangement, you convey, or propagate by procuring conveyance of, a
+covered work, and grant a patent license to some of the parties
+receiving the covered work authorizing them to use, propagate, modify
+or convey a specific copy of the covered work, then the patent license
+you grant is automatically extended to all recipients of the covered
+work and works based on it.
+
+ A patent license is "discriminatory" if it does not include within
+the scope of its coverage, prohibits the exercise of, or is
+conditioned on the non-exercise of one or more of the rights that are
+specifically granted under this License. You may not convey a covered
+work if you are a party to an arrangement with a third party that is
+in the business of distributing software, under which you make payment
+to the third party based on the extent of your activity of conveying
+the work, and under which the third party grants, to any of the
+parties who would receive the covered work from you, a discriminatory
+patent license (a) in connection with copies of the covered work
+conveyed by you (or copies made from those copies), or (b) primarily
+for and in connection with specific products or compilations that
+contain the covered work, unless you entered into that arrangement,
+or that patent license was granted, prior to 28 March 2007.
+
+ Nothing in this License shall be construed as excluding or limiting
+any implied license or other defenses to infringement that may
+otherwise be available to you under applicable patent law.
+
+ 12. No Surrender of Others' Freedom.
+
+ If conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot convey a
+covered work so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you may
+not convey it at all. For example, if you agree to terms that obligate you
+to collect a royalty for further conveying from those to whom you convey
+the Program, the only way you could satisfy both those terms and this
+License would be to refrain entirely from conveying the Program.
+
+ 13. Remote Network Interaction; Use with the GNU General Public License.
+
+ Notwithstanding any other provision of this License, if you modify the
+Program, your modified version must prominently offer all users
+interacting with it remotely through a computer network (if your version
+supports such interaction) an opportunity to receive the Corresponding
+Source of your version by providing access to the Corresponding Source
+from a network server at no charge, through some standard or customary
+means of facilitating copying of software. This Corresponding Source
+shall include the Corresponding Source for any work covered by version 3
+of the GNU General Public License that is incorporated pursuant to the
+following paragraph.
+
+ Notwithstanding any other provision of this License, you have
+permission to link or combine any covered work with a work licensed
+under version 3 of the GNU General Public License into a single
+combined work, and to convey the resulting work. The terms of this
+License will continue to apply to the part which is the covered work,
+but the work with which it is combined will remain governed by version
+3 of the GNU General Public License.
+
+ 14. Revised Versions of this License.
+
+ The Free Software Foundation may publish revised and/or new versions of
+the GNU Affero General Public License from time to time. Such new versions
+will be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+ Each version is given a distinguishing version number. If the
+Program specifies that a certain numbered version of the GNU Affero General
+Public License "or any later version" applies to it, you have the
+option of following the terms and conditions either of that numbered
+version or of any later version published by the Free Software
+Foundation. If the Program does not specify a version number of the
+GNU Affero General Public License, you may choose any version ever published
+by the Free Software Foundation.
+
+ If the Program specifies that a proxy can decide which future
+versions of the GNU Affero General Public License can be used, that proxy's
+public statement of acceptance of a version permanently authorizes you
+to choose that version for the Program.
+
+ Later license versions may give you additional or different
+permissions. However, no additional obligations are imposed on any
+author or copyright holder as a result of your choosing to follow a
+later version.
+
+ 15. Disclaimer of Warranty.
+
+ THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
+APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
+HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
+OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
+THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
+IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
+ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+ 16. Limitation of Liability.
+
+ IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
+THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
+GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
+USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
+DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
+PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
+EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGES.
+
+ 17. Interpretation of Sections 15 and 16.
+
+ If the disclaimer of warranty and limitation of liability provided
+above cannot be given local legal effect according to their terms,
+reviewing courts shall apply local law that most closely approximates
+an absolute waiver of all civil liability in connection with the
+Program, unless a warranty or assumption of liability accompanies a
+copy of the Program in return for a fee.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+state the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+
+ Copyright (C)
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see .
+
+Also add information on how to contact you by electronic and paper mail.
+
+ If your software can interact with users remotely through a computer
+network, you should also make sure that it provides a way for users to
+get its source. For example, if your program is a web application, its
+interface could display a "Source" link that leads users to an archive
+of the code. There are many ways you could offer source, and different
+solutions will be better for different programs; see section 13 for the
+specific requirements.
+
+ You should also get your employer (if you work as a programmer) or school,
+if any, to sign a "copyright disclaimer" for the program, if necessary.
+For more information on this, and how to apply and follow the GNU AGPL, see
+.
diff --git a/check_process b/check_process
index f41c4c9..1fce29e 100644
--- a/check_process
+++ b/check_process
@@ -6,23 +6,18 @@
;; Test complet
; Manifest
domain="domain.tld"
- path="/path"
- is_public=1
- language="fr"
- admin="john"
- password="1Strong-Password"
- port="666"
+ path="/"
; Checks
pkg_linter=1
- setup_sub_dir=1
+ setup_sub_dir=0
setup_root=1
setup_nourl=0
- setup_private=1
+ setup_private=0
setup_public=1
upgrade=1
upgrade=1 from_commit=CommitHash
backup_restore=1
- multi_instance=1
+ multi_instance=0
port_already_use=0
change_url=1
;;; Options
diff --git a/conf/app.src b/conf/app.src
deleted file mode 100644
index 17489bf..0000000
--- a/conf/app.src
+++ /dev/null
@@ -1,7 +0,0 @@
-SOURCE_URL=url of app's source
-SOURCE_SUM=sha256 checksum
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FORMAT=tar.gz
-SOURCE_IN_SUBDIR=true
-SOURCE_FILENAME=
-SOURCE_EXTRACT=true
diff --git a/conf/garage.toml b/conf/garage.toml
new file mode 100644
index 0000000..2cae1f9
--- /dev/null
+++ b/conf/garage.toml
@@ -0,0 +1,37 @@
+metadata_dir = "/opt/yunohost/__APP_NAME__/metadata"
+data_dir = "__DATA_DIR__"
+
+block_size = 1048576
+block_manager_background_tranquility = 2
+
+replication_mode = "3"
+
+compression_level = 1
+
+# openssl rand -hex 32
+rpc_secret = "__RPC_SECRET__"
+# LE PORT DOIT ÊTRE LE MÊME SUR TOUS LES NOEUDS (port interne)
+rpc_bind_addr = "[::]:__PORT__"
+# Le port peut être différent (eg NAT) mais doit rediriger sur le
+# port de rpc_bind_addr
+rpc_public_addr = "__IP__:__PORT__"
+
+bootstrap_peers = [
+ __SERVER_AMI__",
+]
+
+[s3_api]
+# Ne supporte pas TLS → reverse proxy obligatoire
+# pour avoir de la sécurité
+api_bind_addr = "[::]:__PORT_API__"
+s3_region = "garage"
+
+[s3_web]
+bind_addr = "[::]:__PORT_WEB"
+root_domain = ".web.garage.localhost"
+index = "index.html"
+
+[admin]
+api_bind_addr = "127.0.0.1:__PORT_ADMIN__"
+metrics_token = "cacce0b2de4bc2d9f5b5fdff551e01ac1496055aed248202d415398987e35f81"
+admin_token = "ae8cb40ea7368bbdbb6430af11cca7da833d3458a5f52086f4e805a570fb5c2a"
diff --git a/conf/mount_disk.sh b/conf/mount_disk.sh
new file mode 100644
index 0000000..b386a97
--- /dev/null
+++ b/conf/mount_disk.sh
@@ -0,0 +1,16 @@
+#!bash
+datadir=$1
+format=$2
+i=0
+while $(fdisk -l /dev/nbd$i 1&>2 /dev/null)
+do
+ i=$(( i + 1 ))
+done
+echo $i
+modprobe nbd max_part=$(( i + 1 ))
+qemu-nbd --connect /dev/nbd$i $datadir/garage.qcow2
+if [[ "$format" = "true" ]]
+then
+ mkfs.ext4 /dev/nbd$i > /dev/null
+fi
+mount /dev/nbd$i $datadir/data/
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 6b738ce..c69565e 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,28 +1,5 @@
-#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
-location __PATH__/ {
-
- # Path to source
- alias __FINALPATH__/;
-
-### Example PHP configuration (remove it if not used)
- index index.php;
-
- # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
- #client_max_body_size 50M;
-
- try_files $uri $uri/ index.php;
- location ~ [^/]\.php(/|$) {
- fastcgi_split_path_info ^(.+?\.php)(/.*)$;
- fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
-
- fastcgi_index index.php;
- include fastcgi_params;
- fastcgi_param REMOTE_USER $remote_user;
- fastcgi_param PATH_INFO $fastcgi_path_info;
- fastcgi_param SCRIPT_FILENAME $request_filename;
- }
-### End of PHP configuration part
-
- # Include SSOWAT user panel.
- include conf.d/yunohost_panel.conf.inc;
+location / {
+ proxy_pass http://localhost:__PORT_API__;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_set_header Host $host;
}
diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf
deleted file mode 100644
index ab1a471..0000000
--- a/conf/php-fpm.conf
+++ /dev/null
@@ -1,430 +0,0 @@
-; Start a new pool named 'www'.
-; the variable $pool can be used in any directive and will be replaced by the
-; pool name ('www' here)
-[__NAMETOCHANGE__]
-
-; Per pool prefix
-; It only applies on the following directives:
-; - 'access.log'
-; - 'slowlog'
-; - 'listen' (unixsocket)
-; - 'chroot'
-; - 'chdir'
-; - 'php_values'
-; - 'php_admin_values'
-; When not set, the global prefix (or /usr) applies instead.
-; Note: This directive can also be relative to the global prefix.
-; Default Value: none
-;prefix = /path/to/pools/$pool
-
-; Unix user/group of processes
-; Note: The user is mandatory. If the group is not set, the default user's group
-; will be used.
-user = __USER__
-group = __USER__
-
-; The address on which to accept FastCGI requests.
-; Valid syntaxes are:
-; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
-; a specific port;
-; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
-; a specific port;
-; 'port' - to listen on a TCP socket to all addresses
-; (IPv6 and IPv4-mapped) on a specific port;
-; '/path/to/unix/socket' - to listen on a unix socket.
-; Note: This value is mandatory.
-listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock
-
-; Set listen(2) backlog.
-; Default Value: 511 (-1 on FreeBSD and OpenBSD)
-;listen.backlog = 511
-
-; Set permissions for unix socket, if one is used. In Linux, read/write
-; permissions must be set in order to allow connections from a web server. Many
-; BSD-derived systems allow connections regardless of permissions.
-; Default Values: user and group are set as the running user
-; mode is set to 0660
-listen.owner = www-data
-listen.group = www-data
-;listen.mode = 0660
-; When POSIX Access Control Lists are supported you can set them using
-; these options, value is a comma separated list of user/group names.
-; When set, listen.owner and listen.group are ignored
-;listen.acl_users =
-;listen.acl_groups =
-
-; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
-; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
-; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
-; must be separated by a comma. If this value is left blank, connections will be
-; accepted from any ip address.
-; Default Value: any
-;listen.allowed_clients = 127.0.0.1
-
-; Specify the nice(2) priority to apply to the pool processes (only if set)
-; The value can vary from -19 (highest priority) to 20 (lower priority)
-; Note: - It will only work if the FPM master process is launched as root
-; - The pool processes will inherit the master process priority
-; unless it specified otherwise
-; Default Value: no set
-; process.priority = -19
-
-; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
-; or group is differrent than the master process user. It allows to create process
-; core dump and ptrace the process for the pool user.
-; Default Value: no
-; process.dumpable = yes
-
-; Choose how the process manager will control the number of child processes.
-; Possible Values:
-; static - a fixed number (pm.max_children) of child processes;
-; dynamic - the number of child processes are set dynamically based on the
-; following directives. With this process management, there will be
-; always at least 1 children.
-; pm.max_children - the maximum number of children that can
-; be alive at the same time.
-; pm.start_servers - the number of children created on startup.
-; pm.min_spare_servers - the minimum number of children in 'idle'
-; state (waiting to process). If the number
-; of 'idle' processes is less than this
-; number then some children will be created.
-; pm.max_spare_servers - the maximum number of children in 'idle'
-; state (waiting to process). If the number
-; of 'idle' processes is greater than this
-; number then some children will be killed.
-; ondemand - no children are created at startup. Children will be forked when
-; new requests will connect. The following parameter are used:
-; pm.max_children - the maximum number of children that
-; can be alive at the same time.
-; pm.process_idle_timeout - The number of seconds after which
-; an idle process will be killed.
-; Note: This value is mandatory.
-pm = dynamic
-
-; The number of child processes to be created when pm is set to 'static' and the
-; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
-; This value sets the limit on the number of simultaneous requests that will be
-; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
-; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
-; CGI. The below defaults are based on a server without much resources. Don't
-; forget to tweak pm.* to fit your needs.
-; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
-; Note: This value is mandatory.
-pm.max_children = 5
-
-; The number of child processes created on startup.
-; Note: Used only when pm is set to 'dynamic'
-; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
-pm.start_servers = 2
-
-; The desired minimum number of idle server processes.
-; Note: Used only when pm is set to 'dynamic'
-; Note: Mandatory when pm is set to 'dynamic'
-pm.min_spare_servers = 1
-
-; The desired maximum number of idle server processes.
-; Note: Used only when pm is set to 'dynamic'
-; Note: Mandatory when pm is set to 'dynamic'
-pm.max_spare_servers = 3
-
-; The number of seconds after which an idle process will be killed.
-; Note: Used only when pm is set to 'ondemand'
-; Default Value: 10s
-;pm.process_idle_timeout = 10s;
-
-; The number of requests each child process should execute before respawning.
-; This can be useful to work around memory leaks in 3rd party libraries. For
-; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
-; Default Value: 0
-;pm.max_requests = 500
-
-; The URI to view the FPM status page. If this value is not set, no URI will be
-; recognized as a status page. It shows the following informations:
-; pool - the name of the pool;
-; process manager - static, dynamic or ondemand;
-; start time - the date and time FPM has started;
-; start since - number of seconds since FPM has started;
-; accepted conn - the number of request accepted by the pool;
-; listen queue - the number of request in the queue of pending
-; connections (see backlog in listen(2));
-; max listen queue - the maximum number of requests in the queue
-; of pending connections since FPM has started;
-; listen queue len - the size of the socket queue of pending connections;
-; idle processes - the number of idle processes;
-; active processes - the number of active processes;
-; total processes - the number of idle + active processes;
-; max active processes - the maximum number of active processes since FPM
-; has started;
-; max children reached - number of times, the process limit has been reached,
-; when pm tries to start more children (works only for
-; pm 'dynamic' and 'ondemand');
-; Value are updated in real time.
-; Example output:
-; pool: www
-; process manager: static
-; start time: 01/Jul/2011:17:53:49 +0200
-; start since: 62636
-; accepted conn: 190460
-; listen queue: 0
-; max listen queue: 1
-; listen queue len: 42
-; idle processes: 4
-; active processes: 11
-; total processes: 15
-; max active processes: 12
-; max children reached: 0
-;
-; By default the status page output is formatted as text/plain. Passing either
-; 'html', 'xml' or 'json' in the query string will return the corresponding
-; output syntax. Example:
-; http://www.foo.bar/status
-; http://www.foo.bar/status?json
-; http://www.foo.bar/status?html
-; http://www.foo.bar/status?xml
-;
-; By default the status page only outputs short status. Passing 'full' in the
-; query string will also return status for each pool process.
-; Example:
-; http://www.foo.bar/status?full
-; http://www.foo.bar/status?json&full
-; http://www.foo.bar/status?html&full
-; http://www.foo.bar/status?xml&full
-; The Full status returns for each process:
-; pid - the PID of the process;
-; state - the state of the process (Idle, Running, ...);
-; start time - the date and time the process has started;
-; start since - the number of seconds since the process has started;
-; requests - the number of requests the process has served;
-; request duration - the duration in µs of the requests;
-; request method - the request method (GET, POST, ...);
-; request URI - the request URI with the query string;
-; content length - the content length of the request (only with POST);
-; user - the user (PHP_AUTH_USER) (or '-' if not set);
-; script - the main script called (or '-' if not set);
-; last request cpu - the %cpu the last request consumed
-; it's always 0 if the process is not in Idle state
-; because CPU calculation is done when the request
-; processing has terminated;
-; last request memory - the max amount of memory the last request consumed
-; it's always 0 if the process is not in Idle state
-; because memory calculation is done when the request
-; processing has terminated;
-; If the process is in Idle state, then informations are related to the
-; last request the process has served. Otherwise informations are related to
-; the current request being served.
-; Example output:
-; ************************
-; pid: 31330
-; state: Running
-; start time: 01/Jul/2011:17:53:49 +0200
-; start since: 63087
-; requests: 12808
-; request duration: 1250261
-; request method: GET
-; request URI: /test_mem.php?N=10000
-; content length: 0
-; user: -
-; script: /home/fat/web/docs/php/test_mem.php
-; last request cpu: 0.00
-; last request memory: 0
-;
-; Note: There is a real-time FPM status monitoring sample web page available
-; It's available in: /usr/share/php/7.0/fpm/status.html
-;
-; Note: The value must start with a leading slash (/). The value can be
-; anything, but it may not be a good idea to use the .php extension or it
-; may conflict with a real PHP file.
-; Default Value: not set
-;pm.status_path = /status
-
-; The ping URI to call the monitoring page of FPM. If this value is not set, no
-; URI will be recognized as a ping page. This could be used to test from outside
-; that FPM is alive and responding, or to
-; - create a graph of FPM availability (rrd or such);
-; - remove a server from a group if it is not responding (load balancing);
-; - trigger alerts for the operating team (24/7).
-; Note: The value must start with a leading slash (/). The value can be
-; anything, but it may not be a good idea to use the .php extension or it
-; may conflict with a real PHP file.
-; Default Value: not set
-;ping.path = /ping
-
-; This directive may be used to customize the response of a ping request. The
-; response is formatted as text/plain with a 200 response code.
-; Default Value: pong
-;ping.response = pong
-
-; The access log file
-; Default: not set
-;access.log = log/$pool.access.log
-
-; The access log format.
-; The following syntax is allowed
-; %%: the '%' character
-; %C: %CPU used by the request
-; it can accept the following format:
-; - %{user}C for user CPU only
-; - %{system}C for system CPU only
-; - %{total}C for user + system CPU (default)
-; %d: time taken to serve the request
-; it can accept the following format:
-; - %{seconds}d (default)
-; - %{miliseconds}d
-; - %{mili}d
-; - %{microseconds}d
-; - %{micro}d
-; %e: an environment variable (same as $_ENV or $_SERVER)
-; it must be associated with embraces to specify the name of the env
-; variable. Some exemples:
-; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
-; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
-; %f: script filename
-; %l: content-length of the request (for POST request only)
-; %m: request method
-; %M: peak of memory allocated by PHP
-; it can accept the following format:
-; - %{bytes}M (default)
-; - %{kilobytes}M
-; - %{kilo}M
-; - %{megabytes}M
-; - %{mega}M
-; %n: pool name
-; %o: output header
-; it must be associated with embraces to specify the name of the header:
-; - %{Content-Type}o
-; - %{X-Powered-By}o
-; - %{Transfert-Encoding}o
-; - ....
-; %p: PID of the child that serviced the request
-; %P: PID of the parent of the child that serviced the request
-; %q: the query string
-; %Q: the '?' character if query string exists
-; %r: the request URI (without the query string, see %q and %Q)
-; %R: remote IP address
-; %s: status (response code)
-; %t: server time the request was received
-; it can accept a strftime(3) format:
-; %d/%b/%Y:%H:%M:%S %z (default)
-; The strftime(3) format must be encapsuled in a %{}t tag
-; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
-; %T: time the log has been written (the request has finished)
-; it can accept a strftime(3) format:
-; %d/%b/%Y:%H:%M:%S %z (default)
-; The strftime(3) format must be encapsuled in a %{}t tag
-; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
-; %u: remote user
-;
-; Default: "%R - %u %t \"%m %r\" %s"
-;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
-
-; The log file for slow requests
-; Default Value: not set
-; Note: slowlog is mandatory if request_slowlog_timeout is set
-;slowlog = log/$pool.log.slow
-
-; The timeout for serving a single request after which a PHP backtrace will be
-; dumped to the 'slowlog' file. A value of '0s' means 'off'.
-; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
-; Default Value: 0
-;request_slowlog_timeout = 0
-
-; The timeout for serving a single request after which the worker process will
-; be killed. This option should be used when the 'max_execution_time' ini option
-; does not stop script execution for some reason. A value of '0' means 'off'.
-; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
-; Default Value: 0
-request_terminate_timeout = 1d
-
-; Set open file descriptor rlimit.
-; Default Value: system defined value
-;rlimit_files = 1024
-
-; Set max core size rlimit.
-; Possible Values: 'unlimited' or an integer greater or equal to 0
-; Default Value: system defined value
-;rlimit_core = 0
-
-; Chroot to this directory at the start. This value must be defined as an
-; absolute path. When this value is not set, chroot is not used.
-; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
-; of its subdirectories. If the pool prefix is not set, the global prefix
-; will be used instead.
-; Note: chrooting is a great security feature and should be used whenever
-; possible. However, all PHP paths will be relative to the chroot
-; (error_log, sessions.save_path, ...).
-; Default Value: not set
-;chroot =
-
-; Chdir to this directory at the start.
-; Note: relative path can be used.
-; Default Value: current directory or / when chroot
-chdir = __FINALPATH__
-
-; Redirect worker stdout and stderr into main error log. If not set, stdout and
-; stderr will be redirected to /dev/null according to FastCGI specs.
-; Note: on highloaded environement, this can cause some delay in the page
-; process time (several ms).
-; Default Value: no
-;catch_workers_output = yes
-
-; Clear environment in FPM workers
-; Prevents arbitrary environment variables from reaching FPM worker processes
-; by clearing the environment in workers before env vars specified in this
-; pool configuration are added.
-; Setting to "no" will make all environment variables available to PHP code
-; via getenv(), $_ENV and $_SERVER.
-; Default Value: yes
-;clear_env = no
-
-; Limits the extensions of the main script FPM will allow to parse. This can
-; prevent configuration mistakes on the web server side. You should only limit
-; FPM to .php extensions to prevent malicious users to use other extensions to
-; execute php code.
-; Note: set an empty value to allow all extensions.
-; Default Value: .php
-;security.limit_extensions = .php .php3 .php4 .php5 .php7
-
-; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
-; the current environment.
-; Default Value: clean env
-;env[HOSTNAME] = $HOSTNAME
-;env[PATH] = /usr/local/bin:/usr/bin:/bin
-;env[TMP] = /tmp
-;env[TMPDIR] = /tmp
-;env[TEMP] = /tmp
-
-; Additional php.ini defines, specific to this pool of workers. These settings
-; overwrite the values previously defined in the php.ini. The directives are the
-; same as the PHP SAPI:
-; php_value/php_flag - you can set classic ini defines which can
-; be overwritten from PHP call 'ini_set'.
-; php_admin_value/php_admin_flag - these directives won't be overwritten by
-; PHP call 'ini_set'
-; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
-
-; Defining 'extension' will load the corresponding shared extension from
-; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
-; overwrite previously defined php.ini values, but will append the new value
-; instead.
-
-; Note: path INI options can be relative and will be expanded with the prefix
-; (pool, global or /usr)
-
-; Default Value: nothing is defined by default except the values in php.ini and
-; specified at startup with the -d argument
-;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
-;php_flag[display_errors] = off
-;php_admin_value[error_log] = /var/log/fpm-php.www.log
-;php_admin_flag[log_errors] = on
-;php_admin_value[memory_limit] = 32M
-
-; Common values to change to increase file upload limit
-; php_admin_value[upload_max_filesize] = 50M
-; php_admin_value[post_max_size] = 50M
-; php_admin_flag[mail.add_x_header] = Off
-
-; Other common parameters
-; php_admin_value[max_execution_time] = 600
-; php_admin_value[max_input_time] = 300
-; php_admin_value[memory_limit] = 256M
-; php_admin_flag[short_open_tag] = On
diff --git a/conf/systemd.service b/conf/systemd.service
index 0dd716f..fd8aae0 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -4,8 +4,10 @@ After=network-online.target
Wants=network-online.target
[Service]
+User=__APP__
Environment='RUST_LOG=garage=info' 'RUST_BACKTRACE=1'
-ExecStart=__FINALPATH__/garage server
+ExecStartPre=+__FINALPATH__/mount_disk.sh __FINALPATH__
+ExecStart=__FINALPATH__/garage -c __FINALPATH__/garage.toml server
StateDirectory=garage
DynamicUser=true
ProtectHome=true
diff --git a/conf/umount_disk.sh b/conf/umount_disk.sh
new file mode 100644
index 0000000..b386a97
--- /dev/null
+++ b/conf/umount_disk.sh
@@ -0,0 +1,16 @@
+#!bash
+datadir=$1
+format=$2
+i=0
+while $(fdisk -l /dev/nbd$i 1&>2 /dev/null)
+do
+ i=$(( i + 1 ))
+done
+echo $i
+modprobe nbd max_part=$(( i + 1 ))
+qemu-nbd --connect /dev/nbd$i $datadir/garage.qcow2
+if [[ "$format" = "true" ]]
+then
+ mkfs.ext4 /dev/nbd$i > /dev/null
+fi
+mount /dev/nbd$i $datadir/data/
diff --git a/manifest.json b/manifest.json
index f716e62..7902091 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
"en": "S3 storage",
"fr": "stockage S3"
},
- "version": "1.0~ynh1",
+ "version": "0.7.2.1~ynh1",
"url": "https://garagehq.deuxfleurs.fr/",
"upstream": {
"license": "free",
@@ -15,7 +15,8 @@
"userdoc": "https://garagehq.deuxfleurs.fr/documentation/quick-start/",
"code": "https://git.deuxfleurs.fr/Deuxfleurs/garage"
},
- "license": "AGPLv3",
+ "services": [],
+ "license": "AGPL-3.0-only",
"maintainer": {
"name": "oiseauroch",
"email": "tobias.ollive@oiseauroch.fr."
@@ -29,6 +30,44 @@
{
"name": "domain",
"type": "domain"
+ },
+ {
+ "name":"rpc-secret",
+ "type":"string",
+ "ask": {
+ "en": "UUID of the network (rpc-secret) ",
+ "fr": "UUID de l'ilot (rpc-secret)"
+ },
+ "optional": true,
+ "example": "1799bccfd7411eddcf9ebd316bc1f5287ad12a68094e1c6ac6abde7e6feae1ec"
+ },
+ {
+ "name": "bootstrap-peers",
+ "type": "string",
+ "example": "1799bccfd7411eddcf9ebd316bc1f5287ad12a68094e1c6ac6abde7e6feae1ec@127.0.0.1:3901",
+ "optional": true,
+ "ask": {
+ "en": "friend server id",
+ "fr": "serveur ami"
+ }
+ },
+ {
+ "name": "weight",
+ "type": "integer",
+ "ask": {
+ "en": "number of G to allow",
+ "fr": "nombre de G à allouer"
+ }
+ },
+ {
+ "name": "datadir",
+ "type": "string",
+ "default": "/home/yunohost.app/__APP_NAME__/data",
+ "exemple": "/opt/yunohost/garage/data",
+ "ask" : {
+ "en" : "data location",
+ "fr": "dossier de stockage des données"
+ }
}
]
}
diff --git a/scripts/_common.sh b/scripts/_common.sh
index b4be45b..31e2ad3 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -3,7 +3,7 @@
#=================================================
# COMMON VARIABLES
#=================================================
-
+pkg_dependencies="qemu-utils"
#=================================================
# PERSONAL HELPERS
@@ -12,6 +12,9 @@
GARAGE_VERSION="0.7.2.1"
+get_ip() {
+ curl ip.me
+}
# inspired by restic helper
install_garage () {
architecture=$(uname -m)
@@ -36,8 +39,6 @@ install_garage () {
esac
wget https://garagehq.deuxfleurs.fr/_releases/v$GARAGE_VERSION/$arch-unknown-linux-musl/garage -O "$app" 2>&1 >/dev/null
chmod +x "$app"
- else
- ynh_die --message="\nDownloaded file does not match expected sha256 sum, aborting"
fi
}
@@ -45,6 +46,131 @@ install_garage () {
# EXPERIMENTAL HELPERS
#=================================================
+# Send an email to inform the administrator
+#
+# usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type]
+# | arg: -m --app_message= - The file with the content to send to the administrator.
+# | arg: -r, --recipients= - The recipients of this email. Use spaces to separate multiples recipients. - default: root
+# example: "root admin@domain"
+# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you
+# example: "root admin@domain user1 user2"
+# | arg: -t, --type= - Type of mail, could be 'backup', 'change_url', 'install', 'remove', 'restore', 'upgrade'
+#
+# Requires YunoHost version 4.1.0 or higher.
+ynh_send_readme_to_admin() {
+ # Declare an array to define the options of this helper.
+ declare -Ar args_array=( [m]=app_message= [r]=recipients= [t]=type= )
+ local app_message
+ local recipients
+ local type
+ # Manage arguments with getopts
+
+ ynh_handle_getopts_args "$@"
+ app_message="${app_message:-}"
+ recipients="${recipients:-root}"
+ type="${type:-install}"
+
+ # Get the value of admin_mail_html
+ admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
+ admin_mail_html="${admin_mail_html:-0}"
+
+ # Retrieve the email of users
+ find_mails () {
+ local list_mails="$1"
+ local mail
+ local recipients=" "
+ # Read each mail in argument
+ for mail in $list_mails
+ do
+ # Keep root or a real email address as it is
+ if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@"
+ then
+ recipients="$recipients $mail"
+ else
+ # But replace an user name without a domain after by its email
+ if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null)
+ then
+ recipients="$recipients $mail"
+ fi
+ fi
+ done
+ echo "$recipients"
+ }
+ recipients=$(find_mails "$recipients")
+
+ # Subject base
+ local mail_subject="☁️🆈🅽🅷☁️: \`$app\`"
+
+ # Adapt the subject according to the type of mail required.
+ if [ "$type" = "backup" ]; then
+ mail_subject="$mail_subject has just been backup."
+ elif [ "$type" = "change_url" ]; then
+ mail_subject="$mail_subject has just been moved to a new URL!"
+ elif [ "$type" = "remove" ]; then
+ mail_subject="$mail_subject has just been removed!"
+ elif [ "$type" = "restore" ]; then
+ mail_subject="$mail_subject has just been restored!"
+ elif [ "$type" = "upgrade" ]; then
+ mail_subject="$mail_subject has just been upgraded!"
+ else # install
+ mail_subject="$mail_subject has just been installed!"
+ fi
+
+ ynh_add_config --template="$app_message" --destination="../conf/msg_to_send"
+
+ ynh_delete_file_checksum --file="../conf/msg_to_send"
+ local mail_message="This is an automated message from your beloved YunoHost server.
+Specific information for the application $app.
+$(cat "../conf/msg_to_send")"
+
+ # Store the message into a file for further modifications.
+ echo "$mail_message" > mail_to_send
+
+ # If a html email is required. Apply html tags to the message.
+ if [ "$admin_mail_html" -eq 1 ]
+ then
+ # Insert 'br' tags at each ending of lines.
+ ynh_replace_string "$" "
" mail_to_send
+
+ # Insert starting HTML tags
+ sed --in-place '1s@^@\n\n\n\n@' mail_to_send
+
+ # Keep tabulations
+ ynh_replace_string " " "\ \ " mail_to_send
+ ynh_replace_string "\t" "\ \ " mail_to_send
+
+ # Insert url links tags
+ ynh_replace_string "__URL_TAG1__\(.*\)__URL_TAG2__\(.*\)__URL_TAG3__" "\1" mail_to_send
+
+ # Insert finishing HTML tags
+ echo -e "\n\n" >> mail_to_send
+
+ # Otherwise, remove tags to keep a plain text.
+ else
+ # Remove URL tags
+ ynh_replace_string "__URL_TAG[1,3]__" "" mail_to_send
+ ynh_replace_string "__URL_TAG2__" ": " mail_to_send
+ fi
+
+ # Define binary to use for mail command
+ if [ -e /usr/bin/bsd-mailx ]
+ then
+ local mail_bin=/usr/bin/bsd-mailx
+ else
+ local mail_bin=/usr/bin/mail.mailutils
+ fi
+
+ if [ "$admin_mail_html" -eq 1 ]
+ then
+ content_type="text/html"
+ else
+ content_type="text/plain"
+ fi
+
+ # Send the email to the recipients
+ cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients"
+}
+
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================
diff --git a/scripts/backup b/scripts/backup
index f99225d..91261a6 100755
--- a/scripts/backup
+++ b/scripts/backup
@@ -28,11 +28,13 @@ ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
-final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
-db_name=$(ynh_app_setting_get --app=$app --key=db_name)
-phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
+port=$(ynh_app_setting_get --app=$app --key=port)
+rpc_secret=$(ynh_app_setting_get --app=$app --key=rpc_secret)
+port_api=$(ynh_app_setting_get --app=$app --key=port_api)
+port_web=$(ynh_app_setting_get --app=$app --key=port_web)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+bootstrap_peers=$(ynh_app_setting_get --app=$app --key=bootstrap_peers)
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
@@ -62,18 +64,6 @@ ynh_backup --src_path="$datadir" --is_big
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
-#=================================================
-# BACKUP THE PHP-FPM CONFIGURATION
-#=================================================
-
-ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
-
-#=================================================
-# BACKUP FAIL2BAN CONFIGURATION
-#=================================================
-
-ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
-ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
@@ -89,23 +79,6 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
ynh_backup --src_path="/etc/systemd/system/$app.service"
-#=================================================
-# BACKUP VARIOUS FILES
-#=================================================
-
-ynh_backup --src_path="/etc/cron.d/$app"
-
-ynh_backup --src_path="/etc/$app/"
-
-#=================================================
-# BACKUP THE MYSQL DATABASE
-#=================================================
-ynh_print_info --message="Backing up the MySQL database..."
-
-### (However, things like MySQL dumps *do* take some time to run, though the
-### copy of the generated dump to the archive still happens later)
-
-ynh_mysql_dump_db --database="$db_name" > db.sql
#=================================================
# END OF SCRIPT
diff --git a/scripts/install b/scripts/install
index c979962..8881561 100755
--- a/scripts/install
+++ b/scripts/install
@@ -24,7 +24,16 @@ ynh_abort_if_errors
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
+#port mandatory for garage
+port=3901
+ip=$(get_ip)
+
+
domain=$YNH_APP_ARG_DOMAIN
+rpc_secret=$YNH_APP_ARG_RPC_SECRET
+bootstrap_peers=$YNH_APP_ARG_BOOTSTRAP_PEERS
+datadir=$YNH_APP_ARG_DATADIR
+weight=$YNH_APP_ARG_WEIGHT
### If it's a multi-instance app, meaning it can be installed several times independently
### The id of the app as stated in the manifest is available as $YNH_APP_ID
@@ -55,9 +64,25 @@ ynh_script_progression --message="Validating installation parameters..." --time
### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app"
final_path=/opt/yunohost/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
+ynh_port_available --port=3900|| ynh_die --message="Port 3900 is needs to be available for this app"
+if [[ -n "$rpc_secret" ]]
+then
+ echo "$rpc_secret" | grep -E ^[0-9a-f]{64}$ || ynh_die --message="rpc_secret have to be a 32-byte hex-encoded random string. See https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/ for more information"
+else
+ rpc_secret=$(ynh_string_random 32| od -A n -t x -w64 | sed 's/ //g')
+fi
+if [ -n "$bootstrap_peers" ]
+then
+ echo "$bootstrap_peers" | grep -E '[0-9a-f]{64}@(\b25[0-5]|\b2[0-4][0-9]|\b[01]?[0-9][0-9]?)(\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)){3}:3901' || ynh_die --message="friend server id must have id with the following form : 1799bccfd7411eddcf9ebd316bc1f5287ad12a68094e1c6ac6abde7e6feae1ec@192.168.1.1:3901"
+fi
+
+if [ "$datadir" = "/home/yunohost.app/__APP_NAME__/data" ]
+then
+ datadir="/home/yunohost.app/$app/data"
+fi
# Register (book) web path
-ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
+ynh_webpath_register --app=$app --domain=$domain --path_url="/"
#=================================================
# STORE SETTINGS FROM MANIFEST
@@ -65,14 +90,17 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
ynh_script_progression --message="Storing installation settings..." --time --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain
-ynh_app_setting_set --app=$app --key=path --value=$path_url
+ynh_app_setting_set --app=$app --key=rpc_secret --value=$rpc_secret
+ynh_app_setting_set --app=$app --key=datadir --value=$datadir
+ynh_app_setting_set --app=$app --key=bootstrap_peers --value=$bootstrap_peers
+
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
-ynh_script_progression --message="Finding an available port..." --time --weight=1
+ynh_script_progression --message="Finding available ports..." --time --weight=1
### Use these lines if you have to open a port for the application
### `ynh_find_port` will find the first available port starting from the given port.
@@ -80,22 +108,36 @@ ynh_script_progression --message="Finding an available port..." --time --weight=
### - Remove the section "CLOSE A PORT" in the remove script
# Find an available port
-port=$(ynh_find_port --port=3900)
-ynh_app_setting_set --app=$app --key=port --value=$port
+port_api=$(ynh_find_port --port=3900)
+port_web=$(ynh_find_port --port=3902)
+port_admin=$(ynh_find_port --port=3903)
+
+ynh_app_setting_set --app=$app --key=port_api --value=$port_api
+ynh_app_setting_set --app=$app --key=port_web --value=$port_web
+ynh_app_setting_set --app=$app --key=port_admin --value=$port_admin
# Optional: Expose this port publicly
# (N.B.: you only need to do this if the app actually needs to expose the port publicly.
# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !)
# Open the port
-# ynh_script_progression --message="Configuring firewall..." --time --weight=1
-# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
+ ynh_script_progression --message="Configuring firewall..." --time --weight=1
+ ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --time --weight=1
+### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package.
+### Those deb packages will be installed as dependencies of this package.
+### If you're not using this helper:
+### - Remove the section "REMOVE DEPENDENCIES" in the remove script
+### - Remove the variable "pkg_dependencies" in _common.sh
+### - As well as the section "REINSTALL DEPENDENCIES" in the restore script
+### - And the section "UPGRADE DEPENDENCIES" in the upgrade script
+ ynh_install_app_dependencies $pkg_dependencies
+
#=================================================
# CREATE DEDICATED USER
#=================================================
@@ -115,7 +157,9 @@ ynh_script_progression --message="Setting up source files..." --time --weight=1
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
-ynh_setup_source --dest_dir="$final_path"
+pushd $final_path
+ install_garage
+popd
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
@@ -125,7 +169,7 @@ ynh_setup_source --dest_dir="$final_path"
# this will be treated as a security issue.
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
-chown -R $app:www-data "$final_path"
+chown -R $app:$app "$final_path"
#=================================================
@@ -138,6 +182,9 @@ ynh_script_progression --message="Configuring NGINX web server..." --time --weig
# Create a dedicated NGINX config
ynh_add_nginx_config
+#add wildcard subdomain
+ynh_replace_string --match_string="server_name $domain" --replace_string="server_name $domain *.$domain" --target_file="/etc/nginx/conf.d/$domain.conf"
+ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.conf"
#=================================================
# SPECIFIC SETUP
#=================================================
@@ -157,10 +204,16 @@ ynh_script_progression --message="Creating a data directory..." --time --weight=
### - Remove the section "RESTORE THE DATA DIRECTORY" in the restore script
### - As well as the section "REMOVE DATA DIR" in the remove script
-datadir=/home/yunohost.app/$app
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
-mkdir -p $datadir
+mkdir -p $datadir/data
+
+#=================================================
+# create data partition
+#=================================================
+# to be sure to not exceed size limit, i use a virtual disk with a fix size to have a max limit size.
+qemu-img create -f qcow2 $datadir/garage_data.qcow2 "$weight"G
+nbd_index=$($final_path/mount_disk.sh "$datadir" true)
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
@@ -170,8 +223,10 @@ mkdir -p $datadir
# this will be treated as a security issue.
chmod 750 "$datadir"
chmod -R o-rwx "$datadir"
-chown -R $app:www-data "$datadir"
+chown -R $app:$app "$datadir"
+umount /dev/nbd$nbd_index
+qemu-img --disconnect /dev/nbd$nbd_index
#=================================================
# ADD A CONFIGURATION
#=================================================
@@ -189,13 +244,13 @@ ynh_script_progression --message="Adding a configuration file..." --time --weigh
###
### Check the documentation of `ynh_add_config` for more info.
-ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file"
+ynh_add_config --template="garage.toml" --destination="$final_path/garage.toml"
# FIXME: this should be handled by the core in the future
# You may need to use chmod 600 instead of 400,
# for example if the app is expected to be able to modify its own config
-chmod 400 "$final_path/some_config_file"
-chown $app:$app "$final_path/some_config_file"
+chmod 400 "$final_path/garage.toml"
+chown $app:$app "$final_path/garag.toml"
### For more complex cases where you want to replace stuff using regexes,
### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
@@ -223,27 +278,6 @@ ynh_script_progression --message="Configuring a systemd service..." --time --wei
# Create a dedicated systemd config
ynh_add_systemd_config
-#=================================================
-# SETUP APPLICATION WITH CURL
-#=================================================
-
-### Use these lines only if the app installation needs to be finalized through
-### web forms. We generally don't want to ask the final user,
-### so we're going to use curl to automatically fill the fields and submit the
-### forms.
-
-# Set the app as temporarily public for curl call
-ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
-# Making the app public for curl
-ynh_permission_update --permission="main" --add="visitors"
-
-# Installation with curl
-ynh_script_progression --message="Finalizing installation..." --time --weight=1
-ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
-
-# Remove the public access
-ynh_permission_update --permission="main" --remove="visitors"
-
#=================================================
# GENERIC FINALIZATION
#=================================================
@@ -276,7 +310,7 @@ ynh_script_progression --message="Integrating service in YunoHost..." --time --w
### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script
### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script
-yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
+yunohost service add --needs_exposed_ports $app --description="s3 storage" --log="/var/log/$app/$app.log"
### Additional options starting with 3.8:
###
@@ -294,6 +328,7 @@ yunohost service add $app --description="A short description of the app" --log="
### weren't enabled on old installs (be careful it'll override the existing
### service though so you should re-provide all relevant flags when doing so)
+
#=================================================
# START SYSTEMD SERVICE
#=================================================
@@ -310,37 +345,14 @@ ynh_script_progression --message="Starting a systemd service..." --time --weight
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
-#=================================================
-# SETUP FAIL2BAN
-#=================================================
-ynh_script_progression --message="Configuring Fail2Ban..." --time --weight=1
-
-# Create a dedicated Fail2Ban config
-ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
-
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --time --weight=1
-# Make app public if necessary
-if [ $is_public -eq 1 ]
-then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors"
-fi
-
-### N.B. : the following extra permissions only make sense if your app
-### does have for example an admin interface or an API.
-
-# Only the admin can access the admin panel of the app (if the app has an admin panel)
-ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
-
-# Everyone can access the API part
-# We don't want to display the tile in the SSO so we put --show_tile="false"
-# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true"
-ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
#=================================================
# RELOAD NGINX
@@ -349,6 +361,24 @@ ynh_script_progression --message="Reloading NGINX web server..." --time --weight
ynh_systemd_action --service_name=nginx --action=reload
+
+#=================================================
+# CONFIGURE GARAGE
+#=================================================
+ynh_script_progression --message="Configuring garage..." --time --weight=1
+
+garage_command="$final_path/garage -c $final_path/garage.toml"
+
+gagare_id=$($garage_command node id -q | cut -d '@' -f1)
+
+$garage_command assign $garage_id -z $domain -c
+
+
+#=================================================
+# Send email to admin
+#=================================================
+ynh_send_readme_to_admin --app_message=app_message
+
#=================================================
# END OF SCRIPT
#=================================================
diff --git a/scripts/remove b/scripts/remove
index 29da1fd..68b8e99 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -18,10 +18,11 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
port=$(ynh_app_setting_get --app=$app --key=port)
-db_name=$(ynh_app_setting_get --app=$app --key=db_name)
-db_user=$db_name
-final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+rpc_secret=$(ynh_app_setting_get --app=$app --key=rpc_secret)
+port_api=$(ynh_app_setting_get --app=$app --key=port_api)
+port_web=$(ynh_app_setting_get --app=$app --key=port_web)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+bootstrap_peers=$(ynh_app_setting_get --app=$app --key=bootstrap_peers)
#=================================================
# STANDARD REMOVE
@@ -52,13 +53,6 @@ ynh_script_progression --message="Removing logrotate configuration..." --time --
# Remove the app-specific logrotate config
ynh_remove_logrotate
-#=================================================
-# REMOVE THE MYSQL DATABASE
-#=================================================
-ynh_script_progression --message="Removing the MySQL database..." --time --weight=1
-
-# Remove a database if it exists, along with the associated user
-ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name
#=================================================
# REMOVE APP MAIN DIR
@@ -87,13 +81,9 @@ ynh_script_progression --message="Removing NGINX web server configuration..." --
# Remove the dedicated NGINX config
ynh_remove_nginx_config
-#=================================================
-# REMOVE PHP-FPM CONFIGURATION
-#=================================================
-ynh_script_progression --message="Removing PHP-FPM configuration..." --time --weight=1
-
-# Remove the dedicated PHP-FPM config
-ynh_remove_fpm_config
+#add wildcard subdomain
+ynh_replace_string --replace_string="server_name $domain" --match_string="server_name $domain *.$domain" --target_file="/etc/nginx/conf.d/$domain.conf"
+ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.conf"
#=================================================
# REMOVE DEPENDENCIES
@@ -113,13 +103,6 @@ then
ynh_exec_warn_less yunohost firewall disallow TCP $port
fi
-#=================================================
-# REMOVE FAIL2BAN CONFIGURATION
-#=================================================
-ynh_script_progression --message="Removing Fail2Ban configuration..." --time --weight=1
-
-# Remove the dedicated Fail2Ban config
-ynh_remove_fail2ban_config
#=================================================
# SPECIFIC REMOVE
@@ -128,12 +111,6 @@ ynh_remove_fail2ban_config
#=================================================
ynh_script_progression --message="Removing various files..." --time --weight=1
-# Remove a cron file
-ynh_secure_remove --file="/etc/cron.d/$app"
-
-# Remove a directory securely
-ynh_secure_remove --file="/etc/$app"
-
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
diff --git a/scripts/restore b/scripts/restore
index d0c948c..2d75231 100755
--- a/scripts/restore
+++ b/scripts/restore
@@ -29,11 +29,7 @@ ynh_script_progression --message="Loading installation settings..." --time --wei
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
-path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-db_name=$(ynh_app_setting_get --app=$app --key=db_name)
-db_user=$db_name
-phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
@@ -69,7 +65,7 @@ ynh_restore_file --origin_path="$final_path"
# this will be treated as a security issue.
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
-chown -R $app:www-data "$final_path"
+chown -R $app:$app "$final_path"
#=================================================
# RESTORE THE DATA DIRECTORY
@@ -88,16 +84,7 @@ mkdir -p $datadir
# this will be treated as a security issue.
chmod 750 "$datadir"
chmod -R o-rwx "$datadir"
-chown -R $app:www-data "$datadir"
-
-#=================================================
-# RESTORE FAIL2BAN CONFIGURATION
-#=================================================
-ynh_script_progression --message="Restoring the Fail2Ban configuration..." --time --weight=1
-
-ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
-ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
-ynh_systemd_action --action=restart --service_name=fail2ban
+chown -R $app:$app "$datadir"
#=================================================
# SPECIFIC RESTORATION
@@ -109,12 +96,9 @@ ynh_script_progression --message="Reinstalling dependencies..." --time --weight=
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
-#=================================================
-# RESTORE THE PHP-FPM CONFIGURATION
-#=================================================
-ynh_script_progression --message="Restoring the PHP-FPM configuration..." --time --weight=1
-
-ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
+# Open the port
+ ynh_script_progression --message="Configuring firewall..." --time --weight=1
+ ynh_exec_warn_less yunohost firewall allow TCP $port
#=================================================
# RESTORE THE NGINX CONFIGURATION
@@ -122,24 +106,9 @@ ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
ynh_script_progression --message="Restoring the NGINX web server configuration..." --time --weight=1
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
+#add wildcard subdomain
+ynh_replace_string --match_string="server_name $domain" --replace_string="server_name $domain *.$domain" --target_file="/etc/nginx/conf.d/$domain.conf"
-#=================================================
-# RESTORE THE MYSQL DATABASE
-#=================================================
-ynh_script_progression --message="Restoring the MySQL database..." --time --weight=1
-
-db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
-ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
-ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
-
-#=================================================
-# RESTORE VARIOUS FILES
-#=================================================
-ynh_script_progression --message="Restoring various files..." --time --weight=1
-
-ynh_restore_file --origin_path="/etc/cron.d/$app"
-
-ynh_restore_file --origin_path="/etc/$app/"
#=================================================
# RESTORE SYSTEMD
@@ -161,7 +130,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
-yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
+yunohost service add --needs_exposed_ports $app --description="s3 storage" --log="/var/log/$app/$app.log"
#=================================================
# START SYSTEMD SERVICE
@@ -177,7 +146,6 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap
#=================================================
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --time --weight=1
-ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 5b3c79b..0f4528b 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -17,11 +17,12 @@ ynh_script_progression --message="Loading installation settings..." --time --wei
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
-path_url=$(ynh_app_setting_get --app=$app --key=path)
-language=$(ynh_app_setting_get --app=$app --key=language)
-admin=$(ynh_app_setting_get --app=$app --key=admin)
-final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+port=$(ynh_app_setting_get --app=$app --key=port)
+rpc_secret=$(ynh_app_setting_get --app=$app --key=rpc_secret)
+port_api=$(ynh_app_setting_get --app=$app --key=port_api)
+port_web=$(ynh_app_setting_get --app=$app --key=port_web)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+bootstrap_peers=$(ynh_app_setting_get --app=$app --key=bootstrap_peers)
#=================================================
# CHECK VERSION
@@ -118,7 +119,9 @@ then
ynh_script_progression --message="Upgrading source files..." --time --weight=1
# Download, check integrity, uncompress and patch the source from app.src
- ynh_setup_source --dest_dir="$final_path"
+ pushd $final_path
+ install_garage
+ popd
fi
# FIXME: this should be managed by the core in the future
@@ -129,22 +132,8 @@ fi
# this will be treated as a security issue.
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
-chown -R $app:www-data "$final_path"
+chown -R $app:$app "$final_path"
-#=================================================
-# UPGRADE DEPENDENCIES
-#=================================================
-ynh_script_progression --message="Upgrading dependencies..." --time --weight=1
-
-ynh_install_app_dependencies $pkg_dependencies
-
-#=================================================
-# PHP-FPM CONFIGURATION
-#=================================================
-ynh_script_progression --message="Upgrading PHP-FPM configuration..." --time --weight=1
-
-# Create a dedicated PHP-FPM config
-ynh_add_fpm_config
#=================================================
# NGINX CONFIGURATION
@@ -165,18 +154,6 @@ ynh_add_nginx_config
#=================================================
ynh_script_progression --message="Updating a configuration file..." --time --weight=1
-### Same as during install
-###
-### The file will automatically be backed-up if it's found to be manually modified (because
-### ynh_add_config keeps track of the file's checksum)
-
-ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file"
-
-# FIXME: this should be handled by the core in the future
-# You may need to use chmod 600 instead of 400,
-# for example if the app is expected to be able to modify its own config
-chmod 400 "$final_path/some_config_file"
-chown $app:$app "$final_path/some_config_file"
### For more complex cases where you want to replace stuff using regexes,
### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
@@ -208,7 +185,7 @@ ynh_use_logrotate --non-append
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
-yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
+yunohost service add --needs_exposed_ports $app --description="s3 storage" --log="/var/log/$app/$app.log"
#=================================================
# START SYSTEMD SERVICE
@@ -217,14 +194,6 @@ ynh_script_progression --message="Starting a systemd service..." --time --weight
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
-#=================================================
-# UPGRADE FAIL2BAN
-#=================================================
-ynh_script_progression --message="Reconfiguring Fail2Ban..." --time --weight=1
-
-# Create a dedicated Fail2Ban config
-ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
-
#=================================================
# RELOAD NGINX
#=================================================