From ff8561f0545a5ae1ab754a0ddbfc149cc87c1dad Mon Sep 17 00:00:00 2001 From: saravanan_477at17 Date: Fri, 9 Nov 2018 16:02:03 +0530 Subject: [PATCH] Change #1107: Sandstorm support files added --- .sandstorm/.gitattributes | 5 + .sandstorm/.gitignore | 5 + .sandstorm/Vagrantfile | 111 ++++++++++++++ .sandstorm/build.sh | 34 ++++ .sandstorm/global-setup.sh | 48 ++++++ .sandstorm/launcher.sh | 33 ++++ .sandstorm/sandstorm-pkgdef.capnp | 247 ++++++++++++++++++++++++++++++ .sandstorm/setup.sh | 124 +++++++++++++++ .sandstorm/stack | 1 + 9 files changed, 608 insertions(+) create mode 100644 .sandstorm/.gitattributes create mode 100644 .sandstorm/.gitignore create mode 100644 .sandstorm/Vagrantfile create mode 100755 .sandstorm/build.sh create mode 100755 .sandstorm/global-setup.sh create mode 100644 .sandstorm/launcher.sh create mode 100644 .sandstorm/sandstorm-pkgdef.capnp create mode 100644 .sandstorm/setup.sh create mode 100644 .sandstorm/stack diff --git a/.sandstorm/.gitattributes b/.sandstorm/.gitattributes new file mode 100644 index 000000000..5a533b9f6 --- /dev/null +++ b/.sandstorm/.gitattributes @@ -0,0 +1,5 @@ + + +# vagrant-spk creates shell scripts, which must end in \n, even on a \r\n system. +*.sh text eol=lf + diff --git a/.sandstorm/.gitignore b/.sandstorm/.gitignore new file mode 100644 index 000000000..d70e1e39e --- /dev/null +++ b/.sandstorm/.gitignore @@ -0,0 +1,5 @@ + + +# This file stores a list of sub-paths of .sandstorm/ that should be ignored by git. +.vagrant + diff --git a/.sandstorm/Vagrantfile b/.sandstorm/Vagrantfile new file mode 100644 index 000000000..b3711dd5c --- /dev/null +++ b/.sandstorm/Vagrantfile @@ -0,0 +1,111 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# Guess at a reasonable name for the VM based on the folder vagrant-spk is +# run from. The timestamp is there to avoid conflicts if you have multiple +# folders with the same name. +VM_NAME = File.basename(File.dirname(File.dirname(__FILE__))) + "_sandstorm_#{Time.now.utc.to_i}" + +# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! +VAGRANTFILE_API_VERSION = "2" + +# ugly hack to prevent hashicorp's bitrot. See https://github.com/hashicorp/vagrant/issues/9442 +# this setting is required for pre-2.0 vagrant, but causes an error as of 2.0.3, +# remove entirely when confident nobody uses vagrant 1.x for anything. +unless Vagrant::DEFAULT_SERVER_URL.frozen? + Vagrant::DEFAULT_SERVER_URL.replace('https://vagrantcloud.com') +end + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + # Base on the Sandstorm snapshots of the official Debian 9 (stretch) box with vboxsf support. + config.vm.box = "debian/contrib-stretch64" + config.vm.box_version = "9.3.0" + + if Vagrant.has_plugin?("vagrant-vbguest") then + # vagrant-vbguest is a Vagrant plugin that upgrades + # the version of VirtualBox Guest Additions within each + # guest. If you have the vagrant-vbguest plugin, then it + # needs to know how to compile kernel modules, etc., and so + # we give it this hint about operating system type. + config.vm.guest = "debian" + end + + # We forward port 6080, the Sandstorm web port, so that developers can + # visit their sandstorm app from their browser as local.sandstorm.io:6080 + # (aka 127.0.0.1:6080). + config.vm.network "public_network", :bridge => 'enp2s0', guest: 6080, host: 6080 + + # Use a shell script to "provision" the box. This installs Sandstorm using + # the bundled installer. + config.vm.provision "shell", inline: "sudo bash /opt/app/.sandstorm/global-setup.sh", keep_color: true + # Then, do stack-specific and app-specific setup. + config.vm.provision "shell", inline: "sudo bash /opt/app/.sandstorm/setup.sh", keep_color: true + + # Shared folders are configured per-provider since vboxsf can't handle >4096 open files, + # NFS requires privilege escalation every time you bring a VM up, + # and 9p is only available on libvirt. + + # Calculate the number of CPUs and the amount of RAM the system has, + # in a platform-dependent way; further logic below. + cpus = nil + total_kB_ram = nil + + host = RbConfig::CONFIG['host_os'] + if host =~ /darwin/ + cpus = `sysctl -n hw.ncpu`.to_i + total_kB_ram = `sysctl -n hw.memsize`.to_i / 1024 + elsif host =~ /linux/ + cpus = `nproc`.to_i + total_kB_ram = `grep MemTotal /proc/meminfo | awk '{print $2}'`.to_i + elsif host =~ /mingw/ + # powershell may not be available on Windows XP and Vista, so wrap this in a rescue block + begin + cpus = `powershell -Command "(Get-WmiObject Win32_Processor -Property NumberOfLogicalProcessors | Select-Object -Property NumberOfLogicalProcessors | Measure-Object NumberOfLogicalProcessors -Sum).Sum"`.to_i + total_kB_ram = `powershell -Command "[math]::Round((Get-WmiObject -Class Win32_ComputerSystem).TotalPhysicalMemory)"`.to_i / 1024 + rescue + end + end + # Use the same number of CPUs within Vagrant as the system, with 1 + # as a default. + # + # Use at least 512MB of RAM, and if the system has more than 2GB of + # RAM, use 1/4 of the system RAM. This seems a reasonable compromise + # between having the Vagrant guest operating system not run out of + # RAM entirely (which it basically would if we went much lower than + # 512MB) and also allowing it to use up a healthily large amount of + # RAM so it can run faster on systems that can afford it. + if cpus.nil? or cpus.zero? + cpus = 1 + end + if total_kB_ram.nil? or total_kB_ram < 2048000 + assign_ram_mb = 512 + else + assign_ram_mb = (total_kB_ram / 1024 / 4) + end + # Actually apply these CPU/memory values to the providers. + config.vm.provider :virtualbox do |vb, override| + vb.cpus = cpus + vb.memory = assign_ram_mb + vb.name = VM_NAME + vb.customize ["modifyvm", :id, "--nictype1", "Am79C973"] + + # /opt/app and /host-dot-sandstorm are used by vagrant-spk + override.vm.synced_folder "..", "/opt/app" + override.vm.synced_folder ENV["HOME"] + "/.sandstorm", "/host-dot-sandstorm" + # /vagrant is not used by vagrant-spk; we need this line so it gets disabled; if we removed the + # line, vagrant would automatically insert a synced folder in /vagrant, which is not what we want. + override.vm.synced_folder "..", "/vagrant", disabled: true + end + config.vm.provider :libvirt do |libvirt, override| + libvirt.cpus = cpus + libvirt.memory = assign_ram_mb + libvirt.default_prefix = VM_NAME + + # /opt/app and /host-dot-sandstorm are used by vagrant-spk + override.vm.synced_folder "..", "/opt/app", type: "9p", accessmode: "passthrough" + override.vm.synced_folder ENV["HOME"] + "/.sandstorm", "/host-dot-sandstorm", type: "9p", accessmode: "passthrough" + # /vagrant is not used by vagrant-spk; we need this line so it gets disabled; if we removed the + # line, vagrant would automatically insert a synced folder in /vagrant, which is not what we want. + override.vm.synced_folder "..", "/vagrant", type: "9p", accessmode: "passthrough", disabled: true + end +end diff --git a/.sandstorm/build.sh b/.sandstorm/build.sh new file mode 100755 index 000000000..21be48691 --- /dev/null +++ b/.sandstorm/build.sh @@ -0,0 +1,34 @@ +#!/bin/bash +set -euo pipefail +# This script is run every time an instance of our app - aka grain - starts up. +# This is the entry point for your application both when a grain is first launched +# and when a grain resumes after being previously shut down. +# +# This script is responsible for launching everything your app needs to run. The +# thing it should do *last* is: +# +# * Start a process in the foreground listening on port 8000 for HTTP requests. +# +# This is how you indicate to the platform that your application is up and +# ready to receive requests. Often, this will be something like nginx serving +# static files and reverse proxying for some other dynamic backend service. +# +# Other things you probably want to do in this script include: +# +# * Building folder structures in /var. /var is the only non-tmpfs folder +# mounted read-write in the sandbox, and when a grain is first launched, it +# will start out empty. It will persist between runs of the same grain, but +# be unique per app instance. That is, two instances of the same app have +# separate instances of /var. +# * Preparing a database and running migrations. As your package changes +# over time and you release updates, you will need to deal with migrating +# data from previous schema versions to new ones, since users should not have +# to think about such things. +# * Launching other daemons your app needs (e.g. mysqld, redis-server, etc.) + +# By default, this script does nothing. You'll have to modify it as +# appropriate for your application. + +cd /opt/app + +exit 0 \ No newline at end of file diff --git a/.sandstorm/global-setup.sh b/.sandstorm/global-setup.sh new file mode 100755 index 000000000..6f1d1da99 --- /dev/null +++ b/.sandstorm/global-setup.sh @@ -0,0 +1,48 @@ +#!/bin/bash +set -euo pipefail + +# Set options for curl. Since we only want to show errors from these curl commands, we also use +# 'cat' to buffer the output; for more information: +# https://github.com/sandstorm-io/vagrant-spk/issues/158 + +CURL_OPTS="--silent --show-error" +echo localhost > /etc/hostname +hostname localhost + +# Install curl that is needed below. +apt-get update +apt-get install -y curl + +# The following line copies stderr through stderr to cat without accidentally leaving it in the +# output file. Be careful when changing. See: https://github.com/sandstorm-io/vagrant-spk/pull/159 +curl $CURL_OPTS https://install.sandstorm.io/ 2>&1 > /host-dot-sandstorm/caches/install.sh | cat + +SANDSTORM_CURRENT_VERSION=$(curl $CURL_OPTS -f "https://install.sandstorm.io/dev?from=0&type=install") +SANDSTORM_PACKAGE="sandstorm-$SANDSTORM_CURRENT_VERSION.tar.xz" +if [[ ! -f /host-dot-sandstorm/caches/$SANDSTORM_PACKAGE ]] ; then + echo -n "Downloading Sandstorm version ${SANDSTORM_CURRENT_VERSION}..." + curl $CURL_OPTS --output "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE.partial" "https://dl.sandstorm.io/$SANDSTORM_PACKAGE" 2>&1 | cat + mv "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE.partial" "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE" + echo "...done." +fi +if [ ! -e /opt/sandstorm/latest/sandstorm ] ; then + echo -n "Installing Sandstorm version ${SANDSTORM_CURRENT_VERSION}..." + bash /host-dot-sandstorm/caches/install.sh -d -e "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE" >/dev/null + echo "...done." +fi +modprobe ip_tables +# Make the vagrant user part of the sandstorm group so that commands like +# `spk dev` work. +usermod -a -G 'sandstorm' 'vagrant' +# Bind to all addresses, so the vagrant port-forward works. +sudo sed --in-place='' \ + --expression='s/^BIND_IP=.*/BIND_IP=0.0.0.0/' \ + /opt/sandstorm/sandstorm.conf +sudo service sandstorm restart +# Enable apt-cacher-ng proxy to make things faster if one appears to be running on the gateway IP +GATEWAY_IP=$(ip route | grep ^default | cut -d ' ' -f 3) +if nc -z "$GATEWAY_IP" 3142 ; then + echo "Acquire::http::Proxy \"http://$GATEWAY_IP:3142\";" > /etc/apt/apt.conf.d/80httpproxy +fi +# Configure apt to retry fetching things that fail to download. +echo "APT::Acquire::Retries \"10\";" > /etc/apt/apt.conf.d/80sandstorm-retry diff --git a/.sandstorm/launcher.sh b/.sandstorm/launcher.sh new file mode 100644 index 000000000..100d8a57c --- /dev/null +++ b/.sandstorm/launcher.sh @@ -0,0 +1,33 @@ +#!/bin/bash +set -euo pipefail +# This script is run every time an instance of our app - aka grain - starts up. +# This is the entry point for your application both when a grain is first launched +# and when a grain resumes after being previously shut down. +# +# This script is responsible for launching everything your app needs to run. The +# thing it should do *last* is: +# +# * Start a process in the foreground listening on port 8000 for HTTP requests. +# +# This is how you indicate to the platform that your application is up and +# ready to receive requests. Often, this will be something like nginx serving +# static files and reverse proxying for some other dynamic backend service. +# +# Other things you probably want to do in this script include: +# +# * Building folder structures in /var. /var is the only non-tmpfs folder +# mounted read-write in the sandbox, and when a grain is first launched, it +# will start out empty. It will persist between runs of the same grain, but +# be unique per app instance. That is, two instances of the same app have +# separate instances of /var. +# * Preparing a database and running migrations. As your package changes +# over time and you release updates, you will need to deal with migrating +# data from previous schema versions to new ones, since users should not have +# to think about such things. +# * Launching other daemons your app needs (e.g. mysqld, redis-server, etc.) + +# By default, this script does nothing. You'll have to modify it as +# appropriate for your application. +cd /opt/app + +exit 0 diff --git a/.sandstorm/sandstorm-pkgdef.capnp b/.sandstorm/sandstorm-pkgdef.capnp new file mode 100644 index 000000000..17444c978 --- /dev/null +++ b/.sandstorm/sandstorm-pkgdef.capnp @@ -0,0 +1,247 @@ +@0xca0533452165aabf; + +using Spk = import "/sandstorm/package.capnp"; +# This imports: +# $SANDSTORM_HOME/latest/usr/include/sandstorm/package.capnp +# Check out that file to see the full, documented package definition format. + +const pkgdef :Spk.PackageDefinition = ( + # The package definition. Note that the spk tool looks specifically for the + # "pkgdef" constant. + + id = "416s6gqcqstgv4yq87xcp3dqqt5qaq3pnvrxvfqzge4f03kg8fgh", + # Your app ID is actually its public key. The private key was placed in + # your keyring. All updates must be signed with the same key. + + manifest = ( + # This manifest is included in your app package to tell Sandstorm + # about your app. + + appTitle = (defaultText = "Restyaboard"), + + appVersion = 0, # Increment this for every release. + + appMarketingVersion = (defaultText = "0.6.6"), + # Human-readable representation of appVersion. Should match the way you + # identify versions of your app in documentation and marketing. + + actions = [ + # Define your "new document" handlers here. + ( nounPhrase = (defaultText = "showcase"), + command = .myCommand + # The command to run when starting for the first time. (".myCommand" + # is just a constant defined at the bottom of the file.) + ) + ], + + continueCommand = .myCommand, + # This is the command called to start your app back up after it has been + # shut down for inactivity. Here we're using the same command as for + # starting a new instance, but you could use different commands for each + # case. + + metadata = ( + # Data which is not needed specifically to execute the app, but is useful + # for purposes like marketing and display. These fields are documented at + # https://docs.sandstorm.io/en/latest/developing/publishing-apps/#add-required-metadata + # and (in deeper detail) in the sandstorm source code, in the Metadata section of + # https://github.com/sandstorm-io/sandstorm/blob/master/src/sandstorm/package.capnp + icons = ( + # Various icons to represent the app in various contexts. + #appGrid = (svg = embed "restyaboard-128x128.svg"), + #grain = (svg = embed "restyaboard-24x24.svg"), + #market = (svg = embed "restyaboard-150x150.svg"), + #marketBig = (svg = embed "restyaboard-300x300.svg"), + ), + + website = "https://restya.com", + # This should be the app's main website url. + + codeUrl = "https://github.com/RestyaPlatform/board", + # URL of the app's source code repository, e.g. a GitHub URL. + # Required if you specify a license requiring redistributing code, but optional otherwise. + + license = (none = void), + # The license this package is distributed under. See + # https://docs.sandstorm.io/en/latest/developing/publishing-apps/#license + + categories = [], + # A list of categories/genres to which this app belongs, sorted with best fit first. + # See the list of categories at + # https://docs.sandstorm.io/en/latest/developing/publishing-apps/#categories + + author = ( + # Fields relating to the author of this app. + + contactEmail = "info@restya.com", + # Email address to contact for any issues with this app. This includes end-user support + # requests as well as app store administrator requests, so it is very important that this be a + # valid address with someone paying attention to it. + + #pgpSignature = embed "path/to/pgp-signature", + # PGP signature attesting responsibility for the app ID. This is a binary-format detached + # signature of the following ASCII message (not including the quotes, no newlines, and + # replacing with the standard base-32 text format of the app's ID): + # + # "I am the author of the Sandstorm.io app with the following ID: " + # + # You can create a signature file using `gpg` like so: + # + # echo -n "I am the author of the Sandstorm.io app with the following ID: " | gpg --sign > pgp-signature + # + # Further details including how to set up GPG and how to use keybase.io can be found + # at https://docs.sandstorm.io/en/latest/developing/publishing-apps/#verify-your-identity + + upstreamAuthor = "Restya Team", + # Name of the original primary author of this app, if it is different from the person who + # produced the Sandstorm package. Setting this implies that the author connected to the PGP + # signature only "packaged" the app for Sandstorm, rather than developing the app. + # Remove this line if you consider yourself as the author of the app. + ), + + #pgpKeyring = embed "path/to/pgp-keyring", + # A keyring in GPG keyring format containing all public keys needed to verify PGP signatures in + # this manifest (as of this writing, there is only one: `author.pgpSignature`). + # + # To generate a keyring containing just your public key, do: + # + # gpg --export > keyring + # + # Where `` is a PGP key ID or email address associated with the key. + + #description = (defaultText = embed "path/to/description.md"), + # The app's description in Github-flavored Markdown format, to be displayed e.g. + # in an app store. Note that the Markdown is not permitted to contain HTML nor image tags (but + # you can include a list of screenshots separately). + + shortDescription = (defaultText = "Trello like kanban board. Based on Restya platform."), + # A very short (one-to-three words) description of what the app does. For example, + # "Document editor", or "Notetaking", or "Email client". This will be displayed under the app + # title in the grid view in the app market. + + screenshots = [ + # Screenshots to use for marketing purposes. Examples below. + # Sizes are given in device-independent pixels, so if you took these + # screenshots on a Retina-style high DPI screen, divide each dimension by two. + + #(width = 746, height = 795, jpeg = embed "path/to/screenshot-1.jpeg"), + #(width = 640, height = 480, png = embed "path/to/screenshot-2.png"), + ], + #changeLog = (defaultText = embed "path/to/sandstorm-specific/changelog.md"), + # Documents the history of changes in Github-flavored markdown format (with the same restrictions + # as govern `description`). We recommend formatting this with an H1 heading for each version + # followed by a bullet list of changes. + ), + ), + + sourceMap = ( + # Here we defined where to look for files to copy into your package. The + # `spk dev` command actually figures out what files your app needs + # automatically by running it on a FUSE filesystem. So, the mappings + # here are only to tell it where to find files that the app wants. + searchPath = [ + ( sourcePath = "." ), # Search this directory first. + ( sourcePath = "/", # Then search the system root directory. + hidePaths = [ "home", "proc", "sys", + "etc/passwd", "etc/hosts", "etc/host.conf", + "etc/nsswitch.conf", "etc/resolv.conf" ] + # You probably don't want the app pulling files from these places, + # so we hide them. Note that /dev, /var, and /tmp are implicitly + # hidden because Sandstorm itself provides them. + ) + ] + ), + + fileList = "sandstorm-files.list", + # `spk dev` will write a list of all the files your app uses to this file. + # You should review it later, before shipping your app. + + alwaysInclude = [], + # Fill this list with more names of files or directories that should be + # included in your package, even if not listed in sandstorm-files.list. + # Use this to force-include stuff that you know you need but which may + # not have been detected as a dependency during `spk dev`. If you list + # a directory here, its entire contents will be included recursively. + + #bridgeConfig = ( + # # Used for integrating permissions and roles into the Sandstorm shell + # # and for sandstorm-http-bridge to pass to your app. + # # Uncomment this block and adjust the permissions and roles to make + # # sense for your app. + # # For more information, see high-level documentation at + # # https://docs.sandstorm.io/en/latest/developing/auth/ + # # and advanced details in the "BridgeConfig" section of + # # https://github.com/sandstorm-io/sandstorm/blob/master/src/sandstorm/package.capnp + # viewInfo = ( + # # For details on the viewInfo field, consult "ViewInfo" in + # # https://github.com/sandstorm-io/sandstorm/blob/master/src/sandstorm/grain.capnp + # + # permissions = [ + # # Permissions which a user may or may not possess. A user's current + # # permissions are passed to the app as a comma-separated list of `name` + # # fields in the X-Sandstorm-Permissions header with each request. + # # + # # IMPORTANT: only ever append to this list! Reordering or removing fields + # # will change behavior and permissions for existing grains! To deprecate a + # # permission, or for more information, see "PermissionDef" in + # # https://github.com/sandstorm-io/sandstorm/blob/master/src/sandstorm/grain.capnp + # ( + # name = "editor", + # # Name of the permission, used as an identifier for the permission in cases where string + # # names are preferred. Used in sandstorm-http-bridge's X-Sandstorm-Permissions HTTP header. + # + # title = (defaultText = "editor"), + # # Display name of the permission, e.g. to display in a checklist of permissions + # # that may be assigned when sharing. + # + # description = (defaultText = "grants ability to modify data"), + # # Prose describing what this role means, suitable for a tool tip or similar help text. + # ), + # ], + # roles = [ + # # Roles are logical collections of permissions. For instance, your app may have + # # a "viewer" role and an "editor" role + # ( + # title = (defaultText = "editor"), + # # Name of the role. Shown in the Sandstorm UI to indicate which users have which roles. + # + # permissions = [true], + # # An array indicating which permissions this role carries. + # # It should be the same length as the permissions array in + # # viewInfo, and the order of the lists must match. + # + # verbPhrase = (defaultText = "can make changes to the document"), + # # Brief explanatory text to show in the sharing UI indicating + # # what a user assigned this role will be able to do with the grain. + # + # description = (defaultText = "editors may view all site data and change settings."), + # # Prose describing what this role means, suitable for a tool tip or similar help text. + # ), + # ( + # title = (defaultText = "viewer"), + # permissions = [false], + # verbPhrase = (defaultText = "can view the document"), + # description = (defaultText = "viewers may view what other users have written."), + # ), + # ], + # ), + # #apiPath = "/api", + # # Apps can export an API to the world. The API is to be used primarily by Javascript + # # code and native apps, so it can't serve out regular HTML to browsers. If a request + # # comes in to your app's API, sandstorm-http-bridge will prefix the request's path with + # # this string, if specified. + #), +); + +const myCommand :Spk.Manifest.Command = ( + # Here we define the command used to start up your server. + argv = ["/sandstorm-http-bridge", "8000", "--", "/bin/bash", "/opt/app/.sandstorm/launcher.sh"], + environ = [ + # Note that this defines the *entire* environment seen by your app. + (key = "PATH", value = "/usr/local/bin:/usr/bin:/bin"), + (key = "SANDSTORM", value = "1"), + # Export SANDSTORM=1 into the environment, so that apps running within Sandstorm + # can detect if $SANDSTORM="1" at runtime, switching UI and/or backend to use + # the app's Sandstorm-specific integration code. + ] +); diff --git a/.sandstorm/setup.sh b/.sandstorm/setup.sh new file mode 100644 index 000000000..b27bde510 --- /dev/null +++ b/.sandstorm/setup.sh @@ -0,0 +1,124 @@ +#!/bin/bash +set -euo pipefail + +# Update OS & install curl & unzip +apt-get update -y +apt-get install -y curl unzip + +# Find latest Restyaboard version +RESTYABOARD_VERSION=$(curl --silent https://api.github.com/repos/RestyaPlatform/board/releases/latest | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/') + +# Initialize directory variables +DOWNLOAD_DIR=/opt/restyaboard +RESTYABOARD_DIR=/usr/share/nginx/html/restyaboard + +# Restyaboard DB details +POSTGRES_DBHOST=localhost +POSTGRES_DBNAME=restyaboard +POSTGRES_DBUSER=restya +POSTGRES_DBPASS=hjVl2!rGd +POSTGRES_DBPORT=5432 + +# PHP latest version package +sh -c 'echo "deb http://ftp.de.debian.org/debian jessie main" > /etc/apt/sources.list.d/debjessie.list' +apt install apt-transport-https lsb-release ca-certificates -y +wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg +echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list +apt install debian-keyring debian-archive-keyring -y +apt update -y + +# nginx installation +apt install -y cron nginx +service nginx start + +# php installation +apt install -y php7.2 php7.2-opcache php7.2-common php7.2-fpm php7.2-cli php7.2-gd php7.2-curl libpq5 php7.2-pgsql php7.2-mbstring php7.2-ldap gcc imagemagick php7.2-imagick php7.2-imap php7.2-xml --allow-unauthenticated +timezone=$(cat /etc/timezone) +sed -i -e 's/date.timezone/;date.timezone/g' /etc/php/7.2/fpm/php.ini +service php7.2-fpm start + +# postgresql installation +apt install -y postgresql +PSQL_VERSION=$(psql --version | egrep -o '[0-9]{1,}\.[0-9]{1,}' | head -1) +sed -e 's/peer/trust/g' -e 's/ident/trust/g' < /etc/postgresql/${PSQL_VERSION}/main/pg_hba.conf > /etc/postgresql/${PSQL_VERSION}/main/pg_hba.conf.1 +cd /etc/postgresql/${PSQL_VERSION}/main || exit +mv pg_hba.conf pg_hba.conf_old +mv pg_hba.conf.1 pg_hba.conf +service postgresql restart + +# php geoip installation +apt-get -y install gcc make autoconf libc-dev pkg-config php7.2-geoip php7.2-dev libgeoip-dev +cd /opt/ +wget http://pecl.php.net/get/geoip-1.1.1.tgz +tar zxvf ./geoip-1.1.1.tgz +cd /opt/geoip-1.1.1/ +phpize +ls -la +./configure +make +make install +echo "extension=geoip.so" >> /etc/php/7.2/fpm/php.ini +wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz +gunzip GeoIP.dat.gz +mv GeoIP.dat /usr/share/GeoIP/GeoIP.dat +wget http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz +gunzip GeoIPv6.dat.gz +mv GeoIPv6.dat /usr/share/GeoIP/GeoIPv6.dat +wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz +gunzip GeoLiteCity.dat.gz +mv GeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat +wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz +gunzip GeoLiteCityv6.dat.gz +mv GeoLiteCityv6.dat /usr/share/GeoIP/GeoLiteCityv6.dat +wget http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz +gunzip GeoIPASNum.dat.gz +mv GeoIPASNum.dat /usr/share/GeoIP/GeoIPASNum.dat +wget http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNumv6.dat.gz +gunzip GeoIPASNumv6.dat.gz +mv GeoIPASNumv6.dat /usr/share/GeoIP/GeoIPASNumv6.dat + +# Restyaboard script installation +mkdir -p ${DOWNLOAD_DIR} +curl -v -L -G -d "app=board&ver=${RESTYABOARD_VERSION}" -o /tmp/restyaboard.zip http://restya.com/download.php +unzip /tmp/restyaboard.zip -d ${DOWNLOAD_DIR} +rm /tmp/restyaboard.zip +mkdir -p ${RESTYABOARD_DIR} +cp -r ${DOWNLOAD_DIR}/* ${RESTYABOARD_DIR} +find ${RESTYABOARD_DIR} -type d -print0 | xargs -0 chmod 0755 +find ${RESTYABOARD_DIR} -type f -print0 | xargs -0 chmod 0644 + +# Restyaboard nginx configuration +cp ${DOWNLOAD_DIR}/restyaboard.conf /etc/nginx/conf.d +sed -i "s|root.*html|root ${RESTYABOARD_DIR}|" /etc/nginx/conf.d/restyaboard.conf +sed -i "s/server_name.*$/server_name _;/" /etc/nginx/conf.d/restyaboard.conf +sed -i "s|listen 80.*$|listen 80;|" /etc/nginx/conf.d/restyaboard.conf +rm -rf /etc/nginx/conf.d/default.conf /etc/nginx/sites-available/default.conf /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default.conf /etc/nginx/sites-enabled/default + +# Restyaboard DB creation +psql -U postgres -c "\q" +psql -U postgres -c "DROP USER IF EXISTS ${POSTGRES_DBUSER};CREATE USER ${POSTGRES_DBUSER} WITH ENCRYPTED PASSWORD '${POSTGRES_DBPASS}'" +psql -U postgres -c "CREATE DATABASE ${POSTGRES_DBNAME} OWNER ${POSTGRES_DBUSER} ENCODING 'UTF8' TEMPLATE template0" +psql -U postgres -c "CREATE EXTENSION IF NOT EXISTS plpgsql WITH SCHEMA pg_catalog;" +psql -U postgres -c "COMMENT ON EXTENSION plpgsql IS 'PL/pgSQL procedural language';" +psql -d ${POSTGRES_DBNAME} -f "${RESTYABOARD_DIR}/sql/restyaboard_with_empty_data.sql" -U ${POSTGRES_DBUSER} + +# Restyaboard DB details update in config file +sed -i "s/^.*'R_DB_NAME'.*$/define('R_DB_NAME', '${POSTGRES_DBNAME}');/g" "${RESTYABOARD_DIR}/server/php/config.inc.php" +sed -i "s/^.*'R_DB_USER'.*$/define('R_DB_USER', '${POSTGRES_DBUSER}');/g" "${RESTYABOARD_DIR}/server/php/config.inc.php" +sed -i "s/^.*'R_DB_PASSWORD'.*$/define('R_DB_PASSWORD', '${POSTGRES_DBPASS}');/g" "${RESTYABOARD_DIR}/server/php/config.inc.php" +sed -i "s/^.*'R_DB_HOST'.*$/define('R_DB_HOST', '${POSTGRES_DBHOST}');/g" "${RESTYABOARD_DIR}/server/php/config.inc.php" +sed -i "s/^.*'R_DB_PORT'.*$/define('R_DB_PORT', '${POSTGRES_DBPORT}');/g" "${RESTYABOARD_DIR}/server/php/config.inc.php" + +# Restyaboard cron setup +echo "*/5 * * * * ${RESTYABOARD_DIR}/server/php/shell/instant_email_notification.sh > /dev/null 2> /dev/null" >> /var/spool/cron/crontabs/root +echo "0 * * * * ${RESTYABOARD_DIR}/server/php/shell/periodic_email_notification.sh > /dev/null 2> /dev/null" >> /var/spool/cron/crontabs/root +echo "*/30 * * * * ${RESTYABOARD_DIR}/server/php/shell/imap.sh > /dev/null 2> /dev/null" >> /var/spool/cron/crontabs/root +echo "*/5 * * * * ${RESTYABOARD_DIR}/server/php/shell/webhook.sh > /dev/null 2> /dev/null" >> /var/spool/cron/crontabs/root +echo "*/5 * * * * ${RESTYABOARD_DIR}/server/php/shell/card_due_notification.sh > /dev/null 2> /dev/null" >> /var/spool/cron/crontabs/root + +# Restarting services +service cron restart +service php7.2-fpm restart +service nginx restart + +exit 0 \ No newline at end of file diff --git a/.sandstorm/stack b/.sandstorm/stack new file mode 100644 index 000000000..7c3182e51 --- /dev/null +++ b/.sandstorm/stack @@ -0,0 +1 @@ +diy