freedombone/src/freedombone-app-lychee

#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# Lychee photo album
#
# License
# =======
#
# Copyright (C) 2014-2016 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VARIANTS="full full-vim writer"

IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1

LYCHEE_DOMAIN_NAME=
LYCHEE_CODE=
LYCHEE_ONION_PORT=8105
LYCHEE_REPO="https://github.com/electerious/Lychee"
LYCHEE_COMMIT='27f207dcbac8488629ffc3b5a9cac78ae123bee9'

lychee_variables=(LYCHEE_REPO
                  LYCHEE_DOMAIN_NAME
                  LYCHEE_CODE
                  ONION_ONLY
                  DDNS_PROVIDER
                  MY_USERNAME)


function lychee_create_database {
    if [ -f ${IMAGE_PASSWORD_FILE} ]; then
        LYCHEE_ADMIN_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
    else
        if [ ! ${LYCHEE_ADMIN_PASSWORD} ]; then
            LYCHEE_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
        fi
    fi
    if [ ! $LYCHEE_ADMIN_PASSWORD ]; then
        return
    fi

    function_check create_database
    create_database lychee "$LYCHEE_ADMIN_PASSWORD"
}

function remove_user_lychee {
    remove_username="$1"

    ${PROJECT_NAME}-pass -u $remove_username --rmapp lychee
}

function add_user_lychee {
    if [[ $(app_is_installed lychee) == "0" ]]; then
        echo '0'
        return
    fi

    new_username="$1"
    new_user_password="$2"

    ${PROJECT_NAME}-pass -u $new_username -a lychee -p "$new_user_password"

    echo '0'
}

function install_interactive_lychee {
    if [ ! $ONION_ONLY ]; then
        ONION_ONLY='no'
    fi

    if [[ $ONION_ONLY != "no" ]]; then
        LYCHEE_DOMAIN_NAME='lychee.local'
        write_config_param "LYCHEE_DOMAIN_NAME" "$LYCHEE_DOMAIN_NAME"
    else
        function_check interactive_site_details
        interactive_site_details "lychee" "LYCHEE_DOMAIN_NAME" "LYCHEE_CODE"
    fi
    APP_INSTALLED=1
}

function configure_interactive_lychee {
    function_check get_mariadb_password
    get_mariadb_password

    dialog --title $"Lychee Configuration" \
           --msgbox $"\nYou can initially install the system with:\n\n  Username: root\n  Password: $MARIADB_PASSWORD" 10 70
}


function change_password_lychee {
    LYCHEE_USERNAME="$1"
    LYCHEE_PASSWORD="$2"
    if [ ${#LYCHEE_PASSWORD} -lt 8 ]; then
        echo $'Lychee password is too short'
        return
    fi
    # TODO: This doesn't actually change the password
    #${PROJECT_NAME}-pass -u $LYCHEE_USERNAME -a lychee -p "$LYCHEE_PASSWORD"
}

function reconfigure_lychee {
    echo -n ''
}

function upgrade_lychee {
    read_config_param "LYCHEE_DOMAIN_NAME"

    function_check set_repo_commit
    set_repo_commit /var/www/$LYCHEE_DOMAIN_NAME/htdocs "lychee commit" "$LYCHEE_COMMIT" $LYCHEE_REPO
}

function backup_local_lychee {
    LYCHEE_DOMAIN_NAME='lychee.local'
    if grep -q "lychee domain" $COMPLETION_FILE; then
        LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
    fi

    lychee_path=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs
    if [ -d $lychee_path ]; then
        function_check backup_database_to_usb
        backup_database_to_usb lychee

        backup_directory_to_usb $lychee_path lychee
        restart_site
    fi
}

function restore_local_lychee {
    LYCHEE_DOMAIN_NAME='lychee.local'
    if grep -q "lychee domain" $COMPLETION_FILE; then
        LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
    fi
    if [ $LYCHEE_DOMAIN_NAME ]; then
        function_check lychee_create_database
        lychee_create_database

        function_check restore_database
        restore_database lychee ${LYCHEE_DOMAIN_NAME}
    fi
}

function backup_remote_lychee {
    LYCHEE_DOMAIN_NAME='lychee.local'
    if grep -q "lychee domain" $COMPLETION_FILE; then
        LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
    fi

    temp_backup_dir=/var/www/${LYCHEE_DOMAIN_NAME}/htdocs
    if [ -d $temp_backup_dir ]; then
        suspend_site ${LYCHEE_DOMAIN_NAME}
        backup_database_to_friend lychee
        backup_directory_to_friend $temp_backup_dir lychee
        restart_site
    else
        echo $"Lychee domain specified but not found in /var/www/${LYCHEE_DOMAIN_NAME}"
        exit 2578
    fi
}

function restore_remote_lychee {
    LYCHEE_DOMAIN_NAME='lychee.local'
    if grep -q "lychee domain" $COMPLETION_FILE; then
        LYCHEE_DOMAIN_NAME=$(get_completion_param "lychee domain")
    fi

    function_check restore_database_from_friend

    function_check lychee_create_database
    lychee_create_database

    restore_database_from_friend lychee ${LYCHEE_DOMAIN_NAME}
    restart_site
    chown -R lychee: /var/www/$LYCHEE_DOMAIN_NAME/htdocs/
}

function remove_lychee {
    if [ ${#LYCHEE_DOMAIN_NAME} -eq 0 ]; then
        return
    fi

    read_config_param "LYCHEE_DOMAIN_NAME"
    nginx_dissite $LYCHEE_DOMAIN_NAME
    remove_certs ${LYCHEE_DOMAIN_NAME}

    drop_database lychee
    remove_backup_database_local lychee

    if [ -f /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME ]; then
        rm -f /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    fi
    if [ -d /var/www/$LYCHEE_DOMAIN_NAME ]; then
        rm -rf /var/www/$LYCHEE_DOMAIN_NAME
    fi
    remove_config_param LYCHEE_DOMAIN_NAME
    remove_config_param LYCHEE_CODE
    function_check remove_onion_service
    remove_onion_service lychee ${LYCHEE_ONION_PORT}
    remove_completion_param "install_lychee"
    sed -i '/Lychee/d' $COMPLETION_FILE
    sed -i '/lychee/d' $COMPLETION_FILE

    function_check remove_ddns_domain
    remove_ddns_domain $LYCHEE_DOMAIN_NAME
}

function install_lychee_website {
    function_check nginx_http_redirect
    nginx_http_redirect $LYCHEE_DOMAIN_NAME
    echo 'server {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    listen 443 ssl;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    listen [::]:443 ssl;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo "    server_name $LYCHEE_DOMAIN_NAME;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    charset utf-8;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    function_check nginx_ssl
    nginx_ssl $LYCHEE_DOMAIN_NAME
    function_check nginx_disable_sniffing
    nginx_disable_sniffing $LYCHEE_DOMAIN_NAME
    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    location / {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    function_check nginx_limits
    nginx_limits $LYCHEE_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    nginx_keybase ${LYCHEE_DOMAIN_NAME}
    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_pass unix:/var/run/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    #deny access to store' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    location ~ /store {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '      deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '      deny  all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '}' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
}

function install_lychee_website_onion {
    echo 'server {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo "    listen 127.0.0.1:${LYCHEE_ONION_PORT} default_server;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo "    root /var/www/$LYCHEE_DOMAIN_NAME/htdocs;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo "    server_name $LYCHEE_ONION_HOSTNAME;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    access_log /dev/null;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo "    error_log /dev/null;" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    charset utf-8;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    proxy_read_timeout 86400s;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    function_check nginx_disable_sniffing
    nginx_disable_sniffing $LYCHEE_DOMAIN_NAME
    echo '    add_header Strict-Transport-Security "max-age=0;";' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    # rewrite to front controller as default rule' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    location / {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    function_check nginx_limits
    nginx_limits $LYCHEE_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    nginx_keybase ${LYCHEE_DOMAIN_NAME}
    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    # block these file types' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    location ~* \.(tpl|md|tgz|log|out)$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    # or a unix socket' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    location ~* \.php$ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    function_check nginx_limits
    nginx_limits $LYCHEE_DOMAIN_NAME
    echo '        # Zero-day exploit defense.' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        # http://forum.nginx.org/read.php?2,88845,page=3' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo "        # Won't work properly (404 error) if the file is not stored on this" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo "        # server, which is entirely possible with php-fpm/php-fcgi." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo "        # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on" >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo "        # another machine. And then cross your fingers that you won't get hacked." >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        try_files $uri $uri/ /index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_split_path_info ^(.+\.php)(/.+)$;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        # With php-cgi alone:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        # fastcgi_pass 127.0.0.1:9000;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        # With php-fpm:' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_pass unix:/var/run/php7.0-fpm.sock;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        include fastcgi_params;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_index index.html;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    # deny access to all dot files' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    location ~ /\. {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    #deny access to store' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    location ~ /store {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '        deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    location ~ /(data|conf|bin|inc)/ {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '      deny all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    location ~ /\.ht {' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '      deny  all;' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '    }' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    echo '}' >> /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
}

function install_lychee_from_repo {
    if [ ! -d /var/www/$LYCHEE_DOMAIN_NAME ]; then
        mkdir /var/www/$LYCHEE_DOMAIN_NAME
    fi

    cd /var/www/$LYCHEE_DOMAIN_NAME
    git_clone $LYCHEE_REPO htdocs
    cd htdocs
    git checkout $LYCHEE_COMMIT -b $LYCHEE_COMMIT
    set_completion_param "lychee commit" "$LYCHEE_COMMIT"
}

function install_lychee {
    if [ ! $ONION_ONLY ]; then
        ONION_ONLY='no'
    fi

    if [ ! $LYCHEE_DOMAIN_NAME ]; then
        echo $'The lychee domain name was not specified'
        exit 543672
    fi

    # for the avatar changing command
    apt-get -yq install imagemagick exif zip php-mcrypt mcrypt

    function_check install_lychee_from_repo
    install_lychee_from_repo

    if [[ $ONION_ONLY == "no" ]]; then
        function_check install_lychee_website
        install_lychee_website
    else
        echo -n '' > /etc/nginx/sites-available/$LYCHEE_DOMAIN_NAME
    fi

    LYCHEE_ONION_HOSTNAME=$(add_onion_service lychee 80 ${LYCHEE_ONION_PORT})

    function_check install_lychee_website_onion
    install_lychee_website_onion

    function_check create_site_certificate
    create_site_certificate $LYCHEE_DOMAIN_NAME 'yes'

    function_check configure_php
    configure_php

    chmod -R 1777 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/
    chmod -R 1777 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/
    chown -R www-data:www-data /var/www/$LYCHEE_DOMAIN_NAME/htdocs

    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/big/index.html
    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/medium/index.html
    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/import/index.html
    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/uploads/thumb/index.html
    chmod 755 /var/www/$LYCHEE_DOMAIN_NAME/htdocs/data/.gitignore

    function_check nginx_ensite
    nginx_ensite $LYCHEE_DOMAIN_NAME

    function_check install_mariadb
    install_mariadb

    function_check get_mariadb_password
    get_mariadb_password

    function_check lychee_create_database
    lychee_create_database

    systemctl restart php7.0-fpm
    systemctl restart nginx

    ${PROJECT_NAME}-pass -u $MY_USERNAME -a lychee -p "$LYCHEE_ADMIN_PASSWORD"

    function_check add_ddns_domain
    add_ddns_domain $LYCHEE_DOMAIN_NAME

    set_completion_param "lychee domain" "$LYCHEE_DOMAIN_NAME"
    APP_INSTALLED=1
}

# NOTE: deliberately no exit 0