build: fix doinst.sh compatibility with installpkg --root (#1446)

- Isolate plugin concerns into `.plg` plugin & api file modifiers instead of the api's
slackware package.

## Summary by CodeRabbit

* **New Features**
* Installation process modularized into package installation,
post-install setup with verification, and service startup with cleanup.
* Added logging and error detection during installation, including
symlink verification.
  * Created required log directory to support service dependencies.
* Integrated nginx service with reload capability triggered by
configuration changes.
* Added automatic patching of nginx configuration and hosts file to
improve security and iframe compatibility.
* Enhanced file modification system to handle side effects and trigger
nginx reloads as needed.

* **Refactor**
* Restructured installation scripts for clarity; setup scripts now
separate steps.
  * Removed legacy installation logic and deprecated related scripts.
  * Enabled hard link addition during package creation.
* Simplified installation scripts by removing conditional branching and
detailed logging.
* Streamlined API environment setup by removing redundant post-install
steps.
* Updated dependency injection to explicitly provide nginx service
token.
  * Improved patch application error reporting with file path details.

* **Chores**
  * Disabled legacy scripts to streamline installation.
  * Removed `.gitignore` to track previously ignored files.
* Updated tests to include new dependencies and relaxed logger
assertions.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->

---
- To see the specific tasks where the Asana app for GitHub is being
used, see below:
  - https://app.asana.com/0/0/1210661184127051

Author: pujitm

api/src/environment.ts

@@ -99,6 +99,7 @@ export const MOTHERSHIP_GRAPHQL_LINK = process.env.MOTHERSHIP_GRAPHQL_LINK
 export const PM2_HOME = process.env.PM2_HOME ?? join(homedir(), '.pm2');
 export const PM2_PATH = join(import.meta.dirname, '../../', 'node_modules', 'pm2', 'bin', 'pm2');
 export const ECOSYSTEM_PATH = join(import.meta.dirname, '../../', 'ecosystem.config.json');
+export const LOGS_DIR = process.env.LOGS_DIR ?? '/var/log/unraid-api';
 
 export const PATHS_CONFIG_MODULES =
     process.env.PATHS_CONFIG_MODULES ?? '/boot/config/plugins/dynamix.my.servers/configs';

api/src/unraid-api/cli/pm2.service.ts

@@ -1,12 +1,12 @@
 import { Injectable } from '@nestjs/common';
 import { existsSync } from 'node:fs';
-import { rm } from 'node:fs/promises';
+import { mkdir, rm } from 'node:fs/promises';
 import { join } from 'node:path';
 
 import type { Options, Result, ResultPromise } from 'execa';
 import { execa, ExecaError } from 'execa';
 
-import { PM2_HOME, PM2_PATH } from '@app/environment.js';
+import { LOGS_DIR, PM2_HOME, PM2_PATH } from '@app/environment.js';
 import { LogService } from '@app/unraid-api/cli/log.service.js';
 
 type CmdContext = Options & {
@@ -97,4 +97,11 @@ export class PM2Service {
             this.logger.trace('PM2 home directory does not exist.');
         }
     }
+
+    /**
+     * Ensures that the dependencies necessary for PM2 to start and operate are present.
+     */
+    async ensurePm2Dependencies() {
+        await mkdir(LOGS_DIR, { recursive: true });
+    }
 }

api/src/unraid-api/cli/start.command.ts

@@ -20,6 +20,7 @@ export class StartCommand extends CommandRunner {
     }
 
     async cleanupPM2State() {
+        await this.pm2.ensurePm2Dependencies();
         await this.pm2.run({ tag: 'PM2 Stop' }, 'stop', ECOSYSTEM_PATH);
         await this.pm2.run({ tag: 'PM2 Update' }, 'update');
         await this.pm2.deleteDump();

api/src/unraid-api/nginx/nginx.module.ts

@@ -0,0 +1,12 @@
+import { Module } from '@nestjs/common';
+
+import { NginxService } from '@app/unraid-api/nginx/nginx.service.js';
+
+/**
+ *
+ */
+@Module({
+    providers: [NginxService],
+    exports: [NginxService],
+})
+export class NginxModule {}

packages/unraid-api-plugin-connect/src/service/nginx.service.ts renamed to api/src/unraid-api/nginx/nginx.service.ts

@@ -5,19 +5,22 @@ import { GRAPHQL_PUBSUB_TOKEN } from '@unraid/shared/pubsub/graphql.pubsub.js';
 import {
     API_KEY_SERVICE_TOKEN,
     LIFECYCLE_SERVICE_TOKEN,
+    NGINX_SERVICE_TOKEN,
     UPNP_CLIENT_TOKEN,
 } from '@unraid/shared/tokens.js';
 
 import { pubsub } from '@app/core/pubsub.js';
 import { LifecycleService } from '@app/unraid-api/app/lifecycle.service.js';
 import { ApiKeyService } from '@app/unraid-api/auth/api-key.service.js';
 import { ApiKeyModule } from '@app/unraid-api/graph/resolvers/api-key/api-key.module.js';
+import { NginxModule } from '@app/unraid-api/nginx/nginx.module.js';
+import { NginxService } from '@app/unraid-api/nginx/nginx.service.js';
 import { upnpClient } from '@app/upnp/helpers.js';
 
 // This is the actual module that provides the global dependencies
 @Global()
 @Module({
-    imports: [ApiKeyModule],
+    imports: [ApiKeyModule, NginxModule],
     providers: [
         {
             provide: UPNP_CLIENT_TOKEN,
@@ -31,6 +34,10 @@ import { upnpClient } from '@app/upnp/helpers.js';
             provide: API_KEY_SERVICE_TOKEN,
             useClass: ApiKeyService,
         },
+        {
+            provide: NGINX_SERVICE_TOKEN,
+            useClass: NginxService,
+        },
         PrefixedID,
         LifecycleService,
         {
@@ -42,6 +49,7 @@ import { upnpClient } from '@app/upnp/helpers.js';
         UPNP_CLIENT_TOKEN,
         GRAPHQL_PUBSUB_TOKEN,
         API_KEY_SERVICE_TOKEN,
+        NGINX_SERVICE_TOKEN,
         PrefixedID,
         LIFECYCLE_SERVICE_TOKEN,
         LifecycleService,

api/src/unraid-api/plugin/global-deps.module.ts

@@ -0,0 +1,16 @@
+import { Injectable } from '@nestjs/common';
+
+import { NginxService } from '@app/unraid-api/nginx/nginx.service.js';
+import { ModificationEffect } from '@app/unraid-api/unraid-file-modifier/file-modification.js';
+
+@Injectable()
+export class FileModificationEffectService {
+    constructor(private readonly nginxService: NginxService) {}
+    async runEffect(effect: ModificationEffect): Promise<void> {
+        switch (effect) {
+            case 'nginx:reload':
+                await this.nginxService.reload();
+                break;
+        }
+    }
+}

api/src/unraid-api/unraid-file-modifier/file-modification-effect.service.ts

@@ -8,9 +8,17 @@ import { coerce, compare, gte } from 'semver';
 
 import { getUnraidVersion } from '@app/common/dashboard/get-unraid-version.js';
 
+export type ModificationEffect = 'nginx:reload';
+
 export interface ShouldApplyWithReason {
     shouldApply: boolean;
     reason: string;
+    /**
+     * Effectful actions that should be performed after the modification is applied.
+     *
+     * This field helps ensure that an effect requested by multiple modifications is only performed once.
+     */
+    effects?: ModificationEffect[];
 }
 
 // Convert interface to abstract class with default implementations
@@ -98,7 +106,7 @@ export abstract class FileModification {
         const currentContent = await readFile(this.filePath, 'utf8').catch(() => '');
         const parsedPatch = parsePatch(patchContents)[0];
         if (!parsedPatch?.hunks.length) {
-            throw new Error('Invalid Patch Format: No hunks found');
+            throw new Error(`Invalid Patch Format: No hunks found for ${this.filePath}`);
         }
 
         const results = applyPatch(currentContent, parsedPatch);

api/src/unraid-api/unraid-file-modifier/file-modification.ts

@@ -0,0 +1,28 @@
+import { constants } from 'fs';
+import { access } from 'fs/promises';
+import { readFile } from 'node:fs/promises';
+
+import {
+    FileModification,
+    ShouldApplyWithReason,
+} from '@app/unraid-api/unraid-file-modifier/file-modification.js';
+
+export default class HostsModification extends FileModification {
+    id: string = 'hosts';
+    public readonly filePath: string = '/etc/hosts' as const;
+
+    protected async generatePatch(overridePath?: string): Promise<string> {
+        const originalContent = await readFile(this.filePath, 'utf8');
+
+        // Use a case-insensitive word-boundary regex so the hostname must appear as an independent token
+        // prevents partial string & look-alike conflicts such as "keys.lime-technology.com.example.com"
+        const hostPattern = /\bkeys\.lime-technology\.com\b/i;
+
+        const newContent = originalContent
+            .split('\n')
+            .filter((line) => !hostPattern.test(line))
+            .join('\n');
+
+        return this.createPatchWithDiff(overridePath ?? this.filePath, originalContent, newContent);
+    }
+}

api/src/unraid-api/unraid-file-modifier/modifications/hosts.modification.ts

@@ -0,0 +1,40 @@
+import { readFile } from 'node:fs/promises';
+
+import {
+    FileModification,
+    ShouldApplyWithReason,
+} from '@app/unraid-api/unraid-file-modifier/file-modification.js';
+
+export default class NginxConfModification extends FileModification {
+    id: string = 'nginx-conf';
+    public readonly filePath: string = '/etc/nginx/nginx.conf' as const;
+
+    protected async generatePatch(overridePath?: string): Promise<string> {
+        const originalContent = await readFile(this.filePath, 'utf8');
+        const newContent = originalContent.replace(
+            "add_header X-Frame-Options 'SAMEORIGIN';",
+            'add_header Content-Security-Policy "frame-ancestors \'self\' https://connect.myunraid.net/";'
+        );
+        return this.createPatchWithDiff(overridePath ?? this.filePath, originalContent, newContent);
+    }
+
+    async shouldApply(): Promise<ShouldApplyWithReason> {
+        const superShouldApply = await super.shouldApply();
+        if (!superShouldApply.shouldApply) {
+            return superShouldApply;
+        }
+        const content = await readFile(this.filePath, 'utf8');
+        const hasSameOrigin = content.includes("add_header X-Frame-Options 'SAMEORIGIN';");
+        if (!hasSameOrigin) {
+            return {
+                shouldApply: false,
+                reason: 'X-Frame-Options SAMEORIGIN header not found in nginx.conf',
+            };
+        }
+        return {
+            shouldApply: true,
+            reason: 'X-Frame-Options SAMEORIGIN found and needs to be replaced with Content-Security-Policy',
+            effects: ['nginx:reload'],
+        };
+    }
+}