diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh
index c29a131..ede8049 100644
--- a/.github/workflows/updater.sh
+++ b/.github/workflows/updater.sh
@@ -39,9 +39,9 @@ if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
echo "::warning ::No new version available"
exit 0
# Proceed only if a PR for this new version does not already exist
-#elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
-# echo "::warning ::A branch already exists for this update"
-# exit 0
+elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
+ echo "::warning ::A branch already exists for this update"
+ exit 0
fi
#=================================================
diff --git a/README.md b/README.md
index 98e8ab9..e6ba6d8 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@ It shall NOT be edited by hand.
# Dendrite for YunoHost
-[](https://dash.yunohost.org/appci/app/dendrite)  
+[](https://dash.yunohost.org/appci/app/dendrite)  
[](https://install-app.yunohost.org/?app=dendrite)
*[Lire ce readme en français.](./README_fr.md)*
@@ -24,10 +24,7 @@ Dendrite is a second-generation Matrix homeserver written in Go. It intends to p
- Scalable: can run on multiple machines and eventually scale to massive homeserver deployments.
-**Shipped version:** 0.5.1~ynh1
-
-
-
+**Shipped version:** 0.8.5~ynh1
## Disclaimers / important information
:warning: The upstream app is still in beta. Tread carefully.
@@ -38,21 +35,22 @@ Dendrite is a second-generation Matrix homeserver written in Go. It intends to p
## Documentation and resources
-* Official app website: https://matrix.org/
-* Official admin documentation: https://github.com/matrix-org/dendrite/tree/master/docs
-* Upstream app code repository: https://github.com/matrix-org/dendrite
-* YunoHost documentation for this app: https://yunohost.org/app_dendrite
-* Report a bug: https://github.com/YunoHost-Apps/dendrite_ynh/issues
+* Official app website:
+* Official admin documentation:
+* Upstream app code repository:
+* YunoHost documentation for this app:
+* Report a bug:
## Developer info
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/dendrite_ynh/tree/testing).
To try the testing branch, please proceed like that.
-```
+
+``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/dendrite_ynh/tree/testing --debug
or
sudo yunohost app upgrade dendrite -u https://github.com/YunoHost-Apps/dendrite_ynh/tree/testing --debug
```
-**More info regarding app packaging:** https://yunohost.org/packaging_apps
\ No newline at end of file
+**More info regarding app packaging:**
diff --git a/README_fr.md b/README_fr.md
index 35c9353..70af96f 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -1,10 +1,14 @@
+
+
# Dendrite pour YunoHost
-[](https://dash.yunohost.org/appci/app/dendrite)  
+[](https://dash.yunohost.org/appci/app/dendrite)  
[](https://install-app.yunohost.org/?app=dendrite)
*[Read this readme in english.](./README.md)*
-*[Lire ce readme en français.](./README_fr.md)*
> *Ce package vous permet d'installer Dendrite rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
@@ -20,10 +24,7 @@ Dendrite is a second-generation Matrix homeserver written in Go. It intends to p
- Scalable: can run on multiple machines and eventually scale to massive homeserver deployments.
-**Version incluse :** 0.5.1~ynh1
-
-
-
+**Version incluse :** 0.8.5~ynh1
## Avertissements / informations importantes
:warning: The upstream app is still in beta. Tread carefully.
@@ -34,21 +35,22 @@ Dendrite is a second-generation Matrix homeserver written in Go. It intends to p
## Documentations et ressources
-* Site officiel de l'app : https://matrix.org/
-* Documentation officielle de l'admin : https://github.com/matrix-org/dendrite/tree/master/docs
-* Dépôt de code officiel de l'app : https://github.com/matrix-org/dendrite
-* Documentation YunoHost pour cette app : https://yunohost.org/app_dendrite
-* Signaler un bug : https://github.com/YunoHost-Apps/dendrite_ynh/issues
+* Site officiel de l'app :
+* Documentation officielle de l'admin :
+* Dépôt de code officiel de l'app :
+* Documentation YunoHost pour cette app :
+* Signaler un bug :
## Informations pour les développeurs
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/dendrite_ynh/tree/testing).
Pour essayer la branche testing, procédez comme suit.
-```
+
+``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/dendrite_ynh/tree/testing --debug
ou
sudo yunohost app upgrade dendrite -u https://github.com/YunoHost-Apps/dendrite_ynh/tree/testing --debug
```
-**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps
\ No newline at end of file
+**Plus d'infos sur le packaging d'applications :**
diff --git a/check_process b/check_process
index 02214c7..0292645 100644
--- a/check_process
+++ b/check_process
@@ -1,7 +1,6 @@
;; Test complet
; Manifest
domain="domain.tld"
- path="/path"
is_public=1
port="666"
; Checks
@@ -20,8 +19,3 @@
;;; Options
Email=
Notification=none
-;;; Upgrade options
- ; commit=CommitHash
- name=Name and date of the commit.
- manifest_arg=domain=DOMAIN&path=PATH&is_public=1&port=666&
-
diff --git a/conf/app.src b/conf/app.src
index 340b645..9827ab6 100644
--- a/conf/app.src
+++ b/conf/app.src
@@ -1,6 +1,6 @@
-SOURCE_URL=https://github.com/matrix-org/dendrite/archive/v0.5.1.zip
-SOURCE_SUM=8df61627d3209f4ff529cbac8318a3a9da274de527f858fdb72578988a5aeefe
+SOURCE_URL=https://api.github.com/repos/matrix-org/dendrite/tarball/v0.8.5
+SOURCE_SUM=53ff43f77f4dfcab70d25684beadc486d65c8dd514e19426380e404e1aef2501
SOURCE_SUM_PRG=sha256sum
-SOURCE_FORMAT=zip
+SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true
-SOURCE_EXTRACT=true
+SOURCE_FILENAME=
diff --git a/conf/dendrite.yaml b/conf/dendrite.yaml
index a66caef..06de6b0 100644
--- a/conf/dendrite.yaml
+++ b/conf/dendrite.yaml
@@ -28,7 +28,7 @@
# connection can be idle in seconds - a negative value is unlimited.
# The version of the configuration file.
-version: 1
+version: 2
# Global Matrix configuration. This configuration applies to all components.
global:
@@ -54,6 +54,10 @@ global:
# considered valid by other homeservers.
key_validity_period: 168h0m0s
+ # The server name to delegate server-server communications to, with optional port
+ # e.g. localhost:443
+ well_known_server_name: ""
+
# Lists of domains that the server will trust as identity servers to verify third
# party identifiers such as phone numbers and email addresses.
trusted_third_party_id_servers:
@@ -64,35 +68,40 @@ global:
# to other servers and the federation API will not be exposed.
disable_federation: false
- # Configuration for Kafka/Naffka.
- kafka:
- # List of Kafka broker addresses to connect to. This is not needed if using
- # Naffka in monolith mode.
+ # Server notices allows server admins to send messages to all users.
+ server_notices:
+ enabled: false
+ # The server localpart to be used when sending notices, ensure this is not yet taken
+ local_part: "_server"
+ # The displayname to be used when sending notices
+ display_name: "Server alerts"
+ # The mxid of the avatar to use
+ avatar_url: ""
+ # The roomname to be used when creating messages
+ room_name: "Server Alerts"
+
+ # Configuration for NATS JetStream
+ jetstream:
+ # A list of NATS Server addresses to connect to. If none are specified, an
+ # internal NATS server will be started automatically when running Dendrite
+ # in monolith mode. It is required to specify the address of at least one
+ # NATS Server node if running in polylith mode.
addresses:
- - localhost:2181
+ # - localhost:4222
- # The prefix to use for Kafka topic names for this homeserver. Change this only if
- # you are running more than one Dendrite homeserver on the same Kafka deployment.
+ # Keep all NATS streams in memory, rather than persisting it to the storage
+ # path below. This option is present primarily for integration testing and
+ # should not be used on a real world Dendrite deployment.
+ in_memory: false
+
+ # Persistent directory to store JetStream streams in. This directory
+ # should be preserved across Dendrite restarts.
+ storage_path: ./
+
+ # The prefix to use for stream names for this homeserver - really only
+ # useful if running more than one Dendrite on the same NATS deployment.
topic_prefix: Dendrite
- # Whether to use Naffka instead of Kafka. This is only available in monolith
- # mode, but means that you can run a single-process server without requiring
- # Kafka.
- use_naffka: true
-
- # The max size a Kafka message is allowed to use.
- # You only need to change this value, if you encounter issues with too large messages.
- # Must be less than/equal to "max.message.bytes" configured in Kafka.
- # Defaults to 8388608 bytes.
- # max_message_bytes: 8388608
-
- # Naffka database options. Not required when using Kafka.
- naffka_database:
- connection_string: postgres://__APP__:__DB_PWD__@localhost/__APP__
- max_open_conns: 10
- max_idle_conns: 2
- conn_max_lifetime: -1
-
# Configuration for Prometheus metric collection.
metrics:
# Whether or not Prometheus metrics are enabled.
@@ -103,25 +112,41 @@ global:
username: metrics
password: metrics
+ # DNS cache options. The DNS cache may reduce the load on DNS servers
+ # if there is no local caching resolver available for use.
+ dns_cache:
+ # Whether or not the DNS cache is enabled.
+ enabled: false
+
+ # Maximum number of entries to hold in the DNS cache, and
+ # for how long those items should be considered valid in seconds.
+ cache_size: 256
+ cache_lifetime: "5m" # 5minutes; see https://pkg.go.dev/time@master#ParseDuration for more
+
# Configuration for the Appservice API.
app_service_api:
internal_api:
- listen: http://localhost:7777
- connect: http://localhost:7777
+ listen: http://localhost:7777 # Only used in polylith deployments
+ connect: http://localhost:7777 # Only used in polylith deployments
database:
- connection_string: file:appservice.db
+ connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__
max_open_conns: 10
max_idle_conns: 2
conn_max_lifetime: -1
+ # Disable the validation of TLS certificates of appservices. This is
+ # not recommended in production since it may allow appservice traffic
+ # to be sent to an unverified endpoint.
+ disable_tls_validation: false
+
# Appservice configuration files to load into this homeserver.
config_files: []
# Configuration for the Client API.
client_api:
internal_api:
- listen: http://localhost:7771
- connect: http://localhost:7771
+ listen: http://localhost:7771 # Only used in polylith deployments
+ connect: http://localhost:7771 # Only used in polylith deployments
external_api:
listen: http://[::]:8071
@@ -129,6 +154,10 @@ client_api:
# using the registration shared secret below.
registration_disabled: __REGISTRATION__
+ # Prevents new guest accounts from being created. Guest registration is also
+ # disabled implicitly by setting 'registration_disabled' above.
+ guests_disabled: true
+
# If set, allows registration by anyone who knows the shared secret, regardless of
# whether registration is otherwise disabled.
registration_shared_secret: ""
@@ -161,16 +190,21 @@ client_api:
# Configuration for the EDU server.
edu_server:
internal_api:
- listen: http://localhost:7778
- connect: http://localhost:7778
+ listen: http://localhost:7778 # Only used in polylith deployments
+ connect: http://localhost:7778 # Only used in polylith deployments
# Configuration for the Federation API.
federation_api:
internal_api:
- listen: http://localhost:7772
- connect: http://localhost:7772
+ listen: http://localhost:7772 # Only used in polylith deployments
+ connect: http://localhost:7772 # Only used in polylith deployments
external_api:
listen: http://[::]:8072
+ database:
+ connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__
+ max_open_conns: 10
+ max_idle_conns: 2
+ conn_max_lifetime: -1
# List of paths to X.509 certificates to be used by the external federation listeners.
# These certificates will be used to calculate the TLS fingerprints and other servers
@@ -178,17 +212,6 @@ federation_api:
# format.
federation_certificates: []
-# Configuration for the Federation Sender.
-federation_sender:
- internal_api:
- listen: http://localhost:7775
- connect: http://localhost:7775
- database:
- connection_string: file:federationsender.db
- max_open_conns: 10
- max_idle_conns: 2
- conn_max_lifetime: -1
-
# How many times we will try to resend a failed transaction to a specific server. The
# backoff is 2**x seconds, so 1 = 2 seconds, 2 = 4 seconds, 3 = 8 seconds etc.
send_max_retries: 16
@@ -197,20 +220,29 @@ federation_sender:
# enable this option in production as it presents a security risk!
disable_tls_validation: false
- # Use the following proxy server for outbound federation traffic.
- proxy_outbound:
- enabled: false
- protocol: http
- host: localhost
- port: 8080
+ # Perspective keyservers to use as a backup when direct key fetches fail. This may
+ # be required to satisfy key requests for servers that are no longer online when
+ # joining some rooms.
+ key_perspectives:
+ - server_name: matrix.org
+ keys:
+ - key_id: ed25519:auto
+ public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
+ - key_id: ed25519:a_RXGa
+ public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
+
+ # This option will control whether Dendrite will prefer to look up keys directly
+ # or whether it should try perspective servers first, using direct fetches as a
+ # last resort.
+ prefer_direct_fetch: false
# Configuration for the Key Server (for end-to-end encryption).
key_server:
internal_api:
- listen: http://localhost:7779
- connect: http://localhost:7779
+ listen: http://localhost:7779 # Only used in polylith deployments
+ connect: http://localhost:7779 # Only used in polylith deployments
database:
- connection_string: file:keyserver.db
+ connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__
max_open_conns: 10
max_idle_conns: 2
conn_max_lifetime: -1
@@ -218,13 +250,13 @@ key_server:
# Configuration for the Media API.
media_api:
internal_api:
- listen: http://localhost:7774
- connect: http://localhost:7774
+ listen: http://localhost:7774 # Only used in polylith deployments
+ connect: http://localhost:7774 # Only used in polylith deployments
external_api:
listen: http://[::]:8074
database:
- connection_string: file:mediaapi.db
- max_open_conns: 10
+ connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__
+ max_open_conns: 5
max_idle_conns: 2
conn_max_lifetime: -1
@@ -232,7 +264,8 @@ media_api:
base_path: ./media_store
# The maximum allowed file size (in bytes) for media uploads to this homeserver
- # (0 = unlimited).
+ # (0 = unlimited). If using a reverse proxy, ensure it allows requests at
+ # least this large (e.g. client_max_body_size in nginx.)
max_file_size_bytes: 10485760
# Whether to dynamically generate thumbnails if needed.
@@ -253,53 +286,39 @@ media_api:
height: 480
method: scale
+# Configuration for experimental MSC's
+mscs:
+ # A list of enabled MSC's
+ # Currently valid values are:
+ # - msc2836 (Threading, see https://github.com/matrix-org/matrix-doc/pull/2836)
+ # - msc2946 (Spaces Summary, see https://github.com/matrix-org/matrix-doc/pull/2946)
+ mscs: []
+ database:
+ connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__
+ max_open_conns: 5
+ max_idle_conns: 2
+ conn_max_lifetime: -1
+
# Configuration for the Room Server.
room_server:
internal_api:
- listen: http://localhost:7770
- connect: http://localhost:7770
+ listen: http://localhost:7770 # Only used in polylith deployments
+ connect: http://localhost:7770 # Only used in polylith deployments
database:
- connection_string: file:roomserver.db
+ connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__
max_open_conns: 10
max_idle_conns: 2
conn_max_lifetime: -1
-# Configuration for the Signing Key Server (for server signing keys).
-signing_key_server:
- internal_api:
- listen: http://localhost:7780
- connect: http://localhost:7780
- database:
- connection_string: file:signingkeyserver.db
- max_open_conns: 10
- max_idle_conns: 2
- conn_max_lifetime: -1
-
- # Perspective keyservers to use as a backup when direct key fetches fail. This may
- # be required to satisfy key requests for servers that are no longer online when
- # joining some rooms.
- key_perspectives:
- - server_name: matrix.org
- keys:
- - key_id: ed25519:auto
- public_key: Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw
- - key_id: ed25519:a_RXGa
- public_key: l8Hft5qXKn1vfHrg3p4+W8gELQVo8N13JkluMfmn2sQ
-
- # This option will control whether Dendrite will prefer to look up keys directly
- # or whether it should try perspective servers first, using direct fetches as a
- # last resort.
- prefer_direct_fetch: false
-
# Configuration for the Sync API.
sync_api:
internal_api:
- listen: http://localhost:7773
- connect: http://localhost:7773
+ listen: http://localhost:7773 # Only used in polylith deployments
+ connect: http://localhost:7773 # Only used in polylith deployments
external_api:
listen: http://[::]:8073
database:
- connection_string: file:syncapi.db
+ connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__
max_open_conns: 10
max_idle_conns: 2
conn_max_lifetime: -1
@@ -311,19 +330,26 @@ sync_api:
# Configuration for the User API.
user_api:
+ # The cost when hashing passwords on registration/login. Default: 10. Min: 4, Max: 31
+ # See https://pkg.go.dev/golang.org/x/crypto/bcrypt for more information.
+ # Setting this lower makes registration/login consume less CPU resources at the cost of security
+ # should the database be compromised. Setting this higher makes registration/login consume more
+ # CPU resources but makes it harder to brute force password hashes.
+ # This value can be low if performing tests or on embedded Dendrite instances (e.g WASM builds)
+ # bcrypt_cost: 10
internal_api:
- listen: http://localhost:7781
- connect: http://localhost:7781
+ listen: http://localhost:7781 # Only used in polylith deployments
+ connect: http://localhost:7781 # Only used in polylith deployments
account_database:
- connection_string: file:userapi_accounts.db
- max_open_conns: 10
- max_idle_conns: 2
- conn_max_lifetime: -1
- device_database:
- connection_string: file:userapi_devices.db
+ connection_string: postgres://__DB_USER__:__DB_PWD__@localhost/__DB_NAME__
max_open_conns: 10
max_idle_conns: 2
conn_max_lifetime: -1
+ # The length of time that a token issued for a relying party from
+ # /_matrix/client/r0/user/{userId}/openid/request_token endpoint
+ # is considered to be valid in milliseconds.
+ # The default lifetime is 3600000ms (60 minutes).
+ # openid_token_lifetime_ms: 3600000
# Configuration for Opentracing.
# See https://github.com/matrix-org/dendrite/tree/master/docs/tracing for information on
@@ -341,11 +367,12 @@ tracing:
baggage_restrictions: null
throttler: null
-# Logging configuration, in addition to the standard logging that is sent to
-# stdout by Dendrite.
+# Logging configuration
logging:
-- type: file
- level: info
- params:
- path: /var/log/__APP__
-
+ - type: std
+ level: info
+ - type: file
+ # The logging level, must be one of debug, info, warn, error, fatal, panic.
+ level: info
+ params:
+ path: /var/log/__APP__
diff --git a/conf/go.src b/conf/go.src
deleted file mode 100644
index 03b9985..0000000
--- a/conf/go.src
+++ /dev/null
@@ -1,7 +0,0 @@
-SOURCE_URL=https://golang.org/dl/go1.15.8.linux-amd64.tar.gz
-SOURCE_SUM=d3379c32a90fdf9382166f8f48034c459a8cc433730bc9476d39d9082c94583b
-SOURCE_SUM_PRG=sha256sum
-SOURCE_FORMAT=tar.gz
-SOURCE_IN_SUBDIR=false
-SOURCE_FILENAME=
-SOURCE_EXTRACT=true
diff --git a/manifest.json b/manifest.json
index 221f315..503d77e 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
"en": "Matrix homeserver of second generation",
"fr": "Serveur Matrix de seconde génération"
},
- "version": "0.5.1~ynh1",
+ "version": "0.8.5~ynh1",
"url": "https://matrix.org/",
"upstream": {
"license": "Apache-2.0",
@@ -24,11 +24,10 @@
},
"multi_instance": true,
"services": [
- "nginx",
- "psql"
+ "nginx"
],
"arguments": {
- "install" : [
+ "install": [
{
"name": "warning",
"type": "display_text",
@@ -39,19 +38,11 @@
},
{
"name": "domain",
- "type": "domain",
- "help": {
- "en": "Dendrite requires its own domain, so make sure to create a new one.",
- "fr": "Dendrite a besoin de son propre domaine, créez-en un au préalable."
- }
+ "type": "domain"
},
{
"name": "is_public",
"type": "boolean",
- "help": {
- "en": "A public server means that anybody will be able to register.",
- "fr": "Un serveur public permet à quiconque de s'y enregistrer."
- },
"default": false
}
]
diff --git a/scripts/_common.sh b/scripts/_common.sh
index c974660..cd22c33 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -7,7 +7,7 @@
# dependencies used by the app
pkg_dependencies="postgresql postgresql-contrib"
-go_version="1.16"
+GO_VERSION="1.16"
#=================================================
# PERSONAL HELPERS
diff --git a/scripts/backup b/scripts/backup
index 1197e3d..7db41e5 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -15,7 +15,6 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
- ### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
diff --git a/scripts/change_url b/scripts/change_url
index 3e1c3aa..9fcbc2a 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -22,11 +22,6 @@ new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
-# For systemd update
-domain=$YNH_APP_NEW_DOMAIN
-port=$(ynh_app_setting_get --app=$app --key=port)
-tls_port=$(ynh_app_setting_get --app=$app --key=tls_port)
-
#=================================================
# LOAD SETTINGS
#=================================================
@@ -35,14 +30,20 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+# Add settings here as needed by your application
+domain=$YNH_APP_NEW_DOMAIN
+port=$(ynh_app_setting_get --app=$app --key=port)
+tls_port=$(ynh_app_setting_get --app=$app --key=tls_port)
+
#=================================================
-# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
+# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
+ ynh_clean_check_starting
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
@@ -75,7 +76,7 @@ fi
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1
-ynh_systemd_action --service_name=$app --action="stop"
+ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped Dendrite Matrix homeserver" --log_path="systemd"
#=================================================
# MODIFY URL IN NGINX CONF
@@ -126,7 +127,8 @@ ynh_add_systemd_config
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
-ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="systemd"
+# Start a systemd service
+ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="/var/log/$app/$app.log"
#=================================================
# RELOAD NGINX
diff --git a/scripts/install b/scripts/install
index e2d21dc..402f950 100644
--- a/scripts/install
+++ b/scripts/install
@@ -15,8 +15,7 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
- ### Remove this function if there's nothing to clean before calling the remove script.
- true
+ ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
@@ -59,15 +58,13 @@ ynh_script_progression --message="Configuring firewall..." --weight=1
# Find available ports
port=$(ynh_find_port --port=8008)
+ynh_app_setting_set --app=$app --key=port --value=$port
tls_port=$(ynh_find_port --port=8448)
+ynh_app_setting_set --app=$app --key=tls_port --value=$tls_port
# Open TLS port
ynh_exec_warn_less yunohost firewall allow TCP $tls_port
-# Store opened ports
-ynh_app_setting_set --app=$app --key=port --value=$port
-ynh_app_setting_set --app=$app --key=tls_port --value=$tls_port
-
#=================================================
# CREATE DEDICATED USER
#=================================================
@@ -84,8 +81,13 @@ ynh_script_progression --message="Installing dependencies..." --weight=3
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
-# Install Go
-ynh_exec_warn_less ynh_install_go --go_version=$go_version
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Configuring system user..." --weight=1
+
+# Create a system user
+ynh_system_user_create --username=$app --home_dir="$final_path" --groups="ssl-cert"
#=================================================
# CREATE A POSTGRESQL DATABASE
@@ -93,11 +95,10 @@ ynh_exec_warn_less ynh_install_go --go_version=$go_version
ynh_script_progression --message="Creating a PostgreSQL database..." --weight=2
db_name=$(ynh_sanitize_dbid --db_name=$app)
+db_user=$db_name
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_psql_test_if_first_run
-ynh_psql_setup_db --db_user=$db_name --db_name=$db_name
-
-ynh_psql_execute_as_root --sql="DROP DATABASE $db_name"
+ynh_psql_setup_db --db_user=$db_user --db_name=$db_name
ynh_psql_execute_as_root --sql="CREATE DATABASE $db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $app;"
#=================================================
@@ -107,7 +108,11 @@ ynh_script_progression --message="Setting up source files..." --weight=2
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
-ynh_setup_source --dest_dir="$final_path"
+ynh_setup_source --dest_dir="$final_path/build"
+
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:root "$final_path"
#=================================================
# NGINX CONFIGURATION
@@ -122,23 +127,41 @@ ynh_add_nginx_config
#=================================================
# BUILDING SOURCES AND SETTING UP THE SERVER
#=================================================
+ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6
-ynh_use_go
+ynh_exec_warn_less ynh_install_go --go_version=$GO_VERSION
-mkdir -p "$final_path/bin"
-chown -R $app:root $final_path
+pushd "$final_path/build"
+ # Build the sources
+ ynh_use_go
+ export GOPATH="$final_path/build/go"
+ export GOCACHE="$final_path/build/.cache"
+ CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/dendrite-monolith-server > /dev/null 2>&1
+ CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/goose > /dev/null 2>&1
+ CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/create-account > /dev/null 2>&1
+ CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/generate-keys > /dev/null 2>&1
+popd
+
+ynh_secure_remove --file="$final_path/build"
+ynh_remove_go
+
+ynh_script_progression --message="Generating the keys..." --weight=1
pushd "$final_path"
- ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6
- # Build the sources
- ynh_exec_warn_less ynh_exec_as $app $ynh_go_load_path HOME=$final_path ./build.sh
- ynh_script_progression --message="Generating the keys..." --weight=1
# Generate a Matrix signing key for federation
./bin/generate-keys --private-key matrix_key.pem
# Generate a self-signed certificate
./bin/generate-keys --tls-cert server.crt --tls-key server.key
popd
+# Set permissions to app files
+chown -R $app:root "$final_path"
+
+#=================================================
+# ADD A CONFIGURATION
+#=================================================
+ynh_script_progression --message="Adding a configuration file..."
+
# Allow or deny registration based of is_public
registration=false
if [ $is_public -eq 1 ]
@@ -149,6 +172,9 @@ fi
# Copy and modify the config file
ynh_add_config --template="../conf/dendrite.yaml" --destination="$final_path/dendrite.yaml"
+chmod 400 "$final_path/dendrite.yaml"
+chown $app:$app "$final_path/dendrite.yaml"
+
#=================================================
# SETUP SYSTEMD
#=================================================
@@ -159,20 +185,14 @@ ynh_add_systemd_config
#=================================================
# GENERIC FINALIZATION
-#=================================================
-# SECURE FILES AND DIRECTORIES
-#=================================================
-
-# Set permissions to app files
-chown -R $app:root $final_path
-mkdir -p /var/log/$app
-chown -R $app:root /var/log/$app
-
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=1
+mkdir -p /var/log/$app
+chown -R $app:root /var/log/$app
+
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
# HACKY: Match the weirdly renamed rotated logs.
@@ -192,7 +212,7 @@ yunohost service add $app --description="Dendrite Matrix homeserver" --log="/var
ynh_script_progression --message="Starting a systemd service..." --weight=1
# Start a systemd service
-ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="systemd"
+ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="/var/log/$app/$app.log"
#=================================================
# RELOAD NGINX
diff --git a/scripts/remove b/scripts/remove
index effd47e..016801e 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -20,6 +20,8 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
port=$(ynh_app_setting_get --app=$app --key=port)
tls_port=$(ynh_app_setting_get --app=$app --key=tls_port)
+db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+db_user=$db_name
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
@@ -43,21 +45,21 @@ ynh_script_progression --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config
ynh_remove_systemd_config
+#=================================================
+# REMOVE LOGROTATE CONFIGURATION
+#=================================================
+ynh_script_progression --message="Removing logrotate configuration..." --weight=1
+
+# Remove the app-specific logrotate config
+ynh_remove_logrotate
+
#=================================================
# REMOVE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Removing the PostgreSQL database" --weight=2
# Remove a database if it exists, along with the associated user
-ynh_psql_remove_db --db_user=$app --db_name=$app
-
-#=================================================
-# REMOVE DEPENDENCIES
-#=================================================
-ynh_script_progression --message="Removing dependencies..." --weight=3
-
-# Remove metapackage and its dependencies
-ynh_remove_app_dependencies
+ynh_psql_remove_db --db_user=$db_user --db_name=$db_name
# Remove Go
ynh_remove_go
@@ -79,12 +81,12 @@ ynh_script_progression --message="Removing NGINX web server configuration..." --
ynh_remove_nginx_config
#=================================================
-# REMOVE LOGROTATE CONFIGURATION
+# REMOVE DEPENDENCIES
#=================================================
-ynh_script_progression --message="Removing logrotate configuration..." --weight=1
+ynh_script_progression --message="Removing dependencies..." --weight=3
-# Remove the app-specific logrotate config
-ynh_remove_logrotate
+# Remove metapackage and its dependencies
+ynh_remove_app_dependencies
#=================================================
# CLOSE A PORT
diff --git a/scripts/restore b/scripts/restore
index 4fbfa23..86c1883 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -16,8 +16,7 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
- #### Remove this function if there's nothing to clean before calling the remove script.
- true
+ ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
@@ -36,7 +35,6 @@ port=$(ynh_app_setting_get --app=$app --key=port)
tls_port=$(ynh_app_setting_get --app=$app --key=tls_port)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
-db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
@@ -51,9 +49,18 @@ test ! -d $final_path \
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
+ynh_script_progression --message="Restoring the NGINX web server configuration..."
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
+#=================================================
+# RECREATE THE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
+
+# Create the dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir="$final_path" --groups="ssl-cert"
+
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
@@ -61,22 +68,9 @@ ynh_script_progression --message="Restoring the app main directory..." --weight=
ynh_restore_file --origin_path="$final_path"
-#=================================================
-# RECREATE THE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
-
-# Create the dedicated user (if not existing)
-ynh_system_user_create --username=$app --use_shell --groups="ssl-cert"
-
-#=================================================
-# RESTORE USER RIGHTS
-#=================================================
-
-# Restore permissions on app files
-chown -R $app:root $final_path
-mkdir -p /var/log/$app
-chown -R $app:root /var/log/$app
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:root "$final_path"
#=================================================
# SPECIFIC RESTORATION
@@ -88,14 +82,12 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=3
# Define and install dependencies
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
-# Install Go
-ynh_install_go --go_version=$go_version
-
#=================================================
-# RESTORE THE PSQL DATABASE
+# RESTORE THE POSTGRESQL DATABASE
#=================================================
-ynh_script_progression --message="Restoring the PSQL database..." --weight=3
+ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=3
+db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
ynh_psql_test_if_first_run
ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name
@@ -108,6 +100,16 @@ ynh_script_progression --message="Restoring the systemd configuration..." --weig
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet
+#=================================================
+# RESTORE THE LOGROTATE CONFIGURATION
+#=================================================
+ynh_script_progression --message="Restoring the logrotate configuration..."
+
+mkdir -p /var/log/$app
+chown -R $app:root /var/log/$app
+
+ynh_restore_file --origin_path="/etc/logrotate.d/$app"
+
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
@@ -121,17 +123,7 @@ yunohost service add $app --description="Dendrite Matrix homeserver" --log="/var
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
-ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="systemd"
-
-#=================================================
-# RESTORE VARIOUS FILES
-#=================================================
-
-#=================================================
-# RESTORE THE LOGROTATE CONFIGURATION
-#=================================================
-
-ynh_restore_file --origin_path="/etc/logrotate.d/$app"
+ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="/var/log/$app/$app.log"
#=================================================
# GENERIC FINALIZATION
diff --git a/scripts/upgrade b/scripts/upgrade
index 60cf7bb..66c2985 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -23,22 +23,16 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
tls_port=$(ynh_app_setting_get --app=$app --key=tls_port)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
+db_user=$db_name
+db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
#=================================================
# CHECK VERSION
#=================================================
+ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed)
-#=================================================
-# ENSURE DOWNWARD COMPATIBILITY
-#=================================================
-ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
-
-if ! groups $app | grep -q 'ssl-cert'; then
- adduser $app ssl-cert
-fi
-
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
@@ -47,6 +41,7 @@ ynh_script_progression --message="Backing up the app before upgrading (may take
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
+ ynh_clean_check_starting
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
@@ -62,6 +57,23 @@ ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --line_match="Stopped Dendrite Matrix homeserver" --log_path="systemd"
+#=================================================
+# ENSURE DOWNWARD COMPATIBILITY
+#=================================================
+ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
+
+if ! groups $app | grep -q 'ssl-cert'; then
+ adduser $app ssl-cert
+fi
+
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
+
+# Create a dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir="$final_path"
+
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@@ -71,9 +83,13 @@ then
ynh_script_progression --message="Upgrading source files..." --weight=3
# Download, check integrity, uncompress and patch the source from app.src
- ynh_setup_source --dest_dir="$final_path" --keep="$final_path/dendrite.yaml"
+ ynh_setup_source --dest_dir="$final_path/build" --keep="$final_path/dendrite.yaml"
fi
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app:root "$final_path"
+
#=================================================
# NGINX CONFIGURATION
#=================================================
@@ -85,38 +101,55 @@ ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
-ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
-
-# Create a dedicated user (if not existing)
-# It needs to be created before using the ynh_install_go helper
-ynh_system_user_create --username=$app --use_shell --groups="ssl-cert"
-
-#=================================================
-# UPGRADE DEPENDENCIES
-#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=1
ynh_exec_warn_less ynh_install_app_dependencies "$pkg_dependencies"
-# Install Go
-ynh_exec_warn_less ynh_install_go --go_version=$go_version
-
#=================================================
# SPECIFIC UPGRADE
#=================================================
# BUILDING SOURCES AND SETTING UP THE SERVER
#=================================================
-ynh_use_go
+if [ "$upgrade_type" == "UPGRADE_APP" ]
+then
+ ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6
-mkdir -p "$final_path/bin"
-chown -R $app:root $final_path
+ ynh_exec_warn_less ynh_install_go --go_version=$GO_VERSION
-pushd "$final_path"
- ynh_script_progression --message="Building the sources (it will take some time)..." --weight=6
- # Build the sources
- ynh_exec_warn_less ynh_exec_as $app $ynh_go_load_path HOME=$final_path ./build.sh
-popd
+ pushd "$final_path/build"
+ # Build the sources
+ ynh_use_go
+ export GOPATH="$final_path/build/go"
+ export GOCACHE="$final_path/build/.cache"
+ CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/dendrite-monolith-server > /dev/null 2>&1
+ CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/goose > /dev/null 2>&1
+ CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/create-account > /dev/null 2>&1
+ CGO_ENABLED=1 go build -trimpath -v -o "$final_path/bin/" ./cmd/generate-keys > /dev/null 2>&1
+ popd
+
+ ynh_secure_remove --file="$final_path/build"
+ ynh_remove_go
+fi
+
+chown -R $app:root "$final_path"
+
+#=================================================
+# UPDATE A CONFIG FILE
+#=================================================
+ynh_script_progression --message="Updating a configuration file..."
+
+if ynh_permission_has_user --permission=main --user=visitors
+then
+ registration="true"
+else
+ registration="false"
+fi
+
+ynh_add_config --template="../conf/dendrite.yaml" --destination="$final_path/dendrite.yaml"
+
+chmod 400 "$final_path/dendrite.yaml"
+chown $app:$app "$final_path/dendrite.yaml"
#=================================================
# SETUP SYSTEMD
@@ -128,20 +161,14 @@ ynh_add_systemd_config
#=================================================
# GENERIC FINALIZATION
-#=================================================
-# SECURE FILES AND DIRECTORIES
-#=================================================
-
-# Set permissions on app files
-chown -R $app:root $final_path
-mkdir -p /var/log/$app
-chown -R $app:root /var/log/$app
-
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
+mkdir -p /var/log/$app
+chown -R $app:root /var/log/$app
+
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
@@ -157,7 +184,7 @@ yunohost service add $app --description="Dendrite Matrix homeserver" --log="/var
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
-ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="systemd"
+ynh_systemd_action --service_name=$app --action="start" --line_match="Starting external Monolith listener" --log_path="/var/log/$app/$app.log"
#=================================================
# RELOAD NGINX
diff --git a/scripts/ynh_install_go b/scripts/ynh_install_go
index 28a5f9c..4fbf4e9 100644
--- a/scripts/ynh_install_go
+++ b/scripts/ynh_install_go
@@ -36,9 +36,9 @@ export GOENV_ROOT="$goenv_install_dir"
# Finally, to start a Go service with the correct version, 2 solutions
# Either the app is dependent of Go or gem, but does not called it directly.
# In such situation, you need to load PATH
-# `Environment="__YNH_GO_LOAD_ENV_PATH__"`
+# `Environment="__YNH_GO_LOAD_PATH__"`
# `ExecStart=__FINALPATH__/my_app`
-# You will replace __YNH_GO_LOAD_ENV_PATH__ with $ynh_go_load_path
+# You will replace __YNH_GO_LOAD_PATH__ with $ynh_go_load_path
#
# Or Go start the app directly, then you don't need to load the PATH variable
# `ExecStart=__YNH_GO__ my_app run`
@@ -224,7 +224,7 @@ ynh_cleanup_go () {
required_go_versions="${installed_app_go_version}\n${required_go_versions}"
fi
done
-
+
# Remove no more needed Go versions
local installed_go_versions=$(goenv versions --bare --skip-aliases | grep -Ev '/')
for installed_go_version in $installed_go_versions
diff --git a/sources/extra_files/app/.gitignore b/sources/extra_files/app/.gitignore
deleted file mode 100644
index 783a4ae..0000000
--- a/sources/extra_files/app/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-*~
-*.sw[op]
diff --git a/sources/patches/.gitignore b/sources/patches/.gitignore
deleted file mode 100644
index 783a4ae..0000000
--- a/sources/patches/.gitignore
+++ /dev/null
@@ -1,2 +0,0 @@
-*~
-*.sw[op]