YunoHost-Apps/galene_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/galene_ynh.git synced 2024-09-03 18:36:31 +02:00
Code Issues Activity Actions

Merge branch 'enh-testing' into testing

Browse source
This commit is contained in:
ericgaspar 2021-01-15 16:36:13 +01:00
commit ce74bf7127
No known key found for this signature in database
GPG key ID: 574F281483054D44
19 changed files with 756 additions and 82 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
README.md
View file

@ -23,6 +23,34 @@ Galène is a videoconferencing server that is easy to deploy (just copy a few fi
## Configuration
### Turnserver
For VoIP and video conferencing a TURN server is also installed (and configured). The TURN server listens on two UDP and TCP ports. You can get them with these commands:
```
sudo yunohost app setting galene turnserver_tls_port
sudo yunohost app setting galene turnserver_alt_tls_port
```
The TURN server will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use Galène server for VoIP or conferencing you will need to open this port range manually. To do this, just run this command:
```
sudo yunohost firewall allow Both 49153:49193
```
You might also need to open these ports (if it is not automatically done) on your ISP box.
To prevent the situation when the server is behind a NAT, the public IP is written in the TURN server config. By this the TURN server can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L56-L62).So if your IP changes, you could run the script `/opt/yunohost/__GALENE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config.
If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __GALENE_INSTANCE_NAME__ which could be `galene` or maybe `galene__2`).
```
*/15 * * * * root bash /opt/yunohost/__GALENE_INSTANCE_NAME__/Coturn_config_rotate.sh;
```
To check if Galène can connect to the TURN server, connect to Galène as operator and type `/relay-test` in the chat box; if the TURN server is properly configured, you should see a message saying that the relay test has been successful.
## Documentation

2
README_fr.md
View file

@ -23,6 +23,8 @@ Galène est un serveur de visioconférence facile à déployer (il suffit de cop
## Configuration
Pour vérifier si le serveur TURN est opérationnel, tapez `/relay-test` dans la boîte de dialogue; si le serveur TURN est correctement configuré, vous devriez voir un message indiquant que le test du relais a réussi.
## Documentation
* Documentation officielle : https://galene.org/

2
conf/arm.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.2/galene_0.2_Linux_arm.tar.gz
SOURCE_SUM=a7da5ff9a34422732fea1bbe9fb591c42813875ff7fcd4c30590a54c786bdf19
SOURCE_SUM=f1c498b1897e548a69e56392a63e5a20c72a2115a8c6112725a9005ee55c0fae
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true

2
conf/arm64.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.2/galene_0.2_Linux_arm64.tar.gz
SOURCE_SUM=8e755dc9779c5301d9f63e8120e2bd307118fd2ebc1bdc003e2c2c0ce905f9c7
SOURCE_SUM=b7d045f3df8268dab52b307152cb88be79e50b5363c1a98ca20def9021d16541
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true

27
conf/coturn-galene.service Normal file
View file

@ -0,0 +1,27 @@
[Unit]
Description=Coturn STUN/TURN Server
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
After=syslog.target network.target
[Service]
User=turnserver
Group=turnserver
Type=forking
EnvironmentFile=/etc/default/coturn-__APP__
PIDFile=/run/coturn-__APP__/turnserver.pid
RuntimeDirectory=coturn-__APP__
RuntimeDirectoryMode=0755
ExecStart=/usr/bin/turnserver -o -c /etc/__APP__/coturn.conf $EXTRA_OPTIONS
ExecStopPost=/bin/rm -f /run/coturn-__APP__/turnserver.pid
Restart=on-abort
LimitCORE=infinity
LimitNOFILE=999999
LimitNPROC=60000
LimitRTPRIO=infinity
LimitRTTIME=7000000
CPUSchedulingPolicy=other
UMask=0007
[Install]
WantedBy=multi-user.target

5
conf/coturn/default_coturn Normal file
View file

@ -0,0 +1,5 @@
#
# Uncomment it if you want to have the turnserver running as
# an automatic system service daemon
#
TURNSERVER_ENABLED=1

28
conf/coturn/turnserver.conf Normal file
View file

@ -0,0 +1,28 @@
lt-cred-mech
use-auth-secret
static-auth-secret=__TURNPWD__
realm=__DOMAIN__
tls-listening-port=__TLS_PORT__
alt-tls-listening-port=__TLS_ALT_PORT__
min-port=49153
max-port=49193
cli-port=__CLI_PORT__
cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
dh-file=/etc/ssl/private/dh2048.pem
no-sslv2
no-sslv3
no-tlsv1
no-tlsv1_1
no-loopback-peers
no-multicast-peers
no-cli
log-file=/var/log/__APP__/turnserver.log
pidfile=/run/coturn-__APP__/turnserver.pid
simple-log

14
conf/groupname.json
View file

@ -1,4 +1,16 @@
{
"op": [{"username": "__ADMIN__", "password": "__PASSWORD__"}],
"presenter": [{}]
"presenter": [
{"username": "", "password": ""},
{"username": "", "password": ""}
],
"public": true,
"description": "This is displayed on the landing page for public groups.",
"max-clients": 20,
"max-history-age": 14400,
"allow-recording": true,
"allow-anonymous": true,
"allow-subgroups": true,
"redirect": "",
"codecs": ["vp8", "opus"]
}

14
conf/ice-servers.json
View file

@ -1,11 +1,15 @@
[
{
"urls": [
"turn:turn.example.com:443",
"turn:turn.example.com:443?transport=tcp"
"turn:__DOMAIN__:__TLS_PORT__",
"turn:__DOMAIN__:__TLS_ALT_PORT__",
"turn:__DOMAIN__:__TLS_PORT__?transport=tcp",
"turn:__DOMAIN__:__TLS_ALT_PORT__?transport=tcp",
"turn:__DOMAIN__:__TLS_PORT__?transport=udp",
"turn:__DOMAIN__:__TLS_ALT_PORT__?transport=udp"
],
"username": "galene",
"credential": "secret",
"username": "__APP__",
"credential": "__TURNPWD__",
"credentialType": "hmac-sha1"
}
]
]

2
conf/x86-64.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/galene_ynh/releases/download/v0.2/galene_0.2_Linux_x86_64.tar.gz
SOURCE_SUM=4878741a204a35e900cf75399093f121a56f9e32b6a08a60fff254d561c18444
SOURCE_SUM=6676942015ada1ddf5e136dfa7cd0af883ac988f117c88df64b2cb0db75b1d7d
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true

6
manifest.json
View file

@ -6,7 +6,7 @@
"en": "Videoconferencing server that is easy to deploy",
"fr": "Serveur de visioconférence facile à déployer"
},
"version": "0.2~ynh1",
"version": "0.2~ynh3",
"url": "https://galene.org/",
"license": "MIT",
"maintainer": {
@ -77,8 +77,8 @@
"en": "The name will be used as filename (do not use space, dots or / in your name group).",
"fr": "Le nom sera utilisé comme nom de fichier (n'utilisez pas d'espace, de points ou / dans votre groupe de noms)."
},
"default": "groupname",
"example": "groupname"
"default": "public",
"example": "public"
}
]
}

141
scripts/_common.sh
View file

@ -5,7 +5,7 @@
#=================================================
# dependencies used by the app
pkg_dependencies="coturn"
pkg_dependencies="coturn acl"
#=================================================
# PERSONAL HELPERS
@ -15,6 +15,145 @@ pkg_dependencies="coturn"
# EXPERIMENTAL HELPERS
#=================================================
# Send an email to inform the administrator
#
# usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type]
# | arg: -m --app_message= - The file with the content to send to the administrator.
# | arg: -r, --recipients= - The recipients of this email. Use spaces to separate multiples recipients. - default: root
# example: "root admin@domain"
# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you
# example: "root admin@domain user1 user2"
# | arg: -t, --type= - Type of mail, could be 'backup', 'change_url', 'install', 'remove', 'restore', 'upgrade'
ynh_send_readme_to_admin() {
# Declare an array to define the options of this helper.
declare -Ar args_array=( [m]=app_message= [r]=recipients= [t]=type= )
local app_message
local recipients
local type
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
app_message="${app_message:-}"
recipients="${recipients:-root}"
type="${type:-install}"
# Get the value of admin_mail_html
admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
admin_mail_html="${admin_mail_html:-0}"
# Retrieve the email of users
find_mails () {
local list_mails="$1"
local mail
local recipients=" "
# Read each mail in argument
for mail in $list_mails
do
# Keep root or a real email address as it is
if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@"
then
recipients="$recipients $mail"
else
# But replace an user name without a domain after by its email
if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null)
then
recipients="$recipients $mail"
fi
fi
done
echo "$recipients"
}
recipients=$(find_mails "$recipients")
# Subject base
local mail_subject="☁️🆈🅽🅷☁️: \`$app\`"
# Adapt the subject according to the type of mail required.
if [ "$type" = "backup" ]; then
mail_subject="$mail_subject has just been backup."
elif [ "$type" = "change_url" ]; then
mail_subject="$mail_subject has just been moved to a new URL!"
elif [ "$type" = "remove" ]; then
mail_subject="$mail_subject has just been removed!"
elif [ "$type" = "restore" ]; then
mail_subject="$mail_subject has just been restored!"
elif [ "$type" = "upgrade" ]; then
mail_subject="$mail_subject has just been upgraded!"
else # install
mail_subject="$mail_subject has just been installed!"
fi
local mail_message="This is an automated message from your beloved YunoHost server.
Specific information for the application $app.
$(if [ -n "$app_message" ]
then
cat "$app_message"
else
echo "...No specific information..."
fi)
---
Automatic diagnosis data from YunoHost
__PRE_TAG1__$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')__PRE_TAG2__"
# Store the message into a file for further modifications.
echo "$mail_message" > mail_to_send
# If a html email is required. Apply html tags to the message.
if [ "$admin_mail_html" -eq 1 ]
then
# Insert 'br' tags at each ending of lines.
ynh_replace_string "$" "<br>" mail_to_send
# Insert starting HTML tags
sed --in-place '1s@^@<!DOCTYPE html>\n<html>\n<head></head>\n<body>\n@' mail_to_send
# Keep tabulations
ynh_replace_string " " "\&#160;\&#160;" mail_to_send
ynh_replace_string "\t" "\&#160;\&#160;" mail_to_send
# Insert url links tags
ynh_replace_string "__URL_TAG1__\(.*\)__URL_TAG2__\(.*\)__URL_TAG3__" "<a href=\"\2\">\1</a>" mail_to_send
# Insert pre tags
ynh_replace_string "__PRE_TAG1__" "<pre>" mail_to_send
ynh_replace_string "__PRE_TAG2__" "<\pre>" mail_to_send
# Insert finishing HTML tags
echo -e "\n</body>\n</html>" >> mail_to_send
# Otherwise, remove tags to keep a plain text.
else
# Remove URL tags
ynh_replace_string "__URL_TAG[1,3]__" "" mail_to_send
ynh_replace_string "__URL_TAG2__" ": " mail_to_send
# Remove PRE tags
ynh_replace_string "__PRE_TAG[1-2]__" "" mail_to_send
fi
# Define binary to use for mail command
if [ -e /usr/bin/bsd-mailx ]
then
local mail_bin=/usr/bin/bsd-mailx
else
local mail_bin=/usr/bin/mail.mailutils
fi
if [ "$admin_mail_html" -eq 1 ]
then
content_type="text/html"
else
content_type="text/plain"
fi
# Send the email to the recipients
cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients"
}
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================

21
scripts/backup
View file

@ -39,6 +39,15 @@ ynh_print_info --message="Declaring files to be backed up..."
#=================================================
ynh_backup --src_path="$final_path"
ynh_backup --src_path="/etc/$app"
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_backup --src_path="/etc/systemd/system/$app.service"
ynh_backup --src_path="/etc/default/coturn-$app"
ynh_backup --src_path="/etc/systemd/system/coturn-$app.service"
#=================================================
# BACKUP THE NGINX CONFIGURATION
@ -52,16 +61,24 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
# BACKUP LOGROTATE
#=================================================
#ynh_backup --src_path="/etc/logrotate.d/$app"
ynh_backup --src_path="/etc/logrotate.d/$app"
#=================================================
# BACKUP GALÈNE LOG
#=================================================
ynh_backup --src_path="/var/log/$app"
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_backup --src_path="/etc/systemd/system/$app.service"
ynh_backup --src_path="/etc/default/coturn-$app"
ynh_backup --src_path="/etc/systemd/system/coturn-$app.service"
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
ynh_print_info --message="Backup script completed for Galène. (YunoHost will then actually copy those files to the archive)."

4
scripts/change_url
View file

@ -33,7 +33,7 @@ port=$(ynh_app_setting_get --app=$app --key=port)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1
ynh_script_progression --message="Backing up Galène before changing its URL (may take a while)..." --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
@ -121,4 +121,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Change of URL completed for $app" --last
ynh_script_progression --message="Change of URL completed for Galène" --last

168
scripts/install
View file

@ -27,7 +27,9 @@ domain=$YNH_APP_ARG_DOMAIN
path_url="/"
admin=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC
ynh_print_OFF
password=$YNH_APP_ARG_PASSWORD
ynh_print_ON
group_name=$YNH_APP_ARG_GROUP_NAME
architecture=$(ynh_detect_arch)
@ -54,6 +56,23 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=group_name --value=$group_name
ynh_app_setting_set --app=$app --key=password --value=$password
#=================================================
# CREATE A DH FILE
#=================================================
ynh_script_progression --message="Creating a dhparam file..." --weight=3
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
# Make dh cert for Galène if it doesn't exist
if [ ! -e /etc/ssl/private/dh2048.pem ]
then
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
chown root:ssl-cert /etc/ssl/private/dh2048.pem
chmod 640 /etc/ssl/private/dh2048.pem
fi
#=================================================
# STANDARD MODIFICATIONS
@ -64,17 +83,28 @@ ynh_script_progression --message="Finding an available port..." --weight=3
# Find an available port
port=$(ynh_find_port --port=8443)
turnserver_tls_port=$(ynh_find_port --port=5349)
turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
cli_port=$(ynh_find_port --port=5766)
ynh_app_setting_set --app=$app --key=port --value=$port
# Open the port
# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
# Store opened ports
ynh_app_setting_set --app=$app --key=port --value=$port
ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port
ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
#ynh_script_progression --message="Installing dependencies..." --time --weight=1
ynh_script_progression --message="Installing dependencies..." --weight=5
#ynh_install_app_dependencies $pkg_dependencies
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
@ -110,6 +140,7 @@ ynh_script_progression --message="Configuring system user..." --weight=3
# Create a system user
ynh_system_user_create --username=$app
adduser turnserver ssl-cert
#=================================================
# SETUP SYSTEMD
@ -119,19 +150,75 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=1
# Create a dedicated systemd config
ynh_add_systemd_config
mkdir -p /var/log/$app
mkdir -p /etc/$app
# Create systemd service for turnserver
cp ../conf/coturn/default_coturn /etc/default/coturn-$app
ynh_add_systemd_config --service=coturn-$app --template=coturn-galene.service
#=================================================
# SET COTURN CONFIG
#=================================================
ynh_script_progression --message="Configuring Coturn..." --weight=1
# WARNING: theses command are used in INSTALL, UPGRADE
# For any update do it in all files
# Find password for turnserver
ynh_print_OFF
turnserver_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
ynh_print_ON
coturn_config_path="/etc/$app/coturn.conf"
cp ../conf/coturn/turnserver.conf "$coturn_config_path"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
ynh_print_OFF
ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
ynh_print_ON
# Get public IP and set as external IP for coturn
# note: '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
echo "external-ip=$public_ip4" >> "$coturn_config_path"
fi
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
echo "external-ip=$public_ip6" >> "$coturn_config_path"
fi
ynh_store_file_checksum --file="$coturn_config_path"
#=================================================
# MODIFY A CONFIG FILE
#=================================================
cp ../conf/passwd $final_path/data/passwd
ynh_replace_string --match_string=__ADMIN__ --replace_string=$admin --target_file="$final_path/data/passwd"
ynh_replace_string --match_string=__PASSWORD__ --replace_string=$password --target_file="$final_path/data/passwd"
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/data/passwd"
ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --target_file="$final_path/data/passwd"
cp ../conf/groupname.json $final_path/groups/$group_name.json
ynh_replace_string --match_string=__ADMIN__ --replace_string=$admin --target_file="$final_path/groups/$group_name.json"
ynh_replace_string --match_string=__PASSWORD__ --replace_string=$password --target_file="$final_path/groups/$group_name.json"
mv -f $final_path/groups/groupname.json $final_path/groups/$group_name.json
ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/groups/$group_name.json"
ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --target_file="$final_path/groups/$group_name.json"
cp ../conf/ice-servers.json $final_path/data/ice-servers.json
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$final_path/data/ice-servers.json"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/data/ice-servers.json"
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$final_path/data/ice-servers.json"
ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$final_path/data/ice-servers.json"
ynh_print_OFF
ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$final_path/data/ice-servers.json"
ynh_print_ON
#=================================================
# STORE THE CONFIG FILE CHECKSUM
@ -140,6 +227,24 @@ ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum --file="$final_path/data/passwd"
ynh_store_file_checksum --file="$final_path/groups/$group_name.json"
ynh_store_file_checksum --file="$final_path/data/ice-servers.json"
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=1
ynh_use_logrotate --logfile "/var/log/$app"
#=================================================
# ADD SCRIPT FOR COTURN CRON AND APP SERVICE
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
cp ../sources/Coturn_config_rotate.sh $final_path/
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
#=================================================
# GENERIC FINALIZATION
@ -148,16 +253,14 @@ ynh_store_file_checksum --file="$final_path/groups/$group_name.json"
#=================================================
# Set permissions to app files
chown -R $app: $final_path
chown -R $app:root $final_path
chmod -R 755 $final_path
#=================================================
# SETUP LOGROTATE
#=================================================
#ynh_script_progression --message="Configuring log rotation..." --time --weight=1
# Use logrotate to manage application logfile(s)
#ynh_use_logrotate
chown -R $app:root /var/log/$app
chown -R $app:root /etc/$app
chmod -R u=rwX,g=rX,o= /etc/$app
chmod 770 $final_path/Coturn_config_rotate.sh
setfacl -R -m user:turnserver:rX /etc/$app
setfacl -R -m user:turnserver:rwX /var/log/$app
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
@ -165,6 +268,7 @@ chmod -R 755 $final_path
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
#=================================================
# START SYSTEMD SERVICE
@ -172,7 +276,8 @@ yunohost service add $app --description="Videoconferencing server" --log="/var/l
ynh_script_progression --message="Starting a systemd service..." --weight=1
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=$app --action=restart --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=coturn-$app.service --action=restart
#=================================================
# SETUP SSOWAT
@ -192,8 +297,31 @@ ynh_script_progression --message="Reloading NGINX web server..." --weight=2
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# SEND A README FOR THE ADMIN
#=================================================
# WARNING : theses command are used in INSTALL, RESTORE
# For any update do it in all files
echo "Galène was successfully installed :)
Galène is now accesible at this adress: https://$domain
Your operator credentials:
Username: $admin
Password: $password
Galène implements a TURN server (for VoIP), to have this fully functional please read the 'TURN server' section in the README available here: https://github.com/YunoHost-Apps/galene_ynh .
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/galene_ynh
You also need a valid TLS certificate for the domain used by Galène. To do that you can refer to the documentation here: https://yunohost.org/#/certificate_en" > mail_to_send
ynh_send_readme_to_admin --app_message="mail_to_send" --type="install"
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --last
ynh_script_progression --message="Installation of Galène completed" --last

45
scripts/remove
View file

@ -17,22 +17,29 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
port=$(ynh_app_setting_get --app=$app --key=port)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
#=================================================
ynh_script_progression --message="Removing Galène service integration..." --weight=1
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app service integration..." --weight=1
yunohost service remove $app
fi
if ynh_exec_warn_less yunohost service status coturn-$app >/dev/null
then
yunohost service remove coturn-$app
fi
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
@ -40,22 +47,25 @@ ynh_script_progression --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config
ynh_remove_systemd_config
ynh_remove_systemd_config --service=coturn-$app
#=================================================
# REMOVE DEPENDENCIES
#=================================================
#ynh_script_progression --message="Removing dependencies..." --time --weight=1
ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies
#ynh_remove_app_dependencies
ynh_remove_app_dependencies
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..." --weight=2
ynh_script_progression --message="Removing Galène main directory..." --weight=2
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
ynh_secure_remove --file=$final_path
ynh_secure_remove --file=/var/log/$app
ynh_secure_remove --file=/etc/default/coturn-$app
#=================================================
# REMOVE NGINX CONFIGURATION
@ -68,20 +78,27 @@ ynh_remove_nginx_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
#ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1
ynh_script_progression --message="Removing logrotate configuration..." --weight=1
# Remove the app-specific logrotate config
#ynh_remove_logrotate
ynh_remove_logrotate
#=================================================
# CLOSE A PORT
#=================================================
# if yunohost firewall list | grep -q "\- $port$"
# then
# ynh_script_progression --message="Closing port $port..." --time --weight=1
# ynh_exec_warn_less yunohost firewall disallow TCP $port
# fi
closeport() {
local port=$1
if yunohost firewall list | grep -q "\- $turnserver_tls_port$"
then
ynh_script_progression --message="Closing port $turnserver_tls_port port"
ynh_exec_warn_less yunohost firewall disallow Both $turnserver_tls_port
elif yunohost firewall list | grep -q "\- $turnserver_alt_tls_port$"
then
ynh_script_progression --message="Closing port $turnserver_alt_tls_port port"
ynh_exec_warn_less yunohost firewall disallow Both $turnserver_alt_tls_port
fi
}
#=================================================
# GENERIC FINALIZATION
@ -97,4 +114,4 @@ ynh_system_user_delete --username=$app
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Removal of $app completed" --last
ynh_script_progression --message="Removal of Galène completed" --last

146
scripts/restore
View file

@ -31,6 +31,8 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
group_name=$(ynh_app_setting_get --app=$app --key=group_name)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
@ -43,7 +45,15 @@ test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=1
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
@ -53,9 +63,11 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_script_progression --message="Restoring Galène main directory..." --weight=1
ynh_restore_file --origin_path="$final_path"
ynh_restore_file --origin_path="/etc/$app"
ynh_restore_file --origin_path="/var/log/$app"
#=================================================
# RECREATE THE DEDICATED USER
@ -64,24 +76,8 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# RESTORE USER RIGHTS
#=================================================
# Restore permissions on app files
chown -R $app: $final_path
chmod -R 755 $final_path
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
#ynh_script_progression --message="Reinstalling dependencies..." --weight=1
# Define and install dependencies
#ynh_install_app_dependencies $pkg_dependencies
ynh_system_user_create --username=turnserver ssl-cert
#adduser turnserver ssl-cert
#=================================================
# RESTORE SYSTEMD
@ -89,7 +85,10 @@ chmod -R 755 $final_path
ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
ynh_restore_file --origin_path="/etc/default/coturn-$app"
ynh_restore_file --origin_path="/etc/systemd/system/coturn-$app.service"
systemctl enable $app.service --quiet
systemctl enable coturn-$app.service --quiet
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
@ -97,6 +96,7 @@ systemctl enable $app.service --quiet
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
#=================================================
# START SYSTEMD SERVICE
@ -104,12 +104,114 @@ yunohost service add $app --description="Videoconferencing server" --log="/var/l
ynh_script_progression --message="Starting a systemd service..." --weight=3
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
#=================================================
# CREATE A DH FILE
#=================================================
ynh_script_progression --message="Creating a dhparam file..." --weight=3
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
# Make dh cert for synapse if it doesn't exist
if [ ! -e /etc/ssl/private/dh2048.pem ]
then
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
chown root:ssl-cert /etc/ssl/private/dh2048.pem
chmod 640 /etc/ssl/private/dh2048.pem
fi
#=================================================
# RECONFIGURE THE TURNSERVER
#=================================================
ynh_script_progression --message="Reconfiguring Coturn..." --weight=23
# To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config
# Retrieve specific settings
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
ynh_print_OFF
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
ynh_print_ON
# WARNING : these commands are used in INSTALL, UPGRADE
# For any update do it in all files
coturn_config_path="/etc/$app/coturn.conf"
cp ../settings/conf/coturn/turnserver.conf "$coturn_config_path"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
ynh_print_OFF
ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
ynh_print_ON
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
echo "external-ip=$public_ip4" >> "$coturn_config_path"
fi
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
echo "external-ip=$public_ip6" >> "$coturn_config_path"
fi
ynh_store_file_checksum --file="$coturn_config_path"
#=================================================
# OPEN THE PORT
#=================================================
# Ouvre le port dans le firewall
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
#=================================================
# RESTORE USER RIGHTS
#=================================================
ynh_script_progression --message="Restoring permissions..." --weight=1
# Restore permissions on app files
# Set permissions on app files
chown -R $app:root $final_path
chmod -R 755 $final_path
chown -R $app:root /var/log/$app
chown -R $app:root /etc/$app
chmod -R u=rwX,g=rX,o= /etc/$app
chmod 770 $final_path/Coturn_config_rotate.sh
setfacl -R -m user:turnserver:rX /etc/$app
setfacl -R -m user:turnserver:rwX /var/log/$app
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
#ynh_restore_file --origin_path="/etc/logrotate.d/$app"
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# SEND A README FOR THE ADMIN
#=================================================
# WARNING : theses command are used in INSTALL, RESTORE
# For any update do it in all files
echo "Galène also implements a TURN server (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/galene_ynh .
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/galene_ynh" > mail_to_send
ynh_send_readme_to_admin --app_message="mail_to_send" --type="restore"
#=================================================
# GENERIC FINALIZATION
@ -124,4 +226,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --last
ynh_script_progression --message="Restoration completed for Galène" --last

150
scripts/upgrade
View file

@ -21,8 +21,13 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
password=$(ynh_app_setting_get --app=$app --key=password)
group_name=$(ynh_app_setting_get --app=$app --key=group_name)
port=$(ynh_app_setting_get --app=$app --key=port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
architecture=$(ynh_detect_arch)
#=================================================
@ -45,7 +50,7 @@ fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
ynh_script_progression --message="Backing up Galène before upgrading (may take a while)..." --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
@ -98,6 +103,124 @@ then
popd
fi
#=================================================
# MULTINSTANCE SUPPORT
#=================================================
if [ ! -e /etc/$app/coturn.conf ]
then
ynh_script_progression --message="Creating an independant service for Coturn..." --weight=1
#=================================================
# CREATE AN INDEPENDANT SERVICE FOR COTURN
#=================================================
# Disable default config for turnserver and create a new service
systemctl stop coturn.service
# Set by default the system config for coturn
echo "" > /etc/turnserver.conf
ynh_replace_string --match_string="TURNSERVER_ENABLED=1" --replace_string="TURNSERVER_ENABLED=0" --target_file=/etc/default/coturn
# Set a port for each service in turnserver
turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
cli_port=$(ynh_find_port --port=5766)
ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
#=================================================
# MAKE A CLEAN LOGROTATE CONFIG
#=================================================
ynh_use_logrotate --logfile /var/log/$app --nonappend
fi
#=================================================
# CREATE A DH FILE
#=================================================
ynh_script_progression --message="Creating a dhparam file..." --weight=3
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
# Make dh cert for Galène if it doesn't exist
if [ ! -e /etc/ssl/private/dh2048.pem ]
then
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
chown root:ssl-cert /etc/ssl/private/dh2048.pem
chmod 640 /etc/ssl/private/dh2048.pem
fi
#=================================================
# SPECIFIC UPGRADE
#=================================================
# UPDATE COTURN CONFIG
#=================================================
ynh_script_progression --message="Updating Coturn config..." --weight=1
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
coturn_config_path="/etc/$app/coturn.conf"
cp ../conf/coturn/turnserver.conf "$coturn_config_path"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
ynh_print_OFF
ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
ynh_print_ON
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
echo "external-ip=$public_ip4" >> "$coturn_config_path"
fi
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
echo "external-ip=$public_ip6" >> "$coturn_config_path"
fi
ynh_store_file_checksum --file="$coturn_config_path"
#=================================================
# ADD SCRIPT FOR COTURN CRON AND APP SERVICE
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
cp ../sources/Coturn_config_rotate.sh $final_path/
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
#=================================================
# MODIFY A CONFIG FILE
#=================================================
cp ../conf/passwd $final_path/data/passwd
ynh_replace_string --match_string=__ADMIN__ --replace_string=$admin --target_file="$final_path/data/passwd"
ynh_replace_string --match_string=__PASSWORD__ --replace_string=$password --target_file="$final_path/data/passwd"
cp ../conf/ice-servers.json $final_path/data/ice-servers.json
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$final_path/data/ice-servers.json"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/data/ice-servers.json"
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$final_path/data/ice-servers.json"
ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$final_path/data/ice-servers.json"
ynh_print_OFF
ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$final_path/data/ice-servers.json"
ynh_print_ON
#=================================================
# NGINX CONFIGURATION
#=================================================
@ -109,9 +232,9 @@ ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
#ynh_script_progression --message="Upgrading dependencies..." --weight=1
ynh_script_progression --message="Upgrading dependencies..." --weight=1
#ynh_install_app_dependencies $pkg_dependencies
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE DEDICATED USER
@ -120,6 +243,7 @@ ynh_script_progression --message="Making sure dedicated system user exists..." -
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
adduser turnserver ssl-cert
#=================================================
# SETUP SYSTEMD
@ -136,30 +260,38 @@ ynh_add_systemd_config
#=================================================
# Set permissions on app files
chown -R $app: $final_path
chown -R $app:root $final_path
chmod -R 755 $final_path
chown -R $app:root /var/log/$app
chown -R $app:root /etc/$app
chmod -R u=rwX,g=rX,o= /etc/$app
chmod 770 $final_path/Coturn_config_rotate.sh
setfacl -R -m user:turnserver:rX /etc/$app
setfacl -R -m user:turnserver:rwX /var/log/$app
#=================================================
# SETUP LOGROTATE
#=================================================
# ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1
ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
# # Use logrotate to manage app-specific logfile(s)
# ynh_use_logrotate --non-append
ynh_use_logrotate --non-append
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=$app --action=restart --log_path="/var/log/$app/$app.log"
#=================================================
# RELOAD NGINX
@ -172,4 +304,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last
ynh_script_progression --message="Upgrade of Galène completed" --last

33
sources/Coturn_config_rotate.sh Normal file
View file

@ -0,0 +1,33 @@
#!/bin/bash
app_instance=__APP__
source /usr/share/yunohost/helpers
external_IP_line="external-ip=__IPV4__,__IPV6__"
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
echo "external-ip=$public_ip4" >> "$coturn_config_path"
fi
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
echo "external-ip=$public_ip6" >> "$coturn_config_path"
fi
old_config_line=$(egrep "^external-ip=.*\$" "/etc/matrix-$app_instance/coturn.conf")
ynh_replace_string "^external-ip=.*\$" "$external_IP_line" "/etc/matrix-$app_instance/coturn.conf"
new_config_line=$(egrep "^external-ip=.*\$" "/etc/matrix-$app_instance/coturn.conf")
setfacl -R -m user:turnserver:rX /etc/matrix-$app_instance
if [ "$old_config_line" != "$new_config_line" ]
then
systemctl restart coturn-$app_instance.service
fi
exit 0