diff --git a/conf/coturn-galene.service b/conf/coturn-galene.service
new file mode 100644
index 0000000..13c0687
--- /dev/null
+++ b/conf/coturn-galene.service
@@ -0,0 +1,27 @@
+[Unit]
+Description=coturn
+Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
+After=syslog.target network.target
+
+[Service]
+User=turnserver
+Group=turnserver
+Type=forking
+EnvironmentFile=/etc/default/coturn-__APP__
+PIDFile=/run/coturn-__APP__/turnserver.pid
+RuntimeDirectory=coturn-__APP__
+RuntimeDirectoryMode=0755
+ExecStart=/usr/bin/turnserver -o -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS
+ExecStopPost=/bin/rm -f /run/coturn-__APP__/turnserver.pid
+Restart=on-abort
+
+LimitCORE=infinity
+LimitNOFILE=999999
+LimitNPROC=60000
+LimitRTPRIO=infinity
+LimitRTTIME=7000000
+CPUSchedulingPolicy=other
+UMask=0007
+
+[Install]
+WantedBy=multi-user.target
diff --git a/conf/coturn/default_coturn b/conf/coturn/default_coturn
new file mode 100644
index 0000000..fc87269
--- /dev/null
+++ b/conf/coturn/default_coturn
@@ -0,0 +1,5 @@
+#
+# Uncomment it if you want to have the turnserver running as
+# an automatic system service daemon
+#
+TURNSERVER_ENABLED=1
diff --git a/conf/coturn/turnserver.conf b/conf/coturn/turnserver.conf
new file mode 100644
index 0000000..7483e7d
--- /dev/null
+++ b/conf/coturn/turnserver.conf
@@ -0,0 +1,28 @@
+lt-cred-mech
+use-auth-secret
+static-auth-secret=__TURNPWD__
+realm=__DOMAIN__
+
+tls-listening-port=__TLS_PORT__
+alt-tls-listening-port=__TLS_ALT_PORT__
+min-port=49153
+max-port=49193
+cli-port=__CLI_PORT__
+
+cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
+pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
+dh-file=/etc/ssl/private/dh2048.pem
+
+no-sslv2
+no-sslv3
+no-tlsv1
+no-tlsv1_1
+
+no-loopback-peers
+no-multicast-peers
+
+no-cli
+
+log-file=/var/log/matrix-__APP__/turnserver.log
+pidfile=/run/coturn-__APP__/turnserver.pid
+simple-log
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 0b5967b..3bf0e2a 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -15,6 +15,145 @@ pkg_dependencies="coturn"
# EXPERIMENTAL HELPERS
#=================================================
+# Send an email to inform the administrator
+#
+# usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type]
+# | arg: -m --app_message= - The file with the content to send to the administrator.
+# | arg: -r, --recipients= - The recipients of this email. Use spaces to separate multiples recipients. - default: root
+# example: "root admin@domain"
+# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you
+# example: "root admin@domain user1 user2"
+# | arg: -t, --type= - Type of mail, could be 'backup', 'change_url', 'install', 'remove', 'restore', 'upgrade'
+ynh_send_readme_to_admin() {
+ # Declare an array to define the options of this helper.
+ declare -Ar args_array=( [m]=app_message= [r]=recipients= [t]=type= )
+ local app_message
+ local recipients
+ local type
+ # Manage arguments with getopts
+
+ ynh_handle_getopts_args "$@"
+ app_message="${app_message:-}"
+ recipients="${recipients:-root}"
+ type="${type:-install}"
+
+ # Get the value of admin_mail_html
+ admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
+ admin_mail_html="${admin_mail_html:-0}"
+
+ # Retrieve the email of users
+ find_mails () {
+ local list_mails="$1"
+ local mail
+ local recipients=" "
+ # Read each mail in argument
+ for mail in $list_mails
+ do
+ # Keep root or a real email address as it is
+ if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@"
+ then
+ recipients="$recipients $mail"
+ else
+ # But replace an user name without a domain after by its email
+ if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null)
+ then
+ recipients="$recipients $mail"
+ fi
+ fi
+ done
+ echo "$recipients"
+ }
+ recipients=$(find_mails "$recipients")
+
+ # Subject base
+ local mail_subject="☁️🆈🅽🅷☁️: \`$app\`"
+
+ # Adapt the subject according to the type of mail required.
+ if [ "$type" = "backup" ]; then
+ mail_subject="$mail_subject has just been backup."
+ elif [ "$type" = "change_url" ]; then
+ mail_subject="$mail_subject has just been moved to a new URL!"
+ elif [ "$type" = "remove" ]; then
+ mail_subject="$mail_subject has just been removed!"
+ elif [ "$type" = "restore" ]; then
+ mail_subject="$mail_subject has just been restored!"
+ elif [ "$type" = "upgrade" ]; then
+ mail_subject="$mail_subject has just been upgraded!"
+ else # install
+ mail_subject="$mail_subject has just been installed!"
+ fi
+
+ local mail_message="This is an automated message from your beloved YunoHost server.
+
+Specific information for the application $app.
+
+$(if [ -n "$app_message" ]
+then
+ cat "$app_message"
+else
+ echo "...No specific information..."
+fi)
+
+---
+Automatic diagnosis data from YunoHost
+
+__PRE_TAG1__$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')__PRE_TAG2__"
+
+ # Store the message into a file for further modifications.
+ echo "$mail_message" > mail_to_send
+
+ # If a html email is required. Apply html tags to the message.
+ if [ "$admin_mail_html" -eq 1 ]
+ then
+ # Insert 'br' tags at each ending of lines.
+ ynh_replace_string "$" "
" mail_to_send
+
+ # Insert starting HTML tags
+ sed --in-place '1s@^@\n\n\n\n@' mail_to_send
+
+ # Keep tabulations
+ ynh_replace_string " " "\ \ " mail_to_send
+ ynh_replace_string "\t" "\ \ " mail_to_send
+
+ # Insert url links tags
+ ynh_replace_string "__URL_TAG1__\(.*\)__URL_TAG2__\(.*\)__URL_TAG3__" "\1" mail_to_send
+
+ # Insert pre tags
+ ynh_replace_string "__PRE_TAG1__" "" mail_to_send
+ ynh_replace_string "__PRE_TAG2__" "<\pre>" mail_to_send
+
+ # Insert finishing HTML tags
+ echo -e "\n\n" >> mail_to_send
+
+ # Otherwise, remove tags to keep a plain text.
+ else
+ # Remove URL tags
+ ynh_replace_string "__URL_TAG[1,3]__" "" mail_to_send
+ ynh_replace_string "__URL_TAG2__" ": " mail_to_send
+
+ # Remove PRE tags
+ ynh_replace_string "__PRE_TAG[1-2]__" "" mail_to_send
+ fi
+
+ # Define binary to use for mail command
+ if [ -e /usr/bin/bsd-mailx ]
+ then
+ local mail_bin=/usr/bin/bsd-mailx
+ else
+ local mail_bin=/usr/bin/mail.mailutils
+ fi
+
+ if [ "$admin_mail_html" -eq 1 ]
+ then
+ content_type="text/html"
+ else
+ content_type="text/plain"
+ fi
+
+ # Send the email to the recipients
+ cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients"
+}
+
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================
diff --git a/scripts/install b/scripts/install
index 763b6b6..2410643 100755
--- a/scripts/install
+++ b/scripts/install
@@ -64,17 +64,29 @@ ynh_script_progression --message="Finding an available port..." --weight=3
# Find an available port
port=$(ynh_find_port --port=8443)
+turnserver_tls_port=$(ynh_find_port --port=5349)
+turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
+cli_port=$(ynh_find_port --port=5766)
+
ynh_app_setting_set --app=$app --key=port --value=$port
# Open the port
-# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
+ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port
+ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
+ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
+
+# Store opened ports
+ynh_app_setting_set --app=$app --key=port --value=$port
+ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port
+ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
+ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
-#ynh_script_progression --message="Installing dependencies..." --time --weight=1
+ynh_script_progression --message="Installing dependencies..." --weight=5
-#ynh_install_app_dependencies $pkg_dependencies
+ynh_install_app_dependencies $pkg_dependencies
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
@@ -119,6 +131,10 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=1
# Create a dedicated systemd config
ynh_add_systemd_config
+# Create systemd service for turnserver
+cp ../conf/coturn/default_coturn /etc/default/coturn-$app
+ynh_add_systemd_config --service=coturn-$app --template=coturn-galene.service
+
#=================================================
# MODIFY A CONFIG FILE
#=================================================
@@ -141,6 +157,67 @@ ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --
ynh_store_file_checksum --file="$final_path/data/passwd"
ynh_store_file_checksum --file="$final_path/groups/$group_name.json"
+#=================================================
+# SET COTURN CONFIG
+#=================================================
+ynh_script_progression --message="Configuring coturn..." --weight=1
+
+# WARNING : theses command are used in INSTALL, UPGRADE
+# For any update do it in all files
+
+# Find password for turnserver
+ynh_print_OFF
+turnserver_pwd=$(ynh_string_random --length=30)
+ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
+ynh_print_ON
+
+coturn_config_path="/etc/$app/coturn.conf"
+
+cp ../conf/coturn/turnserver.conf "$coturn_config_path"
+
+ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
+ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
+ynh_print_OFF
+ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
+ynh_print_ON
+
+# Get public IP and set as external IP for coturn
+# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
+public_ip4="$(curl ip.yunohost.org)" || true
+public_ip6="$(curl ipv6.yunohost.org)" || true
+
+if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
+then
+ echo "external-ip=$public_ip4" >> "$coturn_config_path"
+fi
+
+if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
+then
+ echo "external-ip=$public_ip6" >> "$coturn_config_path"
+fi
+
+ynh_store_file_checksum --file="$coturn_config_path"
+
+#=================================================
+# SETUP LOGROTATE
+#=================================================
+ynh_script_progression --message="Configuring log rotation..." --weight=1
+
+ynh_use_logrotate --logfile "/var/log/$app"
+
+#=================================================
+# ADD SCRIPT FOR COTURN CRON AND APP SERVICE
+#=================================================
+
+# WARNING : theses command are used in INSTALL, UPGRADE
+# For any update do it in all files
+
+cp ../sources/Coturn_config_rotate.sh $final_path/
+ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
+
#=================================================
# GENERIC FINALIZATION
#=================================================
@@ -150,14 +227,9 @@ ynh_store_file_checksum --file="$final_path/groups/$group_name.json"
# Set permissions to app files
chown -R $app: $final_path
chmod -R 755 $final_path
-
-#=================================================
-# SETUP LOGROTATE
-#=================================================
-#ynh_script_progression --message="Configuring log rotation..." --time --weight=1
-
-# Use logrotate to manage application logfile(s)
-#ynh_use_logrotate
+chmod 770 $final_path/Coturn_config_rotate.sh
+setfacl -R -m user:turnserver:rX /etc/$app
+setfacl -R -m user:turnserver:rwX /var/log/$app
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
@@ -165,6 +237,7 @@ chmod -R 755 $final_path
ynh_script_progression --message="Integrating service in YunoHost..." --weight=2
yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log"
+yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
#=================================================
# START SYSTEMD SERVICE
@@ -172,7 +245,8 @@ yunohost service add $app --description="Videoconferencing server" --log="/var/l
ynh_script_progression --message="Starting a systemd service..." --weight=1
# Start a systemd service
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=coturn-$app.service --action=restart
+ynh_systemd_action --service_name=$app --action=restart --log_path="/var/log/$app/$app.log"
#=================================================
# SETUP SSOWAT
diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh
new file mode 100644
index 0000000..7c2d704
--- /dev/null
+++ b/sources/Coturn_config_rotate.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+app_instance=__APP__
+
+source /usr/share/yunohost/helpers
+
+external_IP_line="external-ip=__IPV4__,__IPV6__"
+
+public_ip4="$(curl ip.yunohost.org)" || true
+public_ip6="$(curl ipv6.yunohost.org)" || true
+
+if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
+then
+ echo "external-ip=$public_ip4" >> "$coturn_config_path"
+fi
+
+if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
+then
+ echo "external-ip=$public_ip6" >> "$coturn_config_path"
+fi
+
+old_config_line=$(egrep "^external-ip=.*\$" "/etc/matrix-$app_instance/coturn.conf")
+ynh_replace_string "^external-ip=.*\$" "$external_IP_line" "/etc/matrix-$app_instance/coturn.conf"
+new_config_line=$(egrep "^external-ip=.*\$" "/etc/matrix-$app_instance/coturn.conf")
+
+setfacl -R -m user:turnserver:rX /etc/matrix-$app_instance
+
+if [ "$old_config_line" != "$new_config_line" ]
+then
+ systemctl restart coturn-$app_instance.service
+fi
+
+exit 0