YunoHost-Apps/matrix-appservice-irc_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/matrix-appservice-irc_ynh.git synced 2024-09-03 19:36:37 +02:00
Code Issues Activity Actions

Restore previous repository's code

Browse source
This commit is contained in:
Salamandar 2023-01-29 20:25:18 +01:00
parent 6afe3d210d
commit 9a051845c9
18 changed files with 941 additions and 752 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.github/workflows/updater.sh vendored
View file

@ -34,7 +34,6 @@ fi
echo "Current version: $current_version"
echo "Latest release from upstream: $version"
echo "VERSION=$version" >> $GITHUB_ENV
echo "REPO=$repo" >> $GITHUB_ENV
# For the time being, let's assume the script will fail
echo "PROCEED=false" >> $GITHUB_ENV

70
README.md
View file

@ -1,84 +1,56 @@
# Packaging an app, starting from this example
* Copy this app before working on it, using the ['Use this template'](https://github.com/YunoHost/example_ynh/generate) button on the Github repo.
* Edit the `manifest.json` with app specific info.
* Edit the `install`, `upgrade`, `remove`, `backup`, and `restore` scripts, and any relevant conf files in `conf/`.
* Using the [script helpers documentation.](https://yunohost.org/packaging_apps_helpers)
* Add a `LICENSE` file for the package.
* Edit `doc/DISCLAIMER*.md`
* The `README.md` files are to be automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
---
<!--
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
It shall NOT be edited by hand.
-->
# Example app for YunoHost
# Matrix IRC Bridge for YunoHost
[![Integration level](https://dash.yunohost.org/integration/example.svg)](https://dash.yunohost.org/appci/app/example) ![Working status](https://ci-apps.yunohost.org/ci/badges/example.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/example.maintain.svg)
[![Install Example app with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=example)
[![Integration level](https://dash.yunohost.org/integration/matrix-appservice-irc.svg)](https://dash.yunohost.org/appci/app/matrix-appservice-irc) ![Working status](https://ci-apps.yunohost.org/ci/badges/matrix-appservice-irc.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/matrix-appservice-irc.maintain.svg)
[![Install Matrix IRC Bridge with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=matrix-appservice-irc)
*[Lire ce readme en français.](./README_fr.md)*
> *This package allows you to install Example app quickly and simply on a YunoHost server.
> *This package allows you to install Matrix IRC Bridge quickly and simply on a YunoHost server.
If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
## Overview
Some long and extensive description of what the app is and does, lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
This is an IRC bridge for Matrix. This bridge will pass all IRC messages through to Matrix, and all Matrix messages through to IRC. It is highly configurable and is currently used on the matrix.org homeserver to bridge a number of popular IRC networks.
### Features
- Ut enim ad minim veniam, quis nostrud exercitation ullamco ;
- Laboris nisi ut aliquip ex ea commodo consequat ;
- Duis aute irure dolor in reprehenderit in voluptate ;
- Velit esse cillum dolore eu fugiat nulla pariatur ;
- Excepteur sint occaecat cupidatat non proident, sunt in culpa."
- Merge Matrix rooms to IRC channels
- Full two-way communication in channels and direct messages
- Well-formated replies
**Shipped version:** 1.0~ynh1
**Demo:** https://demo.example.com
## Screenshots
![Screenshot of Example app](./doc/screenshots/example.jpg)
**Shipped version:** 0.32.1~ynh1
## Disclaimers / important information
* Any known limitations, constrains or stuff not working, such as (but not limited to):
* requiring a full dedicated domain ?
* architectures not supported ?
* not-working single-sign on or LDAP integration ?
* the app requires an important amount of RAM / disk / .. to install or to work properly
* etc...
WARNING: This bridge requires additional configuration in the configuration file.
* Other infos that people should be aware of, such as:
* any specific step to perform after installing (such as manually finishing the install, specific admin credentials, ...)
* how to configure / administrate the application if it ain't obvious
* upgrade process / specificities / things to be aware of ?
* security considerations ?
* You need a local Matrix-synapse server (Yunohost app available)
* No connection to the Yunohost LDAP
## Documentation and resources
* Official app website: <https://example.com>
* Official user documentation: <https://yunohost.org/apps>
* Official admin documentation: <https://yunohost.org/packaging_apps>
* Upstream app code repository: <https://some.forge.com/example/example>
* YunoHost documentation for this app: <https://yunohost.org/app_example>
* Report a bug: <https://github.com/YunoHost-Apps/example_ynh/issues>
* Official app website: <https://github.com/matrix-org/matrix-appservice-irc>
* Official user documentation: <https://matrix-org.github.io/matrix-appservice-irc/latest/usage>
* Official admin documentation: <https://matrix-org.github.io/matrix-appservice-irc/latest/bridge_setup>
* Upstream app code repository: <https://github.com/matrix-org/matrix-appservice-irc>
* YunoHost documentation for this app: <https://yunohost.org/app_matrix-appservice-irc>
* Report a bug: <https://github.com/YunoHost-Apps/matrix-appservice-irc_ynh/issues>
## Developer info
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/example_ynh/tree/testing).
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/matrix-appservice-irc_ynh/tree/testing).
To try the testing branch, please proceed like that.
``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/example_ynh/tree/testing --debug
sudo yunohost app install https://github.com/YunoHost-Apps/matrix-appservice-irc_ynh/tree/testing --debug
or
sudo yunohost app upgrade example -u https://github.com/YunoHost-Apps/example_ynh/tree/testing --debug
sudo yunohost app upgrade matrix-appservice-irc -u https://github.com/YunoHost-Apps/matrix-appservice-irc_ynh/tree/testing --debug
```
**More info regarding app packaging:** <https://yunohost.org/packaging_apps>

59
README_fr.md
View file

@ -3,71 +3,54 @@ N.B.: This README was automatically generated by https://github.com/YunoHost/app
It shall NOT be edited by hand.
-->
# Example app pour YunoHost
# Matrix IRC Bridge pour YunoHost
[![Niveau dintégration](https://dash.yunohost.org/integration/example.svg)](https://dash.yunohost.org/appci/app/example) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/example.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/example.maintain.svg)
[![Installer Example app avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=example)
[![Niveau dintégration](https://dash.yunohost.org/integration/matrix-appservice-irc.svg)](https://dash.yunohost.org/appci/app/matrix-appservice-irc) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/matrix-appservice-irc.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/matrix-appservice-irc.maintain.svg)
[![Installer Matrix IRC Bridge avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=matrix-appservice-irc)
*[Read this readme in english.](./README.md)*
> *Ce package vous permet dinstaller Example app rapidement et simplement sur un serveur YunoHost.
> *Ce package vous permet dinstaller Matrix IRC Bridge rapidement et simplement sur un serveur YunoHost.
Si vous navez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment linstaller et en profiter.*
## Vue densemble
Some long and extensive description of what the app is and does, lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
Ceci est une passerelle IRC pour Matrix. Cette passerelle passe tous les messages IRC à Matrix, et tous les messages Matrix à IRC. Elle est hautement configurable, et est actuellement uilisée par le serveur de Matrix.org pour connecter certains réseaux IRC populaires.
### Features
- Ut enim ad minim veniam, quis nostrud exercitation ullamco ;
- Laboris nisi ut aliquip ex ea commodo consequat ;
- Duis aute irure dolor in reprehenderit in voluptate ;
- Velit esse cillum dolore eu fugiat nulla pariatur ;
- Excepteur sint occaecat cupidatat non proident, sunt in culpa."
- Connection de salons Matrix à des canaux IRC
- Communication complète bidirectionnelle dans les canaux et messages directs
- Réponses formattées proprement
**Version incluse :** 1.0~ynh1
**Démo :** https://demo.example.com
## Captures décran
![Capture décran de Example app](./doc/screenshots/example.jpg)
**Version incluse :** 0.32.1~ynh1
## Avertissements / informations importantes
* Any known limitations, constrains or stuff not working, such as (but not limited to):
* requiring a full dedicated domain ?
* architectures not supported ?
* not-working single-sign on or LDAP integration ?
* the app requires an important amount of RAM / disk / .. to install or to work properly
* etc...
ATTENTION : Cette passerelle requiert une configuration supplémentaire dans son fichier de configuration.
* Other infos that people should be aware of, such as:
* any specific step to perform after installing (such as manually finishing the install, specific admin credentials, ...)
* how to configure / administrate the application if it ain't obvious
* upgrade process / specificities / things to be aware of ?
* security considerations ?
* Vous avez besoin d'un serveur local Matrix-Synapse (appli Yunohost disponible)
* Aucune connection au LDAP de Yunohost
## Documentations et ressources
* Site officiel de lapp : <https://example.com>
* Documentation officielle utilisateur : <https://yunohost.org/apps>
* Documentation officielle de ladmin : <https://yunohost.org/packaging_apps>
* Dépôt de code officiel de lapp : <https://some.forge.com/example/example>
* Documentation YunoHost pour cette app : <https://yunohost.org/app_example>
* Signaler un bug : <https://github.com/YunoHost-Apps/example_ynh/issues>
* Site officiel de lapp : <https://github.com/matrix-org/matrix-appservice-irc>
* Documentation officielle utilisateur : <https://matrix-org.github.io/matrix-appservice-irc/latest/usage>
* Documentation officielle de ladmin : <https://matrix-org.github.io/matrix-appservice-irc/latest/bridge_setup>
* Dépôt de code officiel de lapp : <https://github.com/matrix-org/matrix-appservice-irc>
* Documentation YunoHost pour cette app : <https://yunohost.org/app_matrix-appservice-irc>
* Signaler un bug : <https://github.com/YunoHost-Apps/matrix-appservice-irc_ynh/issues>
## Informations pour les développeurs
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/example_ynh/tree/testing).
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/matrix-appservice-irc_ynh/tree/testing).
Pour essayer la branche testing, procédez comme suit.
``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/example_ynh/tree/testing --debug
sudo yunohost app install https://github.com/YunoHost-Apps/matrix-appservice-irc_ynh/tree/testing --debug
ou
sudo yunohost app upgrade example -u https://github.com/YunoHost-Apps/example_ynh/tree/testing --debug
sudo yunohost app upgrade matrix-appservice-irc -u https://github.com/YunoHost-Apps/matrix-appservice-irc_ynh/tree/testing --debug
```
**Plus dinfos sur le packaging dapplications :** <https://yunohost.org/packaging_apps>

6
check_process
View file

@ -7,9 +7,9 @@
; Manifest
domain="domain.tld"
path="/path"
is_public=1
language="fr"
admin="john"
language="fr"
is_public=1
password="1Strong-Password"
port="666"
; Checks
@ -31,4 +31,4 @@ Notification=none
;;; Upgrade options
; commit=CommitHash
name=Name and date of the commit.
manifest_arg=domain=DOMAIN&path=PATH&is_public=1&language=fr&admin=USER&password=pass&port=666&
manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666&

4
conf/app.src
View file

@ -1,5 +1,5 @@
SOURCE_URL=url of app's source
SOURCE_SUM=sha256 checksum
SOURCE_URL=https://github.com/matrix-org/matrix-appservice-irc/archive/refs/tags/0.32.1.tar.gz
SOURCE_SUM=b3a9fec362e6dda535043c1edfcb2f405e5690e2e0d25f99db903d164a10774e
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true

657
conf/config.yaml Normal file
View file

@ -0,0 +1,657 @@
# GENERATED BY YUNOHOST FROM UPSTREAM VERSION 0.32.1
# Configuration specific to AS registration. Unless other marked, all fields
# are *REQUIRED*.
# Unless otherwise specified, these keys CANNOT be hot-reloaded.
homeserver:
# The URL to the home server for client-server API calls, also used to form the
# media URLs as displayed in bridged IRC channels:
url: "https://__DOMAIN__"
#
# The URL of the homeserver hosting media files. This is only used to transform
# mxc URIs to http URIs when bridging m.room.[file|image] events. Optional. By
# default, this is the homeserver URL, specified above.
# This key CAN be hot-reloaded.
# media_url: "http://media.repo:8008"
# Drop Matrix messages which are older than this number of seconds, according to
# the event's origin_server_ts.
# If the bridge is down for a while, the homeserver will attempt to send all missed
# events on reconnection. These events may be hours old, which can be confusing to
# IRC users if they are then bridged. This option allows these old messages to be
# dropped.
# CAUTION: This is a very coarse heuristic. Federated homeservers may have different
# clock times and hence produce different origin_server_ts values, which may be old
# enough to cause *all* events from the homeserver to be dropped.
# Default: 0 (don't ever drop)
# This key CAN be hot-reloaded.
# dropMatrixMessagesAfterSecs: 300 # 5 minutes
# The 'domain' part for user IDs on this home server. Usually (but not always)
# is the "domain name" part of the HS URL.
domain: "__SERVER_NAME__"
# Should presence be enabled for matrix clients on this bridge. If disabled on the
# homeserver then it should also be disabled here to avoid excess traffic.
# Default: true
enablePresence: true
# Which port should the appservice bind to. Can be overriden by the one provided in the
# command line! Optional.
# bindPort: 9999
# Use this option to force the appservice to listen on another hostname for transactions.
# This is NOT your synapse hostname. E.g. use 127.0.0.1 to only listen locally. Optional.
# bindHostname: 0.0.0.0
# Configuration specific to the IRC service
ircService:
# All server keys can be hot-reloaded, however existing IRC connections
# will not have changes applied to them.
servers: {}
# This is a dummy key just to provide an IRC server example.
servers_example:
# The address of the server to connect to.
irc.example.com:
# A human-readable short name. This is used to label IRC status rooms
# where matrix users control their connections.
# E.g. 'ExampleNet IRC Bridge status'.
# It is also used in the Third Party Lookup API as the instance `desc`
# property, where each server is an instance.
name: "ExampleNet"
# Additional addresses to connect to, used for load balancing between IRCDs.
additionalAddresses: [ "irc2.example.com" ]
# Typically additionalAddresses would be in addition to the address key given above,
# but some configurations wish to exclusively use additional addresses while reserving
# the top key for identification purposes. Set this to true to exclusively use the
# additionalAddresses array when connecting to servers.
onlyAdditionalAddresses: false
#
# [DEPRECATED] Use `name`, above, instead.
# A human-readable description string
# description: "Example.com IRC network"
# An ID for uniquely identifying this server amongst other servers being bridged.
# networkId: "example"
# MXC URL to an icon used as the network icon whenever this network appear in
# a network list. (Like in the Element room directory, for instance.)
# icon: mxc://matrix.org/LpsSLrbANVrEIEOgEaVteItf
# The port to connect to. Optional.
port: 6697
# Whether to use SSL or not. Default: false.
ssl: true
# Whether or not IRC server is using a self-signed cert or not providing CA Chain
sslselfsign: false
# Should the connection attempt to identify via SASL (if a server or user password is given)
# If false, this will use PASS instead. If SASL fails, we do not fallback to PASS.
sasl: false
# Whether to allow expired certs when connecting to the IRC server.
# Usually this should be off. Default: false.
allowExpiredCerts: false
# Set additional TLS options for the connections to the IRC server.
tlsOptions: {}
# A specific CA to trust instead of the default CAs. Optional.
#ca: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
# Server name for the SNI (Server Name Indication) TLS extension. If the address you
# are using does not report the correct certificate name, you can override it here.
# servername: real.server.name
# ...or any options in https://nodejs.org/api/tls.html#tls_tls_connect_options_callback
#
# The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional.
# password: 'pa$$w0rd'
#
# Whether or not to send connection/error notices to real Matrix users. Default: true.
sendConnectionMessages: true
quitDebounce:
# Whether parts due to net-splits are debounced for delayMs, to allow
# time for the netsplit to resolve itself. A netsplit is detected as being
# a QUIT rate higher than quitsPerSecond. Default: false.
enabled: false
# The maximum number of quits per second acceptable above which a netsplit is
# considered ongoing. Default: 5.
quitsPerSecond: 5
# The time window in which to wait before bridging a QUIT to Matrix that occurred during
# a netsplit. Debouncing is jittered randomly between delayMinMs and delayMaxMs so that the HS
# is not sent many requests to leave rooms all at once if a netsplit occurs and many
# people to not rejoin.
# If the user with the same IRC nick as the one who sent the quit rejoins a channel
# they are considered back online and the quit is not bridged, so long as the rejoin
# occurs before the randomly-jittered timeout is not reached.
# Default: 3600000, = 1h
delayMinMs: 3600000 # 1h
# Default: 7200000, = 2h
delayMaxMs: 7200000 # 2h
# A map for conversion of IRC user modes to Matrix power levels. This enables bridging
# of IRC ops to Matrix power levels only, it does not enable the reverse. If a user has
# been given multiple modes, the one that maps to the highest power level will be used.
modePowerMap:
o: 50
v: 1
botConfig:
# Enable the presence of the bot in IRC channels. The bot serves as the entity
# which maps from IRC -> Matrix. You can disable the bot entirely which
# means IRC -> Matrix chat will be shared by active "M-Nick" connections
# in the room. If there are no users in the room (or if there are users
# but their connections are not on IRC) then nothing will be bridged to
# Matrix. If you're concerned about the bot being treated as a "logger"
# entity, then you may want to disable the bot. If you want IRC->Matrix
# but don't want to have TCP connections to IRC unless a Matrix user speaks
# (because your client connection limit is low), then you may want to keep
# the bot enabled. Default: true.
# NB: If the bot is disabled, you SHOULD have matrix-to-IRC syncing turned
# on, else there will be no users and no bot in a channel (meaning no
# messages to Matrix!) until a Matrix user speaks which makes a client
# join the target IRC channel.
# NBB: The bridge bot IRC client will still join the target IRC network so
# it can service bridge-specific queries from the IRC-side e.g. so
# real IRC clients have a way to change their Matrix display name.
# See https://github.com/matrix-org/matrix-appservice-irc/issues/55
enabled: true
# The nickname to give the AS bot.
nick: "MatrixBot"
# The username to give to the AS bot. Defaults to "matrixbot"
username: "matrixbot"
# The password to give to NickServ or IRC Server for this nick. Optional.
# password: "helloworld"
#
# Join channels even if there are no Matrix users on the other side of
# the bridge. Set to false to prevent the bot from joining channels which have no
# real matrix users in them, even if there is a mapping for the channel.
# Default: true
joinChannelsIfNoUsers: true
# Configuration for PMs / private 1:1 communications between users.
privateMessages:
# Enable the ability for PMs to be sent to/from IRC/Matrix.
# Default: true.
enabled: true
# Prevent Matrix users from sending PMs to the following IRC nicks.
# Optional. Default: [].
# exclude: ["Alice", "Bob"] # NOT YET IMPLEMENTED
# Should created Matrix PM rooms be federated? If false, only users on the
# HS attached to this AS will be able to interact with this room.
# Optional. Default: true.
federate: true
# Configuration for mappings not explicitly listed in the 'mappings'
# section.
dynamicChannels:
# Enable the ability for Matrix users to join *any* channel on this IRC
# network.
# Default: false.
enabled: true
# Should the AS create a room alias for the new Matrix room? The form of
# the alias can be modified via 'aliasTemplate'. Default: true.
createAlias: true
# Should the AS publish the new Matrix room to the public room list so
# anyone can see it? Default: true.
published: true
# Publish the rooms to the homeserver directory, as oppose to the appservice
# room directory. Only used if `published` is on.
# Default: false
useHomeserverDirectory: true
# What should the join_rule be for the new Matrix room? If 'public',
# anyone can join the room. If 'invite', only users with an invite can
# join the room. Note that if an IRC channel has +k or +i set on it,
# join_rules will be set to 'invite' until these modes are removed.
# Default: "public".
joinRule: public
# This will set the m.room.related_groups state event in newly created rooms
# with the given groupId. This means flares will show up on IRC users in those rooms.
# This should be set to the same thing as namespaces.users.group_id in irc_registration.
# This does not alter existing rooms.
# Leaving this option empty will not set the event.
groupId: +myircnetwork:localhost
# Should created Matrix rooms be federated? If false, only users on the
# HS attached to this AS will be able to interact with this room.
# Default: true.
federate: true
# Force this room version when creating IRC channels. Beware if the homeserver doesn't
# support the room version then the request will fail. By default, no version is requested.
# roomVersion: "1"
# The room alias template to apply when creating new aliases. This only
# applies if createAlias is 'true'. The following variables are exposed:
# $SERVER => The IRC server address (e.g. "irc.example.com")
# $CHANNEL => The IRC channel (e.g. "#python")
# This MUST have $CHANNEL somewhere in it.
#
# In certain circumstances you might want to bridge your whole IRC network as a
# homeserver (e.g. #matrix:libera.chat). For these use cases, you can set the
# template to just be $CHANNEL. Doing so will preclude you from supporting
# other prefix characters though.
#
# Default: '#irc_$SERVER_$CHANNEL'
aliasTemplate: "#irc_$CHANNEL"
# A list of user IDs which the AS bot will send invites to in response
# to a !join. Only applies if joinRule is 'invite'. Default: []
# whitelist:
# - "@foo:example.com"
# - "@bar:example.com"
#
# Prevent the given list of channels from being mapped under any
# circumstances.
# exclude: ["#foo", "#bar"]
# excludedUsers:
# - regex: "@.*:evilcorp.com"
# kickReason: "We don't like Evilcorp"
# Configuration for controlling how Matrix and IRC membership lists are
# synced.
membershipLists:
# Enable the syncing of membership lists between IRC and Matrix. This
# can have a significant effect on performance on startup as the lists are
# synced. This must be enabled for anything else in this section to take
# effect. Default: false.
enabled: false
# Syncing membership lists at startup can result in hundreds of members to
# process all at once. This timer drip feeds membership entries at the
# specified rate. Default: 10000. (10s)
floodDelayMs: 10000
global:
ircToMatrix:
# Get a snapshot of all real IRC users on a channel (via NAMES) and
# join their virtual matrix clients to the room.
initial: false
# Make virtual matrix clients join and leave rooms as their real IRC
# counterparts join/part channels. Default: false.
incremental: false
# Should the bridge check if all Matrix users are connected to IRC and
# joined to the channel before relaying messages into the room.
#
# This is considered a safety net to avoid any leakages by the bridge to
# unconnected users, but given it ignores all IRC messages while users
# are still connecting it may be overkill.
requireMatrixJoined: false
matrixToIrc:
# Get a snapshot of all real Matrix users in the room and join all of
# them to the mapped IRC channel on startup. Default: false.
initial: false
# Make virtual IRC clients join and leave channels as their real Matrix
# counterparts join/leave rooms. Make sure your 'maxClients' value is
# high enough! Default: false.
incremental: false
# Apply specific rules to Matrix rooms. Only matrix-to-IRC takes effect.
rooms:
- room: "!fuasirouddJoxtwfge:localhost"
matrixToIrc:
initial: false
incremental: false
# Apply specific rules to IRC channels. Only IRC-to-matrix takes effect.
channels:
- channel: "#foo"
ircToMatrix:
initial: false
incremental: false
requireMatrixJoined: false
# Should the bridge ignore users which are not considered active on the bridge
# during startup
ignoreIdleUsersOnStartup:
enabled: true
# How many hours can a user be considered idle for before they are considered
# ignoreable
idleForHours: 720
# A regex which will exclude matching MXIDs from this check.
exclude: "foobar"
mappings:
# 1:many mappings from IRC channels to room IDs on this IRC server.
# The matrix room must already exist. Your matrix client should expose
# the room ID in a "settings" page for the room.
"#thepub":
roomIds: ["!kieouiJuedJoxtVdaG:localhost"]
# Channel key/password to use. Optional. If provided, matrix users do
# not need to know the channel key in order to join the channel.
# key: "secret"
# Configuration for virtual matrix users. The following variables are
# exposed:
# $NICK => The IRC nick
# $SERVER => The IRC server address (e.g. "irc.example.com")
matrixClients:
# The user ID template to use when creating virtual matrix users. This
# MUST start with an @ and have $NICK somewhere in it.
# Optional. Default: "@$SERVER_$NICK".
# Example: "@irc.example.com_Alice:example.com"
userTemplate: "@irc_$NICK"
# The display name to use for created matrix clients. This should have
# $NICK somewhere in it if it is specified. Can also use $SERVER to
# insert the IRC domain.
# Optional. Default: "$NICK (IRC)". Example: "Alice (IRC)"
displayName: "$NICK (IRC)"
# Number of tries a client can attempt to join a room before the request
# is discarded. You can also use -1 to never retry or 0 to never give up.
# Optional. Default: -1
joinAttempts: -1
# Configuration for virtual IRC users. The following variables are exposed:
# $LOCALPART => The user ID localpart ("alice" in @alice:localhost)
# $USERID => The user ID
# $DISPLAY => The display name of this user, with excluded characters
# (e.g. space) removed. If the user has no display name, this
# falls back to $LOCALPART.
ircClients:
# The template to apply to every IRC client nick. This MUST have either
# $DISPLAY or $USERID or $LOCALPART somewhere in it.
# Optional. Default: "M-$DISPLAY". Example: "M-Alice".
nickTemplate: "$DISPLAY[m]"
# True to allow virtual IRC clients to change their nick on this server
# by issuing !nick <server> <nick> commands to the IRC AS bot.
# This is completely freeform: it will NOT follow the nickTemplate.
allowNickChanges: true
# The max number of IRC clients that will connect. If the limit is
# reached, the client that spoke the longest time ago will be
# disconnected and replaced.
# Optional. Default: 30.
maxClients: 30
# IPv6 configuration.
ipv6:
# Optional. Set to true to force IPv6 for outgoing connections.
only: false
# Optional. The IPv6 prefix to use for generating unique addresses for each
# connected user. If not specified, all users will connect from the same
# (default) address. This may require additional OS-specific work to allow
# for the node process to bind to multiple different source addresses
# Linux kernels 4.3+ support sysctl net.ipv6.ip_nonlocal_bind=1
# Older kernels will need IP_FREEBIND, which requires an LD_PRELOAD with the library
# https://github.com/matrix-org/freebindfree as Node does not expose setsockopt.
# prefix: "2001:0db8:85a3::" # modify appropriately
#
# The maximum amount of time in seconds that the client can exist
# without sending another message before being disconnected. Use 0 to
# not apply an idle timeout. This value is ignored if this IRC server is
# mirroring matrix membership lists to IRC. Default: 172800 (48 hours)
idleTimeout: 10800
# The number of millseconds to wait between consecutive reconnections if a
# client gets disconnected. Setting to 0 will cause the scheduling to be
# disabled, i.e. it will be scheduled immediately (with jitter.
# Otherwise, the scheduling interval will be used such that one client
# reconnect for this server will be handled every reconnectIntervalMs ms using
# a FIFO queue.
# Default: 5000 (5 seconds)
reconnectIntervalMs: 5000
# The number of concurrent reconnects if a user has been disconnected unexpectedly
# (e.g. a netsplit). You should set this to a reasonably high number so that
# bridges are not waiting an eternity to reconnect all its clients if
# we see a massive number of disconnect. This is unrelated to the reconnectIntervalMs
# setting above which is for connecting on restart of the bridge. Set to 0 to
# immediately try to reconnect all users.
# Default: 50
concurrentReconnectLimit: 50
# The number of lines to allow being sent by the IRC client that has received
# a large block of text to send from matrix. If the number of lines that would
# be sent is > lineLimit, the text will instead be uploaded to matrix and the
# resulting URI is treated as a file. As such, a link will be sent to the IRC
# side instead of potentially spamming IRC and getting the IRC client kicked.
# Default: 3.
lineLimit: 3
# A list of user modes to set on every IRC client. For example, "RiG" would set
# +R, +i and +G on every IRC connection when they have successfully connected.
# User modes vary wildly depending on the IRC network you're connecting to,
# so check before setting this value. Some modes may not work as intended
# through the bridge e.g. caller ID as there is no way to /ACCEPT.
# Default: "" (no user modes)
# userModes: "R"
# The format of the realname defined for users, either mxid or reverse-mxid
realnameFormat: "mxid"
# The minimum time to wait between connection attempts if we were disconnected
# due to throttling.
# pingTimeoutMs: 600000
# The rate at which to send pings to the IRCd if the client is being quiet for a while.
# Whilst the IRCd *should* be sending pings to us to keep the connection alive, it appears
# that sometimes they don't get around to it and end up ping timing us out.
# pingRateMs: 60000
# Choose which conditions the IRC bridge should kick Matrix users for. Decisions to this from
# defaults should be taken with care as it may dishonestly repesent Matrix users on the IRC
# network, and cause your bridge to be banned.
kickOn:
# Kick a Matrix user from a bridged room if they fail to join the IRC channel.
channelJoinFailure: true
# Kick a Matrix user from ALL rooms if they are unable to get connected to IRC.
ircConnectionFailure: true
# Kick a Matrix user from ALL rooms if they choose to QUIT the IRC network.
userQuit: true
# Set information about the bridged channel in the room state, so that client's may
# present relevant UI to the user. MSC2346
bridgeInfoState:
enabled: false
initial: false
# Configuration for an ident server. If you are running a public bridge it is
# advised you setup an ident server so IRC mods can ban specific matrix users
# rather than the application service itself.
# This key CANNOT be hot-reloaded
ident:
# True to listen for Ident requests and respond with the
# matrix user's user_id (converted to ASCII, respecting RFC 1413).
# Default: false.
enabled: false
# The port to listen on for incoming ident requests.
# Ports below 1024 require root to listen on, and you may not want this to
# run as root. Instead, you can get something like an Apache to yank up
# incoming requests to 113 to a high numbered port. Set the port to listen
# on instead of 113 here.
# Default: 113.
port: 1113
# The address to listen on for incoming ident requests.
# Default: 0.0.0.0
address: "::"
# Encoding fallback - which text encoding to try if text is not UTF-8. Default: not set.
# List of supported encodings: https://www.npmjs.com/package/iconv#supported-encodings
# encodingFallback: "ISO-8859-15"
# Configuration for logging. Optional. Default: console debug level logging
# only.
# This key CANNOT be hot-reloaded
logging:
# Level to log on console/logfile. One of error|warn|info|debug
level: "warn"
# The file location to log to. This is relative to the project directory.
logfile: "/var/log/__APP__/__APP__.log"
# The file location to log errors to. This is relative to the project
# directory.
errfile: "errors.log"
# Whether to log to the console or not.
toConsole: true
# The max number of files to keep. Files will be overwritten eventually due
# to rotations.
maxFiles: 5
# Metrics will then be available via GET /metrics on the bridge listening port (-p).
# This key CANNOT be hot-reloaded
metrics:
# Whether to actually enable the metric endpoint. Default: false
enabled: true
# Which port to listen on (omit to listen on the bindPort)
port: 7001
# Which hostname to listen on (omit to listen on 127.0.0.1), requires port to be set
host: 127.0.0.1
# When determining activeness of remote and matrix users, cut off at this number of hours.
userActivityThresholdHours: 72 # 3 days
# When collecting remote user active times, which "buckets" should be used. Defaults are given below.
# The bucket name is formed of a duration and a period. (h=hours,d=days,w=weeks).
remoteUserAgeBuckets:
- "1h"
- "1d"
- "1w"
# Configuration options for the debug HTTP API. To access this API, you must
# append ?access_token=$APPSERVICE_TOKEN (from the registration file) to the requests.
#
# The debug API exposes the following endpoints:
#
# GET /irc/$domain/user/$user_id => Return internal state for the IRC client for this user ID.
#
# POST /irc/$domain/user/$user_id => Issue a raw IRC command down this connection.
# Format: new line delimited commands as per IRC protocol.
#
# This key CANNOT be hot-reloaded
debugApi:
# True to enable the HTTP API endpoint. Default: false.
enabled: false
# The port to host the HTTP API.
port: 11100
# Configuration for the provisioning API.
#
# GET /_matrix/provision/link
# GET /_matrix/provision/unlink
# GET /_matrix/provision/listlinks
#
# This key CANNOT be hot-reloaded
provisioning:
# True to enable the provisioning HTTP endpoint. Default: false.
enabled: false
# The number of seconds to wait before giving up on getting a response from
# an IRC channel operator. If the channel operator does not respond within the
# allotted time period, the provisioning request will fail.
# Default: 300 seconds (5 mins)
requestTimeoutSeconds: 300
# When provisioning a room, disallow rooms that match these critera
rules:
# The bridge checks the joined members of a propective room and checks to see
# if any users matching these regex sets are in the room. `exempt` users never
# match, and will be ignored. If any user matches `conflict`, the room will not
# be allowed to be bridged until the user is removed. Both sets take a regular expression.
userIds:
exempt:
# These users never conflict, even if matching
- "@doubleagent:badguys.com"
conflict:
# These users will deny a room from being bridged.
- "@.*:badguys.com"
# Watch the file for changes, and apply the rules. Default: false
enableReload: true
# Number of channels allowed to be bridged
roomLimit: 50
# WARNING: The bridge needs to send plaintext passwords to the IRC server, it cannot
# send a password hash. As a result, passwords (NOT hashes) are stored encrypted in
# the database.
#
# To generate a .pem file:
# $ openssl genpkey -out passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
#
# The path to the RSA PEM-formatted private key to use when encrypting IRC passwords
# for storage in the database. Passwords are stored by using the admin room command
# `!storepass server.name passw0rd. When a connection is made to IRC on behalf of
# the Matrix user, this password will be sent as the server password (PASS command).
# This key CANNOT be hot-reloaded
passwordEncryptionKeyPath: "passkey.pem"
# Config for Matrix -> IRC bridging
# This key CANNOT be hot-reloaded
matrixHandler:
# Cache this many matrix events in memory to be used for m.relates_to messages (usually replies).
eventCacheSize: 4096
# format of replies sent shortly after the original message
shortReplyTemplate: "$NICK: $REPLY"
# format of replies sent a while after the original message
longReplyTemplate: "<$NICK> \"$ORIGINAL\" <- $REPLY"
# how much time needs to pass between the reply and the original message to switch to the long format
shortReplyTresholdSeconds: 300
# Maximum number of montly active users, beyond which the bridge gets blocked (both ways)
# RMAUlimit: 100
# userActivity:
# The "grace period" before we start counting users as active
# minUserActiveDays: 1
# Time before users are considered inactive again
# inactiveAfterDays: 30
ircHandler:
# Should we attempt to match an IRC side mention (nickaname match)
# with the nickname's owner's matrixId, if we are bridging them?
# "on" - Defaults to enabled, users can choose to disable.
# "off" - Defaults to disabled, users can choose to enable.
# "force-off" - Disabled, cannot be enabled.
mapIrcMentionsToMatrix: "on" # This can be "on", "off", "force-off".
# When handling lots of mode changes, wait this long before setting a power level
# event in order to batch together changes
# powerLevelGracePeriod: 1000
# Map of permissions from user/domain/wildcard to permission level.
# This is currently used to allow/disallow use of admin commands
# from the admin room but may be expanded in the future to contain more
# options. Currently, you may either set the value to be 'admin', or leave the key
# out to imply that the user does not have special permissions.
# UserID takes precedence over domain, which takes precedence over wildcard.
permissions:
"__BOTADMIN__": admin
# '*': admin
# 'matrix.org': admin
# '@fibble:matrix.org': admin
# Allow room moderators to adjust the configuration of the bridge via room state.
# See docs/room_commands.md
# Optional: Off by default
perRoomConfig:
# Should the bridge use per-room configuration state. If false, the state
# events will be ignored.
enabled: false
# The maximum number that can be set for the `lineLimit` configuration option
# lineLimitMax: 5
# Allow matrix admins to disable or require Matrix users to be connected to the
# channel before any messages can be bridged. i.e. this is the per room
# version of `membershipLists.[].ircToMatrix.requireMatrixJoined`.
#
# If this is true, configuration in the room state will take priority over
# the configuration in the config file.
# allowUnconnectedMatrixUsers: true
# Options here are generally only applicable to large-scale bridges and may have
# consequences greater than other options in this configuration file.
advanced:
# The maximum number of HTTP(S) sockets to maintain. Usually this is unlimited
# however for large bridges it is important to rate limit the bridge to avoid
# accidentally overloading the homeserver. Defaults to 1000, which should be
# enough for the vast majority of use cases.
# This key CAN be hot-reloaded
maxHttpSockets: 1000
# Max size of an appservice transaction payload, in bytes. Defaults to 10Mb
# This key CANNOT be hot-reloaded.
maxTxnSize: 10000000
# Capture information to a sentry.io instance
# This key CANNOT be hot-reloaded.
sentry:
enabled: false
dsn: "https://<key>@sentry.io/<project>"
# Optional. A tag to specify the production environment. Not set by default
# environment: ""
# Optional. A tag to specify the server name. Not set by default
# serverName: ""
# Use an external database to store bridge state.
# This key CANNOT be hot-reloaded.
database:
# database engine (must be 'postgres' or 'nedb'). Default: nedb
engine: "postgres"
# Either a PostgreSQL connection string, or a path to the NeDB storage directory.
# For postgres, it must start with postgres://
# For NeDB, it must start with nedb://. The path is relative to the project directory.
connectionString: "postgres://__DB_NAME__:__DB_PWD__@localhost:5432/__DB_NAME__"

15
conf/systemd.service
View file

@ -1,13 +1,14 @@
[Unit]
Description=Small description of the service
After=network.target
Description=Matrix - IRC Bridge
After=matrix-synapse.target
[Service]
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__/
ExecStart=__FINALPATH__/script
Environment="__YNH_NODE_LOAD_PATH__"
ExecStart=__FINALPATH__/bin/matrix-appservice-irc -c __FINALPATH__/config.yaml
StandardOutput=append:/var/log/__APP__/__APP__.log
StandardError=inherit
@ -18,20 +19,16 @@ StandardError=inherit
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectClock=yes
ProtectHostname=yes
ProtectProc=invisible
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallArchitectures=native
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html

10
doc/DESCRIPTION.md
View file

@ -1,9 +1,7 @@
Some long and extensive description of what the app is and does, lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.
This is an IRC bridge for Matrix. This bridge will pass all IRC messages through to Matrix, and all Matrix messages through to IRC. It is highly configurable and is currently used on the matrix.org homeserver to bridge a number of popular IRC networks.
### Features
- Ut enim ad minim veniam, quis nostrud exercitation ullamco ;
- Laboris nisi ut aliquip ex ea commodo consequat ;
- Duis aute irure dolor in reprehenderit in voluptate ;
- Velit esse cillum dolore eu fugiat nulla pariatur ;
- Excepteur sint occaecat cupidatat non proident, sunt in culpa."
- Merge Matrix rooms to IRC channels
- Full two-way communication in channels and direct messages
- Well-formated replies

7
doc/DESCRIPTION_fr.md Normal file
View file

@ -0,0 +1,7 @@
Ceci est une passerelle IRC pour Matrix. Cette passerelle passe tous les messages IRC à Matrix, et tous les messages Matrix à IRC. Elle est hautement configurable, et est actuellement uilisée par le serveur de Matrix.org pour connecter certains réseaux IRC populaires.
### Features
- Connection de salons Matrix à des canaux IRC
- Communication complète bidirectionnelle dans les canaux et messages directs
- Réponses formattées proprement

14
doc/DISCLAIMER.md
View file

@ -1,12 +1,4 @@
* Any known limitations, constrains or stuff not working, such as (but not limited to):
* requiring a full dedicated domain ?
* architectures not supported ?
* not-working single-sign on or LDAP integration ?
* the app requires an important amount of RAM / disk / .. to install or to work properly
* etc...
WARNING: This bridge requires additional configuration in the configuration file.
* Other infos that people should be aware of, such as:
* any specific step to perform after installing (such as manually finishing the install, specific admin credentials, ...)
* how to configure / administrate the application if it ain't obvious
* upgrade process / specificities / things to be aware of ?
* security considerations ?
* You need a local Matrix-synapse server (Yunohost app available)
* No connection to the Yunohost LDAP

4
doc/DISCLAIMER_fr.md Normal file
View file

@ -0,0 +1,4 @@
ATTENTION : Cette passerelle requiert une configuration supplémentaire dans son fichier de configuration.
* Vous avez besoin d'un serveur local Matrix-Synapse (appli Yunohost disponible)
* Aucune connection au LDAP de Yunohost

100
manifest.json
View file

@ -1,73 +1,75 @@
{
"name": "Example app",
"id": "example",
"name": "Matrix IRC Bridge",
"id": "matrix-appservice-irc",
"packaging_format": 1,
"description": {
"en": "Explain in *a few (10~15) words* the purpose of the app or what it actually does (it is meant to give a rough idea to users browsing a catalog of 100+ apps)",
"fr": "Expliquez en *quelques* (10~15) mots l'utilité de l'app ou ce qu'elle fait (l'objectif est de donner une idée grossière pour des utilisateurs qui naviguent dans un catalogue de 100+ apps)"
"en": "Matrix bridge for IRC",
"fr": "Passerelle Matrix pour IRC"
},
"version": "1.0~ynh1",
"url": "https://example.com",
"version": "0.32.1~ynh1",
"url": "https://github.com/matrix-org/matrix-appservice-irc",
"upstream": {
"license": "free",
"website": "https://example.com",
"demo": "https://demo.example.com",
"admindoc": "https://yunohost.org/packaging_apps",
"userdoc": "https://yunohost.org/apps",
"code": "https://some.forge.com/example/example"
"website": "https://github.com/matrix-org/matrix-appservice-irc",
"admindoc": "https://matrix-org.github.io/matrix-appservice-irc/latest/bridge_setup",
"userdoc": "https://matrix-org.github.io/matrix-appservice-irc/latest/usage",
"code": "https://github.com/matrix-org/matrix-appservice-irc"
},
"license": "free",
"maintainer": {
"name": "John doe",
"email": "john.doe@example.com"
"name": "Salamandar",
"email": "felix@piedallu.me"
},
"requirements": {
"yunohost": ">= 11.0.0"
"yunohost": ">= 4.3.0"
},
"multi_instance": true,
"services": [
"nginx",
"php7.4-fpm",
"mysql"
"postgresql"
],
"arguments": {
"install": [
"install" : [
{
"name": "domain",
"type": "domain"
},
{
"name": "path",
"type": "path",
"example": "/example",
"default": "/example"
},
{
"name": "is_public",
"type": "boolean",
"default": true
},
{
"name": "language",
"name": "synapsenumber",
"type": "string",
"ask": {
"en": "Choose the application language",
"fr": "Choisissez la langue de l'application"
"en": "Choose the local Synapse instance number to communicate with matrix-appservice-irc.",
"fr": "Choisissez le numéro de l'instance Synapse qui doit communiquer avec matrix-appservice-irc."
},
"choices": ["fr", "en"],
"default": "fr"
},
{
"name": "admin",
"type": "user"
},
{
"name": "password",
"type": "password",
"example": "2 (for instance synapse__2)",
"help": {
"en": "Use the help field to add an information for the admin about this question.",
"fr": "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question."
}
"en": "If you installed Synapse only once time, then leave default value 1.",
"fr": "Si vous n'avez installé qu'une fois Synapse, gardez la valeur par défaut 1."
},
"default": "1"
},
{
"name": "botname",
"type": "string",
"ask": {
"en": "Choose a local Synapse user name for the irc bot",
"fr": "Choisissez un nom d'utilisateur Synapse local pour le robot irc"
},
"example": "ircmatrixbot",
"help": {
"en": "A system user will be created. Invite @ircmatrixbot:localsynapse.servername from an authorized Matrix account to start bridging. Give the Matrix server_name, not the full domain/URL.",
"fr": "Un utilisateur système sera créé. Inviter @ircmatrixbot:localsynapse.servername depuis un compte Matrix autorisé pour démarrer une passerelle. Donner le nom du serveur Matrix, pas le domaine/URL complet."
},
"default": "ircmatrixbot"
},
{
"name": "botadmin",
"type": "string",
"ask": {
"en": "Choose the Matrix account administrator of the irc bridge",
"fr": "Choisissez le compte Matrix administrateur de la passerelle irc"
},
"example": "@johndoe:localsynapse.servername or @johndoe:matrix.org",
"help": {
"en": "The irc bridge administrator does not need to be a local Synapse account.",
"fr": "Le compte administrateur de la passerelle irc peut ne pas être un compte local Synapse."
},
"default": "Your main Matrix account"
}
]
}

22
scripts/_common.sh
View file

@ -3,25 +3,11 @@
#=================================================
# COMMON VARIABLES
#=================================================
# PHP APP SPECIFIC
#=================================================
# Depending on its version, YunoHost uses different default PHP version:
## YunoHost version "11.X" => PHP 7.4
## YunoHost version "4.X" => PHP 7.3
#
# This behaviour can be overridden by setting the YNH_PHP_VERSION variable
#YNH_PHP_VERSION=7.3
#YNH_PHP_VERSION=7.4
#YNH_PHP_VERSION=8.0
# For more information, see the PHP application helper: https://github.com/YunoHost/yunohost/blob/dev/helpers/php#L3-L6
# Or this app package depending on PHP: https://github.com/YunoHost-Apps/grav_ynh/blob/master/scripts/_common.sh
# PHP dependencies used by the app (must be on a single line)
#php_dependencies="php$YNH_PHP_VERSION-deb1 php$YNH_PHP_VERSION-deb2"
# or, if you do not need a custom YNH_PHP_VERSION:
php_dependencies="php$YNH_DEFAULT_PHP_VERSION-deb1 php$YNH_DEFAULT_PHP_VERSION-deb2"
# dependencies used by the app (must be on a single line)
pkg_dependencies="deb1 deb2 $php_dependencies"
# dependencies used by the app
pkg_dependencies="postgresql"
nodejs_version=14
#=================================================
# PERSONAL HELPERS

50
scripts/backup
View file

@ -15,7 +15,6 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
@ -29,52 +28,20 @@ ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
synapse_instance=$(ynh_app_setting_get --app=$app --key=synapse_instance)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
ynh_print_info --message="Declaring files to be backed up..."
### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs
### to be backuped and not an actual copy of any file. The actual backup that
### creates and fill the archive with the files happens in the core after this
### script is called. Hence ynh_backups calls takes basically 0 seconds to run.
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup --src_path="$final_path"
#=================================================
# BACKUP THE DATA DIR
#=================================================
ynh_backup --src_path="$datadir" --is_big
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP THE PHP-FPM CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
@ -90,22 +57,13 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
ynh_backup --src_path="/etc/systemd/system/$app.service"
#=================================================
# BACKUP VARIOUS FILES
# BACKUP THE POSTGRESQL DATABASE
#=================================================
ynh_backup --src_path="/etc/cron.d/$app"
ynh_backup --src_path="/etc/$app/"
#=================================================
# BACKUP THE MYSQL DATABASE
#=================================================
ynh_print_info --message="Backing up the MySQL database..."
ynh_print_info --message="Backing up the PostgreSQL database..."
### (However, things like MySQL dumps *do* take some time to run, though the
### copy of the generated dump to the archive still happens later)
ynh_mysql_dump_db --database="$db_name" > db.sql
ynh_psql_dump_db --database="$db_name" > db.sql
#=================================================
# END OF SCRIPT

358
scripts/install
View file

@ -13,10 +13,6 @@ source /usr/share/yunohost/helpers
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
@ -24,45 +20,28 @@ ynh_abort_if_errors
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
language=$YNH_APP_ARG_LANGUAGE
admin=$YNH_APP_ARG_ADMIN
password=$YNH_APP_ARG_PASSWORD
### If it's a multi-instance app, meaning it can be installed several times independently
### The id of the app as stated in the manifest is available as $YNH_APP_ID
### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...)
### The app instance name is available as $YNH_APP_INSTANCE_NAME
### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
### - ynhexample__{N} for the subsequent installations, with N=3,4...
### The app instance name is probably what interests you most, since this is
### guaranteed to be unique. This is a good unique identifier to define installation path,
### db names...
synapsenumber=$YNH_APP_ARG_SYNAPSENUMBER
botname=$YNH_APP_ARG_BOTNAME
botadmin=$YNH_APP_ARG_BOTADMIN
app=$YNH_APP_INSTANCE_NAME
if [ "$synapsenumber" == "1" ]; then
synapse_instance="synapse"
else
synapse_instance="synapse__$synapsenumber"
fi
domain=$(ynh_app_setting_get --app "$synapse_instance" --key domain)
server_name=$(ynh_app_setting_get --app "$synapse_instance" --key server_name)
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
### About --weight and --time
### ynh_script_progression will show to your final users the progression of each scripts.
### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script.
### --time is a packager option, it will show you the execution time since the previous call.
### This option is implied when running in CI_package_check, you can manually add it if you are manually testing the app.
### Use the execution time displayed in the CI report or by adding --time to the command, to estimate the weight of a step.
### A common way to do it is to set a weight equal to the execution time in second +1.
### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call.
ynh_script_progression --message="Validating installation parameters..." --weight=1
### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app"
final_path=/var/www/$app
final_path=/opt/yunohost/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
#=================================================
# STORE SETTINGS FROM MANIFEST
@ -70,9 +49,18 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=language --value=$language
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=server_name --value=$server_name
ynh_app_setting_set --app=$app --key=botname --value=$botname
ynh_app_setting_set --app=$app --key=synapse_instance --value=$synapse_instance
ynh_app_setting_set --app=$app --key=botadmin --value=$botadmin
#=================================================
# SET CONSTANTS
#=================================================
enable_relaybot=true
bot_synapse_db_user="@$botname:$server_name"
synapse_db_name="matrix_$synapse_instance"
#=================================================
# STANDARD MODIFICATIONS
@ -81,37 +69,19 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
#=================================================
ynh_script_progression --message="Finding an available port..." --weight=1
### Use these lines if you have to open a port for the application
### `ynh_find_port` will find the first available port starting from the given port.
### If you're not using these lines:
### - Remove the section "CLOSE A PORT" in the remove script
# Find an available port
# Find an available port for communication between the local synapse instance (home server) and the bridge app service.
port=$(ynh_find_port --port=8095)
ynh_app_setting_set --app=$app --key=port --value=$port
# Optional: Expose this port publicly
# (N.B.: you only need to do this if the app actually needs to expose the port publicly.
# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !)
# Open the port
# ynh_script_progression --message="Configuring firewall..." --weight=1
# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=1
### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package.
### Those deb packages will be installed as dependencies of this package.
### If you're not using this helper:
### - Remove the section "REMOVE DEPENDENCIES" in the remove script
### - Remove the variable "pkg_dependencies" in _common.sh
### - As well as the section "REINSTALL DEPENDENCIES" in the restore script
### - And the section "UPGRADE DEPENDENCIES" in the upgrade script
ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=$nodejs_version
ynh_use_nodejs
#=================================================
# CREATE DEDICATED USER
@ -122,182 +92,72 @@ ynh_script_progression --message="Configuring system user..." --weight=1
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# CREATE A MYSQL DATABASE
# CREATE A POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Creating a MySQL database..." --weight=1
### Use these lines if you need a database for the application.
### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password.
### The password will be stored as 'mysqlpwd' into the app settings,
### and will be available as $db_pwd
### If you're not using these lines:
### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script
### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script
### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script
ynh_script_progression --message="Creating a PostgreSQL database..." --weight=2
db_name=$(ynh_sanitize_dbid --db_name=$app)
db_user=$db_name
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
db_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
ynh_psql_test_if_first_run
ynh_psql_setup_db --db_user=$db_name --db_name=$db_name --db_pwd=$db_pwd
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=1
ynh_script_progression --message="Setting up source files and building the app..." --weight=3
### `ynh_setup_source` is used to install an app from a zip or tar.gz file,
### downloaded from an upstream source, like a git repository.
### `ynh_setup_source` use the file conf/app.src
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
pushd "$final_path" >/dev/null || ynh_die
ynh_exec_as $app $ynh_node_load_PATH $ynh_npm i
popd >/dev/null || ynh_die
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring PHP-FPM..." --weight=1
### `ynh_add_fpm_config` is used to set up a PHP config.
### You can remove it if your app doesn't use PHP.
### `ynh_add_fpm_config` will use the files conf/php-fpm.conf
### If you're not using these lines:
### - You can remove these files in conf/.
### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script
### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script
### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script
### with the reload at the end of the script.
### - And the section "PHP-FPM CONFIGURATION" in the upgrade script
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=1
### `ynh_add_nginx_config` will use the file conf/nginx.conf
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
#=================================================
# ...
#=================================================
#=================================================
# CREATE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Creating a data directory..." --weight=1
### Use these lines if you need to create a directory to store "persistent files" for the application.
### Usually this directory is used to store uploaded files or any file that won't be updated during
### an upgrade and that won't be deleted during app removal unless "--purge" option is used.
### If you're not using these lines:
### - Remove the section "BACKUP THE DATA DIR" in the backup script
### - Remove the section "RESTORE THE DATA DIRECTORY" in the restore script
### - As well as the section "REMOVE DATA DIR" in the remove script
datadir=/home/yunohost.app/$app
ynh_app_setting_set --app=$app --key=datadir --value=$datadir
mkdir -p $datadir
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$datadir"
chmod -R o-rwx "$datadir"
chown -R $app:www-data "$datadir"
chown -R $app:$app "$final_path"
#=================================================
# ADD A CONFIGURATION
#=================================================
ynh_script_progression --message="Adding a configuration file..." --weight=1
### You can add specific configuration files.
###
### Typically, put your template conf file in ../conf/your_config_file
### The template may contain strings such as __FOO__ or __FOO_BAR__,
### which will automatically be replaced by the values of $foo and $foo_bar
###
### ynh_add_config will also keep track of the config file's checksum,
### which later during upgrade may allow to automatically backup the config file
### if it's found that the file was manually modified
###
### Check the documentation of `ynh_add_config` for more info.
ynh_add_config --template="../conf/config.yaml" --destination="$final_path/config.yaml"
ynh_store_file_checksum --file="$final_path/config.yaml"
chmod 400 "$final_path/config.yaml"
chown $app:$app "$final_path/config.yaml"
ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file"
# Generate the password encryption key
openssl genpkey -out $final_path/passkey.pem -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:2048
chmod 400 "$final_path/passkey.pem"
chown $app:$app "$final_path/passkey.pem"
# FIXME: this should be handled by the core in the future
# You may need to use chmod 600 instead of 400,
# for example if the app is expected to be able to modify its own config
chmod 400 "$final_path/some_config_file"
chown $app:$app "$final_path/some_config_file"
#=================================================
# REGISTER SYNAPSE APP-SERVICE
#=================================================
### For more complex cases where you want to replace stuff using regexes,
### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
### When doing so, you also need to manually call ynh_store_file_checksum
###
### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file"
### ynh_store_file_checksum --file="$final_path/some_config_file"
$final_path/bin/matrix-appservice-irc -r \
-c $final_path/config.yaml \
-u "http://localhost:$port" \
-f $final_path/appservice-registration-irc.yaml
ynh_store_file_checksum --file=$final_path/appservice-registration-irc.yaml
# This appservice needs it to be duplicated…
cp $final_path/appservice-registration-irc.yaml /etc/matrix-$synapse_instance/app-service/$app.yaml
/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh \
|| ynh_die "Synapse can't restart with the appservice configuration"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Configuring a systemd service..." --weight=1
### `ynh_systemd_config` is used to configure a systemd script for an app.
### It can be used for apps that use sysvinit (with adaptation) or systemd.
### Have a look at the app to be sure this app needs a systemd script.
### `ynh_systemd_config` will use the file conf/systemd.service
### If you're not using these lines:
### - You can remove those files in conf/.
### - Remove the section "BACKUP SYSTEMD" in the backup script
### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script
### - As well as the section "RESTORE SYSTEMD" in the restore script
### - And the section "SETUP SYSTEMD" in the upgrade script
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# SETUP APPLICATION WITH CURL
#=================================================
### Use these lines only if the app installation needs to be finalized through
### web forms. We generally don't want to ask the final user,
### so we're going to use curl to automatically fill the fields and submit the
### forms.
# Set the app as temporarily public for curl call
ynh_script_progression --message="Configuring SSOwat..." --weight=1
# Making the app public for curl
ynh_permission_update --permission="main" --add="visitors"
# Installation with curl
ynh_script_progression --message="Finalizing installation..." --weight=1
ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3"
# Remove the public access
ynh_permission_update --permission="main" --remove="visitors"
#=================================================
# GENERIC FINALIZATION
#=================================================
@ -305,103 +165,29 @@ ynh_permission_update --permission="main" --remove="visitors"
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=1
### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app.
### Use this helper only if there is effectively a log file for this app.
### If you're not using this helper:
### - Remove the section "BACKUP LOGROTATE" in the backup script
### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script
### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script
### - And the section "SETUP LOGROTATE" in the upgrade script
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
ynh_use_logrotate --specific_user $app/$app
chmod -R 600 "/var/log/$app"
chmod 700 "/var/log/$app"
chown -R $app:$app /var/log/$app
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
### `yunohost service add` integrates a service in YunoHost. It then gets
### displayed in the admin interface and through the others `yunohost service` commands.
### (N.B.: this line only makes sense if the app adds a service to the system!)
### If you're not using these lines:
### - You can remove these files in conf/.
### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script
### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script
### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
### Additional options starting with 3.8:
###
### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed
### which will then be checked by YunoHost's diagnosis system
### (N.B. DO NOT USE THIS is the port is only internal!!!)
###
### --test_status "some command" a custom command to check the status of the service
### (only relevant if 'systemctl status' doesn't do a good job)
###
### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service
###
### Re-calling 'yunohost service add' during the upgrade script is the right way
### to proceed if you later realize that you need to enable some flags that
### weren't enabled on old installs (be careful it'll override the existing
### service though so you should re-provide all relevant flags when doing so)
yunohost service add $app --description="$app daemon for bridging IRC and Matrix." --log="/var/log/$app/$app.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
### `ynh_systemd_action` is used to start a systemd service for an app.
### Only needed if you have configure a systemd service
### If you're not using these lines:
### - Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script
### - As well as the section "START SYSTEMD SERVICE" in the restore script
### - As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script
### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Error: No IRC servers specified."
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring Fail2Ban..." --weight=1
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1
# Make app public if necessary
if [ $is_public -eq 1 ]
then
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors"
fi
### N.B. : the following extra permissions only make sense if your app
### does have for example an admin interface or an API.
# Only the admin can access the admin panel of the app (if the app has an admin panel)
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
# Everyone can access the API part
# We don't want to display the tile in the SSO so we put --show_tile="false"
# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true"
ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
ynh_print_warn "The bridge is successfully configured but non working yet!"
ynh_print_warn "You need to edit the file $final_path/config.yaml to add IRC networks."
#=================================================
# END OF SCRIPT

82
scripts/remove
View file

@ -12,16 +12,13 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
ynh_script_progression --message="Loading installation settings..." --time --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
port=$(ynh_app_setting_get --app=$app --key=port)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
synapse_instance=$(ynh_app_setting_get --app=$app --key=synapse_instance)
#=================================================
# STANDARD REMOVE
@ -32,14 +29,14 @@ datadir=$(ynh_app_setting_get --app=$app --key=datadir)
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app service integration..." --weight=1
ynh_script_progression --message="Removing $app service integration..." --time --weight=1
yunohost service remove $app
fi
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1
ynh_script_progression --message="Stopping and removing the systemd service..." --time --weight=1
# Remove the dedicated systemd config
ynh_remove_systemd_config
@ -47,92 +44,47 @@ ynh_remove_systemd_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..." --weight=1
ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# REMOVE THE MYSQL DATABASE
# REMOVE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Removing the MySQL database..." --weight=1
ynh_script_progression --message="Removing the PostgreSQL database..." --time --weight=1
# Remove a database if it exists, along with the associated user
ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name
ynh_psql_remove_db --db_user=$db_name --db_name=$db_name
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..." --weight=1
ynh_script_progression --message="Removing app main directory..." --time --weight=1
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE DATA DIR
#=================================================
# Remove the data directory if --purge option is used
if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
then
ynh_script_progression --message="Removing app data directory..." --weight=1
ynh_secure_remove --file="$datadir"
fi
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=1
# Remove the dedicated PHP-FPM config
ynh_remove_fpm_config
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=1
ynh_script_progression --message="Removing dependencies..." --time --weight=1
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
# CLOSE A PORT
#=================================================
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $port..." --weight=1
ynh_exec_warn_less yunohost firewall disallow TCP $port
fi
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1
# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config
ynh_remove_nodejs
#=================================================
# SPECIFIC REMOVE
#=================================================
# REMOVE VARIOUS FILES
#=================================================
ynh_script_progression --message="Removing various files..." --weight=1
ynh_script_progression --message="Removing synapse app service..." --weight=6
# Remove a cron file
ynh_secure_remove --file="/etc/cron.d/$app"
ynh_secure_remove --file="/etc/matrix-$synapse_instance/app-service/$app.yaml"
# Remove a directory securely
ynh_secure_remove --file="/etc/$app"
/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh \
|| ynh_die "Synapse can't restart with the appservice configuration"
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
@ -142,7 +94,7 @@ ynh_secure_remove --file="/var/log/$app"
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..." --weight=1
ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1
# Delete a system user
ynh_system_user_delete --username=$app
@ -151,4 +103,4 @@ ynh_system_user_delete --username=$app
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Removal of $app completed" --last
ynh_script_progression --message="Removal of $app completed" --time --last

88
scripts/restore
View file

@ -15,7 +15,6 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
#### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
@ -24,22 +23,18 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
ynh_script_progression --message="Loading installation settings..." --time --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
synapse_instance=$(ynh_app_setting_get --app=$app --key=synapse_instance)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=1
ynh_script_progression --message="Validating restoration parameters..." --time --weight=1
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
@ -49,7 +44,7 @@ test ! -d $final_path \
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
@ -57,85 +52,38 @@ ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_script_progression --message="Restoring the app main directory..." --time --weight=1
ynh_restore_file --origin_path="$final_path"
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# RESTORE THE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Restoring the data directory..." --weight=1
ynh_restore_file --origin_path="$datadir" --not_mandatory
mkdir -p $datadir
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$datadir"
chmod -R o-rwx "$datadir"
chown -R $app:www-data "$datadir"
#=================================================
# RESTORE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1
ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
ynh_systemd_action --action=restart --service_name=fail2ban
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=1
ynh_script_progression --message="Reinstalling dependencies..." --time --weight=1
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
# RESTORE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the PHP-FPM configuration..." --time --weight=1
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the NGINX web server configuration..." --time --weight=1
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE THE MYSQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the MySQL database..." --weight=1
ynh_script_progression --message="Restoring the PostgreSQL database..." --time --weight=1
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
ynh_psql_test_if_first_run
ynh_psql_setup_db --db_user=$db_name --db_name=$db_name --db_pwd=$db_pwd
ynh_psql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ./db.sql
#=================================================
# RESTORE VARIOUS FILES
#=================================================
ynh_script_progression --message="Restoring various files..." --weight=1
ynh_script_progression --message="Restoring various files..." --time --weight=1
ynh_restore_file --origin_path="/etc/cron.d/$app"
@ -144,7 +92,7 @@ ynh_restore_file --origin_path="/etc/$app/"
#=================================================
# RESTORE SYSTEMD
#=================================================
ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
ynh_script_progression --message="Restoring the systemd configuration..." --time --weight=1
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet
@ -152,21 +100,21 @@ systemctl enable $app.service --quiet
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1
ynh_script_progression --message="Restoring the logrotate configuration..." --time --weight=1
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_script_progression --message="Starting a systemd service..." --time --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
@ -175,7 +123,7 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=1
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --time --weight=1
ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload
@ -184,4 +132,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --last
ynh_script_progression --message="Restoration completed for $app" --time --last

146
scripts/upgrade
View file

@ -17,22 +17,19 @@ ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
language=$(ynh_app_setting_get --app=$app --key=language)
admin=$(ynh_app_setting_get --app=$app --key=admin)
server_name=$(ynh_app_setting_get --app=$app --key=server_name)
port=$(ynh_app_setting_get --app=$app --key=port)
botname=$(ynh_app_setting_get --app=$app --key=botname)
synapse_instance=$(ynh_app_setting_get --app=$app --key=synapse_instance)
botadmin=$(ynh_app_setting_get --app=$app --key=botadmin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
#=================================================
# CHECK VERSION
#=================================================
### This helper will compare the version of the currently installed app and the version of the upstream package.
### $upgrade_type can have 2 different values
### - UPGRADE_APP if the upstream app version has changed
### - UPGRADE_PACKAGE if only the YunoHost package has changed
### ynh_check_app_version_changed will stop the upgrade if the app is up to date.
### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do.
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
@ -63,44 +60,6 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
#
# N.B. : the followings setting migrations snippets are provided as *EXAMPLES*
# of what you may want to do in some cases (e.g. a setting was not defined on
# some legacy installs and you therefore want to initiaze stuff during upgrade)
#
# If db_name doesn't exist, create it
#if [ -z "$db_name" ]; then
# db_name=$(ynh_sanitize_dbid --db_name=$app)
# ynh_app_setting_set --app=$app --key=db_name --value=$db_name
#fi
# If final_path doesn't exist, create it
#if [ -z "$final_path" ]; then
# final_path=/var/www/$app
# ynh_app_setting_set --app=$app --key=final_path --value=$final_path
#fi
### If nobody installed your app before 4.1,
### then you may safely remove these lines
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi
if ! ynh_permission_exists --permission="admin"; then
# Create the required permissions
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
fi
# Create a permission if needed
if ! ynh_permission_exists --permission="api"; then
ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
fi
#=================================================
# CREATE DEDICATED USER
#=================================================
@ -121,12 +80,6 @@ then
ynh_setup_source --dest_dir="$final_path"
fi
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
@ -137,53 +90,63 @@ chown -R $app:www-data "$final_path"
ynh_script_progression --message="Upgrading dependencies..." --weight=1
ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=$nodejs_version
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --time --weight=1
# Create a dedicated NGINX config
ynh_add_nginx_config
ynh_use_nodejs
#=================================================
# SPECIFIC UPGRADE
#=================================================
# ...
#=================================================
ynh_script_progression --message="Upgrading the app..." --weight=1
pushd "$final_path" >/dev/null || ynh_die
ynh_exec_as $app $ynh_node_load_PATH $ynh_npm i
popd >/dev/null || ynh_die
#=================================================
# UPDATE A CONFIG FILE
#=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1
configured_servers=$(python3 -c "import yaml
with open('$final_path/config.yaml') as c: c = yaml.load(c, Loader=yaml.SafeLoader)
print(yaml.dump(c['ircService']['servers']))")
### Same as during install
###
### The file will automatically be backed-up if it's found to be manually modified (because
### ynh_add_config keeps track of the file's checksum)
ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file"
ynh_add_config --template="../conf/config.yaml" --destination="$final_path/config.yaml"
# FIXME: this should be handled by the core in the future
# You may need to use chmod 600 instead of 400,
# for example if the app is expected to be able to modify its own config
chmod 400 "$final_path/some_config_file"
chown $app:$app "$final_path/some_config_file"
# Try to recover the previously configured IRC servers.
python3 -c "import yaml
with open('$final_path/config.yaml') as c: c = yaml.load(c, Loader=yaml.SafeLoader)
servers = yaml.safe_load('''$configured_servers''')
c['ircService']['servers'] = servers
print(yaml.dump(c))" > $final_path/config.yaml.temp
mv $final_path/config.yaml.temp $final_path/config.yaml
### For more complex cases where you want to replace stuff using regexes,
### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
### When doing so, you also need to manually call ynh_store_file_checksum
###
### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file"
### ynh_store_file_checksum --file="$final_path/some_config_file"
chmod 400 "$final_path/config.yaml"
chown $app:$app "$final_path/config.yaml"
#=================================================
# REGISTER SYNAPSE APP-SERVICE
#=================================================
ynh_backup_if_checksum_is_different --file=$final_path/appservice-registration-irc.yaml
$final_path/bin/matrix-appservice-irc -r \
-c $final_path/config.yaml \
-u "http://localhost:$port" \
-f $final_path/appservice-registration-irc.yaml
ynh_store_file_checksum --file=$final_path/appservice-registration-irc.yaml
# This appservice needs it to be duplicated…
cp $final_path/appservice-registration-irc.yaml /etc/matrix-$synapse_instance/app-service/$app.yaml
/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh \
|| ynh_die "Synapse can't restart with the appservice configuration"
#=================================================
# SETUP SYSTEMD
@ -201,7 +164,7 @@ ynh_add_systemd_config
ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
ynh_use_logrotate --non-append --specific_user $app/$app
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
@ -217,21 +180,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# UPGRADE FAIL2BAN
#=================================================
ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=1
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================