diff --git a/conf/config.yaml b/conf/config.yaml new file mode 100644 index 0000000..6491973 --- /dev/null +++ b/conf/config.yaml @@ -0,0 +1,361 @@ +# Homeserver details. +homeserver: + # The address that this appservice can use to connect to the homeserver. + address: https://__DOMAIN__ + # Publicly accessible base URL for media, used for avatars in relay mode. + # If not set, the connection address above will be used. + public_address: null + # The domain of the homeserver (also known as server_name, used for MXIDs, etc). + domain: __SERVER_NAME__ + + # What software is the homeserver running? + # Standard Matrix homeservers like Synapse, Dendrite and Conduit should just use "standard" here. + software: standard + # The URL to push real-time bridge status to. + # If set, the bridge will make POST requests to this URL whenever a user's discord connection state changes. + # The bridge will use the appservice as_token to authorize requests. + status_endpoint: null + # Endpoint for reporting per-message status. + message_send_checkpoint_endpoint: null + # Does the homeserver support https://github.com/matrix-org/matrix-spec-proposals/pull/2246? + async_media: __ASYNC_MEDIA__ + + # Should the bridge use a websocket for connecting to the homeserver? + # The server side is currently not documented anywhere and is only implemented by mautrix-wsproxy, + # mautrix-asmux (deprecated), and hungryserv (proprietary). + websocket: false + # How often should the websocket be pinged? Pinging will be disabled if this is zero. + ping_interval_seconds: 0 + +# Application service host/registration related details. +# Changing these values requires regeneration of the registration. +appservice: + # The address that the homeserver can use to connect to this appservice. + address: http://127.0.0.1:__PORT__ + + # The hostname and port where this appservice should listen. + hostname: 0.0.0.0 + port: __PORT__ + + # Database config. + database: + # The database type. "sqlite3-fk-wal" and "postgres" are supported. + type: postgres + # The database URI. + # SQLite: A raw file path is supported, but `file:?_txlock=immediate` is recommended. + # https://github.com/mattn/go-sqlite3#connection-string + # Postgres: Connection string. For example, postgres://user:password@host/database?sslmode=disable + # To connect via Unix socket, use something like postgres:///dbname?host=/var/run/postgresql + uri: postgres://__APP__:__DB_PWD__@localhost:5432/__DB_NAME__ + # Maximum number of connections. Mostly relevant for Postgres. + max_open_conns: 20 + max_idle_conns: 2 + # Maximum connection idle time and lifetime before they're closed. Disabled if null. + # Parsed with https://pkg.go.dev/time#ParseDuration + max_conn_idle_time: null + max_conn_lifetime: null + + # The unique ID of this appservice. + id: __APPSERVICEID__ + # Appservice bot details. + bot: + # Username of the appservice bot. + username: __BOTNAME__ + # Display name and avatar for bot. Set to "remove" to remove display name/avatar, leave empty + # to leave display name/avatar as-is. + displayname: Discord bridge bot + avatar: mxc://maunium.net/nIdEykemnwdisvHbpxflpDlC + + # Whether or not to receive ephemeral events via appservice transactions. + # Requires MSC2409 support (i.e. Synapse 1.22+). + ephemeral_events: true + + # Should incoming events be handled asynchronously? + # This may be necessary for large public instances with lots of messages going through. + # However, messages will not be guaranteed to be bridged in the same order they were sent in. + async_transactions: false + + # Authentication tokens for AS <-> HS communication. Autogenerated; do not modify. + as_token: "This value is generated when generating the registration" + hs_token: "This value is generated when generating the registration" + +# Bridge config +bridge: + # Localpart template of MXIDs for Discord users. + # {{.}} is replaced with the internal ID of the Discord user. + username_template: discord_{{.}} + # Displayname template for Discord users. This is also used as the room name in DMs if private_chat_portal_meta is enabled. + # Available variables: + # .ID - Internal user ID + # .Username - Legacy display/username on Discord + # .GlobalName - New displayname on Discord + # .Discriminator - The 4 numbers after the name on Discord + # .Bot - Whether the user is a bot + # .System - Whether the user is an official system user + # .Webhook - Whether the user is a webhook and is not an application + # .Application - Whether the user is an application + displayname_template: '{{or .GlobalName .Username}}{{if .Bot}} (bot){{end}}' + # Displayname template for Discord channels (bridged as rooms, or spaces when type=4). + # Available variables: + # .Name - Channel name, or user displayname (pre-formatted with displayname_template) in DMs. + # .ParentName - Parent channel name (used for categories). + # .GuildName - Guild name. + # .NSFW - Whether the channel is marked as NSFW. + # .Type - Channel type (see values at https://github.com/bwmarrin/discordgo/blob/v0.25.0/structs.go#L251-L267) + channel_name_template: '{{if or (eq .Type 3) (eq .Type 4)}}{{.Name}}{{else}}#{{.Name}}{{end}}' + # Displayname template for Discord guilds (bridged as spaces). + # Available variables: + # .Name - Guild name + guild_name_template: '{{.Name}}' + # Whether to explicitly set the avatar and room name for private chat portal rooms. + # If set to `default`, this will be enabled in encrypted rooms and disabled in unencrypted rooms. + # If set to `always`, all DM rooms will have explicit names and avatars set. + # If set to `never`, DM rooms will never have names and avatars set. + private_chat_portal_meta: default + + portal_message_buffer: 128 + + # Number of private channel portals to create on bridge startup. + # Other portals will be created when receiving messages. + startup_private_channel_create_limit: 5 + # Should the bridge send a read receipt from the bridge bot when a message has been sent to Discord? + delivery_receipts: false + # Whether the bridge should send the message status as a custom com.beeper.message_send_status event. + message_status_events: false + # Whether the bridge should send error notices via m.notice events when a message fails to bridge. + message_error_notices: true + # Should the bridge use space-restricted join rules instead of invite-only for guild rooms? + # This can avoid unnecessary invite events in guild rooms when members are synced in. + restricted_rooms: true + # Should the bridge automatically join the user to threads on Discord when the thread is opened on Matrix? + # This only works with clients that support thread read receipts (MSC3771 added in Matrix v1.4). + autojoin_thread_on_open: true + # Should inline fields in Discord embeds be bridged as HTML tables to Matrix? + # Tables aren't supported in all clients, but are the only way to emulate the Discord inline field UI. + embed_fields_as_tables: true + # Should guild channels be muted when the portal is created? This only meant for single-user instances, + # it won't mute it for all users if there are multiple Matrix users in the same Discord guild. + mute_channels_on_create: false + # Should the bridge update the m.direct account data event when double puppeting is enabled. + # Note that updating the m.direct event is not atomic (except with mautrix-asmux) + # and is therefore prone to race conditions. + sync_direct_chat_list: false + # Set this to true to tell the bridge to re-send m.bridge events to all rooms on the next run. + # This field will automatically be changed back to false after it, except if the config file is not writable. + resend_bridge_info: false + # Should incoming custom emoji reactions be bridged as mxc:// URIs? + # If set to false, custom emoji reactions will be bridged as the shortcode instead, and the image won't be available. + custom_emoji_reactions: true + # Should the bridge attempt to completely delete portal rooms when a channel is deleted on Discord? + # If true, the bridge will try to kick Matrix users from the room. Otherwise, the bridge only makes ghosts leave. + delete_portal_on_channel_delete: false + # Should the bridge delete all portal rooms when you leave a guild on Discord? + # This only applies if the guild has no other Matrix users on this bridge instance. + delete_guild_on_leave: true + # Whether or not created rooms should have federation enabled. + # If false, created portal rooms will never be federated. + federate_rooms: true + # Prefix messages from webhooks with the profile info? This can be used along with a custom displayname_template + # to better handle webhooks that change their name all the time (like ones used by bridges). + prefix_webhook_messages: false + # Bridge webhook avatars? + enable_webhook_avatars: true + # Should the bridge upload media to the Discord CDN directly before sending the message when using a user token, + # like the official client does? The other option is sending the media in the message send request as a form part + # (which is always used by bots and webhooks). + use_discord_cdn_upload: true + # Should mxc uris copied from Discord be cached? + # This can be `never` to never cache, `unencrypted` to only cache unencrypted mxc uris, or `always` to cache everything. + # If you have a media repo that generates non-unique mxc uris, you should set this to never. + cache_media: unencrypted + # Patterns for converting Discord media to custom mxc:// URIs instead of reuploading. + # Each of the patterns can be set to null to disable custom URIs for that type of media. + # More details can be found at https://docs.mau.fi/bridges/go/discord/direct-media.html + media_patterns: + # Should custom mxc:// URIs be used instead of reuploading media? + enabled: false + # Pattern for normal message attachments. + attachments: mxc://discord-media.mau.dev/attachments|{{.ChannelID}}|{{.AttachmentID}}|{{.FileName}} + # Pattern for custom emojis. + emojis: mxc://discord-media.mau.dev/emojis|{{.ID}}.{{.Ext}} + # Pattern for stickers. Note that animated lottie stickers will not be converted if this is enabled. + stickers: mxc://discord-media.mau.dev/stickers|{{.ID}}.{{.Ext}} + # Pattern for static user avatars. + avatars: mxc://discord-media.mau.dev/avatars|{{.UserID}}|{{.AvatarID}}.{{.Ext}} + # Settings for converting animated stickers. + animated_sticker: + # Format to which animated stickers should be converted. + # disable - No conversion, send as-is (lottie JSON) + # png - converts to non-animated png (fastest) + # gif - converts to animated gif + # webm - converts to webm video, requires ffmpeg executable with vp9 codec and webm container support + # webp - converts to animated webp, requires ffmpeg executable with webp codec/container support + target: webp + # Arguments for converter. All converters take width and height. + args: + width: 320 + height: 320 + fps: 25 # only for webm, webp and gif (2, 5, 10, 20 or 25 recommended) + # Servers to always allow double puppeting from + double_puppet_server_map: {} + # Allow using double puppeting from any server with a valid client .well-known file. + double_puppet_allow_discovery: false + # Shared secrets for https://github.com/devture/matrix-synapse-shared-secret-auth + # + # If set, double puppeting will be enabled automatically for local users + # instead of users having to find an access token and run `login-matrix` + # manually. + login_shared_secret_map: {} + + # The prefix for commands. Only required in non-management rooms. + command_prefix: '!discord' + # Messages sent upon joining a management room. + # Markdown is supported. The defaults are listed below. + management_room_text: + # Sent when joining a room. + welcome: "Hello, I'm a Discord bridge bot." + # Sent when joining a management room and the user is already logged in. + welcome_connected: "Use `help` for help." + # Sent when joining a management room and the user is not logged in. + welcome_unconnected: "Use `help` for help or `login` to log in." + # Optional extra text sent when joining a management room. + additional_help: "" + + # Settings for backfilling messages. + backfill: + # Limits for forward backfilling. + forward_limits: + # Initial backfill (when creating portal). 0 means backfill is disabled. + # A special unlimited value is not supported, you must set a limit. Initial backfill will + # fetch all messages first before backfilling anything, so high limits can take a lot of time. + initial: + dm: 0 + channel: 0 + thread: 0 + # Missed message backfill (on startup). + # 0 means backfill is disabled, -1 means fetch all messages since last bridged message. + # When using unlimited backfill (-1), messages are backfilled as they are fetched. + # With limits, all messages up to the limit are fetched first and backfilled afterwards. + missed: + dm: 0 + channel: 0 + thread: 0 + # Maximum members in a guild to enable backfilling. Set to -1 to disable limit. + # This can be used as a rough heuristic to disable backfilling in channels that are too active. + # Currently only applies to missed message backfill. + max_guild_members: -1 + + # End-to-bridge encryption support options. + # + # See https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html for more info. + encryption: + # Allow encryption, work in group chat rooms with e2ee enabled + allow: false + # Default to encryption, force-enable encryption in all portals the bridge creates + # This will cause the bridge bot to be in private chats for the encryption to work properly. + default: false + # Whether to use MSC2409/MSC3202 instead of /sync long polling for receiving encryption-related data. + appservice: false + # Require encryption, drop any unencrypted messages. + require: false + # Enable key sharing? If enabled, key requests for rooms where users are in will be fulfilled. + # You must use a client that supports requesting keys from other users to use this feature. + allow_key_sharing: false + # Should users mentions be in the event wire content to enable the server to send push notifications? + plaintext_mentions: false + # Options for deleting megolm sessions from the bridge. + delete_keys: + # Beeper-specific: delete outbound sessions when hungryserv confirms + # that the user has uploaded the key to key backup. + delete_outbound_on_ack: false + # Don't store outbound sessions in the inbound table. + dont_store_outbound: false + # Ratchet megolm sessions forward after decrypting messages. + ratchet_on_decrypt: false + # Delete fully used keys (index >= max_messages) after decrypting messages. + delete_fully_used_on_decrypt: false + # Delete previous megolm sessions from same device when receiving a new one. + delete_prev_on_new_session: false + # Delete megolm sessions received from a device when the device is deleted. + delete_on_device_delete: false + # Periodically delete megolm sessions when 2x max_age has passed since receiving the session. + periodically_delete_expired: false + # Delete inbound megolm sessions that don't have the received_at field used for + # automatic ratcheting and expired session deletion. This is meant as a migration + # to delete old keys prior to the bridge update. + delete_outdated_inbound: false + # What level of device verification should be required from users? + # + # Valid levels: + # unverified - Send keys to all device in the room. + # cross-signed-untrusted - Require valid cross-signing, but trust all cross-signing keys. + # cross-signed-tofu - Require valid cross-signing, trust cross-signing keys on first use (and reject changes). + # cross-signed-verified - Require valid cross-signing, plus a valid user signature from the bridge bot. + # Note that creating user signatures from the bridge bot is not currently possible. + # verified - Require manual per-device verification + # (currently only possible by modifying the `trust` column in the `crypto_device` database table). + verification_levels: + # Minimum level for which the bridge should send keys to when bridging messages from WhatsApp to Matrix. + receive: unverified + # Minimum level that the bridge should accept for incoming Matrix messages. + send: unverified + # Minimum level that the bridge should require for accepting key requests. + share: cross-signed-tofu + # Options for Megolm room key rotation. These options allow you to + # configure the m.room.encryption event content. See: + # https://spec.matrix.org/v1.3/client-server-api/#mroomencryption for + # more information about that event. + rotation: + # Enable custom Megolm room key rotation settings. Note that these + # settings will only apply to rooms created after this option is + # set. + enable_custom: false + # The maximum number of milliseconds a session should be used + # before changing it. The Matrix spec recommends 604800000 (a week) + # as the default. + milliseconds: 604800000 + # The maximum number of messages that should be sent with a given a + # session before changing it. The Matrix spec recommends 100 as the + # default. + messages: 100 + + # Disable rotating keys when a user's devices change? + # You should not enable this option unless you understand all the implications. + disable_device_change_key_rotation: false + + # Settings for provisioning API + provisioning: + # Prefix for the provisioning API paths. + prefix: /_matrix/provision + # Shared secret for authentication. If set to "generate", a random secret will be generated, + # or if set to "disable", the provisioning API will be disabled. + shared_secret: generate + # Enable debug API at /debug with provisioning authentication. + debug_endpoints: false + + # Permissions for using the bridge. + # Permitted values: + # relay - Talk through the relaybot (if enabled), no access otherwise + # user - Access to use the bridge to chat with a Discord account. + # admin - User level and some additional administration tools + # Permitted keys: + # * - All Matrix users + # domain - All users on that homeserver + # mxid - Specific user + permissions: + "__LISTRELAY__": "relay" + "__LISTUSER__": "user" + "__LISTADMIN__": "admin" + +# Logging config. See https://github.com/tulir/zeroconfig for details. +logging: + min_level: info + writers: + - type: stdout + format: pretty-colored + - type: file + format: json + filename: /var/log/__APP__/__APP__.log + max_size: 100 + max_backups: 10 + compress: true diff --git a/doc/POST_INSTALL.md b/doc/POST_INSTALL.md deleted file mode 100644 index f367b62..0000000 --- a/doc/POST_INSTALL.md +++ /dev/null @@ -1,7 +0,0 @@ -This is a dummy disclaimer to display after the install - -The app url is `__DOMAIN____PATH__` - -The app install dir is `__INSTALL_DIR__` - -The app id is `__ID__` diff --git a/doc/POST_UPGRADE.md b/doc/POST_UPGRADE.md deleted file mode 100644 index a58e2ae..0000000 --- a/doc/POST_UPGRADE.md +++ /dev/null @@ -1 +0,0 @@ -This is a dummy disclaimer to display after upgrades diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md deleted file mode 100644 index eb3ab3a..0000000 --- a/doc/PRE_INSTALL.md +++ /dev/null @@ -1 +0,0 @@ -This is a dummy disclaimer to display prior to the install diff --git a/doc/PRE_INSTALL_fr.md b/doc/PRE_INSTALL_fr.md deleted file mode 100644 index 4a02cd5..0000000 --- a/doc/PRE_INSTALL_fr.md +++ /dev/null @@ -1 +0,0 @@ -Ceci est un faux disclaimer à présenter avant l'installation diff --git a/doc/PRE_UPGRADE.md b/doc/PRE_UPGRADE.md deleted file mode 100644 index 780fc15..0000000 --- a/doc/PRE_UPGRADE.md +++ /dev/null @@ -1 +0,0 @@ -This is a dummy disclaimer to display prior to any upgrade diff --git a/manifest.toml b/manifest.toml index 7e00829..9e3337e 100644 --- a/manifest.toml +++ b/manifest.toml @@ -2,89 +2,81 @@ packaging_format = 2 -id = "example" -name = "Example app" -description.en = "Explain in *a few (10~15) words* the purpose of the app or what it actually does (it is meant to give a rough idea to users browsing a catalog of 100+ apps)" -description.fr = "Expliquez en *quelques* (10~15) mots l'utilité de l'app ou ce qu'elle fait (l'objectif est de donner une idée grossière pour des utilisateurs qui naviguent dans un catalogue de 100+ apps)" +id = "mautrix_discord" +name = "Matrix-Discord bridge" +description.en = "Matrix / Synapse puppeting bridge for Discord" +description.fr = "Passerelle Matrix / Synapse pour Discord" -version = "1.0~ynh1" +version = "0.6.4~ynh1" -maintainers = ["johndoe"] +maintainers = ["fflorent"] [upstream] # NB: Only the "license" key is mandatory. Remove entries for which there's no relevant data -license = "free" -website = "https://example.com" -demo = "https://demo.example.com" -admindoc = "https://yunohost.org/packaging_apps" -userdoc = "https://yunohost.org/apps" -code = "https://some.forge.com/example/example" -# FIXME: optional but recommended if relevant, this is meant to contain the Common Platform Enumeration, which is -# sort of a standard id for applications defined by the NIST. In particular, YunoHost may use this is in the future -# to easily track CVE (=security reports) related to apps. The CPE may be obtained by searching here: -# https://nvd.nist.gov/products/cpe/search. -# For example, for Nextcloud, the CPE is 'cpe:2.3:a:nextcloud:nextcloud' (no need to include the version number) -cpe = "???" +license = "AGPL-3.0-or-later" +admindoc = "https://docs.mau.fi/bridges/go/discord/index.html" +code = "https://github.com/mautrix/discord" -# FIXME: optional but recommended (or remove if irrelevant / not applicable). -# This is meant to be an URL where people can financially support this app, especially when its development is based -# on volunteers and/or financed by its community. YunoHost may later advertise it in the webadmin. -fund = "???" +fund = "https://github.com/sponsors/tulir" [integration] yunohost = ">= 11.1.21" -# FIXME: can be replaced by a list of supported archs using the dpkg --print-architecture nomenclature (amd64/i386/armhf/arm64), for example: ["amd64", "i386"] -architectures = "all" +architectures = ["amd64", "arm64", "armhf"] multi_instance = true - -# FIXME: replace with true, false, or "not_relevant". -# Not to confuse with the "sso" key: the "ldap" key corresponds to wether or not a user *can* login on the app using -# its YunoHost credentials. -ldap = "?" - -# FIXME: replace with true, false, or "not_relevant". -# Not to confuse with the "ldap" key: the "sso" key corresponds to wether or not a user is *automatically logged-in* -# on the app when logged-in on the YunoHost portal. -sso = "?" - -# FIXME: replace with an **estimate** minimum disk and RAM requirements. e.g. 20M, 400M, 1G... -disk = "50M" -ram.build = "50M" -ram.runtime = "50M" +ldap = false +sso = false +disk = "100M" +ram.build = "256M" +ram.runtime = "1024M" [install] - [install.domain] - # this is a generic question - ask strings are automatically handled by YunoHost's core - type = "domain" + [install.synapse_instance] + ask.en = "Choose the local Synapse instance to communicate with mautrix_discord." + ask.fr = "Choisissez l'instance Synapse qui doit communiquer avec mautrix_discord." + type = "app" + pattern.regexp = "synapse(__)*[0-9]*" + pattern.error = "Invalid app selected. Please select a Synapse instance." + help.en = "Usually the Synapse instances contain a number after it is installed more than one time. E.g. synapse__1 will be the second instance." + help.fr = "En général, les instances de Synapse contiennent un numéro après avoir été installées plus d'une fois. Par exemple, synapse__1 sera la deuxième instance." + default = "synapse" - [install.path] - # this is a generic question - ask strings are automatically handled by YunoHost's core - type = "path" - default = "/example" + [install.botname] + ask.en = "Choose a local Synapse user name for the Discord bot" + ask.fr = "Choisissez un nom d'utilisateur Synapse local pour le robot Discord" + type = "string" + example = "discordbot" + help.en = "A system user will be created. Invite @discordbot:localsynapse.servername from an authorized Matrix account to start bridging.Give the Matrix server_name, not the full domain/URL." + help.fr = "Un utilisateur système sera créé. Inviter @discordbot:localsynapse.servername depuis un compte Matrix autorisé pour démarrer une passerelle.Donner le nom du serveur Matrix, pas le domaine/URL complet." + default = "discordbot" - [install.init_main_permission] - # this is a generic question - ask strings are automatically handled by YunoHost's core - # This won't be saved as setting and will instead be used to initialize the SSOwat permission - type = "group" - default = "visitors" + [install.botadmin] + ask.en = "Choose the Matrix account administrator of the Discord bot" + ask.fr = "Choisissez le compte Matrix administrateur du robot Discord" + type = "string" + example = "@johndoe:localsynapse.servername or @johndoe:matrix.org" + help.en = "The administrator does not need to be a local Synapse account. Valid formats are @johndoe:localsynapse.servername or @johndoe:matrix.org" + help.fr = "L'administrateur peut ne pas être un compte local Synapse. Les formats valables sont @johndoe:localsynapse.servername or @johndoe:matrix.org" - [install.language] - ask.en = "Choose the application language" - ask.fr = "Choisissez la langue de l'application" - type = "select" - choices = ["fr", "en"] - default = "fr" + [install.botusers] + ask.en = "Choose Matrix user(s) authorized to bridge with the Discord bot." + ask.fr = "Choisissez le/les compte(s) Matrix autorisés à utiliser la passerelle Discord." + type = "string" + example = "@johndoe:server.name or server.name or *" + # FIXME this help make the installation crash when installing through the CLI. + # help.en = """A remote or local user (@johndoe:server.name),the local server (server.name), a remote server (matrix.org), or all remote/local servers (*) can be authorized. + # Give the Matrix server_name, not the full domain/URL. + # It is also possible to specify multiple values by separating them with comma. Example: @johndoe:server.name,domain.tld,matrix.org""" + # help.fr = """Un compte local ou distant (@johndoe:server.name), le serveur local (server.name), un serveur distant (matrix.org), ou tous les serveurs remote/local (*). + # Donner le nom du serveur Matrix, pas le domaine/URL complet. + # Il est également possible de spécifier plusieurs valeurs en les séparant par une virgule. Exemple : @johndoe:server.name,domain.tld,matrix.org""" - [install.admin] - # this is a generic question - ask strings are automatically handled by YunoHost's core - type = "user" - - [install.password] - # this is a generic question - ask strings are automatically handled by YunoHost's core - # Note that user-provided passwords questions are not automatically saved as setting - help.en = "Use the help field to add an information for the admin about this question." - help.fr = "Utilisez le champ aide pour ajouter une information à l'intention de l'administrateur à propos de cette question." - type = "password" + [install.bot_synapse_adm] + ask.en = "Give the Discord bot administrator rights to the Synapse instance?" + ask.fr = "Donner au robot Discord des droits administrateur à l'instance Synapse ?" + type = "boolean" + help.en = "If true, the bot can group Discord chats in a Matrix space.Not required if you set up Synapse so that non-admins are authorized to create communities." + help.fr = "Si true, le robot groupera les conversations Discord dans une communauté Matrix.Pas nécessaire si vous avez réglé Synapse pour qu'il autorise les non-admin à créer des communautés." + default = true [resources] # See the packaging documentation for the full set @@ -93,43 +85,36 @@ ram.runtime = "50M" [resources.sources] [resources.sources.main] - # This will pre-fetch the asset which can then be deployed during the install/upgrade scripts with : - # ynh_setup_source --dest_dir="$install_dir" - # You can also define other assets than "main" and add --source_id="foobar" in the previous command - url = "https://github.com/foo/bar/archive/refs/tags/v1.2.3.tar.gz" - sha256 = "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef" + in_subdir = false + extract = false + rename = "mautrix-discord" - # These infos are used by https://github.com/YunoHost/apps/blob/master/tools/autoupdate_app_sources/autoupdate_app_sources.py - # to auto-update the previous asset urls and sha256sum + manifest version - # assuming the upstream's code repo is on github and relies on tags or releases - # See the 'sources' resource documentation for more details + amd64.url = "https://github.com/mautrix/discord/releases/download/v0.6.4/mautrix-discord-amd64" + amd64.sha256 = "1510838d4128d401fceb3d92ba7571b980f06d5030bde3fdba73dd1b335a5868" + arm64.url = "https://github.com/mautrix/discord/releases/download/v0.6.4/mautrix-discord-arm64" + arm64.sha256 = "a9c33bed28763f182382110748f72bd866e90ab1bf62c90abcabe0d634f901aa" + armhf.url = "https://github.com/mautrix/discord/releases/download/v0.6.4/mautrix-discord-arm" + armhf.sha256 = "31ddf6c5ed5fc5b2ca4224e7bd1bfdc856a6da85d7422538a1e8f6f06523e7f7" - # autoupdate.strategy = "latest_github_tag" [resources.system_user] - # This will provision/deprovision a unix system user + home = "/opt/yunohost/__APP__" [resources.install_dir] - # This will create/remove the install dir as /var/www/$app - # and store the corresponding setting $install_dir - - [resources.data_dir] - # This will create/remove the data dir as /home/yunohost.app/$app - # and store the corresponding setting $data_dir + dir = "/opt/yunohost/__APP__" [resources.permissions] - # This will configure SSOwat permission for $domain/$path/ - # The initial allowed group of user is configured via the init_main_permission question (public=visitors, private=all_users) - main.url = "/" + main.allowed = "all_users" + main.auth_header = false [resources.ports] - # This will pick a random port for reverse-proxying and store it as the $port setting + main.default = 29334 [resources.apt] # This will automatically install/uninstall the following apt packages # and implicitly define the $phpversion setting as 8.0 (if phpX.Y-foobar dependencies are listed) - packages = "deb1, deb2, php8.0-foo, php8.0-bar" + packages = "postgresql" [resources.database] # This will automatically provision/deprovison a MySQL DB and store the corresponding credentials in settings $db_user, $db_name, $db_pwd - type = "mysql" + type = "postgresql" diff --git a/scripts/_common.sh b/scripts/_common.sh index 944a65e..8a31c04 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,17 +1,55 @@ #!/bin/bash -#================================================= -# COMMON VARIABLES -#================================================= +APP_BIN=mautrix-discord -#================================================= -# PERSONAL HELPERS -#================================================= +apply_permissions() { + set -o noglob # Disable globbing to avoid expansions when passing * as value. + declare values="list$role" + newValues="${!values}" # Here we expand the dynamic variable we created in the previous line. ! Does the trick + newValues="${newValues//\"}" + usersArray=(${newValues//,/ }) # Split the values using comma (,) as separator. -#================================================= -# EXPERIMENTAL HELPERS -#================================================= + if [ -n "$newValues" ] + then + #ynh_systemd_action --service_name="$app" --action=stop + # Get all entries between "permissions:" and "relay:" keys, remove the role part, remove commented parts, format it with newlines and clean whitespaces and double quotes. + allDefinedEntries=$(awk '/permissions:/{flag=1; next} /relay:/{flag=0} flag' "$install_dir/config.yaml" | sed "/: $role/d" | sed -r 's/: (admin|user|relay)//' | tr -d '[:blank:]' | sed '/^#/d' | tr -d '\"' | tr ',' '\n' ) + # Delete everything from the corresponding role to insert the new defined values. This way we also handle deletion of users. + sed -i "/permissions:/,/relay:/{/: $role/d;}" "$install_dir/config.yaml" + # Ensure that entries with value surrounded with quotes are deleted too. E.g. "users". + sed -i "/permissions:/,/relay:/{/: \"$role\"/d;}" "$install_dir/config.yaml" + for user in "${usersArray[@]}" + do + if grep -q -x "${user}" <<< "$allDefinedEntries" + then + ynh_print_info "User $user already defined in another role." + else + sed -i "/permissions:/a \ \\\"$user\": $role" "$install_dir/config.yaml" # Whitespaces are needed so that the file can be correctly parsed + fi + done + fi + set +o noglob -#================================================= -# FUTURE OFFICIAL HELPERS -#================================================= + ynh_print_info "Users with role $role added in $install_dir/config.yaml" +} + +set__listuser() { + role="user" + ynh_app_setting_set --app=$app --key=listuser --value="$listuser" + apply_permissions + ynh_store_file_checksum --file="$install_dir/config.yaml" +} + +set__listrelay() { + role="relay" + ynh_app_setting_set --app=$app --key=listrelay --value="$listrelay" + apply_permissions + ynh_store_file_checksum --file="$install_dir/config.yaml" +} + +set__listadmin() { + role="admin" + ynh_app_setting_set --app=$app --key=listadmin --value="$listadmin" + apply_permissions + ynh_store_file_checksum --file="$install_dir/config.yaml" +} diff --git a/scripts/backup b/scripts/backup index 010f6c5..251bb1b 100755 --- a/scripts/backup +++ b/scripts/backup @@ -15,43 +15,12 @@ source /usr/share/yunohost/helpers #================================================= ynh_print_info --message="Declaring files to be backed up..." -### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs -### to be backuped and not an actual copy of any file. The actual backup that -### creates and fills the archive with the files happens in the core after this -### script is called. Hence ynh_backups calls take basically 0 seconds to run. - #================================================= # BACKUP THE APP MAIN DIR #================================================= ynh_backup --src_path="$install_dir" -#================================================= -# BACKUP THE DATA DIR -#================================================= - -# Only relevant if there is a "data_dir" resource for this app -ynh_backup --src_path="$data_dir" --is_big - -#================================================= -# BACKUP THE NGINX CONFIGURATION -#================================================= - -ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" - -#================================================= -# BACKUP THE PHP-FPM CONFIGURATION -#================================================= - -ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" - -#================================================= -# BACKUP FAIL2BAN CONFIGURATION -#================================================= - -ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" - #================================================= # SPECIFIC BACKUP #================================================= @@ -67,22 +36,11 @@ ynh_backup --src_path="/etc/logrotate.d/$app" ynh_backup --src_path="/etc/systemd/system/$app.service" #================================================= -# BACKUP VARIOUS FILES +# BACKUP THE POSTGRESQL DATABASE #================================================= +ynh_print_info --message="Backing up the PostgreSQL database..." -ynh_backup --src_path="/etc/cron.d/$app" - -ynh_backup --src_path="/etc/$app/" - -#================================================= -# BACKUP THE MYSQL DATABASE -#================================================= -ynh_print_info --message="Backing up the MySQL database..." - -### (However, things like MySQL dumps *do* take some time to run, though the -### copy of the generated dump to the archive still happens later) - -ynh_mysql_dump_db --database="$db_name" > db.sql +ynh_psql_dump_db --database="$db_name" > db.sql #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 8c717e2..de4ed34 100755 --- a/scripts/install +++ b/scripts/install @@ -9,26 +9,39 @@ source _common.sh source /usr/share/yunohost/helpers -# Install parameters are automatically saved as settings -# -# Settings are automatically loaded as bash variables -# in every app script context, therefore typically these will exist: -# - $domain -# - $path -# - $language -# ... etc -# -# Resources defined in the manifest are provisioned prior to this script -# and corresponding settings are also available, such as: -# - $install_dir -# - $port -# - $db_name -# ... +# Retrieve some values from selected Synapse instance and store them +server_name=$(ynh_app_setting_get --app $synapse_instance --key server_name) +domain=$(ynh_app_setting_get --app $synapse_instance --key domain) +ynh_app_setting_set --app=$app --key=server_name --value=$server_name +ynh_app_setting_set --app=$app --key=domain --value=$domain +synapse_db_name="matrix_$synapse_instance" -# -# $app is the app id (i.e. 'example' for first install, -# or 'example__2', '__3', ... for multi-instance installs) -# +synapse_version=$(yunohost app info $synapse_instance | grep -oP "version:\s*\K.*") + +#================================================= +# SET STANDARD SETTINGS FROM DEFAULT CONFIG +#================================================= + +# Die if Synapse is too outdated (1.22.0 is required for ephemeral_events) +if dpkg --compare-versions $synapse_version lt 1.22.0; then + ynh_die --message="Unsupported Synapse version. Please upgrade." +fi + +appserviceid=$app +if dpkg --compare-versions $synapse_version ge 1.97.0; then + async_media="true" +else + async_media="false" +fi + +listrelay="*" +listadmin="$botadmin" +listuser="$botusers" + +ynh_app_setting_set --app=$app --key=async_media --value=$async_media +ynh_app_setting_set --app=$app --key=listrelay --value=$listrelay +ynh_app_setting_set --app=$app --key=listadmin --value=$listadmin +ynh_app_setting_set --app=$app --key=listuser --value=$listuser #================================================= # APP "BUILD" (DEPLOYING SOURCES, VENV, COMPILING ETC) @@ -37,16 +50,11 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 -### `ynh_setup_source` is used to install an app from a zip or tar.gz file, -### downloaded from an upstream source, like a git repository. -### `ynh_setup_source` use the file manifest.toml - +ynh_app_setting_set --app=$app --key=listuser --value=$listuser # Download, check integrity, uncompress and patch the source from manifest.toml ynh_setup_source --dest_dir="$install_dir" -# $install_dir will automatically be initialized with some decent -# permission by default ... however, you may need to recursively reapply -# ownership to all files such as after the ynh_setup_source step +chmod 750 "$install_dir/$APP_BIN" chown -R $app:www-data "$install_dir" #================================================= @@ -54,78 +62,12 @@ chown -R $app:www-data "$install_dir" #================================================= ynh_script_progression --message="Adding system configurations related to $app..." --weight=1 -### `ynh_add_fpm_config` is used to set up a PHP config. -### You can remove it if your app doesn't use PHP. -### `ynh_add_fpm_config` will use the files conf/php-fpm.conf -### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script -### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script -### with the reload at the end of the script. -### - And the section "PHP-FPM CONFIGURATION" in the upgrade script - -# Create a dedicated PHP-FPM config using the conf/php-fpm.conf or conf/extra_php-fpm.conf -ynh_add_fpm_config - -# Create a dedicated NGINX config using the conf/nginx.conf template -ynh_add_nginx_config - -### `ynh_systemd_config` is used to configure a systemd script for an app. -### It can be used for apps that use sysvinit (with adaptation) or systemd. -### Have a look at the app to be sure this app needs a systemd script. -### `ynh_systemd_config` will use the file conf/systemd.service -### If you're not using these lines: -### - You can remove those files in conf/. -### - Remove the section "BACKUP SYSTEMD" in the backup script -### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script -### - As well as the section "RESTORE SYSTEMD" in the restore script -### - And the section "SETUP SYSTEMD" in the upgrade script - -# Create a dedicated systemd config ynh_add_systemd_config -### `yunohost service add` integrates a service in YunoHost. It then gets -### displayed in the admin interface and through the others `yunohost service` commands. -### (N.B.: this line only makes sense if the app adds a service to the system!) -### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script -### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script -### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script +yunohost service add $app --description="Matrix Discord pupetting bridge for YunoHost" --log="/var/log/$app/$app.log" -yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" - -### Additional options starting with 3.8: -### -### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed -### which will then be checked by YunoHost's diagnosis system -### (N.B. DO NOT USE THIS if the port is only internal!!!) -### -### --test_status "some command" a custom command to check the status of the service -### (only relevant if 'systemctl status' doesn't do a good job) -### -### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service -### -### Re-calling 'yunohost service add' during the upgrade script is the right way -### to proceed if you later realize that you need to enable some flags that -### weren't enabled on old installs (be careful it'll override the existing -### service though so you should re-provide all relevant flags when doing so) - -### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. -### Use this helper only if there is effectively a log file for this app. -### If you're not using this helper: -### - Remove the section "BACKUP LOGROTATE" in the backup script -### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script -### - And the section "SETUP LOGROTATE" in the upgrade script - -# Use logrotate to manage application logfile(s) ynh_use_logrotate -# Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" - #================================================= # APP INITIAL CONFIGURATION #================================================= @@ -133,45 +75,24 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -### You can add specific configuration files. -### -### Typically, put your template conf file in ../conf/your_config_file -### The template may contain strings such as __FOO__ or __FOO_BAR__, -### which will automatically be replaced by the values of $foo and $foo_bar -### -### ynh_add_config will also keep track of the config file's checksum, -### which later during upgrade may allow to automatically backup the config file -### if it's found that the file was manually modified -### -### Check the documentation of `ynh_add_config` for more info. -ynh_add_config --template="some_config_file" --destination="$install_dir/some_config_file" +ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" -# FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config -chmod 400 "$install_dir/some_config_file" -chown $app:$app "$install_dir/some_config_file" +chmod 400 "$install_dir/config.yaml" +chown $app:$app "$install_dir/config.yaml" -### For more complex cases where you want to replace stuff using regexes, -### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) -### When doing so, you also need to manually call ynh_store_file_checksum -### -### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$install_dir/some_config_file" -### ynh_store_file_checksum --file="$install_dir/some_config_file" -#================================================= -# SETUP APPLICATION WITH CURL -#================================================= +# This calls allows to set multiple users during install question "botusers" specifying them separated by a comma +set__listuser +set__listrelay +set__listadmin -### Use these lines only if the app installation needs to be finalized through -### web forms. We generally don't want to ask the final user, -### so we're going to use curl to automatically fill the fields and submit the -### forms. +$install_dir/$APP_BIN -g -c $install_dir/config.yaml -r /etc/matrix-$synapse_instance/app-service/$app.yaml +/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || ynh_die --message="Synapse can't restart with the appservice configuration" -# Installation with curl -ynh_script_progression --message="Finalizing installation..." --weight=1 -ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" +chown -R $app:$app "$install_dir" +ynh_store_file_checksum --file="/etc/matrix-$synapse_instance/app-service/$app.yaml" +ynh_store_file_checksum --file="$install_dir/config.yaml" #================================================= # GENERIC FINALIZATION @@ -180,17 +101,19 @@ ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -### `ynh_systemd_action` is used to start a systemd service for an app. -### Only needed if you have configure a systemd service -### If you're not using these lines: -### - Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script -### - As well as the section "START SYSTEMD SERVICE" in the restore script -### - As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script -### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script - -# Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +# Wait until the synapse user is created +sleep 30 + +# (Note that, by default, non-admins might not have your homeserver's permission to create Spaces.) +if [ "$bot_synapse_adm" = true ] +then + ynh_psql_execute_as_root --database=$synapse_db_name --sql="UPDATE users SET admin = 1 WHERE name = ""$botname"";" +fi + +ynh_systemd_action --service_name=$app --action="restart" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index 097c3f4..c7a4c7e 100755 --- a/scripts/remove +++ b/scripts/remove @@ -9,28 +9,13 @@ source _common.sh source /usr/share/yunohost/helpers -# Settings are automatically loaded as bash variables -# in every app script context, therefore typically these will exist: -# - $domain -# - $path -# - $language -# - $install_dir -# - $port -# ... - -# For remove operations : -# - the core will deprovision every resource defined in the manifest **after** this script is ran -# this includes removing the install directory, and data directory (if --purge was used) - #================================================= # REMOVE SYSTEM CONFIGURATIONS #================================================= -# REMOVE SYSTEMD SERVICE +# REMOVE SYSTEMD SERVICE #================================================= ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 -# This should be a symetric version of what happens in the install script - # Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status $app >/dev/null then @@ -40,19 +25,10 @@ fi ynh_remove_systemd_config -ynh_remove_nginx_config - -ynh_remove_fpm_config - ynh_remove_logrotate -ynh_remove_fail2ban_config - -# Remove other various files specific to the app... such as : - -ynh_secure_remove --file="/etc/cron.d/$app" - -ynh_secure_remove --file="/etc/$app" +ynh_secure_remove --file="/etc/matrix-$synapse_instance/app-service/$app.yaml" +/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || ynh_die --message="Synapse can't restart with the appservice configuration" ynh_secure_remove --file="/var/log/$app" diff --git a/scripts/restore b/scripts/restore index e60cb7a..1291891 100755 --- a/scripts/restore +++ b/scripts/restore @@ -10,6 +10,13 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers +server_name=$(ynh_app_setting_get --app=$app --key=server_name) + +synapse_db_name="matrix_$synapse_instance" +bot_synapse_db_user="@$botname:$server_name" + +async_media=$(ynh_app_setting_get --app=$app --key=async_media) + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -17,69 +24,56 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" -# $install_dir will automatically be initialized with some decent -# permissions by default ... however, you may need to recursively reapply -# ownership to all files such as after the ynh_setup_source step chown -R $app:www-data "$install_dir" +chmod 750 "$install_dir/$APP_BIN" #================================================= -# RESTORE THE DATA DIRECTORY +# RESTORE THE POSTGRESQL DATABASE #================================================= -ynh_script_progression --message="Restoring the data directory..." --weight=1 +ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=8 -ynh_restore_file --origin_path="$data_dir" --not_mandatory +ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name -# (Same as for install dir) -chown -R $app:www-data "$data_dir" #================================================= -# RESTORE THE MYSQL DATABASE +# REGISTER SYNAPSE APP-SERVICE #================================================= -ynh_script_progression --message="Restoring the MySQL database..." --weight=1 +ynh_script_progression --message="Registering Synapse app-service" --weight=1 -ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql +$install_dir/$APP_BIN -g -c $install_dir/config.yaml -r /etc/matrix-$synapse_instance/app-service/$app.yaml +/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || ynh_die "Synapse can't restart with the appservice configuration" + +chmod 400 "$install_dir/config.yaml" +chown $app:$app "$install_dir/config.yaml" #================================================= # RESTORE SYSTEM CONFIGURATIONS #================================================= -# RESTORE THE PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 - -# This should be a symetric version of what happens in the install script - -ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_script_progression --message="Restoring system configurations related to $app..." --weight=3 ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet -yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" +yunohost service add $app --description="Matrix Discord pupetting bridge for YunoHost" --log="/var/log/$app/$app.log" ynh_restore_file --origin_path="/etc/logrotate.d/$app" -ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" -ynh_systemd_action --action=restart --service_name=fail2ban - -# Other various files... - -ynh_restore_file --origin_path="/etc/cron.d/$app" -ynh_restore_file --origin_path="/etc/$app/" - #================================================= # GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM OR THE APP SERVICE #================================================= -ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 +ynh_script_progression --message="Reloading $app's service..." --weight=1 -# Typically you only have either $app or php-fpm but not both at the same time... ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" -ynh_systemd_action --service_name=php$phpversion-fpm --action=reload - -ynh_systemd_action --service_name=nginx --action=reload +# Wait until the synapse user is created +sleep 30 +# (Note that, by default, non-admins might not have your homeserver's permission to create communities.) +if [ "$bot_synapse_adm" = true ] +then + ynh_psql_execute_as_root --database=$synapse_db_name --sql="UPDATE users SET admin = 1 WHERE name = ""$botname"";" +fi +ynh_systemd_action --service_name=$app --action="restart" #================================================= # END OF SCRIPT diff --git a/scripts/upgrade b/scripts/upgrade index ddb8ba3..073f943 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,52 +9,20 @@ source _common.sh source /usr/share/yunohost/helpers -# Settings are automatically loaded as bash variables -# in every app script context, therefore typically these will exist: -# - $domain -# - $path -# - $language -# - $install_dir -# - $port -# ... +server_name=$(ynh_app_setting_get --app=$app --key=server_name) -# In the context of upgrade, -# - resources are automatically provisioned / updated / deleted (depending on existing resources) -# - a safety backup is automatically created by the core and will be restored if the upgrade fails +synapse_db_name="matrix_$synapse_instance" +bot_synapse_db_user="@$botname:$server_name" +appserviceid=$app + +async_media=$(ynh_app_setting_get --app=$app --key=async_media) + +listrelay=$(ynh_app_setting_get --app=$app --key=listrelay) +listuser=$(ynh_app_setting_get --app=$app --key=listuser) +listadmin=$(ynh_app_setting_get --app=$app --key=listadmin) -### This helper will compare the version of the currently installed app and the version of the upstream package. -### $upgrade_type can have 2 different values -### - UPGRADE_APP if the upstream app version has changed -### - UPGRADE_PACKAGE if only the YunoHost package has changed -### ynh_check_app_version_changed will stop the upgrade if the app is up to date. -### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# STANDARD UPGRADE STEPS -#================================================= -# ENSURE DOWNWARD COMPATIBILITY -#================================================= -#ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 - -# -# N.B. : the following setting migration snippets are provided as *EXAMPLES* -# of what you may want to do in some cases (e.g. a setting was not defined on -# some legacy installs and you therefore want to initiaze stuff during upgrade) -# - -# If db_name doesn't exist, create it -#if [ -z "$db_name" ]; then -# db_name=$(ynh_sanitize_dbid --db_name=$app) -# ynh_app_setting_set --app=$app --key=db_name --value=$db_name -#fi - -# If install_dir doesn't exist, create it -#if [ -z "$install_dir" ]; then -# install_dir=/var/www/$app -# ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir -#fi - #================================================= # STOP SYSTEMD SERVICE #================================================= @@ -76,9 +44,7 @@ then ynh_setup_source --dest_dir="$install_dir" fi -# $install_dir will automatically be initialized with some decent -# permissions by default ... however, you may need to recursively reapply -# ownership to all files such as after the ynh_setup_source step +chmod 750 "$install_dir/$APP_BIN" chown -R $app:www-data "$install_dir" #================================================= @@ -86,20 +52,12 @@ chown -R $app:www-data "$install_dir" #================================================= ynh_script_progression --message="Upgrading system configurations related to $app..." --weight=1 -# This should be a literal copypaste of what happened in the install's "System configuration" section - -ynh_add_fpm_config - -ynh_add_nginx_config - ynh_add_systemd_config -yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" +yunohost service add $app --description="Matrix Discord pupetting bridge for YunoHost" --log="/var/log/$app/$app.log" ynh_use_logrotate --non-append -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" - #================================================= # RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...) #================================================= @@ -107,25 +65,40 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg #================================================= ynh_script_progression --message="Updating a configuration file..." --weight=1 -### Same as during install -### -### The file will automatically be backed-up if it's found to be manually modified (because -### ynh_add_config keeps track of the file's checksum) +# reset permissions to be able to apply_permissions with app_setting values after upgrade +listrelay_=$listrelay +listuser_=$listuser +listadmin_=$listadmin +listrelay="*" +listuser="@user:domain.tld" +listadmin="@admin:domain.tld" -ynh_add_config --template="some_config_file" --destination="$install_dir/some_config_file" +ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" -# FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config -chmod 400 "$install_dir/some_config_file" -chown $app:$app "$install_dir/some_config_file" +chmod 400 "$install_dir/config.yaml" +chown $app:$app "$install_dir/config.yaml" -### For more complex cases where you want to replace stuff using regexes, -### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) -### When doing so, you also need to manually call ynh_store_file_checksum -### -### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$install_dir/some_config_file" -### ynh_store_file_checksum --file="$install_dir/some_config_file" +listrelay=$listrelay_ +listuser=$listuser_ +listadmin=$listadmin_ + +# apply_permissions to have correct syntax in config file +set__listuser +set__listrelay +set__listadmin + +#================================================= +# REGISTER SYNAPSE APP-SERVICE +#================================================= +ynh_script_progression --message="Registering Synapse app-service" --weight=1 + +$install_dir/$APP_BIN -g -c $install_dir/config.yaml -r /etc/matrix-$synapse_instance/app-service/$app.yaml +/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || ynh_die "Synapse can't restart with the appservice configuration" + +# Set permissions on app files +chown -R $app:$app "$install_dir" +ynh_store_file_checksum --file="/etc/matrix-$synapse_instance/app-service/$app.yaml" +ynh_store_file_checksum --file="$install_dir/config.yaml" #================================================= # START SYSTEMD SERVICE