From a5dffd1a5100b2df37f5b46851e8789632fb6a38 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Thu, 26 Oct 2023 16:51:13 +0000 Subject: [PATCH 01/10] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 837bf3e..d0bb165 100644 --- a/README.md +++ b/README.md @@ -121,7 +121,7 @@ git config --local core.hooksPath .githooks * Official user documentation: * Official admin documentation: * Upstream app code repository: -* YunoHost documentation for this app: +* YunoHost Store: * Report a bug: ## Developer info diff --git a/README_fr.md b/README_fr.md index 3819d08..2006eb4 100644 --- a/README_fr.md +++ b/README_fr.md @@ -124,7 +124,7 @@ git config --local core.hooksPath .githooks * Documentation officielle utilisateur : * Documentation officielle de l’admin : * Dépôt de code officiel de l’app : -* Documentation YunoHost pour cette app : +* YunoHost Store: * Signaler un bug : ## Informations pour les développeurs From 5cdc625605887358a1969c782353f1d49b295e6e Mon Sep 17 00:00:00 2001 From: Dante Date: Mon, 13 Nov 2023 21:34:20 +0100 Subject: [PATCH 02/10] Packaging v2 --- .github/workflows/updater.sh | 29 ++++--- check_process | 35 --------- conf/app.src | 7 -- conf/systemd.service | 4 +- doc/ADMIN.md | 34 +++++++++ doc/ADMIN_fr.md | 34 +++++++++ doc/DEVELOPMENT.md | 9 +++ doc/DEVELOPMENT_fr.md | 10 +++ doc/DISCLAIMER.md | 92 ---------------------- doc/DISCLAIMER_fr.md | 92 ---------------------- doc/POST_INSTALL.md | 38 ++++++++++ doc/POST_INSTALL_fr.md | 37 +++++++++ doc/PRE_INSTALL.md | 12 +++ doc/PRE_INSTALL_fr.md | 12 +++ manifest.json | 143 ----------------------------------- manifest.toml | 133 ++++++++++++++++++++++++++++++++ scripts/_common.sh | 4 - scripts/backup | 22 +----- scripts/change_url | 134 -------------------------------- scripts/install | 128 +++++-------------------------- scripts/remove | 48 +----------- scripts/restore | 61 +++------------ scripts/upgrade | 100 +++++------------------- test.toml | 37 +++++++++ 24 files changed, 426 insertions(+), 829 deletions(-) delete mode 100644 check_process delete mode 100644 conf/app.src create mode 100644 doc/ADMIN.md create mode 100644 doc/ADMIN_fr.md create mode 100644 doc/DEVELOPMENT.md create mode 100644 doc/DEVELOPMENT_fr.md delete mode 100644 doc/DISCLAIMER.md delete mode 100644 doc/DISCLAIMER_fr.md create mode 100644 doc/POST_INSTALL.md create mode 100644 doc/POST_INSTALL_fr.md create mode 100644 doc/PRE_INSTALL.md create mode 100644 doc/PRE_INSTALL_fr.md delete mode 100644 manifest.json create mode 100644 manifest.toml delete mode 100644 scripts/change_url create mode 100644 test.toml diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh index 1abea36..8f96676 100755 --- a/.github/workflows/updater.sh +++ b/.github/workflows/updater.sh @@ -14,8 +14,8 @@ #================================================= # Fetching information -current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') -repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') +current_version=$(yq ".version" manifest.toml | cut -d '~' -f 1 -) +repo=$(yq ".upstream.code" manifest.toml | sed 's/https:\/\/github.com\///') # Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) assets="https://github.com/$repo/archive/refs/tags/$version.tar.gz" @@ -30,10 +30,10 @@ fi # Setting up the environment variables echo "Current version: $current_version" echo "Latest release from upstream: $version" -echo "VERSION=$version" >> $GITHUB_ENV -echo "REPO=$repo" >> $GITHUB_ENV +echo "VERSION=$version" >> "$GITHUB_ENV" +echo "REPO=$repo" >> "$GITHUB_ENV" # For the time being, let's assume the script will fail -echo "PROCEED=false" >> $GITHUB_ENV +echo "PROCEED=false" >> "$GITHUB_ENV" # Proceed only if the retrieved version is greater than the current one if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then @@ -72,17 +72,14 @@ else fi # Rewrite source file -cat < conf/$src.src -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME=mautrix-telegram.tar.gz -SOURCE_EXTRACT=false -EOT -echo "... conf/$src.src updated" +sed -i "s|amd64.url.*|amd64.url = \"$asset_url\"|g" manifest.toml +sed -i "s|amd64.sha256.*|amd64.sha256 = \"$checksum\"|g" manifest.toml +sed -i "s|arm64.url.*|arm64.url = \"$asset_url\"|g" manifest.toml +sed -i "s|arm64.sha256.*|arm64.sha256 = \"$checksum\"|g" manifest.toml +sed -i "s|armhf.url.*|armhf.url = \"$asset_url\"|g" manifest.toml +sed -i "s|armhf.sha256.*|armhf.sha256 = \"$checksum\"|g" manifest.toml +echo "manifest.toml assets updated" #================================================= # SPECIFIC UPDATE STEPS #================================================= @@ -133,7 +130,7 @@ yq -i '.logging.root.level = "INFO"' $configFilePath #================================================= # Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json +sed -i "s|version.*|version = \"$version~ynh1\"|g" manifest.toml # Delete temporary directory rm -rf $tempdir diff --git a/check_process b/check_process deleted file mode 100644 index 8f3e621..0000000 --- a/check_process +++ /dev/null @@ -1,35 +0,0 @@ -;; Default test serie - ; pre-install - sudo yunohost tools update - sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/ -a "domain=$domain&server_name=$server_name&is_free_registration=$is_free_registration&jitsi_server=$jitsi_server" --force - ; Manifest - port="29317" - synapsenumber="1" - botname="telegrambot" - encryption=false - botadmin="@johndoe:synapsedomain.tld" - botusers="@johndoe:synapsedomain.tld" - apiid="1234567" - apihash="tjyd5yge35lbodl1jwzw2jstp90k55qz" - bottoken="disabled" - ; Checks - pkg_linter=1 - setup_sub_dir=0 - setup_root=0 - setup_nourl=1 - setup_private=0 - setup_public=0 - upgrade=1 - upgrade=1 from_commit=dfed70e3419d23349690ea2234747ac1de2d7fb0 - # 0.11.3~ynh2 - upgrade=1 from_commit=d1892c2bdbcea8a30d4596fcd99d13f65e1ab54c - backup_restore=1 - multi_instance=1 - port_already_use=1 - change_url=0 -;;; Options -Email= -Notification=none -;;; Upgrade options - ; commit=dfed70e3419d23349690ea2234747ac1de2d7fb0 - name=0.10.2~ynh3 diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index f8487da..0000000 --- a/conf/app.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/mautrix/telegram/archive/refs/tags/v0.14.2.tar.gz -SOURCE_SUM=8071beb09970d7a337e1a1f7700ecd3f4ef774ba51f2e7199f0216883f023786 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME=mautrix-telegram.tar.gz -SOURCE_EXTRACT=false diff --git a/conf/systemd.service b/conf/systemd.service index c1efe50..d6ce26a 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -6,8 +6,8 @@ After=matrix-synapse.service Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/ -ExecStart=__FINALPATH__/bin/python3 -m mautrix_telegram +WorkingDirectory=__INSTALL_DIR__/ +ExecStart=__INSTALL_DIR__/bin/python3 -m mautrix_telegram [Install] WantedBy=multi-user.target diff --git a/doc/ADMIN.md b/doc/ADMIN.md new file mode 100644 index 0000000..0d03708 --- /dev/null +++ b/doc/ADMIN.md @@ -0,0 +1,34 @@ +## Configuration of the bridge + +The bridge is [roughly configured at installation](https://github.com/YunoHost-Apps/mautrix_telegram_ynh/blob/master/conf/config.yaml), e.g. allowed admin and user of the bot. Finer configuration can be done by modifying the +following configuration file with SSH: +```/opt/yunohost/mautrix_telegram/config.yaml``` +and then restarting the mautrix_telegram service. + +#### End-to-bridge encryption + +The bridge can optionally encrypt messages between Matrix users and the bridge to hide messages from the homeserver. Using Postgres is strongly recommended when using end-to-bridge encryption. +If you want to enable it, look for the option ```bridge: encryption``` in the config file. If you only set ```allow: true```, the bridge won't enable encryption on its own, but will work in encrypted rooms. If you set ```default: true```, the bridge will automatically enable encryption in new portals. + +There is also the possibility to set ```require: true``` to enforce encryption on any of the messages that you send (this will drop any unencrypted messages). + +## Documentation + +* Official "Mautrix-Telegram" documentation: https://docs.mau.fi/bridges/python/telegram/index.html +* Matrix room (Matrix Bridges in Yunohost): #mautrix_yunohost:matrix.fdn.fr +* Matrix room (upstream app): #telegram:maunium.net + In case you need to upload your logs somewhere, be aware that they contain your contacts' and your phone numbers. Strip them out with + ``| sed -r 's/[0-9]{10,}/📞/g' `` +* "Mautrix-Telegram" bridge is based on the [telegram daemon](https://gitlab.com/telegramd/telegramd) project. +* YunoHost documentation: If more specific documentation is needed, feel free to contribute. + +## Troubleshooting + +* Check the spelling of the bot name! +* For slow servers it might be necessary to run ``systemctl edit mautrix_telegram.service`` (also for `coturn.service` and `coturn-synapse.service`) and insert +``` +[Service] +ExecStartPre=/bin/sleep 90 +``` +such that it is ensured that synapse is running before the bridge tries to connect. +(If it worked after installation but broke after a restart this probably is it.) \ No newline at end of file diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md new file mode 100644 index 0000000..0a36eef --- /dev/null +++ b/doc/ADMIN_fr.md @@ -0,0 +1,34 @@ +### Configuration de la passerelle + +La passerelle est [configurée avec les paramètres standards adaptés pour votre YunoHost et l'instance Matrix-Synapse sélectionnée](https://github.com/YunoHost-Apps/mautrix_telegram_ynh/blob/master/conf/config.yaml). Vous pouvez par exemple ajouter des administrateur.ice.s et utilisateur.ice.s du Robot autorisés en modifiant le fichier de configuration par liaison SSH: +``` sudo nano /opt/yunohost/mautrix_whatsapp/config.yaml``` +puis en redémarrant le service: +``` sudo yunohost service restart mautrix_whatsapp``` + +#### Cryptage End-to-bridge + +Le robot peut éventuellement chiffrer les messages entre les utilisateurs de Matrix et la passarelle pour cacher les messages du serveur domestique. L'utilisation de Postgres est fortement recommandée lors de l'utilisation du chiffrement end-to-bridge. +Si vous voulez l'activer, cherchez l'option ```bridge: encryption``` dans le fichier de configuration. Si vous définissez uniquement l'option ``allow: true``, le robot n'activera pas le chiffrement de lui-même, mais travaillera dans les portails chiffrés. Si vous définissez ```default: true```, la passerelle activera automatiquement le chiffrement dans les nouveaux portails. + +Il y a également la possibilité de définir ```require: true``` pour imposer le chiffrement sur tous les messages que vous envoyez (cela interdira tous les messages non chiffrés). + +## Documentation + +* Documentation officielle "Mautrix-Telegram" : https://docs.mau.fi/bridges/python/telegram/index.html +* Matrix room (Matrix Bridges dans Yunohost) : #mautrix_yunohost:matrix.fdn.fr +* Salle Matrix (upstream app) : #telegram:maunium.net + Au cas où vous devriez télécharger vos logs quelque part, sachez qu'ils contiennent vos contacts et vos numéros de téléphone. Supprimez-les avec + ``| sed -r 's/[0-9]{10,}/??/g' `` +* La passarelle "Mautrix-Telegram" est basé sur le projet [telegram daemon](https://gitlab.com/telegramd/telegramd). +* Documentation de YunoHost : Si une documentation plus spécifique est nécessaire, n'hésitez pas à y contribuer. + +## Résolution de problèmes + +* Vérifier l'orthographe du nom du bot ! +* Pour les serveurs lents, il peut être nécessaire de lancer ``systemctl edit mautrix_telegram.service`` (également pour `coturn.service` et `coturn-synapse.service`) et d'insérer +``` +[Service] +ExecStartPre=/bin/sleep 90 +``` +de telle sorte qu'il soit assuré que synapse est en cours d'exécution avant que la passerelle n'essaie de se connecter. +(Si cela a fonctionné après l'installation mais s'est arrêté après un redémarrage, c'est probablement cela). \ No newline at end of file diff --git a/doc/DEVELOPMENT.md b/doc/DEVELOPMENT.md new file mode 100644 index 0000000..cf74fbd --- /dev/null +++ b/doc/DEVELOPMENT.md @@ -0,0 +1,9 @@ +## Development code quality + +The `.github/workflows/updater.sh` script needs to be synced with changes in `conf/config.yaml` therefore a `pre-commit` +hook is used to display a reminder to update `.github/workflows/updater.sh` (if needed) when `conf/config.yaml` has been modified. + +Please enable Git hooks using following command to ensure code quality and stability. +``` bash +git config --local core.hooksPath .githooks +``` \ No newline at end of file diff --git a/doc/DEVELOPMENT_fr.md b/doc/DEVELOPMENT_fr.md new file mode 100644 index 0000000..11bd6c0 --- /dev/null +++ b/doc/DEVELOPMENT_fr.md @@ -0,0 +1,10 @@ +## Development code quality + +Le script `.github/workflows/updater.sh` doit être synchronisé avec les changements dans `conf/config.yaml`, +donc un hook `pre-commit` est utilisé pour afficher un rappel pour mettre à jour +`.github/workflows/updater.sh` (si nécessaire) lorsque `conf/config.yaml` a été modifié. + +Veuillez activer les hooks Git en utilisant la commande suivante pour assurer la qualité et la stabilité du code. +``` bash +git config --local core.hooksPath .githooks +``` \ No newline at end of file diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md deleted file mode 100644 index 004b659..0000000 --- a/doc/DISCLAIMER.md +++ /dev/null @@ -1,92 +0,0 @@ -## List of known public services - -* Ask on one of the following rooms: #mautrix_yunohost:matrix.fdn.fr or #telegram:maunium.net - -## Bridging usage -** Note that several Telegram and Matrix users can be bridged, each Telegram account has its own bot administration room. If they are in a same Telegram group, only one matrix room will be created. ** - -### Bridge a Telegram user and a Matrix user -* First your Matrix user or Synapse Server has to be authorized in the Configuration of the bridge (see below) -* Then, invite the bot (default @telegrambot:yoursynapse.domain) in this new Mautrix-Telegram bot administration room. - * If the Bot does bot accept, see the [troubleshooting page](https://docs.mau.fi/bridges/general/troubleshooting.html) -* Send ``!tg help`` to the bot in the created room to know how to control the bot. -See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/telegram/authentication.html) - -#### Logging into Telegram account -* Type ``login`` or ``login-qr`` (untested) in main management room (`!tg` in any bridge room) -* follow setup instructions from bot -* By defaults, only conversations with very recent messages and groups will be suggested to be bridged -* Accept invitations to the bridged chat rooms - -#### Registering the Bridge as a primary device (untested) -* Type ``!tg register ``, where ```` is your phone number in the internation format with no space, e.g. ``!tg register +33612345678`` -* Answer in the bot room with the verification code that you reveived in SMS. -* Set a profile name with ``!tg set-profile-name `` - -### Double puppeting -* Log in with ``login-matrix `` -* After logging in, the default Matrix puppet of your Telegram account should leave rooms and your account should join all rooms the puppet was in automatically. - - -### Relaybot: Bridge a group for several Matrix and several Telegram users to chat together -* see https://docs.mau.fi/bridges/python/telegram/relay-bot.html - -## Configuration of the bridge - -The bridge is [roughly configured at installation](https://github.com/YunoHost-Apps/mautrix_telegram_ynh/blob/master/conf/config.yaml), e.g. allowed admin and user of the bot. Finer configuration can be done by modifying the -following configuration file with SSH: -```/opt/yunohost/mautrix_telegram/config.yaml``` -and then restarting the mautrix_telegram service. - -#### End-to-bridge encryption - -The bridge can optionally encrypt messages between Matrix users and the bridge to hide messages from the homeserver. Using Postgres is strongly recommended when using end-to-bridge encryption. -If you want to enable it, look for the option ```bridge → encryption``` in the config file. If you only set ```allow: true```, the bridge won't enable encryption on its own, but will work in encrypted rooms. If you set ```default: true```, the bridge will automatically enable encryption in new portals. - -There is also the possibility to set ```require: true``` to enforce encryption on any of the messages that you send (this will drop any unencrypted messages). - -## Documentation - - * Official "Mautrix-Telegram" documentation: https://docs.mau.fi/bridges/python/telegram/index.html - * Matrix room (Matrix Bridges in Yunohost): #mautrix_yunohost:matrix.fdn.fr - * Matrix room (upstream app): #telegram:maunium.net -In case you need to upload your logs somewhere, be aware that they contain your contacts' and your phone numbers. Strip them out with -``| sed -r 's/[0-9]{10,}/📞/g' `` - * "Mautrix-Telegram" bridge is based on the [telegram daemon](https://gitlab.com/telegramd/telegramd) project. - * YunoHost documentation: If more specific documentation is needed, feel free to contribute. - -## YunoHost specific features - -#### Multi-user support - -* Bot users are not related to Yunohost users. Any Matrix account or Synapse server autorized in the configuration of the bridge can invite/use the bot. -* The Telegram bot is a local Matrix-Synapse user, but accessible through federation (synapse public or private). -* Several Telegram and Matrix users can be bridged with one bridge, each user has its own bot administration room. -* If several bot users are in a same Telegram group, only one Matrix room will be created by the bridge. -* See https://github.com/YunoHost-Apps/synapse_ynh#multi-users-support - -#### Multi-instance support - -* Multi-instance installation should work. Several bridge instances could be installed for one Matrix-Synapse instance so that one Matrix user can bridge several Telegram accounts. -* Several bridge instances could be installed for each Matrix-Synapse instance to benefit from it. But one bridge can be used by users from several Matrix-Synapse instances. - -## Troubleshooting - -* Check the spelling of the bot name! -* For slow servers it might be necessary to run ``systemctl edit mautrix_telegram.service`` (also for `coturn.service` and `coturn-synapse.service`) and insert -``` -[Service] -ExecStartPre=/bin/sleep 90 -``` -such that it is ensured that synapse is running before the bridge tries to connect. -(If it worked after installation but broke after a restart this probably is it.) - -## Development code quality - -The `.github/workflows/updater.sh` script needs to be synced with changes in `conf/config.yaml` therefore a `pre-commit` -hook is used to display a reminder to update `.github/workflows/updater.sh` (if needed) when `conf/config.yaml` has been modified. - -Please enable Git hooks using following command to ensure code quality and stability. -``` bash -git config --local core.hooksPath .githooks -``` diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md deleted file mode 100644 index e55f34f..0000000 --- a/doc/DISCLAIMER_fr.md +++ /dev/null @@ -1,92 +0,0 @@ -## Liste de passerelles publiques - -* Demandez sur un des salons suivants: #mautrix_yunohost:matrix.fdn.fr ou #telegram:maunium.net - -## Usages de la passerelle -** Notez que plusieurs comptes Telegram et Matrix peuvent être pontés, chaque compte Telegram connecté a son propre Salon d'Administration. Si plusieurs utilisateur.ice.s du Robot sont dans un même groupe Signal, seul un Salon Matrix sera créé par la passerelle. ** - -### Bridge a Telegram user and a Matrix user -* First your Matrix user or Synapse Server has to be authorized in the Configuration of the bridge (see below) -* Then, invite the bot (default @telegrambot:yoursynapse.domain) in this new Mautrix-Telegram bot administration room. - * If the Bot does bot accept, see the [troubleshooting page](https://docs.mau.fi/bridges/general/troubleshooting.html) -* Send ``!tg help`` to the bot in the created room to know how to control the bot. -See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/telegram/authentication.html) - -#### Logging into Telegram account -* Type ``login`` or ``login-qr`` (untested) in main management room (`!tg` in any bridge room) -* follow setup instructions from bot -* By defaults, only conversations with very recent messages and groups will be suggested to be bridged -* Accept invitations to the bridged chat rooms - -#### Registering the Bridge as a primary device (untested) -* Type ``!tg register ``, where ```` is your phone number in the internation format with no space, e.g. ``!tg register +33612345678`` -* Answer in the bot room with the verification code that you reveived in SMS. -* Set a profile name with ``!tg set-profile-name `` - -### Double puppeting -* Log in with ``login-matrix `` -* After logging in, the default Matrix puppet of your Telegram account should leave rooms and your account should join all rooms the puppet was in automatically. - - -### Relaybot: Bridge a group for several Matrix and several Telegram users to chat together -* see https://docs.mau.fi/bridges/python/telegram/relay-bot.html - -### Configuration de la passerelle - -La passerelle est [configurée avec les paramètres standards adaptés pour votre YunoHost et l'instance Matrix-Synapse sélectionnée](https://github.com/YunoHost-Apps/mautrix_telegram_ynh/blob/master/conf/config.yaml). Vous pouvez par exemple ajouter des administrateur.ice.s et utilisateur.ice.s du Robot autorisés en modifiant le fichier de configuration par liaison SSH: -``` sudo nano /opt/yunohost/mautrix_whatsapp/config.yaml``` -puis en redémarrant le service: -``` sudo yunohost service restart mautrix_whatsapp``` - -#### End-to-bridge encryption - -Le robot peut éventuellement chiffrer les messages entre les utilisateurs de Matrix et la passarelle pour cacher les messages du serveur domestique. L'utilisation de Postgres est fortement recommandée lors de l'utilisation du chiffrement end-to-bridge. -Si vous voulez l'activer, cherchez l'option ```bridge → encryption``` dans le fichier de configuration. Si vous définissez uniquement l'option ``allow: true``, le robot n'activera pas le chiffrement de lui-même, mais travaillera dans les portails chiffrés. Si vous définissez ```default: true```, la passerelle activera automatiquement le chiffrement dans les nouveaux portails. - -Il y a également la possibilité de définir ```require: true``` pour imposer le chiffrement sur tous les messages que vous envoyez (cela interdira tous les messages non chiffrés). - -## Documentation - - * Official "Mautrix-Telegram" documentation: https://docs.mau.fi/bridges/python/telegram/index.html - * Matrix room (Matrix Bridges in Yunohost): #mautrix_yunohost:matrix.fdn.fr - * Matrix room (upstream app): #telegram:maunium.net -In case you need to upload your logs somewhere, be aware that they contain your contacts' and your phone numbers. Strip them out with -``| sed -r 's/[0-9]{10,}/??/g' `` - * "Mautrix-Telegram" bridge is based on the [telegram daemon](https://gitlab.com/telegramd/telegramd) project. - * YunoHost documentation: If more specific documentation is needed, feel free to contribute. - -## Caractéristiques spécifiques YunoHost - -#### Support multi-comptes -* Bot users are not related to Yunohost users. Any Matrix account or Synapse server autorized in the configuration of the bridge can invite/use the bot. -* The Telegram bot is a local Matrix-Synapse user, but accessible through federation (synapse public or private). -* Several Telegram and Matrix users can be bridged with one bridge, each user has its own bot administration room. -* If several bot users are in a same Telegram group, only one Matrix room will be created by the bridge. -* See https://github.com/YunoHost-Apps/synapse_ynh#multi-users-support - -#### Support multi-instance - -* Multi-instance installation should work. Several bridge instances could be installed for one Matrix-Synapse instance so that one Matrix user can bridge several Telegram accounts. -* Several bridge instances could be installed for each Matrix-Synapse instance to benefit from it. But one bridge can be used by users from several Matrix-Synapse instances. - -## Troubleshooting - -* Check the spelling of the bot name! -* For slow servers it might be necessary to run ``systemctl edit mautrix_telegram.service`` (also for `coturn.service` and `coturn-synapse.service`) and insert -``` -[Service] -ExecStartPre=/bin/sleep 90 -``` -such that it is ensured that synapse is running before the bridge tries to connect. -(If it worked after installation but broke after a restart this probably is it.) - -## Development code quality - -Le script `.github/workflows/updater.sh` doit être synchronisé avec les changements dans `conf/config.yaml`, -donc un hook `pre-commit` est utilisé pour afficher un rappel pour mettre à jour -`.github/workflows/updater.sh` (si nécessaire) lorsque `conf/config.yaml` a été modifié. - -Veuillez activer les hooks Git en utilisant la commande suivante pour assurer la qualité et la stabilité du code. -``` bash -git config --local core.hooksPath .githooks -``` diff --git a/doc/POST_INSTALL.md b/doc/POST_INSTALL.md new file mode 100644 index 0000000..07f771e --- /dev/null +++ b/doc/POST_INSTALL.md @@ -0,0 +1,38 @@ +## List of known public services + +* Ask on one of the following rooms: #mautrix_yunohost:matrix.fdn.fr or #telegram:maunium.net + +## Bridging usage + +** Note that several Telegram and Matrix users can be bridged, each Telegram account has its own bot administration room. If they are in a same Telegram group, only one matrix room will be created. ** + +### Bridge a Telegram user and a Matrix user + +* First your Matrix user or Synapse Server has to be authorized in the Configuration of the bridge (see below) +* Then, invite the bot (default @telegrambot:yoursynapse.domain) in this new Mautrix-Telegram bot administration room. + * If the Bot does bot accept, see the [troubleshooting page](https://docs.mau.fi/bridges/general/troubleshooting.html) +* Send ``!tg help`` to the bot in the created room to know how to control the bot. + See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/telegram/authentication.html) + +#### Logging into Telegram account + +* Type ``login`` or ``login-qr`` (untested) in main management room (`!tg` in any bridge room) +* Follow setup instructions from bot +* By defaults, only conversations with very recent messages and groups will be suggested to be bridged +* Accept invitations to the bridged chat rooms + +#### Registering the Bridge as a primary device (untested) + +* Type ``!tg register ``, where ```` is your phone number in the internation format with no space, e.g. ``!tg register +33612345678`` +* Answer in the bot room with the verification code that you reveived in SMS. +* Set a profile name with ``!tg set-profile-name `` + +### Double puppeting + +* Log in with ``login-matrix `` +* After logging in, the default Matrix puppet of your Telegram account should leave rooms and your account should join all rooms the puppet was in automatically. + + +### Relaybot: Bridge a group for several Matrix and several Telegram users to chat together + +* See https://docs.mau.fi/bridges/python/telegram/relay-bot.html \ No newline at end of file diff --git a/doc/POST_INSTALL_fr.md b/doc/POST_INSTALL_fr.md new file mode 100644 index 0000000..eb14292 --- /dev/null +++ b/doc/POST_INSTALL_fr.md @@ -0,0 +1,37 @@ +## Liste de passerelles publiques + +* Demandez sur un des salons suivants: #mautrix_yunohost:matrix.fdn.fr ou #telegram:maunium.net + +## Usages de la passerelle + +** Notez que plusieurs comptes Telegram et Matrix peuvent être pontés, chaque compte Telegram connecté a son propre Salon d'Administration. Si plusieurs utilisateur.ice.s du Robot sont dans un même groupe Signal, seul un Salon Matrix sera créé par la passerelle. ** + +### Passerelle entre un utilisateur Telegram et un utilisateur Matrix + +* Tout d'abord, votre utilisateur Matrix ou votre serveur Synapse doit être autorisé dans la configuration de la passerelle (voir ci-dessous). +* Ensuite, invitez le bot (par défaut @telegrambot:yoursynapse.domain) dans cette nouvelle salle d'administration du bot Mautrix-Telegram. + * Si le bot n'accepte pas, voir la [page de résolution des problèmes] (https://docs.mau.fi/bridges/general/troubleshooting.html) +* Envoyez ``!tg help`` au bot dans la salle créée pour savoir comment contrôler le bot. + Voir aussi [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/telegram/authentication.html) + +#### Connexion au compte Telegram + +* Tapez ``login`` ou ``login-qr`` (non testé) dans la salle de gestion principale (`!tg` dans n'importe quelle salle de bridge). +* Suivre les instructions d'installation du bot +* Par défaut, seules les conversations avec des messages et des groupes très récents seront suggérées pour être reliées. +* Accepter les invitations dans les salles de chat pontées + +#### Enregistrer le Bridge en tant qu'appareil primaire (non testé) + +* Tapez ``!tg register ``, où ```` est votre numéro de téléphone au format international sans espace, par exemple ``!tg register +33612345678``. +* Répondez dans le bot room avec le code de vérification que vous avez reçu par SMS. +* Définissez un nom de profil avec ``!tg set-profile-name `` + +### Double puppeting + +* Connectez-vous avec ``login-matrix `` +* Après s'être connecté, la marionnette Matrix par défaut de votre compte Telegram devrait quitter les salles et votre compte devrait rejoindre toutes les salles dans lesquelles la marionnette se trouvait automatiquement. + +### Relaybot : Créer un groupe pour que plusieurs utilisateurs de Matrix et de Telegram puissent chatter ensemble. + +* Voir https://docs.mau.fi/bridges/python/telegram/relay-bot.html \ No newline at end of file diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md new file mode 100644 index 0000000..a9f03d1 --- /dev/null +++ b/doc/PRE_INSTALL.md @@ -0,0 +1,12 @@ +#### Multi-user support + +* Bot users are not related to Yunohost users. Any Matrix account or Synapse server autorized in the configuration of the bridge can invite/use the bot. +* The Telegram bot is a local Matrix-Synapse user, but accessible through federation (synapse public or private). +* Several Telegram and Matrix users can be bridged with one bridge, each user has its own bot administration room. +* If several bot users are in a same Telegram group, only one Matrix room will be created by the bridge. +* See https://github.com/YunoHost-Apps/synapse_ynh#multi-users-support + +#### Multi-instance support + +* Multi-instance installation should work. Several bridge instances could be installed for one Matrix-Synapse instance so that one Matrix user can bridge several Telegram accounts. +* Several bridge instances could be installed for each Matrix-Synapse instance to benefit from it. But one bridge can be used by users from several Matrix-Synapse instances. \ No newline at end of file diff --git a/doc/PRE_INSTALL_fr.md b/doc/PRE_INSTALL_fr.md new file mode 100644 index 0000000..4d4af28 --- /dev/null +++ b/doc/PRE_INSTALL_fr.md @@ -0,0 +1,12 @@ +#### Support multi-comptes + +* Les utilisateurs du bot ne sont pas liés aux utilisateurs de Yunohost. Tout compte Matrix ou serveur Synapse autorisé dans la configuration du pont peut inviter/utiliser le bot. +* Le bot Telegram est un utilisateur local de Matrix-Synapse, mais accessible par fédération (synapse public ou privé). +* Plusieurs utilisateurs de Telegram et de Matrix peuvent être reliés par une passerelle, chaque utilisateur dispose de sa propre salle d'administration du bot. +* Si plusieurs utilisateurs de bot font partie d'un même groupe Telegram, une seule salle Matrix sera créée par la passerelle. +* Voir https://github.com/YunoHost-Apps/synapse_ynh#multi-users-support + +#### Support multi-instance + +* L'installation multi-instances devrait fonctionner. Plusieurs instances de passerelle pourraient être installées pour une instance de Matrix-Synapse afin qu'un utilisateur de Matrix puisse faire la passerelle entre plusieurs comptes Telegram. +* Plusieurs instances de passerelle pourraient être installées pour chaque instance de Matrix-Synapse afin d'en bénéficier. Mais une seule passerelle peut être utilisée par les utilisateurs de plusieurs instances de Matrix-Synapse. \ No newline at end of file diff --git a/manifest.json b/manifest.json deleted file mode 100644 index 933360d..0000000 --- a/manifest.json +++ /dev/null @@ -1,143 +0,0 @@ -{ - "name": "Matrix-Telegram bridge", - "id": "mautrix_telegram", - "packaging_format": 1, - "description": { - "en": "Telegram puppeting bridge for Matrix/Synapse", - "fr": "Passerelle Telegram pour Matrix/Synapse" - }, - "version": "0.14.2~ynh1", - "url": "https://docs.mau.fi/bridges/python/telegram/index.html", - "upstream": { - "license": "AGPL-3.0-or-later", - "website": "https://docs.mau.fi/bridges/python/telegram/index.html", - "admindoc": "https://github.com/YunoHost-Apps/mautrix_telegram_ynh", - "userdoc": "https://docs.mau.fi/bridges/python/telegram/management-commands.html", - "code": "https://github.com/mautrix/telegram" - }, - "license": "AGPL-3.0-or-later", - "maintainer": { - "name": "", - "email": "" - }, - "requirements": { - "yunohost": ">= 11.0.0" - }, - "multi_instance": true, - "services": [], - "arguments": { - "install": [ - { - "name": "synapsenumber", - "type": "string", - "ask": { - "en": "Choose the local synapse instance number to communicate with mautrix_telegram", - "fr": "Choisissez le numéro de l'instance synapse qui doit communiquer avec mautrix_telegram" - }, - "example": "2 (for instance synapse__2)", - "help": { - "en": "If you installed synapse only once time, then leave default value 1.", - "fr": "Si vous n'avez installé qu'une fois synapse, gardez la valeur par défaut 1." - }, - "default": "1" - }, - { - "name": "botname", - "type": "string", - "ask": { - "en": "Choose a local synapse user name for the Telegram bot", - "fr": "Choisissez un nom d'utilisateur synapse local pour le robot Telegram" - }, - "example": "telegrambot", - "help": { - "en": "A system user will be created. Invite @telegrambot:localsynapse.servername from an authorized Matrix account to start bridging. Give the matrix server_name, not the full domain/url.", - "fr": "Un utilisateur système sera créé. Inviter @telegrambot:localsynapse.servername depuis un compte Matrix autorisé pour démarrer une passerelle. Donner le nom du serveur matrix, pas le domaine/url complet." - }, - "default": "telegrambot" - }, - { - "name": "encryption", - "type": "boolean", - "ask": { - "en": "Enable end-to-bridge encryption?", - "fr": "Activer le chiffrement entre Synapse et le bridge ?" - }, - "help": { - "en": "Only activate if you know the prerequisites and constraints related to e2b. See more: https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html", - "fr": "N'activer que si vous connaissez les prérequis et constraintes liées à e2b. Voir aussi : https://docs.mau.fi/bridges/general/end-to-bridge-encryption.html" - }, - "default": false - }, - { - "name": "botadmin", - "type": "string", - "ask": { - "en": "Choose the Matrix account administrator of the Telegram bot; admin permission", - "fr": "Choisissez le compte Matrix administrateur du robot Telegram" - }, - "example": "@johndoe:localsynapse.servername or @johndoe:matrix.org", - "help": { - "en": "The Telegram bot administrator does not need to be a local synapse account.", - "fr": "Le compte administrateur du robot Telegram peut ne pas être un compte local synapse." - }, - "default": "" - }, - { - "name": "botusers", - "type": "string", - "ask": { - "en": "Choose Matrix user(s) authorized to bridge with the Telegram bot; puppeting permission", - "fr": "Choisissez le/les compte(s) Matrix autorisés à utiliser le robot Telegram" - }, - "example": "local or @johndoe:server.name or server.name or *", - "default": "local", - "help": { - "en": "All local synapse users (local), a remote or local user (@johndoe:server.name), a remote server (matrix.org), or all remote/local servers (*) can be authorized. Give the matrix server_name, not the full domain/url.", - "fr": "On peut autoriser tous les comptes synapse locaux (local), un compte local ou distant (@johndoe:server.name), un serveur distant (matrix.org), ou tous les serveurs remote/local (*). Donner le nom du serveur matrix, pas le domaine/url complet." - } - }, - { - "name": "apiid", - "type": "string", - "ask": { - "en": "Telegram API keys (https://my.telegram.org/apps): ID", - "fr": "TODO" - }, - "example": "1234567", - "default": "", - "help": { - "en": "Get your own API keys at https://my.telegram.org/apps", - "fr": "Obtenez vos propres clés API sur https://my.telegram.org/apps" - } - }, - { - "name": "apihash", - "type": "string", - "ask": { - "en": "Telegram API keys (https://my.telegram.org/apps): Hash", - "fr": "Clés API Telegram (https://my.telegram.org/apps) : Hash" - }, - "example": "tjyd5yge35lbodk1xwzw2jstp90k55qz", - "default": "", - "help": { - "en": "Get your own API keys at https://my.telegram.org/apps", - "fr": "TODO" - } - }, - { - "name": "bottoken", - "type": "string", - "ask": { - "en": "Telegram bot token (optional)", - "fr": "Jeton de bot de Telegram (facultatif) " - }, - "example": "disabled", - "default": "disabled", - "help": { - "en": "Create your own telegram bot.", - "fr": "Créez votre propre bot de Telegram." - } - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..84cdafe --- /dev/null +++ b/manifest.toml @@ -0,0 +1,133 @@ +packaging_format = 2 +id = "mautrix_telegram" +name = "Matrix-Telegram bridge" +description.en = "Telegram puppeting bridge for Matrix/Synapse" +description.fr = "Passerelle Telegram pour Matrix/Synapse" +version = "0.14.2~ynh1" +maintainers = ["thardev"] + +[upstream] +license = "AGPL-3.0-or-later" +website = "https://docs.mau.fi/bridges/python/telegram/index.html" +code = "https://github.com/mautrix/telegram" +admindoc = "https://github.com/YunoHost-Apps/mautrix_telegram_ynh" +userdoc = "https://docs.mau.fi/bridges/python/telegram/management-commands.html" + +[integration] +yunohost = ">= 11.1" +architectures = ["amd64", "arm64", "armhf"] +multi_instance = true +ldap = false +sso = false +disk = "100M" +ram.build = "256M" +ram.runtime = "1024M" + +[install] + +[install.synapse_instance] +ask.en = "Choose the local synapse instance number to communicate with mautrix_telegram" +ask.fr = "Choisissez le numéro de l'instance synapse qui doit communiquer avec mautrix_telegram" +type = "app" +pattern.regexp = "synapse(__)*[0-9]*" +pattern.error = "Invalid app selected. Please select a Synapse instance." +help.en = "Usually the Synapse instances contain a number after it is installed more than one time. E.g. synapse__1 will be the second instance." +help.fr = "En général, les instances de Synapse contiennent un numéro après avoir été installées plus d'une fois. Par exemple, synapse__1 sera la deuxième instance." +default = "synapse" + +[install.botname] +ask.en = "Choose a local synapse user name for the Telegram bot" +ask.fr = "Choisissez un nom d'utilisateur synapse local pour le robot Telegram" +type = "string" +example = "telegrambot" +help.en = "A system user will be created. Invite @telegrambot:localsynapse.servername from an authorized Matrix account to start bridging. Give the Matrix server_name, not the full domain/URL." +help.fr = "Un utilisateur système sera créé. Inviter @telegrambot:localsynapse.servername depuis un compte Matrix autorisé pour démarrer une passerelle. Donner le nom du serveur Matrix, pas le domaine/URL complet." +default = "telegrambot" + +[install.encryption] +ask.en = "Enable end-to-bridge encryption?" +ask.fr = "Activer le chiffrement entre Synapse et le bridge ?" +type = "boolean" +help.en = "Only activate if you know the prerequisites and constraints related to E2B." +help.fr = "N'activer que si vous connaissez les prérequis et constraintes liées à E2B." +default = true + +[install.botadmin] +ask.en = "Choose the Matrix account administrator of the Telegram bot; admin permission" +ask.fr = "Choisissez le compte Matrix administrateur du robot Telegram" +type = "string" +example = "@johndoe:localsynapse.servername or @johndoe:matrix.org" +help.en = "The administrator does not need to be a local Synapse account. Valid formats are @johndoe:localsynapse.servername or @johndoe:matrix.org" +help.fr = "L'administrateur peut ne pas être un compte local Synapse. Les formats valables sont @johndoe:localsynapse.servername or @johndoe:matrix.org" + +[install.botusers] +ask.en = "Choose Matrix user(s) authorized to bridge with the Telegram bot; puppeting permission" +ask.fr = "Choisissez le/les compte(s) Matrix autorisés à utiliser le robot Telegram" +type = "string" +example = "@johndoe:server.name or server.name or *" +help.en = """ +A remote or local user (@johndoe:server.name),the local server (server.name), a remote server (matrix.org), or all remote/local servers (*) can be authorized. +Give the Matrix server_name, not the full domain/URL. +It is also possible to specify multiple values by separating them with comma. Example: @johndoe:server.name,domain.tld,matrix.org""" +help.fr = """Un compte local ou distant (@johndoe:server.name), le serveur local (server.name), un serveur distant (matrix.org), ou tous les serveurs remote/local (*). +Donner le nom du serveur Matrix, pas le domaine/URL complet. +Il est également possible de spécifier plusieurs valeurs en les séparant par une virgule. Exemple : @johndoe:server.name,domain.tld,matrix.org""" + +[install.apiid] +ask.en = "Telegram API keys (https://my.telegram.org/apps): ID" +ask.fr = "Clés API Telegram API (https://my.telegram.org/apps): ID" +type = "string" +example = "1234567" +help.en = "Get your own API keys at https://my.telegram.org/apps" +help.fr = "Obtenez vos propres clés API sur https://my.telegram.org/apps" + +[install.apihash] +ask.en = "Telegram API keys (https://my.telegram.org/apps): Hash" +ask.fr = "Clés API Telegram (https://my.telegram.org/apps) : Hash" +type = "string" +example = "tjyd5yge35lbodk1xwzw2jstp90k55qz" +help.en = "Get your own API keys at https://my.telegram.org/apps" +help.fr = "Obtenez vos propres clés API sur https://my.telegram.org/apps" + +[install.bottoken] +ask.en = "Telegram bot token (optional)" +ask.fr = "Jeton de bot de Telegram (facultatif)" +type = "string" +example = "disabled" +help.en = "Create your own telegram bot" +help.fr = "Créez votre propre bot de Telegram" +default = "disabled" + +[resources] + +[resources.apt] +packages = "postgresql, python3, zlib1g-dev, libjpeg-dev, libwebp-dev, python3-venv, libpq-dev, libffi-dev, libolm-dev" + +[resources.database] +type = "postgresql" + +[resources.permissions] +main.allowed = "all_users" +main.auth_header = false + +[resources.system_user] +home = "/opt/yunohost/__APP__" + +[resources.install_dir] +dir = "/opt/yunohost/__APP__" + +[resources.ports] +main.default = 29317 + +[resources.sources] + +[resources.sources.main] +in_subdir = true +extract = false +rename = "mautrix-telegram" +amd64.url = "https://github.com/mautrix/telegram/archive/refs/tags/v0.14.2.tar.gz" +amd64.sha256 = "8071beb09970d7a337e1a1f7700ecd3f4ef774ba51f2e7199f0216883f023786" +arm64.url = "https://github.com/mautrix/telegram/archive/refs/tags/v0.14.2.tar.gz" +arm64.sha256 = "8071beb09970d7a337e1a1f7700ecd3f4ef774ba51f2e7199f0216883f023786" +armhf.url = "https://github.com/mautrix/telegram/archive/refs/tags/v0.14.2.tar.gz" +armhf.sha256 = "8071beb09970d7a337e1a1f7700ecd3f4ef774ba51f2e7199f0216883f023786" \ No newline at end of file diff --git a/scripts/_common.sh b/scripts/_common.sh index 9f14ec1..944a65e 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,10 +4,6 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app (must be on a single line) -# HACK zlib1g-dev libjpeg-dev (libwebp-dev and libolm-dev optional but necessary for stickers/e2be) are necessary to compile / install pillow -pkg_dependencies="postgresql python3 zlib1g-dev libjpeg-dev libwebp-dev python3-venv libpq-dev libffi-dev libolm-dev" - #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 917677c..251bb1b 100755 --- a/scripts/backup +++ b/scripts/backup @@ -10,26 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -39,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # SPECIFIC BACKUP diff --git a/scripts/change_url b/scripts/change_url deleted file mode 100644 index 126010e..0000000 --- a/scripts/change_url +++ /dev/null @@ -1,134 +0,0 @@ -#!/bin/bash - -#================================================= -# GENERIC STARTING -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - -source _common.sh -source /usr/share/yunohost/helpers - -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH - -new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 - -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -# Add settings here as needed by your application -#db_name=$(ynh_app_setting_get --app=$app --key=db_name) -#db_user=$db_name -#db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) - -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --time --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# CHECK WHICH PARTS SHOULD BE CHANGED -#================================================= - -change_domain=0 -if [ "$old_domain" != "$new_domain" ] -then - change_domain=1 -fi - -change_path=0 -if [ "$old_path" != "$new_path" ] -then - change_path=1 -fi - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Stopping a systemd service..." --time --weight=1 - -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" - -#================================================= -# MODIFY URL IN NGINX CONF -#================================================= -ynh_script_progression --message="Updating NGINX web server configuration..." --time --weight=1 - -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -# Change the path in the NGINX config file -if [ $change_path -eq 1 ] -then - # Make a backup of the original NGINX config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for NGINX helper - domain="$old_domain" - path_url="$new_path" - # Create a dedicated NGINX config - ynh_add_nginx_config -fi - -# Change the domain for NGINX -if [ $change_domain -eq 1 ] -then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" -fi - -#================================================= -# SPECIFIC MODIFICATIONS -#================================================= -# ... -#================================================= - -#================================================= -# GENERIC FINALISATION -#================================================= -# START SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Starting a systemd service..." --time --weight=1 - -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - -#================================================= -# END OF SCRIPT -#================================================= - -ynh_script_progression --message="Change of URL completed for $app" --time --last diff --git a/scripts/install b/scripts/install index 68abed4..bfc6ebc 100755 --- a/scripts/install +++ b/scripts/install @@ -9,119 +9,29 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -appserviceid=$YNH_APP_INSTANCE_NAME -synapsenumber=$YNH_APP_ARG_SYNAPSENUMBER -botname=$YNH_APP_ARG_BOTNAME -encryption=$YNH_APP_ARG_ENCRYPTION -botadmin=$YNH_APP_ARG_BOTADMIN -botusers=$YNH_APP_ARG_BOTUSERS -apiid=$YNH_APP_ARG_APIID -apihash=$YNH_APP_ARG_APIHASH -bottoken=$YNH_APP_ARG_BOTTOKEN - -app=$YNH_APP_INSTANCE_NAME - -# ToDo check (in manifest?) if the selected synapse instance is not already connected to a mautrix_bridge bridge -if [ $synapsenumber -eq "1" ] -then - synapse_instance="synapse" -else - synapse_instance="synapse__$synapsenumber" -fi +# Retrieve some values from selected Synapse instance and store them +appserviceid=$app server_name=$(ynh_app_setting_get --app $synapse_instance --key server_name) domain=$(ynh_app_setting_get --app $synapse_instance --key domain) -synapse_registration_path="/etc/matrix-$synapse_instance/app-service" - -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." --weight=1 - -final_path=/opt/yunohost/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -ynh_script_progression --message="Storing installation settings..." --weight=7 - -ynh_app_setting_set --app=$app --key=appserviceid --value=$appserviceid -ynh_app_setting_set --app=$app --key=botname --value=$botname -ynh_app_setting_set --app=$app --key=encryption --value=$encryption -ynh_app_setting_set --app=$app --key=botadmin --value=$botadmin -ynh_app_setting_set --app=$app --key=botusers --value=$botusers -ynh_app_setting_set --app=$app --key=apiid --value=$apiid -ynh_app_setting_set --app=$app --key=apihash --value=$apihash -ynh_app_setting_set --app=$app --key=bottoken --value=$bottoken -ynh_app_setting_set --app=$app --key=synapse_instance --value=$synapse_instance ynh_app_setting_set --app=$app --key=server_name --value=$server_name ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=synapse_registration_path --value=$synapse_registration_path - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." --weight=1 - -# Find a free port for communication between your local synapse instance (home server) and its app service mautrix_bridge. -port=$(ynh_find_port --port=29317) -ynh_app_setting_set --app=$app --key=port --value=$port - -#================================================= -# INSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Installing dependencies..." --weight=97 - -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" - -#================================================= -# CREATE A POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Creating a PostgreSQL database..." --weight=3 - -db_name=$(ynh_sanitize_dbid --db_name=$app) -db_user=$db_name -ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_psql_test_if_first_run -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) +ynh_app_setting_set --app=$app --key=appserviceid --value=$appserviceid #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=3 -ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path/src" +ynh_setup_source --dest_dir="$install_dir/src" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" +chmod 750 "$install_dir" +chmod -R 750 "$install_dir" +chown -R $app:$app "$install_dir" #================================================= # SPECIFIC SETUP @@ -145,10 +55,10 @@ then botusers="$server_name" fi -ynh_add_config --template="config.yaml" --destination="$final_path/config.yaml" +ynh_add_config --template="config.yaml" --destination="$install_dir/config.yaml" -chmod 400 "$final_path/config.yaml" -chown $app:$app "$final_path/config.yaml" +chmod 400 "$install_dir/config.yaml" +chown $app:$app "$install_dir/config.yaml" #================================================= # INSTALL MAUTRIX-BRIDGE PYTHON MODULE @@ -157,22 +67,22 @@ ynh_script_progression --message="Installing Mautrix-Bridge Python Module..." -- mkdir -p /var/log/$app # Configure Mautrix-Bridge -python3 -m venv $final_path -export HOME=$final_path -$final_path/bin/pip3 install --upgrade pip setuptools wheel -$final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[e2be,speedups,qr_login] # metrics,hq_thumbnails,sqlite,formattednumbers +python3 -m venv $install_dir +export HOME=$install_dir +$install_dir/bin/pip3 install --upgrade pip setuptools wheel +$install_dir/bin/pip3 install --upgrade $install_dir/src/mautrix-telegram.tar.gz[e2be,speedups,qr_login] # metrics,hq_thumbnails,sqlite,formattednumbers #================================================= # REGISTER SYNAPSE APP-SERVICE #================================================= ynh_script_progression --message="Registering Synapse app-service" --weight=1 -$final_path/bin/python3 -m mautrix_telegram -g -c $final_path/config.yaml -r "$synapse_registration_path/$app.yaml" +$install_dir/bin/python3 -m mautrix_telegram -g -c $install_dir/config.yaml -r "/etc/matrix-$synapse_instance/app-service/$app.yaml" /opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || ynh_die --message="Synapse can't restart with the appservice configuration" -chown -R $app:$app "$final_path" -ynh_store_file_checksum --file="$synapse_registration_path/$app.yaml" -ynh_store_file_checksum --file="$final_path/config.yaml" +chown -R $app:$app "$install_dir" +ynh_store_file_checksum --file="/etc/matrix-$synapse_instance/app-service/$app.yaml" +ynh_store_file_checksum --file="$install_dir/config.yaml" #================================================= # SETUP SYSTEMD @@ -192,6 +102,8 @@ ynh_script_progression --message="Configuring log rotation..." --weight=3 # Use logrotate to manage application logfile(s) # TODO maybe --specific-user?? ynh_use_logrotate --logfile "/var/log/$app/$app.log" --specific_user $app +chmod -R 600 "/var/log/$app" +chmod 700 "/var/log/$app" chown -R $app:$app /var/log/$app #================================================= diff --git a/scripts/remove b/scripts/remove index 5388139..5e432a1 100755 --- a/scripts/remove +++ b/scripts/remove @@ -16,16 +16,6 @@ ynh_script_progression --message="Loading installation settings..." --weight=5 app=$YNH_APP_INSTANCE_NAME -appserviceid=$(ynh_app_setting_get --app=$app --key=appserviceid) -botname=$(ynh_app_setting_get --app=$app --key=botname) -synapse_instance=$(ynh_app_setting_get --app=$app --key=synapse_instance) -server_name=$(ynh_app_setting_get --app=$app --key=server_name) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -synapse_registration_path=$(ynh_app_setting_get --app=$app --key=synapse_registration_path) -synapse_db_name="matrix_$synapse_instance" - #================================================= # STANDARD REMOVE #================================================= @@ -55,32 +45,6 @@ ynh_script_progression --message="Removing logrotate configuration..." --weight= # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# REMOVE THE POSTGRESQL DATABASE -#================================================= -ynh_script_progression --message="Removing the PostgreSQL database..." --weight=4 - -# Remove a database if it exists, along with the associated user -ynh_psql_remove_db --db_user=$db_user --db_name=$db_name -ynh_psql_execute_as_root --database=$synapse_db_name --sql="DROP OWNED BY ""$botname"";" -ynh_psql_execute_as_root --database=$synapse_db_name --sql="DROP USER ""$botname"";" - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." --weight=1 - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=8 - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - #================================================= # SPECIFIC REMOVE #================================================= @@ -89,22 +53,12 @@ ynh_remove_app_dependencies ynh_script_progression --message="Removing various files..." --weight=6 # Remove a directory securely -ynh_secure_remove --file="$synapse_registration_path/$app.yaml" +ynh_secure_remove --file="/etc/matrix-$synapse_instance/app-service/$app.yaml" /opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || ynh_die --message="Synapse can't restart with the appservice configuration" # Remove the log files ynh_secure_remove --file="/var/log/$app" -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." --weight=5 - -# Delete a system user -ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index abaaa3b..3809fbf 100755 --- a/scripts/restore +++ b/scripts/restore @@ -10,16 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # LOAD SETTINGS #================================================= @@ -27,60 +17,29 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME -final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name synapse_instance=$(ynh_app_setting_get --app=$app --key=synapse_instance) -synapse_registration_path=$(ynh_app_setting_get --app=$app --key=synapse_registration_path) -appserviceid=$(ynh_app_setting_get --app=$app --key=appserviceid) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=1 - -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " #================================================= # STANDARD RESTORATION STEPS -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" +chmod 750 "$install_dir" +chmod -R 750 "$install_dir" +chown -R $app:$app "$install_dir" #================================================= # SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Reinstalling dependencies..." --weight=1 - -# Define and install dependencies -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies - #================================================= # RESTORE THE POSTGRESQL DATABASE #================================================= ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=8 -ynh_psql_test_if_first_run -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name #================================================= @@ -90,16 +49,16 @@ ynh_script_progression --message="Installing Mautrix-Bridge Python Module..." -- mkdir -p /var/log/$app # Configure Mautrix-Bridge -python3 -m venv $final_path -export HOME=$final_path -$final_path/bin/pip3 install --upgrade pip setuptools wheel +python3 -m venv $install_dir +export HOME=$install_dir +$install_dir/bin/pip3 install --upgrade pip setuptools wheel #================================================= # REGISTER SYNAPSE APP-SERVICE #================================================= ynh_script_progression --message="Registering Synapse app-service" --weight=1 -$final_path/bin/python3 -m mautrix_telegram -g -c $final_path/config.yaml -r "$synapse_registration_path/$app.yaml" +$install_dir/bin/python3 -m mautrix_telegram -g -c $install_dir/config.yaml -r "etc/matrix-$synapse_instance/app-service/$app.yaml" /opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || echo "Synapse can't restart with the appservice configuration" #================================================= @@ -116,6 +75,10 @@ systemctl enable $app.service --quiet ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1 ynh_restore_file --origin_path="/etc/logrotate.d/$app" +mkdir -p "/var/log/$app" +chmod -R 600 "/var/log/$app" +chmod 700 "/var/log/$app" +chown -R $app:$app /var/log/$app #================================================= # INTEGRATE SERVICE IN YUNOHOST diff --git a/scripts/upgrade b/scripts/upgrade index 09995cc..d5e9e84 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,30 +9,8 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -appserviceid=$(ynh_app_setting_get --app=$app --key=appserviceid) -botname=$(ynh_app_setting_get --app=$app --key=botname) -encryption=$(ynh_app_setting_get --app=$app --key=encryption) -botadmin=$(ynh_app_setting_get --app=$app --key=botadmin) -botusers=$(ynh_app_setting_get --app=$app --key=botusers) -domain=$(ynh_app_setting_get --app=$app --key=domain) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) -port=$(ynh_app_setting_get --app=$app --key=port) -synapse_instance=$(ynh_app_setting_get --app=$app --key=synapse_instance) server_name=$(ynh_app_setting_get --app=$app --key=server_name) -synapse_registration_path=$(ynh_app_setting_get --app=$app --key=synapse_registration_path) -apiid=$(ynh_app_setting_get --app=$app --key=apiid) -apihash=$(ynh_app_setting_get --app=$app --key=apihash) -bottoken=$(ynh_app_setting_get --app=$app --key=bottoken) +synapse_db_name="matrix_$synapse_instance" #================================================= # CHECK VERSION @@ -41,20 +19,6 @@ ynh_script_progression --message="Checking version..." --weight=1 upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=5 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -92,21 +56,6 @@ then ynh_app_setting_set --app=$app --key=psqlpwd --value=$db_pwd fi -# If synapse_registration_path doesn't exist, create it -if [ -z "$synapse_registration_path" ] -then - synapse_registration_path=$(ynh_app_setting_get --app=$app --key=app_service_registration_path) - ynh_app_setting_set --app=$app --key=synapse_registration_path --value=$synapse_registration_path -fi - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -116,19 +65,12 @@ then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path/src" + ynh_setup_source --dest_dir="$install_dir/src" fi -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" - -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=1 - -ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies +chmod 750 "$install_dir" +chmod -R 750 "$install_dir" +chown -R $app:$app "$install_dir" #================================================= # SPECIFIC UPGRADE @@ -138,45 +80,45 @@ ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies ynh_script_progression --message="Updating a configuration file..." --weight=2 # main configuration -ynh_backup_if_checksum_is_different --file="$final_path/config.yaml" +ynh_backup_if_checksum_is_different --file="$install_dir/config.yaml" # as_token hs_token are autogenerated, save them before regenerating the config -as_token=$(grep "as_token:" "$final_path/config.yaml" | sed -r "s/ *as_token: *//") -hs_token=$(grep "hs_token:" "$final_path/config.yaml" | sed -r "s/ *hs_token: *//") -# ynh_replace_string --match_string=__AS_TOKEN__ --replace_string="$as_token" --target_file="$final_path/config.yaml" -# ynh_replace_string --match_string=__HS_TOKEN__ --replace_string="$hs_token" --target_file="$final_path/config.yaml" +as_token=$(grep "as_token:" "$install_dir/config.yaml" | sed -r "s/ *as_token: *//") +hs_token=$(grep "hs_token:" "$install_dir/config.yaml" | sed -r "s/ *hs_token: *//") +# ynh_replace_string --match_string=__AS_TOKEN__ --replace_string="$as_token" --target_file="$install_dir/config.yaml" +# ynh_replace_string --match_string=__HS_TOKEN__ --replace_string="$hs_token" --target_file="$install_dir/config.yaml" is_encryption_enabled="$encryption" if [ $encryption -eq 1 ]; then is_encryption_enabled="true" fi -ynh_add_config --template="../conf/config.yaml" --destination="$final_path/config.yaml" +ynh_add_config --template="../conf/config.yaml" --destination="$install_dir/config.yaml" -chmod 400 "$final_path/config.yaml" -chown $app:$app "$final_path/config.yaml" +chmod 400 "$install_dir/config.yaml" +chown $app:$app "$install_dir/config.yaml" #================================================= # UPGRADE MAUTRIX-BRIDGE PYTHON MODULE #================================================= ynh_script_progression --message="Upgrading Mautrix-Bridge Python Module..." --weight=2 -python3 -m venv $final_path -export HOME=$final_path -$final_path/bin/pip3 install --upgrade pip setuptools wheel -$final_path/bin/pip3 install --upgrade $final_path/src/mautrix-telegram.tar.gz[e2be,speedups,qr_login] # metrics,hq_thumbnails,sqlite,formattednumbers +python3 -m venv $install_dir +export HOME=$install_dir +$install_dir/bin/pip3 install --upgrade pip setuptools wheel +$install_dir/bin/pip3 install --upgrade $install_dir/src/mautrix-telegram.tar.gz[e2be,speedups,qr_login] # metrics,hq_thumbnails,sqlite,formattednumbers #================================================= # REGISTER SYNAPSE APP-SERVICE #================================================= ynh_script_progression --message="Registering Synapse app-service" --weight=1 -$final_path/bin/python3 -m mautrix_telegram -g -c $final_path/config.yaml -r "$synapse_registration_path/$app.yaml" +$install_dir/bin/python3 -m mautrix_telegram -g -c $install_dir/config.yaml -r "/etc/matrix-$synapse_instance/app-service/$app.yaml" /opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || ynh_die --message="Synapse can't restart with the appservice configuration" # Set permissions on app files -chown -R $app:$app "$final_path" -ynh_store_file_checksum --file="$synapse_registration_path/$app.yaml" -ynh_store_file_checksum --file="$final_path/config.yaml" +chown -R $app:$app "$install_dir" +ynh_store_file_checksum --file="/etc/matrix-$synapse_instance/app-service/$app.yaml" +ynh_store_file_checksum --file="$install_dir/config.yaml" #================================================= # SETUP SYSTEMD diff --git a/test.toml b/test.toml new file mode 100644 index 0000000..866a5fc --- /dev/null +++ b/test.toml @@ -0,0 +1,37 @@ +test_format = 1.0 + +[default] + +# ------------ +# Tests to run +# ------------ + +# For special usecases, sometimes you need to setup other things on the machine +# prior to installing the app (such as installing another app) +# (Remove this key entirely if not needed) +preinstall = """ + sudo yunohost tools update apps + sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/ -a "domain=$domain&server_name=$server_name&is_free_registration=$is_free_registration&jitsi_server=$jitsi_server" --force + """ + +# ------------------------------- +# Default args to use for install +# ------------------------------- + +# By default, the CI will automagically fill the 'standard' args +# such as domain, path, admin, is_public and password with relevant values +# and also install args with a "default" provided in the manifest.. +# It should only make sense to declare custom args here for args with no default values + +args.botadmin = "@johndoe:server.name" +args.botusers = "server.name" +args.apiid = "1234567" +args.apihash = "tjyd5yge35lbodk1xwzw2jstp90k55qz" + +# ------------------------------- +# Commits to test upgrade from +# ------------------------------- + +test_upgrade_from.644a075.name = "Upgrade from 0.12.0" + +test_upgrade_from.bf0ba45.name = "Upgrade from 0.13.0" \ No newline at end of file From edd280fb0dcfa344475f3ad404cf95ceef11cdae Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Mon, 13 Nov 2023 20:41:24 +0000 Subject: [PATCH 03/10] Auto-update README --- README.md | 95 ---------------------------------------------------- README_fr.md | 95 ---------------------------------------------------- 2 files changed, 190 deletions(-) diff --git a/README.md b/README.md index d0bb165..6fbc827 100644 --- a/README.md +++ b/README.md @@ -20,101 +20,6 @@ A puppeting bridge between Matrix and Telegram packaged as a YunoHost service. M **Shipped version:** 0.14.2~ynh1 -## Disclaimers / important information - -## List of known public services - -* Ask on one of the following rooms: #mautrix_yunohost:matrix.fdn.fr or #telegram:maunium.net - -## Bridging usage -** Note that several Telegram and Matrix users can be bridged, each Telegram account has its own bot administration room. If they are in a same Telegram group, only one matrix room will be created. ** - -### Bridge a Telegram user and a Matrix user -* First your Matrix user or Synapse Server has to be authorized in the Configuration of the bridge (see below) -* Then, invite the bot (default @telegrambot:yoursynapse.domain) in this new Mautrix-Telegram bot administration room. - * If the Bot does bot accept, see the [troubleshooting page](https://docs.mau.fi/bridges/general/troubleshooting.html) -* Send ``!tg help`` to the bot in the created room to know how to control the bot. -See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/telegram/authentication.html) - -#### Logging into Telegram account -* Type ``login`` or ``login-qr`` (untested) in main management room (`!tg` in any bridge room) -* follow setup instructions from bot -* By defaults, only conversations with very recent messages and groups will be suggested to be bridged -* Accept invitations to the bridged chat rooms - -#### Registering the Bridge as a primary device (untested) -* Type ``!tg register ``, where ```` is your phone number in the internation format with no space, e.g. ``!tg register +33612345678`` -* Answer in the bot room with the verification code that you reveived in SMS. -* Set a profile name with ``!tg set-profile-name `` - -### Double puppeting -* Log in with ``login-matrix `` -* After logging in, the default Matrix puppet of your Telegram account should leave rooms and your account should join all rooms the puppet was in automatically. - - -### Relaybot: Bridge a group for several Matrix and several Telegram users to chat together -* see https://docs.mau.fi/bridges/python/telegram/relay-bot.html - -## Configuration of the bridge - -The bridge is [roughly configured at installation](https://github.com/YunoHost-Apps/mautrix_telegram_ynh/blob/master/conf/config.yaml), e.g. allowed admin and user of the bot. Finer configuration can be done by modifying the -following configuration file with SSH: -```/opt/yunohost/mautrix_telegram/config.yaml``` -and then restarting the mautrix_telegram service. - -#### End-to-bridge encryption - -The bridge can optionally encrypt messages between Matrix users and the bridge to hide messages from the homeserver. Using Postgres is strongly recommended when using end-to-bridge encryption. -If you want to enable it, look for the option ```bridge → encryption``` in the config file. If you only set ```allow: true```, the bridge won't enable encryption on its own, but will work in encrypted rooms. If you set ```default: true```, the bridge will automatically enable encryption in new portals. - -There is also the possibility to set ```require: true``` to enforce encryption on any of the messages that you send (this will drop any unencrypted messages). - -## Documentation - - * Official "Mautrix-Telegram" documentation: https://docs.mau.fi/bridges/python/telegram/index.html - * Matrix room (Matrix Bridges in Yunohost): #mautrix_yunohost:matrix.fdn.fr - * Matrix room (upstream app): #telegram:maunium.net -In case you need to upload your logs somewhere, be aware that they contain your contacts' and your phone numbers. Strip them out with -``| sed -r 's/[0-9]{10,}/📞/g' `` - * "Mautrix-Telegram" bridge is based on the [telegram daemon](https://gitlab.com/telegramd/telegramd) project. - * YunoHost documentation: If more specific documentation is needed, feel free to contribute. - -## YunoHost specific features - -#### Multi-user support - -* Bot users are not related to Yunohost users. Any Matrix account or Synapse server autorized in the configuration of the bridge can invite/use the bot. -* The Telegram bot is a local Matrix-Synapse user, but accessible through federation (synapse public or private). -* Several Telegram and Matrix users can be bridged with one bridge, each user has its own bot administration room. -* If several bot users are in a same Telegram group, only one Matrix room will be created by the bridge. -* See https://github.com/YunoHost-Apps/synapse_ynh#multi-users-support - -#### Multi-instance support - -* Multi-instance installation should work. Several bridge instances could be installed for one Matrix-Synapse instance so that one Matrix user can bridge several Telegram accounts. -* Several bridge instances could be installed for each Matrix-Synapse instance to benefit from it. But one bridge can be used by users from several Matrix-Synapse instances. - -## Troubleshooting - -* Check the spelling of the bot name! -* For slow servers it might be necessary to run ``systemctl edit mautrix_telegram.service`` (also for `coturn.service` and `coturn-synapse.service`) and insert -``` -[Service] -ExecStartPre=/bin/sleep 90 -``` -such that it is ensured that synapse is running before the bridge tries to connect. -(If it worked after installation but broke after a restart this probably is it.) - -## Development code quality - -The `.github/workflows/updater.sh` script needs to be synced with changes in `conf/config.yaml` therefore a `pre-commit` -hook is used to display a reminder to update `.github/workflows/updater.sh` (if needed) when `conf/config.yaml` has been modified. - -Please enable Git hooks using following command to ensure code quality and stability. -``` bash -git config --local core.hooksPath .githooks -``` - ## Documentation and resources * Official app website: diff --git a/README_fr.md b/README_fr.md index 2006eb4..764b9e4 100644 --- a/README_fr.md +++ b/README_fr.md @@ -23,101 +23,6 @@ La passerelle ["Mautrix-Telegram"](https://docs.mau.fi/bridges/python/telegram/i **Version incluse :** 0.14.2~ynh1 -## Avertissements / informations importantes - -## Liste de passerelles publiques - -* Demandez sur un des salons suivants: #mautrix_yunohost:matrix.fdn.fr ou #telegram:maunium.net - -## Usages de la passerelle -** Notez que plusieurs comptes Telegram et Matrix peuvent être pontés, chaque compte Telegram connecté a son propre Salon d'Administration. Si plusieurs utilisateur.ice.s du Robot sont dans un même groupe Signal, seul un Salon Matrix sera créé par la passerelle. ** - -### Bridge a Telegram user and a Matrix user -* First your Matrix user or Synapse Server has to be authorized in the Configuration of the bridge (see below) -* Then, invite the bot (default @telegrambot:yoursynapse.domain) in this new Mautrix-Telegram bot administration room. - * If the Bot does bot accept, see the [troubleshooting page](https://docs.mau.fi/bridges/general/troubleshooting.html) -* Send ``!tg help`` to the bot in the created room to know how to control the bot. -See also [upstream wiki Authentication page](https://docs.mau.fi/bridges/python/telegram/authentication.html) - -#### Logging into Telegram account -* Type ``login`` or ``login-qr`` (untested) in main management room (`!tg` in any bridge room) -* follow setup instructions from bot -* By defaults, only conversations with very recent messages and groups will be suggested to be bridged -* Accept invitations to the bridged chat rooms - -#### Registering the Bridge as a primary device (untested) -* Type ``!tg register ``, where ```` is your phone number in the internation format with no space, e.g. ``!tg register +33612345678`` -* Answer in the bot room with the verification code that you reveived in SMS. -* Set a profile name with ``!tg set-profile-name `` - -### Double puppeting -* Log in with ``login-matrix `` -* After logging in, the default Matrix puppet of your Telegram account should leave rooms and your account should join all rooms the puppet was in automatically. - - -### Relaybot: Bridge a group for several Matrix and several Telegram users to chat together -* see https://docs.mau.fi/bridges/python/telegram/relay-bot.html - -### Configuration de la passerelle - -La passerelle est [configurée avec les paramètres standards adaptés pour votre YunoHost et l'instance Matrix-Synapse sélectionnée](https://github.com/YunoHost-Apps/mautrix_telegram_ynh/blob/master/conf/config.yaml). Vous pouvez par exemple ajouter des administrateur.ice.s et utilisateur.ice.s du Robot autorisés en modifiant le fichier de configuration par liaison SSH: -``` sudo nano /opt/yunohost/mautrix_whatsapp/config.yaml``` -puis en redémarrant le service: -``` sudo yunohost service restart mautrix_whatsapp``` - -#### End-to-bridge encryption - -Le robot peut éventuellement chiffrer les messages entre les utilisateurs de Matrix et la passarelle pour cacher les messages du serveur domestique. L'utilisation de Postgres est fortement recommandée lors de l'utilisation du chiffrement end-to-bridge. -Si vous voulez l'activer, cherchez l'option ```bridge → encryption``` dans le fichier de configuration. Si vous définissez uniquement l'option ``allow: true``, le robot n'activera pas le chiffrement de lui-même, mais travaillera dans les portails chiffrés. Si vous définissez ```default: true```, la passerelle activera automatiquement le chiffrement dans les nouveaux portails. - -Il y a également la possibilité de définir ```require: true``` pour imposer le chiffrement sur tous les messages que vous envoyez (cela interdira tous les messages non chiffrés). - -## Documentation - - * Official "Mautrix-Telegram" documentation: https://docs.mau.fi/bridges/python/telegram/index.html - * Matrix room (Matrix Bridges in Yunohost): #mautrix_yunohost:matrix.fdn.fr - * Matrix room (upstream app): #telegram:maunium.net -In case you need to upload your logs somewhere, be aware that they contain your contacts' and your phone numbers. Strip them out with -``| sed -r 's/[0-9]{10,}/??/g' `` - * "Mautrix-Telegram" bridge is based on the [telegram daemon](https://gitlab.com/telegramd/telegramd) project. - * YunoHost documentation: If more specific documentation is needed, feel free to contribute. - -## Caractéristiques spécifiques YunoHost - -#### Support multi-comptes -* Bot users are not related to Yunohost users. Any Matrix account or Synapse server autorized in the configuration of the bridge can invite/use the bot. -* The Telegram bot is a local Matrix-Synapse user, but accessible through federation (synapse public or private). -* Several Telegram and Matrix users can be bridged with one bridge, each user has its own bot administration room. -* If several bot users are in a same Telegram group, only one Matrix room will be created by the bridge. -* See https://github.com/YunoHost-Apps/synapse_ynh#multi-users-support - -#### Support multi-instance - -* Multi-instance installation should work. Several bridge instances could be installed for one Matrix-Synapse instance so that one Matrix user can bridge several Telegram accounts. -* Several bridge instances could be installed for each Matrix-Synapse instance to benefit from it. But one bridge can be used by users from several Matrix-Synapse instances. - -## Troubleshooting - -* Check the spelling of the bot name! -* For slow servers it might be necessary to run ``systemctl edit mautrix_telegram.service`` (also for `coturn.service` and `coturn-synapse.service`) and insert -``` -[Service] -ExecStartPre=/bin/sleep 90 -``` -such that it is ensured that synapse is running before the bridge tries to connect. -(If it worked after installation but broke after a restart this probably is it.) - -## Development code quality - -Le script `.github/workflows/updater.sh` doit être synchronisé avec les changements dans `conf/config.yaml`, -donc un hook `pre-commit` est utilisé pour afficher un rappel pour mettre à jour -`.github/workflows/updater.sh` (si nécessaire) lorsque `conf/config.yaml` a été modifié. - -Veuillez activer les hooks Git en utilisant la commande suivante pour assurer la qualité et la stabilité du code. -``` bash -git config --local core.hooksPath .githooks -``` - ## Documentations et ressources * Site officiel de l’app : From 19044ea5b1adddf586a558cabb49bafe6fda4548 Mon Sep 17 00:00:00 2001 From: Dante Date: Tue, 14 Nov 2023 03:08:02 +0100 Subject: [PATCH 04/10] Fix typo in tests filename --- test.toml => tests.toml | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename test.toml => tests.toml (100%) diff --git a/test.toml b/tests.toml similarity index 100% rename from test.toml rename to tests.toml From 19ad7154dd0ae72edc7484cf36f51c389f98a8af Mon Sep 17 00:00:00 2001 From: Dante Date: Wed, 15 Nov 2023 11:50:45 +0100 Subject: [PATCH 05/10] Fix filename of sources --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 84cdafe..d54d84f 100644 --- a/manifest.toml +++ b/manifest.toml @@ -124,7 +124,7 @@ main.default = 29317 [resources.sources.main] in_subdir = true extract = false -rename = "mautrix-telegram" +rename = "mautrix-telegram.tar.gz" amd64.url = "https://github.com/mautrix/telegram/archive/refs/tags/v0.14.2.tar.gz" amd64.sha256 = "8071beb09970d7a337e1a1f7700ecd3f4ef774ba51f2e7199f0216883f023786" arm64.url = "https://github.com/mautrix/telegram/archive/refs/tags/v0.14.2.tar.gz" From 930891b60a1b23738d02f6923d67e946c28a2632 Mon Sep 17 00:00:00 2001 From: Dante Date: Wed, 15 Nov 2023 18:51:23 +0100 Subject: [PATCH 06/10] Change hash value since default is not permitted --- tests.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests.toml b/tests.toml index 866a5fc..d757bd2 100644 --- a/tests.toml +++ b/tests.toml @@ -26,7 +26,7 @@ preinstall = """ args.botadmin = "@johndoe:server.name" args.botusers = "server.name" args.apiid = "1234567" -args.apihash = "tjyd5yge35lbodk1xwzw2jstp90k55qz" +args.apihash = "0800fc577294c34e0b28ad2839435945" # ------------------------------- # Commits to test upgrade from From 6bdee24c4a93b472b98ec389635d755dda275c04 Mon Sep 17 00:00:00 2001 From: Dante Date: Fri, 17 Nov 2023 12:11:13 +0100 Subject: [PATCH 07/10] Fix restore script, linter issues and harden systemd script --- conf/systemd.service | 34 ++++++++++++++++++++++++++++++++++ scripts/restore | 11 ----------- scripts/upgrade | 2 -- 3 files changed, 34 insertions(+), 13 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index d6ce26a..d6b201f 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -9,5 +9,39 @@ Group=__APP__ WorkingDirectory=__INSTALL_DIR__/ ExecStart=__INSTALL_DIR__/bin/python3 -m mautrix_telegram +# Optional hardening to improve security +ReadWritePaths=__INSTALL_DIR__/ /var/log/__APP__ +NoNewPrivileges=yes +MemoryDenyWriteExecute=true +PrivateDevices=yes +PrivateTmp=yes +ProtectHome=yes +ProtectSystem=strict +ProtectControlGroups=true +RestrictSUIDSGID=true +RestrictRealtime=true +LockPersonality=true +ProtectKernelLogs=true +ProtectKernelTunables=true +ProtectHostname=true +ProtectKernelModules=true +PrivateUsers=true +ProtectClock=true +SystemCallArchitectures=native +SystemCallErrorNumber=EPERM +SystemCallFilter=@system-service + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/scripts/restore b/scripts/restore index 3809fbf..c709920 100755 --- a/scripts/restore +++ b/scripts/restore @@ -42,17 +42,6 @@ ynh_script_progression --message="Restoring the PostgreSQL database..." --weight ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name -#================================================= -# INSTALL MAUTRIX-BRIDGE PYTHON MODULE -#================================================= -ynh_script_progression --message="Installing Mautrix-Bridge Python Module..." --weight=6 - -mkdir -p /var/log/$app -# Configure Mautrix-Bridge -python3 -m venv $install_dir -export HOME=$install_dir -$install_dir/bin/pip3 install --upgrade pip setuptools wheel - #================================================= # REGISTER SYNAPSE APP-SERVICE #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index d5e9e84..58e4c60 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -84,8 +84,6 @@ ynh_backup_if_checksum_is_different --file="$install_dir/config.yaml" # as_token hs_token are autogenerated, save them before regenerating the config as_token=$(grep "as_token:" "$install_dir/config.yaml" | sed -r "s/ *as_token: *//") hs_token=$(grep "hs_token:" "$install_dir/config.yaml" | sed -r "s/ *hs_token: *//") -# ynh_replace_string --match_string=__AS_TOKEN__ --replace_string="$as_token" --target_file="$install_dir/config.yaml" -# ynh_replace_string --match_string=__HS_TOKEN__ --replace_string="$hs_token" --target_file="$install_dir/config.yaml" is_encryption_enabled="$encryption" if [ $encryption -eq 1 ]; then From f8c6c0baa9e81054c4142b145d78cd653941a625 Mon Sep 17 00:00:00 2001 From: Gredin67 Date: Fri, 1 Dec 2023 18:41:36 +0100 Subject: [PATCH 08/10] missing logs at restore --- scripts/restore | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/scripts/restore b/scripts/restore index c709920..5260e45 100755 --- a/scripts/restore +++ b/scripts/restore @@ -50,14 +50,6 @@ ynh_script_progression --message="Registering Synapse app-service" --weight=1 $install_dir/bin/python3 -m mautrix_telegram -g -c $install_dir/config.yaml -r "etc/matrix-$synapse_instance/app-service/$app.yaml" /opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || echo "Synapse can't restart with the appservice configuration" -#================================================= -# RESTORE SYSTEMD -#================================================= -ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 - -ynh_restore_file --origin_path="/etc/systemd/system/$app.service" -systemctl enable $app.service --quiet - #================================================= # RESTORE THE LOGROTATE CONFIGURATION #================================================= @@ -69,6 +61,14 @@ chmod -R 600 "/var/log/$app" chmod 700 "/var/log/$app" chown -R $app:$app /var/log/$app +#================================================= +# RESTORE SYSTEMD +#================================================= +ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 + +ynh_restore_file --origin_path="/etc/systemd/system/$app.service" +systemctl enable $app.service --quiet + #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= From a5149807453b93fe164ed086c15de18a8eb999a7 Mon Sep 17 00:00:00 2001 From: Dante Date: Mon, 11 Dec 2023 12:27:40 +0000 Subject: [PATCH 09/10] Fix restore script, order of restoring steps matters --- scripts/restore | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/scripts/restore b/scripts/restore index 5260e45..b2dea92 100755 --- a/scripts/restore +++ b/scripts/restore @@ -31,7 +31,7 @@ ynh_restore_file --origin_path="$install_dir" chmod 750 "$install_dir" chmod -R 750 "$install_dir" -chown -R $app:$app "$install_dir" +chown -R "$app:$app" "$install_dir" #================================================= # SPECIFIC RESTORATION @@ -40,26 +40,27 @@ chown -R $app:$app "$install_dir" #================================================= ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=8 -ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name - -#================================================= -# REGISTER SYNAPSE APP-SERVICE -#================================================= -ynh_script_progression --message="Registering Synapse app-service" --weight=1 - -$install_dir/bin/python3 -m mautrix_telegram -g -c $install_dir/config.yaml -r "etc/matrix-$synapse_instance/app-service/$app.yaml" -/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || echo "Synapse can't restart with the appservice configuration" +ynh_psql_execute_file_as_root --file="./db.sql" --database="$db_name" #================================================= # RESTORE THE LOGROTATE CONFIGURATION #================================================= +# This section has to be always above REGISTER SYNAPSE APP-SERVICE section in order to restore successfully ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1 ynh_restore_file --origin_path="/etc/logrotate.d/$app" mkdir -p "/var/log/$app" chmod -R 600 "/var/log/$app" chmod 700 "/var/log/$app" -chown -R $app:$app /var/log/$app +chown -R "$app:$app" "/var/log/$app" + +#================================================= +# REGISTER SYNAPSE APP-SERVICE +#================================================= +ynh_script_progression --message="Registering Synapse app-service" --weight=1 + +$install_dir/bin/python3 -m mautrix_telegram -g -c "$install_dir/config.yaml" -r "/etc/matrix-$synapse_instance/app-service/$app.yaml" +/opt/yunohost/matrix-$synapse_instance/update_synapse_for_appservice.sh || echo "Synapse can't restart with the appservice configuration" #================================================= # RESTORE SYSTEMD From 2a9f78dcd22a634ebb4b45c431b5444ba77dde23 Mon Sep 17 00:00:00 2001 From: Dante Date: Mon, 11 Dec 2023 14:31:24 +0000 Subject: [PATCH 10/10] Increase test upgrade version to avoid sources.d error --- tests.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests.toml b/tests.toml index d757bd2..4f07700 100644 --- a/tests.toml +++ b/tests.toml @@ -32,6 +32,6 @@ args.apihash = "0800fc577294c34e0b28ad2839435945" # Commits to test upgrade from # ------------------------------- -test_upgrade_from.644a075.name = "Upgrade from 0.12.0" +test_upgrade_from.452ed0e.name = "Upgrade from 0.12.2" test_upgrade_from.bf0ba45.name = "Upgrade from 0.13.0" \ No newline at end of file