synapse_ynh/scripts/install

#!/bin/bash

# Import common cmd
source ./_common.sh

# Init script
init_script

# Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN
path="/_matrix"
is_public=$YNH_APP_ARG_IS_PUBLIC

CHECK_PATH	# Vérifie et corrige la syntaxe du path.
CHECK_DOMAINPATH	# Vérifie la disponibilité du path et du domaine.
CHECK_FINALPATH	# Vérifie que le dossier de destination n'est pas déjà utilisé.

# Ouvre le port dans le firewall
NO_LOG FIND_PORT 8448	# Cherche un port libre.
synapse_tls_port=$port
NO_LOG FIND_PORT 8008	# Cherche un port libre.
synapse_port=$port
NO_LOG FIND_PORT 3478	# Cherche un port libre.
turnserver_port=$port
NO_LOG FIND_PORT 5349	# Cherche un port libre.
turnserver_tls_port=$port
sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
sudo yunohost firewall allow --no-upnp Both $turnserver_port > /dev/null 2>&1
sudo yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1

# Make dh cert for synapse if it not exist
test ! -e /etc/yunohost/certs/$domain/dh.pem && sudo openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null

# Find password for turnserver
turnserver_pwd=$(ynh_string_random 30)

# Enregistre les infos dans la config YunoHost
ynh_app_setting_set $app domain $domain
ynh_app_setting_set $app path $path
ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app synapse_port $synapse_port
ynh_app_setting_set $app synapse_tls_port $synapse_tls_port
ynh_app_setting_set $app turnserver_port $turnserver_port
ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port
ynh_app_setting_set $app turnserver_pwd $turnserver_pwd

# Et copie le fichier de config nginx
sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf

# Modifie les variables dans le fichier de configuration nginx
sudo sed -i "s@__PATH__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf
sudo sed -i "s@__PORT__@$synapse_port@g" /etc/nginx/conf.d/$domain.d/$app.conf

# Get Matrix key repos
wget -q -O '/tmp/matrix-repo-key.asc' "https://matrix.org/packages/debian/repo-key.asc"
sudo apt-key add "/tmp/matrix-repo-key.asc"

echo "matrix-synapse matrix-synapse/server-name select $domain" | sudo debconf-set-selections # Configure dpkg for no questions
echo "matrix-synapse matrix-synapse/report-stats select false" | sudo debconf-set-selections # Configure dpkg for no questions

# Enable debian-backports repos
enable_backport_repos

# Install coturn (the turn server)
ynh_package_install coturn

# Enable Synapse repos
if [[ -n "$(uname -m | grep arm)" ]]
then
        # Use special conf for arm arch because some binary are not available in jessie backport or in matrix repos
        install_arm_package_dep
        ynh_package_install -t $debian_version-backports -f
        echo "deb [arch=i386] http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list"
        ynh_package_update
else
        echo "deb http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list"
        ynh_package_update
fi

# Install synapse package
# We neet to install python-cryptography to Solve a python error about dependance (from cryptography.hazmat.primitives.asymmetric.utils)
ynh_package_install -t $debian_version-backports matrix-synapse python-matrix-synapse-ldap3 python-cryptography

# Configure Synapse
sudo cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__DOMAIN__@$domain@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__PORT__@$synapse_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TLS_PORT__@$synapse_tls_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TURNSERVER_TLS_PORT__@$turnserver_tls_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/matrix-synapse/homeserver.yaml
if [ "$is_public" = "0" ]
then
    sudo sed -i "s@__ALLOWED_ACCESS__@False@g" /etc/matrix-synapse/homeserver.yaml
else
    sudo sed -i "s@__ALLOWED_ACCESS__@True@g" /etc/matrix-synapse/homeserver.yaml
fi

# Configure Coturn
sudo cp ../conf/turnserver.conf /etc/turnserver.conf
sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/turnserver.conf
sudo sed -i "s@__DOMAIN__@$domain@g" /etc/turnserver.conf
sudo sed -i "s@__PORT__@$turnserver_port@g" /etc/turnserver.conf
sudo sed -i "s@__TLS_PORT__@$turnserver_tls_port@g" /etc/turnserver.conf

# Configure access for certificates
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/crt.pem
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/key.pem
sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/dh.pem

sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/crt.pem
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/key.pem
sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/dh.pem

# Configuration de logrotate
sed -i "s@__APP__@$app@g" ../conf/logrotate
sudo cp ../conf/logrotate /etc/logrotate.d/$app

ynh_app_setting_set $app skipped_uris "/"

# Régénère la configuration de SSOwat
sudo yunohost app ssowatconf
# Recharge la configuration Nginx
sudo service nginx reload
sudo service matrix-synapse restart
sudo service coturn restart
First commit 2017-02-13 20:43:41 +01:00			`#!/bin/bash`

			`# Import common cmd`
			`source ./_common.sh`

			`# Init script`
			`init_script`

			`# Retrieve arguments`
			`domain=$YNH_APP_ARG_DOMAIN`
			`path="/_matrix"`
			`is_public=$YNH_APP_ARG_IS_PUBLIC`

			`CHECK_PATH # Vérifie et corrige la syntaxe du path.`
			`CHECK_DOMAINPATH # Vérifie la disponibilité du path et du domaine.`
			`CHECK_FINALPATH # Vérifie que le dossier de destination n'est pas déjà utilisé.`

			`# Ouvre le port dans le firewall`
			`NO_LOG FIND_PORT 8448 # Cherche un port libre.`
			`synapse_tls_port=$port`
			`NO_LOG FIND_PORT 8008 # Cherche un port libre.`
			`synapse_port=$port`
			`NO_LOG FIND_PORT 3478 # Cherche un port libre.`
			`turnserver_port=$port`
			`NO_LOG FIND_PORT 5349 # Cherche un port libre.`
			`turnserver_tls_port=$port`
			`sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1`
			`sudo yunohost firewall allow --no-upnp Both $turnserver_port > /dev/null 2>&1`
			`sudo yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1`

			`# Make dh cert for synapse if it not exist`
			`test ! -e /etc/yunohost/certs/$domain/dh.pem && sudo openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null`

			`# Find password for turnserver`
			`turnserver_pwd=$(ynh_string_random 30)`

			`# Enregistre les infos dans la config YunoHost`
			`ynh_app_setting_set $app domain $domain`
			`ynh_app_setting_set $app path $path`
			`ynh_app_setting_set $app is_public $is_public`
			`ynh_app_setting_set $app synapse_port $synapse_port`
			`ynh_app_setting_set $app synapse_tls_port $synapse_tls_port`
			`ynh_app_setting_set $app turnserver_port $turnserver_port`
			`ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port`
			`ynh_app_setting_set $app turnserver_pwd $turnserver_pwd`

			`# Et copie le fichier de config nginx`
			`sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf`

			`# Modifie les variables dans le fichier de configuration nginx`
			`sudo sed -i "s@__PATH__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf`
			`sudo sed -i "s@__PORT__@$synapse_port@g" /etc/nginx/conf.d/$domain.d/$app.conf`

			`# Get Matrix key repos`
			`wget -q -O '/tmp/matrix-repo-key.asc' "https://matrix.org/packages/debian/repo-key.asc"`
			`sudo apt-key add "/tmp/matrix-repo-key.asc"`

			`echo "matrix-synapse matrix-synapse/server-name select $domain" \| sudo debconf-set-selections # Configure dpkg for no questions`
			`echo "matrix-synapse matrix-synapse/report-stats select false" \| sudo debconf-set-selections # Configure dpkg for no questions`

			`# Enable debian-backports repos`
			`enable_backport_repos`

			`# Install coturn (the turn server)`
			`ynh_package_install coturn`

			`# Enable Synapse repos`
			`if [[ -n "$(uname -m \| grep arm)" ]]`
			`then`
			`# Use special conf for arm arch because some binary are not available in jessie backport or in matrix repos`
			`install_arm_package_dep`
			`ynh_package_install -t $debian_version-backports -f`
			`echo "deb [arch=i386] http://matrix.org/packages/debian/ $debian_version main" \| sudo tee -a "/etc/apt/sources.list.d/matrix.list"`
			`ynh_package_update`
			`else`
			`echo "deb http://matrix.org/packages/debian/ $debian_version main" \| sudo tee -a "/etc/apt/sources.list.d/matrix.list"`
			`ynh_package_update`
			`fi`

			`# Install synapse package`
			`# We neet to install python-cryptography to Solve a python error about dependance (from cryptography.hazmat.primitives.asymmetric.utils)`
			`ynh_package_install -t $debian_version-backports matrix-synapse python-matrix-synapse-ldap3 python-cryptography`

			`# Configure Synapse`
			`sudo cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml`
			`sudo sed -i "s@__DOMAIN__@$domain@g" /etc/matrix-synapse/homeserver.yaml`
			`sudo sed -i "s@__PORT__@$synapse_port@g" /etc/matrix-synapse/homeserver.yaml`
			`sudo sed -i "s@__TLS_PORT__@$synapse_tls_port@g" /etc/matrix-synapse/homeserver.yaml`
			`sudo sed -i "s@__TURNSERVER_TLS_PORT__@$turnserver_tls_port@g" /etc/matrix-synapse/homeserver.yaml`
			`sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/matrix-synapse/homeserver.yaml`
			`if [ "$is_public" = "0" ]`
			`then`
			`sudo sed -i "s@__ALLOWED_ACCESS__@False@g" /etc/matrix-synapse/homeserver.yaml`
			`else`
			`sudo sed -i "s@__ALLOWED_ACCESS__@True@g" /etc/matrix-synapse/homeserver.yaml`
			`fi`

			`# Configure Coturn`
			`sudo cp ../conf/turnserver.conf /etc/turnserver.conf`
			`sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/turnserver.conf`
			`sudo sed -i "s@__DOMAIN__@$domain@g" /etc/turnserver.conf`
			`sudo sed -i "s@__PORT__@$turnserver_port@g" /etc/turnserver.conf`
			`sudo sed -i "s@__TLS_PORT__@$turnserver_tls_port@g" /etc/turnserver.conf`

			`# Configure access for certificates`
			`sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/crt.pem`
			`sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/key.pem`
			`sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/dh.pem`

			`sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/crt.pem`
			`sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/key.pem`
			`sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/dh.pem`

			`# Configuration de logrotate`
			`sed -i "s@__APP__@$app@g" ../conf/logrotate`
			`sudo cp ../conf/logrotate /etc/logrotate.d/$app`

			`ynh_app_setting_set $app skipped_uris "/"`

			`# Régénère la configuration de SSOwat`
			`sudo yunohost app ssowatconf`
			`# Recharge la configuration Nginx`
			`sudo service nginx reload`
			`sudo service matrix-synapse restart`
			`sudo service coturn restart`