synapse_ynh/scripts/_common.sh

python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
code_dir="/opt/yunohost/matrix-$app"
db_name_slidingproxy=${db_name}_slidingproxy
install_sources() {
    # Install/upgrade synapse in virtualenv

    # Clean venv is it was on python2.7 or python3 with old version in case major upgrade of debian
    if [ ! -e $code_dir/bin/python3 ] || [ ! -e $code_dir/lib/python$python_version ]; then
        ynh_secure_remove --file=$code_dir/bin
        ynh_secure_remove --file=$code_dir/lib
        ynh_secure_remove --file=$code_dir/lib64
        ynh_secure_remove --file=$code_dir/include
        ynh_secure_remove --file=$code_dir/share
        ynh_secure_remove --file=$code_dir/pyvenv.cfg
    fi

    mkdir -p $code_dir
    chown $app:root -R $code_dir

    if [ -n "$(uname -m | grep arm)" ]
    then
        # Clean old file, sometimes it could make some big issues if we don't do this!!
        ynh_secure_remove --file=$code_dir/bin
        ynh_secure_remove --file=$code_dir/lib
        ynh_secure_remove --file=$code_dir/include
        ynh_secure_remove --file=$code_dir/share

        ynh_setup_source --dest_dir=$code_dir/ --source_id="synapse_prebuilt_armv7_$(lsb_release --codename --short)"

        # Fix multi-instance support
        for f in $(ls $code_dir/bin); do
            if ! [[ $f =~ "__" ]]; then
                ynh_replace_special_string --match_string='#!/opt/yunohost/matrix-synapse' --replace_string='#!'$code_dir --target_file=$code_dir/bin/$f
            fi
        done
    else

        # Install virtualenv if it don't exist
        test -e $code_dir/bin/python3 || python3 -m venv $code_dir

        # Install synapse in virtualenv
        local pip3=$code_dir/bin/pip3

        $pip3 install --upgrade setuptools wheel pip cffi
        $pip3 install --upgrade -r $YNH_APP_BASEDIR/conf/requirement_$(lsb_release --codename --short).txt
    fi

    # Apply patch for LDAP auth if needed
    # Note that we put patch into scripts dir because /source are not stored and can't be used on restore
    if ! grep -F -q '# LDAP Filter anonymous user Applied' $code_dir/lib/python$python_version/site-packages/ldap_auth_provider.py; then
        pushd $code_dir/lib/python$python_version/site-packages
        patch < $YNH_APP_BASEDIR/scripts/patch/ldap_auth_filter_anonymous_user.patch
        popd
    fi

    # Setup chroot for sliding proxy
    # Note that on debian bullseye we can't support run directly sliding proxy as it require new version of libc not available on debian bullseye
    mkdir -p  $code_dir/sliding-chroot
    ynh_setup_source -r --dest_dir=$code_dir/sliding-chroot/ --source_id=sliding_proxy_rootfs
    mkdir -p  $code_dir/sliding-chroot/bin
    ynh_setup_source --dest_dir=$code_dir/sliding-chroot/bin/ --source_id=sliding_proxy
}

configure_synapse() {
    local domain_whitelist_client=$(yunohost --output-as plain domain list \
        | grep -E "^#" -v \
        | sort | uniq \
        | sed -r 's|^(.*)$|      - \1|' \
        | sed -z 's|\n|\\n|g')
    local macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
    local auto_join_rooms_sed_param=""
    if [ -n "$auto_join_rooms" ]; then
        auto_join_rooms_sed_param+='auto_join_rooms:'
        while read -d, room; do
            auto_join_rooms_sed_param+='\n  - "'$room'"'
        done <<< "${auto_join_rooms},"
    fi
    local registration_require_3pid_sed_param=""
    case ${registrations_require_3pid} in
        'email')
            registration_require_3pid_sed_param="registrations_require_3pid:\n  - email"
            ;;
        'msisdn')
            registration_require_3pid_sed_param="registrations_require_3pid:\n  - msisdn"
            ;;
        'email&msisdn')
            registration_require_3pid_sed_param="registrations_require_3pid:\n  - email\n  - msisdn"
            ;;
    esac

    local allowd_local_3pids_sed_param=""
    if [ -n "$allowed_local_3pids_email" ] || [ -n "$allowed_local_3pids_msisdn" ]; then
        allowd_local_3pids_sed_param="allowed_local_3pids:"

        if [ -n "$allowed_local_3pids_email" ]; then
            while read -d, pattern ; do
                allowd_local_3pids_sed_param+="\n  - medium: email\n    pattern: '$pattern'"
            done <<< "${allowed_local_3pids_email},"
        fi
        if [ -n "$allowed_local_3pids_msisdn" ]; then
            while read -d, pattern ; do
                allowd_local_3pids_sed_param+="\n  - medium: msisdn\n    pattern: '$pattern'"
            done <<< "${allowed_local_3pids_msisdn},"
        fi
    fi
    local turn_server_config=""
    if $enable_dtls_for_audio_video_turn_call; then
        turn_server_config='turn_uris: [ "turns:'$domain:$port_turnserver_tls'", "turns:'$domain:$port_turnserver_alt_tls'" ]'
    else
        turn_server_config='turn_uris: [ "turn:'$domain:$port_turnserver_tls'", "turn:'$domain:$port_turnserver_alt_tls'" ]'
    fi

    # Force enable it because some client like Element X don't support CAS and so require to have password authentication enabled
    password_enabled=true

    ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
    sed -i "s|_DOMAIN_WHITELIST_CLIENT_|$domain_whitelist_client|g" /etc/matrix-$app/homeserver.yaml
    sed -i "s|_AUTO_JOIN_ROOMS_SED_PARAM_|$auto_join_rooms_sed_param|g" /etc/matrix-$app/homeserver.yaml
    sed -i "s|_REGISTRATION_REQUIRE_3PID_SED_PARAM_|$registration_require_3pid_sed_param|g" /etc/matrix-$app/homeserver.yaml
    sed -i "s|_ALLOWD_LOCAL_3PIDS_SED_PARAM_|$allowd_local_3pids_sed_param|g" /etc/matrix-$app/homeserver.yaml
    ynh_store_file_checksum --file=/etc/matrix-$app/homeserver.yaml

    ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
}

configure_coturn() {
    # Get public IP and set as external IP for coturn
    # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
    local public_ip4="$(curl -s ip.yunohost.org)" || true
    local public_ip6="$(curl -s ipv6.yunohost.org)" || true

    local turn_external_ip=""
    if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
    then
        turn_external_ip+="external-ip=$public_ip4\\n"
    fi

    if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
    then
        turn_external_ip+="external-ip=$public_ip6\\n"
    fi
    local turn_clear_com_param=''
    if $enable_dtls_for_audio_video_turn_call; then
        turn_clear_com_param+='# Block clear communication\nno-udp\nno-tcp'
    fi

    ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
    sed -i "s|_TURN_CLEAR_COM_PARAM_|$turn_clear_com_param|g" /etc/matrix-$app/coturn.conf
    sed -i "s|_TURN_EXTERNAL_IP_|$turn_external_ip|g" /etc/matrix-$app/coturn.conf
    ynh_store_file_checksum --file=/etc/matrix-$app/coturn.conf
}

configure_nginx() {
    local e2e_enabled_by_default_client_config

    # Create .well-known redirection for access by federation
    if yunohost --output-as plain domain list | grep -q "^$server_name$"
    then
        local e2e_enabled_by_default_client_config
        if [ $e2e_enabled_by_default == "off" ]; then
            e2e_enabled_by_default_client_config=false
        else
            e2e_enabled_by_default_client_config=true
        fi
        ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
    fi

    # Create a dedicated NGINX config
    ynh_add_nginx_config
}

set_permissions() {
    chown $app:$app -R $code_dir
    chmod o= -R $code_dir

    chmod 770 $code_dir/Coturn_config_rotate.sh
    chmod 700 $code_dir/update_synapse_for_appservice.sh
    chmod 700 $code_dir/set_admin_user.sh
    chmod 755 $code_dir/sliding-chroot/bin/sliding-proxy

    if [ "${1:-}" == data ]; then
        find $data_dir \(   \! -perm -o= \
                         -o \! -user $app \
                         -o \! -group $app \) \
                    -exec chown $app:$app {} \; \
                    -exec chmod o= {} \;
    fi

    chown $app:$app -R /etc/matrix-$app
    chmod u=rwX,g=rX,o= -R /etc/matrix-$app
    setfacl -R -m user:turnserver:rX  /etc/matrix-$app

    chmod 600 /etc/matrix-$app/$server_name.signing.key

    chown $app:root -R /var/log/matrix-$app
    setfacl -R -m user:turnserver:rwX  /var/log/matrix-$app
}
Patch upstream to add anonymous ldap filter 2024-02-06 20:55:10 +01:00			`python_version="$(python3 -V \| cut -d' ' -f2 \| cut -d. -f1-2)"`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`code_dir="/opt/yunohost/matrix-$app"`
First implementation of matrix sliding proxy 2024-02-26 21:20:00 +01:00			`db_name_slidingproxy=${db_name}_slidingproxy`
Fix issues on upgrade of major debian version 2020-07-29 22:52:58 +02:00			`install_sources() {`
			`# Install/upgrade synapse in virtualenv`

			`# Clean venv is it was on python2.7 or python3 with old version in case major upgrade of debian`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`if [ ! -e $code_dir/bin/python3 ] \|\| [ ! -e $code_dir/lib/python$python_version ]; then`
			`ynh_secure_remove --file=$code_dir/bin`
			`ynh_secure_remove --file=$code_dir/lib`
			`ynh_secure_remove --file=$code_dir/lib64`
			`ynh_secure_remove --file=$code_dir/include`
			`ynh_secure_remove --file=$code_dir/share`
			`ynh_secure_remove --file=$code_dir/pyvenv.cfg`
Fix issues on upgrade of major debian version 2020-07-29 22:52:58 +02:00			`fi`

Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`mkdir -p $code_dir`
Use $app instead of $YNH_APP_ID 2023-12-18 14:35:56 +01:00			`chown $app:root -R $code_dir`
Fix issues on upgrade of major debian version 2020-07-29 22:52:58 +02:00
			`if [ -n "$(uname -m \| grep arm)" ]`
			`then`
			`# Clean old file, sometimes it could make some big issues if we don't do this!!`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`ynh_secure_remove --file=$code_dir/bin`
			`ynh_secure_remove --file=$code_dir/lib`
			`ynh_secure_remove --file=$code_dir/include`
			`ynh_secure_remove --file=$code_dir/share`
Fix issues on upgrade of major debian version 2020-07-29 22:52:58 +02:00
Improve name for sources 2024-02-26 20:22:52 +01:00			`ynh_setup_source --dest_dir=$code_dir/ --source_id="synapse_prebuilt_armv7_$(lsb_release --codename --short)"`
Fix issues on upgrade of major debian version 2020-07-29 22:52:58 +02:00
			`# Fix multi-instance support`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`for f in $(ls $code_dir/bin); do`
Fix issues on upgrade of major debian version 2020-07-29 22:52:58 +02:00			`if ! [[ $f =~ "__" ]]; then`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`ynh_replace_special_string --match_string='#!/opt/yunohost/matrix-synapse' --replace_string='#!'$code_dir --target_file=$code_dir/bin/$f`
Fix issues on upgrade of major debian version 2020-07-29 22:52:58 +02:00			`fi`
			`done`
			`else`
Fix issue #248 and #244 2021-04-05 12:55:40 +02:00
Fix issues on upgrade of major debian version 2020-07-29 22:52:58 +02:00			`# Install virtualenv if it don't exist`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`test -e $code_dir/bin/python3 \|\| python3 -m venv $code_dir`
Fix issues on upgrade of major debian version 2020-07-29 22:52:58 +02:00
			`# Install synapse in virtualenv`
Simplify call to venv 2024-02-21 08:20:16 +01:00			`local pip3=$code_dir/bin/pip3`
Fix issues on upgrade of major debian version 2020-07-29 22:52:58 +02:00
Simplify pip command 2024-02-28 12:11:15 +01:00			`$pip3 install --upgrade setuptools wheel pip cffi`
Simplify call to venv 2024-02-21 08:20:16 +01:00			`$pip3 install --upgrade -r $YNH_APP_BASEDIR/conf/requirement_$(lsb_release --codename --short).txt`
Fix issues on upgrade of major debian version 2020-07-29 22:52:58 +02:00			`fi`
Patch upstream to add anonymous ldap filter 2024-02-06 20:55:10 +01:00
			`# Apply patch for LDAP auth if needed`
Move patch to script dir as source are not available on restore 2024-03-12 12:13:17 +01:00			`# Note that we put patch into scripts dir because /source are not stored and can't be used on restore`
Patch upstream to add anonymous ldap filter 2024-02-06 20:55:10 +01:00			`if ! grep -F -q '# LDAP Filter anonymous user Applied' $code_dir/lib/python$python_version/site-packages/ldap_auth_provider.py; then`
			`pushd $code_dir/lib/python$python_version/site-packages`
Move patch to script dir as source are not available on restore 2024-03-12 12:13:17 +01:00			`patch < $YNH_APP_BASEDIR/scripts/patch/ldap_auth_filter_anonymous_user.patch`
Patch upstream to add anonymous ldap filter 2024-02-06 20:55:10 +01:00			`popd`
			`fi`
First implementation of matrix sliding proxy 2024-02-26 21:20:00 +01:00
			`# Setup chroot for sliding proxy`
			`# Note that on debian bullseye we can't support run directly sliding proxy as it require new version of libc not available on debian bullseye`
			`mkdir -p $code_dir/sliding-chroot`
			`ynh_setup_source -r --dest_dir=$code_dir/sliding-chroot/ --source_id=sliding_proxy_rootfs`
			`mkdir -p $code_dir/sliding-chroot/bin`
			`ynh_setup_source --dest_dir=$code_dir/sliding-chroot/bin/ --source_id=sliding_proxy`
Fix issues on upgrade of major debian version 2020-07-29 22:52:58 +02:00			`}`
Update configuration from upstream 2022-05-28 00:17:09 +02:00
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`configure_synapse() {`
			`local domain_whitelist_client=$(yunohost --output-as plain domain list \`
			`\| grep -E "^#" -v \`
			`\| sort \| uniq \`
Improve config file generation 2023-11-02 23:09:53 +01:00			`\| sed -r 's\|^(.*)$\| - \1\|' \`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`\| sed -z 's\|\n\|\\n\|g')`
			`local macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'`
			`local auto_join_rooms_sed_param=""`
Fix install issues 2023-11-01 19:25:19 +01:00			`if [ -n "$auto_join_rooms" ]; then`
Fix config panel with tags 2024-02-29 20:14:25 +01:00			`auto_join_rooms_sed_param+='auto_join_rooms:'`
			`while read -d, room; do`
			`auto_join_rooms_sed_param+='\n - "'$room'"'`
			`done <<< "${auto_join_rooms},"`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`fi`
			`local registration_require_3pid_sed_param=""`
			`case ${registrations_require_3pid} in`
			`'email')`
			`registration_require_3pid_sed_param="registrations_require_3pid:\n - email"`
			`;;`
			`'msisdn')`
			`registration_require_3pid_sed_param="registrations_require_3pid:\n - msisdn"`
			`;;`
			`'email&msisdn')`
			`registration_require_3pid_sed_param="registrations_require_3pid:\n - email\n - msisdn"`
			`;;`
			`esac`

			`local allowd_local_3pids_sed_param=""`
			`if [ -n "$allowed_local_3pids_email" ] \|\| [ -n "$allowed_local_3pids_msisdn" ]; then`
			`allowd_local_3pids_sed_param="allowed_local_3pids:"`

			`if [ -n "$allowed_local_3pids_email" ]; then`
Fix config panel with tags 2024-02-29 20:14:25 +01:00			`while read -d, pattern ; do`
			`allowd_local_3pids_sed_param+="\n - medium: email\n pattern: '$pattern'"`
			`done <<< "${allowed_local_3pids_email},"`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`fi`
			`if [ -n "$allowed_local_3pids_msisdn" ]; then`
Fix config panel with tags 2024-02-29 20:14:25 +01:00			`while read -d, pattern ; do`
			`allowd_local_3pids_sed_param+="\n - medium: msisdn\n pattern: '$pattern'"`
			`done <<< "${allowed_local_3pids_msisdn},"`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`fi`
			`fi`
Remplement TLS/DTLS for calls 2024-02-26 22:35:05 +01:00			`local turn_server_config=""`
			`if $enable_dtls_for_audio_video_turn_call; then`
fix turns call with android 2024-03-09 02:17:10 +01:00			`turn_server_config='turn_uris: [ "turns:'$domain:$port_turnserver_tls'", "turns:'$domain:$port_turnserver_alt_tls'" ]'`
Remplement TLS/DTLS for calls 2024-02-26 22:35:05 +01:00			`else`
fix turns call with android 2024-03-09 02:17:10 +01:00			`turn_server_config='turn_uris: [ "turn:'$domain:$port_turnserver_tls'", "turn:'$domain:$port_turnserver_alt_tls'" ]'`
Remplement TLS/DTLS for calls 2024-02-26 22:35:05 +01:00			`fi`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00
Force enable password authentication as some client need it to work correctly 2024-03-19 23:34:23 +01:00			`# Force enable it because some client like Element X don't support CAS and so require to have password authentication enabled`
			`password_enabled=true`

Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"`
			`sed -i "s\|_DOMAIN_WHITELIST_CLIENT_\|$domain_whitelist_client\|g" /etc/matrix-$app/homeserver.yaml`
			`sed -i "s\|_AUTO_JOIN_ROOMS_SED_PARAM_\|$auto_join_rooms_sed_param\|g" /etc/matrix-$app/homeserver.yaml`
			`sed -i "s\|_REGISTRATION_REQUIRE_3PID_SED_PARAM_\|$registration_require_3pid_sed_param\|g" /etc/matrix-$app/homeserver.yaml`
			`sed -i "s\|_ALLOWD_LOCAL_3PIDS_SED_PARAM_\|$allowd_local_3pids_sed_param\|g" /etc/matrix-$app/homeserver.yaml`
Fix missing store file checksum 2024-02-06 22:02:08 +01:00			`ynh_store_file_checksum --file=/etc/matrix-$app/homeserver.yaml`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00
			`ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"`
			`}`

			`configure_coturn() {`
			`# Get public IP and set as external IP for coturn`
			`# note : '\|\| true' is used to ignore the errors if we can't get the public ipv4 or ipv6`
			`local public_ip4="$(curl -s ip.yunohost.org)" \|\| true`
			`local public_ip6="$(curl -s ipv6.yunohost.org)" \|\| true`

			`local turn_external_ip=""`
			`if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"`
			`then`
			`turn_external_ip+="external-ip=$public_ip4\\n"`
			`fi`

			`if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"`
			`then`
			`turn_external_ip+="external-ip=$public_ip6\\n"`
			`fi`
Avoid to block crear communication when call over dtls is disabled 2024-03-09 16:33:03 +01:00			`local turn_clear_com_param=''`
			`if $enable_dtls_for_audio_video_turn_call; then`
			`turn_clear_com_param+='# Block clear communication\nno-udp\nno-tcp'`
			`fi`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00
			`ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"`
Avoid to block crear communication when call over dtls is disabled 2024-03-09 16:33:03 +01:00			`sed -i "s\|_TURN_CLEAR_COM_PARAM_\|$turn_clear_com_param\|g" /etc/matrix-$app/coturn.conf`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`sed -i "s\|_TURN_EXTERNAL_IP_\|$turn_external_ip\|g" /etc/matrix-$app/coturn.conf`
Add missing save checksum 2024-02-16 22:27:40 +01:00			`ynh_store_file_checksum --file=/etc/matrix-$app/coturn.conf`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`}`

			`configure_nginx() {`
			`local e2e_enabled_by_default_client_config`

			`# Create .well-known redirection for access by federation`
			`if yunohost --output-as plain domain list \| grep -q "^$server_name$"`
			`then`
			`local e2e_enabled_by_default_client_config`
			`if [ $e2e_enabled_by_default == "off" ]; then`
			`e2e_enabled_by_default_client_config=false`
			`else`
			`e2e_enabled_by_default_client_config=true`
			`fi`
			`ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"`
			`fi`

			`# Create a dedicated NGINX config`
			`ynh_add_nginx_config`
			`}`

			`set_permissions() {`
Use $app instead of $YNH_APP_ID 2023-12-18 14:35:56 +01:00			`chown $app:$app -R $code_dir`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`chmod o= -R $code_dir`

			`chmod 770 $code_dir/Coturn_config_rotate.sh`
			`chmod 700 $code_dir/update_synapse_for_appservice.sh`
Rework maintenance scripts 2024-02-20 23:49:31 +01:00			`chmod 700 $code_dir/set_admin_user.sh`
First implementation of matrix sliding proxy 2024-02-26 21:20:00 +01:00			`chmod 755 $code_dir/sliding-chroot/bin/sliding-proxy`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00
Avoid to set whole permission on data dir when change-url and config 2024-02-29 08:12:20 +01:00			`if [ "${1:-}" == data ]; then`
			`find $data_dir \( \! -perm -o= \`
			`-o \! -user $app \`
			`-o \! -group $app \) \`
			`-exec chown $app:$app {} \; \`
			`-exec chmod o= {} \;`
			`fi`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00
Use $app instead of $YNH_APP_ID 2023-12-18 14:35:56 +01:00			`chown $app:$app -R /etc/matrix-$app`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`chmod u=rwX,g=rX,o= -R /etc/matrix-$app`
			`setfacl -R -m user:turnserver:rX /etc/matrix-$app`

			`chmod 600 /etc/matrix-$app/$server_name.signing.key`

Use $app instead of $YNH_APP_ID 2023-12-18 14:35:56 +01:00			`chown $app:root -R /var/log/matrix-$app`
Full rework of all scripts - Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup 2023-11-01 18:52:07 +01:00			`setfacl -R -m user:turnserver:rwX /var/log/matrix-$app`
Update configuration from upstream 2022-05-28 00:17:09 +02:00			`}`