2019-12-14 15:15:25 +01:00
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
source /usr/share/yunohost/helpers
# Exit if an error occurs during the execution of the script
2023-10-31 22:19:40 +01:00
#REMOVEME? ynh_abort_if_errors
2019-12-14 15:15:25 +01:00
# Import common cmd
source ./experimental_helper.sh
source ./_common.sh
2023-10-31 22:19:40 +01:00
#REMOVEME? ynh_script_progression --message="Loading installation settings..."
2019-12-14 15:15:25 +01:00
# RETRIEVE ARGUMENTS
2023-10-31 22:19:40 +01:00
#REMOVEME? old_domain=$YNH_APP_OLD_DOMAIN
2019-12-14 15:15:25 +01:00
domain=$YNH_APP_NEW_DOMAIN
2023-10-31 22:19:40 +01:00
path=$(ynh_normalize_url_path --path $YNH_APP_NEW_PATH)
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name)
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
#REMOVEME? synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
#REMOVEME? jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration)
#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=synapse_port)
#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
#REMOVEME? report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
#REMOVEME? allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
#REMOVEME? e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
#REMOVEME? registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
#REMOVEME? form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
#REMOVEME? macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
2022-06-24 13:10:12 +02:00
main_domain=$(yunohost domain list --output-as json | jq -r .main)
2019-12-14 15:15:25 +01:00
synapse_user="matrix-$app"
2022-05-26 17:27:30 +02:00
synapse_user_app="$app"
2019-12-14 15:15:25 +01:00
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
2021-02-18 09:16:37 +01:00
synapse_db_name="matrix_$app"
2019-12-14 15:15:25 +01:00
upstream_version=$(ynh_app_upstream_version)
2022-09-10 15:39:56 +02:00
domain_whitelist_client_=$(get_domain_list)
domain_whitelist_client=${domain_whitelist_client_%"\n"}
2019-12-14 15:15:25 +01:00
# Check if the new path stay /_matrix if not exit
2023-10-31 22:19:40 +01:00
if [[ $path != "/_matrix" ]]
2019-12-14 15:15:25 +01:00
then
ynh_die --message "You can't use an other path than '/_matrix'. You can only change the domain."
fi
2023-10-31 22:19:40 +01:00
#REMOVEME? # We stop the service before to set ynh_clean_setup
2019-12-14 15:15:25 +01:00
ynh_systemd_action --service_name=matrix-$app.service --action=stop
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# NGINX CONFIGURATION
#=================================================
2022-10-28 10:59:40 +02:00
ynh_script_progression --message="Updating NGINX configuration..."
2019-12-14 15:15:25 +01:00
2023-10-31 22:19:40 +01:00
ynh_change_url_nginx_config
2019-12-14 15:15:25 +01:00
# MODIFY URL IN NGINX CONF
2023-10-31 22:19:40 +01:00
#REMOVEME? nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
2019-12-14 15:15:25 +01:00
2023-10-31 22:19:40 +01:00
#REMOVEME? # Change the domain for nginx
2019-12-14 15:15:25 +01:00
# Delete file checksum for the old conf file location
2023-10-31 22:19:40 +01:00
#REMOVEME? ynh_delete_file_checksum --file "$nginx_conf_path"
#REMOVEME? mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf
2019-12-14 15:15:25 +01:00
# Store file checksum for the new config file location
2023-10-31 22:19:40 +01:00
#REMOVEME? ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf"
2019-12-14 15:15:25 +01:00
# Create .well-known redirection for access by federation
if yunohost --output-as plain domain list | grep -q "^$server_name$"
then
2023-10-31 22:19:40 +01:00
#REMOVEME? ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
2019-12-14 15:15:25 +01:00
fi
#=================================================
# UPDATE SYNAPSE CONFIG
#=================================================
2022-10-28 10:59:40 +02:00
ynh_script_progression --message="Updating Synapse config..." --weight=2
2019-12-14 15:15:25 +01:00
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times)
# For any update do it in all files
2020-03-06 21:41:56 +01:00
if [ -z $macaroon_secret_key ]; then
2019-12-14 15:15:25 +01:00
# Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice.
# For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
# The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
# So for the old install we just leave this as it is. And for the new install we use a real macaroon.
2020-12-15 22:25:29 +01:00
macaroon_secret_key_param='# macaroon_secret_key: ""'
2019-12-14 15:15:25 +01:00
else
2020-12-15 22:25:29 +01:00
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
2019-12-14 15:15:25 +01:00
fi
2022-05-26 16:41:22 +02:00
if [ $is_free_registration -eq 0 ]
2019-12-14 15:15:25 +01:00
then
2020-12-15 22:25:29 +01:00
allowed_access=False
sso_enabled=True
2019-12-14 15:15:25 +01:00
else
2020-12-15 22:25:29 +01:00
allowed_access=True
sso_enabled=False
2019-12-14 15:15:25 +01:00
fi
2020-12-15 22:25:29 +01:00
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
2019-12-14 15:15:25 +01:00
2022-02-21 21:03:01 +01:00
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Only setting permissions for the two config files updated above
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
2019-12-14 15:15:25 +01:00
#=================================================
# RELOAD SERVICES
#=================================================
2022-10-28 10:59:40 +02:00
ynh_script_progression --message="Restarting Synapse services..." --weight=5
2019-12-14 15:15:25 +01:00
ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
ynh_script_progression --message="Change of URL completed for $app" --last
