1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00
synapse_ynh/scripts/upgrade

461 lines
20 KiB
Text
Raw Normal View History

2017-02-13 20:43:41 +01:00
#!/bin/bash
2018-01-30 23:44:49 +01:00
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
2019-04-30 19:15:33 +02:00
source _common.sh
source experimental_helper.sh
source /usr/share/yunohost/helpers
2019-04-30 19:15:33 +02:00
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=3
2019-04-30 19:15:33 +02:00
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
server_name=$(ynh_app_setting_get --app=$app --key=server_name)
path_url=$(ynh_app_setting_get --app=$app --key=path)
2019-04-30 19:15:33 +02:00
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
port=$(ynh_app_setting_get --app=$app --key=synapse_port)
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
2019-06-02 00:09:14 +02:00
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
2019-11-11 21:43:19 +01:00
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
2019-06-02 00:09:14 +02:00
ynh_print_OFF
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
2019-04-30 19:15:33 +02:00
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
2019-06-02 00:09:14 +02:00
ynh_print_ON
2017-02-13 20:43:41 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
# SET ALL CONSTANT
#=================================================
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
2019-04-30 19:15:33 +02:00
# CHECK VERSION
2018-01-30 23:44:49 +01:00
#=================================================
2019-04-30 19:15:33 +02:00
upgrade_type=$(ynh_check_app_version_changed)
2017-02-13 20:43:41 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
2018-01-30 23:44:49 +01:00
2018-05-30 20:24:30 +02:00
# Following the discussion here https://github.com/YunoHost-Apps/synapse_ynh/pull/51 we decided to remove definitely the support of the old package migration.
2019-04-30 19:15:33 +02:00
if [ -z "$synapse_old_version" ]
then
2019-04-30 19:15:33 +02:00
ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version."
fi
2019-08-24 15:38:14 +02:00
if [ -z $server_name ]; then
server_name=$domain
ynh_app_setting_set $app server_name $domain
fi
2018-01-30 23:44:49 +01:00
#=================================================
2019-04-30 19:15:33 +02:00
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
2018-01-30 23:44:49 +01:00
#=================================================
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30
2017-02-13 20:43:41 +01:00
2018-02-12 10:26:59 +01:00
# We stop the service before to set ynh_clean_setup
2019-04-30 19:15:33 +02:00
ynh_systemd_action --service_name=matrix-$app.service --action=stop
2018-02-12 10:26:59 +01:00
2018-01-30 23:44:49 +01:00
# Backup the current version of the app
2019-04-30 19:15:33 +02:00
if [ "$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade)" != '1' ]
then
ynh_backup_before_upgrade
ynh_clean_setup () {
2019-04-30 19:15:33 +02:00
# Clean installation remainings that are not handled by the remove script.
ynh_clean_check_starting
ynh_restore_upgradebackup
}
fi
2019-04-30 19:15:33 +02:00
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
2018-01-30 23:44:49 +01:00
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# MIGRATION 5 : GENERATE SYNAPSE SECRET
#=================================================
# Migrate from settings 'special_domain' to 'domain' and 'special_path' to 'path'
if [ -z $domain ]; then
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
path_url=$(ynh_app_setting_get --app=$app --key=special_path)
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_delete -app=$app --key=special_domain
ynh_app_setting_delete -app=$app --key=special_path
ynh_app_setting_set --app=$app --key=no_sso --value true
fi
2018-12-21 08:51:45 +01:00
#=================================================
# INSTALL DEPENDENCIES
#=================================================
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Upgrading dependencies..." --weight=6
2018-12-21 08:51:45 +01:00
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
ynh_install_app_dependencies $dependances
2018-02-06 16:31:03 +01:00
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
2019-04-30 19:15:33 +02:00
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..." --weight=6
2018-02-06 16:31:03 +01:00
2019-04-30 19:15:33 +02:00
# Install/upgrade synapse in virtualenv
2018-12-21 08:51:45 +01:00
2019-04-30 19:15:33 +02:00
# Clean venv is it was on python2.7
test -e $final_path/bin/python3 || ynh_secure_remove --file=$final_path
2018-02-06 16:31:03 +01:00
2019-04-30 19:15:33 +02:00
# WARNING : these commands are used in INSTALL, UPGRADE
# For any update do it in all files
2018-01-30 23:44:49 +01:00
2019-04-30 19:15:33 +02:00
if [ -n "$(uname -m | grep arm)" ]
then
ynh_setup_source --dest_dir=$final_path/ --source_id="armv7_$(lsb_release --codename --short)"
else
# Install virtualenv if it don't exist
test -e $final_path/bin/python3 || python3 -m venv $final_path
2018-07-05 21:46:24 +02:00
2019-04-30 19:15:33 +02:00
# Install synapse in virtualenv
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string --match_string=__FINAL_PATH__ --replace_string=$final_path --target_file=$final_path/bin/activate
2018-07-05 21:46:24 +02:00
2019-04-30 19:15:33 +02:00
# We set all necessary environement variable to create a python virtualenvironnement.
source $final_path/bin/activate
pip3 install --upgrade setuptools wheel
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
2019-04-30 19:15:33 +02:00
pip3 install --upgrade matrix-synapse==$upstream_version matrix-synapse-ldap3
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does
deactivate
fi
2018-02-06 16:31:03 +01:00
fi
2018-01-30 23:44:49 +01:00
#=================================================
2019-02-08 11:24:08 +01:00
# MIGRATION 1 : GENERATE SYNAPSE SECRET
#=================================================
2019-06-02 00:09:14 +02:00
ynh_print_OFF
2019-11-13 21:11:39 +01:00
if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ]
then
2019-06-02 00:09:14 +02:00
ynh_print_ON
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Generating synapse secret..." --weight=1
# Go in virtualenvironnement
PS1=${PS1:-}
source $final_path/bin/activate
# Generate config and keys
2019-05-11 14:45:00 +02:00
python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml
2018-08-21 07:27:01 +02:00
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does
deactivate
2018-08-21 07:27:01 +02:00
# Get random values from config
2019-06-02 00:09:14 +02:00
ynh_print_OFF
2019-11-19 20:29:11 +01:00
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
# store in yunohost settings
2019-04-30 19:15:33 +02:00
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
2019-06-02 00:09:14 +02:00
ynh_print_ON
fi
2019-06-02 00:09:14 +02:00
ynh_print_ON
2019-11-11 21:43:19 +01:00
#=================================================
# MIGRATION 5 : DEFINE UNDEFINED SETTINGS
#=================================================
if [ -n $report_stats ]; then
report_stats="false"
fi
if [ -n $allow_public_rooms ]; then
allow_public_rooms="false"
fi
2018-02-06 16:31:03 +01:00
#=================================================
# UPDATE SYNAPSE CONFIG
#=================================================
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Updating synapse config..." --weight=2
2019-02-08 20:01:35 +01:00
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG
2018-02-06 16:31:03 +01:00
# For any update do it in all files
2018-01-30 23:44:49 +01:00
2018-02-06 16:31:03 +01:00
homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
2019-04-30 19:15:33 +02:00
ynh_backup_if_checksum_is_different --file="$homeserver_config_path"
ynh_backup_if_checksum_is_different --file=/etc/matrix-$app/log.yaml
2019-02-08 20:01:35 +01:00
2018-02-06 16:31:03 +01:00
cp ../conf/homeserver.yaml "$homeserver_config_path"
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
2019-04-30 19:15:33 +02:00
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__SERVER_NAME__ --replace_string=$server_name --target_file="$homeserver_config_path"
2019-04-30 19:15:33 +02:00
ynh_replace_string --match_string=__SYNAPSE_DB_USER__ --replace_string=$synapse_db_user --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path"
2019-06-02 00:09:14 +02:00
ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path"
2019-11-11 21:43:19 +01:00
ynh_replace_string --match_string=__ALLOW_PUBLIC_ROOMS__ --replace_string="$allow_public_rooms" --target_file="$homeserver_config_path"
2019-06-02 00:09:14 +02:00
ynh_print_OFF
ynh_replace_special_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
2019-04-30 19:15:33 +02:00
ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
if [ -n $macaroon_secret_key ]; then
# Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice.
# For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
# The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
# So for the old install we just leave this as it is. And for the new install we use a real macaroon.
ynh_replace_special_string --match_string='macaroon_secret_key: "__MACAROON_SECRET_KEY__"' --replace_string='# macaroon_secret_key: "__MACAROON_SECRET_KEY__"' --target_file="$homeserver_config_path"
else
ynh_replace_special_string --match_string=__MACAROON_SECRET_KEY__ --replace_string="$macaroon_secret_key" --target_file="$homeserver_config_path"
fi
2019-06-02 00:09:14 +02:00
ynh_print_ON
2018-02-06 16:31:03 +01:00
2019-04-30 19:15:33 +02:00
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml"
2018-02-06 16:31:03 +01:00
if [ "$is_public" = "0" ]
then
2019-04-30 19:15:33 +02:00
ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=False --target_file="$homeserver_config_path"
2018-02-06 16:31:03 +01:00
else
2019-04-30 19:15:33 +02:00
ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=True --target_file="$homeserver_config_path"
2018-02-06 16:31:03 +01:00
fi
2019-04-30 19:15:33 +02:00
ynh_store_file_checksum --file="$homeserver_config_path"
ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml"
2018-02-06 16:31:03 +01:00
well-known support (#136) * Update README.md * Update manifest.json * a * Delete a * avoid boolean for public but ask a clear choice Yes/No * Update check_process Add server_name="domain2.tld" (DOMAIN) * .well-known DNS conf become optionnal with .well-known edition * .well-known redirection for access by federation Create .well-known redirection for access by federation * .well-known redirection for access by federation If not existing, create .well-known redirection for access by federation * Update README.md back to 0.99.5.2 * back to 0.99.5.2 * back to 0.99.5.2 * back to 0.99.5.2 * Update install * Update upgrade * Update install * Update upgrade * Update install * Update upgrade * Update .well-known redirection for access by federation and applications like Riot.im * Update .well-known redirection for access by federation and applications like Riot.im * update to 1.1.0 * update to 1.1.0 * update to 1.1.0 * update to 1.1.0 * update to 1.1.0 * update to 1.1.0 * Update install * Update upgrade * Update to 1.2.1 * Update to 1.2.1 * Update to 1.2.1 * Back to v1.1.0 * Back to v1.1.0 * Back to v1.1.0 * Update to v1.2.1 * Update to v1.2.1 * Update to v1.2.1 * Important update of upgrade script ynh_replace_string __SERVER_NAME__ $server_name "$homeserver_config_path" was missing * Back to v1.1.0 * Back to v1.1.0 * Back to v1.1.0 * Fix typo for ipv6 validation * Upgrade to v1.2.1 * Upgrade to v1.2.1 * Upgrade to v1.2.1 * remove server_name's nginx conf remove /etc/nginx/conf.d/${server_name}.d/server_name.conf * Create server_name.conf To allow the automatic well-known system for server-name detection instead of DNS record * Update install In # Create .well-known redirection for access by federation change cat > /etc/nginx/conf.d/${server_name}.d/server_name.conf <<EOF location /.well-known/matrix/ { return 200 '{"m.server": "$domain", "m.homeserver": "https://$domain"}'; add_header Content-Type application/json; add_header Access-Control-Allow-Origin '*'; } EOF to cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/server_name.conf after creation of ../conf/server_name.conf file. * Update upgrade In # Create .well-known redirection for access by federation if it doesn't exist change cat > /etc/nginx/conf.d/${server_name}.d/server_name.conf <<EOF location /.well-known/matrix/ { return 200 '{"m.server": "$domain", "m.homeserver": "https://$domain"}'; add_header Content-Type application/json; add_header Access-Control-Allow-Origin '*'; } EOF to cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/server_name.conf * backup well.known server_name nginx cond add ynh_backup "/etc/nginx/conf.d/${server_name}.d/server_name.conf" * Backup well.known server-name nging conf add server_name=$(ynh_app_setting_get $app server_name) to make ynh_backup "/etc/nginx/conf.d/${server_name}.d/server_name.conf" understood * Update backup * Update scripts/install Co-Authored-By: Josue-T <josue@tille.ch> * Update install * Update README.md Co-Authored-By: Josue-T <josue@tille.ch> * Update scripts/upgrade Co-Authored-By: Josue-T <josue@tille.ch> * Update conf/server_name.conf Co-Authored-By: Josue-T <josue@tille.ch> * move .well-known redirection to config section move #Create .well-known redirection for access by federation to end of config section * move .well-known redirection to config section move #Create .well-known redirection to the end of config section and Indentation * add checksum management for server_name.conf add checksum management for server_name.conf with the helper ynh_store_file_checksum * add checksum management for server_name.conf add checksum management for server_name.conf with the helper ynh_store_file_checksum * replace __SERVER_NAME__ * replace __SERVER_NAME__ * delete a blank line * Update upgrade * Update install * Update check_process Co-Authored-By: Josue-T <josue@tille.ch> * Update conf/server_name.conf Co-Authored-By: Josue-T <josue@tille.ch> * remove blank line * ynh_store_file_checksum after cp inside if block * change order checksum and cp change order to ynh_backup_if_checksum_is_different then cp then ynh_store_file_checksum * Update install * Update upgrade * Update backup * Update backup * Update scripts/backup Co-Authored-By: Josue-T <josue@tille.ch> * Update scripts/install Co-Authored-By: Josue-T <josue@tille.ch> * Update scripts/install Co-Authored-By: Josue-T <josue@tille.ch> * Update scripts/install Co-Authored-By: Josue-T <josue@tille.ch> * Update install * Update remove * Update upgrade
2019-12-01 22:18:56 +01:00
# Create .well-known redirection for access by federation if it doesn't exist
if yunohost --output-as plain domain list | grep -q "^$server_name$"
then
ynh_backup_if_checksum_is_different --file=/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
fi
2018-02-06 16:31:03 +01:00
#=================================================
# MIGRATION 2 : MULTINSTANCE SUPPORT
2018-01-30 23:44:49 +01:00
#=================================================
2019-04-30 19:15:33 +02:00
if [ ! -e /etc/matrix-$app/coturn.conf ]
then
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Creating an independant service for coturn..." --weight=1
2018-01-30 23:44:49 +01:00
#=================================================
# CREATE AN INDEPENDANT SERVICE FOR COTURN
#=================================================
# Disable default config for turnserver and create a new service
systemctl stop coturn.service
2018-01-30 23:44:49 +01:00
# Set by default the system config for coturn
echo "" > /etc/turnserver.conf
2019-04-30 19:15:33 +02:00
ynh_replace_string --match_string="TURNSERVER_ENABLED=1" --replace_string="TURNSERVER_ENABLED=0" --target_file=/etc/default/coturn
2018-01-30 23:44:49 +01:00
# Set a port for each service in turnserver
2019-04-30 19:15:33 +02:00
turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
cli_port=$(ynh_find_port --port=5766)
2018-01-30 23:44:49 +01:00
2019-04-30 19:15:33 +02:00
ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
2018-07-05 21:46:24 +02:00
2018-02-12 20:31:05 +01:00
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
2018-01-30 23:44:49 +01:00
#=================================================
# MAKE A CLEAN LOGROTATE CONFIG
#=================================================
2019-11-04 20:34:37 +01:00
ynh_use_logrotate --logfile /var/log/matrix-$app --nonappend
fi
2017-12-08 21:07:37 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
# MIGRATION 3 : USE STANDARD ACCESS FOR CERTIFCATE
2018-01-30 23:44:49 +01:00
#=================================================
2017-12-30 15:59:05 +01:00
# Fix issue about certificates access
2019-04-30 19:15:33 +02:00
if [ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]
2017-12-30 15:59:05 +01:00
then
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Use standard access for certificate..." --weight=1
2017-12-30 15:59:05 +01:00
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
fi
2019-02-08 11:24:08 +01:00
#=================================================
# MIGRATION 4 : CREATE A DH FILE
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
# Make dh cert for synapse if it doesn't exist
2019-04-30 19:15:33 +02:00
if [ ! -e /etc/ssl/private/dh2048.pem ]
2019-02-08 11:24:08 +01:00
then
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Creating a dh file..." --weight=1
2019-02-08 11:24:08 +01:00
openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam 2> /dev/null
chown root:ssl-cert /etc/ssl/private/dh2048.pem
chmod 640 /etc/ssl/private/dh2048.pem
fi
2018-01-30 23:44:49 +01:00
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# NGINX CONFIGURATION
#=================================================
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=2
2019-04-30 19:15:33 +02:00
# Create a dedicated nginx config
2018-01-30 23:44:49 +01:00
ynh_add_nginx_config
2019-04-30 19:15:33 +02:00
#=================================================
# SPECIFIC UPGRADE
2018-01-30 23:44:49 +01:00
#=================================================
# UPDATE COTURN CONFIG
#=================================================
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Updating coturn config..." --weight=1
2018-01-30 23:44:49 +01:00
2018-08-03 15:58:40 +02:00
# WARNING : theses command are used in INSTALL, UPGRADE
2018-01-30 23:44:49 +01:00
# For any update do it in all files
coturn_config_path="/etc/matrix-$app/coturn.conf"
cp ../conf/turnserver.conf "$coturn_config_path"
2019-04-30 19:15:33 +02:00
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
2019-06-02 00:09:14 +02:00
ynh_print_OFF
ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
ynh_print_ON
2018-01-30 23:44:49 +01:00
# Get public IP and set as external IP for coturn
2018-05-10 14:23:26 +02:00
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
2019-04-30 19:15:33 +02:00
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
2019-04-30 19:15:33 +02:00
ynh_replace_string --match_string='__IPV4__' --replace_string="$public_ip4" --target_file="$coturn_config_path"
else
2019-04-30 19:15:33 +02:00
ynh_replace_string --match_string='__IPV4__,' --replace_string="" --target_file="$coturn_config_path"
fi
2019-04-30 19:15:33 +02:00
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
2019-04-30 19:15:33 +02:00
ynh_replace_string --match_string='__IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config_path"
else
2019-04-30 19:15:33 +02:00
ynh_replace_string --match_string=',__IPV6__' --replace_string="" --target_file="$coturn_config_path"
fi
2019-04-30 19:15:33 +02:00
ynh_store_file_checksum --file="$coturn_config_path"
2018-01-30 23:44:49 +01:00
#=================================================
# ADD SCRIPT FOR COTURN CRON
#=================================================
2018-08-03 15:58:40 +02:00
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
cp ../sources/Coturn_config_rotate.sh $final_path/
2019-04-30 19:15:33 +02:00
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
2018-07-28 23:57:36 +02:00
#=================================================
# UPDATE SYSTEMD
#=================================================
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Upgrading systemd configuration..." --weight=3
2018-07-28 23:57:36 +02:00
# Create systemd service for synapse and turnserver
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
2019-04-30 19:15:33 +02:00
ynh_add_systemd_config --service=matrix-$app --template=matrix-synapse.service
2018-07-28 23:57:36 +02:00
cp ../conf/default_coturn /etc/default/coturn-$app
2019-04-30 19:15:33 +02:00
ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service
2018-07-28 23:57:36 +02:00
2019-02-12 21:24:25 +01:00
#=================================================
2019-04-30 19:15:33 +02:00
# UPGRADE FAIL2BAN
2019-02-12 21:24:25 +01:00
#=================================================
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Reconfiguring fail2ban..." --weight=8
2019-02-12 21:24:25 +01:00
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
2019-04-30 19:15:33 +02:00
ynh_add_fail2ban_config --use_template
2019-02-12 21:24:25 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
2018-01-30 23:44:49 +01:00
# For any update do it in all files
chown $synapse_user:root -R $final_path
chmod 770 $final_path/Coturn_config_rotate.sh
2018-01-30 23:44:49 +01:00
chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
2019-05-11 15:01:17 +02:00
chmod 600 /etc/matrix-$app/$server_name.signing.key
2018-01-30 23:44:49 +01:00
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#=================================================
# UPDATE HOOKS
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
ynh_replace_string __APP__ $app ../hooks/post_cert_update
ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update
2018-01-30 23:44:49 +01:00
#=================================================
# UPDATE VERSION SETTINGS
#=================================================
2018-01-13 01:07:17 +01:00
2019-04-30 19:15:33 +02:00
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
2017-02-13 20:43:41 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
# RELOAD SERVICES
#=================================================
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Restarting synapse services..." --weight=5
ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
#=================================================
# END OF SCRIPT
#=================================================
2018-01-30 23:44:49 +01:00
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Upgrade of $app completed" --last