2017-02-13 20:43:41 +01:00
#!/bin/bash
2018-01-30 23:44:49 +01:00
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
2019-04-30 19:15:33 +02:00
source _common.sh
source experimental_helper.sh
2017-07-21 22:28:49 +02:00
source /usr/share/yunohost/helpers
2020-12-07 16:34:41 +01:00
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
2019-04-30 19:15:33 +02:00
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=3
2017-07-21 22:28:49 +02:00
2019-04-30 19:15:33 +02:00
app=$YNH_APP_INSTANCE_NAME
2019-12-14 15:11:33 +01:00
domain=$(ynh_app_setting_get --app=$app --key=domain)
2019-10-30 21:15:22 +01:00
server_name=$(ynh_app_setting_get --app=$app --key=server_name)
2020-05-07 14:41:35 +02:00
jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
2019-12-14 15:11:33 +01:00
path_url=$(ynh_app_setting_get --app=$app --key=path)
2019-04-30 19:15:33 +02:00
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
2022-05-26 16:41:22 +02:00
is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration)
2019-04-30 19:15:33 +02:00
port=$(ynh_app_setting_get --app=$app --key=synapse_port)
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
2019-06-02 00:09:14 +02:00
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
2020-12-12 15:38:13 +01:00
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
2019-06-02 00:09:14 +02:00
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
2019-04-30 19:15:33 +02:00
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
2019-11-12 21:59:46 +01:00
macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
2022-05-26 17:19:33 +02:00
synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
2022-09-10 15:39:56 +02:00
domain_whitelist_client_=$(get_domain_list)
domain_whitelist_client=${domain_whitelist_client_%"\n"}
2022-06-24 13:10:12 +02:00
main_domain=$(yunohost domain list --output-as json | jq -r .main)
2017-02-13 20:43:41 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
# SET ALL CONSTANT
#=================================================
synapse_user="matrix-$app"
2022-05-26 17:27:30 +02:00
synapse_user_app="$app"
2018-01-30 23:44:49 +01:00
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
2021-02-18 09:16:37 +01:00
synapse_db_name="matrix_$app"
2018-01-30 23:44:49 +01:00
upstream_version=$(ynh_app_upstream_version)
2020-12-15 22:25:29 +01:00
upgrade_type=$(ynh_check_app_version_changed)
2020-02-22 00:42:32 +01:00
final_www_path="/var/www/$app"
2020-12-07 16:34:41 +01:00
data_path="/home/yunohost.app/matrix-$app"
2018-01-30 23:44:49 +01:00
2023-01-06 14:38:14 +01:00
#=================================================
# GET CONFIG PANEL SETTINGS
#=================================================
2023-01-11 17:11:43 +01:00
server_statistics=$(ynh_app_setting_get --app=$app --key=server_statistics)
2023-01-11 14:03:52 +01:00
web_client_location=$(ynh_app_setting_get --app=$app --key=web_client_location)
client_base_url=$(ynh_app_setting_get --app=$app --key=client_base_url)
invite_client_location=$(ynh_app_setting_get --app=$app --key=invite_client_location)
2023-01-06 14:38:14 +01:00
allow_public_rooms_without_auth=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_without_auth)
allow_public_rooms_over_federation=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_over_federation)
2023-01-13 12:38:30 +01:00
max_upload_size=$(ynh_app_setting_get --app=$app --key=max_upload_size)
2023-01-06 14:38:14 +01:00
disable_msisdn_registration=$(ynh_app_setting_get --app=$app --key=disable_msisdn_registration)
2023-01-10 12:37:02 +01:00
registrations_require_3pid=$(ynh_app_setting_get --app=$app --key=registrations_require_3pid)
2023-01-19 10:08:18 +01:00
allowed_local_3pids_email=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_email)
allowed_local_3pids_msisdn=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_msisdn)
2023-08-21 22:45:22 +02:00
account_threepid_delegates_msisdn=$(ynh_app_setting_get --app=$app --key=account_threepid_delegates_msisdn)
2023-01-06 14:38:14 +01:00
allow_guest_access=$(ynh_app_setting_get --app=$app --key=allow_guest_access)
default_identity_server=$(ynh_app_setting_get --app=$app --key=default_identity_server)
auto_join_rooms=$(ynh_app_setting_get --app=$app --key=auto_join_rooms)
2023-01-10 04:14:11 +01:00
autocreate_auto_join_rooms=$(ynh_app_setting_get --app=$app --key=autocreate_auto_join_rooms)
2023-01-06 14:38:14 +01:00
auto_join_rooms_for_guests=$(ynh_app_setting_get --app=$app --key=auto_join_rooms_for_guests)
enable_notifs=$(ynh_app_setting_get --app=$app --key=enable_notifs)
notif_for_new_users=$(ynh_app_setting_get --app=$app --key=notif_for_new_users)
enable_group_creation=$(ynh_app_setting_get --app=$app --key=enable_group_creation)
2023-01-11 17:11:43 +01:00
enable_registration=$(ynh_app_setting_get --app=$app --key=enable_registration)
2023-01-11 14:53:53 +01:00
turn_allow_guests=$(ynh_app_setting_get --app=$app --key=turn_allow_guests)
sso_enabled=$(ynh_app_setting_get --app=$app --key=sso_enabled)
password_enabled=$(ynh_app_setting_get --app=$app --key=password_enabled)
2023-01-19 10:08:18 +01:00
enable_3pid_lookup=$(ynh_app_setting_get --app=$app --key=enable_3pid_lookup)
2023-01-30 18:08:00 +01:00
push_include_content=$(ynh_app_setting_get --app=$app --key=push_include_content)
2023-01-11 14:53:53 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
2018-01-30 23:44:49 +01:00
2018-05-30 20:24:30 +02:00
# Following the discussion here https://github.com/YunoHost-Apps/synapse_ynh/pull/51 we decided to remove definitely the support of the old package migration.
2019-04-30 19:15:33 +02:00
if [ -z "$synapse_old_version" ]
2017-11-23 07:56:16 +01:00
then
2019-04-30 19:15:33 +02:00
ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version."
2017-11-23 07:56:16 +01:00
fi
2023-01-11 17:11:43 +01:00
#=================================================
# MIGRATION 7 : Working config panel v1
#=================================================
backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=backup_before_upgrade)
2023-01-11 18:13:23 +01:00
if [ -z $backup_before_upgrade ] ; then
backup_before_upgrade="true"
disable_backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade)
2023-07-03 22:30:08 +02:00
if [ "0$disable_backup_before_upgrade" -ne 0 ]; then
2023-01-11 18:31:49 +01:00
backup_before_upgrade="false"
fi
ynh_app_setting_set --app=$app --key=backup_before_upgrade --value=$backup_before_upgrade
2023-01-11 18:13:23 +01:00
fi
2023-01-11 17:11:43 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
2019-04-30 19:15:33 +02:00
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
2018-01-30 23:44:49 +01:00
#=================================================
2017-02-13 20:43:41 +01:00
2018-02-12 10:26:59 +01:00
# We stop the service before to set ynh_clean_setup
2019-04-30 19:15:33 +02:00
ynh_systemd_action --service_name=matrix-$app.service --action=stop
2018-02-12 10:26:59 +01:00
2018-01-30 23:44:49 +01:00
# Backup the current version of the app
2023-01-18 15:20:11 +01:00
if $backup_before_upgrade ; then
2023-01-11 18:31:49 +01:00
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30
2018-01-13 00:45:12 +01:00
ynh_backup_before_upgrade
ynh_clean_setup () {
2019-04-30 19:15:33 +02:00
# Clean installation remainings that are not handled by the remove script.
ynh_clean_check_starting
2018-01-13 00:45:12 +01:00
ynh_restore_upgradebackup
}
2023-01-11 18:31:49 +01:00
else
ynh_script_progression --message="NOT Backing up the app before upgrading..." --weight=1
2018-01-13 00:45:12 +01:00
fi
2017-09-25 22:21:03 +02:00
2018-01-30 23:44:49 +01:00
#=================================================
2018-05-30 08:24:29 +02:00
# STANDARD UPGRADE STEPS
2019-12-14 15:11:33 +01:00
#=================================================
2019-12-18 20:50:48 +01:00
# MIGRATION 5 : Manage old settings
2019-12-14 15:11:33 +01:00
#=================================================
# Migrate from settings 'special_domain' to 'domain' and 'special_path' to 'path'
if [ -z $domain ]; then
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
path_url=$(ynh_app_setting_get --app=$app --key=special_path)
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
2019-12-18 20:36:05 +01:00
ynh_app_setting_delete --app=$app --key=special_domain
ynh_app_setting_delete --app=$app --key=special_path
2019-12-14 15:11:33 +01:00
ynh_app_setting_set --app=$app --key=no_sso --value true
fi
2019-12-18 20:50:48 +01:00
# Define $server_name if not already defined
if [ -z $server_name ]; then
server_name=$domain
2020-05-07 14:41:35 +02:00
ynh_app_setting_set --app=$app --key=server_name --value=$domain
fi
2020-12-07 16:34:41 +01:00
# Define $jitsi_server if not already defined
2020-05-07 14:41:35 +02:00
if [ -z $jitsi_server ]; then
jitsi_server='jitsi.riot.im'
ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server
2019-12-18 20:50:48 +01:00
fi
2020-12-12 15:38:13 +01:00
# Define $e2e_enabled_by_default if not already defined
2023-01-11 12:29:02 +01:00
if [ -z $e2e_enabled_by_default ] ; then
2023-01-10 16:36:46 +01:00
e2e_enabled_by_default="invite"
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
fi
2023-01-11 12:29:02 +01:00
if [ "$e2e_enabled_by_default" = "true" ] ; then
2023-01-10 16:36:46 +01:00
e2e_enabled_by_default="all"
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
fi
2023-01-11 12:29:02 +01:00
if [ "$e2e_enabled_by_default" = "false" ]; then
2023-01-10 15:26:29 +01:00
e2e_enabled_by_default="off"
2020-12-12 15:38:13 +01:00
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
fi
2020-05-29 22:39:15 +02:00
if [ -z $report_stats ]; then
report_stats="false"
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
fi
2022-05-26 16:41:22 +02:00
if [ -z $is_free_registration ]; then
is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public)
fi
2022-05-26 17:19:33 +02:00
if [ -z $synapse_user_app_pwd ]; then
synapse_user_app_pwd="$(ynh_string_random --length=30)"
ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
2023-01-10 16:56:15 +01:00
# The format to create an user account varies depending on the version of YunoHost currently installed.
ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost)
if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then
yunohost user create $synapse_user_app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
else
yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd"
fi
2022-05-26 17:19:33 +02:00
fi
2020-12-07 16:34:41 +01:00
#=================================================
# MIGRATION 6 : Migrate data directory
#=================================================
2020-12-10 23:53:02 +01:00
if [ -e "/var/lib/matrix-$app" ]; then
2020-12-07 16:34:41 +01:00
ynh_script_progression --message="Moving data directory to $data_path..." --weight=1
2020-12-10 23:53:02 +01:00
if [ -e "$data_path" ]; then
old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')"
ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path"
mv "$data_path" "$old_data_dir_path"
fi
2020-12-07 16:34:41 +01:00
mv "/var/lib/matrix-$app" "$data_path"
2021-03-14 15:25:48 +01:00
fi
if ! grep -q "$final_path" /etc/passwd; then
2020-12-07 16:34:41 +01:00
# matrix-synapse:x:994:994::/var/lib/matrix-synapse:/usr/sbin/nologin
2021-03-14 15:25:48 +01:00
sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$final_path\:/usr/sbin/nologin@g" /etc/passwd
2020-12-07 16:34:41 +01:00
fi
2023-01-10 00:20:52 +01:00
#=================================================
2023-01-06 14:38:14 +01:00
# MIGRATION 7 : Working config panel v1
#=================================================
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
2023-01-09 12:03:14 +01:00
if [ -z $allow_public_rooms ]; then
allow_public_rooms="false"
fi
2023-01-06 14:38:14 +01:00
# SET STANDARD SETTINGS FROM DEFAULT CONFIG
2023-01-10 00:20:52 +01:00
# Get app name of first Element Instance
2023-07-03 22:30:08 +02:00
element_ynh_url="https://matrix.to/"
element_domain=""
element_path=""
web_client_location=$element_ynh_url
client_base_url=$element_ynh_url
invite_client_location=$element_ynh_url
element_instance="element"
2023-01-11 14:03:52 +01:00
if [ -z "$web_client_location" ]
2023-01-06 14:38:14 +01:00
then
2023-01-11 17:36:28 +01:00
if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then
2023-01-10 02:07:48 +01:00
element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
element_path=$(ynh_app_setting_get --app $element_instance --key path)
2023-01-11 17:36:28 +01:00
element_ynh_url="https://""$element_domain""$element_path"
2023-01-10 00:20:52 +01:00
fi
2023-01-11 14:03:52 +01:00
web_client_location=$element_ynh_url
client_base_url=$element_ynh_url
invite_client_location=$element_ynh_url
2023-07-03 22:30:08 +02:00
ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location
ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url
ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
2023-01-06 14:38:14 +01:00
fi
2023-01-10 00:20:52 +01:00
2023-01-11 17:11:43 +01:00
if [ -z "$server_statistics" ]
then
server_statistics="false"
ynh_app_setting_set --app=$app --key=server_statistics --value=$server_statistics
fi
2023-01-06 14:38:14 +01:00
if [ -z "$allow_public_rooms_without_auth" ]
then
2023-07-03 22:30:08 +02:00
allow_public_rooms_without_auth=$allow_public_rooms
2023-01-06 14:38:14 +01:00
ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth
fi
if [ -z "$allow_public_rooms_over_federation" ]
then
2023-07-03 22:30:08 +02:00
allow_public_rooms_over_federation=$allow_public_rooms
2023-01-06 14:38:14 +01:00
ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation
fi
2023-01-13 12:38:30 +01:00
if [ -z "$max_upload_size" ]
then
max_upload_size="10M"
ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size
fi
2023-01-06 14:38:14 +01:00
if [ -z "$disable_msisdn_registration" ]
then
disable_msisdn_registration="true"
ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration
fi
2023-01-10 12:37:02 +01:00
if [ -z "$registrations_require_3pid" ]
then
registrations_require_3pid="email"
ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid
fi
2023-01-19 10:08:18 +01:00
if [ -z "$allowed_local_3pids_email" ]
2023-01-06 14:38:14 +01:00
then
2023-01-19 10:08:18 +01:00
allowed_local_3pids_email="'^[^@]+@""matrix""\.org$'"
ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email
fi
if [ -z "$allowed_local_3pids_msisdn" ]
then
allowed_local_3pids_msisdn="'\+33'"
ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn
2023-01-06 14:38:14 +01:00
fi
2023-08-21 22:45:22 +02:00
if [ -z "$account_threepid_delegates_msisdn" ]
then
account_threepid_delegates_msisdn="#email:"
ynh_app_setting_set --app=$app --key=account_threepid_delegates_msisdn --value=$account_threepid_delegates_msisdn
fi
2023-01-06 14:38:14 +01:00
if [ -z "$allow_guest_access" ]
then
allow_guest_access="false"
ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access
fi
if [ -z "$default_identity_server" ]
then
default_identity_server="https://matrix.org"
ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server
fi
if [ -z "$auto_join_rooms" ]
then
2023-07-15 02:51:09 +02:00
auto_join_rooms="#auto_join_room:""$server_name"
2023-01-06 14:38:14 +01:00
ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms
fi
2023-01-10 04:14:11 +01:00
if [ -z "$autocreate_auto_join_rooms" ]
then
autocreate_auto_join_rooms="false"
ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms
fi
2023-01-06 14:38:14 +01:00
if [ -z "$auto_join_rooms_for_guests" ]
then
auto_join_rooms_for_guests="true"
ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests
fi
if [ -z "$enable_notifs" ]
then
enable_notifs="true"
ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs
fi
if [ -z "$notif_for_new_users" ]
then
notif_for_new_users="true"
ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users
fi
if [ -z "$enable_group_creation" ]
then
enable_group_creation="true"
ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation
fi
2023-01-11 17:36:28 +01:00
if [ -z "$enable_registration" ]
then
2023-08-13 18:47:19 +02:00
if [ "$is_free_registration" -eq "0" ]
2023-01-11 14:53:53 +01:00
then
2023-01-11 17:11:43 +01:00
enable_registration="false"
turn_allow_guests="false"
sso_enabled="true"
password_enabled="false"
2023-01-19 10:08:18 +01:00
enable_3pid_lookup="false"
2023-01-11 14:53:53 +01:00
else
2023-01-11 17:11:43 +01:00
enable_registration="true"
turn_allow_guests="true"
sso_enabled="false"
password_enabled="true"
2023-01-19 10:08:18 +01:00
enable_3pid_lookup="true"
2023-01-11 14:53:53 +01:00
fi
2023-01-11 17:11:43 +01:00
ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
2023-01-11 14:53:53 +01:00
ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled
ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
2023-01-19 10:08:18 +01:00
ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
2023-01-11 14:53:53 +01:00
fi
2023-01-30 18:08:00 +01:00
if [ -z "$push_include_content" ]
then
push_include_content="true"
ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
fi
2018-12-21 08:51:45 +01:00
#=================================================
# INSTALL DEPENDENCIES
#=================================================
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Upgrading dependencies..." --weight=6
2018-12-21 08:51:45 +01:00
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
2022-10-28 10:50:43 +02:00
ynh_exec_warn_less ynh_install_app_dependencies $dependances
2018-12-21 08:51:45 +01:00
2018-02-06 16:31:03 +01:00
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
2020-08-02 23:47:45 +02:00
if [ "$upgrade_type" == "UPGRADE_APP" ] || [ ! -e $final_path/bin/python3 ] || [ ! -e $final_path/lib/python$python_version ]
2019-04-30 19:15:33 +02:00
then
ynh_script_progression --message="Upgrading source files..." --weight=6
2020-07-29 22:52:58 +02:00
install_sources
2018-02-06 16:31:03 +01:00
fi
2018-01-30 23:44:49 +01:00
2020-02-22 00:42:32 +01:00
#=================================================
# CREATE SMALL CAS SERVER
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
mkdir -p $final_www_path
cp ../sources/cas_server.php $final_www_path/
chmod u=rwX,g=rX,o= -R $final_www_path
chown $synapse_user:root -R $final_www_path
2018-08-01 00:32:10 +02:00
#=================================================
2019-02-08 11:24:08 +01:00
# MIGRATION 1 : GENERATE SYNAPSE SECRET
2018-08-01 00:32:10 +02:00
#=================================================
2019-11-13 21:11:39 +01:00
if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ]
2018-08-01 00:32:10 +02:00
then
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Generating synapse secret..." --weight=1
2018-08-01 00:32:10 +02:00
# Go in virtualenvironnement
2021-03-15 11:54:27 +01:00
set +u
2018-08-01 00:32:10 +02:00
source $final_path/bin/activate
2021-03-15 11:54:27 +01:00
set -u
2018-08-01 00:32:10 +02:00
# Generate config and keys
2019-05-11 14:45:00 +02:00
python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml
2018-08-01 00:32:10 +02:00
2018-08-21 07:27:01 +02:00
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does
2021-03-16 15:53:45 +01:00
set +u;
2018-08-01 00:32:10 +02:00
deactivate
2021-03-16 15:53:45 +01:00
set -u;
2018-08-01 00:32:10 +02:00
2018-08-21 07:27:01 +02:00
# Get random values from config
2019-11-19 20:29:11 +01:00
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
2018-08-01 00:32:10 +02:00
# store in yunohost settings
2019-04-30 19:15:33 +02:00
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
2018-08-01 00:32:10 +02:00
fi
2018-02-06 16:31:03 +01:00
#=================================================
# UPDATE SYNAPSE CONFIG
#=================================================
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Updating synapse config..." --weight=2
2017-07-21 22:28:49 +02:00
2019-12-14 15:15:25 +01:00
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times)
2018-02-06 16:31:03 +01:00
# For any update do it in all files
2018-01-30 23:44:49 +01:00
2020-02-25 23:03:02 +01:00
if [ -z $macaroon_secret_key ]; then
2019-11-12 21:59:46 +01:00
# Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice.
# For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
# The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
# So for the old install we just leave this as it is. And for the new install we use a real macaroon.
2020-12-15 22:25:29 +01:00
macaroon_secret_key_param='# macaroon_secret_key: ""'
2019-11-12 21:59:46 +01:00
else
2020-12-15 22:25:29 +01:00
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
2019-11-12 21:59:46 +01:00
fi
2018-02-06 16:31:03 +01:00
2020-12-15 22:25:29 +01:00
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
2018-02-06 16:31:03 +01:00
#=================================================
2018-08-01 00:32:10 +02:00
# MIGRATION 2 : MULTINSTANCE SUPPORT
2018-01-30 23:44:49 +01:00
#=================================================
2019-04-30 19:15:33 +02:00
if [ ! -e /etc/matrix-$app/coturn.conf ]
2018-01-19 22:05:39 +01:00
then
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Creating an independant service for coturn..." --weight=1
2018-01-30 23:44:49 +01:00
#=================================================
# CREATE AN INDEPENDANT SERVICE FOR COTURN
#=================================================
# Disable default config for turnserver and create a new service
2018-01-19 22:05:39 +01:00
systemctl stop coturn.service
2018-01-30 23:44:49 +01:00
2018-01-19 22:05:39 +01:00
# Set a port for each service in turnserver
2019-04-30 19:15:33 +02:00
turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
cli_port=$(ynh_find_port --port=5766)
2018-01-30 23:44:49 +01:00
2019-04-30 19:15:33 +02:00
ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
2018-07-05 21:46:24 +02:00
2018-02-12 20:31:05 +01:00
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
2018-01-30 23:44:49 +01:00
#=================================================
# MAKE A CLEAN LOGROTATE CONFIG
#=================================================
2018-01-19 22:05:39 +01:00
2019-11-04 20:34:37 +01:00
ynh_use_logrotate --logfile /var/log/matrix-$app --nonappend
2018-01-19 22:05:39 +01:00
fi
2017-12-08 21:07:37 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
2018-08-01 00:32:10 +02:00
# MIGRATION 3 : USE STANDARD ACCESS FOR CERTIFCATE
2018-01-30 23:44:49 +01:00
#=================================================
2017-12-30 15:59:05 +01:00
# Fix issue about certificates access
2019-04-30 19:15:33 +02:00
if [ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]
2017-12-30 15:59:05 +01:00
then
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Use standard access for certificate..." --weight=1
2017-12-30 15:59:05 +01:00
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
fi
2019-02-08 11:24:08 +01:00
#=================================================
# MIGRATION 4 : CREATE A DH FILE
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
2019-02-08 22:19:22 +01:00
# Make dh cert for synapse if it doesn't exist
2019-04-30 19:15:33 +02:00
if [ ! -e /etc/ssl/private/dh2048.pem ]
2019-02-08 11:24:08 +01:00
then
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Creating a dh file..." --weight=1
2019-02-08 11:24:08 +01:00
openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam 2> /dev/null
chown root:ssl-cert /etc/ssl/private/dh2048.pem
chmod 640 /etc/ssl/private/dh2048.pem
fi
2018-01-30 23:44:49 +01:00
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# NGINX CONFIGURATION
#=================================================
2022-10-28 10:59:40 +02:00
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
2017-07-21 22:28:49 +02:00
2020-02-22 00:42:32 +01:00
# Create a dedicated php-fpm config
ynh_script_progression --message="Configuring application..."
ynh_add_fpm_config
2019-12-14 15:14:27 +01:00
# Create .well-known redirection for access by federation
if yunohost --output-as plain domain list | grep -q "^$server_name$"
then
2020-12-15 22:25:29 +01:00
ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
2019-12-14 15:14:27 +01:00
fi
2022-10-28 10:59:40 +02:00
# Create a dedicated NGINX config
2020-05-07 14:41:35 +02:00
ynh_add_nginx_config app
2019-04-30 19:15:33 +02:00
#=================================================
# SPECIFIC UPGRADE
2018-01-30 23:44:49 +01:00
#=================================================
# UPDATE COTURN CONFIG
#=================================================
2022-10-28 10:59:40 +02:00
ynh_script_progression --message="Updating Coturn config..." --weight=1
2018-01-30 23:44:49 +01:00
2018-08-03 15:58:40 +02:00
# WARNING : theses command are used in INSTALL, UPGRADE
2018-01-30 23:44:49 +01:00
# For any update do it in all files
2018-05-06 00:35:58 +02:00
# Get public IP and set as external IP for coturn
2018-05-10 14:23:26 +02:00
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
2021-06-04 21:21:42 +02:00
public_ip4="$(curl -s ip.yunohost.org)" || true
public_ip6="$(curl -s ipv6.yunohost.org)" || true
2018-05-10 14:23:26 +02:00
2020-12-15 22:25:29 +01:00
turn_external_ip=""
2019-04-30 19:15:33 +02:00
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
2018-05-06 00:35:58 +02:00
then
2023-01-10 17:57:44 +01:00
turn_external_ip+="external-ip="$public_ip4%"\n"
2018-05-06 00:35:58 +02:00
fi
2019-04-30 19:15:33 +02:00
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
2018-05-06 00:35:58 +02:00
then
2023-01-10 17:57:44 +01:00
turn_external_ip+="external-ip="$public_ip6%"\n"
2018-05-06 00:35:58 +02:00
fi
2020-12-15 22:25:29 +01:00
ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
2018-01-30 23:44:49 +01:00
2018-06-20 19:16:01 +02:00
#=================================================
2020-07-24 23:33:53 +02:00
# ADD SCRIPT FOR COTURN CRON AND APP SERVICE
2018-06-20 19:16:01 +02:00
#=================================================
2018-08-03 15:58:40 +02:00
# WARNING : theses command are used in INSTALL, UPGRADE
2018-06-20 19:16:01 +02:00
# For any update do it in all files
2020-12-15 22:25:29 +01:00
ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$final_path/Coturn_config_rotate.sh"
ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$final_path/update_synapse_for_appservice.sh"
2018-06-20 19:16:01 +02:00
2020-10-06 22:28:23 +02:00
# Ensure app-service folder has exists and the config file exit (Migration)
2020-09-18 22:17:22 +02:00
mkdir -p /etc/matrix-$app/app-service
2020-10-06 22:28:23 +02:00
test -e /etc/matrix-$app/conf.d/app_service.yaml || echo "app_service_config_files:" > /etc/matrix-$app/conf.d/app_service.yaml
2020-09-15 22:44:09 +02:00
2020-07-24 00:34:52 +02:00
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port
2020-08-23 10:03:10 +02:00
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
2020-07-24 00:34:52 +02:00
2018-07-28 23:57:36 +02:00
#=================================================
# UPDATE SYSTEMD
#=================================================
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Upgrading systemd configuration..." --weight=3
2018-07-28 23:57:36 +02:00
# Create systemd service for synapse and turnserver
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
2019-04-30 19:15:33 +02:00
ynh_add_systemd_config --service=matrix-$app --template=matrix-synapse.service
2018-07-28 23:57:36 +02:00
cp ../conf/default_coturn /etc/default/coturn-$app
2019-04-30 19:15:33 +02:00
ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service
2018-07-28 23:57:36 +02:00
2019-02-12 21:24:25 +01:00
#=================================================
2019-04-30 19:15:33 +02:00
# UPGRADE FAIL2BAN
2019-02-12 21:24:25 +01:00
#=================================================
2022-10-28 10:59:40 +02:00
ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=8
2019-02-12 21:24:25 +01:00
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
2019-04-30 19:15:33 +02:00
ynh_add_fail2ban_config --use_template
2019-02-12 21:24:25 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
# GENERIC FINALIZATION
2020-02-22 00:48:55 +01:00
#=================================================
2020-12-15 22:25:29 +01:00
# SETUP PERMISSIONS
2020-02-22 00:48:55 +01:00
#=================================================
2020-12-15 22:25:29 +01:00
ynh_script_progression --message="Configuring permissions..." --weight=1
2021-03-15 11:54:27 +01:00
ynh_legacy_permissions_delete_all
2020-12-15 22:25:29 +01:00
ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true
2021-03-31 21:49:36 +02:00
ynh_permission_update --permission=main --show_tile=false --protected=true
2020-02-22 00:48:55 +01:00
2021-03-07 11:42:53 +01:00
if ! ynh_permission_exists --permission=server_api; then
2021-05-09 15:25:02 +02:00
ynh_permission_create --permission=server_api --url=$domain/_matrix \
2021-01-26 22:21:02 +01:00
--label="Server access for client apps." --show_tile=false --allowed=visitors \
2020-12-15 22:25:29 +01:00
--auth_header=false --protected=true
python3 remove_sso_conf_persistent.py $domain $server_name \
2021-03-12 21:10:48 +01:00
|| ynh_print_warn --message="Your file /etc/ssowat/""conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually."
2020-12-15 22:25:29 +01:00
else
2021-05-09 15:25:02 +02:00
ynh_permission_url --permission=server_api --url=$domain/_matrix --remove_url=$server_name/.well-known/matrix \
2021-01-26 22:21:02 +01:00
--auth_header=false
ynh_permission_update --permission=server_api --label="Server access for client apps." --show_tile=false \
--protected=true
2020-12-15 22:25:29 +01:00
fi
2020-02-22 00:48:55 +01:00
2021-05-09 15:25:02 +02:00
if yunohost --output-as plain domain list | grep -q "^$server_name"'$' && ! ynh_permission_exists --permission=server_client_infos; then
ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \
--label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \
--auth_header=false --protected=true
2021-06-02 19:38:53 +02:00
elif yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then
2021-05-09 15:25:02 +02:00
ynh_permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \
--auth_header=false
ynh_permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \
--protected=true
fi
2022-03-05 12:46:12 +01:00
if ! ynh_permission_exists --permission=admin_api; then
ynh_permission_create --permission=admin_api --url=$domain/_synapse \
--label="Server administration API." --show_tile=false \
2022-10-24 10:53:38 +02:00
--auth_header=false --allowed=visitors
2022-03-05 12:46:12 +01:00
fi
2018-01-30 23:44:49 +01:00
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
2018-08-23 22:22:05 +02:00
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
2018-01-30 23:44:49 +01:00
# For any update do it in all files
chown $synapse_user:root -R $final_path
2018-08-20 12:45:35 +02:00
chmod 770 $final_path/Coturn_config_rotate.sh
2020-07-24 23:33:53 +02:00
chmod 700 $final_path/update_synapse_for_appservice.sh
2020-12-07 16:34:41 +01:00
chown $synapse_user:root -R $data_path
2018-01-30 23:44:49 +01:00
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
2019-05-11 15:01:17 +02:00
chmod 600 /etc/matrix-$app/$server_name.signing.key
2018-01-30 23:44:49 +01:00
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
2019-09-03 15:26:09 +02:00
#=================================================
# UPDATE HOOKS
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
ynh_replace_string __APP__ $app ../hooks/post_cert_update
ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update
2018-01-30 23:44:49 +01:00
#=================================================
# UPDATE VERSION SETTINGS
#=================================================
2018-01-13 01:07:17 +01:00
2019-04-30 19:15:33 +02:00
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
2017-02-13 20:43:41 +01:00
2018-01-30 23:44:49 +01:00
#=================================================
# RELOAD SERVICES
#=================================================
2022-10-28 10:59:40 +02:00
ynh_script_progression --message="Restarting Synapse services..." --weight=5
2019-04-30 19:15:33 +02:00
ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
#=================================================
# END OF SCRIPT
#=================================================
2018-01-30 23:44:49 +01:00
2019-04-30 19:15:33 +02:00
ynh_script_progression --message="Upgrade of $app completed" --last