Merge branch 'testing' into matrix_v2

2024-09-03 20:26:38 +02:00 · 2024-04-17 08:38:39 +02:00 · 2024-04-17 08:38:39 +02:00 · 1b8c052aab
commit 1b8c052aab
parent 1ecfca8c0e ebfcb9f081
22 changed files with 856 additions and 403 deletions
--- a/ALL_README.md
+++ b/ALL_README.md
@ -0,0 +1,7 @@
 # All available README files by language
 - [Read the README in English](README.md)
 - [Irakurri README euskaraz](README_eu.md)
 - [Lire le README en français](README_fr.md)
 - [Le o README en galego](README_gl.md)
 - [阅读中文（简体）的 README](README_zh_Hans.md)
--- a/README.md
+++ b/README.md
@ -1,5 +1,5 @@
 <!--
-N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/readme_generator
+N.B.: This README was automatically generated by <https://github.com/YunoHost/apps/tree/master/tools/readme_generator>
 It shall NOT be edited by hand.
 -->
@ -9,10 +9,10 @@ It shall NOT be edited by hand.
 [![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
-*[Lire ce readme en français.](./README_fr.md)*
+*[Read this README in other languages.](./ALL_README.md)*
-> *This package allows you to install Synapse quickly and simply on a YunoHost server.
+> *This package allows you to install Synapse quickly and simply on a YunoHost server.*  
-If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
+> *If you don't have YunoHost, please consult [the guide](https://yunohost.org/install) to learn how to install it.*
 ## Overview
@ -20,7 +20,8 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
-**Shipped version:** 1.103.0~ynh1
+
 **Shipped version:** 1.105.0~ynh1
 ## Documentation and resources
 - Official app website: <https://matrix.org/>
@ -31,9 +32,9 @@ Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https
 ## Developer info
-Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
+Please send your pull request to the [`testing` branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
-To try the testing branch, please proceed like that.
+To try the `testing` branch, please proceed like that:
 ```bash
 sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
--- a/README_eu.md
+++ b/README_eu.md
@ -0,0 +1,45 @@
 <!--
 Ohart ongi: README hau automatikoki sortu da <https://github.com/YunoHost/apps/tree/master/tools/readme_generator>ri esker
 EZ editatu eskuz.
 -->
 # Synapse YunoHost-erako
 [![Integrazio maila](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Funtzionamendu egoera](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Mantentze egoera](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg)
 [![Instalatu Synapse YunoHost-ekin](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
 *[Irakurri README hau beste hizkuntzatan.](./ALL_README.md)*
 > *Pakete honek Synapse YunoHost zerbitzari batean azkar eta zailtasunik gabe instalatzea ahalbidetzen dizu.*  
 > *YunoHost ez baduzu, kontsultatu [gida](https://yunohost.org/install) nola instalatu ikasteko.*
 ## Aurreikuspena
 Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 **Paketatutako bertsioa:** 1.105.0~ynh1
 ## Dokumentazioa eta baliabideak
 - Aplikazioaren webgune ofiziala: <https://matrix.org/>
 - Administratzaileen dokumentazio ofiziala: <https://matrix-org.github.io/synapse/latest/welcome_and_overview.html>
 - Jatorrizko aplikazioaren kode-gordailua: <https://github.com/element-hq/synapse>
 - YunoHost Denda: <https://apps.yunohost.org/app/synapse>
 - Eman errore baten berri: <https://github.com/YunoHost-Apps/synapse_ynh/issues>
 ## Garatzaileentzako informazioa
 Bidali `pull request`a [`testing` abarrera](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
 `testing` abarra probatzeko, ondorengoa egin:
 ```bash
 sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 edo
 sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 ```
 **Informazio gehiago aplikazioaren paketatzeari buruz:** <https://yunohost.org/packaging_apps>
--- a/README_fr.md
+++ b/README_fr.md
@ -1,6 +1,6 @@
 <!--
-N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/readme_generator
+Nota bene : ce README est automatiquement généré par <https://github.com/YunoHost/apps/tree/master/tools/readme_generator>
-It shall NOT be edited by hand.
+Il NE doit PAS être modifié à la main.
 -->
 # Synapse pour YunoHost
@ -9,10 +9,10 @@ It shall NOT be edited by hand.
 [![Installer Synapse avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
-*[Read this readme in english.](./README.md)*
+*[Lire le README dans d'autres langues.](./ALL_README.md)*
-> *Ce package vous permet d’installer Synapse rapidement et simplement sur un serveur YunoHost.
+> *Ce package vous permet d’installer Synapse rapidement et simplement sur un serveur YunoHost.*  
-Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l’installer et en profiter.*
+> *Si vous n’avez pas YunoHost, consultez [ce guide](https://yunohost.org/install) pour savoir comment l’installer et en profiter.*
 ## Vue d’ensemble
@ -20,20 +20,21 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
-**Version incluse :** 1.102.0~ynh1
+
 **Version incluse :** 1.105.0~ynh1
 ## Documentations et ressources
- Site officiel de l’app : <https://matrix.org/>
+- Site officiel de l’app : <https://matrix.org/>
- Documentation officielle de l’admin : <https://matrix-org.github.io/synapse/latest/welcome_and_overview.html>
+- Documentation officielle de l’admin : <https://matrix-org.github.io/synapse/latest/welcome_and_overview.html>
- Dépôt de code officiel de l’app : <https://github.com/element-hq/synapse>
+- Dépôt de code officiel de l’app : <https://github.com/element-hq/synapse>
- YunoHost Store : <https://apps.yunohost.org/app/synapse>
+- YunoHost Store : <https://apps.yunohost.org/app/synapse>
- Signaler un bug : <https://github.com/YunoHost-Apps/synapse_ynh/issues>
+- Signaler un bug : <https://github.com/YunoHost-Apps/synapse_ynh/issues>
 ## Informations pour les développeurs
-Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
+Merci de faire vos pull request sur la [branche `testing`](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
-Pour essayer la branche testing, procédez comme suit.
+Pour essayer la branche `testing`, procédez comme suit :
 ```bash
 sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
@ -41,4 +42,4 @@ ou
 sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 ```
-**Plus d’infos sur le packaging d’applications :** <https://yunohost.org/packaging_apps>
+**Plus d’infos sur le packaging d’applications :** <https://yunohost.org/packaging_apps>
--- a/README_gl.md
+++ b/README_gl.md
@ -0,0 +1,45 @@
 <!--
 NOTA: Este README foi creado automáticamente por <https://github.com/YunoHost/apps/tree/master/tools/readme_generator>
 NON debe editarse manualmente.
 -->
 # Synapse para YunoHost
 [![Nivel de integración](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Estado de funcionamento](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Estado de mantemento](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg)
 [![Instalar Synapse con YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
 *[Le este README en outros idiomas.](./ALL_README.md)*
 > *Este paquete permíteche instalar Synapse de xeito rápido e doado nun servidor YunoHost.*  
 > *Se non usas YunoHost, le a [documentación](https://yunohost.org/install) para saber como instalalo.*
 ## Vista xeral
 Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 **Versión proporcionada:** 1.105.0~ynh1
 ## Documentación e recursos
 - Web oficial da app: <https://matrix.org/>
 - Documentación oficial para admin: <https://matrix-org.github.io/synapse/latest/welcome_and_overview.html>
 - Repositorio de orixe do código: <https://github.com/element-hq/synapse>
 - Tenda YunoHost: <https://apps.yunohost.org/app/synapse>
 - Informar dun problema: <https://github.com/YunoHost-Apps/synapse_ynh/issues>
 ## Info de desenvolvemento
 Envía a túa colaboración á [rama `testing`](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
 Para probar a rama `testing`, procede deste xeito:
 ```bash
 sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 ou
 sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 ```
 **Máis info sobre o empaquetado da app:** <https://yunohost.org/packaging_apps>
--- a/README_it.md
+++ b/README_it.md
@ -0,0 +1,228 @@
 <!--
 N.B.: Questo README è stato automaticamente generato da <https://github.com/YunoHost/apps/tree/master/tools/readme_generator>
 NON DEVE essere modificato manualmente.
 -->
 # Synapse per YunoHost
 [![Livello di integrazione](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Stato di funzionamento](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Stato di manutenzione](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg)
 [![Installa Synapse con YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
 *[Leggi questo README in altre lingue.](./ALL_README.md)*
 > *Questo pacchetto ti permette di installare Synapse su un server YunoHost in modo semplice e veloce.*  
 > *Se non hai YunoHost, consulta [la guida](https://yunohost.org/install) per imparare a installarlo.*
 ## Panoramica
 Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 **Versione pubblicata:** 1.98.0~ynh1
 ## Attenzione/informazioni importanti
 ## Configuration
 ### Install for ARM arch (or slow arch)
 For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install.
 You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null`
 After that you can install it without problem.
 The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/Josue-T/synapse_python_build
 The script to build the binary is also available.
 ### Web client
 If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh .
 ### Access by federation
 If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
 If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation.
 ```
 _matrix._tcp.<server_name.tld> <ttl> IN SRV 10 0 <port> <domain-or-subdomain-of-synapse.tld>
 ```
 for example
 ```
 _matrix._tcp.example.com. 3600    IN      SRV     10 0 SYNAPSE_PORT synapse.example.com.
 ```
 You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port`
 For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md
 If it is not automatically done, you need to open this in your ISP box.
 You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en
 https://federationtester.matrix.org/ can be used to easily debug federation issues
 ### Turnserver
 For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
 ```
 yunohost app setting synapse turnserver_tls_port
 yunohost app setting synapse turnserver_alt_tls_port
 ```
 The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
 For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command:
 ```
 yunohost firewall allow Both 49153:49193
 ```
 You might also need to open these ports (if it is not automatically done) on your ISP box.
 To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config.
 If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`).
 ```
 */15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh;
 ```
 #### OpenVPN
 In case of you have an OpenVPN server you might want than `coturn-synapse` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content:
 ```
 #!/bin/bash
 (
    sleep 5
    sudo systemctl restart coturn-synapse.service
 ) &
 exit 0
 ```
 Add this line in you sudo config file `/etc/sudoers`
 ```
 openvpn    ALL=(ALL) NOPASSWD: /bin/systemctl restart coturn-synapse.service
 ```
 And add this line in your OpenVPN config file
 ```
 ipchange /usr/local/bin/openvpn_up_script.sh
 ```
 ### Important Security Note
 We do not recommend running Element from the same domain name as your Matrix
 homeserver (synapse).  The reason is the risk of XSS (cross-site-scripting)
 vulnerabilities that could occur if someone caused Element to load and render
 malicious user generated content from a Matrix API which then had trusted
 access to Element (or other apps) due to sharing the same domain.
 We have put some coarse mitigations into place to try to protect against this
 situation, but it's still not a good practice to do it in the first place. See
 https://github.com/vector-im/element-web/issues/1977 for more details.
 ## YunoHost specific features
 ## Limitations
 Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM.
 This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh)
 ## Additional information
 ## Administration
 **All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.**
 Before any manipulation it's recommended to do a backup by this following command :
 `sudo yunohost backup create --apps synapse`
 ### Set user as admin
 Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database.
 The following command will grant admin privilege to the specified user:
 ```
 su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'"
 ```
 ### Administration API
 Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission.
 By default, no one has access to this path.
 If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh),
 you need to give this permission to visitors.
 Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section).
 ### Upgrade
 By default a backup is made before the upgrade. If for some reason you want to upgrade without backup:
 - Call the command with the `-b` flag: `yunohost app upgrade synapse -b`
 - Disable the setting `Backup before upgrade` in the Config Panel. Or with command line:
 `yunohost app setting synapse backup_before_upgrade -v 0`
 After this settings will be applied for **all** next upgrade.
 From command line:
 `yunohost app upgrade synapse`
 ### Backup
 This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this:
 - Stop synapse service with theses following command:
 `systemctl stop synapse.service`
 - Launch the backup of synapse with this following command:
 `yunohost backup create --app synapse`
 - Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`.
 - Restart the synapse service with these command:
 `systemctl start synapse.service`
 ### Remove
 Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**.
 Use the `--purge` flag with the command, or remove it manually to purge app user data.
 ### Multi instance support
 To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command:
 ```
 yunohost app setting synapse__<instancenumber> synapse_tls_port
 ```
 Before installing a second instance of the app it's really recommended to update all existing instances.
 ## Documentazione e risorse
 - Sito web ufficiale dell’app: <https://matrix.org/>
 - Repository upstream del codice dell’app: <https://github.com/matrix-org/synapse>
 - Store di YunoHost: <https://apps.yunohost.org/app/synapse>
 - Segnala un problema: <https://github.com/YunoHost-Apps/synapse_ynh/issues>
 ## Informazioni per sviluppatori
 Si prega di inviare la tua pull request alla [branch di `testing`](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
 Per provare la branch di `testing`, si prega di procedere in questo modo:
 ```bash
 sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 o
 sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 ```
 **Maggiori informazioni riguardo il pacchetto di quest’app:** <https://yunohost.org/packaging_apps>
--- a/README_zh_Hans.md
+++ b/README_zh_Hans.md
@ -0,0 +1,45 @@
 <!--
 注意：此 README 由 <https://github.com/YunoHost/apps/tree/master/tools/readme_generator> 自动生成
 请勿手动编辑。
 -->
 # YunoHost 的 Synapse
 [![集成程度](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![工作状态](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![维护状态](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg)
 [![使用 YunoHost 安装 Synapse](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
 *[阅读此 README 的其它语言版本。](./ALL_README.md)*
 > *通过此软件包，您可以在 YunoHost 服务器上快速、简单地安装 Synapse。*  
 > *如果您还没有 YunoHost，请参阅[指南](https://yunohost.org/install)了解如何安装它。*
 ## 概况
 Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
 **分发版本：** 1.105.0~ynh1
 ## 文档与资源
 - 官方应用网站： <https://matrix.org/>
 - 官方管理文档： <https://matrix-org.github.io/synapse/latest/welcome_and_overview.html>
 - 上游应用代码库： <https://github.com/element-hq/synapse>
 - YunoHost 商店： <https://apps.yunohost.org/app/synapse>
 - 报告 bug： <https://github.com/YunoHost-Apps/synapse_ynh/issues>
 ## 开发者信息
 请向 [`testing` 分支](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing) 发送拉取请求。
 如要尝试 `testing` 分支，请这样操作：
 ```bash
 sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 或
 sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
 ```
 **有关应用打包的更多信息：** <https://yunohost.org/packaging_apps>
--- a/conf/homeserver.yaml
+++ b/conf/homeserver.yaml
@ -45,15 +45,15 @@ modules:
 # lowercase and may contain an explicit port.
 # Examples: matrix.org, localhost:8080
 #
-server_name: "__SERVER_NAME__"
+server_name: "{{ server_name }}"
 # When running as a daemon, the file to store the pid in
 #
-pid_file: /run/matrix-__APP__/homeserver.pid
+pid_file: /run/matrix-{{ app }}/homeserver.pid
 # The absolute URL to the web client which / will redirect to.
 #
-web_client_location: __WEB_CLIENT_LOCATION__
+web_client_location: {{ web_client_location }}
 # The public-facing base URL that clients use to access this Homeserver (not
 # including _matrix/...). This is the same URL a user might enter into the
@ -64,7 +64,7 @@ web_client_location: __WEB_CLIENT_LOCATION__
 #
 # Defaults to 'https://<server_name>/'.
 #
-public_baseurl: https://__DOMAIN__/
+public_baseurl: https://{{ domain }}/
 # Uncomment the following to tell other servers to send federation traffic on
 # port 443.
@ -125,12 +125,12 @@ presence:
 # public rooms directory through the client API, meaning that anyone can
 # query the room directory. Defaults to 'false'.
 #
-allow_public_rooms_without_auth: __ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH__
+allow_public_rooms_without_auth: {{ allow_public_rooms_without_auth }}
 # If set to 'true', allows any other homeserver to fetch the server's public
 # rooms directory via federation. Defaults to 'false'.
 #
-allow_public_rooms_over_federation: __ALLOW_PUBLIC_ROOMS_OVER_FEDERATION__
+allow_public_rooms_over_federation: {{ allow_public_rooms_over_federation }}
 # The default room version for newly created rooms.
 #
@ -288,7 +288,7 @@ listeners:
  # will also need to give Synapse a TLS key and certificate: see the TLS section
  # below.)
  #
-  - port: __PORT_SYNAPSE_TLS__
+  - port: {{ port_synapse_tls }}
    type: http
    tls: true
    resources:
@ -300,7 +300,7 @@ listeners:
  # If you plan to use a reverse proxy, please see
  # https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
  #
-  - port: __PORT_SYNAPSE__
+  - port: {{ port_synapse }}
    tls: false
    type: http
    x_forwarded: true
@ -613,11 +613,11 @@ admin_contact: 'mailto:root'
 # any intermediate certificates (for instance, if using certbot, use
 # `fullchain.pem` as your certificate, not `cert.pem`).
 #
-tls_certificate_path: "/etc/yunohost/certs/__DOMAIN__/crt.pem"
+tls_certificate_path: "/etc/yunohost/certs/{{ domain }}/crt.pem"
 # PEM-encoded private key for TLS
 #
-tls_private_key_path: "/etc/yunohost/certs/__DOMAIN__/key.pem"
+tls_private_key_path: "/etc/yunohost/certs/{{ domain }}/key.pem"
 # Whether to verify TLS server certificates for outbound federation requests.
 #
@ -804,9 +804,9 @@ database:
 name: psycopg2
 #txn_limit: 10000
 args:
-   user: __DB_USER__
+   user: {{ db_user }}
-   password: __DB_PWD__
+   password: {{ db_pwd }}
-   database: __DB_NAME__
+   database: {{ db_name }}
   host: localhost
   port: 5432
   cp_min: 5
@ -826,7 +826,7 @@ database:
 # A yaml python logging config file as described by
 # https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
 #
-log_config: "/etc/matrix-__APP__/log.yaml"
+log_config: "/etc/matrix-{{ app }}/log.yaml"
 ## Ratelimiting ##
@ -959,7 +959,7 @@ log_config: "/etc/matrix-__APP__/log.yaml"
 # Directory where uploaded images and attachments are stored.
 #
-media_store_path: "__DATA_DIR__/media"
+media_store_path: "{{ data_dir }}/media"
 # Media storage providers allow media to be stored in different
 # locations.
@ -973,7 +973,7 @@ media_storage_providers:
   # Whether to wait for successful storage for local uploads
   store_synchronous: false
   config:
-      directory: "__DATA_DIR__/media_storage"
+      directory: "{{ data_dir }}/media_storage"
 # The largest allowed upload size in bytes
 #
@ -981,7 +981,7 @@ media_storage_providers:
 # your reverse proxy's config. Notably Nginx has a small max body size by default.
 # See https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
 #
-max_upload_size: __MAX_UPLOAD_SIZE__
+max_upload_size: {{ max_upload_size }}
 # Maximum number of pixels that will be thumbnailed
 #
@ -1181,11 +1181,15 @@ oembed:
 # The public URIs of the TURN server to give to clients
 #
-__TURN_SERVER_CONFIG__
+{%- if enable_dtls_for_audio_video_turn_call == 'true' %}
 turn_uris: [ "turns:{{ domain }}:{{ port_turnserver_tls }}", "turns:{{ domain }}:{{ port_turnserver_alt_tls }}" ]
 {%- else %}
 turn_uris: [ "turn:{{ domain }}:{{ port_turnserver_tls }}", "turn:{{ domain }}:{{ port_turnserver_alt_tls }}" ]
 {%- endif %}
 # The shared secret used to compute passwords for the TURN server
 #
-turn_shared_secret: "__TURNSERVER_PWD__"
+turn_shared_secret: "{{ turnserver_pwd }}"
 # The Username and password if the TURN server needs them and
 # does not use a token
@ -1203,7 +1207,7 @@ turn_user_lifetime: 12h
 # connect to arbitrary endpoints without having first signed up for a
 # valid account (e.g. by passing a CAPTCHA).
 #
-turn_allow_guests: __ALLOW_GUEST_ACCESS__
+turn_allow_guests: {{ allow_guest_access }}
 ## Registration ##
@ -1215,7 +1219,7 @@ turn_allow_guests: __ALLOW_GUEST_ACCESS__
 # you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration
 # without any verification, you must also set `enable_registration_without_verification`, found below.
 #
-enable_registration: __ENABLE_REGISTRATION__
+enable_registration: {{ enable_registration }}
 # Enable registration without email or captcha verification. Note: this option is *not* recommended,
 # as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect
@ -1274,26 +1278,41 @@ enable_registration: __ENABLE_REGISTRATION__
 # The user must provide all of the below types of 3PID when registering.
 #
-_REGISTRATION_REQUIRE_3PID_SED_PARAM_
+{%- if registrations_require_3pid %}
 registrations_require_3pid:
    {%- for pid in registrations_require_3pid.split('&') %}
  - {{ pid }}
    {%- endfor %}
 {%- endif %}
 # Explicitly disable asking for MSISDNs from the registration
 # flow (overrides registrations_require_3pid if MSISDNs are set as required)
 #
-disable_msisdn_registration: __DISABLE_MSISDN_REGISTRATION__
+disable_msisdn_registration: {{ disable_msisdn_registration }}
 # Mandate that users are only allowed to associate certain formats of
 # 3PIDs with accounts on this server.
 #
 _ALLOWD_LOCAL_3PIDS_SED_PARAM_
 #allowed_local_3pids:
 #  - medium: email
 #    pattern: '^[^@]+@vector\.im$'
 #  - medium: msisdn
 #    pattern: '\+44'
 {%- if allowed_local_3pids_email or allowed_local_3pids_msisdn %}
 allowed_local_3pids:
    {%- for pattern in allowed_local_3pids_email.strip(',').split(',') %}
  - medium: email
    pattern: '{{ pattern }}'
    {%- endfor %}
    {%- for pattern in allowed_local_3pids_msisdn.strip(',').split(',') %}
  - medium: msisdn
    pattern: '{{ pattern }}'
    {%- endfor %}
 {%- endif %}
 # Enable 3PIDs lookup requests to identity servers from this server.
 #
-enable_3pid_lookup: __ENABLE_3PID_LOOKUP__
+enable_3pid_lookup: {{ enable_3pid_lookup }}
 # Require users to submit a token during registration.
 # Tokens can be managed using the admin API:
@ -1313,7 +1332,7 @@ enable_3pid_lookup: __ENABLE_3PID_LOOKUP__
 # If set, allows registration of standard or admin accounts by anyone who
 # has the shared secret, even if registration is otherwise disabled.
 #
-registration_shared_secret: "__REGISTRATION_SHARED_SECRET__"
+registration_shared_secret: "{{ registration_shared_secret }}"
 # Set the number of bcrypt rounds used to generate password hash.
 # Larger numbers increase the work factor needed to generate the hash.
@ -1327,7 +1346,7 @@ registration_shared_secret: "__REGISTRATION_SHARED_SECRET__"
 # participate in rooms hosted on this server which have been made
 # accessible to anonymous users.
 #
-allow_guest_access: __ALLOW_GUEST_ACCESS__
+allow_guest_access: {{ allow_guest_access }}
 # The identity server which we suggest that clients should use when users log
 # in on this server.
@ -1335,7 +1354,7 @@ allow_guest_access: __ALLOW_GUEST_ACCESS__
 # (By default, no suggestion is made, so it is left up to the client.
 # This setting is ignored unless public_baseurl is also explicitly set.)
 #
-default_identity_server: __DEFAULT_IDENTITY_SERVER__
+default_identity_server: {{ default_identity_server }}
 # Handle threepid (email/phone etc) registration and password resets through a set of
 # *trusted* identity servers. Note that this allows the configured identity server to
@ -1361,7 +1380,7 @@ default_identity_server: __DEFAULT_IDENTITY_SERVER__
 # As email delegates is managed by the synapse server itself this email section is
 # not necessary but msisdn format is still composed by msisdn: <value> on a new line
 account_threepid_delegates:
-    msisdn: __ACCOUNT_THREEPID_DELEGATES_MSISDN__
+    msisdn: {{ account_threepid_delegates_msisdn }}
    #email: https://example.com     # Delegate email sending to example.com
    #msisdn: http://localhost:8090  # Delegate SMS sending to this local process
@ -1397,7 +1416,12 @@ account_threepid_delegates:
 # If the room already exists, make certain it is a publicly joinable
 # room. The join rule of the room must be set to 'public'.
 #
-_AUTO_JOIN_ROOMS_SED_PARAM_
+{%- if auto_join_rooms %}
 auto_join_rooms:
    {%- for room in auto_join_rooms.split(',') %}
  - '{{ room }}'
    {%- endfor %}
 {%- endif %}
 # Where auto_join_rooms are specified, setting this flag ensures that the
 # the rooms exist by creating them when the first user on the
@ -1413,7 +1437,7 @@ _AUTO_JOIN_ROOMS_SED_PARAM_
 # Defaults to true. Uncomment the following line to disable automatically
 # creating auto-join rooms.
 #
-autocreate_auto_join_rooms: __AUTOCREATE_AUTO_JOIN_ROOMS__
+autocreate_auto_join_rooms: {{ autocreate_auto_join_rooms }}
 # Whether the auto_join_rooms that are auto-created are available via
 # federation. Only has an effect if autocreate_auto_join_rooms is true.
@ -1464,7 +1488,7 @@ autocreate_auto_join_rooms: __AUTOCREATE_AUTO_JOIN_ROOMS__
 #
 # Defaults to true.
 #
-auto_join_rooms_for_guests: __AUTO_JOIN_ROOMS_FOR_GUESTS__
+auto_join_rooms_for_guests: {{ auto_join_rooms_for_guests }}
 # Whether to inhibit errors raised when registering a new account if the user ID
 # already exists. If turned on, that requests to /register/available will always
@ -1505,7 +1529,7 @@ metrics_flags:
 # Whether or not to report anonymized homeserver usage statistics.
 #
-report_stats: __REPORT_STATS__
+report_stats: {{ report_stats }}
 # The endpoint to report the anonymized homeserver usage statistics to.
 # Defaults to https://matrix.org/report-usage-stats/push
@ -1575,19 +1599,26 @@ room_prejoin_state:
 # the registration_shared_secret is used, if one is given; otherwise,
 # a secret key is derived from the signing key.
 #
-__MACAROON_SECRET_KEY_PARAM__
+
 # Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice.
 # For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
 # The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
 # So for the old install we just leave this as it is. And for the new install we use a real macaroon.
 {%- if macaroon_secret_key is defined %}
 macaroon_secret_key: '{{ macaroon_secret_key }}'
 {%- endif %}
 # a secret which is used to calculate HMACs for form values, to stop
 # falsification of values. Must be specified for the User Consent
 # forms to work.
 #
-form_secret: "__FORM_SECRET__"
+form_secret: "{{ form_secret }}"
 ## Signing Keys ##
 # Path to the signing key to sign messages with
 #
-signing_key_path: "/etc/matrix-__APP__/homeserver.signing.key"
+signing_key_path: "/etc/matrix-{{ app }}/homeserver.signing.key"
 # The keys that the server used to sign messages with but won't use
 # to sign new messages.
@ -2030,9 +2061,9 @@ oidc_providers:
  #  user_mapping_provider:
  #    config:
  #      subject_claim: "id"
-  #      localpart_template: "{{ user.login }}"
+  #      localpart_template: "{ { user.login } }"
-  #      display_name_template: "{{ user.name }}"
+  #      display_name_template: "{ { user.name } }"
-  #      email_template: "{{ user.email }}"
+  #      email_template: "{ { user.email } }"
  #  attribute_requirements:
  #    - attribute: userGroup
  #      value: "synapseUsers"
@ -2048,7 +2079,7 @@ cas_config:
  # The URL of the CAS authorization endpoint.
  #
-  server_url: "https://__DOMAIN__/_matrix/cas_server.php"
+  server_url: "https://{{ domain }}/_matrix/cas_server.php"
  # The attribute of the CAS response to use as the display name.
  #
@ -2090,7 +2121,9 @@ sso:
    # By default, this list contains only the login fallback page.
    #
    client_whitelist:
-_DOMAIN_WHITELIST_CLIENT_
+{%- for domain in domain_whitelist_client.splitlines() %}
      - {{ domain }}
 {%- endfor %}
    # Uncomment to keep a user's profile fields in sync with information from
    # the identity provider. Currently only syncing the displayname is
@ -2169,7 +2202,7 @@ _DOMAIN_WHITELIST_CLIENT_
 password_config:
   # Uncomment to disable password login
   #
-   enabled: __PASSWORD_ENABLED__
+   enabled: {{ password_enabled }}
   # Uncomment to disable authentication against the local password
   # database. This is ignored if `enabled` is false, and is only useful
@ -2248,7 +2281,7 @@ password_providers:
          uid: "uid"
          mail: "mail"
          name: "givenName"
-       filter: "(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))"
+       filter: "(&(objectClass=posixAccount)(permission=cn={{ app }}.main,ou=permission,dc=yunohost,dc=org))"
@ -2260,7 +2293,7 @@ password_providers:
 email:
  # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
  #
-  smtp_host: "__DOMAIN__"
+  smtp_host: "{{ domain }}"
  # The port on the mail server for outgoing SMTP. Defaults to 25.
  #
@ -2269,8 +2302,8 @@ email:
  # Username/password for authentication to the SMTP server. By default, no
  # authentication is attempted.
  #
-  smtp_user: __APP__
+  smtp_user: {{ app }}
-  smtp_pass: __MAIL_PWD__
+  smtp_pass: {{ mail_pwd }}
  # Uncomment the following to require TLS transport security for SMTP.
  # By default, Synapse will connect over plain text, and will then switch to
@ -2297,7 +2330,7 @@ email:
  # Note that the placeholder must be written '%(app)s', including the
  # trailing 's'.
  #
-  notif_from: "Your Friendly %(app)s Home Server <__APP__@__DOMAIN__>"
+  notif_from: "Your Friendly %(app)s Home Server <{{ app }}@{{ domain }}>"
  # app_name defines the default value for '%(app)s' in notif_from and email
  # subjects. It defaults to 'Matrix'.
@ -2307,12 +2340,12 @@ email:
  # Uncomment the following to enable sending emails for messages that the user
  # has missed. Disabled by default.
  #
-  enable_notifs: __ENABLE_NOTIFS__
+  enable_notifs: {{ enable_notifs }}
  # Uncomment the following to disable automatic subscription to email
  # notifications for new users. Enabled by default.
  #
-  notif_for_new_users: __NOTIF_FOR_NEW_USERS__
+  notif_for_new_users: {{ notif_for_new_users }}
  # Custom URL for client links within the email notifications. By default
  # links will be based on "https://matrix.to".
@ -2320,7 +2353,7 @@ email:
  # (This setting used to be called riot_base_url; the old name is still
  # supported for backwards-compatibility but is now deprecated.)
  #
-  client_base_url: __CLIENT_BASE_URL__
+  client_base_url: {{ client_base_url }}
  # Configure the time that a validation email will expire after sending.
  # Defaults to 1h.
@ -2331,7 +2364,7 @@ email:
  # to the identity server as the org.matrix.web_client_location key. Defaults
  # to unset, giving no guidance to the identity server.
  #
-  invite_client_location: __INVITE_CLIENT_LOCATION__
+  invite_client_location: {{ invite_client_location }}
  # Subjects to use when sending emails from Synapse.
  #
@ -2420,7 +2453,7 @@ push:
  # The default value is "true" to include message details. Uncomment to only
  # include the event ID and room ID in push notification payloads.
  #
-  include_content: __PUSH_INCLUDE_CONTENT__
+  include_content: {{ push_include_content }}
  # When a push notification is received, an unread count is also sent.
  # This number can either be calculated as the number of unread messages
@ -2450,12 +2483,12 @@ push:
 # Note that this option will only affect rooms created after it is set. It
 # will also not affect rooms created by other servers.
 #
-encryption_enabled_by_default_for_room_type: __E2E_ENABLED_BY_DEFAULT__
+encryption_enabled_by_default_for_room_type: {{ e2e_enabled_by_default }}
 # Uncomment to allow non-server-admin users to create groups on this server
 #
-enable_group_creation: __ENABLE_GROUP_CREATION__
+enable_group_creation: {{ enable_group_creation }}
 # If enabled, non server admins can only create groups with local parts
 # starting with this prefix
--- a/conf/requirement_bookworm.txt
+++ b/conf/requirement_bookworm.txt
@ -10,7 +10,7 @@ charset-normalizer==3.3.2
 constantly==23.10.4
 cryptography==42.0.5
 hyperlink==21.0.0
-idna==3.6
+idna==3.7
 ijson==3.2.3
 immutabledict==4.2.0
 incremental==22.10.0
@ -21,21 +21,21 @@ ldap3==2.9.1
 lxml==5.2.1
 MarkupSafe==2.1.5
 matrix-common==1.3.0
-matrix-synapse==1.104.0
+matrix-synapse==1.105.0
 matrix-synapse-ldap3==0.3.0
 msgpack==1.0.8
 ndg-httpsclient==0.5.1
 netaddr==1.2.1
 packaging==24.0
-phonenumbers==8.13.33
+phonenumbers==8.13.34
 pillow==10.3.0
 prometheus_client==0.20.0
 psycopg2==2.9.9
 pyasn1==0.6.0
 pyasn1_modules==0.4.0
 pycparser==2.22
-pydantic==2.6.4
+pydantic==2.7.0
-pydantic_core==2.16.3
+pydantic_core==2.18.1
 pymacaroons==0.13.0
 PyNaCl==1.5.0
 pyOpenSSL==24.1.0
@ -51,8 +51,8 @@ six==1.16.0
 sortedcontainers==2.4.0
 treq==23.11.0
 Twisted==24.3.0
-typing_extensions==4.10.0
+typing_extensions==4.11.0
 unpaddedbase64==2.1.0
 urllib3==2.2.1
 webencodings==0.5.1
-zope.interface==6.2
+zope.interface==6.3
--- a/conf/requirement_bullseye.txt
+++ b/conf/requirement_bullseye.txt
@ -10,7 +10,7 @@ charset-normalizer==3.3.2
 constantly==23.10.4
 cryptography==42.0.5
 hyperlink==21.0.0
-idna==3.6
+idna==3.7
 ijson==3.2.3
 immutabledict==4.2.0
 incremental==22.10.0
@ -21,21 +21,21 @@ ldap3==2.9.1
 lxml==5.2.1
 MarkupSafe==2.1.5
 matrix-common==1.3.0
-matrix-synapse==1.104.0
+matrix-synapse==1.105.0
 matrix-synapse-ldap3==0.3.0
 msgpack==1.0.8
 ndg-httpsclient==0.5.1
 netaddr==1.2.1
 packaging==24.0
-phonenumbers==8.13.33
+phonenumbers==8.13.34
 pillow==10.3.0
 prometheus_client==0.20.0
 psycopg2==2.9.9
 pyasn1==0.6.0
 pyasn1_modules==0.4.0
 pycparser==2.22
-pydantic==2.6.4
+pydantic==2.7.0
-pydantic_core==2.16.3
+pydantic_core==2.18.1
 pymacaroons==0.13.0
 PyNaCl==1.5.0
 pyOpenSSL==24.1.0
@ -52,8 +52,8 @@ sortedcontainers==2.4.0
 tomli==2.0.1
 treq==23.11.0
 Twisted==24.3.0
-typing_extensions==4.10.0
+typing_extensions==4.11.0
 unpaddedbase64==2.1.0
 urllib3==2.2.1
 webencodings==0.5.1
-zope.interface==6.2
+zope.interface==6.3
--- a/conf/turnserver.conf
+++ b/conf/turnserver.conf
@ -1,19 +1,23 @@
 lt-cred-mech
 use-auth-secret
-static-auth-secret=__TURNSERVER_PWD__
+static-auth-secret={{ turnserver_pwd }}
-realm=__DOMAIN__
+realm={{ domain }}
-tls-listening-port=__PORT_TURNSERVER_TLS__
+tls-listening-port={{ port_turnserver_tls }}
-alt-tls-listening-port=__PORT_TURNSERVER_ALT_TLS__
+alt-tls-listening-port={{ port_turnserver_alt_tls }}
 min-port=49153
 max-port=49193
-cli-port=__PORT_CLI__
+cli-port={{ port_cli }}
-cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
+cert=/etc/yunohost/certs/{{ domain }}/crt.pem
-pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
+pkey=/etc/yunohost/certs/{{ domain }}/key.pem
 dh-file=/etc/ssl/private/dh2048.pem
-_TURN_CLEAR_COM_PARAM_
+{% if enable_dtls_for_audio_video_turn_call == 'true' %}
 # Block clear communication
 no-udp
 no-tcp
 {% endif %}
 # Block old protocols
 no-sslv2
@ -21,8 +25,8 @@ no-sslv3
 no-tlsv1
 no-tlsv1_1
-log-file=/var/log/matrix-__APP__/turnserver.log
+log-file=/var/log/matrix-{{ app }}/turnserver.log
-pidfile=/run/coturn-__APP__/turnserver.pid
+pidfile=/run/coturn-{{ app }}/turnserver.pid
 simple-log
 # consider whether you want to limit the quota of relayed streams per user (or total) to avoid risk of DoS.
@ -38,4 +42,6 @@ denied-peer-ip=127.0.0.0-127.255.255.255
 # Max time 12h
 max-allocate-lifetime=43200
-_TURN_EXTERNAL_IP_
+{%- for ip in turn_external_ip.strip(',').split(',') %}
 external-ip={{ ip }}
 {%- endfor %}
--- a/doc/POST_INSTALL.md
+++ b/doc/POST_INSTALL.md
@ -2,7 +2,9 @@ If your server name is identical to the domain on which synapse is installed, an
 If not, you may need to put the following line in the dns configuration:
 ```text
 _matrix._tcp.__DOMAIN__. 3600    IN      SRV     10 0 __PORT_SYNAPSE_TLS__ __DOMAIN__.
 ```
 For more details, see : https://github.com/element-hq/synapse#setting-up-federation
--- a/doc/PRE_INSTALL.md
+++ b/doc/PRE_INSTALL.md
@ -1,3 +1,3 @@
 - Synapse consumes a significant amount of resources (both CPU and ARM), and therefore is not recommended for "small" setups such as small ARM boards
- During the install, the generation of Diffie-Hellman parameters may take a significant amount of time. You can speed things up by manually initializing them before running the install: `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null`
+- During the install, the generation of Diffie-Hellman parameters may take a significant amount of time. You can speed things up by manually initializing them before running the install: `openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -dsaparam 2048`
 - The package uses a prebuilt python virtual environnement. The binary are taken from this repository: <https://github.com/YunoHost-Apps/synapse_python_build>. The script to build the binary is also available.
--- a/manifest.toml
+++ b/manifest.toml
@ -5,7 +5,7 @@ name = "Synapse"
 description.en = "Instant messaging server which uses Matrix"
 description.fr = "Serveur de messagerie instantané basé sur Matrix"
-version = "1.104.0~ynh1"
+version = "1.105.0~ynh1"
 maintainers = ["Josué Tille"]
@ -18,7 +18,7 @@ cpe = "cpe:2.3:a:matrix:synapse"
 fund = "https://matrix.org/support/#"
 [integration]
-yunohost = ">= 11.2.10"
+yunohost = ">= 11.2.11"
 architectures = ["amd64", "arm64"]
 multi_instance = true
 ldap = true
@ -63,13 +63,13 @@ ram.runtime = "1G"
 [resources]
    [resources.sources.synapse_prebuilt_armv7_bookworm]
    prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.104.0/matrix-synapse_1.104.0-bookworm-bin1_armv7l.tar.gz"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.105.0/matrix-synapse_1.105.0-bookworm-bin1_armv7l.tar.gz"
-    armhf.sha256 = "880c3507a424277cd5414363e22dc2018407e572c5f7bb388a6560707ae4231e"
+    armhf.sha256 = "8d997452056311b97f3a758cf1e1673dc8b9463d9dc1abb696f01a5335344470"
    [resources.sources.synapse_prebuilt_armv7_bullseye]
    prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.104.0/matrix-synapse_1.104.0-bullseye-bin1_armv7l.tar.gz"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.105.0/matrix-synapse_1.105.0-bullseye-bin1_armv7l.tar.gz"
-    armhf.sha256 = "8f2f957d25566e5051aa0d5c88bcedacf6ea1615cc7aca84491a7ded84fbae11"
+    armhf.sha256 = "6721340e6ef15ba7e90715d0e7f0d316f045123a0517b5294cc889b0a47c0185"
    [resources.sources.sliding_proxy]
    prefetch = true
@ -108,7 +108,7 @@ ram.runtime = "1G"
    main.additional_urls = ["/_matrix/cas_server.php/login"]
    main.label = "Server SSO"
    main.auth_header = true
-    main.show_tile=false
+    main.show_tile = false
    main.protected = true
    server_api.url = "/_matrix"
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -1,6 +1,8 @@
-python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
+readonly python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
-code_dir="/opt/yunohost/matrix-$app"
+readonly code_dir="/opt/yunohost/matrix-$app"
-db_name_slidingproxy=${db_name}_slidingproxy
+readonly domain_whitelist_client="$(yunohost --output-as json domain list  | jq -r '.domains | .[]')"
 readonly db_name_slidingproxy=${db_name}_slidingproxy
 install_sources() {
    # Install/upgrade synapse in virtualenv
@ -61,68 +63,6 @@ install_sources() {
    ynh_setup_source --dest_dir=$code_dir/sliding-chroot/bin/ --source_id=sliding_proxy
 }
 configure_synapse() {
    local domain_whitelist_client=$(yunohost --output-as plain domain list \
        | grep -E "^#" -v \
        | sort | uniq \
        | sed -r 's|^(.*)$|      - \1|' \
        | sed -z 's|\n|\\n|g')
    local macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
    local auto_join_rooms_sed_param=""
    if [ -n "$auto_join_rooms" ]; then
        auto_join_rooms_sed_param+='auto_join_rooms:'
        while read -d, room; do
            auto_join_rooms_sed_param+='\n  - "'$room'"'
        done <<< "${auto_join_rooms},"
    fi
    local registration_require_3pid_sed_param=""
    case ${registrations_require_3pid} in
        'email')
            registration_require_3pid_sed_param="registrations_require_3pid:\n  - email"
            ;;
        'msisdn')
            registration_require_3pid_sed_param="registrations_require_3pid:\n  - msisdn"
            ;;
        'email&msisdn')
            registration_require_3pid_sed_param="registrations_require_3pid:\n  - email\n  - msisdn"
            ;;
    esac
    local allowd_local_3pids_sed_param=""
    if [ -n "$allowed_local_3pids_email" ] || [ -n "$allowed_local_3pids_msisdn" ]; then
        allowd_local_3pids_sed_param="allowed_local_3pids:"
        if [ -n "$allowed_local_3pids_email" ]; then
            while read -d, pattern ; do
                allowd_local_3pids_sed_param+="\n  - medium: email\n    pattern: '$pattern'"
            done <<< "${allowed_local_3pids_email},"
        fi
        if [ -n "$allowed_local_3pids_msisdn" ]; then
            while read -d, pattern ; do
                allowd_local_3pids_sed_param+="\n  - medium: msisdn\n    pattern: '$pattern'"
            done <<< "${allowed_local_3pids_msisdn},"
        fi
    fi
    local turn_server_config=""
    if $enable_dtls_for_audio_video_turn_call; then
        turn_server_config='turn_uris: [ "turns:'$domain:$port_turnserver_tls'", "turns:'$domain:$port_turnserver_alt_tls'" ]'
    else
        turn_server_config='turn_uris: [ "turn:'$domain:$port_turnserver_tls'", "turn:'$domain:$port_turnserver_alt_tls'" ]'
    fi
    # Force enable it because some client like Element X don't support CAS and so require to have password authentication enabled
    password_enabled=true
    ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
    sed -i "s|_DOMAIN_WHITELIST_CLIENT_|$domain_whitelist_client|g" /etc/matrix-$app/homeserver.yaml
    sed -i "s|_AUTO_JOIN_ROOMS_SED_PARAM_|$auto_join_rooms_sed_param|g" /etc/matrix-$app/homeserver.yaml
    sed -i "s|_REGISTRATION_REQUIRE_3PID_SED_PARAM_|$registration_require_3pid_sed_param|g" /etc/matrix-$app/homeserver.yaml
    sed -i "s|_ALLOWD_LOCAL_3PIDS_SED_PARAM_|$allowd_local_3pids_sed_param|g" /etc/matrix-$app/homeserver.yaml
    ynh_store_file_checksum --file=/etc/matrix-$app/homeserver.yaml
    ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
 }
 configure_coturn() {
    # Get public IP and set as external IP for coturn
    # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
@ -132,22 +72,13 @@ configure_coturn() {
    local turn_external_ip=""
    if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
    then
-        turn_external_ip+="external-ip=$public_ip4\\n"
+        turn_external_ip+="$public_ip4,"
    fi
    if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
    then
-        turn_external_ip+="external-ip=$public_ip6\\n"
+        turn_external_ip+="$public_ip6"
    fi
-    local turn_clear_com_param=''
+    ynh_add_jinja_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
    if $enable_dtls_for_audio_video_turn_call; then
        turn_clear_com_param+='# Block clear communication\nno-udp\nno-tcp'
    fi
    ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
    sed -i "s|_TURN_CLEAR_COM_PARAM_|$turn_clear_com_param|g" /etc/matrix-$app/coturn.conf
    sed -i "s|_TURN_EXTERNAL_IP_|$turn_external_ip|g" /etc/matrix-$app/coturn.conf
    ynh_store_file_checksum --file=/etc/matrix-$app/coturn.conf
 }
 configure_nginx() {
@ -169,29 +100,177 @@ configure_nginx() {
    ynh_add_nginx_config
 }
-set_permissions() {
+ensure_vars_set() {
-    chown $app:$app -R $code_dir
+    if [ -z "${report_stats:-}" ]; then
-    chmod o= -R $code_dir
+        report_stats=false
        ynh_app_setting_set --app="$app" --key=report_stats --value="$report_stats"
    fi
    if [ -z "${e2e_enabled_by_default:-}" ] ; then
        e2e_enabled_by_default=invite
        ynh_app_setting_set --app="$app" --key=e2e_enabled_by_default --value="$e2e_enabled_by_default"
    fi
-    chmod 770 $code_dir/Coturn_config_rotate.sh
+    if [ -z "${web_client_location:-}" ]
-    chmod 700 $code_dir/update_synapse_for_appservice.sh
+    then
-    chmod 700 $code_dir/set_admin_user.sh
+        web_client_location="https://matrix.to/"
-    chmod 755 $code_dir/sliding-chroot/bin/sliding-proxy
+
        element_instance=element
        if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then
            element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
            element_path=$(ynh_app_setting_get --app $element_instance --key path)
            web_client_location="https://""$element_domain""$element_path"
        fi
        ynh_app_setting_set --app="$app" --key=web_client_location --value="$web_client_location"
    fi
    if [ -z "${client_base_url:-}" ]
    then
        client_base_url="$web_client_location"
        ynh_app_setting_set --app="$app" --key=client_base_url --value="$client_base_url"
    fi
    if [ -z "${invite_client_location:-}" ]
    then
        invite_client_location="$web_client_location"
        ynh_app_setting_set --app="$app" --key=invite_client_location --value="$invite_client_location"
    fi
    if [ -z "${allow_public_rooms_without_auth:-}" ]
    then
        allow_public_rooms_without_auth=${allow_public_rooms:-false}
        ynh_app_setting_set --app="$app" --key=allow_public_rooms_without_auth --value="$allow_public_rooms_without_auth"
    fi
    if [ -z "${allow_public_rooms_over_federation:-}" ]
    then
        allow_public_rooms_over_federation=${allow_public_rooms:-false}
        ynh_app_setting_set --app="$app" --key=allow_public_rooms_over_federation --value="$allow_public_rooms_over_federation"
    fi
    if [ -z "${max_upload_size:-}" ]
    then
        max_upload_size=100M
        ynh_app_setting_set --app="$app" --key=max_upload_size --value="$max_upload_size"
    fi
    if [ -z "${disable_msisdn_registration:-}" ]
    then
        disable_msisdn_registration=true
        ynh_app_setting_set --app="$app" --key=disable_msisdn_registration --value=$disable_msisdn_registration
    fi
    if [ -z "${account_threepid_delegates_msisdn:-}" ]
    then
        account_threepid_delegates_msisdn=''
        ynh_app_setting_set --app="$app" --key=account_threepid_delegates_msisdn --value="$account_threepid_delegates_msisdn"
    fi
    if [ -z "${registrations_require_3pid:-}" ]
    then
        registrations_require_3pid=email
        ynh_app_setting_set --app="$app" --key=registrations_require_3pid --value="$registrations_require_3pid"
    fi
    if [ -z "${allowed_local_3pids_email:-}" ]
    then
        allowed_local_3pids_email=''
        ynh_app_setting_set --app="$app" --key=allowed_local_3pids_email --value="$allowed_local_3pids_email"
    fi
    if [ -z "${allowed_local_3pids_msisdn:-}" ]
    then
        allowed_local_3pids_msisdn=''
        ynh_app_setting_set --app="$app" --key=allowed_local_3pids_msisdn --value="$allowed_local_3pids_msisdn"
    fi
    if [ -z "${account_threepid_delegates_msisdn:-}" ]
    then
        account_threepid_delegates_msisdn=""
        ynh_app_setting_set --app="$app" --key=account_threepid_delegates_msisdn --value="$account_threepid_delegates_msisdn"
    fi
    if [ -z "${allow_guest_access:-}" ]
    then
        allow_guest_access=false
        ynh_app_setting_set --app="$app" --key=allow_guest_access --value="$allow_guest_access"
    fi
    if [ -z "${default_identity_server:-}" ]
    then
        default_identity_server='https://matrix.org'
        ynh_app_setting_set --app=$app --key=default_identity_server --value="$default_identity_server"
    fi
    if [ -z "${auto_join_rooms:-}" ]
    then
        auto_join_rooms=''
        ynh_app_setting_set --app="$app" --key=auto_join_rooms --value="$auto_join_rooms"
    fi
    if [ -z "${autocreate_auto_join_rooms:-}" ]
    then
        autocreate_auto_join_rooms=false
        ynh_app_setting_set --app="$app" --key=autocreate_auto_join_rooms --value="$autocreate_auto_join_rooms"
    fi
    if [ -z "${auto_join_rooms_for_guests:-}" ]
    then
        auto_join_rooms_for_guests=true
        ynh_app_setting_set --app="$app" --key=auto_join_rooms_for_guests --value="$auto_join_rooms_for_guests"
    fi
    if [ -z "${enable_notifs:-}" ]
    then
        enable_notifs=true
        ynh_app_setting_set --app="$app" --key=enable_notifs --value="$enable_notifs"
    fi
    if [ -z "${notif_for_new_users:-}" ]
    then
        notif_for_new_users=true
        ynh_app_setting_set --app="$app" --key=notif_for_new_users --value="$notif_for_new_users"
    fi
    if [ -z "${enable_group_creation:-}" ]
    then
        enable_group_creation=true
        ynh_app_setting_set --app="$app" --key=enable_group_creation --value="$enable_group_creation"
    fi
    if [ -z "${enable_3pid_lookup:-}" ]
    then
        enable_3pid_lookup=false
        ynh_app_setting_set --app="$app" --key=enable_3pid_lookup --value="$enable_3pid_lookup"
    fi
    if [ -z "${push_include_content:-}" ]
    then
        push_include_content=true
        ynh_app_setting_set --app="$app" --key=push_include_content --value="$push_include_content"
    fi
    if [ -z "${enable_dtls_for_audio_video_turn_call:-}" ]
    then
        enable_dtls_for_audio_video_turn_call=true
        ynh_app_setting_set --app="$app" --key=enable_dtls_for_audio_video_turn_call --value="$enable_dtls_for_audio_video_turn_call"
    fi
    if [ -z "${sync_proxy_secret:-}" ]
    then
        sync_proxy_secret=$(ynh_string_random -l 40)
        ynh_app_setting_set --app=$app --key=sync_proxy_secret --value=$sync_proxy_secret
    fi
 }
 set_permissions() {
    chown $app:$app -R "$code_dir"
    chmod o= -R "$code_dir"
    chmod 770 "$code_dir"/Coturn_config_rotate.sh
    chmod 700 "$code_dir"/update_synapse_for_appservice.sh
    chmod 700 "$code_dir"/set_admin_user.sh
    chmod 755 "$code_dir"/sliding-chroot/bin/sliding-proxy
    if [ "${1:-}" == data ]; then
-        find $data_dir \(   \! -perm -o= \
+        find "$data_dir" \(   \! -perm -o= \
-                         -o \! -user $app \
+                         -o \! -user "$app" \
-                         -o \! -group $app \) \
+                         -o \! -group "$app" \) \
-                    -exec chown $app:$app {} \; \
+                    -exec chown "$app:$app" {} \; \
                    -exec chmod o= {} \;
    fi
-    chown $app:$app -R /etc/matrix-$app
+    chown "$app:$app" -R /etc/matrix-"$app"
-    chmod u=rwX,g=rX,o= -R /etc/matrix-$app
+    chmod u=rwX,g=rX,o= -R /etc/matrix-"$app"
-    setfacl -R -m user:turnserver:rX  /etc/matrix-$app
+    setfacl -R -m user:turnserver:rX  /etc/matrix-"$app"
-    chmod 600 /etc/matrix-$app/$server_name.signing.key
+    chmod 600 /etc/matrix-"$app"/"$server_name".signing.key
-    chown $app:root -R /var/log/matrix-$app
+    chown "$app":root -R /var/log/matrix-"$app"
-    setfacl -R -m user:turnserver:rwX  /var/log/matrix-$app
+    setfacl -R -m user:turnserver:rwX  /var/log/matrix-"$app"
 }
--- a/scripts/backup
+++ b/scripts/backup
@ -14,7 +14,7 @@ source /usr/share/yunohost/helpers
 # MANAGE SCRIPT FAILURE
 #=================================================
-if [[ ! "$(systemctl status $app.service)" =~ "Active: inactive (dead)" ]]; then
+if systemctl is-active $app.service --quiet; then
    ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop $app service with this command before to run the backup 'systemctl stop $app.service'"
 fi
--- a/scripts/change_url
+++ b/scripts/change_url
@ -10,7 +10,7 @@ source ./_common.sh
 source /usr/share/yunohost/helpers
 # We stop the service
-ynh_systemd_action --service_name=$app.service.service --action=stop
+ynh_systemd_action --service_name=$app.service --action=stop
 #=================================================
 # STANDARD MODIFICATIONS
@ -28,8 +28,8 @@ configure_nginx
 #=================================================
 ynh_script_progression --message="Updating Synapse config..." --weight=2
-
+ynh_add_jinja_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
-configure_synapse
+ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
 #=================================================
 # SECURE FILES AND DIRECTORIES
--- a/scripts/config
+++ b/scripts/config
@ -6,6 +6,7 @@
 # IMPORT GENERIC HELPERS
 #=================================================
 source ./experimental_helper.sh
 source ./_common.sh
 source /usr/share/yunohost/helpers
@ -26,7 +27,8 @@ ynh_app_config_validate() {
 ynh_app_config_apply() {
    _ynh_app_config_apply
    configure_nginx
-    configure_synapse
+    ynh_add_jinja_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
    ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
    set_permissions
 }
--- a/scripts/experimental_helper.sh
+++ b/scripts/experimental_helper.sh
@ -0,0 +1,135 @@
 # Create a dedicated config file from a jinja template
 #
 # usage: ynh_add_jinja_config --template="template" --destination="destination"
 # | arg: -t, --template=     - Template config file to use
 # | arg: -d, --destination=  - Destination of the config file
 # | arg: -i, --ignore_vars=  - List separated by space of script variables to ignore and don't pass in the jinja context.
 # |                            This could be useful mainly for special share which can't be retried by reference name (like the array).
 #
 # examples:
 #    ynh_add_jinja_config --template="app.conf" --destination="$install_dir/app.conf"
 #    ynh_add_jinja_config --template="app-env" --destination="$install_dir/app-env" --ignore_vars="complex_array yolo"
 #
 # The template can be by default the name of a file in the conf directory
 #
 # The helper will verify the checksum and backup the destination file
 # if it's different before applying the new template.
 #
 # And it will calculate and store the destination file checksum
 # into the app settings when configuration is done.
 #
 ##
 ## About the variables passed to the template:
 ##
 #
 # All variable defined in the script are available into the template (as string) except someone described below.
 # If a variable make crash the helper for some reason (by example if the variable is of type array)
 # or you just want to don't pass a specific variable for some other reason you can add it in the '--ignore_vars=' parameter as described above.
 # Here are the list of ignored variable and so there won't never be available in the template:
 # - All system environment variable like (TERM, USER, PATH, LANG, etc).
 #   If you need someone you just need to declare an other variable with the same value.
 #   Note that all Yunohost variable whose name begins by 'YNH_' are available and can be used in the template.
 # - This following list:
 #        legacy_args args_array template destination ignore_vars template_path python_env_var ignore_var_regex
 #        progress_scale progress_string0 progress_string1 progress_string2
 #        old changed binds types file_hash formats
 #
 ##
 ## Usage in templates:
 ##
 #
 # For a full documentation of the template you can refer to: https://jinja.palletsprojects.com/en/3.1.x/templates/
 # In Yunohost context there are no really some specificity except that all variable passed are of type string.
 # So here are some example of recommended usage:
 #
 # If you need a conditional block
 #
 # {% if should_my_block_be_shown == 'true' %}
 # ...
 # {% endif %}
 #
 # or
 #
 # {% if should_my_block_be_shown == '1' %}
 # ...
 # {% endif %}
 #
 # If you need to iterate with loop:
 #
 # {% for yolo in var_with_multiline_value.splitlines() %}
 # ...
 # {% endfor %}
 #
 # or
 #
 # {% for jail in my_var_with_coma.split(',') %}
 # ...
 # {% endfor %}
 #
 ynh_add_jinja_config() {
    # Declare an array to define the options of this helper.
    local legacy_args=tdi
    local -A args_array=([t]=template= [d]=destination= [i]=ignore_vars= )
    local template
    local destination
    local ignore_vars
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    local template_path
    #
    ## List of all vars ignored and not passed to the template
    # WARNING Update the list on the helper documentation at the top of the helper, if you change this list
    #
    # local vars used in the helper
    ignore_vars+=" legacy_args args_array template destination ignore_vars template_path python_env_var ignore_var_regex"
    # yunohost helpers
    ignore_vars+=" progress_scale progress_string0 progress_string1 progress_string2"
    # Arrays used in config panel
    ignore_vars+=" old changed binds types file_hash formats"
    if [ -f "$YNH_APP_BASEDIR/conf/$template" ]; then
        template_path="$YNH_APP_BASEDIR/conf/$template"
    elif [ -f "$template" ]; then
        template_path=$template
    else
        ynh_die --message="The provided template $template doesn't exist"
    fi
    ynh_backup_if_checksum_is_different --file="$destination"
    # Make sure to set the permissions before we copy the file
    # This is to cover a case where an attacker could have
    # created a file beforehand to have control over it
    # (cp won't overwrite ownership / modes by default...)
    touch "$destination"
    chown root:root "$destination"
    chmod 640 "$destination"
    local python_env_var=''
    local ignore_var_regex
    ignore_var_regex="$(echo "$ignore_vars" | sed -E 's@^\s*(.*\w)\s*$@\1@g' | sed -E 's@(\s+)@|@g')"
    while read -r one_var; do
        # Blacklist of var to not pass to template
        if { [[ "$one_var" =~ ^[A-Z0-9_]+$ ]] && [[ "$one_var" != YNH_* ]]; } \
            || [[ "$one_var" =~ ^($ignore_var_regex)$ ]]; then
            continue
        fi
        # Well python is very bad for the last character on raw string
        # https://stackoverflow.com/questions/647769/why-cant-pythons-raw-string-literals-end-with-a-single-backslash
        # So the solution here is to add one last char '-' so we know what it is
        # and we are sure that it not \ or ' or something else which will be problematic with python
        # And then we remove it while we are processing
        python_env_var+="$one_var=r'''${!one_var}-'''[:-1],"
    done <<< "$(compgen -v)"
    _ynh_apply_default_permissions "$destination"
    (
        python3 -c 'import os, sys, jinja2; sys.stdout.write(
                    jinja2.Template(source=sys.stdin.read(),
                                    undefined=jinja2.StrictUndefined,
                    ).render('"$python_env_var"'));' <"$template_path" >"$destination"
    )
    ynh_store_file_checksum --file="$destination"
 }
--- a/scripts/install
+++ b/scripts/install
@ -23,76 +23,19 @@ fi
 ynh_script_progression --message="Storing installation settings..." --weight=1
-report_stats="false"
+ensure_vars_set
 e2e_enabled_by_default="off"
 allow_public_rooms_without_auth="false"
 allow_public_rooms_over_federation="false"
 max_upload_size="100M"
 disable_msisdn_registration="true"
 registrations_require_3pid=email
 allowed_local_3pids_email=""
 allowed_local_3pids_msisdn=""
 allow_guest_access="false"
 account_threepid_delegates_msisdn=""
 default_identity_server="https://matrix.org"
 auto_join_rooms=""
 autocreate_auto_join_rooms="false"
 auto_join_rooms_for_guests="true"
 enable_notifs="true"
 notif_for_new_users="true"
 enable_group_creation="true"
 push_include_content="true"
 enable_3pid_lookup=false
 enable_dtls_for_audio_video_turn_call=true
 if [ "$is_free_registration" -eq 0 ]
 then
-    enable_registration="false"
+    enable_registration=false
-    password_enabled="false"
+    password_enabled=false
 else
-    enable_registration="true"
+    enable_registration=true
-    password_enabled="true"
+    password_enabled=true
 fi
-element_ynh_url="https://matrix.to/"
+ynh_app_setting_set --app="$app" --key=password_enabled --value="$password_enabled"
-# Get app name of first Element Instance (can be changed later in Config Panel)
+ynh_app_setting_set --app="$app" --key=enable_registration --value="$enable_registration"
 element_instance="element"
 if yunohost --output-as plain app list | grep -q "^$element_instance$"; then
    element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
    element_path=$(ynh_app_setting_get --app $element_instance --key path)
    element_ynh_url="https://""$element_domain""$element_path"
 fi
 web_client_location=$element_ynh_url
 client_base_url=$element_ynh_url
 invite_client_location=$element_ynh_url
 ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
 ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
 ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location
 ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url
 ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
 ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth
 ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation
 ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size
 ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration
 ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid
 ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email
 ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn
 ynh_app_setting_set --app=$app --key=account_threepid_delegates_msisdn --value=$account_threepid_delegates_msisdn
 ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access
 ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server
 ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms
 ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms
 ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests
 ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
 ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs
 ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users
 ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation
 ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
 ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
 ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
 ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
 ynh_app_setting_set --app=$app --key=enable_dtls_for_audio_video_turn_call --value=$enable_dtls_for_audio_video_turn_call
 #=================================================
 # STANDARD MODIFICATIONS
@ -118,7 +61,7 @@ ynh_script_progression --message="Creating a dh file..." --weight=3
 # Make dh cert for synapse if it doesn't exist
 if [ ! -e /etc/ssl/private/dh2048.pem ]
 then
-    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
+    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -dsaparam 2048
    chown root:ssl-cert /etc/ssl/private/dh2048.pem
    chmod 640 /etc/ssl/private/dh2048.pem
 fi
@ -180,13 +123,11 @@ $code_dir/bin/python -m synapse.app.homeserver --keys-directory /etc/matrix-$app
 registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
 form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
 macaroon_secret_key=$(egrep "^macaroon_secret_key:" homeserver.yml | cut -d'"' -f2)
 sync_proxy_secret=$(ynh_string_random -l 40)
 # store in yunohost settings
 ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
 ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
 ynh_app_setting_set --app=$app --key=macaroon_secret_key --value="$macaroon_secret_key"
 ynh_app_setting_set --app=$app --key=sync_proxy_secret --value="$sync_proxy_secret"
 #=================================================
 # SETUP SYSTEMD
@ -222,7 +163,8 @@ ynh_script_progression --message="Configuring Synapse..." --weight=2
 turnserver_pwd=$(ynh_string_random --length=30)
 ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
-configure_synapse
+ynh_add_jinja_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
 ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
 ynh_add_config --template=sliding_proxy.conf --destination=/etc/matrix-$app/sliding_proxy.conf
 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -89,7 +89,7 @@ ynh_script_progression --message="Creating a dh file..." --weight=40
 # Make dh cert for synapse if it doesn't exist
 if [ ! -e /etc/ssl/private/dh2048.pem ]
 then
-    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
+    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -dsaparam 2048
    chown root:ssl-cert /etc/ssl/private/dh2048.pem
    chmod 640 /etc/ssl/private/dh2048.pem
 fi
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -33,6 +33,8 @@ if [ -z "${domain:-}" ]; then
    ynh_app_setting_set --app=$app --key=no_sso --value true
 fi
 ensure_vars_set
 # Define $server_name if not already defined
 if [ -z "${server_name:-}" ]; then
    server_name=$domain
@ -45,135 +47,30 @@ if [ -z "${jitsi_server:-}" ]; then
    ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server
 fi
 # Define $e2e_enabled_by_default if not already defined
 if [ -z "${e2e_enabled_by_default:-}" ] ; then
    e2e_enabled_by_default="invite"
    ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
 fi
 if [ "$e2e_enabled_by_default" = "true" ] ; then
    e2e_enabled_by_default="all"
    ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
 fi
 if [ "$e2e_enabled_by_default" = "false" ]; then
    e2e_enabled_by_default="off"
    ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
 fi
-if [ -z "${report_stats:-}" ]; then
+if [ "${registrations_require_3pid}" == none ]
    report_stats="false"
    ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
 fi
 if [ -z "${web_client_location:-}" ]
 then
    web_client_location="https://matrix.to/"
    element_instance="element"
    if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then
        element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
        element_path=$(ynh_app_setting_get --app $element_instance --key path)
        web_client_location="https://""$element_domain""$element_path"
    fi
    ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location
 fi
 if [ -z "${client_base_url:-}" ]
 then
    client_base_url=$web_client_location
    ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url
 fi
 if [ -z "${invite_client_location:-}" ]
 then
    invite_client_location=$web_client_location
    ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
 fi
 if [ -z "${allow_public_rooms_without_auth:-}" ]
 then
    allow_public_rooms_without_auth=${allow_public_rooms:-false}
    ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth
 fi
 if [ -z "${allow_public_rooms_over_federation:-}" ]
 then
    allow_public_rooms_over_federation=${allow_public_rooms:-false}
    ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation
 fi
 if [ -z "${max_upload_size:-}" ]
 then
    max_upload_size="100M"
    ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size
 fi
 if [ -z "${disable_msisdn_registration:-}" ]
 then
    disable_msisdn_registration="true"
    ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration
 fi
 if [ -z "${registrations_require_3pid:-}" ] || [ "${registrations_require_3pid}" == none ]
 then
    registrations_require_3pid=email
    ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid
 fi
-if [ -z "${allowed_local_3pids_email:-}" ] || [[ "${allowed_local_3pids_email}" =~ \'.*\' ]] # Also remove shit value from previous config panel
+if [[ "${allowed_local_3pids_email}" =~ \'.*\' ]] # Also remove shit value from previous config panel
 then
    allowed_local_3pids_email=''
    ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email
 fi
-if [ -z "${allowed_local_3pids_msisdn:-}" ] || [[ "${allowed_local_3pids_msisdn}" =~ \'.*\' ]] # Also remove shit value from previous config panel
+if [[ "${allowed_local_3pids_msisdn}" =~ \'.*\' ]] # Also remove shit value from previous config panel
 then
    allowed_local_3pids_msisdn=''
    ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn
 fi
 if [ -z "${account_threepid_delegates_msisdn:-}" ]
 then
    account_threepid_delegates_msisdn=""
    ynh_app_setting_set --app=$app --key=account_threepid_delegates_msisdn --value=$account_threepid_delegates_msisdn
 fi
 if [ -z "${allow_guest_access:-}" ]
 then
    allow_guest_access="false"
    ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access
 fi
 if [ -z "${default_identity_server:-}" ]
 then
    default_identity_server="https://matrix.org"
    ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server
 fi
 if [ -z "${auto_join_rooms:-}" ]
 then
    auto_join_rooms=""
    ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms
 fi
 if [ -z "${autocreate_auto_join_rooms:-}" ]
 then
    autocreate_auto_join_rooms="false"
    ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms
 fi
 if [ -z "${auto_join_rooms_for_guests:-}" ]
 then
    auto_join_rooms_for_guests="true"
    ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests
 fi
 if [ -z "${enable_notifs:-}" ]
 then
    enable_notifs="true"
    ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs
 fi
 if [ -z "${notif_for_new_users:-}" ]
 then
    notif_for_new_users="true"
    ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users
 fi
 if [ -z "${enable_group_creation:-}" ]
 then
    enable_group_creation="true"
    ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation
 fi
 if [ -z "${enable_3pid_lookup:-}" ]
 then
    enable_3pid_lookup=false
    ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
 fi
 if [ -z "${enable_registration:-}" ]
 then
@ -194,22 +91,6 @@ then
  ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
 fi
 if [ -z "${push_include_content:-}" ]
 then
    push_include_content="true"
    ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
 fi
 if [ -z "${enable_dtls_for_audio_video_turn_call:-}" ]
 then
    enable_dtls_for_audio_video_turn_call=true
    ynh_app_setting_set --app=$app --key=enable_dtls_for_audio_video_turn_call --value=$enable_dtls_for_audio_video_turn_call
 fi
 if [ -z "${sync_proxy_secret:-}" ]
 then
    sync_proxy_secret=$(ynh_string_random -l 40)
    ynh_app_setting_set --app=$app --key=sync_proxy_secret --value=$sync_proxy_secret
 fi
 # remove legacy env file into /etc/default
 ynh_secure_remove --file=/etc/default/coturn-$app
@ -282,7 +163,7 @@ if [ ! -e /etc/ssl/private/dh2048.pem ]
 then
    ynh_script_progression --message="Creating a dh file..." --weight=1
-    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
+    ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -dsaparam 2048
    chown root:ssl-cert /etc/ssl/private/dh2048.pem
    chmod 640 /etc/ssl/private/dh2048.pem
 fi
@ -354,7 +235,7 @@ if grep -q "^matrix-$app" /etc/passwd; then
    # Must stop php before remove user as user is used by php
    systemctl stop php$YNH_PHP_VERSION-fpm.service
-    ynh_''system_user_delete --username=matrix-$app
+    ynh_''system_user_delete --username=matrix-"$app" || true
    yunohost user delete $app || true
    ynh_''system_user_create --username=$app --home_dir=$code_dir
    adduser $app ssl-cert
@ -408,7 +289,8 @@ fi
 #=================================================
 ynh_script_progression --message="Updating synapse config..." --weight=2
-configure_synapse
+ynh_add_jinja_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
 ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
 ynh_add_config --template=sliding_proxy.conf --destination=/etc/matrix-$app/sliding_proxy.conf
 #=================================================