diff --git a/README.md b/README.md
index 373402b..144147c 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ Instant messaging server matrix network.
Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
-**Shipped version:** 1.102.0~ynh1
+**Shipped version:** 1.103.0~ynh1
## Documentation and resources
- Official app website:
diff --git a/auto_update/auto_update.sh b/auto_update/auto_update.sh
index 5edf5a6..8b58ad6 100644
--- a/auto_update/auto_update.sh
+++ b/auto_update/auto_update.sh
@@ -2,6 +2,8 @@
set -eu
+readonly app_name=synapse
+
source auto_update_config.sh
readonly debian_version_name_1=bullseye
@@ -21,20 +23,20 @@ EOL
echo $result | jq -r "$1"
}
-check_synapse() {
- synapse_remote_version=$(curl 'https://api.github.com/repos/element-hq/synapse/releases/latest' -H 'Host: api.github.com' --compressed | jq -r ".tag_name" | cut -dv -f2)
+check_app_version() {
+ local app_remote_version=$(curl 'https://api.github.com/repos/element-hq/synapse/releases/latest' -H 'Host: api.github.com' --compressed | jq -r ".tag_name" | cut -dv -f2)
## Check if new build is needed
- if [[ "$synapse_version" != "$synapse_remote_version" ]]
+ if [[ "$app_version" != "$app_remote_version" ]]
then
- synapse_version="$synapse_remote_version"
+ app_version="$app_remote_version"
return 0
else
return 1
fi
}
-upgrade_synapse() {
+upgrade_app() {
(
set -eu
@@ -42,12 +44,12 @@ upgrade_synapse() {
# arm build: ${result_prefix_name_deb_1}-bin1_armv7l.tar.gz
# arm build checksum: ${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt
# requirement.txt: ${result_prefix_name_deb_1}-build1_requirement.txt
- readonly result_prefix_name_deb_1="matrix-synapse_${synapse_version}-$debian_version_name_1"
- readonly result_prefix_name_deb_2="matrix-synapse_${synapse_version}-$debian_version_name_2"
+ readonly result_prefix_name_deb_1="matrix-synapse_${app_version}-$debian_version_name_1"
+ readonly result_prefix_name_deb_2="matrix-synapse_${app_version}-$debian_version_name_2"
# Build armv7 build
- build_cmd_deb_1 $synapse_version $result_prefix_name_deb_1
- build_cmd_deb_2 $synapse_version $result_prefix_name_deb_2
+ build_cmd_deb_1 $app_version $result_prefix_name_deb_1
+ build_cmd_deb_2 $app_version $result_prefix_name_deb_2
push_armv7_build
# Update python requirement
@@ -55,30 +57,30 @@ upgrade_synapse() {
cp "$build_result_path_deb_2/${result_prefix_name_deb_2}"-build1_requirement.txt ../conf/requirement_"$debian_version_name_2".txt
# Update manifest
- sed -r -i 's|version = "[[:alnum:].]{4,8}~ynh1"|version = "'${synapse_version}'~ynh1"|' ../manifest.toml
+ sed -r -i 's|version = "[[:alnum:].]{4,8}~ynh[[:alnum:].]{1,2}"|version = "'${app_version}'~ynh1"|' ../manifest.toml
# Update this link
- sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_1-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${synapse_version}/matrix-synapse_${synapse_version}-$debian_version_name_1-bin1_armv7l.tar.gz|" ../manifest.toml
- sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_2-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${synapse_version}/matrix-synapse_${synapse_version}-$debian_version_name_2-bin1_armv7l.tar.gz|" ../manifest.toml
+ sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,10}/matrix-synapse_[[:alnum:].]{4,10}-$debian_version_name_1-bin[[:digit:]]_armv7l.tar.gz|armhf.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_1-bin1_armv7l.tar.gz|" ../manifest.toml
+ sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,10}/matrix-synapse_[[:alnum:].]{4,10}-$debian_version_name_2-bin[[:digit:]]_armv7l.tar.gz|armhf.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_2-bin1_armv7l.tar.gz|" ../manifest.toml
# Update checksum
sha256sum_arm_archive_deb_1=$(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt)
sha256sum_arm_archive_deb_2=$(cat $build_result_path_deb_2/${result_prefix_name_deb_2}-bin1_armv7l-sha256.txt)
- prev_sha256sum_arm_archive_deb_1=$(get_from_manifest ".resources.sources.synapse_prebuilt_armv7_$debian_version_name_1.armhf.sha256")
- prev_sha256sum_arm_archive_deb_2=$(get_from_manifest ".resources.sources.synapse_prebuilt_armv7_$debian_version_name_2.armhf.sha256")
+ prev_sha256sum_arm_archive_deb_1=$(get_from_manifest ".resources.sources.${app_name}_prebuilt_armv7_$debian_version_name_1.armhf.sha256")
+ prev_sha256sum_arm_archive_deb_2=$(get_from_manifest ".resources.sources.${app_name}_prebuilt_armv7_$debian_version_name_2.armhf.sha256")
sed -r -i "s|$prev_sha256sum_arm_archive_deb_1|$sha256sum_arm_archive_deb_1|" ../manifest.toml
sed -r -i "s|$prev_sha256sum_arm_archive_deb_2|$sha256sum_arm_archive_deb_2|" ../manifest.toml
- git commit -a -m "Upgrade synapse to $synapse_version"
+ git commit -a -m "Upgrade $app_name to $app_version"
git push gitea auto_update:auto_update
- ) 2>&1 | tee "synapse_build_temp.log"
+ ) 2>&1 | tee "${app_name}_build_temp.log"
return ${PIPESTATUS[0]}
}
push_armv7_build() {
## Make a draft release json with a markdown body
- local release='"tag_name": "v'$synapse_version'", "target_commitish": "master", "name": "v'$synapse_version'", '
- local body="Synapse prebuilt bin for synapse_ynh\\n=========\\nPlease refer to upstream project for the change : https://github.com/element-hq/synapse/releases\\n\\nSha256sum for $debian_version_name_1 : $(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt)\\nSha256sum for $debian_version_name_2 : $(cat $build_result_path_deb_2/${result_prefix_name_deb_2}-bin1_armv7l-sha256.txt)"
+ local release='"tag_name": "v'$app_version'", "target_commitish": "master", "name": "v'$app_version'", '
+ local body="$app_name prebuilt bin for ${app_name}_ynh\\n=========\\nPlease refer to upstream project for the change : https://github.com/element-hq/synapse/releases\\n\\nSha256sum for $debian_version_name_1 : $(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt)\\nSha256sum for $debian_version_name_2 : $(cat $build_result_path_deb_2/${result_prefix_name_deb_2}-bin1_armv7l-sha256.txt)"
release+='"body": "'$body'",'
release+='"draft": true, "prerelease": false'
release='{'$release'}'
@@ -148,12 +150,12 @@ push_armv7_build() {
done
}
-synapse_version=$(get_from_manifest ".version" | cut -d'~' -f1)
+app_version=$(get_from_manifest ".version" | cut -d'~' -f1)
-if check_synapse
+if check_app_version
then
set +eu
- upgrade_synapse
+ upgrade_app
res=$?
set -eu
if [ $res -eq 0 ]; then
@@ -161,7 +163,7 @@ then
else
result="Failed"
fi
- msg="Build: synapse version $synapse_version\n"
- msg+="$(cat synapse_build_temp.log)"
- echo -e "$msg" | mail.mailutils -a "Content-Type: text/plain; charset=UTF-8" -s "Autoupgrade synapse : $result" "$notify_email"
+ msg="Build: $app_name version $app_version\n"
+ msg+="$(cat ${app_name}_build_temp.log)"
+ echo -e "$msg" | mail.mailutils -a "Content-Type: text/plain; charset=UTF-8" -s "Autoupgrade $app_name : $result" "$notify_email"
fi
diff --git a/conf/requirement_bookworm.txt b/conf/requirement_bookworm.txt
index c241eee..a880b37 100644
--- a/conf/requirement_bookworm.txt
+++ b/conf/requirement_bookworm.txt
@@ -12,7 +12,7 @@ cryptography==42.0.5
hyperlink==21.0.0
idna==3.6
ijson==3.2.3
-immutabledict==4.1.0
+immutabledict==4.2.0
incremental==22.10.0
Jinja2==3.1.3
jsonschema==4.21.1
@@ -21,26 +21,26 @@ ldap3==2.9.1
lxml==5.1.0
MarkupSafe==2.1.5
matrix-common==1.3.0
-matrix-synapse==1.102.0
+matrix-synapse==1.103.0
matrix-synapse-ldap3==0.3.0
msgpack==1.0.8
ndg-httpsclient==0.5.1
netaddr==1.2.1
-packaging==23.2
-phonenumbers==8.13.31
+packaging==24.0
+phonenumbers==8.13.32
pillow==10.2.0
prometheus_client==0.20.0
psycopg2==2.9.9
pyasn1==0.5.1
pyasn1-modules==0.3.0
pycparser==2.21
-pydantic==2.6.3
+pydantic==2.6.4
pydantic_core==2.16.3
pymacaroons==0.13.0
PyNaCl==1.5.0
-pyOpenSSL==24.0.0
+pyOpenSSL==24.1.0
PyYAML==6.0.1
-referencing==0.33.0
+referencing==0.34.0
requests==2.31.0
rpds-py==0.18.0
semantic-version==2.10.0
diff --git a/conf/requirement_bullseye.txt b/conf/requirement_bullseye.txt
index 5e0f242..0c04ddf 100644
--- a/conf/requirement_bullseye.txt
+++ b/conf/requirement_bullseye.txt
@@ -12,7 +12,7 @@ cryptography==42.0.5
hyperlink==21.0.0
idna==3.6
ijson==3.2.3
-immutabledict==4.1.0
+immutabledict==4.2.0
incremental==22.10.0
Jinja2==3.1.3
jsonschema==4.21.1
@@ -21,26 +21,26 @@ ldap3==2.9.1
lxml==5.1.0
MarkupSafe==2.1.5
matrix-common==1.3.0
-matrix-synapse==1.102.0
+matrix-synapse==1.103.0
matrix-synapse-ldap3==0.3.0
msgpack==1.0.8
ndg-httpsclient==0.5.1
netaddr==1.2.1
-packaging==23.2
-phonenumbers==8.13.31
+packaging==24.0
+phonenumbers==8.13.32
pillow==10.2.0
prometheus_client==0.20.0
psycopg2==2.9.9
pyasn1==0.5.1
pyasn1-modules==0.3.0
pycparser==2.21
-pydantic==2.6.3
+pydantic==2.6.4
pydantic_core==2.16.3
pymacaroons==0.13.0
PyNaCl==1.5.0
-pyOpenSSL==24.0.0
+pyOpenSSL==24.1.0
PyYAML==6.0.1
-referencing==0.33.0
+referencing==0.34.0
requests==2.31.0
rpds-py==0.18.0
semantic-version==2.10.0
diff --git a/conf/synapse-coturn.service b/conf/synapse-coturn.service
index d02409b..6b34a13 100644
--- a/conf/synapse-coturn.service
+++ b/conf/synapse-coturn.service
@@ -7,7 +7,7 @@ After=syslog.target network-online.target
User=turnserver
Group=turnserver
Type=notify
-EnvironmentFile=/etc/default/coturn-__APP__
+EnvironmentFile=/etc/matrix-__APP__/coturn_env
ExecStart=/usr/bin/turnserver -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS --pidfile=
Restart=on-failure
InaccessibleDirectories=/home
diff --git a/doc/ADMIN.md b/doc/ADMIN.md
index 7e2187d..c0d5747 100644
--- a/doc/ADMIN.md
+++ b/doc/ADMIN.md
@@ -1,17 +1,26 @@
-# Installation
-
-## Install for ARM arch (or slow arch)
-
-For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install.
-You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null`
-After that you can install it without problem.
-
-The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/YunoHost-Apps/synapse_python_build
-The script to build the binary is also available.
-
## Web client
-If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh .
+The most well-known Matrix web client is Element, which is available in the YunoHost app catalog: .
+
+### Important Security Note
+
+We do not recommend running Element from the same domain name as your Matrix homeserver (synapse). The reason is the risk of XSS (cross-site-scripting) vulnerabilities that could occur if someone caused Element to load and render malicious user generated content from a Matrix API which then had trusted access to Element (or other apps) due to sharing the same domain.
+
+We have put some coarse mitigations into place to try to protect against this situation, but it's still not a good practice to do it in the first place. See https://github.com/vector-im/element-web/issues/1977 for more details.
+
+## Admin UI
+
+You may be interested in the synapse-admin app, which provides an administration interface for synapse: .
+
+Then, to log in the API with your admin credentials (cf next section)
+
+### Set user as admin
+
+Currently, the client interface doesn't allow to grant admin rights. The workaround is to enable it manually in the database. The YunoHost app provides a small script to do so, which can be invoked:
+
+```bash
+/opt/yunohost/matrix-__APP__/set_admin_user.sh '@user_to_be_admin:domain.tld'
+```
## Access by federation
@@ -63,7 +72,7 @@ If you have a dynamic IP address, you also might need to update this config auto
## OpenVPN
-In case of you have an OpenVPN server you might want than `synapse-coturn` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content:
+If your server is behind a VPN, you may want `synapse-coturn` ti automatically restart when the VPN restarts. To do this, create a file named `/usr/local/bin/openvpn_up_script.sh` with this content:
```bash
#!/bin/bash
@@ -84,50 +93,31 @@ And add this line in your OpenVPN config file
ipchange /usr/local/bin/openvpn_up_script.sh
```
-## Important Security Note
+## Backup
-We do not recommend running Element from the same domain name as your Matrix
-homeserver (synapse). The reason is the risk of XSS (cross-site-scripting)
-vulnerabilities that could occur if someone caused Element to load and render
-malicious user generated content from a Matrix API which then had trusted
-access to Element (or other apps) due to sharing the same domain.
+Before any major maintenance action, it is recommended to backup the app.
-We have put some coarse mitigations into place to try to protect against this
-situation, but it's still not a good practice to do it in the first place. See
-https://github.com/vector-im/element-web/issues/1977 for more details.
+To ensure the integrity of the data, it is recommended to explictly stop the server during the backup:
-## Limitations
-
-Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM.
-
-This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh)
-
-# Additional information
-
-## Administration
-
-**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.**
-
-Before any manipulation it's recommended to do a backup by this following command :
-
-`sudo yunohost backup create --apps synapse`
-
-### Set user as admin
-
-Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database.
-
-The following command will grant admin privilege to the specified user:
+- Stop synapse service with theses following command:
```bash
-/opt/yunohost/matrix-/set_admin_user.sh '@user_to_be_admin:domain.tld'
+systemctl stop synapse.service
```
-### Administration API
+- Launch the backup of synapse with this following command:
+```bash
+yunohost backup create --app synapse
+```
-There are an admiminstration application available if needed for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh).
+- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/synapse`.
+- Restart the synapse service with these command:
+```bash
+systemctl start synapse.service
+```
-Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section).
+## Changing the server URL
-### Change url
+**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.**
Synapse give the possibility to change the domain of the instance. Note that this will only change the domain on which the synapse server will run. **This won't change the domain name of the account which is an other thing.**
@@ -141,16 +131,16 @@ The advantage of this is that you can put the app on a specific domain without i
To do the change url of synapse you can do it by this following command or with the webadmin.
```bash
-yunohost app change-url synapse
+sudo yunohost app change-url synapse
```
-#### Avoid the need to reconnect all client after change-url operation
+### Avoid the need to reconnect all client after change-url operation
-In case of you have changed the url of synapse and you don't wan't to reconnect all client there are this workaround which should solve the issue.
+If you did change the url of synapse and you don't wan't to reconnect all client, this workaround should solve the issue.
The idea is to setup again a minimal configuration on the previous domain so the client configurated with the previous domain will still work correctly.
-##### Nginx config
+#### Nginx config
Retrive the server port with this command:
```bash
@@ -174,35 +164,13 @@ Then reload nginx config:
systemctl reload nginx.service
```
-##### Add permanent rule on SSOWAT
+#### Add permanent rule on SSOWAT
- Edit the file `/etc/ssowat/conf.json.persistent`
- Add `"/_matrix"` into the list in: `permissions` > `custom_skipped` > `uris`
Now the configured client before the change-url should work again.
-### Backup
+## Removing the app
-This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this:
-
-- Stop synapse service with theses following command:
-```bash
-systemctl stop synapse.service
-```
-
-- Launch the backup of synapse with this following command:
-```bash
-yunohost backup create --app synapse
-```
-
-- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/synapse`.
-- Restart the synapse service with these command:
-```bash
-systemctl start synapse.service
-```
-
-### Remove
-
-Due of the backup core only feature the data directory in `/home/yunohost.app/synapse` **is not removed**.
-
-Use the `--purge` flag with the command, or remove it manually to purge app user data.
+The YunoHost policy is to not remove the data when removing an app (stored in `/home/yunohost.app/synapse`). Use the `--purge` flag during the removal of the app to remove those, or just manually delete the folder after the app is deleted.
diff --git a/doc/PRE_INSTALL.md b/doc/PRE_INSTALL.md
new file mode 100644
index 0000000..3283688
--- /dev/null
+++ b/doc/PRE_INSTALL.md
@@ -0,0 +1,3 @@
+- Synapse consumes a significant amount of resources (both CPU and ARM), and therefore is not recommended for "small" setups such as small ARM boards
+- During the install, the generation of Diffie-Hellman parameters may take a significant amount of time. You can speed things up by manually initializing them before running the install: `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null`
+- The package uses a prebuilt python virtual environnement. The binary are taken from this repository: . The script to build the binary is also available.
diff --git a/hooks/post_cert_update b/hooks/post_cert_update
index 91d776e..d495ebb 100644
--- a/hooks/post_cert_update
+++ b/hooks/post_cert_update
@@ -1,5 +1,5 @@
#!/bin/bash
if [ $1 == __DOMAIN__ ]; then
- systemctl restart matrix-__APP__
+ systemctl restart __APP__.service
fi
diff --git a/manifest.toml b/manifest.toml
index 1f7aa94..e7c8f8e 100644
--- a/manifest.toml
+++ b/manifest.toml
@@ -5,7 +5,7 @@ name = "Synapse"
description.en = "Instant messaging server which uses Matrix"
description.fr = "Serveur de messagerie instantané basé sur Matrix"
-version = "1.102.0~ynh1"
+version = "1.103.0~ynh1"
maintainers = ["Josué Tille"]
@@ -24,8 +24,8 @@ multi_instance = true
ldap = true
sso = "not_relevant"
disk = "250M"
-ram.build = "20M"
-ram.runtime = "200M"
+ram.build = "500M"
+ram.runtime = "1G"
[install]
[install.domain]
@@ -63,13 +63,13 @@ ram.runtime = "200M"
[resources]
[resources.sources.synapse_prebuilt_armv7_bookworm]
prefetch = false
- armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bookworm-bin2_armv7l.tar.gz"
- armhf.sha256 = "4027b8e41950aeec151dfa19eda2402e7974de56d33abb9eee3879e211227eef"
+ armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.103.0/matrix-synapse_1.103.0-bookworm-bin1_armv7l.tar.gz"
+ armhf.sha256 = "b5e11567d9f90067965a7b1a3eb3569b1eaaa68b261e7f38bc78a8618da09db9"
[resources.sources.synapse_prebuilt_armv7_bullseye]
prefetch = false
- armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bullseye-bin2_armv7l.tar.gz"
- armhf.sha256 = "5fd5296d76675cd7a109115e1eb035758c16b095cd953a65fc8cc840fb449e40"
+ armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.103.0/matrix-synapse_1.103.0-bullseye-bin1_armv7l.tar.gz"
+ armhf.sha256 = "f3e22265cfba060401cec2770b54d16b559a574baff93b78add3f8acc31aa1d8"
[resources.sources.sliding_proxy]
prefetch = true
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 5cd7494..3646d1e 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -46,9 +46,10 @@ install_sources() {
fi
# Apply patch for LDAP auth if needed
+ # Note that we put patch into scripts dir because /source are not stored and can't be used on restore
if ! grep -F -q '# LDAP Filter anonymous user Applied' $code_dir/lib/python$python_version/site-packages/ldap_auth_provider.py; then
pushd $code_dir/lib/python$python_version/site-packages
- patch < $YNH_APP_BASEDIR/sources/ldap_auth_filter_anonymous_user.patch
+ patch < $YNH_APP_BASEDIR/scripts/patch/ldap_auth_filter_anonymous_user.patch
popd
fi
diff --git a/scripts/backup b/scripts/backup
index 14a8c25..cda367e 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -71,7 +71,6 @@ ynh_backup --src_path="/etc/matrix-$app"
#=================================================
ynh_backup --src_path="/etc/systemd/system/$app.service"
-ynh_backup --src_path="/etc/default/coturn-$app"
ynh_backup --src_path="/etc/systemd/system/$app-coturn.service"
ynh_backup --src_path=/etc/systemd/system/$app-sliding-proxy.service
diff --git a/scripts/install b/scripts/install
index 7d7bc88..b79fe58 100644
--- a/scripts/install
+++ b/scripts/install
@@ -196,7 +196,7 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=2
# Create systemd service for synapse and turnserver
ynh_add_systemd_config --service=$app --template=synapse.service
-cp ../conf/default_coturn /etc/default/coturn-$app
+cp ../conf/default_coturn /etc/matrix-$app/coturn_env
ynh_add_systemd_config --service=$app-coturn --template=synapse-coturn.service
ynh_add_systemd_config --service=$app-sliding-proxy --template=synapse-sliding-proxy.service
diff --git a/sources/ldap_auth_filter_anonymous_user.patch b/scripts/patch/ldap_auth_filter_anonymous_user.patch
similarity index 100%
rename from sources/ldap_auth_filter_anonymous_user.patch
rename to scripts/patch/ldap_auth_filter_anonymous_user.patch
diff --git a/scripts/remove b/scripts/remove
index cb2a2f2..9c67e07 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -38,7 +38,6 @@ ynh_script_progression --message="Removing app main directory" --weight=2
ynh_secure_remove --file=$code_dir
ynh_secure_remove --file=/var/log/matrix-$app
ynh_secure_remove --file=/etc/matrix-$app
-ynh_secure_remove --file=/etc/default/coturn-$app
ynh_secure_remove --file=/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
#=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 64de386..c4a3d95 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -210,6 +210,9 @@ then
ynh_app_setting_set --app=$app --key=sync_proxy_secret --value=$sync_proxy_secret
fi
+# remove legacy env file into /etc/default
+ynh_secure_remove --file=/etc/default/coturn-$app
+
#=================================================
# MIGRATION 7 : STANDARDIZE SYSTEMD UNIT
#=================================================
@@ -479,7 +482,7 @@ ynh_script_progression --message="Upgrading systemd configuration..." --weight=3
# Create systemd service for synapse and turnserver
ynh_add_systemd_config --service=$app --template=synapse.service
-cp ../conf/default_coturn /etc/default/coturn-$app
+cp ../conf/default_coturn /etc/matrix-$app/coturn_env
ynh_add_systemd_config --service=$app-coturn --template=synapse-coturn.service
ynh_add_systemd_config --service=$app-sliding-proxy --template=synapse-sliding-proxy.service
diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh
index 168e85b..53743ae 100644
--- a/sources/Coturn_config_rotate.sh
+++ b/sources/Coturn_config_rotate.sh
@@ -3,9 +3,14 @@
set -eu
app=__APP__
+YNH_APP_BASEDIR=/etc/yunohost/apps/"$app"
pushd /etc/yunohost/apps/$app/conf
+
source /usr/share/yunohost/helpers
+
+# Must load db_name var to load _common.sh
+db_name=$(ynh_app_setting_get --app=$app --key=db_name)
source ../scripts/_common.sh
domain=$(ynh_app_setting_get --app=$app --key=domain)
@@ -13,6 +18,7 @@ port_cli=$(ynh_app_setting_get --app=$app --key=port_cli)
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
port_turnserver_tls=$(ynh_app_setting_get --app=$app --key=port_turnserver_tls)
port_turnserver_alt_tls=$(ynh_app_setting_get --app=$app --key=port_turnserver_alt_tls)
+enable_dtls_for_audio_video_turn_call=$(ynh_app_setting_get --app=$app --key=enable_dtls_for_audio_video_turn_call)
previous_checksum=$(ynh_app_setting_get --app=$app --key=checksum__etc_matrix-synapse_coturn.conf)
configure_coturn