Merge branch 'testing' into matrix_v2

2024-09-03 20:26:38 +02:00 · 2024-03-22 12:16:57 +01:00 · 2024-03-22 12:16:57 +01:00 · 24fb0036b9
commit 24fb0036b9
parent 72b21bf01c 173228bfdb
16 changed files with 111 additions and 130 deletions
--- a/README.md
+++ b/README.md
@ -20,7 +20,7 @@ Instant messaging server matrix network.
 Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
-**Shipped version:** 1.102.0~ynh1
+**Shipped version:** 1.103.0~ynh1
 ## Documentation and resources
 - Official app website: <https://matrix.org/>
--- a/auto_update/auto_update.sh
+++ b/auto_update/auto_update.sh
@ -2,6 +2,8 @@
 set -eu
 readonly app_name=synapse
 source auto_update_config.sh
 readonly debian_version_name_1=bullseye
@ -21,20 +23,20 @@ EOL
    echo $result | jq -r "$1"
 }
-check_synapse() {
+check_app_version() {
-    synapse_remote_version=$(curl 'https://api.github.com/repos/element-hq/synapse/releases/latest' -H 'Host: api.github.com' --compressed | jq -r ".tag_name" | cut -dv -f2)
+    local app_remote_version=$(curl 'https://api.github.com/repos/element-hq/synapse/releases/latest' -H 'Host: api.github.com' --compressed | jq -r ".tag_name" | cut -dv -f2)
    ## Check if new build is needed
-    if [[ "$synapse_version" != "$synapse_remote_version" ]]
+    if [[ "$app_version" != "$app_remote_version" ]]
    then
-        synapse_version="$synapse_remote_version"
+        app_version="$app_remote_version"
        return 0
    else
        return 1
    fi
 }
-upgrade_synapse() {
+upgrade_app() {
    (
        set -eu
@ -42,12 +44,12 @@ upgrade_synapse() {
        # arm build: ${result_prefix_name_deb_1}-bin1_armv7l.tar.gz
        # arm build checksum: ${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt
        # requirement.txt: ${result_prefix_name_deb_1}-build1_requirement.txt
-        readonly result_prefix_name_deb_1="matrix-synapse_${synapse_version}-$debian_version_name_1"
+        readonly result_prefix_name_deb_1="matrix-synapse_${app_version}-$debian_version_name_1"
-        readonly result_prefix_name_deb_2="matrix-synapse_${synapse_version}-$debian_version_name_2"
+        readonly result_prefix_name_deb_2="matrix-synapse_${app_version}-$debian_version_name_2"
        # Build armv7 build
-        build_cmd_deb_1 $synapse_version $result_prefix_name_deb_1
+        build_cmd_deb_1 $app_version $result_prefix_name_deb_1
-        build_cmd_deb_2 $synapse_version $result_prefix_name_deb_2
+        build_cmd_deb_2 $app_version $result_prefix_name_deb_2
        push_armv7_build
        # Update python requirement
@ -55,30 +57,30 @@ upgrade_synapse() {
        cp "$build_result_path_deb_2/${result_prefix_name_deb_2}"-build1_requirement.txt ../conf/requirement_"$debian_version_name_2".txt
        # Update manifest
-        sed -r -i 's|version = "[[:alnum:].]{4,8}~ynh1"|version = "'${synapse_version}'~ynh1"|' ../manifest.toml
+        sed -r -i 's|version = "[[:alnum:].]{4,8}~ynh[[:alnum:].]{1,2}"|version = "'${app_version}'~ynh1"|' ../manifest.toml
        # Update this link
-        sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_1-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${synapse_version}/matrix-synapse_${synapse_version}-$debian_version_name_1-bin1_armv7l.tar.gz|"  ../manifest.toml
+        sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,10}/matrix-synapse_[[:alnum:].]{4,10}-$debian_version_name_1-bin[[:digit:]]_armv7l.tar.gz|armhf.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_1-bin1_armv7l.tar.gz|"  ../manifest.toml
-        sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,8}/matrix-synapse_[[:alnum:].]{4,8}-$debian_version_name_2-bin1_armv7l.tar.gz|arm.url =\1/releases/download/v${synapse_version}/matrix-synapse_${synapse_version}-$debian_version_name_2-bin1_armv7l.tar.gz|"  ../manifest.toml
+        sed -r -i "s|armhf.url\s*=(.*)/releases/download/v[[:alnum:].]{4,10}/matrix-synapse_[[:alnum:].]{4,10}-$debian_version_name_2-bin[[:digit:]]_armv7l.tar.gz|armhf.url =\1/releases/download/v${app_version}/matrix-synapse_${app_version}-$debian_version_name_2-bin1_armv7l.tar.gz|"  ../manifest.toml
        # Update checksum
        sha256sum_arm_archive_deb_1=$(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt)
        sha256sum_arm_archive_deb_2=$(cat $build_result_path_deb_2/${result_prefix_name_deb_2}-bin1_armv7l-sha256.txt)
-        prev_sha256sum_arm_archive_deb_1=$(get_from_manifest ".resources.sources.synapse_prebuilt_armv7_$debian_version_name_1.armhf.sha256")
+        prev_sha256sum_arm_archive_deb_1=$(get_from_manifest ".resources.sources.${app_name}_prebuilt_armv7_$debian_version_name_1.armhf.sha256")
-        prev_sha256sum_arm_archive_deb_2=$(get_from_manifest ".resources.sources.synapse_prebuilt_armv7_$debian_version_name_2.armhf.sha256")
+        prev_sha256sum_arm_archive_deb_2=$(get_from_manifest ".resources.sources.${app_name}_prebuilt_armv7_$debian_version_name_2.armhf.sha256")
        sed -r -i "s|$prev_sha256sum_arm_archive_deb_1|$sha256sum_arm_archive_deb_1|" ../manifest.toml
        sed -r -i "s|$prev_sha256sum_arm_archive_deb_2|$sha256sum_arm_archive_deb_2|" ../manifest.toml
-        git commit -a -m "Upgrade synapse to $synapse_version"
+        git commit -a -m "Upgrade $app_name to $app_version"
        git push gitea auto_update:auto_update
-    ) 2>&1 | tee "synapse_build_temp.log"
+    ) 2>&1 | tee "${app_name}_build_temp.log"
    return ${PIPESTATUS[0]}
 }
 push_armv7_build() {
    ## Make a draft release json with a markdown body
-    local release='"tag_name": "v'$synapse_version'", "target_commitish": "master", "name": "v'$synapse_version'", '
+    local release='"tag_name": "v'$app_version'", "target_commitish": "master", "name": "v'$app_version'", '
-    local body="Synapse prebuilt bin for synapse_ynh\\n=========\\nPlease refer to upstream project for the change : https://github.com/element-hq/synapse/releases\\n\\nSha256sum for $debian_version_name_1 : $(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt)\\nSha256sum for $debian_version_name_2 : $(cat $build_result_path_deb_2/${result_prefix_name_deb_2}-bin1_armv7l-sha256.txt)"
+    local body="$app_name prebuilt bin for ${app_name}_ynh\\n=========\\nPlease refer to upstream project for the change : https://github.com/element-hq/synapse/releases\\n\\nSha256sum for $debian_version_name_1 : $(cat $build_result_path_deb_1/${result_prefix_name_deb_1}-bin1_armv7l-sha256.txt)\\nSha256sum for $debian_version_name_2 : $(cat $build_result_path_deb_2/${result_prefix_name_deb_2}-bin1_armv7l-sha256.txt)"
    release+='"body": "'$body'",'
    release+='"draft": true, "prerelease": false'
    release='{'$release'}'
@ -148,12 +150,12 @@ push_armv7_build() {
    done
 }
-synapse_version=$(get_from_manifest ".version" |  cut -d'~' -f1)
+app_version=$(get_from_manifest ".version" |  cut -d'~' -f1)
-if check_synapse
+if check_app_version
 then
    set +eu
-    upgrade_synapse
+    upgrade_app
    res=$?
    set -eu
    if [ $res -eq 0 ]; then
@ -161,7 +163,7 @@ then
    else
        result="Failed"
    fi
-    msg="Build: synapse version $synapse_version\n"
+    msg="Build: $app_name version $app_version\n"
-    msg+="$(cat synapse_build_temp.log)"
+    msg+="$(cat ${app_name}_build_temp.log)"
-    echo -e "$msg" | mail.mailutils -a "Content-Type: text/plain; charset=UTF-8" -s "Autoupgrade synapse : $result" "$notify_email"
+    echo -e "$msg" | mail.mailutils -a "Content-Type: text/plain; charset=UTF-8" -s "Autoupgrade $app_name : $result" "$notify_email"
 fi
--- a/conf/requirement_bookworm.txt
+++ b/conf/requirement_bookworm.txt
@ -12,7 +12,7 @@ cryptography==42.0.5
 hyperlink==21.0.0
 idna==3.6
 ijson==3.2.3
-immutabledict==4.1.0
+immutabledict==4.2.0
 incremental==22.10.0
 Jinja2==3.1.3
 jsonschema==4.21.1
@ -21,26 +21,26 @@ ldap3==2.9.1
 lxml==5.1.0
 MarkupSafe==2.1.5
 matrix-common==1.3.0
-matrix-synapse==1.102.0
+matrix-synapse==1.103.0
 matrix-synapse-ldap3==0.3.0
 msgpack==1.0.8
 ndg-httpsclient==0.5.1
 netaddr==1.2.1
-packaging==23.2
+packaging==24.0
-phonenumbers==8.13.31
+phonenumbers==8.13.32
 pillow==10.2.0
 prometheus_client==0.20.0
 psycopg2==2.9.9
 pyasn1==0.5.1
 pyasn1-modules==0.3.0
 pycparser==2.21
-pydantic==2.6.3
+pydantic==2.6.4
 pydantic_core==2.16.3
 pymacaroons==0.13.0
 PyNaCl==1.5.0
-pyOpenSSL==24.0.0
+pyOpenSSL==24.1.0
 PyYAML==6.0.1
-referencing==0.33.0
+referencing==0.34.0
 requests==2.31.0
 rpds-py==0.18.0
 semantic-version==2.10.0
--- a/conf/requirement_bullseye.txt
+++ b/conf/requirement_bullseye.txt
@ -12,7 +12,7 @@ cryptography==42.0.5
 hyperlink==21.0.0
 idna==3.6
 ijson==3.2.3
-immutabledict==4.1.0
+immutabledict==4.2.0
 incremental==22.10.0
 Jinja2==3.1.3
 jsonschema==4.21.1
@ -21,26 +21,26 @@ ldap3==2.9.1
 lxml==5.1.0
 MarkupSafe==2.1.5
 matrix-common==1.3.0
-matrix-synapse==1.102.0
+matrix-synapse==1.103.0
 matrix-synapse-ldap3==0.3.0
 msgpack==1.0.8
 ndg-httpsclient==0.5.1
 netaddr==1.2.1
-packaging==23.2
+packaging==24.0
-phonenumbers==8.13.31
+phonenumbers==8.13.32
 pillow==10.2.0
 prometheus_client==0.20.0
 psycopg2==2.9.9
 pyasn1==0.5.1
 pyasn1-modules==0.3.0
 pycparser==2.21
-pydantic==2.6.3
+pydantic==2.6.4
 pydantic_core==2.16.3
 pymacaroons==0.13.0
 PyNaCl==1.5.0
-pyOpenSSL==24.0.0
+pyOpenSSL==24.1.0
 PyYAML==6.0.1
-referencing==0.33.0
+referencing==0.34.0
 requests==2.31.0
 rpds-py==0.18.0
 semantic-version==2.10.0
--- a/conf/synapse-coturn.service
+++ b/conf/synapse-coturn.service
@ -7,7 +7,7 @@ After=syslog.target network-online.target
 User=turnserver
 Group=turnserver
 Type=notify
-EnvironmentFile=/etc/default/coturn-__APP__
+EnvironmentFile=/etc/matrix-__APP__/coturn_env
 ExecStart=/usr/bin/turnserver -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS --pidfile=
 Restart=on-failure
 InaccessibleDirectories=/home
--- a/doc/ADMIN.md
+++ b/doc/ADMIN.md
@ -1,17 +1,26 @@
 # Installation
 ## Install for ARM arch (or slow arch)
 For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install.
 You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null`
 After that you can install it without problem.
 The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/YunoHost-Apps/synapse_python_build
 The script to build the binary is also available.
 ## Web client
-If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh .
+The most well-known Matrix web client is Element, which is available in the YunoHost app catalog: <https://github.com/YunoHost-Apps/element_ynh>.
 ### Important Security Note
 We do not recommend running Element from the same domain name as your Matrix homeserver (synapse).  The reason is the risk of XSS (cross-site-scripting) vulnerabilities that could occur if someone caused Element to load and render malicious user generated content from a Matrix API which then had trusted access to Element (or other apps) due to sharing the same domain.
 We have put some coarse mitigations into place to try to protect against this situation, but it's still not a good practice to do it in the first place. See https://github.com/vector-im/element-web/issues/1977 for more details.
 ## Admin UI
 You may be interested in the synapse-admin app,  which provides an administration interface for synapse:  <https://github.com/YunoHost-Apps/synapse-admin_ynh>.
 Then, to log in the API with your admin credentials (cf next section)
 ### Set user as admin
 Currently, the client interface doesn't allow to grant admin rights. The workaround is to enable it manually in the database. The YunoHost app provides a small script to do so, which can be invoked:
 ```bash
 /opt/yunohost/matrix-__APP__/set_admin_user.sh '@user_to_be_admin:domain.tld'
 ```
 ## Access by federation
@ -63,7 +72,7 @@ If you have a dynamic IP address, you also might need to update this config auto
 ## OpenVPN
-In case of you have an OpenVPN server you might want than `synapse-coturn` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content:
+If your server is behind a VPN, you may want `synapse-coturn` ti automatically restart when the VPN restarts. To do this, create a file named `/usr/local/bin/openvpn_up_script.sh` with this content:
 ```bash
 #!/bin/bash
@ -84,50 +93,31 @@ And add this line in your OpenVPN config file
 ipchange /usr/local/bin/openvpn_up_script.sh
 ```
-## Important Security Note
+## Backup
-We do not recommend running Element from the same domain name as your Matrix
+Before any major maintenance action, it is recommended to backup the app.
 homeserver (synapse).  The reason is the risk of XSS (cross-site-scripting)
 vulnerabilities that could occur if someone caused Element to load and render
 malicious user generated content from a Matrix API which then had trusted
 access to Element (or other apps) due to sharing the same domain.
-We have put some coarse mitigations into place to try to protect against this
+To ensure the integrity of the data, it is recommended to explictly stop the server during the backup:
 situation, but it's still not a good practice to do it in the first place. See
 https://github.com/vector-im/element-web/issues/1977 for more details.
-## Limitations
+- Stop synapse service with theses following command:
 Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM.
 This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh)
 # Additional information
 ## Administration
 **All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.**
 Before any manipulation it's recommended to do a backup by this following command :
 `sudo yunohost backup create --apps synapse`
 ### Set user as admin
 Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database.
 The following command will grant admin privilege to the specified user:
 ```bash
-/opt/yunohost/matrix-<synapse_instance_name>/set_admin_user.sh '@user_to_be_admin:domain.tld'
+systemctl stop synapse.service
 ```
-### Administration API
+- Launch the backup of synapse with this following command:
 ```bash
 yunohost backup create --app synapse
 ```
-There are an admiminstration application available if needed for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh).
+- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/synapse`.
 - Restart the synapse service with these command:
 ```bash
 systemctl start synapse.service
 ```
-Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section).
+## Changing the server URL
-### Change url
+**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.**
 Synapse give the possibility to change the domain of the instance. Note that this will only change the domain on which the synapse server will run. **This won't change the domain name of the account which is an other thing.**
@ -141,16 +131,16 @@ The advantage of this is that you can put the app on a specific domain without i
 To do the change url of synapse you can do it by this following command or with the webadmin.
 ```bash
-yunohost app change-url synapse
+sudo yunohost app change-url synapse
 ```
-#### Avoid the need to reconnect all client after change-url operation
+### Avoid the need to reconnect all client after change-url operation
-In case of you have changed the url of synapse and you don't wan't to reconnect all client there are this workaround which should solve the issue.
+If you did change the url of synapse and you don't wan't to reconnect all client, this workaround should solve the issue.
 The idea is to setup again a minimal configuration on the previous domain so the client configurated with the previous domain will still work correctly.
-##### Nginx config
+#### Nginx config
 Retrive the server port with this command:
 ```bash
@ -174,35 +164,13 @@ Then reload nginx config:
 systemctl reload nginx.service
 ```
-##### Add permanent rule on SSOWAT
+#### Add permanent rule on SSOWAT
 - Edit the file `/etc/ssowat/conf.json.persistent`
 - Add `"<previous-domain.tld>/_matrix"` into the list in: `permissions` > `custom_skipped` > `uris`
 Now the configured client before the change-url should work again.
-### Backup
+## Removing the app
-This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this:
+The YunoHost policy is to not remove the data when removing an app (stored in `/home/yunohost.app/synapse`). Use the `--purge` flag during the removal of the app to remove those, or just manually delete the folder after the app is deleted.
 - Stop synapse service with theses following command:
 ```bash
 systemctl stop synapse.service
 ```
 - Launch the backup of synapse with this following command:
 ```bash
 yunohost backup create --app synapse
 ```
 - Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/synapse`.
 - Restart the synapse service with these command:
 ```bash
 systemctl start synapse.service
 ```
 ### Remove
 Due of the backup core only feature the data directory in `/home/yunohost.app/synapse` **is not removed**.
 Use the `--purge` flag with the command, or remove it manually to purge app user data.
--- a/doc/PRE_INSTALL.md
+++ b/doc/PRE_INSTALL.md
@ -0,0 +1,3 @@
 - Synapse consumes a significant amount of resources (both CPU and ARM), and therefore is not recommended for "small" setups such as small ARM boards
 - During the install, the generation of Diffie-Hellman parameters may take a significant amount of time. You can speed things up by manually initializing them before running the install: `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null`
 - The package uses a prebuilt python virtual environnement. The binary are taken from this repository: <https://github.com/YunoHost-Apps/synapse_python_build>. The script to build the binary is also available.
--- a/hooks/post_cert_update
+++ b/hooks/post_cert_update
@ -1,5 +1,5 @@
 #!/bin/bash
 if [ $1 == __DOMAIN__ ]; then
-    systemctl restart matrix-__APP__
+    systemctl restart __APP__.service
 fi
--- a/manifest.toml
+++ b/manifest.toml
@ -5,7 +5,7 @@ name = "Synapse"
 description.en = "Instant messaging server which uses Matrix"
 description.fr = "Serveur de messagerie instantané basé sur Matrix"
-version = "1.102.0~ynh1"
+version = "1.103.0~ynh1"
 maintainers = ["Josué Tille"]
@ -24,8 +24,8 @@ multi_instance = true
 ldap = true
 sso = "not_relevant"
 disk = "250M"
-ram.build = "20M"
+ram.build = "500M"
-ram.runtime = "200M"
+ram.runtime = "1G"
 [install]
    [install.domain]
@ -63,13 +63,13 @@ ram.runtime = "200M"
 [resources]
    [resources.sources.synapse_prebuilt_armv7_bookworm]
    prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bookworm-bin2_armv7l.tar.gz"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.103.0/matrix-synapse_1.103.0-bookworm-bin1_armv7l.tar.gz"
-    armhf.sha256 = "4027b8e41950aeec151dfa19eda2402e7974de56d33abb9eee3879e211227eef"
+    armhf.sha256 = "b5e11567d9f90067965a7b1a3eb3569b1eaaa68b261e7f38bc78a8618da09db9"
    [resources.sources.synapse_prebuilt_armv7_bullseye]
    prefetch = false
-    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.102.0/matrix-synapse_1.102.0-bullseye-bin2_armv7l.tar.gz"
+    armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.103.0/matrix-synapse_1.103.0-bullseye-bin1_armv7l.tar.gz"
-    armhf.sha256 = "5fd5296d76675cd7a109115e1eb035758c16b095cd953a65fc8cc840fb449e40"
+    armhf.sha256 = "f3e22265cfba060401cec2770b54d16b559a574baff93b78add3f8acc31aa1d8"
    [resources.sources.sliding_proxy]
    prefetch = true
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -46,9 +46,10 @@ install_sources() {
    fi
    # Apply patch for LDAP auth if needed
    # Note that we put patch into scripts dir because /source are not stored and can't be used on restore
    if ! grep -F -q '# LDAP Filter anonymous user Applied' $code_dir/lib/python$python_version/site-packages/ldap_auth_provider.py; then
        pushd $code_dir/lib/python$python_version/site-packages
-        patch < $YNH_APP_BASEDIR/sources/ldap_auth_filter_anonymous_user.patch
+        patch < $YNH_APP_BASEDIR/scripts/patch/ldap_auth_filter_anonymous_user.patch
        popd
    fi
--- a/scripts/backup
+++ b/scripts/backup
@ -71,7 +71,6 @@ ynh_backup --src_path="/etc/matrix-$app"
 #=================================================
 ynh_backup --src_path="/etc/systemd/system/$app.service"
 ynh_backup --src_path="/etc/default/coturn-$app"
 ynh_backup --src_path="/etc/systemd/system/$app-coturn.service"
 ynh_backup --src_path=/etc/systemd/system/$app-sliding-proxy.service
--- a/scripts/install
+++ b/scripts/install
@ -196,7 +196,7 @@ ynh_script_progression --message="Configuring a systemd service..." --weight=2
 # Create systemd service for synapse and turnserver
 ynh_add_systemd_config --service=$app --template=synapse.service
-cp ../conf/default_coturn /etc/default/coturn-$app
+cp ../conf/default_coturn /etc/matrix-$app/coturn_env
 ynh_add_systemd_config --service=$app-coturn --template=synapse-coturn.service
 ynh_add_systemd_config --service=$app-sliding-proxy --template=synapse-sliding-proxy.service
--- a/scripts/patch/ldap_auth_filter_anonymous_user.patch
+++ b/scripts/patch/ldap_auth_filter_anonymous_user.patch
--- a/scripts/remove
+++ b/scripts/remove
@ -38,7 +38,6 @@ ynh_script_progression --message="Removing app main directory" --weight=2
 ynh_secure_remove --file=$code_dir
 ynh_secure_remove --file=/var/log/matrix-$app
 ynh_secure_remove --file=/etc/matrix-$app
 ynh_secure_remove --file=/etc/default/coturn-$app
 ynh_secure_remove --file=/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -210,6 +210,9 @@ then
    ynh_app_setting_set --app=$app --key=sync_proxy_secret --value=$sync_proxy_secret
 fi
 # remove legacy env file into /etc/default
 ynh_secure_remove --file=/etc/default/coturn-$app
 #=================================================
 # MIGRATION 7 : STANDARDIZE SYSTEMD UNIT
 #=================================================
@ -479,7 +482,7 @@ ynh_script_progression --message="Upgrading systemd configuration..." --weight=3
 # Create systemd service for synapse and turnserver
 ynh_add_systemd_config --service=$app --template=synapse.service
-cp ../conf/default_coturn /etc/default/coturn-$app
+cp ../conf/default_coturn /etc/matrix-$app/coturn_env
 ynh_add_systemd_config --service=$app-coturn --template=synapse-coturn.service
 ynh_add_systemd_config --service=$app-sliding-proxy --template=synapse-sliding-proxy.service
--- a/sources/Coturn_config_rotate.sh
+++ b/sources/Coturn_config_rotate.sh
@ -3,9 +3,14 @@
 set -eu
 app=__APP__
 YNH_APP_BASEDIR=/etc/yunohost/apps/"$app"
 pushd /etc/yunohost/apps/$app/conf
 source /usr/share/yunohost/helpers
 # Must load db_name var to load _common.sh
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 source ../scripts/_common.sh
 domain=$(ynh_app_setting_get --app=$app --key=domain)
@ -13,6 +18,7 @@ port_cli=$(ynh_app_setting_get --app=$app --key=port_cli)
 turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
 port_turnserver_tls=$(ynh_app_setting_get --app=$app --key=port_turnserver_tls)
 port_turnserver_alt_tls=$(ynh_app_setting_get --app=$app --key=port_turnserver_alt_tls)
 enable_dtls_for_audio_video_turn_call=$(ynh_app_setting_get --app=$app --key=enable_dtls_for_audio_video_turn_call)
 previous_checksum=$(ynh_app_setting_get --app=$app --key=checksum__etc_matrix-synapse_coturn.conf)
 configure_coturn