diff --git a/README.md b/README.md index 3be92bb..b109567 100644 --- a/README.md +++ b/README.md @@ -20,8 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) -**Shipped version:** 1.67.0~ynh1 - +**Shipped version:** 1.69.0~ynh1 ## Disclaimers / important information ## Configuration @@ -131,6 +130,70 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information +## Administration + +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** + +Before any manipulation it's recommended to do a backup by this following command : + +`sudo yunohost backup create --apps synapse` + +### Set user as admin + +Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. + +The following command will grant admin privilege to the specified user: +``` +su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" +``` + +### Administration API + +Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. +By default, no one has access to this path. + +If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), +you need to give this permission to visitors. + +Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). + +### Upgrade + +By default a backup is made before the upgrade. To avoid this you have theses following possibilites: +- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` +- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command: + +`yunohost app setting synapse disable_backup_before_upgrade -v 1` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade synapse` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop synapse service with theses following command: + +`systemctl stop synapse.service` + +- Launch the backup of synapse with this following command: + +`yunohost backup create --app synapse` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. +- Restart the synapse service with these command: + +`systemctl start synapse.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. + +Use the `--purge` flag with the command, or remove it manually to purge app user data. + ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: diff --git a/README_fr.md b/README_fr.md index 7742b04..2187be2 100644 --- a/README_fr.md +++ b/README_fr.md @@ -20,8 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) -**Version incluse :** 1.67.0~ynh1 - +**Version incluse :** 1.69.0~ynh1 ## Avertissements / informations importantes ## Configuration @@ -131,6 +130,70 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information +## Administration + +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** + +Before any manipulation it's recommended to do a backup by this following command : + +`sudo yunohost backup create --apps synapse` + +### Set user as admin + +Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. + +The following command will grant admin privilege to the specified user: +``` +su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" +``` + +### Administration API + +Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. +By default, no one has access to this path. + +If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), +you need to give this permission to visitors. + +Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). + +### Upgrade + +By default a backup is made before the upgrade. To avoid this you have theses following possibilites: +- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` +- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command: + +`yunohost app setting synapse disable_backup_before_upgrade -v 1` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade synapse` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop synapse service with theses following command: + +`systemctl stop synapse.service` + +- Launch the backup of synapse with this following command: + +`yunohost backup create --app synapse` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. +- Restart the synapse service with these command: + +`systemctl start synapse.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. + +Use the `--purge` flag with the command, or remove it manually to purge app user data. + ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index 059ea86..5220c8d 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.67.0/matrix-synapse_1.67.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=3b156833ac280aac5b958257deef0b537ebe52d2b0530aa4934bd06af9f5b7e0 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.69.0/matrix-synapse_1.69.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=d390ac7900e545e5fb58f243c98a1c2cfe6d8dba4fd58775c8e73e931d20afe2 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index c344db2..320d053 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.67.0/matrix-synapse_1.67.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=bcc0d6eedd3688f0f92aff5acbac9adfba588fd2352ba03fc7b02fdf5ea579c5 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.69.0/matrix-synapse_1.69.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=e99f100a3446b9ceff29a5c3ea55657342a2ee22cf2eb5821e75716ede9bea8b # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index f073e4e..f68cc24 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -2246,7 +2246,7 @@ password_providers: uid: "uid" mail: "mail" name: "givenName" - bind_dn: __SYNAPSE_USER_APP__ + bind_dn: "uid=__SYNAPSE_USER_APP__,ou=users,dc=yunohost,dc=org" bind_password: __SYNAPSE_USER_APP_PWD__ filter: "(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))" diff --git a/conf/turnserver.conf b/conf/turnserver.conf index f25071c..4d4494a 100644 --- a/conf/turnserver.conf +++ b/conf/turnserver.conf @@ -18,7 +18,6 @@ no-sslv3 no-tlsv1 no-tlsv1_1 -no-loopback-peers no-multicast-peers no-cli diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 9661fd1..62381c9 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -105,6 +105,70 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information +## Administration + +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** + +Before any manipulation it's recommended to do a backup by this following command : + +`sudo yunohost backup create --apps synapse` + +### Set user as admin + +Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. + +The following command will grant admin privilege to the specified user: +``` +su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" +``` + +### Administration API + +Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. +By default, no one has access to this path. + +If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), +you need to give this permission to visitors. + +Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). + +### Upgrade + +By default a backup is made before the upgrade. To avoid this you have theses following possibilites: +- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` +- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command: + +`yunohost app setting synapse disable_backup_before_upgrade -v 1` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade synapse` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop synapse service with theses following command: + +`systemctl stop synapse.service` + +- Launch the backup of synapse with this following command: + +`yunohost backup create --app synapse` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. +- Restart the synapse service with these command: + +`systemctl start synapse.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. + +Use the `--purge` flag with the command, or remove it manually to purge app user data. + ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: diff --git a/manifest.json b/manifest.json index aade73b..3cf889e 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.67.0~ynh1", + "version": "1.69.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { @@ -19,7 +19,7 @@ "code": "https://github.com/matrix-org/synapse" }, "requirements": { - "yunohost": ">= 4.1" + "yunohost": ">= 4.1.2" }, "multi_instance": true, "services": [ diff --git a/scripts/change_url b/scripts/change_url index fa8668e..ad84c40 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -117,12 +117,12 @@ ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/home ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" #================================================= -# SETUP PERMISSIONS +# SECURE FILES AND DIRECTORIES #================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 -ynh_permission_url --permission=server_api --clear_urls -ynh_permission_url --permission=server_api --url=$domain/_matrix --additional_urls=$server_name/.well-known/matrix \ +# Only setting permissions for the two config files updated above +chown $synapse_user:root -R /etc/matrix-$app +chmod u=rwX,g=rX,o= -R /etc/matrix-$app #================================================= # RELOAD SERVICES diff --git a/scripts/install b/scripts/install index 8c62ee9..157f452 100644 --- a/scripts/install +++ b/scripts/install @@ -336,6 +336,9 @@ ynh_permission_update --permission=main --show_tile=false --protected=true ynh_permission_create --permission=server_api --url=$domain/_matrix \ --label="Server access for client apps." --show_tile=false --allowed=visitors \ --auth_header=false --protected=true +ynh_permission_create --permission=admin_api --url=$domain/_synapse \ + --label="Server administration API." --show_tile=false \ + --auth_header=false --allowed=visitors if yunohost --output-as plain domain list | grep -q "^$server_name$"; then ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ diff --git a/scripts/upgrade b/scripts/upgrade index 536ca48..19d4504 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -439,6 +439,12 @@ elif yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then --protected=true fi +if ! ynh_permission_exists --permission=admin_api; then + ynh_permission_create --permission=admin_api --url=$domain/_synapse \ + --label="Server administration API." --show_tile=false \ + --auth_header=false --allowed=visitors +fi + #================================================= # SECURE FILES AND DIRECTORIES #=================================================