From 3f8a79ccbf38557fbbe62e60cf74e816649ec442 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 23 Feb 2022 01:59:55 +0100 Subject: [PATCH 01/69] Upgrade synapse to 1.53.0 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 4c1d0b9..7aa1d4d 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.52.0 +**Shipped version:** 1.53.0 ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index 4cc7c24..e5e02cf 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.52.0/matrix-synapse_1.52.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=7f99e741b152ba2cdade7919540adff9950c0c04c37bb85f613b4e7fb3881eb2 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.53.0/matrix-synapse_1.53.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=94256ce174f567d314b1ca229735a6ddf1f7cfbae8c86fe1afe2dcd4235cb185 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 995b643..36dfcb6 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.52.0/matrix-synapse_1.52.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=c66d248c9335c14b4395ffe19670c408e163e38ee36af05e57719c5d3192056b +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.53.0/matrix-synapse_1.53.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=148396e9ec9f3f356a1dd869ade790e4be723523b1b1bcffd2df69647adcb5db # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 95dec20..025ebcb 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.52.0~ynh1", + "version": "1.53.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 9794dea7cfdb99bba5e1e44f774af1a748ec6a47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 9 Mar 2022 02:01:47 +0100 Subject: [PATCH 02/69] Upgrade synapse to 1.54.0 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 7aa1d4d..6ff156f 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.53.0 +**Shipped version:** 1.54.0 ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index e5e02cf..b534d6b 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.53.0/matrix-synapse_1.53.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=94256ce174f567d314b1ca229735a6ddf1f7cfbae8c86fe1afe2dcd4235cb185 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.54.0/matrix-synapse_1.54.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=4b06a0f927f3b64e439f9946a838d5d7ade673731b2d4bafdb098481a2e9006c # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 36dfcb6..ccc15f6 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.53.0/matrix-synapse_1.53.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=148396e9ec9f3f356a1dd869ade790e4be723523b1b1bcffd2df69647adcb5db +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.54.0/matrix-synapse_1.54.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=f1e41718c9923e203909be69435be761ef18b652d9eb1cb954a76ca50d3f678d # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 025ebcb..2cd397a 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.53.0~ynh1", + "version": "1.54.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 1e8e3dce04a3f43101bf163d5bc7e30f6bca787a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 23 Mar 2022 02:10:47 +0100 Subject: [PATCH 03/69] Upgrade synapse to 1.55.0 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 6ff156f..c88c66c 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.54.0 +**Shipped version:** 1.55.0 ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index b534d6b..fd7dde1 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.54.0/matrix-synapse_1.54.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=4b06a0f927f3b64e439f9946a838d5d7ade673731b2d4bafdb098481a2e9006c +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.55.0/matrix-synapse_1.55.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=6950f0f213a856fa2445bbc824326803e367545e2a232960f511788c850bb570 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index ccc15f6..3f9ef15 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.54.0/matrix-synapse_1.54.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=f1e41718c9923e203909be69435be761ef18b652d9eb1cb954a76ca50d3f678d +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.55.0/matrix-synapse_1.55.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=5986711721c0ed28f85f4ee634eb74212aba2bc258771e9bdb4fa5d7e9863da9 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 2cd397a..ef6a800 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.54.0~ynh1", + "version": "1.55.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 7b0aeac406a04aca9235141506375379f7017a0d Mon Sep 17 00:00:00 2001 From: tituspijean Date: Mon, 28 Mar 2022 22:45:11 +0200 Subject: [PATCH 04/69] Fix typo in README --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c88c66c..55ceb59 100644 --- a/README.md +++ b/README.md @@ -167,7 +167,7 @@ After this settings will be applied for **all** next upgrade. From command line: -`yunohost app upgrade seafile` +`yunohost app upgrade synapse` ### Backup From c03ed32d686d764a5ef6becc078ed18993121575 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Fri, 25 Mar 2022 02:11:34 +0100 Subject: [PATCH 05/69] Upgrade synapse to 1.55.2 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 55ceb59..81db73f 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.55.0 +**Shipped version:** 1.55.2 ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index fd7dde1..cf8e081 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.55.0/matrix-synapse_1.55.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=6950f0f213a856fa2445bbc824326803e367545e2a232960f511788c850bb570 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.55.2/matrix-synapse_1.55.2-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=e32cd2957453c0b26e4acbb6288aa6e1d7068c6f20dbe8662d15991208383470 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 3f9ef15..f2d7601 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.55.0/matrix-synapse_1.55.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=5986711721c0ed28f85f4ee634eb74212aba2bc258771e9bdb4fa5d7e9863da9 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.55.2/matrix-synapse_1.55.2-buster-bin1_armv7l.tar.gz +SOURCE_SUM=37f7d744603cc11506889c75ac29621dd553244180068cea30577bc54650ccc7 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index ef6a800..54208ca 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.55.0~ynh1", + "version": "1.55.2~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From c50727a738cb35f64d6551f12326e1a41fcf8e0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 6 Apr 2022 02:04:13 +0200 Subject: [PATCH 06/69] Upgrade synapse to 1.56.0 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 81db73f..f37aa31 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.55.2 +**Shipped version:** 1.56.0 ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index cf8e081..1e3f8a8 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.55.2/matrix-synapse_1.55.2-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=e32cd2957453c0b26e4acbb6288aa6e1d7068c6f20dbe8662d15991208383470 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.56.0/matrix-synapse_1.56.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=382bd6bb1f8b978fb7c7bfc761056dde35c671859409cb38eca9d6dcb0f93c8c # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index f2d7601..1febaff 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.55.2/matrix-synapse_1.55.2-buster-bin1_armv7l.tar.gz -SOURCE_SUM=37f7d744603cc11506889c75ac29621dd553244180068cea30577bc54650ccc7 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.56.0/matrix-synapse_1.56.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=640b7fd36870460d2ff2c0480f8a6ce219468e4f5e2e9ae550b39917ccd92af4 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 54208ca..bba2e5a 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.55.2~ynh1", + "version": "1.56.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 5cf7d0f7ffe9d6a2c6f7c3215fd1b049fd7b4567 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Tue, 19 Apr 2022 16:12:26 +0200 Subject: [PATCH 07/69] Enable email verification Verifications are required since v1.56.0 --- conf/homeserver.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index 4dcb30a..81c26ae 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -857,8 +857,8 @@ enable_registration: __ALLOWED_ACCESS__ # The user must provide all of the below types of 3PID when registering. # -#registrations_require_3pid: -# - email +registrations_require_3pid: + - email # - msisdn # Explicitly disable asking for MSISDNs from the registration From 5a0bf33caa95a312019889fe4dfee2bc13e7e30b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sat, 23 Apr 2022 21:35:15 +0200 Subject: [PATCH 08/69] Revert "Enable email verification" This reverts commit 5cf7d0f7ffe9d6a2c6f7c3215fd1b049fd7b4567. --- conf/homeserver.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index 81c26ae..4dcb30a 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -857,8 +857,8 @@ enable_registration: __ALLOWED_ACCESS__ # The user must provide all of the below types of 3PID when registering. # -registrations_require_3pid: - - email +#registrations_require_3pid: +# - email # - msisdn # Explicitly disable asking for MSISDNs from the registration From 398d97b3b71738ab0779fd8ea3a8674f4d6cc703 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sat, 23 Apr 2022 21:37:08 +0200 Subject: [PATCH 09/69] Disable registration without verification --- conf/homeserver.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index 4dcb30a..9bc9a20 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -798,6 +798,8 @@ turn_allow_guests: __ALLOWED_ACCESS__ # enable_registration: __ALLOWED_ACCESS__ +enable_registration_without_verification: __ALLOWED_ACCESS__ + # Optional account validity configuration. This allows for accounts to be denied # any request after a given period. # From 44c77c740d683557cfd831c2345a3b3c21ab73fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 20 Apr 2022 02:11:22 +0200 Subject: [PATCH 10/69] Upgrade synapse to 1.57.0 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index f37aa31..16bb5e3 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.56.0 +**Shipped version:** 1.57.0 ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index 1e3f8a8..4563705 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.56.0/matrix-synapse_1.56.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=382bd6bb1f8b978fb7c7bfc761056dde35c671859409cb38eca9d6dcb0f93c8c +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.57.0/matrix-synapse_1.57.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=e986c59b32459495c291152b72e632ed33b2805391f4d924f73e0619d1cf3865 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 1febaff..9d8216c 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.56.0/matrix-synapse_1.56.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=640b7fd36870460d2ff2c0480f8a6ce219468e4f5e2e9ae550b39917ccd92af4 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.57.0/matrix-synapse_1.57.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=3f0e920487ab21146bbc8ec56ebaf87cf36b8e09a0460de650d512416f6aada9 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index bba2e5a..92bb9ca 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.56.0~ynh1", + "version": "1.57.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From beae5c133120dc847fe5a301ae6d335186503be9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 21 Apr 2022 01:59:40 +0200 Subject: [PATCH 11/69] Upgrade synapse to 1.57.1 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 16bb5e3..88c52ba 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.57.0 +**Shipped version:** 1.57.1 ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index 4563705..2539e6e 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.57.0/matrix-synapse_1.57.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=e986c59b32459495c291152b72e632ed33b2805391f4d924f73e0619d1cf3865 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.57.1/matrix-synapse_1.57.1-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=c2a783ef43af83588fd4fd75b917291b19d7ace72250229fcaa2dc32a5e6abe5 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 9d8216c..2901f47 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.57.0/matrix-synapse_1.57.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=3f0e920487ab21146bbc8ec56ebaf87cf36b8e09a0460de650d512416f6aada9 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.57.1/matrix-synapse_1.57.1-buster-bin1_armv7l.tar.gz +SOURCE_SUM=3b1976d6f930915ba302619d6f2fefb0047a84835ce4ab5b09a641a090856ce8 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 92bb9ca..1fc1f0d 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.57.0~ynh1", + "version": "1.57.1~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 0c1f5221ddaa10b3000eb0de046b09237ca80983 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 4 May 2022 02:12:39 +0200 Subject: [PATCH 12/69] Upgrade synapse to 1.58.0 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 88c52ba..9f8dc51 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.57.1 +**Shipped version:** 1.58.0 ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index 2539e6e..472da67 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.57.1/matrix-synapse_1.57.1-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=c2a783ef43af83588fd4fd75b917291b19d7ace72250229fcaa2dc32a5e6abe5 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.58.0/matrix-synapse_1.58.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=9f929a43966fc7a32c9c5587314b0bfe4b631c618861f82ffe6a55ba24566b66 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 2901f47..3f6dcc3 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.57.1/matrix-synapse_1.57.1-buster-bin1_armv7l.tar.gz -SOURCE_SUM=3b1976d6f930915ba302619d6f2fefb0047a84835ce4ab5b09a641a090856ce8 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.58.0/matrix-synapse_1.58.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=505d0e8ae56695d35be38a672ed4916ff2f93dab7d7130b60551f7a1e0296be8 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 1fc1f0d..c4712e2 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.57.1~ynh1", + "version": "1.58.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 59a6a7d356c1ae99c0ac9517c92aa6661539b582 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Fri, 6 May 2022 01:51:56 +0200 Subject: [PATCH 13/69] Upgrade synapse to 1.58.1 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 9f8dc51..e363499 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.58.0 +**Shipped version:** 1.58.1 ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index 472da67..ad3197e 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.58.0/matrix-synapse_1.58.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=9f929a43966fc7a32c9c5587314b0bfe4b631c618861f82ffe6a55ba24566b66 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.58.1/matrix-synapse_1.58.1-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=57ee01aaa5f7bbdd175b53770770fbcb37739ae36df670ada94188cab9516a00 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 3f6dcc3..e64a400 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.58.0/matrix-synapse_1.58.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=505d0e8ae56695d35be38a672ed4916ff2f93dab7d7130b60551f7a1e0296be8 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.58.1/matrix-synapse_1.58.1-buster-bin1_armv7l.tar.gz +SOURCE_SUM=d323c8801ea4973896a3df9a8cc1a8d89f1c1f21703e842a46f84b36cf73deee # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index c4712e2..75fb67f 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.58.0~ynh1", + "version": "1.58.1~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 1ead741342766cade162dfc82514495ab7874972 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 18 May 2022 02:04:41 +0200 Subject: [PATCH 14/69] Upgrade synapse to 1.59.0 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index e363499..7f89c56 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.58.1 +**Shipped version:** 1.59.0 ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index ad3197e..c4af2a9 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.58.1/matrix-synapse_1.58.1-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=57ee01aaa5f7bbdd175b53770770fbcb37739ae36df670ada94188cab9516a00 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.59.0/matrix-synapse_1.59.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=aedd3fe868dc9ad9359da0ce5124c602945267e9ab69a5ed0249367391cd44e7 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index e64a400..3dccdc8 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.58.1/matrix-synapse_1.58.1-buster-bin1_armv7l.tar.gz -SOURCE_SUM=d323c8801ea4973896a3df9a8cc1a8d89f1c1f21703e842a46f84b36cf73deee +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.59.0/matrix-synapse_1.59.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=3a1e4602507594d4a38c5613edd1e16ebeef6e67cb7d40a7847fb0a32aeade22 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 75fb67f..f7f1afb 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.58.1~ynh1", + "version": "1.59.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 9be416b6372a55d199c2e4eca2bef26bcfd5f7a3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sat, 21 May 2022 21:30:29 +0200 Subject: [PATCH 15/69] remove old version upgrade test because unmaintainable --- check_process | 3 --- 1 file changed, 3 deletions(-) diff --git a/check_process b/check_process index 0b1a1a7..3d5b440 100644 --- a/check_process +++ b/check_process @@ -12,7 +12,6 @@ setup_private=0 setup_public=1 upgrade=1 - upgrade=1 from_commit=35774cc0eabb82b03230210689fa060d5f2b0bd8 upgrade=1 from_commit=dbf0a2c9359ccd62b55132cace548b17e44af9bf backup_restore=1 multi_instance=0 @@ -22,7 +21,5 @@ ;;; Levels Level 5=auto ;;; Upgrade options - ; commit=35774cc0eabb82b03230210689fa060d5f2b0bd8 - name=Migrate from self signed certificate to cert managed by Yunohost from old_version_for_CI_3 branch ; commit=dbf0a2c9359ccd62b55132cace548b17e44af9bf name=Before permission implementation From d51a178f0a6bdb18296d4599cf0d0a1cdf0c7a0e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sat, 21 May 2022 21:53:32 +0200 Subject: [PATCH 16/69] Use automatic readme --- doc/DESCRIPTION.md | 3 ++ doc/DISCLAIMER.md | 115 +++++++++++++++++++++++++++++++++++++++++++++ manifest.json | 68 +++++++++++++++++++++++++++ 3 files changed, 186 insertions(+) create mode 100644 doc/DESCRIPTION.md create mode 100644 doc/DISCLAIMER.md diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..1ae7dbb --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1,3 @@ +Instant messaging server matrix network. + +Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..9661fd1 --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,115 @@ +## Configuration + +### Install for ARM arch (or slow arch) + +For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install. +You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null` +After that you can install it without problem. + +The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/Josue-T/synapse_python_build +The script to build the binary is also available. + +### Web client + +If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh . + +### Access by federation + +If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation. + +If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation. + +``` +_matrix._tcp. IN SRV 10 0 +``` +for example +``` +_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. +``` +You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` + +For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md + +If it is not automatically done, you need to open this in your ISP box. + +You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en + +### Turnserver + +For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: +``` +yunohost app setting synapse turnserver_tls_port +yunohost app setting synapse turnserver_alt_tls_port + +``` +The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. + +For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command: + +``` +yunohost firewall allow Both 49153:49193 +``` + +You might also need to open these ports (if it is not automatically done) on your ISP box. + +To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config. + +If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`). + +``` +*/15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh; +``` + +#### OpenVPN + +In case of you have an OpenVPN server you might want than `coturn-synapse` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: +``` +#!/bin/bash + +( + sleep 5 + sudo systemctl restart coturn-synapse.service +) & +exit 0 +``` + +Add this line in you sudo config file `/etc/sudoers` +``` +openvpn ALL=(ALL) NOPASSWD: /bin/systemctl restart coturn-synapse.service +``` + +And add this line in your OpenVPN config file +``` +ipchange /usr/local/bin/openvpn_up_script.sh +``` + +### Important Security Note + +We do not recommend running Element from the same domain name as your Matrix +homeserver (synapse). The reason is the risk of XSS (cross-site-scripting) +vulnerabilities that could occur if someone caused Element to load and render +malicious user generated content from a Matrix API which then had trusted +access to Element (or other apps) due to sharing the same domain. + +We have put some coarse mitigations into place to try to protect against this +situation, but it's still not a good practice to do it in the first place. See +https://github.com/vector-im/element-web/issues/1977 for more details. + +## YunoHost specific features + +## Limitations + +Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM. + +This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh) + +## Additional information + +### Multi instance support + +To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: +``` +yunohost app setting synapse__ synapse_tls_port +``` + +Before installing a second instance of the app it's really recommended to update all existing instances. diff --git a/manifest.json b/manifest.json index f7f1afb..fecf92e 100644 --- a/manifest.json +++ b/manifest.json @@ -13,6 +13,11 @@ "name": "Josué Tille", "email": "josue@tille.ch" }, + "upstream": { + "license": "free", + "website": "https://matrix.org/", + "code": "https://github.com/matrix-org/synapse" + }, "requirements": { "yunohost": ">= 4.1" }, @@ -67,3 +72,66 @@ ] } } + + + +{ + "name": "Gitea", + "id": "gitea", + "packaging_format": 1, + "description": { + "en": "Lightweight Git forge", + "fr": "Forge Git légère" + }, + "upstream": { + "license": "free", + "website": "https://gitea.io/", + "admindoc": "https://docs.gitea.io/", + "code": "https://github.com/go-gitea/gitea" + }, + "url": "http://gitea.io", + "license": "MIT", + "version": "1.16.6~ynh1", + "maintainer": { + "name": "Josué Tille", + "email": "josue@tille.ch" + }, + "previous_maintainers": { + "name": "rafi59", + "email": "rafi59_dev@srvmaison.fr.nf" + }, + "multi_instance": true, + "services": [ + "nginx", + "mysql" + ], + "requirements": { + "yunohost": ">= 4.2.6.1" + }, + "arguments": { + "install" : [ + { + "name": "domain", + "type": "domain" + }, + { + "name": "path", + "type": "path", + "default": "/gitea" + }, + { + "name": "admin", + "type": "user" + }, + { + "name": "is_public", + "type": "boolean", + "help": { + "en": "A public server means that everybody is able to access to the main page of the forge, on the public profile of the user and on the public repository. But you still can limit the access to each repository if you set it as private. Note that to be able to use the remote Git command (clone, pull, push) with HTTP and to use the API by (by example with a smartphone), you need to set this application as public.", + "fr": "Un serveur public signifie que tout le monde peut accéder à la page principale de la forge, au profil public des utilisateurs et aux dépôts publics. Vous pouvez également définir les dépôts comme étant privés. Notez que pour pouvoir utiliser les commandes Git distantes (clone, pull, push) avec HTTP et pour pouvoir utiliser l'API (par exemple avec un smartphone), vous devez paramétrer cette application comme étant publique." + }, + "default": true + } + ] + } +} From 506e949e5debcbb2262712a749bc4981be5e6cd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sat, 21 May 2022 21:55:02 +0200 Subject: [PATCH 17/69] Fix manifest.json --- manifest.json | 63 --------------------------------------------------- 1 file changed, 63 deletions(-) diff --git a/manifest.json b/manifest.json index fecf92e..d635973 100644 --- a/manifest.json +++ b/manifest.json @@ -72,66 +72,3 @@ ] } } - - - -{ - "name": "Gitea", - "id": "gitea", - "packaging_format": 1, - "description": { - "en": "Lightweight Git forge", - "fr": "Forge Git légère" - }, - "upstream": { - "license": "free", - "website": "https://gitea.io/", - "admindoc": "https://docs.gitea.io/", - "code": "https://github.com/go-gitea/gitea" - }, - "url": "http://gitea.io", - "license": "MIT", - "version": "1.16.6~ynh1", - "maintainer": { - "name": "Josué Tille", - "email": "josue@tille.ch" - }, - "previous_maintainers": { - "name": "rafi59", - "email": "rafi59_dev@srvmaison.fr.nf" - }, - "multi_instance": true, - "services": [ - "nginx", - "mysql" - ], - "requirements": { - "yunohost": ">= 4.2.6.1" - }, - "arguments": { - "install" : [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "path", - "type": "path", - "default": "/gitea" - }, - { - "name": "admin", - "type": "user" - }, - { - "name": "is_public", - "type": "boolean", - "help": { - "en": "A public server means that everybody is able to access to the main page of the forge, on the public profile of the user and on the public repository. But you still can limit the access to each repository if you set it as private. Note that to be able to use the remote Git command (clone, pull, push) with HTTP and to use the API by (by example with a smartphone), you need to set this application as public.", - "fr": "Un serveur public signifie que tout le monde peut accéder à la page principale de la forge, au profil public des utilisateurs et aux dépôts publics. Vous pouvez également définir les dépôts comme étant privés. Notez que pour pouvoir utiliser les commandes Git distantes (clone, pull, push) avec HTTP et pour pouvoir utiliser l'API (par exemple avec un smartphone), vous devez paramétrer cette application comme étant publique." - }, - "default": true - } - ] - } -} From 7099a737b9005db93d8aa56b83fbe8536bb53127 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sat, 21 May 2022 19:55:12 +0000 Subject: [PATCH 18/69] Auto-update README --- README.md | 130 +++++++++-------------------------------- README_fr.md | 159 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 185 insertions(+), 104 deletions(-) create mode 100644 README_fr.md diff --git a/README.md b/README.md index 7f89c56..1d5da0c 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,17 @@ -# Synapse for YunoHost + -![](https://matrix.org/blog/wp-content/uploads/2015/01/logo1.png) +# Synapse for YunoHost [![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) [![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) -> *This package allows you to install Synapse quickly and simply on a YunoHost server. -If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* +*[Lire ce readme en français.](./README_fr.md)* + +> *This package allows you to install Synapse quickly and simply on a YunoHost server. +If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* ## Overview @@ -14,7 +19,12 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.59.0 + +**Shipped version:** 1.59.0~ynh1 + + + +## Disclaimers / important information ## Configuration @@ -113,23 +123,8 @@ We have put some coarse mitigations into place to try to protect against this situation, but it's still not a good practice to do it in the first place. See https://github.com/vector-im/element-web/issues/1977 for more details. -## Documentation - -- Official documentation: https://github.com/matrix-org/synapse -- YunoHost documentation: to be created; feel free to help! - ## YunoHost specific features -### Multi-users support - -Supported with LDAP. - -### Supported architectures - - -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/synapse%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/synapse/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/synapse%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/synapse/) - ## Limitations Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM. @@ -138,58 +133,6 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information -## Administation - -**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** - -Before any manipulation it's recommended to do a backup by this following command : - -`sudo yunohost backup create --apps synapse` - -### Set user as admin - -Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. - -The following command will grant admin privilege to the specified user: -``` -su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" -``` - -### Upgrade - -By default a backup is made before the upgrade. To avoid this you have theses following possibilites: -- Pass the `NO_BACKUP_UPGRADE` env variable with `1` at each upgrade. By example `NO_BACKUP_UPGRADE=1 yunohost app upgrade synapse`. -- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command: - -`yunohost app setting synapse disable_backup_before_upgrade -v 1` - -After this settings will be applied for **all** next upgrade. - -From command line: - -`yunohost app upgrade synapse` - -### Backup - -This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: - -- Stop synapse service with theses following command: - -`systemctl stop synapse.service` - -- Launch the backup of synapse with this following command: - -`yunohost backup create --app synapse` - -- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. -- Restart the synapse service with theses command: - -`systemctl start synapse.service` - -### Remove - -Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. It need to be removed manually to purge app user data. - ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: @@ -199,43 +142,22 @@ yunohost app setting synapse__ synapse_tls_port Before installing a second instance of the app it's really recommended to update all existing instances. -### Migration from old package +## Documentation and resources -The old synapse package had some problems, the package has been reviewed in the summer 2017. The old package was made with the debian package with the synapse apt repos. The database used sqlite. To improve the performance and to have a better compatibility the new package uses python virtual environment and postgresql as database. The Upgrade was made to make the migration from the old package to the new package. The part of this script is available here : https://github.com/YunoHost-Apps/synapse_ynh/blob/master/scripts/upgrade#L40-L119 . +* Official app website: https://matrix.org/ +* Upstream app code repository: https://github.com/matrix-org/synapse +* YunoHost documentation for this app: https://yunohost.org/app_synapse +* Report a bug: https://github.com/YunoHost-Apps/synapse_ynh/issues -This script tries to upgrade the app without any problem but it could happen that something fails and in this case the restoration is NOT guaranteed to be successful. So it's REALLY recommended to make MANUAL a backup before this big upgrade. +## Developer info -To check if you use the old synapse package type this command: -`sudo yunohost app setting synapse synapse_version` -- If the command returns nothing you are using the old package. -- If the command returns something like 0.25.1 you are using the new package. +Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). -To do a backup before the upgrade use this command : `sudo yunohost backup create --verbose --ignore-system --apps synapse` - -If anything fails while you are doing the upgrade please create an issue here: https://github.com/YunoHost-Apps/synapse_ynh/issues - -### License - -Synapse is published under the Apache License: https://github.com/matrix-org/synapse/blob/master/LICENSE - -## Links - -- Report a bug: https://github.com/YunoHost-Apps/synapse_ynh/issues -- Matrix website: https://matrix.org/ -- Synapse repository: https://github.com/matrix-org/synapse -- YunoHost website: https://yunohost.org/ - ---- - -Developers infos ----------------- - -Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). - -To try the testing branch, please proceed like that: - -```bash +To try the testing branch, please proceed like that. +``` sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug or sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug ``` + +**More info regarding app packaging:** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/README_fr.md b/README_fr.md new file mode 100644 index 0000000..f0110ef --- /dev/null +++ b/README_fr.md @@ -0,0 +1,159 @@ +# Synapse pour YunoHost + +[![Niveau d'intégration](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) +[![Installer Synapse avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) + +*[Read this readme in english.](./README.md)* +*[Lire ce readme en français.](./README_fr.md)* + +> *Ce package vous permet d'installer Synapse rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* + +## Vue d'ensemble + +Instant messaging server matrix network. + +Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) + + +**Version incluse :** 1.59.0~ynh1 + + + +## Avertissements / informations importantes + +## Configuration + +### Install for ARM arch (or slow arch) + +For all slow or arm architecture it's recommended to build the dh file before the install to have a quicker install. +You could build it by this cmd : `openssl dhparam -out /etc/ssl/private/dh2048.pem 2048 > /dev/null` +After that you can install it without problem. + +The package uses a prebuilt python virtual environnement. The binary are taken from this repository: https://github.com/Josue-T/synapse_python_build +The script to build the binary is also available. + +### Web client + +If you want a web client you can also install Element with this package: https://github.com/YunoHost-Apps/element_ynh . + +### Access by federation + +If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation. + +If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation. + +``` +_matrix._tcp. IN SRV 10 0 +``` +for example +``` +_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. +``` +You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` + +For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md + +If it is not automatically done, you need to open this in your ISP box. + +You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en + +### Turnserver + +For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: +``` +yunohost app setting synapse turnserver_tls_port +yunohost app setting synapse turnserver_alt_tls_port + +``` +The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. + +For some security reason the ports range (49153 - 49193) isn't automatically open by default. If you want to use the synapse server for voip or conferencing you will need to open this port range manually. To do this just run this command: + +``` +yunohost firewall allow Both 49153:49193 +``` + +You might also need to open these ports (if it is not automatically done) on your ISP box. + +To prevent the situation when the server is behind a NAT, the public IP is written in the turnserver config. By this the turnserver can send its real public IP to the client. For more information see [the coturn example config file](https://github.com/coturn/coturn/blob/master/examples/etc/turnserver.conf#L102-L120).So if your IP changes, you could run the script `/opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh` to update your config. + +If you have a dynamic IP address, you also might need to update this config automatically. To do that just edit a file named `/etc/cron.d/coturn_config_rotate` and add the following content (just adapt the __SYNAPSE_INSTANCE_NAME__ which could be `synapse` or maybe `synapse__2`). + +``` +*/15 * * * * root bash /opt/yunohost/__SYNAPSE_INSTANCE_NAME__/Coturn_config_rotate.sh; +``` + +#### OpenVPN + +In case of you have an OpenVPN server you might want than `coturn-synapse` restart when the VPN restart. To do this create a file named `/usr/local/bin/openvpn_up_script.sh` with this content: +``` +#!/bin/bash + +( + sleep 5 + sudo systemctl restart coturn-synapse.service +) & +exit 0 +``` + +Add this line in you sudo config file `/etc/sudoers` +``` +openvpn ALL=(ALL) NOPASSWD: /bin/systemctl restart coturn-synapse.service +``` + +And add this line in your OpenVPN config file +``` +ipchange /usr/local/bin/openvpn_up_script.sh +``` + +### Important Security Note + +We do not recommend running Element from the same domain name as your Matrix +homeserver (synapse). The reason is the risk of XSS (cross-site-scripting) +vulnerabilities that could occur if someone caused Element to load and render +malicious user generated content from a Matrix API which then had trusted +access to Element (or other apps) due to sharing the same domain. + +We have put some coarse mitigations into place to try to protect against this +situation, but it's still not a good practice to do it in the first place. See +https://github.com/vector-im/element-web/issues/1977 for more details. + +## YunoHost specific features + +## Limitations + +Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM. + +This app doesn't provide any real good web interface. So it's recommended to use Element client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/element_ynh) + +## Additional information + +### Multi instance support + +To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: +``` +yunohost app setting synapse__ synapse_tls_port +``` + +Before installing a second instance of the app it's really recommended to update all existing instances. + +## Documentations et ressources + +* Site officiel de l'app : https://matrix.org/ +* Dépôt de code officiel de l'app : https://github.com/matrix-org/synapse +* Documentation YunoHost pour cette app : https://yunohost.org/app_synapse +* Signaler un bug : https://github.com/YunoHost-Apps/synapse_ynh/issues + +## Informations pour les développeurs + +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). + +Pour essayer la branche testing, procédez comme suit. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug +ou +sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug +``` + +**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file From 6af39e6e086e70e2063eb8f63c48a1e4a597300d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sun, 22 May 2022 21:40:33 +0200 Subject: [PATCH 19/69] Fix install from old version --- check_process | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/check_process b/check_process index 3d5b440..868b46f 100644 --- a/check_process +++ b/check_process @@ -12,7 +12,7 @@ setup_private=0 setup_public=1 upgrade=1 - upgrade=1 from_commit=dbf0a2c9359ccd62b55132cace548b17e44af9bf + upgrade=1 from_commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19 backup_restore=1 multi_instance=0 incorrect_path=0 @@ -21,5 +21,5 @@ ;;; Levels Level 5=auto ;;; Upgrade options - ; commit=dbf0a2c9359ccd62b55132cace548b17e44af9bf - name=Before permission implementation + ; commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19 + name=Before permission implementation (branch old_version_for_CI_4) From deea59a80718d70f865fd4b5eb9f09bdb7276ec4 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Thu, 26 May 2022 14:22:02 +0000 Subject: [PATCH 20/69] Auto-update README --- README.md | 18 ++++++++---------- README_fr.md | 24 +++++++++++++----------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 1d5da0c..42d3fcc 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ It shall NOT be edited by hand. # Synapse for YunoHost -[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Working status](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) [![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) *[Lire ce readme en français.](./README_fr.md)* @@ -21,9 +21,6 @@ Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org **Shipped version:** 1.59.0~ynh1 - - - ## Disclaimers / important information ## Configuration @@ -144,20 +141,21 @@ Before installing a second instance of the app it's really recommended to update ## Documentation and resources -* Official app website: https://matrix.org/ -* Upstream app code repository: https://github.com/matrix-org/synapse -* YunoHost documentation for this app: https://yunohost.org/app_synapse -* Report a bug: https://github.com/YunoHost-Apps/synapse_ynh/issues +* Official app website: +* Upstream app code repository: +* YunoHost documentation for this app: +* Report a bug: ## Developer info Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). To try the testing branch, please proceed like that. -``` + +``` bash sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug or sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug ``` -**More info regarding app packaging:** https://yunohost.org/packaging_apps \ No newline at end of file +**More info regarding app packaging:** diff --git a/README_fr.md b/README_fr.md index f0110ef..dedebd0 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,10 +1,14 @@ + + # Synapse pour YunoHost -[![Niveau d'intégration](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) +[![Niveau d'intégration](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) [![Installer Synapse avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) *[Read this readme in english.](./README.md)* -*[Lire ce readme en français.](./README_fr.md)* > *Ce package vous permet d'installer Synapse rapidement et simplement sur un serveur YunoHost. Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* @@ -17,9 +21,6 @@ Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org **Version incluse :** 1.59.0~ynh1 - - - ## Avertissements / informations importantes ## Configuration @@ -140,20 +141,21 @@ Before installing a second instance of the app it's really recommended to update ## Documentations et ressources -* Site officiel de l'app : https://matrix.org/ -* Dépôt de code officiel de l'app : https://github.com/matrix-org/synapse -* Documentation YunoHost pour cette app : https://yunohost.org/app_synapse -* Signaler un bug : https://github.com/YunoHost-Apps/synapse_ynh/issues +* Site officiel de l'app : +* Dépôt de code officiel de l'app : +* Documentation YunoHost pour cette app : +* Signaler un bug : ## Informations pour les développeurs Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). Pour essayer la branche testing, procédez comme suit. -``` + +``` bash sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug ou sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug ``` -**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file +**Plus d'infos sur le packaging d'applications :** From e5f93690dbe93df22217e5c2b5f209c63f46931c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 26 May 2022 16:41:22 +0200 Subject: [PATCH 21/69] Fix linter warning --- check_process | 2 +- config_panel.toml | 6 +++--- manifest.json | 6 +++--- scripts/_common.sh | 1 + scripts/change_url | 4 ++-- scripts/config | 12 ++++++------ scripts/install | 15 +++------------ scripts/upgrade | 9 +++++++-- 8 files changed, 26 insertions(+), 29 deletions(-) diff --git a/check_process b/check_process index 868b46f..36801bc 100644 --- a/check_process +++ b/check_process @@ -2,7 +2,7 @@ ; Manifest domain="domain.tld" (DOMAIN) path="/_matrix/static/" (PATH) - is_public=1 (PUBLIC|public=1|private=0) + is_free_registration=1 (PUBLIC|public=1|private=0) server_name="domain.tld" (DOMAIN) ; Checks pkg_linter=1 diff --git a/config_panel.toml b/config_panel.toml index aeff9ab..4e3c698 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -13,11 +13,11 @@ name = "Synapse configuration" default = false help = "True to send anonymous statistics about synapse to improve the performances" - [synapse_config.server_config.is_public] - ask = "Server public" + [synapse_config.server_config.is_free_registration] + ask = "Server with free registration" type = "boolean" default = false - help = "Is it a public server" + help = "A public server means that anybody will be able to register on this server." [synapse_config.server_config.allow_public_rooms] ask = "Public rooms directory" diff --git a/manifest.json b/manifest.json index d635973..d3519ed 100644 --- a/manifest.json +++ b/manifest.json @@ -47,11 +47,11 @@ "default": "Same than the domain" }, { - "name": "is_public", + "name": "is_free_registration", "type": "boolean", "ask": { - "en": "Is it a public server?", - "fr": "Est-ce un serveur public ?" + "en": "Is it a server with free registration ?", + "fr": "Est-ce un serveur avec création de compte libre ?" }, "default": false, "help": { diff --git a/scripts/_common.sh b/scripts/_common.sh index 2b53b3a..a9a969f 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,5 +1,6 @@ dependances="coturn build-essential python3-dev libffi-dev python3-pip python3-setuptools sqlite3 libssl-dev python3-venv libxml2-dev libxslt1-dev python3-lxml zlib1g-dev libjpeg-dev libpq-dev postgresql acl" python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)" +app=$YNH_APP_INSTANCE_NAME install_sources() { # Install/upgrade synapse in virtualenv diff --git a/scripts/change_url b/scripts/change_url index d1c1bf1..984aca4 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -26,7 +26,7 @@ server_name=$(ynh_app_setting_get --app=$app --key=server_name) final_path=$(ynh_app_setting_get --app=$app --key=final_path) synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) +is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration) port=$(ynh_app_setting_get --app=$app --key=synapse_port) synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) @@ -102,7 +102,7 @@ else macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' fi -if [ $is_public -eq 0 ] +if [ $is_free_registration -eq 0 ] then allowed_access=False sso_enabled=True diff --git a/scripts/config b/scripts/config index 6c1028c..c82486f 100644 --- a/scripts/config +++ b/scripts/config @@ -23,7 +23,7 @@ app=$YNH_APP_INSTANCE_NAME report_stats=$(ynh_app_setting_get --app $app --key report_stats) allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) disable_backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_backup_before_upgrade) -is_public=$(ynh_app_setting_get --app $app --key is_public) +is_free_registration=$(ynh_app_setting_get --app $app --key is_free_registration) jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) @@ -37,7 +37,7 @@ show_config() { ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS=$report_stats" ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS=$allow_public_rooms" ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER=$jitsi_server" - ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=${is_public}" + ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_FREE_REGISTRATION=${is_free_registration}" ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT=${e2e_enabled_by_default}" if [[ ${disable_backup_before_upgrade:-0} -eq 1 ]] @@ -56,7 +56,7 @@ apply_config() { report_stats=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS:-$report_stats} allow_public_rooms=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS:-$allow_public_rooms} do_backup_before_upgrade=${YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE:-} - is_public=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC:-$is_public} + is_free_registration=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_FREE_REGISTRATION:-$is_free_registration} jitsi_server=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER:-$jitsi_server} e2e_enabled_by_default=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT:-$e2e_enabled_by_default} @@ -81,7 +81,7 @@ apply_config() { ynh_app_setting_set --app $app --key report_stats --value $report_stats ynh_app_setting_set --app $app --key allow_public_rooms --value $allow_public_rooms - ynh_app_setting_set --app $app --key is_public --value $is_public + ynh_app_setting_set --app $app --key is_free_registration --value $is_free_registration ynh_app_setting_set --app $app --key jitsi_server --value $jitsi_server ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default @@ -96,7 +96,7 @@ apply_config() { domain=$(ynh_app_setting_get --app $app --key domain) server_name=$(ynh_app_setting_get --app $app --key server_name) synapse_db_pwd=$(ynh_app_setting_get --app $app --key synapse_db_pwd) - is_public=$(ynh_app_setting_get --app $app --key is_public) + is_free_registration=$(ynh_app_setting_get --app $app --key is_free_registration) port=$(ynh_app_setting_get --app $app --key synapse_port) synapse_tls_port=$(ynh_app_setting_get --app $app --key synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app $app --key turnserver_tls_port) @@ -124,7 +124,7 @@ apply_config() { macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' fi - if [ $is_public -eq 0 ] + if [ $is_free_registration -eq 0 ] then allowed_access=False sso_enabled=True diff --git a/scripts/install b/scripts/install index d6cdb88..660f4bf 100644 --- a/scripts/install +++ b/scripts/install @@ -21,15 +21,6 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -domain=$YNH_APP_ARG_DOMAIN -is_public=$YNH_APP_ARG_IS_PUBLIC - -app=$YNH_APP_INSTANCE_NAME - #================================================= # SET CONSTANTS #================================================= @@ -50,7 +41,7 @@ default_domain_value="Same than the domain" domain=$YNH_APP_ARG_DOMAIN server_name=$YNH_APP_ARG_SERVER_NAME -is_public=$YNH_APP_ARG_IS_PUBLIC +is_free_registration=$YNH_APP_ARG_IS_FREE_REGISTRATION jitsi_server=$YNH_APP_ARG_JITSI_SERVER path_url="/_matrix" final_path="/opt/yunohost/matrix-$app" @@ -90,7 +81,7 @@ ynh_app_setting_set --app=$app --key=server_name --value=$server_name ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version -ynh_app_setting_set --app=$app --key=is_public --value=$is_public +ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_registration ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default @@ -279,7 +270,7 @@ ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' -if [ $is_public -eq 0 ] +if [ $is_free_registration -eq 0 ] then allowed_access=False sso_enabled=True diff --git a/scripts/upgrade b/scripts/upgrade index b836c65..6a8ebbe 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -26,7 +26,7 @@ jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) +is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration) port=$(ynh_app_setting_get --app=$app --key=synapse_port) synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) @@ -131,6 +131,11 @@ if [ -z $allow_public_rooms ]; then ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms fi +if [ -z $is_free_registration ]; then + is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public) + ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_registration +fi + #================================================= # MIGRATION 6 : Migrate data directory #================================================= @@ -232,7 +237,7 @@ else macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' fi -if [ $is_public -eq 0 ] +if [ $is_free_registration -eq 0 ] then allowed_access=False sso_enabled=True From 388ebabf39c5dd077996c5bf2d439076bbee2419 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 26 May 2022 17:19:33 +0200 Subject: [PATCH 22/69] Fix warning and create yunohost user for ldap filter and send email correctly --- check_process | 3 + conf/coturn-synapse.service | 30 +++++++ conf/homeserver.yaml | 164 ++++++++++++++++++------------------ conf/matrix-synapse.service | 30 +++++++ manifest.json | 7 +- scripts/change_url | 3 +- scripts/config | 1 + scripts/install | 12 +-- scripts/remove | 2 + scripts/restore | 11 +-- scripts/upgrade | 14 +-- 11 files changed, 163 insertions(+), 114 deletions(-) diff --git a/check_process b/check_process index 36801bc..77174f9 100644 --- a/check_process +++ b/check_process @@ -13,6 +13,7 @@ setup_public=1 upgrade=1 upgrade=1 from_commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19 + upgrade=1 from_commit=6af39e6e086e70e2063eb8f63c48a1e4a597300d backup_restore=1 multi_instance=0 incorrect_path=0 @@ -23,3 +24,5 @@ ;;; Upgrade options ; commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19 name=Before permission implementation (branch old_version_for_CI_4) + ; commit=6af39e6e086e70e2063eb8f63c48a1e4a597300d + name=Before app user creation diff --git a/conf/coturn-synapse.service b/conf/coturn-synapse.service index 13c0687..38ac8a5 100644 --- a/conf/coturn-synapse.service +++ b/conf/coturn-synapse.service @@ -23,5 +23,35 @@ LimitRTTIME=7000000 CPUSchedulingPolicy=other UMask=0007 +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index 9bc9a20..44a6224 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -798,8 +798,6 @@ turn_allow_guests: __ALLOWED_ACCESS__ # enable_registration: __ALLOWED_ACCESS__ -enable_registration_without_verification: __ALLOWED_ACCESS__ - # Optional account validity configuration. This allows for accounts to be denied # any request after a given period. # @@ -1259,85 +1257,85 @@ password_config: # If your SMTP server requires authentication, the optional smtp_user & # smtp_pass variables should be used # -#email: -# enable_notifs: false -# smtp_host: "localhost" -# smtp_port: 25 # SSL: 465, STARTTLS: 587 -# smtp_user: "exampleusername" -# smtp_pass: "examplepassword" -# require_transport_security: false -# notif_from: "Your Friendly %(app)s Home Server " -# app_name: Matrix -# -# # Enable email notifications by default -# # -# notif_for_new_users: true -# -# # Defining a custom URL for Riot is only needed if email notifications -# # should contain links to a self-hosted installation of Riot; when set -# # the "app_name" setting is ignored -# # -# riot_base_url: "http://localhost/riot" -# -# # Configure the time that a validation email or text message code -# # will expire after sending -# # -# # This is currently used for password resets -# # -# #validation_token_lifetime: 1h -# -# # Template directory. All template files should be stored within this -# # directory. If not set, default templates from within the Synapse -# # package will be used -# # -# # For the list of default templates, please see -# # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates -# # -# #template_dir: res/templates -# -# # Templates for email notifications -# # -# notif_template_html: notif_mail.html -# notif_template_text: notif_mail.txt -# -# # Templates for account expiry notices -# # -# expiry_template_html: notice_expiry.html -# expiry_template_text: notice_expiry.txt -# -# # Templates for password reset emails sent by the homeserver -# # -# #password_reset_template_html: password_reset.html -# #password_reset_template_text: password_reset.txt -# -# # Templates for registration emails sent by the homeserver -# # -# #registration_template_html: registration.html -# #registration_template_text: registration.txt -# -# # Templates for validation emails sent by the homeserver when adding an email to -# # your user account -# # -# #add_threepid_template_html: add_threepid.html -# #add_threepid_template_text: add_threepid.txt -# -# # Templates for password reset success and failure pages that a user -# # will see after attempting to reset their password -# # -# #password_reset_template_success_html: password_reset_success.html -# #password_reset_template_failure_html: password_reset_failure.html -# -# # Templates for registration success and failure pages that a user -# # will see after attempting to register using an email or phone -# # -# #registration_template_success_html: registration_success.html -# #registration_template_failure_html: registration_failure.html -# -# # Templates for success and failure pages that a user will see after attempting -# # to add an email or phone to their account -# # -# #add_threepid_success_html: add_threepid_success.html -# #add_threepid_failure_html: add_threepid_failure.html +email: + enable_notifs: true + smtp_host: "localhost" + smtp_port: 587 + smtp_user: __SYNAPSE_USER_APP__ + smtp_pass: __SYNAPSE_USER_APP_PWD__ + require_transport_security: false + notif_from: "Your Friendly %(app)s Home Server <__SYNAPSE_USER_APP__@__DOMAIN__>" + app_name: Matrix-Synapse + + # Enable email notifications by default + # + notif_for_new_users: true + + # Defining a custom URL for Riot is only needed if email notifications + # should contain links to a self-hosted installation of Riot; when set + # the "app_name" setting is ignored + # + riot_base_url: "https://__DOMAIN__/element" + + # Configure the time that a validation email or text message code + # will expire after sending + # + # This is currently used for password resets + # + #validation_token_lifetime: 1h + + # Template directory. All template files should be stored within this + # directory. If not set, default templates from within the Synapse + # package will be used + # + # For the list of default templates, please see + # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates + # + #template_dir: res/templates + + # Templates for email notifications + # + #notif_template_html: notif_mail.html + #notif_template_text: notif_mail.txt + + # Templates for account expiry notices + # + #expiry_template_html: notice_expiry.html + #expiry_template_text: notice_expiry.txt + + # Templates for password reset emails sent by the homeserver + # + #password_reset_template_html: password_reset.html + #password_reset_template_text: password_reset.txt + + # Templates for registration emails sent by the homeserver + # + #registration_template_html: registration.html + #registration_template_text: registration.txt + + # Templates for validation emails sent by the homeserver when adding an email to + # your user account + # + #add_threepid_template_html: add_threepid.html + #add_threepid_template_text: add_threepid.txt + + # Templates for password reset success and failure pages that a user + # will see after attempting to reset their password + # + #password_reset_template_success_html: password_reset_success.html + #password_reset_template_failure_html: password_reset_failure.html + + # Templates for registration success and failure pages that a user + # will see after attempting to register using an email or phone + # + #registration_template_success_html: registration_success.html + #registration_template_failure_html: registration_failure.html + + # Templates for success and failure pages that a user will see after attempting + # to add an email or phone to their account + # + #add_threepid_success_html: add_threepid_success.html + #add_threepid_failure_html: add_threepid_failure.html password_providers: @@ -1352,8 +1350,8 @@ password_providers: uid: "uid" mail: "mail" name: "givenName" -# #bind_dn: # TODO Add authentication to have the filter working -# #bind_password: + bind_dn: __SYNAPSE_USER_APP__ + bind_password: __SYNAPSE_USER_APP_PWD__ filter: "(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))" diff --git a/conf/matrix-synapse.service b/conf/matrix-synapse.service index 57d205d..8d199e7 100644 --- a/conf/matrix-synapse.service +++ b/conf/matrix-synapse.service @@ -13,5 +13,35 @@ Restart=always RestartSec=3 RuntimeDirectory=%i +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/manifest.json b/manifest.json index d3519ed..55e5c15 100644 --- a/manifest.json +++ b/manifest.json @@ -29,12 +29,7 @@ "install" : [ { "name": "domain", - "type": "domain", - "ask": { - "en": "Choose a domain for Synapse", - "fr": "Choisissez un domaine pour Synapse" - }, - "example": "synapse.domain.org" + "type": "domain" }, { "name": "server_name", diff --git a/scripts/change_url b/scripts/change_url index 984aca4..b7135b4 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -35,13 +35,12 @@ cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) -ynh_print_OFF synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) -ynh_print_ON +synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) synapse_user="matrix-$app" synapse_db_name="matrix_$app" diff --git a/scripts/config b/scripts/config index c82486f..be1c247 100644 --- a/scripts/config +++ b/scripts/config @@ -26,6 +26,7 @@ disable_backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_bac is_free_registration=$(ynh_app_setting_get --app $app --key is_free_registration) jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) +synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) #================================================= # SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND diff --git a/scripts/install b/scripts/install index 660f4bf..652ec8b 100644 --- a/scripts/install +++ b/scripts/install @@ -26,6 +26,8 @@ ynh_abort_if_errors #================================================= synapse_user="matrix-$app" +synapse_user_app="$synapse_user-app" +synapse_user_app_pwd="$(ynh_string_random --length=30)" synapse_db_name="matrix_$app" synapse_db_user="matrix_$app" synapse_db_name="matrix_$app" @@ -56,8 +58,6 @@ fi # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." --weight=2 - -[ $(ynh_webpath_available --domain=$domain --path_url=$path_url) == "True" ] || ynh_die --message="$domain is not available as domain, please use an other domain." test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain." # Check Final Path availability @@ -85,6 +85,7 @@ ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_regis ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default +ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd #================================================= # STANDARD MODIFICATIONS @@ -143,6 +144,7 @@ ynh_install_app_dependencies $dependances ynh_script_progression --message="Configuring system user..." --weight=3 ynh_system_user_create --username=$synapse_user --home_dir=$final_path +yunohost user create $synapse_user_app -f Synapse -l Application -m synapse@$domain -p "$synapse_user_app_pwd" adduser $synapse_user ssl-cert adduser turnserver ssl-cert @@ -151,16 +153,12 @@ adduser turnserver ssl-cert #================================================= ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4 -ynh_print_OFF synapse_db_pwd=$(ynh_string_random --length=30) ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd -ynh_print_ON # Create postgresql database ynh_psql_test_if_first_run -ynh_print_OFF ynh_psql_create_user $synapse_db_user $synapse_db_pwd -ynh_print_ON ynh_psql_execute_as_root \ --sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" @@ -213,7 +211,6 @@ deactivate set -u; # Get random values from config -ynh_print_OFF registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2) form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2) macaroon_secret_key=$(egrep "^macaroon_secret_key:" homeserver.yml | cut -d'"' -f2) @@ -222,7 +219,6 @@ macaroon_secret_key=$(egrep "^macaroon_secret_key:" homeserver.yml | cut -d'"' - ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret" ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret" ynh_app_setting_set --app=$app --key=macaroon_secret_key --value="$macaroon_secret_key" -ynh_print_ON #================================================= # SETUP SYSTEMD diff --git a/scripts/remove b/scripts/remove index 7c4e3fc..efd7105 100755 --- a/scripts/remove +++ b/scripts/remove @@ -29,6 +29,7 @@ turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tl #================================================= synapse_user="matrix-$app" +synapse_user_app="$synapse_user-app" synapse_db_name="matrix_$app" synapse_db_user="matrix_$app" synapse_db_name="matrix_$app" @@ -142,6 +143,7 @@ ynh_script_progression --message="Removing the dedicated system user" --weight=1 # Delete a system user ynh_system_user_delete --username=$synapse_user +yunohost user delete $synapse_user_app #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index 3762652..7de4732 100644 --- a/scripts/restore +++ b/scripts/restore @@ -37,15 +37,15 @@ synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) -ynh_print_OFF synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) -ynh_print_ON +synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) #================================================= # SET ALL CONSTANT #================================================= synapse_user="matrix-$app" +synapse_user_app="$synapse_user-app" synapse_db_name="matrix_$app" synapse_db_user="matrix_$app" synapse_db_name="matrix_$app" @@ -58,8 +58,6 @@ data_path="/home/yunohost.app/matrix-$app" #================================================= ynh_script_progression --message="Validating restoration parameters..." --weight=2 -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " @@ -81,6 +79,7 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei # Create the dedicated user (if not existing) ynh_system_user_create --username=$synapse_user --home_dir=$final_path +yunohost user create $synapse_user_app -f Synapse -l Application -m synapse@$domain -p "$synapse_user_app_pwd" adduser $synapse_user ssl-cert adduser turnserver ssl-cert @@ -110,9 +109,7 @@ ynh_systemd_action --action=restart --service_name=fail2ban ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13 ynh_psql_test_if_first_run -ynh_print_OFF ynh_psql_create_user $synapse_db_user $synapse_db_pwd -ynh_print_ON ynh_psql_execute_as_root \ --sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' @@ -165,9 +162,7 @@ ynh_script_progression --message="Reconfiguring coturn..." --weight=23 turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) -ynh_print_OFF turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) -ynh_print_ON # WARNING : these commands are used in INSTALL, UPGRADE # For any update do it in all files diff --git a/scripts/upgrade b/scripts/upgrade index 6a8ebbe..580bffb 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -35,13 +35,12 @@ cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) -ynh_print_OFF synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) -ynh_print_ON +synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) #================================================= # SET ALL CONSTANT @@ -136,6 +135,12 @@ if [ -z $is_free_registration ]; then ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_registration fi +if [ -z $synapse_user_app_pwd ]; then + synapse_user_app_pwd="$(ynh_string_random --length=30)" + ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd + yunohost user create $synapse_user_app -f Synapse -l Application -m synapse@$domain -p "$synapse_user_app_pwd" +fi + #================================================= # MIGRATION 6 : Migrate data directory #================================================= @@ -188,10 +193,8 @@ chown $synapse_user:root -R $final_www_path # MIGRATION 1 : GENERATE SYNAPSE SECRET #================================================= -ynh_print_OFF if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ] then - ynh_print_ON ynh_script_progression --message="Generating synapse secret..." --weight=1 # Go in virtualenvironnement @@ -208,16 +211,13 @@ then set -u; # Get random values from config - ynh_print_OFF registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2) form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2) # store in yunohost settings ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret" ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret" - ynh_print_ON fi -ynh_print_ON #================================================= # UPDATE SYNAPSE CONFIG From dc8319dc04e8572e920ad6bd515f0c25fe29a3c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 26 May 2022 17:27:30 +0200 Subject: [PATCH 23/69] Fix install --- scripts/change_url | 1 + scripts/install | 4 ++-- scripts/remove | 2 +- scripts/restore | 4 ++-- scripts/upgrade | 3 ++- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/scripts/change_url b/scripts/change_url index b7135b4..b0488cc 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -43,6 +43,7 @@ macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) synapse_user="matrix-$app" +synapse_user_app="$app" synapse_db_name="matrix_$app" synapse_db_user="matrix_$app" synapse_db_name="matrix_$app" diff --git a/scripts/install b/scripts/install index 652ec8b..55d2768 100644 --- a/scripts/install +++ b/scripts/install @@ -26,7 +26,7 @@ ynh_abort_if_errors #================================================= synapse_user="matrix-$app" -synapse_user_app="$synapse_user-app" +synapse_user_app="$app" synapse_user_app_pwd="$(ynh_string_random --length=30)" synapse_db_name="matrix_$app" synapse_db_user="matrix_$app" @@ -144,7 +144,7 @@ ynh_install_app_dependencies $dependances ynh_script_progression --message="Configuring system user..." --weight=3 ynh_system_user_create --username=$synapse_user --home_dir=$final_path -yunohost user create $synapse_user_app -f Synapse -l Application -m synapse@$domain -p "$synapse_user_app_pwd" +yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd" adduser $synapse_user ssl-cert adduser turnserver ssl-cert diff --git a/scripts/remove b/scripts/remove index efd7105..7452c0c 100755 --- a/scripts/remove +++ b/scripts/remove @@ -29,7 +29,7 @@ turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tl #================================================= synapse_user="matrix-$app" -synapse_user_app="$synapse_user-app" +synapse_user_app="$app" synapse_db_name="matrix_$app" synapse_db_user="matrix_$app" synapse_db_name="matrix_$app" diff --git a/scripts/restore b/scripts/restore index 7de4732..fbd5353 100644 --- a/scripts/restore +++ b/scripts/restore @@ -45,7 +45,7 @@ synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd #================================================= synapse_user="matrix-$app" -synapse_user_app="$synapse_user-app" +synapse_user_app="$app" synapse_db_name="matrix_$app" synapse_db_user="matrix_$app" synapse_db_name="matrix_$app" @@ -79,7 +79,7 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei # Create the dedicated user (if not existing) ynh_system_user_create --username=$synapse_user --home_dir=$final_path -yunohost user create $synapse_user_app -f Synapse -l Application -m synapse@$domain -p "$synapse_user_app_pwd" +yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd" adduser $synapse_user ssl-cert adduser turnserver ssl-cert diff --git a/scripts/upgrade b/scripts/upgrade index 580bffb..42b72bc 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -47,6 +47,7 @@ synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd #================================================= synapse_user="matrix-$app" +synapse_user_app="$app" synapse_db_name="matrix_$app" synapse_db_user="matrix_$app" synapse_db_name="matrix_$app" @@ -138,7 +139,7 @@ fi if [ -z $synapse_user_app_pwd ]; then synapse_user_app_pwd="$(ynh_string_random --length=30)" ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd - yunohost user create $synapse_user_app -f Synapse -l Application -m synapse@$domain -p "$synapse_user_app_pwd" + yunohost user create $synapse_user_app -f Synapse -l Application -m $domain -p "$synapse_user_app_pwd" fi #================================================= From bca2cfba47e43ba5d29c73f00141017c8927ca76 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Thu, 26 May 2022 15:28:09 +0000 Subject: [PATCH 24/69] Auto-update README --- README.md | 18 ++++++++---------- README_fr.md | 24 +++++++++++++----------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 1d5da0c..42d3fcc 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ It shall NOT be edited by hand. # Synapse for YunoHost -[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Working status](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) [![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) *[Lire ce readme en français.](./README_fr.md)* @@ -21,9 +21,6 @@ Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org **Shipped version:** 1.59.0~ynh1 - - - ## Disclaimers / important information ## Configuration @@ -144,20 +141,21 @@ Before installing a second instance of the app it's really recommended to update ## Documentation and resources -* Official app website: https://matrix.org/ -* Upstream app code repository: https://github.com/matrix-org/synapse -* YunoHost documentation for this app: https://yunohost.org/app_synapse -* Report a bug: https://github.com/YunoHost-Apps/synapse_ynh/issues +* Official app website: +* Upstream app code repository: +* YunoHost documentation for this app: +* Report a bug: ## Developer info Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). To try the testing branch, please proceed like that. -``` + +``` bash sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug or sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug ``` -**More info regarding app packaging:** https://yunohost.org/packaging_apps \ No newline at end of file +**More info regarding app packaging:** diff --git a/README_fr.md b/README_fr.md index f0110ef..dedebd0 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,10 +1,14 @@ + + # Synapse pour YunoHost -[![Niveau d'intégration](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) +[![Niveau d'intégration](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) [![Installer Synapse avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) *[Read this readme in english.](./README.md)* -*[Lire ce readme en français.](./README_fr.md)* > *Ce package vous permet d'installer Synapse rapidement et simplement sur un serveur YunoHost. Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* @@ -17,9 +21,6 @@ Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org **Version incluse :** 1.59.0~ynh1 - - - ## Avertissements / informations importantes ## Configuration @@ -140,20 +141,21 @@ Before installing a second instance of the app it's really recommended to update ## Documentations et ressources -* Site officiel de l'app : https://matrix.org/ -* Dépôt de code officiel de l'app : https://github.com/matrix-org/synapse -* Documentation YunoHost pour cette app : https://yunohost.org/app_synapse -* Signaler un bug : https://github.com/YunoHost-Apps/synapse_ynh/issues +* Site officiel de l'app : +* Dépôt de code officiel de l'app : +* Documentation YunoHost pour cette app : +* Signaler un bug : ## Informations pour les développeurs Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). Pour essayer la branche testing, procédez comme suit. -``` + +``` bash sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug ou sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug ``` -**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file +**Plus d'infos sur le packaging d'applications :** From 0c09b361df0b28662b157bb685544d0654ff7dc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Fri, 27 May 2022 20:56:40 +0200 Subject: [PATCH 25/69] Fix systemd unit --- conf/coturn-synapse.service | 1 - conf/matrix-synapse.service | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/conf/coturn-synapse.service b/conf/coturn-synapse.service index 38ac8a5..ebbf25c 100644 --- a/conf/coturn-synapse.service +++ b/conf/coturn-synapse.service @@ -30,7 +30,6 @@ UMask=0007 NoNewPrivileges=yes PrivateTmp=yes PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 RestrictNamespaces=yes RestrictRealtime=yes DevicePolicy=closed diff --git a/conf/matrix-synapse.service b/conf/matrix-synapse.service index 8d199e7..bc68929 100644 --- a/conf/matrix-synapse.service +++ b/conf/matrix-synapse.service @@ -6,12 +6,12 @@ After=network.target Type=simple User=matrix-__APP__ WorkingDirectory=/opt/yunohost/matrix-__APP__ +BindPaths=/etc/matrix-__APP__ EnvironmentFile=/etc/default/matrix-__APP__ ExecStartPre=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ --generate-keys ExecStart=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ Restart=always RestartSec=3 -RuntimeDirectory=%i # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these From 45a06ac69ada209acab65363222ed84a0fa34213 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sat, 28 May 2022 00:17:09 +0200 Subject: [PATCH 26/69] Update configuration from upstream --- conf/homeserver.yaml | 2241 ++++++++++++++++++++++++++++++++---------- scripts/_common.sh | 6 + scripts/change_url | 1 + scripts/config | 1 + scripts/install | 1 + scripts/upgrade | 1 + 6 files changed, 1724 insertions(+), 527 deletions(-) diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index 44a6224..c074c59 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -1,11 +1,46 @@ -# vim:ft=yaml +# Configuration file for Synapse. +# +# This is a YAML file: see [1] for a quick introduction. Note in particular +# that *indentation is important*: all the elements of a list or dictionary +# should have the same indentation. +# +# [1] https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html + + +## Modules ## + +# Server admins can expand Synapse's functionality with external modules. +# +# See https://matrix-org.github.io/synapse/latest/modules/index.html for more +# documentation on how to configure or create custom modules for Synapse. +# +modules: + #- module: my_super_module.MySuperClass + # config: + # do_thing: true + #- module: my_other_super_module.SomeClass + # config: {} + ## Server ## -# The domain name of the server, with optional explicit port. -# This is used by remote servers to connect to this server, -# e.g. matrix.org, localhost:8080, etc. -# This is also the last part of your UserID. +# The public-facing domain of the server +# +# The server_name name will appear at the end of usernames and room addresses +# created on this server. For example if the server_name was example.com, +# usernames on this server would be in the format @user:example.com +# +# In most cases you should avoid using a matrix specific subdomain such as +# matrix.example.com or synapse.example.com as the server_name for the same +# reasons you wouldn't use user@email.example.com as your email address. +# See https://matrix-org.github.io/synapse/latest/delegate.html +# for information on how to host Synapse on a subdomain while preserving +# a clean server_name. +# +# The server_name cannot be changed later so it is important to +# configure this correctly before you start Synapse. It should be all +# lowercase and may contain an explicit port. +# Examples: matrix.org, localhost:8080 # server_name: "__SERVER_NAME__" @@ -13,63 +48,115 @@ server_name: "__SERVER_NAME__" # pid_file: /run/matrix-__APP__/homeserver.pid -# The path to the web client which will be served at /_matrix/client/ -# if 'webclient' is configured under the 'listeners' configuration. +# The absolute URL to the web client which / will redirect to. # -#web_client_location: "/path/to/web/root" +#web_client_location: https://riot.example.com/ -# The public-facing base URL that clients use to access this HS -# (not including _matrix/...). This is the same URL a user would -# enter into the 'custom HS URL' field on their client. If you -# use synapse with a reverse proxy, this should be the URL to reach -# synapse via the proxy. +# The public-facing base URL that clients use to access this Homeserver (not +# including _matrix/...). This is the same URL a user might enter into the +# 'Custom Homeserver URL' field on their client. If you use Synapse with a +# reverse proxy, this should be the URL to reach Synapse via the proxy. +# Otherwise, it should be the URL to reach Synapse's client HTTP listener (see +# 'listeners' below). +# +# Defaults to 'https:///'. # public_baseurl: https://__DOMAIN__/ +# Uncomment the following to tell other servers to send federation traffic on +# port 443. +# +# By default, other servers will try to reach our server on port 8448, which can +# be inconvenient in some environments. +# +# Provided 'https:///' on port 443 is routed to Synapse, this +# option configures Synapse to serve a file at +# 'https:///.well-known/matrix/server'. This will tell other +# servers to send traffic to port 443 instead. +# +# See https://matrix-org.github.io/synapse/latest/delegate.html for more +# information. +# +# Defaults to 'false'. +# +#serve_server_wellknown: true + # Set the soft limit on the number of file descriptors synapse can use # Zero is used to indicate synapse should set the soft limit to the # hard limit. # #soft_file_limit: 0 -# Set to false to disable presence tracking on this homeserver. +# Presence tracking allows users to see the state (e.g online/offline) +# of other local and remote users. # -#use_presence: false +presence: + # Uncomment to disable presence tracking on this homeserver. This option + # replaces the previous top-level 'use_presence' option. + # + #enabled: false # Whether to require authentication to retrieve profile data (avatars, # display names) of other users through the client API. Defaults to # 'false'. Note that profile data is also available via the federation -# API, so this setting is of limited value if federation is enabled on -# the server. +# API, unless allow_profile_lookup_over_federation is set to false. # #require_auth_for_profile_requests: true -# If set to 'false', requires authentication to access the server's public rooms -# directory through the client API. Defaults to 'true'. +# Uncomment to require a user to share a room with another user in order +# to retrieve their profile information. Only checked on Client-Server +# requests. Profile requests from other servers should be checked by the +# requesting server. Defaults to 'false'. +# +#limit_profile_requests_to_users_who_share_rooms: true + +# Uncomment to prevent a user's profile data from being retrieved and +# displayed in a room until they have joined it. By default, a user's +# profile data is included in an invite event, regardless of the values +# of the above two settings, and whether or not the users share a server. +# Defaults to 'true'. +# +#include_profile_data_on_invite: false + +# If set to 'true', removes the need for authentication to access the server's +# public rooms directory through the client API, meaning that anyone can +# query the room directory. Defaults to 'false'. # allow_public_rooms_without_auth: __ALLOW_PUBLIC_ROOMS__ -# If set to 'false', forbids any other homeserver to fetch the server's public -# rooms directory via federation. Defaults to 'true'. +# If set to 'true', allows any other homeserver to fetch the server's public +# rooms directory via federation. Defaults to 'false'. # allow_public_rooms_over_federation: __ALLOW_PUBLIC_ROOMS__ # The default room version for newly created rooms. # # Known room versions are listed here: -# https://matrix.org/docs/spec/#complete-list-of-room-versions +# https://spec.matrix.org/latest/rooms/#complete-list-of-room-versions # # For example, for room version 1, default_room_version should be set # to "1". # -#default_room_version: "4" +#default_room_version: "9" # The GC threshold parameters to pass to `gc.set_threshold`, if defined # #gc_thresholds: [700, 10, 10] +# The minimum time in seconds between each GC for a generation, regardless of +# the GC thresholds. This ensures that we don't do GC too frequently. +# +# A value of `[1s, 10s, 30s]` indicates that a second must pass between consecutive +# generation 0 GCs, etc. +# +# Defaults to `[1s, 10s, 30s]`. +# +#gc_min_interval: [0.5s, 30s, 1m] + # Set the limit on the returned events in the timeline in the get -# and sync operations. The default value is -1, means no upper limit. +# and sync operations. The default value is 100. -1 means no upper limit. +# +# Uncomment the following to increase the limit to 5000. # #filter_timeline_limit: 5000 @@ -85,37 +172,52 @@ allow_public_rooms_over_federation: __ALLOW_PUBLIC_ROOMS__ # #enable_search: false -# Restrict federation to the following whitelist of domains. -# N.B. we recommend also firewalling your federation listener to limit -# inbound federation traffic as early as possible, rather than relying -# purely on this application-layer restriction. If not specified, the -# default is to whitelist everything. +# Prevent outgoing requests from being sent to the following blacklisted IP address +# CIDR ranges. If this option is not specified then it defaults to private IP +# address ranges (see the example below). # -#federation_domain_whitelist: -# - lon.example.com -# - nyc.example.com -# - syd.example.com - -# Prevent federation requests from being sent to the following -# blacklist IP address CIDR ranges. If this option is not specified, or -# specified with an empty list, no ip range blacklist will be enforced. -# -# As of Synapse v1.4.0 this option also affects any outbound requests to identity -# servers provided by user input. +# The blacklist applies to the outbound requests for federation, identity servers, +# push servers, and for checking key validity for third-party invite events. # # (0.0.0.0 and :: are always blacklisted, whether or not they are explicitly # listed here, since they correspond to unroutable addresses.) # -federation_ip_range_blacklist: - - '127.0.0.0/8' - - '10.0.0.0/8' - - '172.16.0.0/12' - - '192.168.0.0/16' - - '100.64.0.0/10' - - '169.254.0.0/16' - - '::1/128' - - 'fe80::/64' - - 'fc00::/7' +# This option replaces federation_ip_range_blacklist in Synapse v1.25.0. +# +# Note: The value is ignored when an HTTP proxy is in use +# +ip_range_blacklist: + - '127.0.0.0/8' + - '10.0.0.0/8' + - '172.16.0.0/12' + - '192.168.0.0/16' + - '100.64.0.0/10' + - '192.0.0.0/24' + - '169.254.0.0/16' + - '192.88.99.0/24' + - '198.18.0.0/15' + - '192.0.2.0/24' + - '198.51.100.0/24' + - '203.0.113.0/24' + - '224.0.0.0/4' + - '::1/128' + - 'fe80::/10' + - 'fc00::/7' + - '2001:db8::/32' + - 'ff00::/8' + - 'fec0::/10' + +# List of IP address CIDR ranges that should be allowed for federation, +# identity servers, push servers, and for checking key validity for +# third-party invite events. This is useful for specifying exceptions to +# wide-ranging blacklisted target IP ranges - e.g. for communication with +# a push server only visible in your network. +# +# This whitelist overrides ip_range_blacklist and defaults to an empty +# list. +# +#ip_range_whitelist: +# - '192.168.1.1' # List of ports that Synapse should listen on, their purpose and their # configuration. @@ -128,9 +230,9 @@ federation_ip_range_blacklist: # 'all local interfaces'. # # type: the type of listener. Normally 'http', but other valid options are: -# 'manhole' (see docs/manhole.md), -# 'metrics' (see docs/metrics-howto.md), -# 'replication' (see docs/workers.md). +# 'manhole' (see https://matrix-org.github.io/synapse/latest/manhole.html), +# 'metrics' (see https://matrix-org.github.io/synapse/latest/metrics-howto.html), +# 'replication' (see https://matrix-org.github.io/synapse/latest/workers.html). # # tls: set to true to enable TLS for this listener. Will use the TLS # key/cert specified in tls_private_key_path / tls_certificate_path. @@ -145,7 +247,7 @@ federation_ip_range_blacklist: # names: a list of names of HTTP resources. See below for a list of # valid resource names. # -# compress: set to true to enable HTTP comression for this resource. +# compress: set to true to enable HTTP compression for this resource. # # additional_resources: Only valid for an 'http' listener. A map of # additional endpoints which should be loaded via dynamic modules. @@ -155,8 +257,8 @@ federation_ip_range_blacklist: # client: the client-server API (/_matrix/client), and the synapse admin # API (/_synapse/admin). Also implies 'media' and 'static'. # -# consent: user consent forms (/_matrix/consent). See -# docs/consent_tracking.md. +# consent: user consent forms (/_matrix/consent). +# See https://matrix-org.github.io/synapse/latest/consent_tracking.html. # # federation: the server-server API (/_matrix/federation). Also implies # 'media', 'keys', 'openid' @@ -165,18 +267,17 @@ federation_ip_range_blacklist: # # media: the media API (/_matrix/media). # -# metrics: the metrics interface. See docs/metrics-howto.md. +# metrics: the metrics interface. +# See https://matrix-org.github.io/synapse/latest/metrics-howto.html. # # openid: OpenID authentication. # -# replication: the HTTP replication API (/_synapse/replication). See -# docs/workers.md. +# replication: the HTTP replication API (/_synapse/replication). +# See https://matrix-org.github.io/synapse/latest/workers.html. # # static: static resources under synapse/static (/_matrix/static). (Mostly # useful for 'fallback authentication'.) # -# webclient: A web client. Requires web_client_location to be set. -# listeners: # TLS-enabled listener: for when matrix traffic is sent directly to synapse. # @@ -194,7 +295,7 @@ listeners: # that unwraps TLS. # # If you plan to use a reverse proxy, please see - # https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.md. + # https://matrix-org.github.io/synapse/latest/reverse_proxy.html. # - port: __PORT__ tls: false @@ -220,12 +321,42 @@ listeners: # bind_addresses: ['::1', '127.0.0.1'] # type: manhole +# Connection settings for the manhole +# +#manhole_settings: + # The username for the manhole. This defaults to 'matrix'. + # + #username: manhole + + # The password for the manhole. This defaults to 'rabbithole'. + # + #password: mypassword + + # The private and public SSH key pair used to encrypt the manhole traffic. + # If these are left unset, then hardcoded and non-secret keys are used, + # which could allow traffic to be intercepted if sent over a public network. + # + #ssh_priv_key_path: /root/id_rsa + #ssh_pub_key_path: /root/id_rsa.pub + +# Forward extremities can build up in a room due to networking delays between +# homeservers. Once this happens in a large room, calculation of the state of +# that room can become quite expensive. To mitigate this, once the number of +# forward extremities reaches a given threshold, Synapse will send an +# org.matrix.dummy_event event, which will reduce the forward extremities +# in the room. +# +# This setting defines the threshold (i.e. number of forward extremities in the +# room) at which dummy events are sent. The default value is 10. +# +#dummy_events_threshold: 5 + ## Homeserver blocking ## # How to reach the server admin, used in ResourceLimitError # -#admin_contact: 'mailto:admin@server.com' +admin_contact: 'mailto:root' # Global blocking # @@ -238,7 +369,7 @@ listeners: # number of monthly active users. # # 'limit_usage_by_mau' disables/enables monthly active user blocking. When -# anabled and a limit is reached the server returns a 'ResourceLimitError' +# enabled and a limit is reached the server returns a 'ResourceLimitError' # with error type Codes.RESOURCE_LIMIT_EXCEEDED # # 'max_mau_value' is the hard limit of monthly active users above which @@ -250,6 +381,11 @@ listeners: # sign up in a short space of time never to return after their initial # session. # +# The option `mau_appservice_trial_days` is similar to `mau_trial_days`, but +# applies a different trial number if the user was registered by an appservice. +# A value of 0 means no trial days are applied. Appservices not listed in this +# dictionary use the value of `mau_trial_days` instead. +# # 'mau_limit_alerting' is a means of limiting client side alerting # should the mau limit be reached. This is useful for small instances # where the admin has 5 mau seats (say) for 5 specific people and no @@ -260,6 +396,8 @@ listeners: #max_mau_value: 50 #mau_trial_days: 2 #mau_limit_alerting: false +#mau_appservice_trial_days: +# "appservice-id": 1 # If enabled, the metrics for the number of monthly active users will # be populated, however no one will be limited. If limit_usage_by_mau @@ -277,22 +415,31 @@ listeners: # Used by phonehome stats to group together related servers. #server_context: context -# Resource-constrained Homeserver Settings +# Resource-constrained homeserver settings # -# If limit_remote_rooms.enabled is True, the room complexity will be -# checked before a user joins a new remote room. If it is above -# limit_remote_rooms.complexity, it will disallow joining or -# instantly leave. +# When this is enabled, the room "complexity" will be checked before a user +# joins a new remote room. If it is above the complexity limit, the server will +# disallow joining, or will instantly leave. # -# limit_remote_rooms.complexity_error can be set to customise the text -# displayed to the user when a room above the complexity threshold has -# its join cancelled. +# Room complexity is an arbitrary measure based on factors such as the number of +# users in the room. # -# Uncomment the below lines to enable: #limit_remote_rooms: -# enabled: true -# complexity: 1.0 -# complexity_error: "This room is too complex." + # Uncomment to enable room complexity checking. + # + #enabled: true + + # the limit above which rooms cannot be joined. The default is 1.0. + # + #complexity: 0.5 + + # override the error which is returned when the room is too complex. + # + #complexity_error: "This room is too complex." + + # allow server admins to join complex rooms. Default is false. + # + #admins_can_join: true # Whether to require a user to be in the room to add an alias to it. # Defaults to 'true'. @@ -305,6 +452,20 @@ listeners: # #allow_per_room_profiles: false +# The largest allowed file size for a user avatar. Defaults to no restriction. +# +# Note that user avatar changes will not work if this is set without +# using Synapse's media repository. +# +#max_avatar_size: 10M + +# The MIME types allowed for user avatars. Defaults to no restriction. +# +# Note that user avatar changes will not work if this is set without +# using Synapse's media repository. +# +#allowed_avatar_mimetypes: ["image/png", "image/jpeg", "image/gif"] + # How long to keep redacted events in unredacted form in the database. After # this period redacted events get replaced with their redacted form in the DB. # @@ -318,6 +479,126 @@ listeners: # #user_ips_max_age: 14d +# Inhibits the /requestToken endpoints from returning an error that might leak +# information about whether an e-mail address is in use or not on this +# homeserver. +# Note that for some endpoints the error situation is the e-mail already being +# used, and for others the error is entering the e-mail being unused. +# If this option is enabled, instead of returning an error, these endpoints will +# act as if no error happened and return a fake session ID ('sid') to clients. +# +#request_token_inhibit_3pid_errors: true + +# A list of domains that the domain portion of 'next_link' parameters +# must match. +# +# This parameter is optionally provided by clients while requesting +# validation of an email or phone number, and maps to a link that +# users will be automatically redirected to after validation +# succeeds. Clients can make use this parameter to aid the validation +# process. +# +# The whitelist is applied whether the homeserver or an +# identity server is handling validation. +# +# The default value is no whitelist functionality; all domains are +# allowed. Setting this value to an empty list will instead disallow +# all domains. +# +#next_link_domain_whitelist: ["matrix.org"] + +# Templates to use when generating email or HTML page contents. +# +#templates: + # Directory in which Synapse will try to find template files to use to generate + # email or HTML page contents. + # If not set, or a file is not found within the template directory, a default + # template from within the Synapse package will be used. + # + # See https://matrix-org.github.io/synapse/latest/templates.html for more + # information about using custom templates. + # + #custom_template_directory: /path/to/custom/templates/ + +# List of rooms to exclude from sync responses. This is useful for server +# administrators wishing to group users into a room without these users being able +# to see it from their client. +# +# By default, no room is excluded. +# +#exclude_rooms_from_sync: +# - !foo:example.com + + +# Message retention policy at the server level. +# +# Room admins and mods can define a retention period for their rooms using the +# 'm.room.retention' state event, and server admins can cap this period by setting +# the 'allowed_lifetime_min' and 'allowed_lifetime_max' config options. +# +# If this feature is enabled, Synapse will regularly look for and purge events +# which are older than the room's maximum retention period. Synapse will also +# filter events received over federation so that events that should have been +# purged are ignored and not stored again. +# +#retention: + # The message retention policies feature is disabled by default. Uncomment the + # following line to enable it. + # + #enabled: true + + # Default retention policy. If set, Synapse will apply it to rooms that lack the + # 'm.room.retention' state event. Currently, the value of 'min_lifetime' doesn't + # matter much because Synapse doesn't take it into account yet. + # + #default_policy: + # min_lifetime: 1d + # max_lifetime: 1y + + # Retention policy limits. If set, and the state of a room contains a + # 'm.room.retention' event in its state which contains a 'min_lifetime' or a + # 'max_lifetime' that's out of these bounds, Synapse will cap the room's policy + # to these limits when running purge jobs. + # + #allowed_lifetime_min: 1d + #allowed_lifetime_max: 1y + + # Server admins can define the settings of the background jobs purging the + # events which lifetime has expired under the 'purge_jobs' section. + # + # If no configuration is provided, a single job will be set up to delete expired + # events in every room daily. + # + # Each job's configuration defines which range of message lifetimes the job + # takes care of. For example, if 'shortest_max_lifetime' is '2d' and + # 'longest_max_lifetime' is '3d', the job will handle purging expired events in + # rooms whose state defines a 'max_lifetime' that's both higher than 2 days, and + # lower than or equal to 3 days. Both the minimum and the maximum value of a + # range are optional, e.g. a job with no 'shortest_max_lifetime' and a + # 'longest_max_lifetime' of '3d' will handle every room with a retention policy + # which 'max_lifetime' is lower than or equal to three days. + # + # The rationale for this per-job configuration is that some rooms might have a + # retention policy with a low 'max_lifetime', where history needs to be purged + # of outdated messages on a more frequent basis than for the rest of the rooms + # (e.g. every 12h), but not want that purge to be performed by a job that's + # iterating over every room it knows, which could be heavy on the server. + # + # If any purge job is configured, it is strongly recommended to have at least + # a single job with neither 'shortest_max_lifetime' nor 'longest_max_lifetime' + # set, or one job without 'shortest_max_lifetime' and one job without + # 'longest_max_lifetime' set. Otherwise some rooms might be ignored, even if + # 'allowed_lifetime_min' and 'allowed_lifetime_max' are set, because capping a + # room's policy to these values is done after the policies are retrieved from + # Synapse's database (which is done using the range specified in a purge job's + # configuration). + # + #purge_jobs: + # - longest_max_lifetime: 3d + # interval: 12h + # - shortest_max_lifetime: 3d + # interval: 1d + ## TLS ## @@ -325,13 +606,9 @@ listeners: # This certificate, as of Synapse 1.0, will need to be a valid and verifiable # certificate, signed by a recognised Certificate Authority. # -# See 'ACME support' below to enable auto-provisioning this certificate via -# Let's Encrypt. -# -# If supplying your own, be sure to use a `.pem` file that includes the -# full certificate chain including any intermediate certificates (for -# instance, if using certbot, use `fullchain.pem` as your certificate, -# not `cert.pem`). +# Be sure to use a `.pem` file that includes the full certificate chain including +# any intermediate certificates (for instance, if using certbot, use +# `fullchain.pem` as your certificate, not `cert.pem`). # tls_certificate_path: "/etc/yunohost/certs/__DOMAIN__/crt.pem" @@ -366,8 +643,8 @@ tls_private_key_path: "/etc/yunohost/certs/__DOMAIN__/key.pem" # #federation_certificate_verification_whitelist: # - lon.example.com -# - *.domain.com -# - *.onion +# - "*.domain.com" +# - "*.onion" # List of custom certificate authorities for federation traffic. # @@ -382,121 +659,163 @@ tls_private_key_path: "/etc/yunohost/certs/__DOMAIN__/key.pem" # - myCA2.pem # - myCA3.pem -# ACME support: This will configure Synapse to request a valid TLS certificate -# for your configured `server_name` via Let's Encrypt. -# -# Note that provisioning a certificate in this way requires port 80 to be -# routed to Synapse so that it can complete the http-01 ACME challenge. -# By default, if you enable ACME support, Synapse will attempt to listen on -# port 80 for incoming http-01 challenges - however, this will likely fail -# with 'Permission denied' or a similar error. -# -# There are a couple of potential solutions to this: -# -# * If you already have an Apache, Nginx, or similar listening on port 80, -# you can configure Synapse to use an alternate port, and have your web -# server forward the requests. For example, assuming you set 'port: 8009' -# below, on Apache, you would write: -# -# ProxyPass /.well-known/acme-challenge http://localhost:8009/.well-known/acme-challenge -# -# * Alternatively, you can use something like `authbind` to give Synapse -# permission to listen on port 80. -# -acme: - # ACME support is disabled by default. Set this to `true` and uncomment - # tls_certificate_path and tls_private_key_path above to enable it. - # - enabled: false - # Endpoint to use to request certificates. If you only want to test, - # use Let's Encrypt's staging url: - # https://acme-staging.api.letsencrypt.org/directory - # - #url: https://acme-v01.api.letsencrypt.org/directory +## Federation ## - # Port number to listen on for the HTTP-01 challenge. Change this if - # you are forwarding connections through Apache/Nginx/etc. - # - #port: 80 - - # Local addresses to listen on for incoming connections. - # Again, you may want to change this if you are forwarding connections - # through Apache/Nginx/etc. - # - #bind_addresses: ['::', '0.0.0.0'] - - # How many days remaining on a certificate before it is renewed. - # - #reprovision_threshold: 30 - - # The domain that the certificate should be for. Normally this - # should be the same as your Matrix domain (i.e., 'server_name'), but, - # by putting a file at 'https:///.well-known/matrix/server', - # you can delegate incoming traffic to another server. If you do that, - # you should give the target of the delegation here. - # - # For example: if your 'server_name' is 'example.com', but - # 'https://example.com/.well-known/matrix/server' delegates to - # 'matrix.example.com', you should put 'matrix.example.com' here. - # - # If not set, defaults to your 'server_name'. - # - #domain: matrix.example.com - - # file to use for the account key. This will be generated if it doesn't - # exist. - # - # If unspecified, we will use CONFDIR/client.key. - # - #account_key_file: ... - -# List of allowed TLS fingerprints for this server to publish along -# with the signing keys for this server. Other matrix servers that -# make HTTPS requests to this server will check that the TLS -# certificates returned by this server match one of the fingerprints. +# Restrict federation to the following whitelist of domains. +# N.B. we recommend also firewalling your federation listener to limit +# inbound federation traffic as early as possible, rather than relying +# purely on this application-layer restriction. If not specified, the +# default is to whitelist everything. # -# Synapse automatically adds the fingerprint of its own certificate -# to the list. So if federation traffic is handled directly by synapse -# then no modification to the list is required. -# -# If synapse is run behind a load balancer that handles the TLS then it -# will be necessary to add the fingerprints of the certificates used by -# the loadbalancers to this list if they are different to the one -# synapse is using. -# -# Homeservers are permitted to cache the list of TLS fingerprints -# returned in the key responses up to the "valid_until_ts" returned in -# key. It may be necessary to publish the fingerprints of a new -# certificate and wait until the "valid_until_ts" of the previous key -# responses have passed before deploying it. -# -# You can calculate a fingerprint from a given TLS listener via: -# openssl s_client -connect $host:$port < /dev/null 2> /dev/null | -# openssl x509 -outform DER | openssl sha256 -binary | base64 | tr -d '=' -# or by checking matrix.org/federationtester/api/report?server_name=$host -# -#tls_fingerprints: [{"sha256": ""}] +#federation_domain_whitelist: +# - lon.example.com +# - nyc.example.com +# - syd.example.com +# Report prometheus metrics on the age of PDUs being sent to and received from +# the following domains. This can be used to give an idea of "delay" on inbound +# and outbound federation, though be aware that any delay can be due to problems +# at either end or with the intermediate network. +# +# By default, no domains are monitored in this way. +# +#federation_metrics_domains: +# - matrix.org +# - example.com + +# Uncomment to disable profile lookup over federation. By default, the +# Federation API allows other homeservers to obtain profile data of any user +# on this homeserver. Defaults to 'true'. +# +#allow_profile_lookup_over_federation: false + +# Uncomment to allow device display name lookup over federation. By default, the +# Federation API prevents other homeservers from obtaining the display names of +# user devices on this homeserver. Defaults to 'false'. +# +#allow_device_name_lookup_over_federation: true + + +## Caching ## + +# Caching can be configured through the following options. +# +# A cache 'factor' is a multiplier that can be applied to each of +# Synapse's caches in order to increase or decrease the maximum +# number of entries that can be stored. + +# The number of events to cache in memory. Not affected by +# caches.global_factor. +# +#event_cache_size: 10K + +caches: + # Controls the global cache factor, which is the default cache factor + # for all caches if a specific factor for that cache is not otherwise + # set. + # + # This can also be set by the "SYNAPSE_CACHE_FACTOR" environment + # variable. Setting by environment variable takes priority over + # setting through the config file. + # + # Defaults to 0.5, which will half the size of all caches. + # + #global_factor: 1.0 + + # A dictionary of cache name to cache factor for that individual + # cache. Overrides the global cache factor for a given cache. + # + # These can also be set through environment variables comprised + # of "SYNAPSE_CACHE_FACTOR_" + the name of the cache in capital + # letters and underscores. Setting by environment variable + # takes priority over setting through the config file. + # Ex. SYNAPSE_CACHE_FACTOR_GET_USERS_WHO_SHARE_ROOM_WITH_USER=2.0 + # + # Some caches have '*' and other characters that are not + # alphanumeric or underscores. These caches can be named with or + # without the special characters stripped. For example, to specify + # the cache factor for `*stateGroupCache*` via an environment + # variable would be `SYNAPSE_CACHE_FACTOR_STATEGROUPCACHE=2.0`. + # + per_cache_factors: + #get_users_who_share_room_with_user: 2.0 + + # Controls whether cache entries are evicted after a specified time + # period. Defaults to true. Uncomment to disable this feature. + # + #expire_caches: false + + # If expire_caches is enabled, this flag controls how long an entry can + # be in a cache without having been accessed before being evicted. + # Defaults to 30m. Uncomment to set a different time to live for cache entries. + # + #cache_entry_ttl: 30m + + # Controls how long the results of a /sync request are cached for after + # a successful response is returned. A higher duration can help clients with + # intermittent connections, at the cost of higher memory usage. + # + # By default, this is zero, which means that sync responses are not cached + # at all. + # + #sync_response_cache_duration: 2m ## Database ## -database: - # The database engine name - name: psycopg2 - # Arguments to pass to the engine - args: - user: __SYNAPSE_DB_USER__ - password: __SYNAPSE_DB_PWD__ - database: __SYNAPSE_DB_NAME__ - host: localhost - cp_min: 5 - cp_max: 10 - -# Number of events to cache in memory. +# The 'database' setting defines the database that synapse uses to store all of +# its data. # -#event_cache_size: 10K +# 'name' gives the database engine to use: either 'sqlite3' (for SQLite) or +# 'psycopg2' (for PostgreSQL). +# +# 'txn_limit' gives the maximum number of transactions to run per connection +# before reconnecting. Defaults to 0, which means no limit. +# +# 'allow_unsafe_locale' is an option specific to Postgres. Under the default behavior, Synapse will refuse to +# start if the postgres db is set to a non-C locale. You can override this behavior (which is *not* recommended) +# by setting 'allow_unsafe_locale' to true. Note that doing so may corrupt your database. You can find more information +# here: https://matrix-org.github.io/synapse/latest/postgres.html#fixing-incorrect-collate-or-ctype and here: +# https://wiki.postgresql.org/wiki/Locale_data_changes +# +# 'args' gives options which are passed through to the database engine, +# except for options starting 'cp_', which are used to configure the Twisted +# connection pool. For a reference to valid arguments, see: +# * for sqlite: https://docs.python.org/3/library/sqlite3.html#sqlite3.connect +# * for postgres: https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS +# * for the connection pool: https://twistedmatrix.com/documents/current/api/twisted.enterprise.adbapi.ConnectionPool.html#__init__ +# +# +# Example SQLite configuration: +# +#database: +# name: sqlite3 +# args: +# database: /path/to/homeserver.db +# +# +# Example Postgres configuration: +# +database: + name: psycopg2 + #txn_limit: 10000 + args: + user: __SYNAPSE_DB_USER__ + password: __SYNAPSE_DB_PWD__ + database: __SYNAPSE_DB_NAME__ + host: localhost + port: 5432 + cp_min: 5 + cp_max: 10 +# +# For more information on using Synapse with Postgres, +# see https://matrix-org.github.io/synapse/latest/postgres.html. +# +#database: + #name: sqlite3 + #args: + #database: /root/homeserver.db ## Logging ## @@ -520,6 +839,8 @@ log_config: "/etc/matrix-__APP__/log.yaml" # is using # - one for registration that ratelimits registration requests based on the # client's IP address. +# - one for checking the validity of registration tokens that ratelimits +# requests based on the client's IP address. # - one for login that ratelimits login requests based on the client's IP # address. # - one for login that ratelimits login requests based on the account the @@ -530,6 +851,16 @@ log_config: "/etc/matrix-__APP__/log.yaml" # - one for ratelimiting redactions by room admins. If this is not explicitly # set then it uses the same ratelimiting as per rc_message. This is useful # to allow room admins to deal with abuse quickly. +# - two for ratelimiting number of rooms a user can join, "local" for when +# users are joining rooms the server is already in (this is cheap) vs +# "remote" for when users are trying to join rooms not on the server (which +# can be more expensive) +# - one for ratelimiting how often a user or IP can attempt to validate a 3PID. +# - two for ratelimiting how often invites can be sent in a room or to a +# specific user. +# - one for ratelimiting 3PID invites (i.e. invites sent to a third-party ID +# such as an email address or a phone number) based on the account that's +# sending the invite. # # The defaults are as shown below. # @@ -541,6 +872,10 @@ log_config: "/etc/matrix-__APP__/log.yaml" # per_second: 0.17 # burst_count: 3 # +#rc_registration_token_validity: +# per_second: 0.1 +# burst_count: 5 +# #rc_login: # address: # per_second: 0.17 @@ -555,7 +890,30 @@ log_config: "/etc/matrix-__APP__/log.yaml" #rc_admin_redaction: # per_second: 1 # burst_count: 50 - +# +#rc_joins: +# local: +# per_second: 0.1 +# burst_count: 10 +# remote: +# per_second: 0.01 +# burst_count: 10 +# +#rc_3pid_validation: +# per_second: 0.003 +# burst_count: 5 +# +#rc_invites: +# per_room: +# per_second: 0.3 +# burst_count: 10 +# per_user: +# per_second: 0.003 +# burst_count: 5 +# +#rc_third_party_invite: +# per_second: 0.2 +# burst_count: 10 # Ratelimiting settings for incoming federation # @@ -605,22 +963,21 @@ media_store_path: "/home/yunohost.app/matrix-__APP__/media" # media_storage_providers: - module: file_system - # Whether to write new local files. + # Whether to store newly uploaded local files store_local: false - # Whether to write new remote media + # Whether to store newly downloaded remote files store_remote: false - # Whether to block upload requests waiting for write to this - # provider to complete + # Whether to wait for successful storage for local uploads store_synchronous: false config: - directory: "/home/yunohost.app/matrix-__APP__/media_storage" - -# Directory where in-progress uploads are stored. -# -uploads_path: "/home/yunohost.app/matrix-__APP__/uploads" + directory: "/home/yunohost.app/matrix-__APP__/media_storage" # The largest allowed upload size in bytes # +# If you are using a reverse proxy you may also need to set this value in +# your reverse proxy's config. Notably Nginx has a small max body size by default. +# See https://matrix-org.github.io/synapse/latest/reverse_proxy.html. +# max_upload_size: 100M # Maximum number of pixels that will be thumbnailed @@ -658,7 +1015,7 @@ max_upload_size: 100M # # 'false' by default: uncomment the following to enable it (and specify a # url_preview_ip_range_blacklist blacklist). - +# url_preview_enabled: true # List of IP address CIDR ranges that the URL preview spider is denied @@ -674,17 +1031,29 @@ url_preview_enabled: true # # This must be specified if url_preview_enabled is set. It is recommended that # you uncomment the following list as a starting point. - +# +# Note: The value is ignored when an HTTP proxy is in use +# url_preview_ip_range_blacklist: - '127.0.0.0/8' - '10.0.0.0/8' - '172.16.0.0/12' - '192.168.0.0/16' - '100.64.0.0/10' + - '192.0.0.0/24' - '169.254.0.0/16' + - '192.88.99.0/24' + - '198.18.0.0/15' + - '192.0.2.0/24' + - '198.51.100.0/24' + - '203.0.113.0/24' + - '224.0.0.0/4' - '::1/128' - - 'fe80::/64' + - 'fe80::/10' - 'fc00::/7' + - '2001:db8::/32' + - 'ff00::/8' + - 'fec0::/10' # List of IP address CIDR ranges that the URL preview spider is allowed # to access even if they are specified in url_preview_ip_range_blacklist. @@ -733,31 +1102,76 @@ url_preview_ip_range_blacklist: # #max_spider_size: 10M +# A list of values for the Accept-Language HTTP header used when +# downloading webpages during URL preview generation. This allows +# Synapse to specify the preferred languages that URL previews should +# be in when communicating with remote servers. +# +# Each value is a IETF language tag; a 2-3 letter identifier for a +# language, optionally followed by subtags separated by '-', specifying +# a country or region variant. +# +# Multiple values can be provided, and a weight can be added to each by +# using quality value syntax (;q=). '*' translates to any language. +# +# Defaults to "en". +# +# Example: +# +# url_preview_accept_language: +# - en-UK +# - en-US;q=0.9 +# - fr;q=0.8 +# - *;q=0.7 +# +url_preview_accept_language: +# - en + + +# oEmbed allows for easier embedding content from a website. It can be +# used for generating URLs previews of services which support it. +# +oembed: + # A default list of oEmbed providers is included with Synapse. + # + # Uncomment the following to disable using these default oEmbed URLs. + # Defaults to 'false'. + # + #disable_default_providers: true + + # Additional files with oEmbed configuration (each should be in the + # form of providers.json). + # + # By default, this list is empty (so only the default providers.json + # is used). + # + #additional_providers: + # - oembed/my_providers.json + ## Captcha ## -# See docs/CAPTCHA_SETUP for full details of configuring this. +# See docs/CAPTCHA_SETUP.md for full details of configuring this. -# This Home Server's ReCAPTCHA public key. +# This homeserver's ReCAPTCHA public key. Must be specified if +# enable_registration_captcha is enabled. # #recaptcha_public_key: "YOUR_PUBLIC_KEY" -# This Home Server's ReCAPTCHA private key. +# This homeserver's ReCAPTCHA private key. Must be specified if +# enable_registration_captcha is enabled. # #recaptcha_private_key: "YOUR_PRIVATE_KEY" -# Enables ReCaptcha checks when registering, preventing signup +# Uncomment to enable ReCaptcha checks when registering, preventing signup # unless a captcha is answered. Requires a valid ReCaptcha -# public/private key. +# public/private key. Defaults to 'false'. # -#enable_registration_captcha: false - -# A secret key used to bypass the captcha test entirely. -# -#captcha_bypass_secret: "YOUR_SECRET_HERE" +#enable_registration_captcha: true # The API endpoint to use for verifying m.login.recaptcha responses. +# Defaults to "https://www.recaptcha.net/recaptcha/api/siteverify". # -#recaptcha_siteverify_api: "https://www.recaptcha.net/recaptcha/api/siteverify" +#recaptcha_siteverify_api: "https://my.recaptcha.site" ## TURN ## @@ -794,55 +1208,17 @@ turn_allow_guests: __ALLOWED_ACCESS__ # Registration can be rate-limited using the parameters in the "Ratelimiting" # section of this file. -# Enable registration for new users. +# Enable registration for new users. Defaults to 'false'. It is highly recommended that if you enable registration, +# you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration +# without any verification, you must also set `enable_registration_without_verification`, found below. # enable_registration: __ALLOWED_ACCESS__ -# Optional account validity configuration. This allows for accounts to be denied -# any request after a given period. +# Enable registration without email or captcha verification. Note: this option is *not* recommended, +# as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect +# unless `enable_registration` is also enabled. # -# ``enabled`` defines whether the account validity feature is enabled. Defaults -# to False. -# -# ``period`` allows setting the period after which an account is valid -# after its registration. When renewing the account, its validity period -# will be extended by this amount of time. This parameter is required when using -# the account validity feature. -# -# ``renew_at`` is the amount of time before an account's expiry date at which -# Synapse will send an email to the account's email address with a renewal link. -# This needs the ``email`` and ``public_baseurl`` configuration sections to be -# filled. -# -# ``renew_email_subject`` is the subject of the email sent out with the renewal -# link. ``%(app)s`` can be used as a placeholder for the ``app_name`` parameter -# from the ``email`` section. -# -# Once this feature is enabled, Synapse will look for registered users without an -# expiration date at startup and will add one to every account it found using the -# current settings at that time. -# This means that, if a validity period is set, and Synapse is restarted (it will -# then derive an expiration date from the current validity period), and some time -# after that the validity period changes and Synapse is restarted, the users' -# expiration dates won't be updated unless their account is manually renewed. This -# date will be randomly selected within a range [now + period - d ; now + period], -# where d is equal to 10% of the validity period. -# -#account_validity: -# enabled: true -# period: 6w -# renew_at: 1w -# renew_email_subject: "Renew your %(app)s account" -# # Directory in which Synapse will try to find the HTML files to serve to the -# # user when trying to renew an account. Optional, defaults to -# # synapse/res/templates. -# template_dir: "res/templates" -# # HTML to be displayed to the user after they successfully renewed their -# # account. Optional. -# account_renewed_html_path: "account_renewed.html" -# # HTML to be displayed when the user tries to renew an account with an invalid -# # renewal token. Optional. -# invalid_token_html_path: "invalid_token.html" +#enable_registration_without_verification: true # Time that a user's session remains valid for, after they log in. # @@ -855,10 +1231,48 @@ enable_registration: __ALLOWED_ACCESS__ # #session_lifetime: 24h +# Time that an access token remains valid for, if the session is +# using refresh tokens. +# For more information about refresh tokens, please see the manual. +# Note that this only applies to clients which advertise support for +# refresh tokens. +# +# Note also that this is calculated at login time and refresh time: +# changes are not applied to existing sessions until they are refreshed. +# +# By default, this is 5 minutes. +# +#refreshable_access_token_lifetime: 5m + +# Time that a refresh token remains valid for (provided that it is not +# exchanged for another one first). +# This option can be used to automatically log-out inactive sessions. +# Please see the manual for more information. +# +# Note also that this is calculated at login time and refresh time: +# changes are not applied to existing sessions until they are refreshed. +# +# By default, this is infinite. +# +#refresh_token_lifetime: 24h + +# Time that an access token remains valid for, if the session is NOT +# using refresh tokens. +# Please note that not all clients support refresh tokens, so setting +# this to a short value may be inconvenient for some users who will +# then be logged out frequently. +# +# Note also that this is calculated at login time: changes are not applied +# retrospectively to existing sessions for users that have already logged in. +# +# By default, this is infinite. +# +#nonrefreshable_access_token_lifetime: 24h + # The user must provide all of the below types of 3PID when registering. # -#registrations_require_3pid: -# - email +registrations_require_3pid: + - email # - msisdn # Explicitly disable asking for MSISDNs from the registration @@ -871,9 +1285,9 @@ enable_registration: __ALLOWED_ACCESS__ # #allowed_local_3pids: # - medium: email -# pattern: '.*@matrix\.org' +# pattern: '^[^@]+@matrix\.org$' # - medium: email -# pattern: '.*@vector\.im' +# pattern: '^[^@]+@vector\.im$' # - medium: msisdn # pattern: '\+44' @@ -881,6 +1295,21 @@ enable_registration: __ALLOWED_ACCESS__ # #enable_3pid_lookup: true +# Require users to submit a token during registration. +# Tokens can be managed using the admin API: +# https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/registration_tokens.html +# Note that `enable_registration` must be set to `true`. +# Disabling this option will not delete any tokens previously generated. +# Defaults to false. Uncomment the following to require tokens: +# +#registration_requires_token: true + +# Allow users to submit a token during registration to bypass any required 3pid +# steps configured in `registrations_require_3pid`. +# Defaults to false, requiring that registration tokens (if enabled) complete a 3pid flow. +# +#enable_registration_token_3pid_bypass: false + # If set, allows registration of standard or admin accounts by anyone who # has the shared secret, even if registration is otherwise disabled. # @@ -904,27 +1333,9 @@ registration_shared_secret: "__REGISTRATION_SHARED_SECRET__" # in on this server. # # (By default, no suggestion is made, so it is left up to the client. -# This setting is ignored unless public_baseurl is also set.) +# This setting is ignored unless public_baseurl is also explicitly set.) # -default_identity_server: https://vector.im - -# The list of identity servers trusted to verify third party -# identifiers by this server. -# -# Also defines the ID server which will be called when an account is -# deactivated (one will be picked arbitrarily). -# -# Note: This option is deprecated. Since v0.99.4, Synapse has tracked which identity -# server a 3PID has been bound to. For 3PIDs bound before then, Synapse runs a -# background migration script, informing itself that the identity server all of its -# 3PIDs have been bound to is likely one of the below. -# -# As of Synapse v1.4.0, all other functionality of this option has been deprecated, and -# it is now solely used for the purposes of the background migration script, and can be -# removed once it has run. -#trusted_third_party_id_servers: -# - matrix.org -# - vector.im +#default_identity_server: https://matrix.org # Handle threepid (email/phone etc) registration and password resets through a set of # *trusted* identity servers. Note that this allows the configured identity server to @@ -935,8 +1346,9 @@ default_identity_server: https://vector.im # email will be globally disabled. # # Additionally, if `msisdn` is not set, registration and password resets via msisdn -# will be disabled regardless. This is due to Synapse currently not supporting any -# method of sending SMS messages on its own. +# will be disabled regardless, and users will not be able to associate an msisdn +# identifier to their account. This is due to Synapse currently not supporting +# any method of sending SMS messages on its own. # # To enable using an identity server for operations regarding a particular third-party # identifier type, set the value to the URL of that identity server as shown in the @@ -946,14 +1358,41 @@ default_identity_server: https://vector.im # by the Matrix Identity Service API specification: # https://matrix.org/docs/spec/identity_service/latest # -# If a delegate is specified, the config option public_baseurl must also be filled out. -# account_threepid_delegates: - email: https://vector.im # Delegate email sending to vector.im # TODO use the Yunohost server to send email !! - msisdn: https://vector.im + #email: https://example.com # Delegate email sending to example.com + #msisdn: http://localhost:8090 # Delegate SMS sending to this local process + +# Whether users are allowed to change their displayname after it has +# been initially set. Useful when provisioning users based on the +# contents of a third-party directory. +# +# Does not apply to server administrators. Defaults to 'true' +# +#enable_set_displayname: false + +# Whether users are allowed to change their avatar after it has been +# initially set. Useful when provisioning users based on the contents +# of a third-party directory. +# +# Does not apply to server administrators. Defaults to 'true' +# +#enable_set_avatar_url: false + +# Whether users can change the 3PIDs associated with their accounts +# (email address and msisdn). +# +# Defaults to 'true' +# +#enable_3pid_changes: false # Users who register on this homeserver will automatically be joined -# to these rooms +# to these rooms. +# +# By default, any room aliases included in this list will be created +# as a publicly joinable room when the first user registers for the +# homeserver. This behaviour can be customised with the settings below. +# If the room already exists, make certain it is a publicly joinable +# room. The join rule of the room must be set to 'public'. # #auto_join_rooms: # - "#example:example.com" @@ -961,10 +1400,79 @@ account_threepid_delegates: # Where auto_join_rooms are specified, setting this flag ensures that the # the rooms exist by creating them when the first user on the # homeserver registers. +# +# By default the auto-created rooms are publicly joinable from any federated +# server. Use the autocreate_auto_join_rooms_federated and +# autocreate_auto_join_room_preset settings below to customise this behaviour. +# # Setting to false means that if the rooms are not manually created, # users cannot be auto-joined since they do not exist. # -#autocreate_auto_join_rooms: true +# Defaults to true. Uncomment the following line to disable automatically +# creating auto-join rooms. +# +#autocreate_auto_join_rooms: false + +# Whether the auto_join_rooms that are auto-created are available via +# federation. Only has an effect if autocreate_auto_join_rooms is true. +# +# Note that whether a room is federated cannot be modified after +# creation. +# +# Defaults to true: the room will be joinable from other servers. +# Uncomment the following to prevent users from other homeservers from +# joining these rooms. +# +#autocreate_auto_join_rooms_federated: false + +# The room preset to use when auto-creating one of auto_join_rooms. Only has an +# effect if autocreate_auto_join_rooms is true. +# +# This can be one of "public_chat", "private_chat", or "trusted_private_chat". +# If a value of "private_chat" or "trusted_private_chat" is used then +# auto_join_mxid_localpart must also be configured. +# +# Defaults to "public_chat", meaning that the room is joinable by anyone, including +# federated servers if autocreate_auto_join_rooms_federated is true (the default). +# Uncomment the following to require an invitation to join these rooms. +# +#autocreate_auto_join_room_preset: private_chat + +# The local part of the user id which is used to create auto_join_rooms if +# autocreate_auto_join_rooms is true. If this is not provided then the +# initial user account that registers will be used to create the rooms. +# +# The user id is also used to invite new users to any auto-join rooms which +# are set to invite-only. +# +# It *must* be configured if autocreate_auto_join_room_preset is set to +# "private_chat" or "trusted_private_chat". +# +# Note that this must be specified in order for new users to be correctly +# invited to any auto-join rooms which have been set to invite-only (either +# at the time of creation or subsequently). +# +# Note that, if the room already exists, this user must be joined and +# have the appropriate permissions to invite new members. +# +#auto_join_mxid_localpart: system + +# When auto_join_rooms is specified, setting this flag to false prevents +# guest accounts from being automatically joined to the rooms. +# +# Defaults to true. +# +#auto_join_rooms_for_guests: false + +# Whether to inhibit errors raised when registering a new account if the user ID +# already exists. If turned on, that requests to /register/available will always +# show a user ID as available, and Synapse won't raise an error when starting +# a registration with a user ID that already exists. However, Synapse will still +# raise an error if the registration completes and the username conflicts. +# +# Defaults to false. +# +#inhibit_user_in_use_error: true ## Metrics ### @@ -987,13 +1495,14 @@ account_threepid_delegates: # enabled by default, either for performance reasons or limited use. # metrics_flags: - # Publish synapse_federation_known_servers, a g auge of the number of + # Publish synapse_federation_known_servers, a gauge of the number of # servers this homeserver knows about, including itself. May cause # performance problems on large homeservers. # #known_servers: true # Whether or not to report anonymized homeserver usage statistics. +# report_stats: __REPORT_STATS__ # The endpoint to report the anonymized homeserver usage statistics to. @@ -1004,21 +1513,55 @@ report_stats: __REPORT_STATS__ ## API Configuration ## -# A list of event types that will be included in the room_invite_state +# Controls for the state that is shared with users who receive an invite +# to a room # -#room_invite_state_types: -# - "m.room.join_rules" -# - "m.room.canonical_alias" -# - "m.room.avatar" -# - "m.room.encryption" -# - "m.room.name" +room_prejoin_state: + # By default, the following state event types are shared with users who + # receive invites to the room: + # + # - m.room.join_rules + # - m.room.canonical_alias + # - m.room.avatar + # - m.room.encryption + # - m.room.name + # - m.room.create + # - m.room.topic + # + # Uncomment the following to disable these defaults (so that only the event + # types listed in 'additional_event_types' are shared). Defaults to 'false'. + # + #disable_default_event_types: true + + # Additional state event types to share with users when they are invited + # to a room. + # + # By default, this list is empty (so only the default event types are shared). + # + #additional_event_types: + # - org.example.custom.event.type + +# We record the IP address of clients used to access the API for various +# reasons, including displaying it to the user in the "Where you're signed in" +# dialog. +# +# By default, when puppeting another user via the admin API, the client IP +# address is recorded against the user who created the access token (ie, the +# admin user), and *not* the puppeted user. +# +# Uncomment the following to also record the IP address against the puppeted +# user. (This also means that the puppeted user will count as an "active" user +# for the purpose of monthly active user tracking - see 'limit_usage_by_mau' etc +# above.) +# +#track_puppeted_user_ips: true # A list of application service config files to use # #app_service_config_files: -# -## Managed by a specific config file in /etc/matrix-synapse/conf.d/app_service.yaml +# - app_service_1.yaml +# - app_service_2.yaml # Uncomment to enable tracking of application service IP addresses. Implicitly # enables MAU tracking for application service users. @@ -1045,14 +1588,19 @@ form_secret: "__FORM_SECRET__" signing_key_path: "/etc/matrix-__APP__/homeserver.signing.key" # The keys that the server used to sign messages with but won't use -# to sign new messages. E.g. it has lost its private key +# to sign new messages. # -#old_signing_keys: -# "ed25519:auto": -# # Base64 encoded public key -# key: "The public part of your old signing key." -# # Millisecond POSIX timestamp when the key expired. -# expired_ts: 123456789123 +old_signing_keys: + # For each key, `key` should be the base64-encoded public key, and + # `expired_ts`should be the time (in milliseconds since the unix epoch) that + # it was last used. + # + # It is possible to build an entry from an old signing.key file using the + # `export_signing_key` script which is provided with synapse. + # + # For example: + # + #"ed25519:id": { key: "base64string", expired_ts: 123456789123 } # How long key response published by this server is valid for. # Used to set the valid_until_ts in /key/v2 APIs. @@ -1116,21 +1664,29 @@ trusted_key_servers: #key_server_signing_keys_path: "key_server_signing_keys.key" +## Single sign-on integration ## + +# The following settings can be used to make Synapse use a single sign-on +# provider for authentication, instead of its internal password database. +# +# You will probably also want to set the following options to `false` to +# disable the regular login/registration flows: +# * enable_registration +# * password_config.enabled +# +# You will also want to investigate the settings under the "sso" configuration +# section below. + # Enable SAML2 for registration and login. Uses pysaml2. # # At least one of `sp_config` or `config_path` must be set in this section to # enable SAML login. # -# (You will probably also want to set the following options to `false` to -# disable the regular login/registration flows: -# * enable_registration -# * password_config.enabled -# # Once SAML support is enabled, a metadata file will be exposed at -# https://:/_matrix/saml2/metadata.xml, which you may be able to +# https://:/_synapse/client/saml2/metadata.xml, which you may be able to # use to configure your SAML IdP with. Alternatively, you can manually configure # the IdP to use an ACS location of -# https://:/_matrix/saml2/authn_response. +# https://:/_synapse/client/saml2/authn_response. # saml2_config: # `sp_config` is the configuration for the pysaml2 Service Provider. @@ -1140,103 +1696,478 @@ saml2_config: # so it is not normally necessary to specify them unless you need to # override them. # - #sp_config: - # # point this to the IdP's metadata. You can use either a local file or - # # (preferably) a URL. - # metadata: - # #local: ["saml2/idp.xml"] - # remote: - # - url: https://our_idp/metadata.xml - # - # # By default, the user has to go to our login page first. If you'd like - # # to allow IdP-initiated login, set 'allow_unsolicited: true' in a - # # 'service.sp' section: - # # - # #service: - # # sp: - # # allow_unsolicited: true - # - # # The examples below are just used to generate our metadata xml, and you - # # may well not need them, depending on your setup. Alternatively you - # # may need a whole lot more detail - see the pysaml2 docs! - # - # description: ["My awesome SP", "en"] - # name: ["Test SP", "en"] - # - # organization: - # name: Example com - # display_name: - # - ["Example co", "en"] - # url: "http://example.com" - # - # contact_person: - # - given_name: Bob - # sur_name: "the Sysadmin" - # email_address": ["admin@example.com"] - # contact_type": technical + sp_config: + # Point this to the IdP's metadata. You must provide either a local + # file via the `local` attribute or (preferably) a URL via the + # `remote` attribute. + # + #metadata: + # local: ["saml2/idp.xml"] + # remote: + # - url: https://our_idp/metadata.xml + + # Allowed clock difference in seconds between the homeserver and IdP. + # + # Uncomment the below to increase the accepted time difference from 0 to 3 seconds. + # + #accepted_time_diff: 3 + + # By default, the user has to go to our login page first. If you'd like + # to allow IdP-initiated login, set 'allow_unsolicited: true' in a + # 'service.sp' section: + # + #service: + # sp: + # allow_unsolicited: true + + # The examples below are just used to generate our metadata xml, and you + # may well not need them, depending on your setup. Alternatively you + # may need a whole lot more detail - see the pysaml2 docs! + + #description: ["My awesome SP", "en"] + #name: ["Test SP", "en"] + + #ui_info: + # display_name: + # - lang: en + # text: "Display Name is the descriptive name of your service." + # description: + # - lang: en + # text: "Description should be a short paragraph explaining the purpose of the service." + # information_url: + # - lang: en + # text: "https://example.com/terms-of-service" + # privacy_statement_url: + # - lang: en + # text: "https://example.com/privacy-policy" + # keywords: + # - lang: en + # text: ["Matrix", "Element"] + # logo: + # - lang: en + # text: "https://example.com/logo.svg" + # width: "200" + # height: "80" + + #organization: + # name: Example com + # display_name: + # - ["Example co", "en"] + # url: "http://example.com" + + #contact_person: + # - given_name: Bob + # sur_name: "the Sysadmin" + # email_address": ["admin@example.com"] + # contact_type": technical # Instead of putting the config inline as above, you can specify a # separate pysaml2 configuration file: # - #config_path: "/etc/matrix-synapse/sp_conf.py" + #config_path: "/root/sp_conf.py" - # the lifetime of a SAML session. This defines how long a user has to + # The lifetime of a SAML session. This defines how long a user has to # complete the authentication process, if allow_unsolicited is unset. - # The default is 5 minutes. + # The default is 15 minutes. # #saml_session_lifetime: 5m - # The SAML attribute (after mapping via the attribute maps) to use to derive - # the Matrix ID from. 'uid' by default. + # An external module can be provided here as a custom solution to + # mapping attributes returned from a saml provider onto a matrix user. # - #mxid_source_attribute: displayName + user_mapping_provider: + # The custom module's class. Uncomment to use a custom module. + # + #module: mapping_provider.SamlMappingProvider - # The mapping system to use for mapping the saml attribute onto a matrix ID. - # Options include: - # * 'hexencode' (which maps unpermitted characters to '=xx') - # * 'dotreplace' (which replaces unpermitted characters with '.'). - # The default is 'hexencode'. - # - #mxid_mapping: dotreplace + # Custom configuration values for the module. Below options are + # intended for the built-in provider, they should be changed if + # using a custom module. This section will be passed as a Python + # dictionary to the module's `parse_config` method. + # + config: + # The SAML attribute (after mapping via the attribute maps) to use + # to derive the Matrix ID from. 'uid' by default. + # + # Note: This used to be configured by the + # saml2_config.mxid_source_attribute option. If that is still + # defined, its value will be used instead. + # + #mxid_source_attribute: displayName - # In previous versions of synapse, the mapping from SAML attribute to MXID was - # always calculated dynamically rather than stored in a table. For backwards- - # compatibility, we will look for user_ids matching such a pattern before - # creating a new account. + # The mapping system to use for mapping the saml attribute onto a + # matrix ID. + # + # Options include: + # * 'hexencode' (which maps unpermitted characters to '=xx') + # * 'dotreplace' (which replaces unpermitted characters with + # '.'). + # The default is 'hexencode'. + # + # Note: This used to be configured by the + # saml2_config.mxid_mapping option. If that is still defined, its + # value will be used instead. + # + #mxid_mapping: dotreplace + + # In previous versions of synapse, the mapping from SAML attribute to + # MXID was always calculated dynamically rather than stored in a + # table. For backwards- compatibility, we will look for user_ids + # matching such a pattern before creating a new account. # # This setting controls the SAML attribute which will be used for this - # backwards-compatibility lookup. Typically it should be 'uid', but if the - # attribute maps are changed, it may be necessary to change it. + # backwards-compatibility lookup. Typically it should be 'uid', but if + # the attribute maps are changed, it may be necessary to change it. # # The default is 'uid'. # #grandfathered_mxid_source_attribute: upn + # It is possible to configure Synapse to only allow logins if SAML attributes + # match particular values. The requirements can be listed under + # `attribute_requirements` as shown below. All of the listed attributes must + # match for the login to be permitted. + # + #attribute_requirements: + # - attribute: userGroup + # value: "staff" + # - attribute: department + # value: "sales" + + # If the metadata XML contains multiple IdP entities then the `idp_entityid` + # option must be set to the entity to redirect users to. + # + # Most deployments only have a single IdP entity and so should omit this + # option. + # + #idp_entityid: 'https://our_idp/entityid' -# Enable CAS for registration and login. +# List of OpenID Connect (OIDC) / OAuth 2.0 identity providers, for registration +# and login. +# +# Options for each entry include: +# +# idp_id: a unique identifier for this identity provider. Used internally +# by Synapse; should be a single word such as 'github'. +# +# Note that, if this is changed, users authenticating via that provider +# will no longer be recognised as the same user! +# +# (Use "oidc" here if you are migrating from an old "oidc_config" +# configuration.) +# +# idp_name: A user-facing name for this identity provider, which is used to +# offer the user a choice of login mechanisms. +# +# idp_icon: An optional icon for this identity provider, which is presented +# by clients and Synapse's own IdP picker page. If given, must be an +# MXC URI of the format mxc:///. (An easy way to +# obtain such an MXC URI is to upload an image to an (unencrypted) room +# and then copy the "url" from the source of the event.) +# +# idp_brand: An optional brand for this identity provider, allowing clients +# to style the login flow according to the identity provider in question. +# See the spec for possible options here. +# +# discover: set to 'false' to disable the use of the OIDC discovery mechanism +# to discover endpoints. Defaults to true. +# +# issuer: Required. The OIDC issuer. Used to validate tokens and (if discovery +# is enabled) to discover the provider's endpoints. +# +# client_id: Required. oauth2 client id to use. +# +# client_secret: oauth2 client secret to use. May be omitted if +# client_secret_jwt_key is given, or if client_auth_method is 'none'. +# +# client_secret_jwt_key: Alternative to client_secret: details of a key used +# to create a JSON Web Token to be used as an OAuth2 client secret. If +# given, must be a dictionary with the following properties: +# +# key: a pem-encoded signing key. Must be a suitable key for the +# algorithm specified. Required unless 'key_file' is given. +# +# key_file: the path to file containing a pem-encoded signing key file. +# Required unless 'key' is given. +# +# jwt_header: a dictionary giving properties to include in the JWT +# header. Must include the key 'alg', giving the algorithm used to +# sign the JWT, such as "ES256", using the JWA identifiers in +# RFC7518. +# +# jwt_payload: an optional dictionary giving properties to include in +# the JWT payload. Normally this should include an 'iss' key. +# +# client_auth_method: auth method to use when exchanging the token. Valid +# values are 'client_secret_basic' (default), 'client_secret_post' and +# 'none'. +# +# scopes: list of scopes to request. This should normally include the "openid" +# scope. Defaults to ["openid"]. +# +# authorization_endpoint: the oauth2 authorization endpoint. Required if +# provider discovery is disabled. +# +# token_endpoint: the oauth2 token endpoint. Required if provider discovery is +# disabled. +# +# userinfo_endpoint: the OIDC userinfo endpoint. Required if discovery is +# disabled and the 'openid' scope is not requested. +# +# jwks_uri: URI where to fetch the JWKS. Required if discovery is disabled and +# the 'openid' scope is used. +# +# skip_verification: set to 'true' to skip metadata verification. Use this if +# you are connecting to a provider that is not OpenID Connect compliant. +# Defaults to false. Avoid this in production. +# +# user_profile_method: Whether to fetch the user profile from the userinfo +# endpoint, or to rely on the data returned in the id_token from the +# token_endpoint. +# +# Valid values are: 'auto' or 'userinfo_endpoint'. +# +# Defaults to 'auto', which uses the userinfo endpoint if 'openid' is +# not included in 'scopes'. Set to 'userinfo_endpoint' to always use the +# userinfo endpoint. +# +# allow_existing_users: set to 'true' to allow a user logging in via OIDC to +# match a pre-existing account instead of failing. This could be used if +# switching from password logins to OIDC. Defaults to false. +# +# user_mapping_provider: Configuration for how attributes returned from a OIDC +# provider are mapped onto a matrix user. This setting has the following +# sub-properties: +# +# module: The class name of a custom mapping module. Default is +# 'synapse.handlers.oidc.JinjaOidcMappingProvider'. +# See https://matrix-org.github.io/synapse/latest/sso_mapping_providers.html#openid-mapping-providers +# for information on implementing a custom mapping provider. +# +# config: Configuration for the mapping provider module. This section will +# be passed as a Python dictionary to the user mapping provider +# module's `parse_config` method. +# +# For the default provider, the following settings are available: +# +# subject_claim: name of the claim containing a unique identifier +# for the user. Defaults to 'sub', which OpenID Connect +# compliant providers should provide. +# +# localpart_template: Jinja2 template for the localpart of the MXID. +# If this is not set, the user will be prompted to choose their +# own username (see the documentation for the +# 'sso_auth_account_details.html' template). This template can +# use the 'localpart_from_email' filter. +# +# confirm_localpart: Whether to prompt the user to validate (or +# change) the generated localpart (see the documentation for the +# 'sso_auth_account_details.html' template), instead of +# registering the account right away. +# +# display_name_template: Jinja2 template for the display name to set +# on first login. If unset, no displayname will be set. +# +# email_template: Jinja2 template for the email address of the user. +# If unset, no email address will be added to the account. +# +# extra_attributes: a map of Jinja2 templates for extra attributes +# to send back to the client during login. +# Note that these are non-standard and clients will ignore them +# without modifications. +# +# When rendering, the Jinja2 templates are given a 'user' variable, +# which is set to the claims returned by the UserInfo Endpoint and/or +# in the ID Token. +# +# It is possible to configure Synapse to only allow logins if certain attributes +# match particular values in the OIDC userinfo. The requirements can be listed under +# `attribute_requirements` as shown below. All of the listed attributes must +# match for the login to be permitted. Additional attributes can be added to +# userinfo by expanding the `scopes` section of the OIDC config to retrieve +# additional information from the OIDC provider. +# +# If the OIDC claim is a list, then the attribute must match any value in the list. +# Otherwise, it must exactly match the value of the claim. Using the example +# below, the `family_name` claim MUST be "Stephensson", but the `groups` +# claim MUST contain "admin". +# +# attribute_requirements: +# - attribute: family_name +# value: "Stephensson" +# - attribute: groups +# value: "admin" +# +# See https://matrix-org.github.io/synapse/latest/openid.html +# for information on how to configure these options. +# +# For backwards compatibility, it is also possible to configure a single OIDC +# provider via an 'oidc_config' setting. This is now deprecated and admins are +# advised to migrate to the 'oidc_providers' format. (When doing that migration, +# use 'oidc' for the idp_id to ensure that existing users continue to be +# recognised.) +# +oidc_providers: + # Generic example + # + #- idp_id: my_idp + # idp_name: "My OpenID provider" + # idp_icon: "mxc://example.com/mediaid" + # discover: false + # issuer: "https://accounts.example.com/" + # client_id: "provided-by-your-issuer" + # client_secret: "provided-by-your-issuer" + # client_auth_method: client_secret_post + # scopes: ["openid", "profile"] + # authorization_endpoint: "https://accounts.example.com/oauth2/auth" + # token_endpoint: "https://accounts.example.com/oauth2/token" + # userinfo_endpoint: "https://accounts.example.com/userinfo" + # jwks_uri: "https://accounts.example.com/.well-known/jwks.json" + # skip_verification: true + # user_mapping_provider: + # config: + # subject_claim: "id" + # localpart_template: "{{ user.login }}" + # display_name_template: "{{ user.name }}" + # email_template: "{{ user.email }}" + # attribute_requirements: + # - attribute: userGroup + # value: "synapseUsers" + + +# Enable Central Authentication Service (CAS) for registration and login. # cas_config: + # Uncomment the following to enable authorization against a CAS server. + # Defaults to false. + # enabled: __SSO_ENABLED__ + + # The URL of the CAS authorization endpoint. + # server_url: "https://__DOMAIN__/_matrix/cas_server.php" - service_url: "https://__DOMAIN__" -# #displayname_attribute: name -# #required_attributes: -# # name: value + + # The attribute of the CAS response to use as the display name. + # + # If unset, no displayname will be set. + # + #displayname_attribute: name + + # It is possible to configure Synapse to only allow logins if CAS attributes + # match particular values. All of the keys in the mapping below must exist + # and the values must match the given value. Alternately if the given value + # is None then any value is allowed (the attribute just must exist). + # All of the listed attributes must match for the login to be permitted. + # + #required_attributes: + # userGroup: "staff" + # department: None -# The JWT needs to contain a globally unique "sub" (subject) claim. +# Additional settings to use with single-sign on systems such as OpenID Connect, +# SAML2 and CAS. +# +# Server admins can configure custom templates for pages related to SSO. See +# https://matrix-org.github.io/synapse/latest/templates.html for more information. +# +sso: + # A list of client URLs which are whitelisted so that the user does not + # have to confirm giving access to their account to the URL. Any client + # whose URL starts with an entry in the following list will not be subject + # to an additional confirmation step after the SSO login is completed. + # + # WARNING: An entry such as "https://my.client" is insecure, because it + # will also match "https://my.client.evil.site", exposing your users to + # phishing attacks from evil.site. To avoid this, include a slash after the + # hostname: "https://my.client/". + # + # The login fallback page (used by clients that don't natively support the + # required login flows) is whitelisted in addition to any URLs in this list. + # + # By default, this list contains only the login fallback page. + # + client_whitelist: +__DOMAIN_WHITELIST_CLIENT__ + + # Uncomment to keep a user's profile fields in sync with information from + # the identity provider. Currently only syncing the displayname is + # supported. Fields are checked on every SSO login, and are updated + # if necessary. + # + # Note that enabling this option will override user profile information, + # regardless of whether users have opted-out of syncing that + # information when first signing in. Defaults to false. + # + #update_profile_information: true + + +# JSON web token integration. The following settings can be used to make +# Synapse JSON web tokens for authentication, instead of its internal +# password database. +# +# Each JSON Web Token needs to contain a "sub" (subject) claim, which is +# used as the localpart of the mxid. +# +# Additionally, the expiration time ("exp"), not before time ("nbf"), +# and issued at ("iat") claims are validated if present. +# +# Note that this is a non-standard login type and client support is +# expected to be non-existent. +# +# See https://matrix-org.github.io/synapse/latest/jwt.html. # #jwt_config: -# enabled: true -# secret: "a secret" -# algorithm: "HS256" + # Uncomment the following to enable authorization using JSON web + # tokens. Defaults to false. + # + #enabled: true + + # This is either the private shared secret or the public key used to + # decode the contents of the JSON web token. + # + # Required if 'enabled' is true. + # + #secret: "provided-by-your-issuer" + + # The algorithm used to sign the JSON web token. + # + # Supported algorithms are listed at + # https://pyjwt.readthedocs.io/en/latest/algorithms.html + # + # Required if 'enabled' is true. + # + #algorithm: "provided-by-your-issuer" + + # Name of the claim containing a unique identifier for the user. + # + # Optional, defaults to `sub`. + # + #subject_claim: "sub" + + # The issuer to validate the "iss" claim against. + # + # Optional, if provided the "iss" claim will be required and + # validated for all JSON web tokens. + # + #issuer: "provided-by-your-issuer" + + # A list of audiences to validate the "aud" claim against. + # + # Optional, if provided the "aud" claim will be required and + # validated for all JSON web tokens. + # + # Note that if the "aud" claim is included in a JSON web token then + # validation will fail without configuring audiences. + # + #audiences: + # - "provided-by-your-issuer" password_config: # Uncomment to disable password login # - enabled: true + #enabled: false # Uncomment to disable authentication against the local password # database. This is ignored if `enabled` is false, and is only useful @@ -1249,94 +2180,59 @@ password_config: # #pepper: "EVEN_MORE_SECRET" + # Define and enforce a password policy. Each parameter is optional. + # This is an implementation of MSC2000. + # + policy: + # Whether to enforce the password policy. + # Defaults to 'false'. + # + #enabled: true + # Minimum accepted length for a password. + # Defaults to 0. + # + #minimum_length: 15 -# Enable sending emails for password resets, notification events or -# account expiry notices -# -# If your SMTP server requires authentication, the optional smtp_user & -# smtp_pass variables should be used -# -email: - enable_notifs: true - smtp_host: "localhost" - smtp_port: 587 - smtp_user: __SYNAPSE_USER_APP__ - smtp_pass: __SYNAPSE_USER_APP_PWD__ - require_transport_security: false - notif_from: "Your Friendly %(app)s Home Server <__SYNAPSE_USER_APP__@__DOMAIN__>" - app_name: Matrix-Synapse + # Whether a password must contain at least one digit. + # Defaults to 'false'. + # + #require_digit: true - # Enable email notifications by default - # - notif_for_new_users: true + # Whether a password must contain at least one symbol. + # A symbol is any character that's not a number or a letter. + # Defaults to 'false'. + # + #require_symbol: true - # Defining a custom URL for Riot is only needed if email notifications - # should contain links to a self-hosted installation of Riot; when set - # the "app_name" setting is ignored - # - riot_base_url: "https://__DOMAIN__/element" + # Whether a password must contain at least one lowercase letter. + # Defaults to 'false'. + # + #require_lowercase: true - # Configure the time that a validation email or text message code - # will expire after sending - # - # This is currently used for password resets - # - #validation_token_lifetime: 1h - - # Template directory. All template files should be stored within this - # directory. If not set, default templates from within the Synapse - # package will be used - # - # For the list of default templates, please see - # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates - # - #template_dir: res/templates - - # Templates for email notifications - # - #notif_template_html: notif_mail.html - #notif_template_text: notif_mail.txt - - # Templates for account expiry notices - # - #expiry_template_html: notice_expiry.html - #expiry_template_text: notice_expiry.txt - - # Templates for password reset emails sent by the homeserver - # - #password_reset_template_html: password_reset.html - #password_reset_template_text: password_reset.txt - - # Templates for registration emails sent by the homeserver - # - #registration_template_html: registration.html - #registration_template_text: registration.txt - - # Templates for validation emails sent by the homeserver when adding an email to - # your user account - # - #add_threepid_template_html: add_threepid.html - #add_threepid_template_text: add_threepid.txt - - # Templates for password reset success and failure pages that a user - # will see after attempting to reset their password - # - #password_reset_template_success_html: password_reset_success.html - #password_reset_template_failure_html: password_reset_failure.html - - # Templates for registration success and failure pages that a user - # will see after attempting to register using an email or phone - # - #registration_template_success_html: registration_success.html - #registration_template_failure_html: registration_failure.html - - # Templates for success and failure pages that a user will see after attempting - # to add an email or phone to their account - # - #add_threepid_success_html: add_threepid_success.html - #add_threepid_failure_html: add_threepid_failure.html + # Whether a password must contain at least one uppercase letter. + # Defaults to 'false'. + # + #require_uppercase: true +ui_auth: + # The amount of time to allow a user-interactive authentication session + # to be active. + # + # This defaults to 0, meaning the user is queried for their credentials + # before every action, but this can be overridden to allow a single + # validation to be re-used. This weakens the protections afforded by + # the user-interactive authentication process, by allowing for multiple + # (and potentially different) operations to use the same validation session. + # + # This is ignored for potentially "dangerous" operations (including + # deactivating an account, modifying an account password, and + # adding a 3PID). + # + # Uncomment below to allow for credential validation to last for 15 + # seconds. + # + #session_timeout: "15s" password_providers: - module: "ldap_auth_provider.LdapAuthProvider" @@ -1355,61 +2251,260 @@ password_providers: filter: "(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))" - -# Clients requesting push notifications can either have the body of -# the message sent in the notification poke along with other details -# like the sender, or just the event ID and room ID (`event_id_only`). -# If clients choose the former, this option controls whether the -# notification request includes the content of the event (other details -# like the sender are still included). For `event_id_only` push, it -# has no effect. + +# Configuration for sending emails from Synapse. # -# For modern android devices the notification content will still appear -# because it is loaded by the app. iPhone, however will send a -# notification saying only that a message arrived and who it came from. +# Server admins can configure custom templates for email content. See +# https://matrix-org.github.io/synapse/latest/templates.html for more information. # -#push: -# include_content: true +email: + # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'. + # + smtp_host: "localhost" + + # The port on the mail server for outgoing SMTP. Defaults to 25. + # + smtp_port: 587 + + # Username/password for authentication to the SMTP server. By default, no + # authentication is attempted. + # + smtp_user: __SYNAPSE_USER_APP__ + smtp_pass: __SYNAPSE_USER_APP_PWD__ + + # Uncomment the following to require TLS transport security for SMTP. + # By default, Synapse will connect over plain text, and will then switch to + # TLS via STARTTLS *if the SMTP server supports it*. If this option is set, + # Synapse will refuse to connect unless the server supports STARTTLS. + # + require_transport_security: true + + # Uncomment the following to disable TLS for SMTP. + # + # By default, if the server supports TLS, it will be used, and the server + # must present a certificate that is valid for 'smtp_host'. If this option + # is set to false, TLS will not be used. + # + #enable_tls: false + + # notif_from defines the "From" address to use when sending emails. + # It must be set if email sending is enabled. + # + # The placeholder '%(app)s' will be replaced by the application name, + # which is normally 'app_name' (below), but may be overridden by the + # Matrix client application. + # + # Note that the placeholder must be written '%(app)s', including the + # trailing 's'. + # + notif_from: "Your Friendly %(app)s Home Server <__SYNAPSE_USER_APP__@__DOMAIN__>" + + # app_name defines the default value for '%(app)s' in notif_from and email + # subjects. It defaults to 'Matrix'. + # + app_name: Yunohost Matrix-Synapse + + # Uncomment the following to enable sending emails for messages that the user + # has missed. Disabled by default. + # + enable_notifs: true + + # Uncomment the following to disable automatic subscription to email + # notifications for new users. Enabled by default. + # + #notif_for_new_users: false + + # Custom URL for client links within the email notifications. By default + # links will be based on "https://matrix.to". + # + # (This setting used to be called riot_base_url; the old name is still + # supported for backwards-compatibility but is now deprecated.) + # + #client_base_url: "http://localhost/riot" + + # Configure the time that a validation email will expire after sending. + # Defaults to 1h. + # + #validation_token_lifetime: 15m + + # The web client location to direct users to during an invite. This is passed + # to the identity server as the org.matrix.web_client_location key. Defaults + # to unset, giving no guidance to the identity server. + # + #invite_client_location: https://app.element.io + + # Subjects to use when sending emails from Synapse. + # + # The placeholder '%(app)s' will be replaced with the value of the 'app_name' + # setting above, or by a value dictated by the Matrix client application. + # + # If a subject isn't overridden in this configuration file, the value used as + # its example will be used. + # + #subjects: + + # Subjects for notification emails. + # + # On top of the '%(app)s' placeholder, these can use the following + # placeholders: + # + # * '%(person)s', which will be replaced by the display name of the user(s) + # that sent the message(s), e.g. "Alice and Bob". + # * '%(room)s', which will be replaced by the name of the room the + # message(s) have been sent to, e.g. "My super room". + # + # See the example provided for each setting to see which placeholder can be + # used and how to use them. + # + # Subject to use to notify about one message from one or more user(s) in a + # room which has a name. + #message_from_person_in_room: "[%(app)s] You have a message on %(app)s from %(person)s in the %(room)s room..." + # + # Subject to use to notify about one message from one or more user(s) in a + # room which doesn't have a name. + #message_from_person: "[%(app)s] You have a message on %(app)s from %(person)s..." + # + # Subject to use to notify about multiple messages from one or more users in + # a room which doesn't have a name. + #messages_from_person: "[%(app)s] You have messages on %(app)s from %(person)s..." + # + # Subject to use to notify about multiple messages in a room which has a + # name. + #messages_in_room: "[%(app)s] You have messages on %(app)s in the %(room)s room..." + # + # Subject to use to notify about multiple messages in multiple rooms. + #messages_in_room_and_others: "[%(app)s] You have messages on %(app)s in the %(room)s room and others..." + # + # Subject to use to notify about multiple messages from multiple persons in + # multiple rooms. This is similar to the setting above except it's used when + # the room in which the notification was triggered has no name. + #messages_from_person_and_others: "[%(app)s] You have messages on %(app)s from %(person)s and others..." + # + # Subject to use to notify about an invite to a room which has a name. + #invite_from_person_to_room: "[%(app)s] %(person)s has invited you to join the %(room)s room on %(app)s..." + # + # Subject to use to notify about an invite to a room which doesn't have a + # name. + #invite_from_person: "[%(app)s] %(person)s has invited you to chat on %(app)s..." + + # Subject for emails related to account administration. + # + # On top of the '%(app)s' placeholder, these one can use the + # '%(server_name)s' placeholder, which will be replaced by the value of the + # 'server_name' setting in your Synapse configuration. + # + # Subject to use when sending a password reset email. + #password_reset: "[%(server_name)s] Password reset" + # + # Subject to use when sending a verification email to assert an address's + # ownership. + #email_validation: "[%(server_name)s] Validate your email" -#spam_checker: -# module: "my_custom_project.SuperSpamChecker" -# config: -# example_option: 'things' + +## Push ## + +push: + # Clients requesting push notifications can either have the body of + # the message sent in the notification poke along with other details + # like the sender, or just the event ID and room ID (`event_id_only`). + # If clients choose the former, this option controls whether the + # notification request includes the content of the event (other details + # like the sender are still included). For `event_id_only` push, it + # has no effect. + # + # For modern android devices the notification content will still appear + # because it is loaded by the app. iPhone, however will send a + # notification saying only that a message arrived and who it came from. + # + # The default value is "true" to include message details. Uncomment to only + # include the event ID and room ID in push notification payloads. + # + #include_content: false + + # When a push notification is received, an unread count is also sent. + # This number can either be calculated as the number of unread messages + # for the user, or the number of *rooms* the user has unread messages in. + # + # The default value is "true", meaning push clients will see the number of + # rooms with unread messages in them. Uncomment to instead send the number + # of unread messages. + # + #group_unread_count_by_room: false + + +## Rooms ## + +# Controls whether locally-created rooms should be end-to-end encrypted by +# default. +# +# Possible options are "all", "invite", and "off". They are defined as: +# +# * "all": any locally-created room +# * "invite": any room created with the "private_chat" or "trusted_private_chat" +# room creation presets +# * "off": this option will take no effect +# +# The default value is "off". +# +# Note that this option will only affect rooms created after it is set. It +# will also not affect rooms created by other servers. +# +#encryption_enabled_by_default_for_room_type: invite # Uncomment to allow non-server-admin users to create groups on this server # -#enable_group_creation: true +enable_group_creation: true # If enabled, non server admins can only create groups with local parts # starting with this prefix # -#group_creation_prefix: "unofficial/" +#group_creation_prefix: "unofficial_" # User Directory configuration # -# 'enabled' defines whether users can search the user directory. If -# false then empty responses are returned to all queries. Defaults to -# true. -# -# 'search_all_users' defines whether to search all users visible to your HS -# when searching the user directory, rather than limiting to users visible -# in public rooms. Defaults to false. If you set it True, you'll have to -# rebuild the user_directory search indexes, see -# https://github.com/matrix-org/synapse/blob/master/docs/user_directory.md -# -#user_directory: -# enabled: true -# search_all_users: false +user_directory: + # Defines whether users can search the user directory. If false then + # empty responses are returned to all queries. Defaults to true. + # + # Uncomment to disable the user directory. + # + #enabled: false + + # Defines whether to search all users visible to your HS when searching + # the user directory. If false, search results will only contain users + # visible in public rooms and users sharing a room with the requester. + # Defaults to false. + # + # NB. If you set this to true, and the last time the user_directory search + # indexes were (re)built was before Synapse 1.44, you'll have to + # rebuild the indexes in order to search through all known users. + # These indexes are built the first time Synapse starts; admins can + # manually trigger a rebuild via API following the instructions at + # https://matrix-org.github.io/synapse/latest/usage/administration/admin_api/background_updates.html#run + # + # Uncomment to return search results containing all known users, even if that + # user does not share a room with the requester. + # + #search_all_users: true + + # Defines whether to prefer local users in search query results. + # If True, local users are more likely to appear above remote users + # when searching the user directory. Defaults to false. + # + # Uncomment to prefer local over remote users in user directory search + # results. + # + #prefer_local_users: true # User Consent configuration # # for detailed instructions, see -# https://github.com/matrix-org/synapse/blob/master/docs/consent_tracking.md +# https://matrix-org.github.io/synapse/latest/consent_tracking.html # # Parts of this section are required if enabling the 'consent' resource under # 'listeners', in particular 'template_dir' and 'version'. @@ -1458,19 +2553,15 @@ password_providers: -# Local statistics collection. Used in populating the room directory. +# Settings for local room and user statistics collection. See +# https://matrix-org.github.io/synapse/latest/room_and_user_statistics.html. # -# 'bucket_size' controls how large each statistics timeslice is. It can -# be defined in a human readable short form -- e.g. "1d", "1y". -# -# 'retention' controls how long historical statistics will be kept for. -# It can be defined in a human readable short form -- e.g. "1d", "1y". -# -# -#stats: -# enabled: true -# bucket_size: 1d -# retention: 1y +stats: + # Uncomment the following to disable room and user statistics. Note that doing + # so may cause certain features (such as the room directory) not to work + # correctly. + # + #enabled: false # Server Notices room configuration @@ -1543,7 +2634,7 @@ password_providers: # # Options for the rules include: # -# user_id: Matches agaisnt the creator of the alias +# user_id: Matches against the creator of the alias # room_id: Matches against the room ID being published # alias: Matches against any current local or canonical aliases # associated with the room @@ -1558,19 +2649,6 @@ password_providers: # action: allow -# Server admins can define a Python module that implements extra rules for -# allowing or denying incoming events. In order to work, this module needs to -# override the methods defined in synapse/events/third_party_rules.py. -# -# This feature is designed to be used in closed federations only, where each -# participating server enforces the same rules. -# -#third_party_event_rules: -# module: "my_custom_project.SuperRulesSet" -# config: -# example_option: 'things' - - ## Opentracing ## # These settings enable opentracing, which implements distributed tracing. @@ -1585,27 +2663,136 @@ opentracing: #enabled: true # The list of homeservers we wish to send and receive span contexts and span baggage. - # See docs/opentracing.rst + # See https://matrix-org.github.io/synapse/latest/opentracing.html. + # # This is a list of regexes which are matched against the server_name of the # homeserver. # - # By defult, it is empty, so no servers are matched. + # By default, it is empty, so no servers are matched. # #homeserver_whitelist: # - ".*" + # A list of the matrix IDs of users whose requests will always be traced, + # even if the tracing system would otherwise drop the traces due to + # probabilistic sampling. + # + # By default, the list is empty. + # + #force_tracing_for_users: + # - "@user1:server_name" + # - "@user2:server_name" + # Jaeger can be configured to sample traces at different rates. # All configuration options provided by Jaeger can be set here. - # Jaeger's configuration mostly related to trace sampling which + # Jaeger's configuration is mostly related to trace sampling which # is documented here: - # https://www.jaegertracing.io/docs/1.13/sampling/. + # https://www.jaegertracing.io/docs/latest/sampling/. # #jaeger_config: # sampler: # type: const # param: 1 - - # Logging whether spans were started and reported - # # logging: # false + + +## Workers ## + +# Disables sending of outbound federation transactions on the main process. +# Uncomment if using a federation sender worker. +# +#send_federation: false + +# It is possible to run multiple federation sender workers, in which case the +# work is balanced across them. +# +# This configuration must be shared between all federation sender workers, and if +# changed all federation sender workers must be stopped at the same time and then +# started, to ensure that all instances are running with the same config (otherwise +# events may be dropped). +# +#federation_sender_instances: +# - federation_sender1 + +# When using workers this should be a map from `worker_name` to the +# HTTP replication listener of the worker, if configured. +# +#instance_map: +# worker1: +# host: localhost +# port: 8034 + +# Experimental: When using workers you can define which workers should +# handle event persistence and typing notifications. Any worker +# specified here must also be in the `instance_map`. +# +#stream_writers: +# events: worker1 +# typing: worker1 + +# The worker that is used to run background tasks (e.g. cleaning up expired +# data). If not provided this defaults to the main process. +# +#run_background_tasks_on: worker1 + +# A shared secret used by the replication APIs to authenticate HTTP requests +# from workers. +# +# By default this is unused and traffic is not authenticated. +# +#worker_replication_secret: "" + + +# Configuration for Redis when using workers. This *must* be enabled when +# using workers (unless using old style direct TCP configuration). +# +redis: + # Uncomment the below to enable Redis support. + # + #enabled: true + + # Optional host and port to use to connect to redis. Defaults to + # localhost and 6379 + # + #host: localhost + #port: 6379 + + # Optional password if configured on the Redis instance + # + #password: + + +## Background Updates ## + +# Background updates are database updates that are run in the background in batches. +# The duration, minimum batch size, default batch size, whether to sleep between batches and if so, how long to +# sleep can all be configured. This is helpful to speed up or slow down the updates. +# +background_updates: + # How long in milliseconds to run a batch of background updates for. Defaults to 100. Uncomment and set + # a time to change the default. + # + #background_update_duration_ms: 500 + + # Whether to sleep between updates. Defaults to True. Uncomment to change the default. + # + #sleep_enabled: false + + # If sleeping between updates, how long in milliseconds to sleep for. Defaults to 1000. Uncomment + # and set a duration to change the default. + # + #sleep_duration_ms: 300 + + # Minimum size a batch of background updates can be. Must be greater than 0. Defaults to 1. Uncomment and + # set a size to change the default. + # + #min_batch_size: 10 + + # The batch size to use for the first iteration of a new background update. The default is 100. + # Uncomment and set a size to change the default. + # + #default_batch_size: 50 + + +# vim:ft=yaml diff --git a/scripts/_common.sh b/scripts/_common.sh index a9a969f..b4c43a7 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -63,3 +63,9 @@ install_sources() { ynh_secure_remove --file=$final_path/.cargo fi } + +get_domain_list() { + yunohost --output-as plain domain list | grep -E "^#" -v | sort | uniq | while read domain; do + echo -n " - https://$domain\n" + done +} diff --git a/scripts/change_url b/scripts/change_url index b0488cc..18bb168 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -48,6 +48,7 @@ synapse_db_name="matrix_$app" synapse_db_user="matrix_$app" synapse_db_name="matrix_$app" upstream_version=$(ynh_app_upstream_version) +domain_whitelist_client=$(get_domain_list) # Check if the new path stay /_matrix if not exit diff --git a/scripts/config b/scripts/config index be1c247..3163337 100644 --- a/scripts/config +++ b/scripts/config @@ -27,6 +27,7 @@ is_free_registration=$(ynh_app_setting_get --app $app --key is_free_registration jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) +domain_whitelist_client=$(get_domain_list) #================================================= # SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND diff --git a/scripts/install b/scripts/install index 55d2768..674efb9 100644 --- a/scripts/install +++ b/scripts/install @@ -36,6 +36,7 @@ report_stats="false" allow_public_rooms="false" e2e_enabled_by_default="true" default_domain_value="Same than the domain" +domain_whitelist_client=$(get_domain_list) #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST diff --git a/scripts/upgrade b/scripts/upgrade index 42b72bc..e20cb6f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -41,6 +41,7 @@ registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_s form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) +domain_whitelist_client=$(get_domain_list) #================================================= # SET ALL CONSTANT From d7e9813f9b1d494ca1c849247b3336696515e231 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sat, 28 May 2022 14:16:59 +0200 Subject: [PATCH 27/69] Fix install on bullseye --- scripts/_common.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index b4c43a7..d3ca72f 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -46,7 +46,12 @@ install_sources() { set +$u_arg; source $final_path/bin/activate set -$u_arg; - pip3 install --upgrade setuptools wheel pip + if [ $(lsb_release --codename --short) == "bullseye" ]; then + pip3 install --upgrade setuptools==60.8.2 wheel pip + else + pip3 install --upgrade setuptools wheel pip + fi + chown $synapse_user:root -R $final_path sudo -u $synapse_user env PATH=$PATH pip3 install --upgrade 'cryptography>=3.4.7' pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2 From 77247481b4528f697ea7e4e512acce10b647d480 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sat, 28 May 2022 22:00:40 +0200 Subject: [PATCH 28/69] Upgrade synapse to 1.59.1 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 42d3fcc..7c5ee62 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.59.0~ynh1 +**Shipped version:** 1.59.1~ynh1 ## Disclaimers / important information ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index c4af2a9..190c45c 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.59.0/matrix-synapse_1.59.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=aedd3fe868dc9ad9359da0ce5124c602945267e9ab69a5ed0249367391cd44e7 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.59.1/matrix-synapse_1.59.1-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=b4a5435609cc679c3e9e10f437020d2a96077f227cd46b67470008a2f7f2f8f4 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 3dccdc8..a6620b5 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.59.0/matrix-synapse_1.59.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=3a1e4602507594d4a38c5613edd1e16ebeef6e67cb7d40a7847fb0a32aeade22 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.59.1/matrix-synapse_1.59.1-buster-bin1_armv7l.tar.gz +SOURCE_SUM=9416fa0cec0b8810c4e054545c712ffdd2205bafadced3f636fc1883fa1065c2 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 55e5c15..26d9f5b 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.59.0~ynh1", + "version": "1.59.1~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 3c43857efed6f580d35922d5b56f5a073edc5461 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sat, 28 May 2022 20:21:06 +0000 Subject: [PATCH 29/69] Auto-update README --- README_fr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README_fr.md b/README_fr.md index dedebd0..eb8bdab 100644 --- a/README_fr.md +++ b/README_fr.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Version incluse :** 1.59.0~ynh1 +**Version incluse :** 1.59.1~ynh1 ## Avertissements / informations importantes ## Configuration From 5c269baa4647322348cc3844eeb0b7b549f256fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 1 Jun 2022 01:47:14 +0200 Subject: [PATCH 30/69] Upgrade synapse to 1.60.0 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 7c5ee62..45b6e12 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.59.1~ynh1 +**Shipped version:** 1.60.0~ynh1 ## Disclaimers / important information ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index 190c45c..1956754 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.59.1/matrix-synapse_1.59.1-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=b4a5435609cc679c3e9e10f437020d2a96077f227cd46b67470008a2f7f2f8f4 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.60.0/matrix-synapse_1.60.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=d8873c6bf7babec2071c64f637d43c8aca362463a33854b5fbb5a2f0672ddd17 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index a6620b5..77dfac6 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.59.1/matrix-synapse_1.59.1-buster-bin1_armv7l.tar.gz -SOURCE_SUM=9416fa0cec0b8810c4e054545c712ffdd2205bafadced3f636fc1883fa1065c2 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.60.0/matrix-synapse_1.60.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=33a0fce5d8c2e3bfb13dbc2d22aa4da0260d6c72f62ccf0150621b35b884bb53 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 26d9f5b..82bb152 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.59.1~ynh1", + "version": "1.60.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 0bf9a1f8346f27ab0462f767a9cf816ef53682d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Fri, 17 Jun 2022 03:18:00 +0200 Subject: [PATCH 31/69] Upgrade synapse to 1.61.0 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 45b6e12..3398a76 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.60.0~ynh1 +**Shipped version:** 1.61.0~ynh1 ## Disclaimers / important information ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index 1956754..515cf11 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.60.0/matrix-synapse_1.60.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=d8873c6bf7babec2071c64f637d43c8aca362463a33854b5fbb5a2f0672ddd17 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.61.0/matrix-synapse_1.61.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=e5da2f1ecb1511b3aeb514a948811c2645a7014eb0bdf8f5988fe6208e1bfb0f # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 77dfac6..9fe4fcf 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.60.0/matrix-synapse_1.60.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=33a0fce5d8c2e3bfb13dbc2d22aa4da0260d6c72f62ccf0150621b35b884bb53 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.61.0/matrix-synapse_1.61.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=970d173b23243043f5d95c5332426d54600c07bfa685e5a6e1423718533283a3 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 82bb152..2aa2466 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.60.0~ynh1", + "version": "1.61.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 43f16d889825e98f53f2cf02cbc624d29c8c1bd2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Fri, 17 Jun 2022 07:56:52 +0200 Subject: [PATCH 32/69] Fix typo --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index e20cb6f..4ad28b2 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -140,7 +140,7 @@ fi if [ -z $synapse_user_app_pwd ]; then synapse_user_app_pwd="$(ynh_string_random --length=30)" ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd - yunohost user create $synapse_user_app -f Synapse -l Application -m $domain -p "$synapse_user_app_pwd" + yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd" fi #================================================= From dd684d3d489f46cc5d88618d7b16e1393fe83a62 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 17 Jun 2022 06:21:39 +0000 Subject: [PATCH 33/69] Auto-update README --- README_fr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README_fr.md b/README_fr.md index eb8bdab..097f2c5 100644 --- a/README_fr.md +++ b/README_fr.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Version incluse :** 1.59.1~ynh1 +**Version incluse :** 1.61.0~ynh1 ## Avertissements / informations importantes ## Configuration From 2c0266f6bf102b7e44da4295ed72a82f470e5de9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Fri, 24 Jun 2022 13:10:12 +0200 Subject: [PATCH 34/69] Fix email configuration --- conf/homeserver.yaml | 2 +- scripts/change_url | 1 + scripts/config | 1 + scripts/install | 1 + scripts/restore | 1 + scripts/upgrade | 1 + 6 files changed, 6 insertions(+), 1 deletion(-) diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index c074c59..f073e4e 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -2260,7 +2260,7 @@ password_providers: email: # The hostname of the outgoing SMTP server to use. Defaults to 'localhost'. # - smtp_host: "localhost" + smtp_host: "__MAIN_DOMAIN__" # The port on the mail server for outgoing SMTP. Defaults to 25. # diff --git a/scripts/change_url b/scripts/change_url index 18bb168..fa8668e 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -41,6 +41,7 @@ registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_s form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) +main_domain=$(yunohost domain list --output-as json | jq -r .main) synapse_user="matrix-$app" synapse_user_app="$app" diff --git a/scripts/config b/scripts/config index 3163337..ec3f646 100644 --- a/scripts/config +++ b/scripts/config @@ -28,6 +28,7 @@ jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) domain_whitelist_client=$(get_domain_list) +main_domain=$(yunohost domain list --output-as json | jq -r .main) #================================================= # SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND diff --git a/scripts/install b/scripts/install index 674efb9..29311e2 100644 --- a/scripts/install +++ b/scripts/install @@ -50,6 +50,7 @@ path_url="/_matrix" final_path="/opt/yunohost/matrix-$app" final_www_path="/var/www/$app" data_path="/home/yunohost.app/matrix-$app" +main_domain=$(yunohost domain list --output-as json | jq -r .main) if [[ "$server_name" == "$default_domain_value" ]]; then server_name=$domain diff --git a/scripts/restore b/scripts/restore index fbd5353..347c02e 100644 --- a/scripts/restore +++ b/scripts/restore @@ -39,6 +39,7 @@ turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tl phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) +main_domain=$(yunohost domain list --output-as json | jq -r .main) #================================================= # SET ALL CONSTANT diff --git a/scripts/upgrade b/scripts/upgrade index 4ad28b2..536ca48 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -42,6 +42,7 @@ form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) domain_whitelist_client=$(get_domain_list) +main_domain=$(yunohost domain list --output-as json | jq -r .main) #================================================= # SET ALL CONSTANT From a01bd4da8d87ba3430285bd13df26aad60b9af71 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 24 Jun 2022 11:11:27 +0000 Subject: [PATCH 35/69] Auto-update README --- README_fr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README_fr.md b/README_fr.md index eb8bdab..097f2c5 100644 --- a/README_fr.md +++ b/README_fr.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Version incluse :** 1.59.1~ynh1 +**Version incluse :** 1.61.0~ynh1 ## Avertissements / informations importantes ## Configuration From 85c350a79ff76ba67155f8ec7c58fedd55bbeb63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Fri, 17 Jun 2022 03:18:00 +0200 Subject: [PATCH 36/69] Fix path transversal issue --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 275cd1d..98bafc3 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,4 +1,4 @@ -location __PATH__ { +location __PATH__/ { proxy_pass http://localhost:__PORT__; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; From 70861280d55c4b5779c67b78c22b8a5c656e9922 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Fri, 1 Jul 2022 14:12:57 +0200 Subject: [PATCH 37/69] Upgrade synapse to 1.61.1 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 3398a76..51d0603 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.61.0~ynh1 +**Shipped version:** 1.61.1~ynh1 ## Disclaimers / important information ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index 515cf11..91e1aae 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.61.0/matrix-synapse_1.61.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=e5da2f1ecb1511b3aeb514a948811c2645a7014eb0bdf8f5988fe6208e1bfb0f +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.61.1/matrix-synapse_1.61.1-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=65a23c55f9d7b86407da8c40c3ac774df6d46d7940139e51d25142bc4980a0a2 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 9fe4fcf..74387b7 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.61.0/matrix-synapse_1.61.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=970d173b23243043f5d95c5332426d54600c07bfa685e5a6e1423718533283a3 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.61.1/matrix-synapse_1.61.1-buster-bin1_armv7l.tar.gz +SOURCE_SUM=356d22b891a28f2724aa96e348df175efaa6ef592c1b8e8d2ac14a1ce4d932d5 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 2aa2466..4359e88 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.61.0~ynh1", + "version": "1.61.1~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 50d366edf8b686eca89de14ceca2d790d61fc671 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sat, 2 Jul 2022 11:58:32 +0000 Subject: [PATCH 38/69] Auto-update README --- README_fr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README_fr.md b/README_fr.md index 097f2c5..3ee2577 100644 --- a/README_fr.md +++ b/README_fr.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Version incluse :** 1.61.0~ynh1 +**Version incluse :** 1.61.1~ynh1 ## Avertissements / informations importantes ## Configuration From 823642c4f1f0bb6172b5bc67e484fa2b5f8b0846 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 6 Jul 2022 03:48:47 +0200 Subject: [PATCH 39/69] Upgrade synapse to 1.62.0 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 51d0603..510f303 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.61.1~ynh1 +**Shipped version:** 1.62.0~ynh1 ## Disclaimers / important information ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index 91e1aae..f2dd59c 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.61.1/matrix-synapse_1.61.1-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=65a23c55f9d7b86407da8c40c3ac774df6d46d7940139e51d25142bc4980a0a2 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.62.0/matrix-synapse_1.62.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=d9bad71cda469f98ab924928af727d5f960fb568b4b2e2d40cf4a1a286384dad # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 74387b7..3071233 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.61.1/matrix-synapse_1.61.1-buster-bin1_armv7l.tar.gz -SOURCE_SUM=356d22b891a28f2724aa96e348df175efaa6ef592c1b8e8d2ac14a1ce4d932d5 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.62.0/matrix-synapse_1.62.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=7f199eea62d9e59dd2e533def8f1ce68f926678ab7d85bec772cce0be4bbcf12 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 4359e88..19ef247 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.61.1~ynh1", + "version": "1.62.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From c14ffbe3dcf8bd091881d9272a4f8077da09ab3f Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 6 Jul 2022 20:05:07 +0000 Subject: [PATCH 40/69] Auto-update README --- README_fr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README_fr.md b/README_fr.md index 3ee2577..cbc9875 100644 --- a/README_fr.md +++ b/README_fr.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Version incluse :** 1.61.1~ynh1 +**Version incluse :** 1.62.0~ynh1 ## Avertissements / informations importantes ## Configuration From 474acf569d7d7e9f4edee3e40edfd4ec4055a0eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 20 Jul 2022 08:29:24 +0200 Subject: [PATCH 41/69] Upgrade synapse to 1.63.0 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 510f303..3a79f27 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.62.0~ynh1 +**Shipped version:** 1.63.0~ynh1 ## Disclaimers / important information ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index f2dd59c..a02bf37 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.62.0/matrix-synapse_1.62.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=d9bad71cda469f98ab924928af727d5f960fb568b4b2e2d40cf4a1a286384dad +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.63.0/matrix-synapse_1.63.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=91eaf051855b739b9e969901f6cd4c9e7b41d7da24504ff405afe4fe32285af9 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 3071233..5c14589 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.62.0/matrix-synapse_1.62.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=7f199eea62d9e59dd2e533def8f1ce68f926678ab7d85bec772cce0be4bbcf12 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.63.0/matrix-synapse_1.63.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=bda91791814598ca771bedaab29f741f25f44e702a0913142adb7cf95017e244 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 19ef247..d1c54e8 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.62.0~ynh1", + "version": "1.63.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From c955e59d1c5c694337b8e4bcbd0a4500824ddf99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 21 Jul 2022 03:01:44 +0200 Subject: [PATCH 42/69] Upgrade synapse to 1.63.1 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 3a79f27..c611a51 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.63.0~ynh1 +**Shipped version:** 1.63.1~ynh1 ## Disclaimers / important information ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index a02bf37..464d94e 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.63.0/matrix-synapse_1.63.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=91eaf051855b739b9e969901f6cd4c9e7b41d7da24504ff405afe4fe32285af9 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.63.1/matrix-synapse_1.63.1-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=ef131eaa012a66e1f26596eda67d73da952180c391ca899861ebd214591781c3 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 5c14589..7f078cf 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.63.0/matrix-synapse_1.63.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=bda91791814598ca771bedaab29f741f25f44e702a0913142adb7cf95017e244 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.63.1/matrix-synapse_1.63.1-buster-bin1_armv7l.tar.gz +SOURCE_SUM=773b39856ad6f41698e97a5696a1487e7268b90d79c6bfa14d65bbcd2fe48d1e # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index d1c54e8..9dcd76b 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.63.0~ynh1", + "version": "1.63.1~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 45cb41d6411070cb3877baf3b6fba249939540d7 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Thu, 21 Jul 2022 14:16:53 +0000 Subject: [PATCH 43/69] Auto-update README --- README_fr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README_fr.md b/README_fr.md index cbc9875..dbec822 100644 --- a/README_fr.md +++ b/README_fr.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Version incluse :** 1.62.0~ynh1 +**Version incluse :** 1.63.1~ynh1 ## Avertissements / informations importantes ## Configuration From 3f5536998e1be565318d1624624dffafd4b75bac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 4 Aug 2022 02:52:18 +0200 Subject: [PATCH 44/69] Upgrade synapse to 1.64.0 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index c611a51..7a1dce6 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.63.1~ynh1 +**Shipped version:** 1.64.0~ynh1 ## Disclaimers / important information ## Configuration diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index 464d94e..20dcb71 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.63.1/matrix-synapse_1.63.1-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=ef131eaa012a66e1f26596eda67d73da952180c391ca899861ebd214591781c3 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.64.0/matrix-synapse_1.64.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=89464d12cc5f94ab2aa6130974652f8e056e75c63534aededdf2352ca865e6b9 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 7f078cf..05a2aee 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.63.1/matrix-synapse_1.63.1-buster-bin1_armv7l.tar.gz -SOURCE_SUM=773b39856ad6f41698e97a5696a1487e7268b90d79c6bfa14d65bbcd2fe48d1e +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.64.0/matrix-synapse_1.64.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=ec46af4142b6d5c7226f5e5a47832e18567f60d1ffdc0bc3eccb85d275b1101c # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 9dcd76b..f53e7cb 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.63.1~ynh1", + "version": "1.64.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 700d462161f90683742e14a4a3c14e5bcc80742b Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 10 Aug 2022 16:40:44 +0000 Subject: [PATCH 45/69] Auto-update README --- README.md | 1 + README_fr.md | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 7a1dce6..6570896 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,7 @@ Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org **Shipped version:** 1.64.0~ynh1 + ## Disclaimers / important information ## Configuration diff --git a/README_fr.md b/README_fr.md index dbec822..05a1b56 100644 --- a/README_fr.md +++ b/README_fr.md @@ -20,7 +20,8 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Version incluse :** 1.63.1~ynh1 +**Version incluse :** 1.64.0~ynh1 + ## Avertissements / informations importantes ## Configuration From a5600ef45335a5bae70ece066e8ca8bf27eb9660 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 17 Aug 2022 02:52:02 +0200 Subject: [PATCH 46/69] Upgrade synapse to 1.65.0 --- README.md | 3 +-- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 6570896..790b39c 100644 --- a/README.md +++ b/README.md @@ -19,8 +19,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) - -**Shipped version:** 1.64.0~ynh1 +**Shipped version:** 1.65.0~ynh1 ## Disclaimers / important information diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index 20dcb71..96b8cc9 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.64.0/matrix-synapse_1.64.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=89464d12cc5f94ab2aa6130974652f8e056e75c63534aededdf2352ca865e6b9 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.65.0/matrix-synapse_1.65.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=b0af6c40001712618ee7e270c6386bdb0f9f159af936ad7e9d2e9f57e5016fca # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 05a2aee..4b6fb17 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.64.0/matrix-synapse_1.64.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=ec46af4142b6d5c7226f5e5a47832e18567f60d1ffdc0bc3eccb85d275b1101c +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.65.0/matrix-synapse_1.65.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=52f80e375c21d9e65e1eb48719140daef80cf4d12e0a80ab35d2ff021bce9e3d # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index f53e7cb..c8ffadc 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.64.0~ynh1", + "version": "1.65.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 7d007e0730bffee4b9ee89cc2ab91eb004148c78 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 17 Aug 2022 10:56:08 +0000 Subject: [PATCH 47/69] Auto-update README --- README.md | 1 + README_fr.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 790b39c..e22f52f 100644 --- a/README.md +++ b/README.md @@ -19,6 +19,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) + **Shipped version:** 1.65.0~ynh1 ## Disclaimers / important information diff --git a/README_fr.md b/README_fr.md index 05a1b56..55562b4 100644 --- a/README_fr.md +++ b/README_fr.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Version incluse :** 1.64.0~ynh1 +**Version incluse :** 1.65.0~ynh1 ## Avertissements / informations importantes From d8c92f8b035734309687926ffc93033214c4b726 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sun, 21 Aug 2022 09:15:18 +0200 Subject: [PATCH 48/69] Fix licence --- manifest.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.json b/manifest.json index c8ffadc..0e80056 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "josue@tille.ch" }, "upstream": { - "license": "free", + "license": "Apache-2.0", "website": "https://matrix.org/", "code": "https://github.com/matrix-org/synapse" }, @@ -49,7 +49,7 @@ "fr": "Est-ce un serveur avec création de compte libre ?" }, "default": false, - "help": { + "help": { "en": "A public server means that anybody will be able to register on this server.", "fr": "Un serveur public signifie que n'importe qui pourra s'enregistrer sur ce serveur." } From 82a802144a42c0f7f27f11e80f459daab37e5d3d Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 30 Aug 2022 04:48:00 +0000 Subject: [PATCH 49/69] Auto-update README --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index ce863cc..e22f52f 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,9 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) + **Shipped version:** 1.65.0~ynh1 + ## Disclaimers / important information ## Configuration From 4897443d2439f58889e8d558d4ac1944d70f2655 Mon Sep 17 00:00:00 2001 From: Christoph Settgast Date: Sun, 4 Sep 2022 22:49:15 +0200 Subject: [PATCH 50/69] Fix starting of coturn-synapse coturn won't start with setuid filter, see #327 Fix tested there, merge into package. Closes: #327 --- conf/coturn-synapse.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/coturn-synapse.service b/conf/coturn-synapse.service index ebbf25c..724ef01 100644 --- a/conf/coturn-synapse.service +++ b/conf/coturn-synapse.service @@ -38,7 +38,7 @@ ProtectControlGroups=yes ProtectKernelModules=yes ProtectKernelTunables=yes LockPersonality=yes -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @swap # Denying access to capabilities that should not be relevant for webapps # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html From cd88d25b4cc74c8fa842a7c2bdf82da11c0a8d87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 1 Sep 2022 03:13:06 +0200 Subject: [PATCH 51/69] Upgrade synapse to 1.66.0 --- README.md | 4 ++-- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index e22f52f..8c96d07 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ It shall NOT be edited by hand. # Synapse for YunoHost -[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Working status](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Working status](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) [![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) *[Lire ce readme en français.](./README_fr.md)* @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.65.0~ynh1 +**Shipped version:** 1.66.0~ynh1 ## Disclaimers / important information diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index 96b8cc9..a601f85 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.65.0/matrix-synapse_1.65.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=b0af6c40001712618ee7e270c6386bdb0f9f159af936ad7e9d2e9f57e5016fca +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.66.0/matrix-synapse_1.66.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=33fbcf5fa42579ba2a1ecb93534f9710a92de85396d66b422966d9976da08970 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 4b6fb17..7ba2ab4 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.65.0/matrix-synapse_1.65.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=52f80e375c21d9e65e1eb48719140daef80cf4d12e0a80ab35d2ff021bce9e3d +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.66.0/matrix-synapse_1.66.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=0a3c93d9120bab771311ab641be34033d2d2e33eac9dbc699ca6a2e705ec2631 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 0e80056..5c28db5 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.65.0~ynh1", + "version": "1.66.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From 1d0aef52527ac68c0e4b11f03a6c4b06d1315267 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Mon, 12 Sep 2022 18:52:52 +0000 Subject: [PATCH 52/69] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8c96d07..2645a94 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ It shall NOT be edited by hand. # Synapse for YunoHost -[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Working status](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Working status](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) [![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) *[Lire ce readme en français.](./README_fr.md)* diff --git a/README_fr.md b/README_fr.md index 55562b4..07684c8 100644 --- a/README_fr.md +++ b/README_fr.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Version incluse :** 1.65.0~ynh1 +**Version incluse :** 1.66.0~ynh1 ## Avertissements / informations importantes From 4c8f86064411a89f533d407dd5d1c29c8bbd82dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 14 Sep 2022 05:01:29 +0200 Subject: [PATCH 53/69] Upgrade synapse to 1.67.0 --- README.md | 2 +- conf/armv7_bullseye.src | 4 ++-- conf/armv7_buster.src | 4 ++-- manifest.json | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 2645a94..d914a42 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Shipped version:** 1.66.0~ynh1 +**Shipped version:** 1.67.0~ynh1 ## Disclaimers / important information diff --git a/conf/armv7_bullseye.src b/conf/armv7_bullseye.src index a601f85..059ea86 100644 --- a/conf/armv7_bullseye.src +++ b/conf/armv7_bullseye.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.66.0/matrix-synapse_1.66.0-bullseye-bin1_armv7l.tar.gz -SOURCE_SUM=33fbcf5fa42579ba2a1ecb93534f9710a92de85396d66b422966d9976da08970 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.67.0/matrix-synapse_1.67.0-bullseye-bin1_armv7l.tar.gz +SOURCE_SUM=3b156833ac280aac5b958257deef0b537ebe52d2b0530aa4934bd06af9f5b7e0 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/conf/armv7_buster.src b/conf/armv7_buster.src index 7ba2ab4..c344db2 100644 --- a/conf/armv7_buster.src +++ b/conf/armv7_buster.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.66.0/matrix-synapse_1.66.0-buster-bin1_armv7l.tar.gz -SOURCE_SUM=0a3c93d9120bab771311ab641be34033d2d2e33eac9dbc699ca6a2e705ec2631 +SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.67.0/matrix-synapse_1.67.0-buster-bin1_armv7l.tar.gz +SOURCE_SUM=bcc0d6eedd3688f0f92aff5acbac9adfba588fd2352ba03fc7b02fdf5ea579c5 # (Optional) Program to check the integrity (sha256sum, md5sum...) # default: sha256 SOURCE_SUM_PRG=sha256sum diff --git a/manifest.json b/manifest.json index 5c28db5..aade73b 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Instant messaging server which uses Matrix", "fr": "Un serveur de messagerie instantané basé sur Matrix" }, - "version": "1.66.0~ynh1", + "version": "1.67.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { From b75e03bf872b5f751b73d3f17a4da9725c5b74f3 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Thu, 15 Sep 2022 05:21:04 +0000 Subject: [PATCH 54/69] Auto-update README --- README_fr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README_fr.md b/README_fr.md index 07684c8..a121658 100644 --- a/README_fr.md +++ b/README_fr.md @@ -20,7 +20,7 @@ Instant messaging server matrix network. Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -**Version incluse :** 1.66.0~ynh1 +**Version incluse :** 1.67.0~ynh1 ## Avertissements / informations importantes From acb612550939813af6a17960ad71b6df7bbe6222 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 15 Sep 2022 13:55:46 +0200 Subject: [PATCH 55/69] Fix install --- scripts/install | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index 29311e2..8c62ee9 100644 --- a/scripts/install +++ b/scripts/install @@ -53,7 +53,7 @@ data_path="/home/yunohost.app/matrix-$app" main_domain=$(yunohost domain list --output-as json | jq -r .main) if [[ "$server_name" == "$default_domain_value" ]]; then - server_name=$domain + server_name=$domain fi #================================================= @@ -205,7 +205,7 @@ source $final_path/bin/activate set -u; # Generate config -python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml +python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --server-name $server_name --report-stats=no -c homeserver.yml # This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does set +u; @@ -341,7 +341,7 @@ if yunohost --output-as plain domain list | grep -q "^$server_name$"; then --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ --auth_header=false --protected=true fi - + #================================================= # UPDATE HOOKS #================================================= From 68c1b62eb8d8db92bbdea3f881d378f614387fdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Fri, 16 Sep 2022 06:35:52 +0200 Subject: [PATCH 56/69] Fix turnserver config for bullseye --- conf/coturn-synapse.service | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/conf/coturn-synapse.service b/conf/coturn-synapse.service index 724ef01..c4a13d3 100644 --- a/conf/coturn-synapse.service +++ b/conf/coturn-synapse.service @@ -6,13 +6,9 @@ After=syslog.target network.target [Service] User=turnserver Group=turnserver -Type=forking +Type=simple EnvironmentFile=/etc/default/coturn-__APP__ -PIDFile=/run/coturn-__APP__/turnserver.pid -RuntimeDirectory=coturn-__APP__ -RuntimeDirectoryMode=0755 -ExecStart=/usr/bin/turnserver -o -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS -ExecStopPost=/bin/rm -f /run/coturn-__APP__/turnserver.pid +ExecStart=/usr/bin/turnserver -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS --pidfile= Restart=on-abort LimitCORE=infinity @@ -50,7 +46,7 @@ CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] WantedBy=multi-user.target From a893b74a4182bba57034ec097c0f949a8851ad14 Mon Sep 17 00:00:00 2001 From: Callum Macdonald Date: Wed, 5 Jan 2022 11:25:48 +0100 Subject: [PATCH 57/69] Switch to matrix.to link --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d914a42..2b0e3c6 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Instant messaging server matrix network. -Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) +Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:libera.chat](https://matrix.to/#/#yunohost:libera.chat) **Shipped version:** 1.67.0~ynh1 From e13df11f876a1ac4c4685a5607db87a74c376d76 Mon Sep 17 00:00:00 2001 From: Callum Macdonald Date: Wed, 5 Jan 2022 11:59:20 +0100 Subject: [PATCH 58/69] Update README.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2b0e3c6..f1c9f6e 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Instant messaging server matrix network. -Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:libera.chat](https://matrix.to/#/#yunohost:libera.chat) +YunoHost chatroom with Matrix : [https://matrix.to/#/#yunohost:libera.chat](https://matrix.to/#/#yunohost:libera.chat) **Shipped version:** 1.67.0~ynh1 From 9bdc10075e0c811c1d881128e60da6ab6b5b8b46 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Fri, 16 Sep 2022 23:33:39 +0200 Subject: [PATCH 59/69] Back to :matrix.org chatroom --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f1c9f6e..f14f751 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Instant messaging server matrix network. -YunoHost chatroom with Matrix : [https://matrix.to/#/#yunohost:libera.chat](https://matrix.to/#/#yunohost:libera.chat) +YunoHost chatroom with Matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) **Shipped version:** 1.67.0~ynh1 From 98425d24d7e12173637d20fb9aa7defc10d04183 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Fri, 16 Sep 2022 23:36:33 +0200 Subject: [PATCH 60/69] =?UTF-8?q?Back=20to=20:matrix.org=20chatroom=C2=B2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- doc/DESCRIPTION.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index 1ae7dbb..bbe3d66 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -1,3 +1,3 @@ Instant messaging server matrix network. -Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) +Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) From 724fff3f5e8e80122177334400c21ef816a2b4b1 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 16 Sep 2022 21:40:00 +0000 Subject: [PATCH 61/69] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f14f751..3be92bb 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Instant messaging server matrix network. -YunoHost chatroom with Matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) +Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) **Shipped version:** 1.67.0~ynh1 diff --git a/README_fr.md b/README_fr.md index a121658..7742b04 100644 --- a/README_fr.md +++ b/README_fr.md @@ -17,7 +17,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Instant messaging server matrix network. -Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) +Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) **Version incluse :** 1.67.0~ynh1 From 678dea3213b975882d7d72521b020ec54ef4895b Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 5 Mar 2022 12:46:12 +0100 Subject: [PATCH 62/69] Add /_synapse path permission for administration API --- scripts/install | 3 +++ scripts/upgrade | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/scripts/install b/scripts/install index 8c62ee9..1248241 100644 --- a/scripts/install +++ b/scripts/install @@ -336,6 +336,9 @@ ynh_permission_update --permission=main --show_tile=false --protected=true ynh_permission_create --permission=server_api --url=$domain/_matrix \ --label="Server access for client apps." --show_tile=false --allowed=visitors \ --auth_header=false --protected=true +ynh_permission_create --permission=admin_api --url=$domain/_synapse \ + --label="Server administration API." --show_tile=false \ + --auth_header=false if yunohost --output-as plain domain list | grep -q "^$server_name$"; then ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ diff --git a/scripts/upgrade b/scripts/upgrade index 536ca48..cc7a2ec 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -439,6 +439,12 @@ elif yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then --protected=true fi +if ! ynh_permission_exists --permission=admin_api; then + ynh_permission_create --permission=admin_api --url=$domain/_synapse \ + --label="Server administration API." --show_tile=false \ + --auth_header=false +fi + #================================================= # SECURE FILES AND DIRECTORIES #================================================= From 918fe60b7ab9c422577e6ef02040646aadfb1525 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sun, 18 Sep 2022 12:29:14 +0200 Subject: [PATCH 63/69] Add documentation on admin API --- doc/DISCLAIMER.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 9661fd1..197e63a 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -105,6 +105,14 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information +### Administration API + +Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. +By default, no one has access to this path. + +If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), +you need to give this permission to visitors. + ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: From 8e3f7d978c9fd799b23886605543e5463b2710d3 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 9 Apr 2022 01:05:29 +0200 Subject: [PATCH 64/69] Handle /_synapse permission in change_url too --- scripts/change_url | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/change_url b/scripts/change_url index fa8668e..699a502 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -122,7 +122,9 @@ ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" ynh_script_progression --message="Configuring permissions..." --weight=1 ynh_permission_url --permission=server_api --clear_urls -ynh_permission_url --permission=server_api --url=$domain/_matrix --additional_urls=$server_name/.well-known/matrix \ +ynh_permission_url --permission=server_api --url=$domain/_matrix --additional_urls=$server_name/.well-known/matrix +ynh_permission_url --permission=admin_api --clear_urls +ynh_permission_url --permission=admin_api --url=$domain/_synapse #================================================= # RELOAD SERVICES From d34d6e93ddf29145df35f11acaba7fd147a720ee Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 18 Sep 2022 10:29:50 +0000 Subject: [PATCH 65/69] Auto-update README --- README.md | 8 ++++++++ README_fr.md | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/README.md b/README.md index 3be92bb..94f70d4 100644 --- a/README.md +++ b/README.md @@ -131,6 +131,14 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information +### Administration API + +Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. +By default, no one has access to this path. + +If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), +you need to give this permission to visitors. + ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: diff --git a/README_fr.md b/README_fr.md index 7742b04..85c5f4d 100644 --- a/README_fr.md +++ b/README_fr.md @@ -131,6 +131,14 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information +### Administration API + +Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. +By default, no one has access to this path. + +If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), +you need to give this permission to visitors. + ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: From 64fa0716c5cdc1c6232fac8b4859326c2490f786 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Tue, 20 Sep 2022 21:04:22 +0200 Subject: [PATCH 66/69] Readd missing disclaimer items --- doc/DISCLAIMER.md | 56 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 197e63a..c813daa 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -105,6 +105,23 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information +## Administation + +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** + +Before any manipulation it's recommended to do a backup by this following command : + +`sudo yunohost backup create --apps synapse` + +### Set user as admin + +Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. + +The following command will grant admin privilege to the specified user: +``` +su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" +``` + ### Administration API Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. @@ -113,6 +130,45 @@ By default, no one has access to this path. If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), you need to give this permission to visitors. +Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). + +### Upgrade + +By default a backup is made before the upgrade. To avoid this you have theses following possibilites: +- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` +- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command: + +`yunohost app setting synapse disable_backup_before_upgrade -v 1` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade synapse` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop synapse service with theses following command: + +`systemctl stop synapse.service` + +- Launch the backup of synapse with this following command: + +`yunohost backup create --app synapse` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. +- Restart the synapse service with these command: + +`systemctl start synapse.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. + +Use the `--purge` flag with the command, or remove it manually to purge app user data. + ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: From b29f96fcf1d0be1255d0d3567947baf8e154fc80 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 20 Sep 2022 19:04:57 +0000 Subject: [PATCH 67/69] Auto-update README --- README.md | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++ README_fr.md | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+) diff --git a/README.md b/README.md index 94f70d4..9e648d7 100644 --- a/README.md +++ b/README.md @@ -131,6 +131,23 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information +## Administation + +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** + +Before any manipulation it's recommended to do a backup by this following command : + +`sudo yunohost backup create --apps synapse` + +### Set user as admin + +Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. + +The following command will grant admin privilege to the specified user: +``` +su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" +``` + ### Administration API Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. @@ -139,6 +156,45 @@ By default, no one has access to this path. If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), you need to give this permission to visitors. +Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). + +### Upgrade + +By default a backup is made before the upgrade. To avoid this you have theses following possibilites: +- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` +- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command: + +`yunohost app setting synapse disable_backup_before_upgrade -v 1` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade synapse` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop synapse service with theses following command: + +`systemctl stop synapse.service` + +- Launch the backup of synapse with this following command: + +`yunohost backup create --app synapse` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. +- Restart the synapse service with these command: + +`systemctl start synapse.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. + +Use the `--purge` flag with the command, or remove it manually to purge app user data. + ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: diff --git a/README_fr.md b/README_fr.md index 85c5f4d..1daa9a2 100644 --- a/README_fr.md +++ b/README_fr.md @@ -131,6 +131,23 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information +## Administation + +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** + +Before any manipulation it's recommended to do a backup by this following command : + +`sudo yunohost backup create --apps synapse` + +### Set user as admin + +Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. + +The following command will grant admin privilege to the specified user: +``` +su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" +``` + ### Administration API Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. @@ -139,6 +156,45 @@ By default, no one has access to this path. If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), you need to give this permission to visitors. +Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). + +### Upgrade + +By default a backup is made before the upgrade. To avoid this you have theses following possibilites: +- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` +- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command: + +`yunohost app setting synapse disable_backup_before_upgrade -v 1` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade synapse` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop synapse service with theses following command: + +`systemctl stop synapse.service` + +- Launch the backup of synapse with this following command: + +`yunohost backup create --app synapse` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. +- Restart the synapse service with these command: + +`systemctl start synapse.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. + +Use the `--purge` flag with the command, or remove it manually to purge app user data. + ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: From dbb80b4a0930b0f2ced2bc3f647725b5363387f3 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Tue, 20 Sep 2022 21:06:47 +0200 Subject: [PATCH 68/69] Typo in disclaimer --- doc/DISCLAIMER.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index c813daa..62381c9 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -105,7 +105,7 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information -## Administation +## Administration **All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** From b6108b7d69d44881cc63cc15492f6af269c4f1be Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 20 Sep 2022 19:07:01 +0000 Subject: [PATCH 69/69] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9e648d7..0063f70 100644 --- a/README.md +++ b/README.md @@ -131,7 +131,7 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information -## Administation +## Administration **All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** diff --git a/README_fr.md b/README_fr.md index 1daa9a2..450f034 100644 --- a/README_fr.md +++ b/README_fr.md @@ -131,7 +131,7 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information -## Administation +## Administration **All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.**