1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00

Merge pull request #356 from Gredin67/config-panel

improve config panel
This commit is contained in:
Josue-T 2023-09-13 08:46:58 +02:00 committed by GitHub
commit 381611bb8d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 720 additions and 246 deletions

View file

@ -50,7 +50,7 @@ pid_file: /run/matrix-__APP__/homeserver.pid
# The absolute URL to the web client which / will redirect to. # The absolute URL to the web client which / will redirect to.
# #
#web_client_location: https://riot.example.com/ web_client_location: __WEB_CLIENT_LOCATION__
# The public-facing base URL that clients use to access this Homeserver (not # The public-facing base URL that clients use to access this Homeserver (not
# including _matrix/...). This is the same URL a user might enter into the # including _matrix/...). This is the same URL a user might enter into the
@ -122,12 +122,12 @@ presence:
# public rooms directory through the client API, meaning that anyone can # public rooms directory through the client API, meaning that anyone can
# query the room directory. Defaults to 'false'. # query the room directory. Defaults to 'false'.
# #
allow_public_rooms_without_auth: __ALLOW_PUBLIC_ROOMS__ allow_public_rooms_without_auth: __ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH__
# If set to 'true', allows any other homeserver to fetch the server's public # If set to 'true', allows any other homeserver to fetch the server's public
# rooms directory via federation. Defaults to 'false'. # rooms directory via federation. Defaults to 'false'.
# #
allow_public_rooms_over_federation: __ALLOW_PUBLIC_ROOMS__ allow_public_rooms_over_federation: __ALLOW_PUBLIC_ROOMS_OVER_FEDERATION__
# The default room version for newly created rooms. # The default room version for newly created rooms.
# #
@ -978,7 +978,7 @@ media_storage_providers:
# your reverse proxy's config. Notably Nginx has a small max body size by default. # your reverse proxy's config. Notably Nginx has a small max body size by default.
# See https://matrix-org.github.io/synapse/latest/reverse_proxy.html. # See https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
# #
max_upload_size: 100M max_upload_size: __MAX_UPLOAD_SIZE__
# Maximum number of pixels that will be thumbnailed # Maximum number of pixels that will be thumbnailed
# #
@ -1200,7 +1200,7 @@ turn_user_lifetime: 1h
# connect to arbitrary endpoints without having first signed up for a # connect to arbitrary endpoints without having first signed up for a
# valid account (e.g. by passing a CAPTCHA). # valid account (e.g. by passing a CAPTCHA).
# #
turn_allow_guests: __ALLOWED_ACCESS__ turn_allow_guests: __TURN_ALLOW_GUESTS__
## Registration ## ## Registration ##
@ -1212,7 +1212,7 @@ turn_allow_guests: __ALLOWED_ACCESS__
# you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration # you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration
# without any verification, you must also set `enable_registration_without_verification`, found below. # without any verification, you must also set `enable_registration_without_verification`, found below.
# #
enable_registration: __ALLOWED_ACCESS__ enable_registration: __ENABLE_REGISTRATION__
# Enable registration without email or captcha verification. Note: this option is *not* recommended, # Enable registration without email or captcha verification. Note: this option is *not* recommended,
# as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect # as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect
@ -1273,27 +1273,25 @@ enable_registration: __ALLOWED_ACCESS__
# #
registrations_require_3pid: registrations_require_3pid:
- email - email
# - msisdn # - msisdn
# Explicitly disable asking for MSISDNs from the registration # Explicitly disable asking for MSISDNs from the registration
# flow (overrides registrations_require_3pid if MSISDNs are set as required) # flow (overrides registrations_require_3pid if MSISDNs are set as required)
# #
#disable_msisdn_registration: true disable_msisdn_registration: __DISABLE_MSISDN_REGISTRATION__
# Mandate that users are only allowed to associate certain formats of # Mandate that users are only allowed to associate certain formats of
# 3PIDs with accounts on this server. # 3PIDs with accounts on this server.
# #
#allowed_local_3pids: #allowed_local_3pids:
# - medium: email # - medium: email
# pattern: '^[^@]+@matrix\.org$'
# - medium: email
# pattern: '^[^@]+@vector\.im$' # pattern: '^[^@]+@vector\.im$'
# - medium: msisdn # - medium: msisdn
# pattern: '\+44' # pattern: '\+44'
# Enable 3PIDs lookup requests to identity servers from this server. # Enable 3PIDs lookup requests to identity servers from this server.
# #
#enable_3pid_lookup: true enable_3pid_lookup: __ENABLE_3PID_LOOKUP__
# Require users to submit a token during registration. # Require users to submit a token during registration.
# Tokens can be managed using the admin API: # Tokens can be managed using the admin API:
@ -1327,7 +1325,7 @@ registration_shared_secret: "__REGISTRATION_SHARED_SECRET__"
# participate in rooms hosted on this server which have been made # participate in rooms hosted on this server which have been made
# accessible to anonymous users. # accessible to anonymous users.
# #
#allow_guest_access: false allow_guest_access: __ALLOW_GUEST_ACCESS__
# The identity server which we suggest that clients should use when users log # The identity server which we suggest that clients should use when users log
# in on this server. # in on this server.
@ -1335,7 +1333,7 @@ registration_shared_secret: "__REGISTRATION_SHARED_SECRET__"
# (By default, no suggestion is made, so it is left up to the client. # (By default, no suggestion is made, so it is left up to the client.
# This setting is ignored unless public_baseurl is also explicitly set.) # This setting is ignored unless public_baseurl is also explicitly set.)
# #
#default_identity_server: https://matrix.org default_identity_server: __DEFAULT_IDENTITY_SERVER__
# Handle threepid (email/phone etc) registration and password resets through a set of # Handle threepid (email/phone etc) registration and password resets through a set of
# *trusted* identity servers. Note that this allows the configured identity server to # *trusted* identity servers. Note that this allows the configured identity server to
@ -1358,7 +1356,10 @@ registration_shared_secret: "__REGISTRATION_SHARED_SECRET__"
# by the Matrix Identity Service API specification: # by the Matrix Identity Service API specification:
# https://matrix.org/docs/spec/identity_service/latest # https://matrix.org/docs/spec/identity_service/latest
# #
# As email delegates is managed by the synapse server itself this email section is
# not necessary but msisdn format is still composed by msisdn: <value> on a new line
account_threepid_delegates: account_threepid_delegates:
msisdn: __ACCOUNT_THREEPID_DELEGATES_MSISDN__
#email: https://example.com # Delegate email sending to example.com #email: https://example.com # Delegate email sending to example.com
#msisdn: http://localhost:8090 # Delegate SMS sending to this local process #msisdn: http://localhost:8090 # Delegate SMS sending to this local process
@ -1394,8 +1395,8 @@ account_threepid_delegates:
# If the room already exists, make certain it is a publicly joinable # If the room already exists, make certain it is a publicly joinable
# room. The join rule of the room must be set to 'public'. # room. The join rule of the room must be set to 'public'.
# #
#auto_join_rooms: auto_join_rooms:
# - "#example:example.com" - "#example:example.com"
# Where auto_join_rooms are specified, setting this flag ensures that the # Where auto_join_rooms are specified, setting this flag ensures that the
# the rooms exist by creating them when the first user on the # the rooms exist by creating them when the first user on the
@ -1411,7 +1412,7 @@ account_threepid_delegates:
# Defaults to true. Uncomment the following line to disable automatically # Defaults to true. Uncomment the following line to disable automatically
# creating auto-join rooms. # creating auto-join rooms.
# #
#autocreate_auto_join_rooms: false autocreate_auto_join_rooms: __AUTOCREATE_AUTO_JOIN_ROOMS__
# Whether the auto_join_rooms that are auto-created are available via # Whether the auto_join_rooms that are auto-created are available via
# federation. Only has an effect if autocreate_auto_join_rooms is true. # federation. Only has an effect if autocreate_auto_join_rooms is true.
@ -1462,7 +1463,7 @@ account_threepid_delegates:
# #
# Defaults to true. # Defaults to true.
# #
#auto_join_rooms_for_guests: false auto_join_rooms_for_guests: __AUTO_JOIN_ROOMS_FOR_GUESTS__
# Whether to inhibit errors raised when registering a new account if the user ID # Whether to inhibit errors raised when registering a new account if the user ID
# already exists. If turned on, that requests to /register/available will always # already exists. If turned on, that requests to /register/available will always
@ -2167,7 +2168,7 @@ __DOMAIN_WHITELIST_CLIENT__
password_config: password_config:
# Uncomment to disable password login # Uncomment to disable password login
# #
#enabled: false enabled: __PASSWORD_ENABLED__
# Uncomment to disable authentication against the local password # Uncomment to disable authentication against the local password
# database. This is ignored if `enabled` is false, and is only useful # database. This is ignored if `enabled` is false, and is only useful
@ -2307,12 +2308,12 @@ email:
# Uncomment the following to enable sending emails for messages that the user # Uncomment the following to enable sending emails for messages that the user
# has missed. Disabled by default. # has missed. Disabled by default.
# #
enable_notifs: true enable_notifs: __ENABLE_NOTIFS__
# Uncomment the following to disable automatic subscription to email # Uncomment the following to disable automatic subscription to email
# notifications for new users. Enabled by default. # notifications for new users. Enabled by default.
# #
#notif_for_new_users: false notif_for_new_users: __NOTIF_FOR_NEW_USERS__
# Custom URL for client links within the email notifications. By default # Custom URL for client links within the email notifications. By default
# links will be based on "https://matrix.to". # links will be based on "https://matrix.to".
@ -2320,7 +2321,7 @@ email:
# (This setting used to be called riot_base_url; the old name is still # (This setting used to be called riot_base_url; the old name is still
# supported for backwards-compatibility but is now deprecated.) # supported for backwards-compatibility but is now deprecated.)
# #
#client_base_url: "http://localhost/riot" client_base_url: __CLIENT_BASE_URL__
# Configure the time that a validation email will expire after sending. # Configure the time that a validation email will expire after sending.
# Defaults to 1h. # Defaults to 1h.
@ -2331,7 +2332,7 @@ email:
# to the identity server as the org.matrix.web_client_location key. Defaults # to the identity server as the org.matrix.web_client_location key. Defaults
# to unset, giving no guidance to the identity server. # to unset, giving no guidance to the identity server.
# #
#invite_client_location: https://app.element.io invite_client_location: __INVITE_CLIENT_LOCATION__
# Subjects to use when sending emails from Synapse. # Subjects to use when sending emails from Synapse.
# #
@ -2420,7 +2421,7 @@ push:
# The default value is "true" to include message details. Uncomment to only # The default value is "true" to include message details. Uncomment to only
# include the event ID and room ID in push notification payloads. # include the event ID and room ID in push notification payloads.
# #
#include_content: false include_content: __PUSH_INCLUDE_CONTENT__
# When a push notification is received, an unread count is also sent. # When a push notification is received, an unread count is also sent.
# This number can either be calculated as the number of unread messages # This number can either be calculated as the number of unread messages
@ -2450,12 +2451,12 @@ push:
# Note that this option will only affect rooms created after it is set. It # Note that this option will only affect rooms created after it is set. It
# will also not affect rooms created by other servers. # will also not affect rooms created by other servers.
# #
#encryption_enabled_by_default_for_room_type: invite encryption_enabled_by_default_for_room_type: __E2E_ENABLED_BY_DEFAULT__
# Uncomment to allow non-server-admin users to create groups on this server # Uncomment to allow non-server-admin users to create groups on this server
# #
enable_group_creation: true enable_group_creation: __ENABLE_GROUP_CREATION__
# If enabled, non server admins can only create groups with local parts # If enabled, non server admins can only create groups with local parts
# starting with this prefix # starting with this prefix

260
config_panel.toml Normal file
View file

@ -0,0 +1,260 @@
version = "1.0"
[main]
name = "Main Settings"
services = ["matrix-__APP__"]
[main.welcome]
name = "Experience for new Users"
[main.welcome.enable_registration]
ask = "Enable Registration for new users."
type = "boolean"
yes = "true"
no = "false"
help = "Defaults to 'false'. If 'true', it is highly recommended to use either captcha, email, or token-based verification to avoid SPAM."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[main.welcome.password_enabled]
ask = "Enable Password Login?"
type = "boolean"
yes = "true"
no = "false"
help = "If disabled, Login with Non-YunoHost Users impossible. But it simplies Login process if your Matrix server only has YunoHost SSO Users."
bind = "password_config>enabled:/etc/matrix-__APP__/homeserver.yaml"
visible = "! enable_registration"
[main.welcome.registrations_require_3pid]
ask = "Registration requires all following 3PID personal identifier."
type = "select"
choices = ["none","email", "msisdn", "email&msisdn"]
help = "! Warning msisdn (Phone number) registration require a third party service which send confirmation token by SMS.\n Do not select any option including msisdn if you don't know what to do. And don't user email nor msisdn if you don't understand privacy flow\nDefaults to: 'none'."
visible = "enable_registration"
[main.welcome.allowed_local_3pids_email]
ask = "Register only with given email formats."
type = "tags"
help = '( e.g. ^[^@]+@matrix\\\\.org$ ) Note that \\\ will write \\ as suggested in homeserver.yaml'
visible = 'enable_registration && (registrations_require_3pid == "email" || registrations_require_3pid == "email&msisdn")'
[main.welcome.allowed_local_3pids_msisdn]
ask = "Register only with given phone number formats."
type = "tags"
help = '( e.g. \\\\+33 ) Note that \\\ will write \\ as suggested in homeserver.yaml'
visible = 'enable_registration && (registrations_require_3pid == "email&msisdn" || registrations_require_3pid == "msisdn")'
[main.welcome.disable_msisdn_registration]
ask = "Disable asking Phone Number in Registration flow."
type = "boolean"
yes = "true"
no = "false"
help = "Overrides 3PID settings if MSISDNs are set as required."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
visible = "enable_registration"
[main.welcome.account_threepid_delegates_msisdn]
ask = "Specify a third party server to send confirmation code by SMS."
type = "string"
help = "That should be an URL with port or API."
bind = "account_threepid_delegates>msisdn:/etc/matrix-__APP__/homeserver.yaml"
visible = 'enable_registration && (registrations_require_3pid == "email&msisdn" || registrations_require_3pid == "msisdn")'
[main.welcome.auto_join_rooms]
ask = "Auto Join new Users in following Rooms:"
type = "tags"
help = "( e.g. \\\\#example:example.com ) Note that \\\\# will write # in homeserver.yaml. Users who register on this homeserver will automatically be joined to these rooms. If the room already exists, the join rule must be set to 'public'. See also next setting."
[main.welcome.autocreate_auto_join_rooms]
ask = "Auto-Create room for Auto Join if not existing?"
type = "boolean"
yes = "true"
no = "false"
help = "Setting to false means that if the rooms are not manually created, users cannot be auto-joined. Auto-created rooms will be public and federated by default, this can be customised in CLI with the settings auto_join_*."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[main.welcome.notif_for_new_users]
ask = "Enable email notifications for new users?"
type = "boolean"
yes = "true"
no = "false"
help = "Defaults to 'true'."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
visible = "enable_notifs"
[main.privacy]
name = "Data Privacy"
[main.privacy.text]
ask = '''
* "all": any locally-created room
* "invite": any room created with the "private_chat" or "trusted_private_chat" room creation presets
* "off": No encryption by default
'''
type = "markdown"
[main.privacy.e2e_enabled_by_default]
ask = "End-to-End Encryption by default for locally-created Rooms"
type = "select"
choices = ["all", "invite", "off"]
help = "Note that encryption can always be turned on manually, even after creation."
bind = "encryption_enabled_by_default_for_room_type:/etc/matrix-__APP__/homeserver.yaml"
[main.privacy.allow_public_rooms_over_federation]
ask = "Access Public Rooms Directory over Federation?"
type = "boolean"
yes = "true"
no = "false"
help = "Disabled by default. If disabled, users on other homeserver will not be able to look for a public room on your homeserver. They will have to type the ID of the room to join."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[main.privacy.push_include_content]
ask = "Disable content sharing inside push notification."
type = "boolean"
yes = "true"
no = "false"
help = "Send content message and sender information in push notification. Set to false increase privacy when GAFAM notification service is used (ie: when element client is downloaded thrue Gplay store)."
bind = "push>include_content:/etc/matrix-__APP__/homeserver.yaml"
[main.experience]
name = "User Experience"
[main.experience.web_client_location]
ask = "Element instance your HomeServer should redirect to."
type = "url"
help = "URL to the web client which / will redirect to."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[main.experience.enable_group_creation]
ask = "Allow non-server-admin Users to create Spaces?"
type = "boolean"
yes = "true"
no = "false"
help = "Disabled by default: only server admins can create Spaces"
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[main.experience.enable_notifs]
ask = "Enable sending emails for messages the user missed?"
type = "boolean"
yes = "true"
no = "false"
help = "Defaults to 'false'."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[main.experience.client_base_url]
ask = "URL for client links within the email notifications."
type = "url"
help = "Used to be called 'riot_base_url', still supported"
bind = ":/etc/matrix-__APP__/homeserver.yaml"
visible = "enable_notifs"
[resources]
name = "Resource Usage"
services = ["matrix-__APP__", "nginx"]
[resources.media]
name = "Manage Media growth and clean-up"
[resources.media.max_upload_size]
ask = "Largest allowed media upload size in bytes."
type = "string"
help = "Defaults to: '10M' . Format : <value><[GMK]?>"
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[advanced]
name = "Advanced Settings"
services = ["matrix-__APP__"]
[advanced.help]
name = "SETTINGS FOR EXPERTS IN SERVER ADMINISTRATION"
[advanced.help.text]
ask = '''
!!There are security and privacy risks if you change these settings without knowing what you do!!
'''
type = "markdown"
[advanced.others]
name = "Others"
[advanced.others.backup_before_upgrade]
ask = "Backup before upgrade?"
type = "boolean"
yes = "true"
no = "false"
help = "!! If disabled, do a manual backup before upgrade !! Disable if your Synapse instance is huge and you prefer to disable the backup that is normally automatically done before each upgrade."
[advanced.others.server_statistics]
ask = "Server statistics"
type = "boolean"
yes = "true"
no = "false"
help = "Enable to send anonymous statistics to Synapse Developers to improve performance."
bind = "report_stats:/etc/matrix-__APP__/homeserver.yaml"
[advanced.guests]
name = "Experience for Guests / Anonymous"
[advanced.guests.invite_client_location]
ask = "Web client location to direct users to during an invite."
type = "url"
help = "This is passed to the identity server as the org.matrix.web_client_location key. Defaults to unset, giving no guidance to the identity server."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[advanced.guests.allow_guest_access]
ask = "Allow Users to Register as Guests?"
type = "boolean"
yes = "true"
no = "false"
help = "Guests can participate on this server in rooms with guest access enabled, without a password/email/etc."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[advanced.guests.auto_join_rooms_for_guests]
ask = "Enable Auto Join Room for Guests?"
type = "boolean"
yes = "true"
no = "false"
help = "Defaults to 'true'."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
visible = "allow_guest_access"
[advanced.privacy]
name = "Data Privacy"
[advanced.privacy.enable_3pid_lookup]
ask = "Allow discovering friends with phone number or email?"
type = "boolean"
yes = "true"
no = "false"
help = "Enable 3PIDs lookup requests to identity servers from this server. See Settings->General->Discovery in Element."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[advanced.privacy.default_identity_server]
ask = "Identity server suggested to clients?"
type = "url"
help = "Identity server allows to discover, be discovered and invite people you know with phone number or email. If not set, users will probably chose centralized vector.im. See Settings->General->Discovery in Element."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[advanced.privacy.allow_public_rooms_without_auth]
ask = "Access Public Rooms Directory without authentification?"
type = "boolean"
yes = "true"
no = "false"
help = "Disabled by default. If enabled, anyone can query the Public Rooms Directory (access through the client API). This only makes sense if you want everyone to be able to scroll your public room to see what's interesting on your Homeserver"
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[advanced.registration]
name = "Account Registration"
[advanced.registration.registration_shared_secret]
ask = "Shared Secret for Registration."
type = "string"
help = "Allows registration of standard or admin accounts, even if Registration disabled."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[advanced.registration.turn_allow_guests]
ask = "Should guests be allowed to use the TURN server?"
type = "boolean"
yes = "true"
no = "false"
help = "This defaults to True, otherwise VoIP will be unreliable for guests. However, it does introduce a slight security risk as it allows users to connect to arbitrary endpoints without having first signed up for a valid account (e.g. by passing a CAPTCHA)."
bind = ":/etc/matrix-__APP__/homeserver.yaml"

View file

@ -1,54 +0,0 @@
version = "1.0"
[main]
name = "Synapse configuration"
[main.config]
name = "Configuration Options"
[main.config.server_statistics]
ask = "Server statistics"
type = "boolean"
yes = true
no = false
help = "Set to 'true' to send anonymous statistics to Synapse to improve performance."
[main.config.is_free_registration]
ask = "Free registration"
type = "boolean"
yes = true
no = false
help = "A public server means that anybody will be able to register on this server."
[main.config.allow_public_rooms]
ask = "Public rooms directory"
type = "boolean"
yes = true
no = false
help = "If set to 'false', requires authentication to access the server's public rooms directory through the client API and forbids any other homeserver to fetch the server's public rooms directory via federation."
[main.client_config]
name = "Matrix client configuration"
[main.client_config.jitsi_server]
ask = "Jitsi server address"
type = "string"
default = 'jitsi.riot.im'
help = "Jitsi server address for the conference. Note that this is only for conferences in rooms with more than 2 people. With 2 people, the stun/turn server is used."
[main.client_config.e2e_enabled_by_default]
ask = "End to end encryption by default for direct messages"
type = "boolean"
yes = true
no = false
help = "By default, Element will create encrypted DM rooms if the user you are chatting with has keys uploaded on their account. For private room creation, Element will default to encryption on but give you can disable this settings here."
[main.package_config]
name = "Package configuration"
[main.package_config.backup_before_upgrade]
ask = "Backup before upgrade"
type = "boolean"
yes = true
no = false
help = "Set to 'true' to back up before each upgrade."

View file

@ -136,11 +136,11 @@ Then, to log in the API with your credentials, you need to set your user as admi
### Upgrade ### Upgrade
By default a backup is made before the upgrade. To avoid this you have theses following possibilites: By default a backup is made before the upgrade. If for some reason you want to upgrade without backup:
- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` - Call the command with the `-b` flag: `yunohost app upgrade synapse -b`
- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command: - Disable the setting `Backup before upgrade` in the Config Panel. Or with command line:
`yunohost app setting synapse disable_backup_before_upgrade -v 1` `yunohost app setting synapse backup_before_upgrade -v 0`
After this settings will be applied for **all** next upgrade. After this settings will be applied for **all** next upgrade.

View file

@ -10,147 +10,157 @@ source /usr/share/yunohost/helpers
# Stop script if errors # Stop script if errors
ynh_abort_if_errors ynh_abort_if_errors
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
# Import common fonctions get__max_upload_size() {
source ./experimental_helper.sh max_upload_size=$(ynh_app_setting_get --app $app --key max_upload_size)
source ./_common.sh echo "${max_upload_size}"
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
app=$YNH_APP_INSTANCE_NAME
report_stats=$(ynh_app_setting_get --app $app --key report_stats)
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
disable_backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_backup_before_upgrade)
is_free_registration=$(ynh_app_setting_get --app $app --key is_free_registration)
jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
domain_whitelist_client_=$(get_domain_list)
domain_whitelist_client=${domain_whitelist_client_%"\n"}
main_domain=$(yunohost domain list --output-as json | jq -r .main)
#=================================================
# SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND
#=================================================
show_config() {
# here you are supposed to read some config file/database/other then print the values
# ynh_return "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value"
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS=$report_stats"
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS=$allow_public_rooms"
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER=$jitsi_server"
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_FREE_REGISTRATION=${is_free_registration}"
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT=${e2e_enabled_by_default}"
if [[ ${disable_backup_before_upgrade:-0} -eq 1 ]]
then
ynh_return "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=0"
else
ynh_return "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=1"
fi
} }
#================================================= set__max_upload_size() {
# MODIFY THE CONFIGURATION ynh_write_var_in_file --file=/etc/matrix-$app/homeserver.yaml --key=max_upload_size --value="${max_upload_size}"
#================================================= sed -i -r "s|client_max_body_size\s[[:digit:]]*[GMK]?;|client_max_body_size ${max_upload_size};|g" "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_add_nginx_conf
}
apply_config() { get__registrations_require_3pid() {
report_stats=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS:-$report_stats} registrations_require_3pid=$(ynh_app_setting_get --app $app --key registrations_require_3pid)
allow_public_rooms=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS:-$allow_public_rooms} echo "${registrations_require_3pid}"
do_backup_before_upgrade=${YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE:-} }
is_free_registration=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_FREE_REGISTRATION:-$is_free_registration}
jitsi_server=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER:-$jitsi_server}
e2e_enabled_by_default=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT:-$e2e_enabled_by_default}
if [ $report_stats == 1 ]; then # set__registrations_require_3pid() this function is setting datas for registrations_require_3pid field and allowed_local_3pids_(email/msisdn)
report_stats=true # it consist on comment or not "registrations_require_3pid:", " - email" and/or " - msisdn"
fi # then depending on the "registrations_require_3pid" value it comment or not "allowed_local_3pids:" lines
if [ $report_stats == 0 ]; then # and generate all it sub configuration :
report_stats=false #
fi # allowed_local_3pids:
if [ $allow_public_rooms == 1 ]; then # - medium: email
allow_public_rooms=true # pattern: *
fi # ...
if [ $allow_public_rooms == 0 ]; then # - medium: msisdn
allow_public_rooms=false # pattern: *
fi #
if [ $e2e_enabled_by_default == 1 ]; then # sed -z and \n as new line carracter do the trick on this kind of multline replacement.
e2e_enabled_by_default=true
fi
if [ $e2e_enabled_by_default == 0 ]; then
e2e_enabled_by_default=false
fi
ynh_app_setting_set --app $app --key report_stats --value $report_stats set__registrations_require_3pid() {
ynh_app_setting_set --app $app --key allow_public_rooms --value $allow_public_rooms
ynh_app_setting_set --app $app --key is_free_registration --value $is_free_registration
ynh_app_setting_set --app $app --key jitsi_server --value $jitsi_server
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
if [[ -n $do_backup_before_upgrade ]]; then # search pattern to replace (it correspond to the complete section)
if [ $do_backup_before_upgrade -eq 1 ]; then allowedLocal3pids="s;#?([^\S\n]*allowed_local_3pids:)\n(#?([^\S\n]*-[^\S\n]*medium:[^\S\n]*(email|msisdn)\n)#?([^\S\n]*pattern:[^\S\n]*[^\n]*\n))*;"
ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 0
else
ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 1
fi
fi
domain=$(ynh_app_setting_get --app $app --key domain) case ${registrations_require_3pid} in
server_name=$(ynh_app_setting_get --app $app --key server_name) 'email')
synapse_db_pwd=$(ynh_app_setting_get --app $app --key synapse_db_pwd) # registrations_require_3pid: part
is_free_registration=$(ynh_app_setting_get --app $app --key is_free_registration) sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|registrations_require_3pid:\n - email\n# - msisdn|" "/etc/matrix-$app/homeserver.yaml"
port=$(ynh_app_setting_get --app $app --key synapse_port)
synapse_tls_port=$(ynh_app_setting_get --app $app --key synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app $app --key turnserver_tls_port)
turnserver_pwd=$(ynh_app_setting_get --app $app --key turnserver_pwd)
registration_shared_secret=$(ynh_app_setting_get --app $app --key registration_shared_secret)
form_secret=$(ynh_app_setting_get --app $app --key form_secret)
macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
synapse_user="matrix-$app" # allowed_local_3pids: part
synapse_db_name="matrix_$app" allowedLocal3pids=${allowedLocal3pids}"\1"
synapse_db_user="matrix_$app"
# Configure Synapse readarray -td, arr3pidemail < <(echo ${allowed_local_3pids_email});
for pidemail in "${arr3pidemail[@]}"; do
# add it to regex substitution part
allowedLocal3pids=${allowedLocal3pids}"\n - medium: email";
allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidemail})'";
done;
;;
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) 'msisdn')
# For any update do it in all files # registrations_require_3pid: part
sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|registrations_require_3pid:\n# - email\n - msisdn|" "/etc/matrix-$app/homeserver.yaml"
if [ -z $macaroon_secret_key ]; then # allowed_local_3pids: part
# Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice. allowedLocal3pids=${allowedLocal3pids}"\1"
# For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
# The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
# So for the old install we just leave this as it is. And for the new install we use a real macaroon.
macaroon_secret_key_param='# macaroon_secret_key: ""'
else
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
fi
if [ $is_free_registration -eq 0 ] readarray -td, arr3pidmsisdn < <(echo ${allowed_local_3pids_msisdn});
then for pidmsisdn in "${arr3pidmsisdn[@]}"; do
allowed_access=False # add it to regex substitution part
sso_enabled=True allowedLocal3pids=${allowedLocal3pids}"\n - medium: msisdn";
else allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidmsisdn})'";
allowed_access=True done;
sso_enabled=False ;;
fi
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml" 'email&msisdn')
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" # registrations_require_3pid: part
sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|registrations_require_3pid:\n - email\n - msisdn|" "/etc/matrix-$app/homeserver.yaml"
# Create .well-known redirection for access by federation # allowed_local_3pids: part
if yunohost --output-as plain domain list | grep -q "^$server_name$" allowedLocal3pids=${allowedLocal3pids}"\1"
then
ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
fi
ynh_store_file_checksum --file "$homeserver_config_path" readarray -td, arr3pidemail < <(echo ${allowed_local_3pids_email});
setfacl -R -m user:turnserver:rX /etc/matrix-$app for pidemail in "${arr3pidemail[@]}"; do
# add it to regex substitution part
allowedLocal3pids=${allowedLocal3pids}"\n - medium: email";
allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidemail})'";
done;
systemctl restart matrix-$app readarray -td, arr3pidmsisdn < <(echo ${allowed_local_3pids_msisdn});
systemctl reload nginx for pidmsisdn in "${arr3pidmsisdn[@]}"; do
# add it to regex substitution part
allowedLocal3pids=${allowedLocal3pids}"\n - medium: msisdn";
allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidmsisdn})'";
done;
;;
*)
sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|#registrations_require_3pid:\n# - email\n# - msisdn|" "/etc/matrix-$app/homeserver.yaml"
# empty fields and comment registration
allowedLocal3pids=${allowedLocal3pids}"#\1"
;;
esac
# finalize regex then apply sed command on the homeserver conf file
allowedLocal3pids="${allowedLocal3pids}\n;";
sed -i -z -r "${allowedLocal3pids}" "/etc/matrix-$app/homeserver.yaml"
ynh_app_setting_set --app=$app --key=registrations_require_3pid --value="${registrations_require_3pid}"
}
get__allowed_local_3pids_email() {
allowed_local_3pids_email=$(ynh_app_setting_get --app $app --key allowed_local_3pids_email)
echo "${allowed_local_3pids_email}"
}
set__allowed_local_3pids_email() {
set__registrations_require_3pid;
ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value="${allowed_local_3pids_email}"
}
get__allowed_local_3pids_msisdn() {
allowed_local_3pids_msisdn=$(ynh_app_setting_get --app $app --key allowed_local_3pids_msisdn)
echo "${allowed_local_3pids_msisdn}"
}
set__allowed_local_3pids_msisdn() {
set__registrations_require_3pid;
ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value="${allowed_local_3pids_msisdn}"
}
get__auto_join_rooms() {
auto_join_rooms=$(ynh_app_setting_get --app $app --key auto_join_rooms)
auto_join_rooms=$(echo ${auto_join_rooms} | sed "s~(\\\\)*\#~\\\\\#~g")
echo "${auto_join_rooms}"
}
set__auto_join_rooms() {
if [ -z ${auto_join_rooms} ] ; then
# remove all values comment header and example value
sed -i -z -r "s|#?([^\S\n]*auto_join_rooms:\n)#?([^\S\n]*-[^\n]*\n)*|#\1# - \"#example:example.com\"\n|" "/etc/matrix-$app/homeserver.yaml"
else
readarray -td, arrroom < <(echo ${auto_join_rooms});
# print header then all space separated values
autoJoinRooms="s|#?([^\S\n]*auto_join_rooms:)\n(#?[^\S\n]*-[^\n]*\n)*|\1";
for room in "${arrroom[@]}"; do
autoJoinRooms="${autoJoinRooms}\n - '$(echo ${room})'";
done;
autoJoinRooms="${autoJoinRooms}\n|";
sed -i -z -r "${autoJoinRooms}" "/etc/matrix-$app/homeserver.yaml"
fi
ynh_app_setting_set --app=$app --key=auto_join_rooms --value="${auto_join_rooms}"
} }
#================================================= #=================================================
@ -158,7 +168,4 @@ apply_config() {
#================================================= #=================================================
# SELECT THE ACTION FOLLOWING THE GIVEN ARGUMENT # SELECT THE ACTION FOLLOWING THE GIVEN ARGUMENT
#================================================= #=================================================
case $1 in ynh_app_config_run $1
show) show_config;;
apply) apply_config;;
esac

View file

@ -33,8 +33,7 @@ synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
upstream_version=$(ynh_app_upstream_version) upstream_version=$(ynh_app_upstream_version)
report_stats="false" report_stats="false"
allow_public_rooms="false" e2e_enabled_by_default="off"
e2e_enabled_by_default="true"
default_domain_value="Same than the domain" default_domain_value="Same than the domain"
domain_whitelist_client_=$(get_domain_list) domain_whitelist_client_=$(get_domain_list)
domain_whitelist_client=${domain_whitelist_client_%"\n"} domain_whitelist_client=${domain_whitelist_client_%"\n"}
@ -79,17 +78,98 @@ ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=no_sso --value true
ynh_app_setting_set --app=$app --key=server_name --value=$server_name ynh_app_setting_set --app=$app --key=server_name --value=$server_name
ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server
ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=final_path --value=$final_path
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_registration
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
if [ "$is_free_registration" -eq "0" ]
then
enable_registration="false"
turn_allow_guests="false"
sso_enabled="true"
password_enabled="false"
enable_3pid_lookup="false"
else
enable_registration="true"
turn_allow_guests="true"
sso_enabled="false"
password_enabled="true"
enable_3pid_lookup="true"
fi
ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled
ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
#=================================================
## SET STANDARD SETTINGS FROM DEFAULT CONFIG
#=================================================
element_ynh_url="https://matrix.to/"
# Get app name of first Element Instance (can be changed later in Config Panel)
element_instance="element"
if yunohost --output-as plain app list | grep -q "^$element_instance$"; then
element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
element_path=$(ynh_app_setting_get --app $element_instance --key path)
element_ynh_url="https://""$element_domain""$element_path"
fi
web_client_location=$element_ynh_url
client_base_url=$element_ynh_url
invite_client_location=$element_ynh_url
backup_before_upgrade="true"
server_statistics="false"
allow_public_rooms_without_auth="false"
allow_public_rooms_over_federation="false"
max_upload_size="10M"
disable_msisdn_registration="true"
registrations_require_3pid="none"
# here we need sed magic to transform $server_name
allowed_local_3pids_email=""
allowed_local_3pids_msisdn=""
allow_guest_access="false"
account_threepid_delegates_msisdn=""
default_identity_server="https://matrix.org"
auto_join_rooms="#auto_join_room:""$server_name"
autocreate_auto_join_rooms="false"
auto_join_rooms_for_guests="true"
password_enabled="true"
enable_notifs="true"
notif_for_new_users="true"
enable_group_creation="true"
push_include_content="true"
ynh_app_setting_set --app=$app --key=backup_before_upgrade --value=$backup_before_upgrade
ynh_app_setting_set --app=$app --key=server_statistics --value=$server_statistics
ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location
ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url
ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth
ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation
ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size
ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration
ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid
ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email
ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn
ynh_app_setting_set --app=$app --key=account_threepid_delegates_msisdn --value=$account_threepid_delegates_msisdn
ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access
ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server
ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms
ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms
ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests
ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs
ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users
ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation
ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS
#================================================= #=================================================
@ -276,15 +356,6 @@ ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
if [ $is_free_registration -eq 0 ]
then
allowed_access=False
sso_enabled=True
else
allowed_access=True
sso_enabled=False
fi
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml" ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"

View file

@ -33,7 +33,6 @@ turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
@ -59,6 +58,38 @@ upgrade_type=$(ynh_check_app_version_changed)
final_www_path="/var/www/$app" final_www_path="/var/www/$app"
data_path="/home/yunohost.app/matrix-$app" data_path="/home/yunohost.app/matrix-$app"
#=================================================
# GET CONFIG PANEL SETTINGS
#=================================================
server_statistics=$(ynh_app_setting_get --app=$app --key=server_statistics)
web_client_location=$(ynh_app_setting_get --app=$app --key=web_client_location)
client_base_url=$(ynh_app_setting_get --app=$app --key=client_base_url)
invite_client_location=$(ynh_app_setting_get --app=$app --key=invite_client_location)
allow_public_rooms_without_auth=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_without_auth)
allow_public_rooms_over_federation=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_over_federation)
max_upload_size=$(ynh_app_setting_get --app=$app --key=max_upload_size)
disable_msisdn_registration=$(ynh_app_setting_get --app=$app --key=disable_msisdn_registration)
registrations_require_3pid=$(ynh_app_setting_get --app=$app --key=registrations_require_3pid)
allowed_local_3pids_email=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_email)
allowed_local_3pids_msisdn=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_msisdn)
account_threepid_delegates_msisdn=$(ynh_app_setting_get --app=$app --key=account_threepid_delegates_msisdn)
allow_guest_access=$(ynh_app_setting_get --app=$app --key=allow_guest_access)
default_identity_server=$(ynh_app_setting_get --app=$app --key=default_identity_server)
auto_join_rooms=$(ynh_app_setting_get --app=$app --key=auto_join_rooms)
autocreate_auto_join_rooms=$(ynh_app_setting_get --app=$app --key=autocreate_auto_join_rooms)
auto_join_rooms_for_guests=$(ynh_app_setting_get --app=$app --key=auto_join_rooms_for_guests)
enable_notifs=$(ynh_app_setting_get --app=$app --key=enable_notifs)
notif_for_new_users=$(ynh_app_setting_get --app=$app --key=notif_for_new_users)
enable_group_creation=$(ynh_app_setting_get --app=$app --key=enable_group_creation)
enable_registration=$(ynh_app_setting_get --app=$app --key=enable_registration)
turn_allow_guests=$(ynh_app_setting_get --app=$app --key=turn_allow_guests)
sso_enabled=$(ynh_app_setting_get --app=$app --key=sso_enabled)
password_enabled=$(ynh_app_setting_get --app=$app --key=password_enabled)
enable_3pid_lookup=$(ynh_app_setting_get --app=$app --key=enable_3pid_lookup)
push_include_content=$(ynh_app_setting_get --app=$app --key=push_include_content)
#================================================= #=================================================
# ENSURE DOWNWARD COMPATIBILITY # ENSURE DOWNWARD COMPATIBILITY
#================================================= #=================================================
@ -70,23 +101,37 @@ then
ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version." ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version."
fi fi
#=================================================
# MIGRATION 7 : Working config panel v1
#=================================================
backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=backup_before_upgrade)
if [ -z $backup_before_upgrade ] ; then
backup_before_upgrade="true"
disable_backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade)
if [ "0$disable_backup_before_upgrade" -ne 0 ]; then
backup_before_upgrade="false"
fi
ynh_app_setting_set --app=$app --key=backup_before_upgrade --value=$backup_before_upgrade
fi
#================================================= #=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#================================================= #=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30
# We stop the service before to set ynh_clean_setup # We stop the service before to set ynh_clean_setup
ynh_systemd_action --service_name=matrix-$app.service --action=stop ynh_systemd_action --service_name=matrix-$app.service --action=stop
# Backup the current version of the app # Backup the current version of the app
if [ "0$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade)" -ne 1 ] if $backup_before_upgrade ; then
then ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30
ynh_backup_before_upgrade ynh_backup_before_upgrade
ynh_clean_setup () { ynh_clean_setup () {
# Clean installation remainings that are not handled by the remove script. # Clean installation remainings that are not handled by the remove script.
ynh_clean_check_starting ynh_clean_check_starting
ynh_restore_upgradebackup ynh_restore_upgradebackup
} }
else
ynh_script_progression --message="NOT Backing up the app before upgrading..." --weight=1
fi fi
#================================================= #=================================================
@ -119,8 +164,18 @@ if [ -z $jitsi_server ]; then
fi fi
# Define $e2e_enabled_by_default if not already defined # Define $e2e_enabled_by_default if not already defined
if [ -z $e2e_enabled_by_default ]; then if [ -z $e2e_enabled_by_default ] ; then
e2e_enabled_by_default='true' e2e_enabled_by_default="invite"
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
fi
if [ "$e2e_enabled_by_default" = "true" ] ; then
e2e_enabled_by_default="all"
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
fi
if [ "$e2e_enabled_by_default" = "false" ]; then
e2e_enabled_by_default="off"
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
fi fi
@ -129,14 +184,8 @@ if [ -z $report_stats ]; then
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
fi fi
if [ -z $allow_public_rooms ]; then
allow_public_rooms="false"
ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms
fi
if [ -z $is_free_registration ]; then if [ -z $is_free_registration ]; then
is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public) is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public)
ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_registration
fi fi
if [ -z $synapse_user_app_pwd ]; then if [ -z $synapse_user_app_pwd ]; then
@ -169,6 +218,155 @@ if ! grep -q "$final_path" /etc/passwd; then
sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$final_path\:/usr/sbin/nologin@g" /etc/passwd sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$final_path\:/usr/sbin/nologin@g" /etc/passwd
fi fi
#=================================================
# MIGRATION 7 : Working config panel v1
#=================================================
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
if [ -z $allow_public_rooms ]; then
allow_public_rooms="false"
fi
# SET STANDARD SETTINGS FROM DEFAULT CONFIG
# Get app name of first Element Instance
element_ynh_url="https://matrix.to/"
element_domain=""
element_path=""
web_client_location=$element_ynh_url
client_base_url=$element_ynh_url
invite_client_location=$element_ynh_url
element_instance="element"
if [ -z "$web_client_location" ]
then
if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then
element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
element_path=$(ynh_app_setting_get --app $element_instance --key path)
element_ynh_url="https://""$element_domain""$element_path"
fi
web_client_location=$element_ynh_url
client_base_url=$element_ynh_url
invite_client_location=$element_ynh_url
ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location
ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url
ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
fi
if [ -z "$server_statistics" ]
then
server_statistics="false"
ynh_app_setting_set --app=$app --key=server_statistics --value=$server_statistics
fi
if [ -z "$allow_public_rooms_without_auth" ]
then
allow_public_rooms_without_auth=$allow_public_rooms
ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth
fi
if [ -z "$allow_public_rooms_over_federation" ]
then
allow_public_rooms_over_federation=$allow_public_rooms
ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation
fi
if [ -z "$max_upload_size" ]
then
max_upload_size="10M"
ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size
fi
if [ -z "$disable_msisdn_registration" ]
then
disable_msisdn_registration="true"
ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration
fi
if [ -z "$registrations_require_3pid" ]
then
registrations_require_3pid="none"
ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid
fi
if [ -z "$allowed_local_3pids_email" ]
then
allowed_local_3pids_email="'^[^@]+@""matrix""\.org$'"
ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email
fi
if [ -z "$allowed_local_3pids_msisdn" ]
then
allowed_local_3pids_msisdn="'\+33'"
ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn
fi
if [ -z "$account_threepid_delegates_msisdn" ]
then
account_threepid_delegates_msisdn=""
ynh_app_setting_set --app=$app --key=account_threepid_delegates_msisdn --value=$account_threepid_delegates_msisdn
fi
if [ -z "$allow_guest_access" ]
then
allow_guest_access="false"
ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access
fi
if [ -z "$default_identity_server" ]
then
default_identity_server="https://matrix.org"
ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server
fi
if [ -z "$auto_join_rooms" ]
then
auto_join_rooms="#auto_join_room:""$server_name"
ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms
fi
if [ -z "$autocreate_auto_join_rooms" ]
then
autocreate_auto_join_rooms="false"
ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms
fi
if [ -z "$auto_join_rooms_for_guests" ]
then
auto_join_rooms_for_guests="true"
ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests
fi
if [ -z "$enable_notifs" ]
then
enable_notifs="true"
ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs
fi
if [ -z "$notif_for_new_users" ]
then
notif_for_new_users="true"
ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users
fi
if [ -z "$enable_group_creation" ]
then
enable_group_creation="true"
ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation
fi
if [ -z "$enable_registration" ]
then
if [ "$is_free_registration" -eq "0" ]
then
enable_registration="false"
turn_allow_guests="false"
sso_enabled="true"
password_enabled="false"
enable_3pid_lookup="false"
else
enable_registration="true"
turn_allow_guests="true"
sso_enabled="false"
password_enabled="true"
enable_3pid_lookup="true"
fi
ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled
ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
fi
if [ -z "$push_include_content" ]
then
push_include_content="true"
ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
fi
#================================================= #=================================================
# INSTALL DEPENDENCIES # INSTALL DEPENDENCIES
#================================================= #=================================================
@ -247,15 +445,6 @@ else
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
fi fi
if [ $is_free_registration -eq 0 ]
then
allowed_access=False
sso_enabled=True
else
allowed_access=True
sso_enabled=False
fi
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml" ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"