YunoHost-Apps/synapse_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00
Code Issues Activity Actions

Fix warning and create yunohost user for ldap filter and send email correctly

Browse source
This commit is contained in:
Josué Tille 2022-05-26 17:19:33 +02:00
parent e5f93690db
commit 388ebabf39
No known key found for this signature in database
GPG key ID: 716A6C99B04194EF
11 changed files with 163 additions and 114 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
check_process
View file

@ -13,6 +13,7 @@
setup_public=1 setup_public=1
upgrade=1 upgrade=1
upgrade=1 from_commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19 upgrade=1 from_commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19
upgrade=1 from_commit=6af39e6e086e70e2063eb8f63c48a1e4a597300d
backup_restore=1 backup_restore=1
multi_instance=0 multi_instance=0
incorrect_path=0 incorrect_path=0
@ -23,3 +24,5 @@
;;; Upgrade options ;;; Upgrade options
; commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19 ; commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19
name=Before permission implementation (branch old_version_for_CI_4) name=Before permission implementation (branch old_version_for_CI_4)
; commit=6af39e6e086e70e2063eb8f63c48a1e4a597300d
name=Before app user creation

30
conf/coturn-synapse.service
View file

@ -23,5 +23,35 @@ LimitRTTIME=7000000
CPUSchedulingPolicy=other CPUSchedulingPolicy=other
UMask=0007 UMask=0007
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

164
conf/homeserver.yaml
View file

@ -798,8 +798,6 @@ turn_allow_guests: __ALLOWED_ACCESS__
# #
enable_registration: __ALLOWED_ACCESS__ enable_registration: __ALLOWED_ACCESS__
enable_registration_without_verification: __ALLOWED_ACCESS__
# Optional account validity configuration. This allows for accounts to be denied # Optional account validity configuration. This allows for accounts to be denied
# any request after a given period. # any request after a given period.
# #
@ -1259,85 +1257,85 @@ password_config:
# If your SMTP server requires authentication, the optional smtp_user & # If your SMTP server requires authentication, the optional smtp_user &
# smtp_pass variables should be used # smtp_pass variables should be used
# #
#email: email:
# enable_notifs: false enable_notifs: true
# smtp_host: "localhost" smtp_host: "localhost"
# smtp_port: 25 # SSL: 465, STARTTLS: 587 smtp_port: 587
# smtp_user: "exampleusername" smtp_user: __SYNAPSE_USER_APP__
# smtp_pass: "examplepassword" smtp_pass: __SYNAPSE_USER_APP_PWD__
# require_transport_security: false require_transport_security: false
# notif_from: "Your Friendly %(app)s Home Server <noreply@example.com>" notif_from: "Your Friendly %(app)s Home Server <__SYNAPSE_USER_APP__@__DOMAIN__>"
# app_name: Matrix app_name: Matrix-Synapse
#
# # Enable email notifications by default # Enable email notifications by default
# # #
# notif_for_new_users: true notif_for_new_users: true
#
# # Defining a custom URL for Riot is only needed if email notifications # Defining a custom URL for Riot is only needed if email notifications
# # should contain links to a self-hosted installation of Riot; when set # should contain links to a self-hosted installation of Riot; when set
# # the "app_name" setting is ignored # the "app_name" setting is ignored
# # #
# riot_base_url: "http://localhost/riot" riot_base_url: "https://__DOMAIN__/element"
#
# # Configure the time that a validation email or text message code # Configure the time that a validation email or text message code
# # will expire after sending # will expire after sending
# # #
# # This is currently used for password resets # This is currently used for password resets
# # #
# #validation_token_lifetime: 1h #validation_token_lifetime: 1h
#
# # Template directory. All template files should be stored within this # Template directory. All template files should be stored within this
# # directory. If not set, default templates from within the Synapse # directory. If not set, default templates from within the Synapse
# # package will be used # package will be used
# # #
# # For the list of default templates, please see # For the list of default templates, please see
# # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates # https://github.com/matrix-org/synapse/tree/master/synapse/res/templates
# # #
# #template_dir: res/templates #template_dir: res/templates
#
# # Templates for email notifications # Templates for email notifications
# # #
# notif_template_html: notif_mail.html #notif_template_html: notif_mail.html
# notif_template_text: notif_mail.txt #notif_template_text: notif_mail.txt
#
# # Templates for account expiry notices # Templates for account expiry notices
# # #
# expiry_template_html: notice_expiry.html #expiry_template_html: notice_expiry.html
# expiry_template_text: notice_expiry.txt #expiry_template_text: notice_expiry.txt
#
# # Templates for password reset emails sent by the homeserver # Templates for password reset emails sent by the homeserver
# # #
# #password_reset_template_html: password_reset.html #password_reset_template_html: password_reset.html
# #password_reset_template_text: password_reset.txt #password_reset_template_text: password_reset.txt
#
# # Templates for registration emails sent by the homeserver # Templates for registration emails sent by the homeserver
# # #
# #registration_template_html: registration.html #registration_template_html: registration.html
# #registration_template_text: registration.txt #registration_template_text: registration.txt
#
# # Templates for validation emails sent by the homeserver when adding an email to # Templates for validation emails sent by the homeserver when adding an email to
# # your user account # your user account
# # #
# #add_threepid_template_html: add_threepid.html #add_threepid_template_html: add_threepid.html
# #add_threepid_template_text: add_threepid.txt #add_threepid_template_text: add_threepid.txt
#
# # Templates for password reset success and failure pages that a user # Templates for password reset success and failure pages that a user
# # will see after attempting to reset their password # will see after attempting to reset their password
# # #
# #password_reset_template_success_html: password_reset_success.html #password_reset_template_success_html: password_reset_success.html
# #password_reset_template_failure_html: password_reset_failure.html #password_reset_template_failure_html: password_reset_failure.html
#
# # Templates for registration success and failure pages that a user # Templates for registration success and failure pages that a user
# # will see after attempting to register using an email or phone # will see after attempting to register using an email or phone
# # #
# #registration_template_success_html: registration_success.html #registration_template_success_html: registration_success.html
# #registration_template_failure_html: registration_failure.html #registration_template_failure_html: registration_failure.html
#
# # Templates for success and failure pages that a user will see after attempting # Templates for success and failure pages that a user will see after attempting
# # to add an email or phone to their account # to add an email or phone to their account
# # #
# #add_threepid_success_html: add_threepid_success.html #add_threepid_success_html: add_threepid_success.html
# #add_threepid_failure_html: add_threepid_failure.html #add_threepid_failure_html: add_threepid_failure.html
password_providers: password_providers:
@ -1352,8 +1350,8 @@ password_providers:
uid: "uid" uid: "uid"
mail: "mail" mail: "mail"
name: "givenName" name: "givenName"
# #bind_dn: # TODO Add authentication to have the filter working bind_dn: __SYNAPSE_USER_APP__
# #bind_password: bind_password: __SYNAPSE_USER_APP_PWD__
filter: "(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))" filter: "(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))"

30
conf/matrix-synapse.service
View file

@ -13,5 +13,35 @@ Restart=always
RestartSec=3 RestartSec=3
RuntimeDirectory=%i RuntimeDirectory=%i
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

7
manifest.json
View file

@ -29,12 +29,7 @@
"install" : [ "install" : [
{ {
"name": "domain", "name": "domain",
"type": "domain", "type": "domain"
"ask": {
"en": "Choose a domain for Synapse",
"fr": "Choisissez un domaine pour Synapse"
},
"example": "synapse.domain.org"
}, },
{ {
"name": "server_name", "name": "server_name",

3
scripts/change_url
View file

@ -35,13 +35,12 @@ cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
ynh_print_OFF
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
ynh_print_ON synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
synapse_user="matrix-$app" synapse_user="matrix-$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"

1
scripts/config
View file

@ -26,6 +26,7 @@ disable_backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_bac
is_free_registration=$(ynh_app_setting_get --app $app --key is_free_registration) is_free_registration=$(ynh_app_setting_get --app $app --key is_free_registration)
jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
#================================================= #=================================================
# SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND # SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND

12
scripts/install
View file

@ -26,6 +26,8 @@ ynh_abort_if_errors
#================================================= #=================================================
synapse_user="matrix-$app" synapse_user="matrix-$app"
synapse_user_app="$synapse_user-app"
synapse_user_app_pwd="$(ynh_string_random --length=30)"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app" synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
@ -56,8 +58,6 @@ fi
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#================================================= #=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=2 ynh_script_progression --message="Validating installation parameters..." --weight=2
[ $(ynh_webpath_available --domain=$domain --path_url=$path_url) == "True" ] || ynh_die --message="$domain is not available as domain, please use an other domain."
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain." test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain."
# Check Final Path availability # Check Final Path availability
@ -85,6 +85,7 @@ ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_regis
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS
@ -143,6 +144,7 @@ ynh_install_app_dependencies $dependances
ynh_script_progression --message="Configuring system user..." --weight=3 ynh_script_progression --message="Configuring system user..." --weight=3
ynh_system_user_create --username=$synapse_user --home_dir=$final_path ynh_system_user_create --username=$synapse_user --home_dir=$final_path
yunohost user create $synapse_user_app -f Synapse -l Application -m synapse@$domain -p "$synapse_user_app_pwd"
adduser $synapse_user ssl-cert adduser $synapse_user ssl-cert
adduser turnserver ssl-cert adduser turnserver ssl-cert
@ -151,16 +153,12 @@ adduser turnserver ssl-cert
#================================================= #=================================================
ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4 ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4
ynh_print_OFF
synapse_db_pwd=$(ynh_string_random --length=30) synapse_db_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd
ynh_print_ON
# Create postgresql database # Create postgresql database
ynh_psql_test_if_first_run ynh_psql_test_if_first_run
ynh_print_OFF
ynh_psql_create_user $synapse_db_user $synapse_db_pwd ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_print_ON
ynh_psql_execute_as_root \ ynh_psql_execute_as_root \
--sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" --sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
@ -213,7 +211,6 @@ deactivate
set -u; set -u;
# Get random values from config # Get random values from config
ynh_print_OFF
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2) registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2) form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
macaroon_secret_key=$(egrep "^macaroon_secret_key:" homeserver.yml | cut -d'"' -f2) macaroon_secret_key=$(egrep "^macaroon_secret_key:" homeserver.yml | cut -d'"' -f2)
@ -222,7 +219,6 @@ macaroon_secret_key=$(egrep "^macaroon_secret_key:" homeserver.yml | cut -d'"' -
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret" ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret" ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
ynh_app_setting_set --app=$app --key=macaroon_secret_key --value="$macaroon_secret_key" ynh_app_setting_set --app=$app --key=macaroon_secret_key --value="$macaroon_secret_key"
ynh_print_ON
#================================================= #=================================================
# SETUP SYSTEMD # SETUP SYSTEMD

2
scripts/remove
View file

@ -29,6 +29,7 @@ turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tl
#================================================= #=================================================
synapse_user="matrix-$app" synapse_user="matrix-$app"
synapse_user_app="$synapse_user-app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app" synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
@ -142,6 +143,7 @@ ynh_script_progression --message="Removing the dedicated system user" --weight=1
# Delete a system user # Delete a system user
ynh_system_user_delete --username=$synapse_user ynh_system_user_delete --username=$synapse_user
yunohost user delete $synapse_user_app
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

11
scripts/restore
View file

@ -37,15 +37,15 @@ synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
ynh_print_OFF
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
ynh_print_ON synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
#================================================= #=================================================
# SET ALL CONSTANT # SET ALL CONSTANT
#================================================= #=================================================
synapse_user="matrix-$app" synapse_user="matrix-$app"
synapse_user_app="$synapse_user-app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app" synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
@ -58,8 +58,6 @@ data_path="/home/yunohost.app/matrix-$app"
#================================================= #=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=2 ynh_script_progression --message="Validating restoration parameters..." --weight=2
ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die --message="Path not available: ${domain}${path_url}"
test ! -d $final_path \ test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path " || ynh_die --message="There is already a directory: $final_path "
@ -81,6 +79,7 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei
# Create the dedicated user (if not existing) # Create the dedicated user (if not existing)
ynh_system_user_create --username=$synapse_user --home_dir=$final_path ynh_system_user_create --username=$synapse_user --home_dir=$final_path
yunohost user create $synapse_user_app -f Synapse -l Application -m synapse@$domain -p "$synapse_user_app_pwd"
adduser $synapse_user ssl-cert adduser $synapse_user ssl-cert
adduser turnserver ssl-cert adduser turnserver ssl-cert
@ -110,9 +109,7 @@ ynh_systemd_action --action=restart --service_name=fail2ban
ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13 ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13
ynh_psql_test_if_first_run ynh_psql_test_if_first_run
ynh_print_OFF
ynh_psql_create_user $synapse_db_user $synapse_db_pwd ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_print_ON
ynh_psql_execute_as_root \ ynh_psql_execute_as_root \
--sql="CREATE DATABASE $synapse_db_name --sql="CREATE DATABASE $synapse_db_name
ENCODING 'UTF8' ENCODING 'UTF8'
@ -165,9 +162,7 @@ ynh_script_progression --message="Reconfiguring coturn..." --weight=23
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
ynh_print_OFF
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
ynh_print_ON
# WARNING : these commands are used in INSTALL, UPGRADE # WARNING : these commands are used in INSTALL, UPGRADE
# For any update do it in all files # For any update do it in all files

14
scripts/upgrade
View file

@ -35,13 +35,12 @@ cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
ynh_print_OFF
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
ynh_print_ON synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
#================================================= #=================================================
# SET ALL CONSTANT # SET ALL CONSTANT
@ -136,6 +135,12 @@ if [ -z $is_free_registration ]; then
ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_registration ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_registration
fi fi
if [ -z $synapse_user_app_pwd ]; then
synapse_user_app_pwd="$(ynh_string_random --length=30)"
ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
yunohost user create $synapse_user_app -f Synapse -l Application -m synapse@$domain -p "$synapse_user_app_pwd"
fi
#================================================= #=================================================
# MIGRATION 6 : Migrate data directory # MIGRATION 6 : Migrate data directory
#================================================= #=================================================
@ -188,10 +193,8 @@ chown $synapse_user:root -R $final_www_path
# MIGRATION 1 : GENERATE SYNAPSE SECRET # MIGRATION 1 : GENERATE SYNAPSE SECRET
#================================================= #=================================================
ynh_print_OFF
if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ] if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ]
then then
ynh_print_ON
ynh_script_progression --message="Generating synapse secret..." --weight=1 ynh_script_progression --message="Generating synapse secret..." --weight=1
# Go in virtualenvironnement # Go in virtualenvironnement
@ -208,16 +211,13 @@ then
set -u; set -u;
# Get random values from config # Get random values from config
ynh_print_OFF
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2) registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2) form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
# store in yunohost settings # store in yunohost settings
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret" ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret" ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
ynh_print_ON
fi fi
ynh_print_ON
#================================================= #=================================================
# UPDATE SYNAPSE CONFIG # UPDATE SYNAPSE CONFIG