YunoHost-Apps/synapse_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00
Code Issues Activity Actions

Use new helper, migrate to postgresql, use virtualenvionement

Browse source
This commit is contained in:
Josué Tille 2017-07-21 22:28:49 +02:00
parent e8b97b61d5
commit 469b6dc07b
18 changed files with 606 additions and 584 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -11,6 +11,8 @@ If you don't have a dh.pem file in `/etc/yunohost/certs/YOUR DOMAIN/dh.pem` you
You could built it by this cmd : `sudo openssl dhparam -out /etc/yunohost/certs/YOUR DOMAIN/dh.pem 2048 > /dev/null`
After that you can install it without problem.
The install use the python virtualenvironement. Everything is built on the install and some package a compiled so it could take a long time if the processor is slow.
## Package update package
sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh

11
conf/add_sso_conf.py Normal file
View file

@ -0,0 +1,11 @@
import json
with open("/etc/ssowat/conf.json.persistent", "r") as jsonFile:
data = json.load(jsonFile)
if "skipped_urls" in data:
data["skipped_urls"].append("/_matrix")
else:
data["skipped_urls"] = ["/_matrix"]
with open("/etc/ssowat/conf.json.persistent", "w") as jsonFile:
jsonFile.write(json.dumps(data, indent=4, sort_keys=True))

3
conf/default_matrix-synapse Normal file
View file

@ -0,0 +1,3 @@
# Specify environment variables used when running Synapse
# SYNAPSE_CACHE_FACTOR=1 (default)

14
conf/homeserver.yaml
View file

@ -15,7 +15,6 @@ tls_dh_params_path: "/etc/yunohost/certs/__DOMAIN__/dh.pem"
# Don't bind to the https port
no_tls: False
## Server ##
server_name: "__DOMAIN__"
@ -109,11 +108,15 @@ listeners:
# Database configuration
database:
# The database engine name
name: "sqlite3"
name: psycopg2
# Arguments to pass to the engine
args:
# Path to the database
database: "/var/lib/matrix-synapse/homeserver.db"
args:
user: __SYNAPSE_DB_USER__
password: __SYNAPSE_DB_PWD__
database: matrix_synapse
host: localhost
cp_min: 5
cp_max: 10
# Number of events to cache in memory.
event_cache_size: "10K"
@ -326,6 +329,7 @@ trusted_third_party_id_servers:
# Enable collection and rendering of performance metrics
enable_metrics: False
report_stats: False
## API Configuration ##

36
conf/log.yaml Normal file
View file

@ -0,0 +1,36 @@
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
file:
class: logging.handlers.RotatingFileHandler
formatter: precise
filename: /var/log/matrix-synapse/homeserver.log
maxBytes: 104857600
backupCount: 10
filters: [context]
level: INFO
console:
class: logging.StreamHandler
formatter: precise
level: WARN
loggers:
synapse:
level: INFO
synapse.storage.SQL:
level: INFO
root:
level: INFO
handlers: [file, console]

20
conf/logrotate
View file

@ -1,20 +0,0 @@
/var/log/__APP_/.log {
# Effectue une rotation des logs tout les mois
monthly
# Ou si le fichier de log dépasse 100Mo
size 100M
# Garde un maximum de 12 anciens logs
rotate 12
# Compresse les logs avec gzip
compress
# Compresse le log au cycle suivant. Donc garde toujours 2 logs non compressés.
delaycompress
# Copie et tronque le journal pour permettre la poursuite de l'écriture. Plutôt que de déplacer le log.
copytruncate
# Ne renvoi pas d'erreur si le fichier de log est absent.
missingok
# Ne fait pas de rotation si le log est vide.
notifempty
# Garde les anciens logs dans le même dossier.
noolddir
}

15
conf/matrix-synapse.service Normal file
View file

@ -0,0 +1,15 @@
[Unit]
Description=Synapse Matrix homeserver
[Service]
Type=simple
User=matrix-synapse
WorkingDirectory=/var/lib/matrix-synapse
EnvironmentFile=/etc/default/matrix-synapse
ExecStartPre=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --generate-keys
ExecStart=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target

2
conf/nginx.conf
View file

@ -1,4 +1,6 @@
location __PATH__ {
proxy_pass http://localhost:__PORT__;
proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 100M;
}

8
conf/remove_sso_conf.py Normal file
View file

@ -0,0 +1,8 @@
import json
with open("/etc/ssowat/conf.json.persistent", "r") as jsonFile:
data = json.load(jsonFile)
data["skipped_urls"].remove("/_matrix")
with open("/etc/ssowat/conf.json.persistent", "w") as jsonFile:
jsonFile.write(json.dumps(data, indent=4, sort_keys=True))

78
conf/virtualenv_activate Normal file
View file

@ -0,0 +1,78 @@
# This file must be used with "source bin/activate" *from bash*
# you cannot run it directly
deactivate () {
unset -f pydoc >/dev/null 2>&1
# reset old environment variables
# ! [ -z ${VAR+_} ] returns true if VAR is declared at all
if ! [ -z "${_OLD_VIRTUAL_PATH+_}" ] ; then
PATH="$_OLD_VIRTUAL_PATH"
export PATH
unset _OLD_VIRTUAL_PATH
fi
if ! [ -z "${_OLD_VIRTUAL_PYTHONHOME+_}" ] ; then
PYTHONHOME="$_OLD_VIRTUAL_PYTHONHOME"
export PYTHONHOME
unset _OLD_VIRTUAL_PYTHONHOME
fi
# This should detect bash and zsh, which have a hash command that must
# be called to get it to forget past commands. Without forgetting
# past commands the $PATH changes we made may not be respected
if [ -n "${BASH-}" ] || [ -n "${ZSH_VERSION-}" ] ; then
hash -r 2>/dev/null
fi
if ! [ -z "${_OLD_VIRTUAL_PS1+_}" ] ; then
PS1="$_OLD_VIRTUAL_PS1"
export PS1
unset _OLD_VIRTUAL_PS1
fi
unset VIRTUAL_ENV
if [ ! "${1-}" = "nondestructive" ] ; then
# Self destruct!
unset -f deactivate
fi
}
# unset irrelevant variables
deactivate nondestructive
VIRTUAL_ENV="/opt/yunohost/matrix-synapse"
export VIRTUAL_ENV
_OLD_VIRTUAL_PATH="$PATH"
PATH="$VIRTUAL_ENV/bin:$PATH"
export PATH
# unset PYTHONHOME if set
if ! [ -z "${PYTHONHOME+_}" ] ; then
_OLD_VIRTUAL_PYTHONHOME="$PYTHONHOME"
unset PYTHONHOME
fi
if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT-}" ] ; then
_OLD_VIRTUAL_PS1="$PS1"
if [ "x" != x ] ; then
PS1="$PS1"
else
PS1="(`basename \"$VIRTUAL_ENV\"`) $PS1"
fi
export PS1
fi
# Make sure to unalias pydoc if it's already there
alias pydoc 2>/dev/null >/dev/null && unalias pydoc
pydoc () {
python -m pydoc "$@"
}
# This should detect bash and zsh, which have a hash command that must
# be called to get it to forget past commands. Without forgetting
# past commands the $PATH changes we made may not be respected
if [ -n "${BASH-}" ] || [ -n "${ZSH_VERSION-}" ] ; then
hash -r 2>/dev/null
fi

26
manifest.json
View file

@ -3,20 +3,20 @@
"id": "synapse",
"packaging_format": 1,
"requirements": {
"yunohost": ">= 2.4"
"yunohost": ">= 2.6.4"
},
"description": {
"en": "Instant messaging server who use matrix",
"fr": "Un serveur de messagerie instantané basé sur matrix"
},
"version": "1.0",
"url": "http://www.site",
"version": "0.22.0",
"url": "http://matrix.org",
"license": "free",
"maintainer": {
"name": "Josué Tille",
"email": "josue@tille.ch"
},
"multi_instance": true,
"multi_instance": false,
"services": [
"nginx"
],
@ -31,15 +31,15 @@
},
"example": "domain.org"
},
{
"name": "is_public",
"type": "boolean",
"ask": {
"en": "Is it a public server ?",
"fr": "Est-ce un serveur public ?"
},
"default": "0"
}
{
"name": "is_public",
"type": "boolean",
"ask": {
"en": "Is it a public server ?",
"fr": "Est-ce un serveur public ?"
},
"default": "0"
}
]
}
}

244
scripts/_common.sh
View file

@ -1,162 +1,126 @@
#!/bin/bash
debian_repos="http://httpredir.debian.org/debian/"
md5sum_python_nacl="34c44f8f5100170bae3b4329ffb43087"
md5sum_python_ujson="5b65f8cb6bedef7971fdc557e09effbe"
python_nacl_version="1.0.1-2"
python_ujson_version="1.35-1"
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-synapse"
synapse_db_name="matrix_synapse"
synapse_db_user="matrix_synapse"
synapse_version="0.22.0"
init_script() {
# Exit on command errors and treat unset variables as an error
set -eu
install_dependances() {
ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libjpeg-dev libpq-dev postgresql
pip install --upgrade pip
pip install --upgrade ndg-httpsclient
pip install --upgrade virtualenv
}
# Source YunoHost helpers
source /usr/share/yunohost/helpers
install_from_source() {
# Create empty dir for synapse
mkdir -p /var/lib/matrix-synapse
mkdir -p /var/log/matrix-synapse
mkdir -p /etc/matrix-synapse/conf.d
mkdir -p $final_path
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
CHECK_VAR "$app" "app name not set"
GET_DEBIAN_VERSION
# Install synapse in virtualenv
virtualenv -p python2.7 $final_path
PS1=""
cp ../conf/virtualenv_activate $final_path/bin/activate
source $final_path/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
pip install https://github.com/matrix-org/synapse/tarball/master
pip install psycopg2
if [ -n "$(uname -m | grep 64)" ]; then
ARCHITECTURE="amd64"
elif [ -n "$(uname -m | grep 86)" ]; then
ARCHITECTURE="386"
elif [ -n "$(uname -m | grep arm)" ]; then
ARCHITECTURE="arm"
else
ynh_die "Unable to find arch"
fi
# Set permission
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-synapse
chown $synapse_user:root -R /var/log/matrix-synapse
chown $synapse_user:root -R /etc/matrix-synapse
}
install_arm_package_dep() {
config_nginx() {
cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
wget -q -O '/tmp/python-nacl.deb' "${debian_repos}pool/main/p/python-nacl/python-nacl_${python_nacl_version}_armhf.deb"
wget -q -O '/tmp/python-ujson.deb' "${debian_repos}pool/main/u/ujson/python-ujson_${python_ujson_version}_armhf.deb"
if ([[ ! -e '/tmp/python-nacl.deb' ]] || [[ $(md5sum '/tmp/python-nacl.deb' | cut -d' ' -f1) != $md5sum_python_nacl ]]) || \
([[ ! -e '/tmp/python-ujson.deb' ]] || [[ $(md5sum '/tmp/python-ujson.deb' | cut -d' ' -f1) != $md5sum_python_ujson ]])
then
ynh_die "Error : can't get debian dependance package"
fi
sudo dpkg -i /tmp/python-nacl.deb || true
sudo dpkg -i /tmp/python-ujson.deb || true
ynh_replace_string __PATH__ $path /etc/nginx/conf.d/$domain.d/$app.conf
ynh_replace_string __PORT__ $synapse_port /etc/nginx/conf.d/$domain.d/$app.conf
systemctl reload nginx.service
}
GET_DEBIAN_VERSION() {
debian_version=$(sudo lsb_release -sc)
test -z $debian_version && ynh_die "Can't find debian version"
test $debian_version == 'jessie' || ynh_die "This package is not available for your debian version"
config_synapse() {
cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml
cp ../conf/log.yaml /etc/matrix-synapse/log.yaml
ynh_replace_string __DOMAIN__ $domain /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __PORT__ $synapse_port /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-synapse/homeserver.yaml
if [ "$is_public" = "0" ]
then
ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-synapse/homeserver.yaml
else
ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-synapse/homeserver.yaml
fi
}
enable_backport_repos() {
if [[ -z "$(grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list ; grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list.d/*.list)" ]]
then
debian_repos_url=$(grep -m 1 "^deb .* $debian_version .*main" /etc/apt/sources.list | cut -d ' ' -f2)
test -z "$(echo $debian_repos_url | grep '://')" && debian_repos_url="$debian_repos"
echo "deb $debian_repos_url $debian_version-backports main contrib non-free" | sudo tee -a "/etc/apt/sources.list"
fi
ynh_package_update
config_coturn() {
cp ../conf/default_coturn /etc/default/coturn
cp ../conf/turnserver.conf /etc/turnserver.conf
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/turnserver.conf
ynh_replace_string __DOMAIN__ $domain /etc/turnserver.conf
ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/turnserver.conf
}
set_certificat_access() {
set_access $synapse_user /etc/yunohost/certs/$domain/crt.pem
set_access $synapse_user /etc/yunohost/certs/$domain/key.pem
set_access $synapse_user /etc/yunohost/certs/$domain/dh.pem
set_access turnserver /etc/yunohost/certs/$domain/crt.pem
set_access turnserver /etc/yunohost/certs/$domain/key.pem
set_access turnserver /etc/yunohost/certs/$domain/dh.pem
}
set_access() { # example : set_access USER FILE
user="$1"
file_to_set="$2"
while [[ 0 ]]
do
path_to_set=""
oldIFS="$IFS"
IFS="/"
for dirname in $file_to_set
user="$1"
file_to_set="$2"
while [[ 0 ]]
do
if [[ -n "$dirname" ]]
then
sudo test -f "$path_to_set"/"$dirname" && sudo setfacl -m d:u:$user:r "$path_to_set"
path_to_set="$path_to_set/$dirname"
if $(sudo sudo -u $user test ! -r "$path_to_set")
path_to_set=""
oldIFS="$IFS"
IFS="/"
for dirname in $file_to_set
do
if [[ -n "$dirname" ]]
then
sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx "$path_to_set"
sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set"
test -f "$path_to_set"/"$dirname" && setfacl -m d:u:$user:r "$path_to_set"
path_to_set="$path_to_set/$dirname"
if $(sudo -u $user test ! -r "$path_to_set")
then
test -d "$path_to_set" && setfacl -m user:$user:rx "$path_to_set"
test -f "$path_to_set" && setfacl -m user:$user:r "$path_to_set"
fi
fi
done
IFS="$oldIFS"
if $(test -L "$file_to_set")
then
if [[ -n "$(readlink "$file_to_set" | grep -e "^/")" ]]
then
file_to_set=$(readlink "$file_to_set") # If it is an absolute path
else
file_to_set=$(realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path)
fi
else
break
fi
done
IFS="$oldIFS"
if $(sudo test -L "$file_to_set")
then
if [[ -n "$(sudo readlink "$file_to_set" | grep -e "^/")" ]]
then
file_to_set=$(sudo readlink "$file_to_set") # If it is an absolute path
else
file_to_set=$(sudo realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(sudo readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path)
fi
else
break
fi
done
}
CHECK_VAR () { # Vérifie que la variable n'est pas vide.
# $1 = Variable à vérifier
# $2 = Texte à afficher en cas d'erreur
test -n "$1" || (echo "$2" >&2 && false)
}
CHECK_PATH () { # Vérifie la présence du / en début de path. Et son absence à la fin.
if [ "${path:0:1}" != "/" ]; then # Si le premier caractère n'est pas un /
path="/$path" # Ajoute un / en début de path
fi
if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # Si le dernier caractère est un / et que ce n'est pas le seul caractère.
path="${path:0:${#path}-1}" # Supprime le dernier caractère
fi
}
CHECK_DOMAINPATH () { # Vérifie la disponibilité du path et du domaine.
sudo yunohost app checkurl $domain$path -a $app
}
CHECK_FINALPATH () { # Vérifie que le dossier de destination n'est pas déjà utilisé.
final_path=/var/www/$app
if [ -e "$final_path" ]
then
echo "This path already contains a folder" >&2
false
fi
}
# Find a free port and return it
#
# example: port=$(ynh_find_port 8080)
#
# usage: ynh_find_port begin_port
# | arg: begin_port - port to start to search
ynh_find_port () {
port=$1
test -n "$port" || ynh_die "The argument of ynh_find_port must be a valid port."
while netcat -z 127.0.0.1 $port # Check if the port is free
do
port=$((port+1)) # Else, pass to next port
done
echo $port
}
### REMOVE SCRIPT
REMOVE_NGINX_CONF () { # Suppression de la configuration nginx
if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then # Delete nginx config
echo "Delete nginx config"
sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf"
sudo service nginx reload
fi
}
REMOVE_LOGROTATE_CONF () { # Suppression de la configuration de logrotate
if [ -e "/etc/logrotate.d/$app" ]; then
echo "Delete logrotate config"
sudo rm "/etc/logrotate.d/$app"
fi
}

63
scripts/backup
View file

@ -1,55 +1,17 @@
#!/bin/bash
######## Actually we cant use common script in backup / restore script see this issue for more informations : https://dev.yunohost.org/issues/621
# # Import common cmd
# source ./_common.sh
#
# Source YunoHost helpers
source /usr/share/yunohost/helpers
######## We implement manually this fonctions
# Stop script if errors
ynh_abort_if_errors
init_script() {
# Exit on command errors and treat unset variables as an error
set -eu
# Source YunoHost helpers
source /usr/share/yunohost/helpers
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
CHECK_VAR "$app" "app name not set"
GET_DEBIAN_VERSION
if [ -n "$(uname -m | grep 64)" ]; then
ARCHITECTURE="amd64"
elif [ -n "$(uname -m | grep 86)" ]; then
ARCHITECTURE="386"
elif [ -n "$(uname -m | grep arm)" ]; then
ARCHITECTURE="arm"
else
ynh_die "Unable to find arch"
fi
}
GET_DEBIAN_VERSION() {
debian_version=$(sudo lsb_release -sc)
test -z $debian_version && ynh_die "Can't find debian version"
test $debian_version == 'jessie' || ynh_die "This package is not available for your debian version"
}
CHECK_VAR () { # Vérifie que la variable n'est pas vide.
# $1 = Variable à vérifier
# $2 = Texte à afficher en cas d'erreur
test -n "$1" || (echo "$2" >&2 && false)
}
######## End of common fonctions
# Init script
init_script
# Import common cmd
source ../settings/scripts/_common.sh
source ../settings/scripts/psql.sh
# Retrieve arguments
final_path=$(ynh_app_setting_get $app final_path)
domain=$(ynh_app_setting_get $app domain)
domain=$(ynh_app_setting_get $app special_domain)
# Copy Nginx config
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf"
@ -62,9 +24,14 @@ ynh_backup "/etc/turnserver.conf" "coturn_config"
ynh_backup "/etc/default/coturn" "coturn_config_default"
# Backup synapse database
ynh_backup "/var/lib/matrix-synapse" "data"
ynh_backup "/var/lib/matrix-synapse" "data" 1
# Backup Postgresql database
sudo su -c "pg_dump $synapse_db_name" postgres > ${YNH_CWD}/dump.sql
# Copie la configuration de logrotate
ynh_backup "/etc/logrotate.d/$app" "logrotate"
# Backup systemd service
ynh_backup "/etc/default/matrix-synapse"
ynh_backup "/etc/systemd/system/matrix-synapse.service"

129
scripts/install
View file

@ -1,122 +1,97 @@
#!/bin/bash
# Source YunoHost helpers
source /usr/share/yunohost/helpers
source ./psql.sh
# Stop script if errors
ynh_abort_if_errors
# Import common cmd
source ./_common.sh
# Init script
init_script
# Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN
path="/_matrix"
is_public=$YNH_APP_ARG_IS_PUBLIC
path="/_matrix"
final_path="/opt/yunohost/matrix-synapse"
CHECK_PATH # Vérifie et corrige la syntaxe du path.
CHECK_DOMAINPATH # Vérifie la disponibilité du path et du domaine.
CHECK_FINALPATH # Vérifie que le dossier de destination n'est pas déjà utilisé.
# Check domain/path availability
test $(ynh_webpath_available $domain $path) == 'True' || ynh_die "$domain$path is not available, please use an other domain."
# Check Final Path availability
test ! -e "$final_path" || ynh_die "This path already contains a folder"
# Ouvre le port dans le firewall
synapse_tls_port=$(ynh_find_port 8448)
synapse_port=$(ynh_find_port 8008)
turnserver_tls_port=$(ynh_find_port 5349)
sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
sudo yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
# Make dh cert for synapse if it not exist
test ! -e /etc/yunohost/certs/$domain/dh.pem && sudo openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null
test ! -e /etc/yunohost/certs/$domain/dh.pem && openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null
# Find password for turnserver
# Find password for turnserver and database
turnserver_pwd=$(ynh_string_random 30)
synapse_db_pwd=$(ynh_string_random 30)
# Enregistre les infos dans la config YunoHost
ynh_app_setting_set $app domain $domain
ynh_app_setting_set $app path $path
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_set $app synapse_version $synapse_version
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app synapse_port $synapse_port
ynh_app_setting_set $app synapse_tls_port $synapse_tls_port
ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port
ynh_app_setting_set $app turnserver_pwd $turnserver_pwd
# Et copie le fichier de config nginx
sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
# Install all dependances
install_dependances
# Modifie les variables dans le fichier de configuration nginx
sudo sed -i "s@__PATH__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf
sudo sed -i "s@__PORT__@$synapse_port@g" /etc/nginx/conf.d/$domain.d/$app.conf
# Create user
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
# Get Matrix key repos
wget -q -O '/tmp/matrix-repo-key.asc' "https://matrix.org/packages/debian/repo-key.asc"
sudo apt-key add "/tmp/matrix-repo-key.asc"
# Create postgresql database
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
echo "matrix-synapse matrix-synapse/server-name select $domain" | sudo debconf-set-selections # Configure dpkg for no questions
echo "matrix-synapse matrix-synapse/report-stats select false" | sudo debconf-set-selections # Configure dpkg for no questions
# Create directory Install synapse in virtualenv
install_from_source
# Install coturn (the turn server)
ynh_package_install coturn
# Open access to server without a button the home
cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py
# Enable debian-backports repos
enable_backport_repos
# Create systemd service
cp ../conf/default_matrix-synapse /etc/default/matrix-synapse
cp ../conf/matrix-synapse.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable matrix-synapse.service
# Enable Synapse repos
if [[ -n "$(uname -m | grep arm)" ]]
then
# Use special conf for arm arch because some binary are not available in jessie backport or in matrix repos
install_arm_package_dep
ynh_package_install -t $debian_version-backports -f
echo "deb [arch=i386] http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list"
ynh_package_update
else
echo "deb http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list"
ynh_package_update
fi
# Install synapse package
# We neet to install python-cryptography to Solve a python error about dependance (from cryptography.hazmat.primitives.asymmetric.utils)
ynh_package_install -t $debian_version-backports matrix-synapse python-matrix-synapse-ldap3 python-cryptography
# Config nginx
config_nginx
# Configure Synapse
sudo cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__DOMAIN__@$domain@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__PORT__@$synapse_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TLS_PORT__@$synapse_tls_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TURNSERVER_TLS_PORT__@$turnserver_tls_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/matrix-synapse/homeserver.yaml
if [ "$is_public" = "0" ]
then
sudo sed -i "s@__ALLOWED_ACCESS__@False@g" /etc/matrix-synapse/homeserver.yaml
else
sudo sed -i "s@__ALLOWED_ACCESS__@True@g" /etc/matrix-synapse/homeserver.yaml
fi
config_synapse
# Configure Coturn
sudo cp ../conf/default_coturn /etc/default/coturn
sudo cp ../conf/turnserver.conf /etc/turnserver.conf
sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/turnserver.conf
sudo sed -i "s@__DOMAIN__@$domain@g" /etc/turnserver.conf
sudo sed -i "s@__TLS_PORT__@$turnserver_tls_port@g" /etc/turnserver.conf
config_coturn
# Configure access for certificates
set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
set_access turnserver /etc/yunohost/certs/$domain/crt.pem
set_access turnserver /etc/yunohost/certs/$domain/key.pem
set_access turnserver /etc/yunohost/certs/$domain/dh.pem
set_certificat_access
# Configuration de logrotate
sed -i "s@__APP__@$app@g" ../conf/logrotate
sudo cp ../conf/logrotate /etc/logrotate.d/$app
ynh_app_setting_set $app skipped_uris "/"
ynh_use_logrotate /var/log/matrix-synapse/
# register yunohost service
sudo yunohost service add matrix-synapse
yunohost service add matrix-synapse
# Régénère la configuration de SSOwat
sudo yunohost app ssowatconf
# Recharge la configuration Nginx
sudo service nginx reload
sudo service matrix-synapse restart
sudo service coturn restart
systemctl restart matrix-synapse.service
systemctl restart coturn.service

52
scripts/psql.sh Normal file
View file

@ -0,0 +1,52 @@
# # Execute a command as root user
#
# usage: ynh_psql_execute_as_root sql [db]
# | arg: sql - the SQL command to execute
# | arg: db - the database to connect to
ynh_psql_execute_as_root () {
sudo su -c "psql" - postgres <<< ${1}
}
# Create a user
#
# usage: ynh_psql_create_user user pwd [host]
# | arg: user - the user name to create
# | arg: pwd - the password to identify user by
ynh_psql_create_user() {
ynh_psql_execute_as_root \
"CREATE USER ${1} WITH PASSWORD '${2}';"
}
# Create a database and grant optionnaly privilegies to a user
#
# usage: ynh_psql_create_db db [user [pwd]]
# | arg: db - the database name to create
# | arg: user - the user to grant privilegies
# | arg: pwd - the password to identify user by
ynh_psql_create_db() {
db=$1
# grant all privilegies to user
if [[ $# -gt 1 ]]; then
ynh_psql_create_user ${2} "${3}"
sudo su -c "createdb -O ${2} $db" - postgres
else
sudo su -c "createdb $db" - postgres
fi
}
# Drop a database
#
# usage: ynh_psql_drop_db db
# | arg: db - the database name to drop
ynh_psql_drop_db() {
sudo su -c "dropdb ${1}" - postgres
}
# Drop a user
#
# usage: ynh_psql_drop_user user
# | arg: user - the user name to drop
ynh_psql_drop_user() {
sudo su -c "dropuser ${1}" - postgres
}

68
scripts/remove
View file

@ -1,28 +1,34 @@
#!/bin/bash
# Source YunoHost helpers
source /usr/share/yunohost/helpers
source ./psql.sh
# Stop script if errors
set -u
# Import common cmd
source ./_common.sh
# Init script
init_script
domain=$(ynh_app_setting_get $app domain)
# Retrieve app settings
domain=$(ynh_app_setting_get $app special_domain)
final_path=$(ynh_app_setting_get $app final_path)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
sudo service matrix-synapse stop || true
sudo service coturn stop || true
systemctl stop matrix-synapse.service || true
systemctl stop coturn.service || true
ynh_package_autoremove matrix-synapse python-matrix-synapse-ldap3 coturn || true
REMOVE_NGINX_CONF # Suppression de la configuration nginx
REMOVE_LOGROTATE_CONF # Suppression de la configuration de logrotate
# Suppression de la configuration nginx
ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf"
systemctl reload nginx.service
# Close firewall ports
closeport() {
if sudo yunohost firewall list | grep -q "\- $port$"
if yunohost firewall list | grep -q "\- $port$"
then
echo "Close port $port"
sudo yunohost firewall disallow TCP $port > /dev/null
yunohost firewall disallow TCP $port > /dev/null
fi
}
@ -31,13 +37,37 @@ closeport
port=$turnserver_tls_port
closeport
sudo rm -rf /etc/apt/sources.list.d/matrix.list
sudo rm -rf /var/lib/matrix-synapse
ynh_package_update
# Remove the skipped url
python $final_path/remove_sso_conf.py
sudo yunohost service remove matrix-synapse
# Remove depandance
ynh_remove_app_dependencies || true
# Régénère la configuration de SSOwat
sudo yunohost app ssowatconf
sudo service nginx reload
# Clean all directory
ynh_secure_remove $final_path
ynh_secure_remove /var/lib/matrix-synapse
ynh_secure_remove /var/log/matrix-synapse
ynh_secure_remove /etc/matrix-synapse
ynh_secure_remove /etc/default/matrix-synapse
# Remove systemd service
systemctl disable matrix-synapse.service
ynh_secure_remove /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
# Remove database and user
ynh_psql_drop_db $synapse_db_name
ynh_psql_drop_user $synapse_db_user
# Remove user
ynh_system_user_delete matrix-synapse
# Remove logrotate
ynh_remove_logrotate
# Remove Monitoring
yunohost service remove matrix-synapse
# Reload nginx
systemctl reload nginx.service

272
scripts/restore
View file

@ -1,236 +1,70 @@
#!/bin/bash
######## Actually we cant use common script in backup / restore script see this issue for more informations : https://dev.yunohost.org/issues/621
# # Import common cmd
# source ./_common.sh
#
# Source YunoHost helpers
source /usr/share/yunohost/helpers
######## We implement manually this fonctions
# Stop script if errors
ynh_abort_if_errors
#!/bin/bash
md5sum_python_nacl="34c44f8f5100170bae3b4329ffb43087"
md5sum_python_ujson="5b65f8cb6bedef7971fdc557e09effbe"
python_nacl_version="1.0.1-2"
python_ujson_version="1.35-1"
init_script() {
# Exit on command errors and treat unset variables as an error
set -eu
# Source YunoHost helpers
source /usr/share/yunohost/helpers
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
CHECK_VAR "$app" "app name not set"
GET_DEBIAN_VERSION
if [ -n "$(uname -m | grep 64)" ]; then
ARCHITECTURE="amd64"
elif [ -n "$(uname -m | grep 86)" ]; then
ARCHITECTURE="386"
elif [ -n "$(uname -m | grep arm)" ]; then
ARCHITECTURE="arm"
else
ynh_die "Unable to find arch"
fi
}
install_arm_package_dep() {
wget -q -O '/tmp/python-nacl.deb' "http://ftp.ch.debian.org/debian/pool/main/p/python-nacl/python-nacl_${python_nacl_version}_armhf.deb"
wget -q -O '/tmp/python-ujson.deb' "http://ftp.ch.debian.org/debian/pool/main/u/ujson/python-ujson_${python_ujson_version}_armhf.deb"
if ([[ ! -e '/tmp/python-nacl.deb' ]] || [[ $(md5sum '/tmp/python-nacl.deb' | cut -d' ' -f1) != $md5sum_python_nacl ]]) || \
([[ ! -e '/tmp/python-ujson.deb' ]] || [[ $(md5sum '/tmp/python-ujson.deb' | cut -d' ' -f1) != $md5sum_python_ujson ]])
then
ynh_die "Error : can't get debian dependance package"
fi
sudo dpkg -i /tmp/python-nacl.deb || true
sudo dpkg -i /tmp/python-ujson.deb || true
}
GET_DEBIAN_VERSION() {
debian_version=$(sudo lsb_release -sc)
test -z $debian_version && ynh_die "Can't find debian version"
test $debian_version == 'jessie' || ynh_die "This package is not available for your debian version"
}
enable_backport_repos() {
if [[ -z "$(grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list ; grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list.d/*)" ]]
then
echo "deb $(grep -m 1 "^deb .* $debian_version .*main" /etc/apt/sources.list | cut -d ' ' -f2) $debian_version-backports main contrib non-free" | sudo tee -a "/etc/apt/sources.list"
fi
ynh_package_update
}
set_access() { # example : set_access USER FILE
user="$1"
file_to_set="$2"
while [[ 0 ]]
do
path_to_set=""
oldIFS="$IFS"
IFS="/"
for dirname in $file_to_set
do
if [[ -n "$dirname" ]]
then
sudo test -f "$path_to_set"/"$dirname" && sudo setfacl -m d:u:$user:r "$path_to_set"
path_to_set="$path_to_set/$dirname"
if $(sudo sudo -u $user test ! -r "$path_to_set")
then
sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx "$path_to_set"
sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set"
fi
fi
done
IFS="$oldIFS"
if $(sudo test -L "$file_to_set")
then
if [[ -n "$(sudo readlink "$file_to_set" | grep -e "^/")" ]]
then
file_to_set=$(sudo readlink "$file_to_set") # If it is an absolute path
else
file_to_set=$(sudo realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(sudo readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path)
fi
else
break
fi
done
}
CHECK_VAR () { # Vérifie que la variable n'est pas vide.
# $1 = Variable à vérifier
# $2 = Texte à afficher en cas d'erreur
test -n "$1" || (echo "$2" >&2 && false)
}
CHECK_PATH () { # Vérifie la présence du / en début de path. Et son absence à la fin.
if [ "${path:0:1}" != "/" ]; then # Si le premier caractère n'est pas un /
path="/$path" # Ajoute un / en début de path
fi
if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # Si le dernier caractère est un / et que ce n'est pas le seul caractère.
path="${path:0:${#path}-1}" # Supprime le dernier caractère
fi
}
CHECK_DOMAINPATH () { # Vérifie la disponibilité du path et du domaine.
sudo yunohost app checkurl $domain$path -a $app
}
CHECK_FINALPATH () { # Vérifie que le dossier de destination n'est pas déjà utilisé.
final_path=/var/www/$app
if [ -e "$final_path" ]
then
echo "This path already contains a folder" >&2
false
fi
}
### REMOVE SCRIPT
REMOVE_NGINX_CONF () { # Suppression de la configuration nginx
if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then # Delete nginx config
echo "Delete nginx config"
sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf"
sudo service nginx reload
fi
}
REMOVE_LOGROTATE_CONF () { # Suppression de la configuration de logrotate
if [ -e "/etc/logrotate.d/$app" ]; then
echo "Delete logrotate config"
sudo rm "/etc/logrotate.d/$app"
fi
}
######## End of common fonctions
# Init script
init_script
# Import common cmd
source ../settings/scripts/_common.sh
source ../settings/scripts/psql.sh
# Retrieve arguments
domain=$(ynh_app_setting_get $app domain)
domain=$(ynh_app_setting_get $app special_domain)
path=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public)
synapse_port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
# Restore Nginx
conf=/etc/nginx/conf.d/$domain.d/$app.conf
if [ -f $conf ]; then
ynh_die "There is already a nginx conf file at this path: $conf"
fi
sudo cp -a ./nginx.conf "/etc/nginx/conf.d/${domain}.d/${app}.conf"
# Check domain/path availability
ynh_webpath_available $domain $path || ynh_die "$domain/$path is not available, please use an other domain."
# Make dh cert for synapse if it not exist
test ! -e /etc/yunohost/certs/$domain/dh.pem && sudo openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null
# Get Matrix key repos
wget -q -O '/tmp/matrix-repo-key.asc' "https://matrix.org/packages/debian/repo-key.asc"
sudo apt-key add "/tmp/matrix-repo-key.asc"
echo "matrix-synapse matrix-synapse/server-name select $domain" | sudo debconf-set-selections # Configure dpkg for no questions
echo "matrix-synapse matrix-synapse/report-stats select false" | sudo debconf-set-selections # Configure dpkg for no questions
# Install coturn (the turn server)
ynh_package_install coturn
# Enable debian-backports repos
enable_backport_repos
# Enable Synapse repos
if [[ -n "$(uname -m | grep arm)" ]]
then
# Use special conf for arm arch because some binary are not available in jessie backport or in matrix repos
install_arm_package_dep
ynh_package_install -t $debian_version-backports -f
echo "deb [arch=i386] http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list"
ynh_package_update
else
echo "deb http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list"
ynh_package_update
fi
# Install synapse package
# We neet to install python-cryptography to Solve a python error about dependance (from cryptography.hazmat.primitives.asymmetric.utils)
ynh_package_install -t $debian_version-backports matrix-synapse python-matrix-synapse-ldap3 python-cryptography
# Restaure la configuration de logrotate
sudo cp -a ./logrotate /etc/logrotate.d/$app
# Restore synapse config
sudo cp -a ./synapse_config/. "/etc/matrix-synapse/."
# Restore coturn server
sudo cp -a ./coturn_config "/etc/turnserver.conf"
sudo cp -a ./coturn_config_default "/etc/default/coturn"
# Restore synapse database
sudo cp -a ./data/. "/var/lib/matrix-synapse/."
# Configure access for certificates
set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
set_access turnserver /etc/yunohost/certs/$domain/crt.pem
set_access turnserver /etc/yunohost/certs/$domain/key.pem
set_access turnserver /etc/yunohost/certs/$domain/dh.pem
test ! -e /etc/yunohost/certs/$domain/dh.pem && openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null
# Ouvre le port dans le firewall
sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
sudo yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
# Régénère la configuration de SSOwat
sudo yunohost app ssowatconf
# Install all dependances
install_dependances
# Create user
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
# Create directory Install synapse in virtualenv
install_from_source
# Restore all config and data
ynh_restore
# Configure access for certificates
set_certificat_access
# Restore postgresql database
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name
ENCODING 'UTF8'
LC_COLLATE='C'
LC_CTYPE='C'
template=template0
OWNER $synapse_db_user;"
su -c "psql $synapse_db_name" postgres < ${YNH_CWD}/dump.sql
# Enable systemd service
systemctl daemon-reload
systemctl enable matrix-synapse.service
# register yunohost service
yunohost service add matrix-synapse
# Reload webserver
sudo service nginx reload
sudo service matrix-synapse restart
sudo service coturn restart
systemctl reload nginx.service
systemctl restart matrix-synapse.service
systemctl restart coturn.service

147
scripts/upgrade
View file

@ -1,67 +1,128 @@
#!/bin/bash
# Source YunoHost helpers
source /usr/share/yunohost/helpers
source ./psql.sh
# Stop script if errors
ynh_abort_if_errors
# Import common cmd
source ./_common.sh
# Init script
init_script
# Retrieve arguments
domain=$(ynh_app_setting_get $app domain)
path=$(ynh_app_setting_get $app path)
domain=$(ynh_app_setting_get $app special_domain)
path=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
synapse_old_version=$(ynh_app_setting_get $app synapse_version)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public)
synapse_port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
CHECK_PATH # Vérifie et corrige la syntaxe du path.
systemctl stop matrix-synapse.service
if [[ -n "$(uname -m | grep arm)" ]]
if [[ -z $synapse_old_version ]]
then
install_arm_package_dep
ynh_die "Update from this version is not available now. You need to wait for the next update."
## We move from debian package to new package with python virtualenv
# Change settings
path="/_matrix"
domain=$(ynh_app_setting_get $app domain)
final_path="/opt/yunohost/matrix-synapse"
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_delete $app domain
ynh_app_setting_delete $app path
ynh_app_setting_delete $app skipped_uris
# Remove old package and add new package as dependance
ynh_secure_remove /etc/apt/sources.list.d/matrix.list
ynh_package_autoremove --purge matrix-synapse python-matrix-synapse-ldap3 || true
# If we don't remove these line in dpkg config, dpkg fail on every new package install
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/lib/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/log/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /etc/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
# add new package as dependance and install dependance
install_dependances
# Create directory Install synapse in virtualenv
install_from_source
# Open access to server without a button the home
cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py
# Create user
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
# Create systemd service
ynh_secure_remove /etc/init.d/matrix-synapse
ynh_secure_remove /lib/systemd/system/matrix-synapse.service
ynh_secure_remove /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
systemctl disable matrix-synapse.service
cp ../conf/default_matrix-synapse /etc/default/matrix-synapse
cp ../conf/matrix-synapse.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable matrix-synapse.service
# Configuration de logrotate
ynh_use_logrotate /var/log/matrix-synapse/
# register yunohost service
yunohost service add matrix-synapse
## Move to postgresql from sqlite
# We create the new settings
synapse_db_pwd=$(ynh_string_random 30)
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
# Create postgresql database
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
# Create config file for synapse with postgresql
config_synapse
# Migrate database
/opt/yunohost/matrix-synapse/bin/synapse_port_db --sqlite-database /var/lib/matrix-synapse/homeserver.db \
--postgres-config /etc/matrix-synapse/homeserver.yaml
fi
# Et copie le fichier de config nginx
sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
# Modifie les variables dans le fichier de configuration nginx
sudo sed -i "s@__PATH__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf
sudo sed -i "s@__PORT__@$synapse_port@g" /etc/nginx/conf.d/$domain.d/$app.conf
# Update nginx config
config_nginx
# Configure Synapse
sudo cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__DOMAIN__@$domain@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__PORT__@$synapse_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TLS_PORT__@$synapse_tls_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TURNSERVER_TLS_PORT__@$turnserver_tls_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/matrix-synapse/homeserver.yaml
config_synapse
# Configure access for certificates
set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
set_access turnserver /etc/yunohost/certs/$domain/crt.pem
set_access turnserver /etc/yunohost/certs/$domain/key.pem
set_access turnserver /etc/yunohost/certs/$domain/dh.pem
if [ "$is_public" = "0" ]
then
sudo sed -i "s@__ALLOWED_ACCESS__@False@g" /etc/matrix-synapse/homeserver.yaml
else
sudo sed -i "s@__ALLOWED_ACCESS__@True@g" /etc/matrix-synapse/homeserver.yaml
fi
set_certificat_access
# Configure Coturn
sudo cp ../conf/turnserver.conf /etc/turnserver.conf
sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/turnserver.conf
sudo sed -i "s@__DOMAIN__@$domain@g" /etc/turnserver.conf
sudo sed -i "s@__TLS_PORT__@$turnserver_tls_port@g" /etc/turnserver.conf
config_coturn
# Upgrade manually Synapse
PS1=""
source $final_path/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
pip install --upgrade https://github.com/matrix-org/synapse/tarball/master
# Set new settings
ynh_app_setting_set $app synapse_version $synapse_version
# Régénère la configuration de SSOwat
sudo yunohost app ssowatconf
# Recharge la configuration Nginx
sudo service nginx reload
sudo service matrix-synapse restart
sudo service coturn restart
systemctl reload nginx.service
systemctl start matrix-synapse.service
systemctl restart coturn.service