diff --git a/README.md b/README.md index 7f3a2de..af916a7 100644 --- a/README.md +++ b/README.md @@ -11,6 +11,8 @@ If you don't have a dh.pem file in `/etc/yunohost/certs/YOUR DOMAIN/dh.pem` you You could built it by this cmd : `sudo openssl dhparam -out /etc/yunohost/certs/YOUR DOMAIN/dh.pem 2048 > /dev/null` After that you can install it without problem. +The install use the python virtualenvironement. Everything is built on the install and some package a compiled so it could take a long time if the processor is slow. + ## Package update package sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh diff --git a/conf/add_sso_conf.py b/conf/add_sso_conf.py new file mode 100644 index 0000000..49a23e7 --- /dev/null +++ b/conf/add_sso_conf.py @@ -0,0 +1,11 @@ +import json + +with open("/etc/ssowat/conf.json.persistent", "r") as jsonFile: + data = json.load(jsonFile) + if "skipped_urls" in data: + data["skipped_urls"].append("/_matrix") + else: + data["skipped_urls"] = ["/_matrix"] + +with open("/etc/ssowat/conf.json.persistent", "w") as jsonFile: + jsonFile.write(json.dumps(data, indent=4, sort_keys=True)) \ No newline at end of file diff --git a/conf/default_matrix-synapse b/conf/default_matrix-synapse new file mode 100644 index 0000000..abb2d4c --- /dev/null +++ b/conf/default_matrix-synapse @@ -0,0 +1,3 @@ +# Specify environment variables used when running Synapse +# SYNAPSE_CACHE_FACTOR=1 (default) + diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index 9f03860..922af14 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -15,7 +15,6 @@ tls_dh_params_path: "/etc/yunohost/certs/__DOMAIN__/dh.pem" # Don't bind to the https port no_tls: False - ## Server ## server_name: "__DOMAIN__" @@ -109,11 +108,15 @@ listeners: # Database configuration database: # The database engine name - name: "sqlite3" + name: psycopg2 # Arguments to pass to the engine - args: - # Path to the database - database: "/var/lib/matrix-synapse/homeserver.db" + args: + user: __SYNAPSE_DB_USER__ + password: __SYNAPSE_DB_PWD__ + database: matrix_synapse + host: localhost + cp_min: 5 + cp_max: 10 # Number of events to cache in memory. event_cache_size: "10K" @@ -326,6 +329,7 @@ trusted_third_party_id_servers: # Enable collection and rendering of performance metrics enable_metrics: False +report_stats: False ## API Configuration ## diff --git a/conf/log.yaml b/conf/log.yaml new file mode 100644 index 0000000..97846ec --- /dev/null +++ b/conf/log.yaml @@ -0,0 +1,36 @@ + +version: 1 + +formatters: + precise: + format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s' + +filters: + context: + (): synapse.util.logcontext.LoggingContextFilter + request: "" + +handlers: + file: + class: logging.handlers.RotatingFileHandler + formatter: precise + filename: /var/log/matrix-synapse/homeserver.log + maxBytes: 104857600 + backupCount: 10 + filters: [context] + level: INFO + console: + class: logging.StreamHandler + formatter: precise + level: WARN + +loggers: + synapse: + level: INFO + + synapse.storage.SQL: + level: INFO + +root: + level: INFO + handlers: [file, console] diff --git a/conf/logrotate b/conf/logrotate deleted file mode 100644 index 57ea2cf..0000000 --- a/conf/logrotate +++ /dev/null @@ -1,20 +0,0 @@ -/var/log/__APP_/.log { - # Effectue une rotation des logs tout les mois - monthly - # Ou si le fichier de log dépasse 100Mo - size 100M - # Garde un maximum de 12 anciens logs - rotate 12 - # Compresse les logs avec gzip - compress - # Compresse le log au cycle suivant. Donc garde toujours 2 logs non compressés. - delaycompress - # Copie et tronque le journal pour permettre la poursuite de l'écriture. Plutôt que de déplacer le log. - copytruncate - # Ne renvoi pas d'erreur si le fichier de log est absent. - missingok - # Ne fait pas de rotation si le log est vide. - notifempty - # Garde les anciens logs dans le même dossier. - noolddir -} diff --git a/conf/matrix-synapse.service b/conf/matrix-synapse.service new file mode 100644 index 0000000..c415f71 --- /dev/null +++ b/conf/matrix-synapse.service @@ -0,0 +1,15 @@ +[Unit] +Description=Synapse Matrix homeserver + +[Service] +Type=simple +User=matrix-synapse +WorkingDirectory=/var/lib/matrix-synapse +EnvironmentFile=/etc/default/matrix-synapse +ExecStartPre=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --generate-keys +ExecStart=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ +Restart=always +RestartSec=3 + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/conf/nginx.conf b/conf/nginx.conf index f493f11..f7cc45b 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,4 +1,6 @@ location __PATH__ { proxy_pass http://localhost:__PORT__; proxy_set_header X-Forwarded-For $remote_addr; + + client_max_body_size 100M; } \ No newline at end of file diff --git a/conf/remove_sso_conf.py b/conf/remove_sso_conf.py new file mode 100644 index 0000000..effdcca --- /dev/null +++ b/conf/remove_sso_conf.py @@ -0,0 +1,8 @@ +import json + +with open("/etc/ssowat/conf.json.persistent", "r") as jsonFile: + data = json.load(jsonFile) + data["skipped_urls"].remove("/_matrix") + +with open("/etc/ssowat/conf.json.persistent", "w") as jsonFile: + jsonFile.write(json.dumps(data, indent=4, sort_keys=True)) \ No newline at end of file diff --git a/conf/virtualenv_activate b/conf/virtualenv_activate new file mode 100644 index 0000000..ae3c5b2 --- /dev/null +++ b/conf/virtualenv_activate @@ -0,0 +1,78 @@ +# This file must be used with "source bin/activate" *from bash* +# you cannot run it directly + +deactivate () { + unset -f pydoc >/dev/null 2>&1 + + # reset old environment variables + # ! [ -z ${VAR+_} ] returns true if VAR is declared at all + if ! [ -z "${_OLD_VIRTUAL_PATH+_}" ] ; then + PATH="$_OLD_VIRTUAL_PATH" + export PATH + unset _OLD_VIRTUAL_PATH + fi + if ! [ -z "${_OLD_VIRTUAL_PYTHONHOME+_}" ] ; then + PYTHONHOME="$_OLD_VIRTUAL_PYTHONHOME" + export PYTHONHOME + unset _OLD_VIRTUAL_PYTHONHOME + fi + + # This should detect bash and zsh, which have a hash command that must + # be called to get it to forget past commands. Without forgetting + # past commands the $PATH changes we made may not be respected + if [ -n "${BASH-}" ] || [ -n "${ZSH_VERSION-}" ] ; then + hash -r 2>/dev/null + fi + + if ! [ -z "${_OLD_VIRTUAL_PS1+_}" ] ; then + PS1="$_OLD_VIRTUAL_PS1" + export PS1 + unset _OLD_VIRTUAL_PS1 + fi + + unset VIRTUAL_ENV + if [ ! "${1-}" = "nondestructive" ] ; then + # Self destruct! + unset -f deactivate + fi +} + +# unset irrelevant variables +deactivate nondestructive + +VIRTUAL_ENV="/opt/yunohost/matrix-synapse" +export VIRTUAL_ENV + +_OLD_VIRTUAL_PATH="$PATH" +PATH="$VIRTUAL_ENV/bin:$PATH" +export PATH + +# unset PYTHONHOME if set +if ! [ -z "${PYTHONHOME+_}" ] ; then + _OLD_VIRTUAL_PYTHONHOME="$PYTHONHOME" + unset PYTHONHOME +fi + +if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT-}" ] ; then + _OLD_VIRTUAL_PS1="$PS1" + if [ "x" != x ] ; then + PS1="$PS1" + else + PS1="(`basename \"$VIRTUAL_ENV\"`) $PS1" + fi + export PS1 +fi + +# Make sure to unalias pydoc if it's already there +alias pydoc 2>/dev/null >/dev/null && unalias pydoc + +pydoc () { + python -m pydoc "$@" +} + +# This should detect bash and zsh, which have a hash command that must +# be called to get it to forget past commands. Without forgetting +# past commands the $PATH changes we made may not be respected +if [ -n "${BASH-}" ] || [ -n "${ZSH_VERSION-}" ] ; then + hash -r 2>/dev/null +fi diff --git a/manifest.json b/manifest.json index 4b7ba78..c639014 100644 --- a/manifest.json +++ b/manifest.json @@ -3,20 +3,20 @@ "id": "synapse", "packaging_format": 1, "requirements": { - "yunohost": ">= 2.4" + "yunohost": ">= 2.6.4" }, "description": { "en": "Instant messaging server who use matrix", "fr": "Un serveur de messagerie instantané basé sur matrix" }, - "version": "1.0", - "url": "http://www.site", + "version": "0.22.0", + "url": "http://matrix.org", "license": "free", "maintainer": { "name": "Josué Tille", "email": "josue@tille.ch" }, - "multi_instance": true, + "multi_instance": false, "services": [ "nginx" ], @@ -31,15 +31,15 @@ }, "example": "domain.org" }, - { - "name": "is_public", - "type": "boolean", - "ask": { - "en": "Is it a public server ?", - "fr": "Est-ce un serveur public ?" - }, - "default": "0" - } + { + "name": "is_public", + "type": "boolean", + "ask": { + "en": "Is it a public server ?", + "fr": "Est-ce un serveur public ?" + }, + "default": "0" + } ] } } diff --git a/scripts/_common.sh b/scripts/_common.sh index e760d4f..3a4b407 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,162 +1,126 @@ #!/bin/bash -debian_repos="http://httpredir.debian.org/debian/" -md5sum_python_nacl="34c44f8f5100170bae3b4329ffb43087" -md5sum_python_ujson="5b65f8cb6bedef7971fdc557e09effbe" -python_nacl_version="1.0.1-2" -python_ujson_version="1.35-1" +# Retrieve arguments +app=$YNH_APP_INSTANCE_NAME +synapse_user="matrix-synapse" +synapse_db_name="matrix_synapse" +synapse_db_user="matrix_synapse" +synapse_version="0.22.0" -init_script() { - # Exit on command errors and treat unset variables as an error - set -eu +install_dependances() { + ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libjpeg-dev libpq-dev postgresql + pip install --upgrade pip + pip install --upgrade ndg-httpsclient + pip install --upgrade virtualenv +} - # Source YunoHost helpers - source /usr/share/yunohost/helpers +install_from_source() { + # Create empty dir for synapse + mkdir -p /var/lib/matrix-synapse + mkdir -p /var/log/matrix-synapse + mkdir -p /etc/matrix-synapse/conf.d + mkdir -p $final_path - # Retrieve arguments - app=$YNH_APP_INSTANCE_NAME - CHECK_VAR "$app" "app name not set" - GET_DEBIAN_VERSION + # Install synapse in virtualenv + virtualenv -p python2.7 $final_path + PS1="" + cp ../conf/virtualenv_activate $final_path/bin/activate + source $final_path/bin/activate + pip install --upgrade pip + pip install --upgrade setuptools + pip install https://github.com/matrix-org/synapse/tarball/master + pip install psycopg2 - if [ -n "$(uname -m | grep 64)" ]; then - ARCHITECTURE="amd64" - elif [ -n "$(uname -m | grep 86)" ]; then - ARCHITECTURE="386" - elif [ -n "$(uname -m | grep arm)" ]; then - ARCHITECTURE="arm" - else - ynh_die "Unable to find arch" - fi + # Set permission + chown $synapse_user:root -R $final_path + chown $synapse_user:root -R /var/lib/matrix-synapse + chown $synapse_user:root -R /var/log/matrix-synapse + chown $synapse_user:root -R /etc/matrix-synapse } -install_arm_package_dep() { +config_nginx() { + cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf - wget -q -O '/tmp/python-nacl.deb' "${debian_repos}pool/main/p/python-nacl/python-nacl_${python_nacl_version}_armhf.deb" - wget -q -O '/tmp/python-ujson.deb' "${debian_repos}pool/main/u/ujson/python-ujson_${python_ujson_version}_armhf.deb" - - if ([[ ! -e '/tmp/python-nacl.deb' ]] || [[ $(md5sum '/tmp/python-nacl.deb' | cut -d' ' -f1) != $md5sum_python_nacl ]]) || \ - ([[ ! -e '/tmp/python-ujson.deb' ]] || [[ $(md5sum '/tmp/python-ujson.deb' | cut -d' ' -f1) != $md5sum_python_ujson ]]) - then - ynh_die "Error : can't get debian dependance package" - fi - - sudo dpkg -i /tmp/python-nacl.deb || true - sudo dpkg -i /tmp/python-ujson.deb || true + ynh_replace_string __PATH__ $path /etc/nginx/conf.d/$domain.d/$app.conf + ynh_replace_string __PORT__ $synapse_port /etc/nginx/conf.d/$domain.d/$app.conf + + systemctl reload nginx.service } -GET_DEBIAN_VERSION() { - debian_version=$(sudo lsb_release -sc) - test -z $debian_version && ynh_die "Can't find debian version" - test $debian_version == 'jessie' || ynh_die "This package is not available for your debian version" +config_synapse() { + cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml + cp ../conf/log.yaml /etc/matrix-synapse/log.yaml + + ynh_replace_string __DOMAIN__ $domain /etc/matrix-synapse/homeserver.yaml + ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-synapse/homeserver.yaml + ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-synapse/homeserver.yaml + ynh_replace_string __PORT__ $synapse_port /etc/matrix-synapse/homeserver.yaml + ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-synapse/homeserver.yaml + ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-synapse/homeserver.yaml + ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-synapse/homeserver.yaml + + if [ "$is_public" = "0" ] + then + ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-synapse/homeserver.yaml + else + ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-synapse/homeserver.yaml + fi } -enable_backport_repos() { - if [[ -z "$(grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list ; grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list.d/*.list)" ]] - then - debian_repos_url=$(grep -m 1 "^deb .* $debian_version .*main" /etc/apt/sources.list | cut -d ' ' -f2) - test -z "$(echo $debian_repos_url | grep '://')" && debian_repos_url="$debian_repos" - - echo "deb $debian_repos_url $debian_version-backports main contrib non-free" | sudo tee -a "/etc/apt/sources.list" - fi - ynh_package_update +config_coturn() { + cp ../conf/default_coturn /etc/default/coturn + cp ../conf/turnserver.conf /etc/turnserver.conf + + ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/turnserver.conf + ynh_replace_string __DOMAIN__ $domain /etc/turnserver.conf + ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/turnserver.conf +} + +set_certificat_access() { + set_access $synapse_user /etc/yunohost/certs/$domain/crt.pem + set_access $synapse_user /etc/yunohost/certs/$domain/key.pem + set_access $synapse_user /etc/yunohost/certs/$domain/dh.pem + + set_access turnserver /etc/yunohost/certs/$domain/crt.pem + set_access turnserver /etc/yunohost/certs/$domain/key.pem + set_access turnserver /etc/yunohost/certs/$domain/dh.pem } set_access() { # example : set_access USER FILE -user="$1" -file_to_set="$2" -while [[ 0 ]] -do - path_to_set="" - oldIFS="$IFS" - IFS="/" - for dirname in $file_to_set + user="$1" + file_to_set="$2" + while [[ 0 ]] do - if [[ -n "$dirname" ]] - then - sudo test -f "$path_to_set"/"$dirname" && sudo setfacl -m d:u:$user:r "$path_to_set" - - path_to_set="$path_to_set/$dirname" - - if $(sudo sudo -u $user test ! -r "$path_to_set") + path_to_set="" + oldIFS="$IFS" + IFS="/" + for dirname in $file_to_set + do + if [[ -n "$dirname" ]] then - sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx "$path_to_set" - sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set" + test -f "$path_to_set"/"$dirname" && setfacl -m d:u:$user:r "$path_to_set" + + path_to_set="$path_to_set/$dirname" + + if $(sudo -u $user test ! -r "$path_to_set") + then + test -d "$path_to_set" && setfacl -m user:$user:rx "$path_to_set" + test -f "$path_to_set" && setfacl -m user:$user:r "$path_to_set" + fi fi + done + IFS="$oldIFS" + + if $(test -L "$file_to_set") + then + if [[ -n "$(readlink "$file_to_set" | grep -e "^/")" ]] + then + file_to_set=$(readlink "$file_to_set") # If it is an absolute path + else + file_to_set=$(realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path) + fi + else + break fi done - IFS="$oldIFS" - - if $(sudo test -L "$file_to_set") - then - if [[ -n "$(sudo readlink "$file_to_set" | grep -e "^/")" ]] - then - file_to_set=$(sudo readlink "$file_to_set") # If it is an absolute path - else - file_to_set=$(sudo realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(sudo readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path) - fi - else - break - fi -done -} - -CHECK_VAR () { # Vérifie que la variable n'est pas vide. -# $1 = Variable à vérifier -# $2 = Texte à afficher en cas d'erreur - test -n "$1" || (echo "$2" >&2 && false) -} - -CHECK_PATH () { # Vérifie la présence du / en début de path. Et son absence à la fin. - if [ "${path:0:1}" != "/" ]; then # Si le premier caractère n'est pas un / - path="/$path" # Ajoute un / en début de path - fi - if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # Si le dernier caractère est un / et que ce n'est pas le seul caractère. - path="${path:0:${#path}-1}" # Supprime le dernier caractère - fi -} - -CHECK_DOMAINPATH () { # Vérifie la disponibilité du path et du domaine. - sudo yunohost app checkurl $domain$path -a $app -} - -CHECK_FINALPATH () { # Vérifie que le dossier de destination n'est pas déjà utilisé. - final_path=/var/www/$app - if [ -e "$final_path" ] - then - echo "This path already contains a folder" >&2 - false - fi -} - -# Find a free port and return it -# -# example: port=$(ynh_find_port 8080) -# -# usage: ynh_find_port begin_port -# | arg: begin_port - port to start to search -ynh_find_port () { - port=$1 - test -n "$port" || ynh_die "The argument of ynh_find_port must be a valid port." - while netcat -z 127.0.0.1 $port # Check if the port is free - do - port=$((port+1)) # Else, pass to next port - done - echo $port -} - -### REMOVE SCRIPT - -REMOVE_NGINX_CONF () { # Suppression de la configuration nginx - if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then # Delete nginx config - echo "Delete nginx config" - sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf" - sudo service nginx reload - fi -} - -REMOVE_LOGROTATE_CONF () { # Suppression de la configuration de logrotate - if [ -e "/etc/logrotate.d/$app" ]; then - echo "Delete logrotate config" - sudo rm "/etc/logrotate.d/$app" - fi } diff --git a/scripts/backup b/scripts/backup index 5f513d4..385a268 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,55 +1,17 @@ #!/bin/bash -######## Actually we cant use common script in backup / restore script see this issue for more informations : https://dev.yunohost.org/issues/621 -# # Import common cmd -# source ./_common.sh -# +# Source YunoHost helpers +source /usr/share/yunohost/helpers -######## We implement manually this fonctions +# Stop script if errors +ynh_abort_if_errors -init_script() { - # Exit on command errors and treat unset variables as an error - set -eu - - # Source YunoHost helpers - source /usr/share/yunohost/helpers - - # Retrieve arguments - app=$YNH_APP_INSTANCE_NAME - CHECK_VAR "$app" "app name not set" - GET_DEBIAN_VERSION - - if [ -n "$(uname -m | grep 64)" ]; then - ARCHITECTURE="amd64" - elif [ -n "$(uname -m | grep 86)" ]; then - ARCHITECTURE="386" - elif [ -n "$(uname -m | grep arm)" ]; then - ARCHITECTURE="arm" - else - ynh_die "Unable to find arch" - fi -} - -GET_DEBIAN_VERSION() { - debian_version=$(sudo lsb_release -sc) - test -z $debian_version && ynh_die "Can't find debian version" - test $debian_version == 'jessie' || ynh_die "This package is not available for your debian version" -} - -CHECK_VAR () { # Vérifie que la variable n'est pas vide. -# $1 = Variable à vérifier -# $2 = Texte à afficher en cas d'erreur - test -n "$1" || (echo "$2" >&2 && false) -} - -######## End of common fonctions - -# Init script -init_script +# Import common cmd +source ../settings/scripts/_common.sh +source ../settings/scripts/psql.sh # Retrieve arguments -final_path=$(ynh_app_setting_get $app final_path) -domain=$(ynh_app_setting_get $app domain) +domain=$(ynh_app_setting_get $app special_domain) # Copy Nginx config ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" @@ -62,9 +24,14 @@ ynh_backup "/etc/turnserver.conf" "coturn_config" ynh_backup "/etc/default/coturn" "coturn_config_default" # Backup synapse database -ynh_backup "/var/lib/matrix-synapse" "data" +ynh_backup "/var/lib/matrix-synapse" "data" 1 + +# Backup Postgresql database +sudo su -c "pg_dump $synapse_db_name" postgres > ${YNH_CWD}/dump.sql # Copie la configuration de logrotate ynh_backup "/etc/logrotate.d/$app" "logrotate" - +# Backup systemd service +ynh_backup "/etc/default/matrix-synapse" +ynh_backup "/etc/systemd/system/matrix-synapse.service" \ No newline at end of file diff --git a/scripts/install b/scripts/install index 7255400..9647656 100644 --- a/scripts/install +++ b/scripts/install @@ -1,122 +1,97 @@ #!/bin/bash +# Source YunoHost helpers +source /usr/share/yunohost/helpers +source ./psql.sh + +# Stop script if errors +ynh_abort_if_errors + # Import common cmd source ./_common.sh -# Init script -init_script - # Retrieve arguments domain=$YNH_APP_ARG_DOMAIN -path="/_matrix" is_public=$YNH_APP_ARG_IS_PUBLIC +path="/_matrix" +final_path="/opt/yunohost/matrix-synapse" -CHECK_PATH # Vérifie et corrige la syntaxe du path. -CHECK_DOMAINPATH # Vérifie la disponibilité du path et du domaine. -CHECK_FINALPATH # Vérifie que le dossier de destination n'est pas déjà utilisé. +# Check domain/path availability +test $(ynh_webpath_available $domain $path) == 'True' || ynh_die "$domain$path is not available, please use an other domain." + +# Check Final Path availability +test ! -e "$final_path" || ynh_die "This path already contains a folder" # Ouvre le port dans le firewall synapse_tls_port=$(ynh_find_port 8448) synapse_port=$(ynh_find_port 8008) turnserver_tls_port=$(ynh_find_port 5349) -sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1 -sudo yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1 +yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1 +yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1 # Make dh cert for synapse if it not exist -test ! -e /etc/yunohost/certs/$domain/dh.pem && sudo openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null +test ! -e /etc/yunohost/certs/$domain/dh.pem && openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null -# Find password for turnserver +# Find password for turnserver and database turnserver_pwd=$(ynh_string_random 30) +synapse_db_pwd=$(ynh_string_random 30) # Enregistre les infos dans la config YunoHost -ynh_app_setting_set $app domain $domain -ynh_app_setting_set $app path $path +ynh_app_setting_set $app special_domain $domain +ynh_app_setting_set $app special_path $path +ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set $app synapse_version $synapse_version +ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app synapse_port $synapse_port ynh_app_setting_set $app synapse_tls_port $synapse_tls_port ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port ynh_app_setting_set $app turnserver_pwd $turnserver_pwd -# Et copie le fichier de config nginx -sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf +# Install all dependances +install_dependances -# Modifie les variables dans le fichier de configuration nginx -sudo sed -i "s@__PATH__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf -sudo sed -i "s@__PORT__@$synapse_port@g" /etc/nginx/conf.d/$domain.d/$app.conf +# Create user +ynh_system_user_create $synapse_user /var/lib/matrix-synapse -# Get Matrix key repos -wget -q -O '/tmp/matrix-repo-key.asc' "https://matrix.org/packages/debian/repo-key.asc" -sudo apt-key add "/tmp/matrix-repo-key.asc" +# Create postgresql database +ynh_psql_create_user $synapse_db_user $synapse_db_pwd +ynh_psql_execute_as_root \ +"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" -echo "matrix-synapse matrix-synapse/server-name select $domain" | sudo debconf-set-selections # Configure dpkg for no questions -echo "matrix-synapse matrix-synapse/report-stats select false" | sudo debconf-set-selections # Configure dpkg for no questions +# Create directory Install synapse in virtualenv +install_from_source -# Install coturn (the turn server) -ynh_package_install coturn +# Open access to server without a button the home +cp ../conf/add_sso_conf.py $final_path +cp ../conf/remove_sso_conf.py $final_path +python $final_path/add_sso_conf.py -# Enable debian-backports repos -enable_backport_repos +# Create systemd service +cp ../conf/default_matrix-synapse /etc/default/matrix-synapse +cp ../conf/matrix-synapse.service /etc/systemd/system/ +systemctl daemon-reload +systemctl enable matrix-synapse.service -# Enable Synapse repos -if [[ -n "$(uname -m | grep arm)" ]] -then - # Use special conf for arm arch because some binary are not available in jessie backport or in matrix repos - install_arm_package_dep - ynh_package_install -t $debian_version-backports -f - echo "deb [arch=i386] http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list" - ynh_package_update -else - echo "deb http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list" - ynh_package_update -fi - -# Install synapse package -# We neet to install python-cryptography to Solve a python error about dependance (from cryptography.hazmat.primitives.asymmetric.utils) -ynh_package_install -t $debian_version-backports matrix-synapse python-matrix-synapse-ldap3 python-cryptography +# Config nginx +config_nginx # Configure Synapse -sudo cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml -sudo sed -i "s@__DOMAIN__@$domain@g" /etc/matrix-synapse/homeserver.yaml -sudo sed -i "s@__PORT__@$synapse_port@g" /etc/matrix-synapse/homeserver.yaml -sudo sed -i "s@__TLS_PORT__@$synapse_tls_port@g" /etc/matrix-synapse/homeserver.yaml -sudo sed -i "s@__TURNSERVER_TLS_PORT__@$turnserver_tls_port@g" /etc/matrix-synapse/homeserver.yaml -sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/matrix-synapse/homeserver.yaml -if [ "$is_public" = "0" ] -then - sudo sed -i "s@__ALLOWED_ACCESS__@False@g" /etc/matrix-synapse/homeserver.yaml -else - sudo sed -i "s@__ALLOWED_ACCESS__@True@g" /etc/matrix-synapse/homeserver.yaml -fi +config_synapse # Configure Coturn -sudo cp ../conf/default_coturn /etc/default/coturn -sudo cp ../conf/turnserver.conf /etc/turnserver.conf -sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/turnserver.conf -sudo sed -i "s@__DOMAIN__@$domain@g" /etc/turnserver.conf -sudo sed -i "s@__TLS_PORT__@$turnserver_tls_port@g" /etc/turnserver.conf +config_coturn # Configure access for certificates -set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem -set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem -set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem - -set_access turnserver /etc/yunohost/certs/$domain/crt.pem -set_access turnserver /etc/yunohost/certs/$domain/key.pem -set_access turnserver /etc/yunohost/certs/$domain/dh.pem +set_certificat_access # Configuration de logrotate -sed -i "s@__APP__@$app@g" ../conf/logrotate -sudo cp ../conf/logrotate /etc/logrotate.d/$app - -ynh_app_setting_set $app skipped_uris "/" +ynh_use_logrotate /var/log/matrix-synapse/ # register yunohost service -sudo yunohost service add matrix-synapse +yunohost service add matrix-synapse -# Régénère la configuration de SSOwat -sudo yunohost app ssowatconf # Recharge la configuration Nginx -sudo service nginx reload -sudo service matrix-synapse restart -sudo service coturn restart +systemctl restart matrix-synapse.service +systemctl restart coturn.service diff --git a/scripts/psql.sh b/scripts/psql.sh new file mode 100644 index 0000000..81b44cb --- /dev/null +++ b/scripts/psql.sh @@ -0,0 +1,52 @@ +# # Execute a command as root user +# +# usage: ynh_psql_execute_as_root sql [db] +# | arg: sql - the SQL command to execute +# | arg: db - the database to connect to +ynh_psql_execute_as_root () { + sudo su -c "psql" - postgres <<< ${1} +} + +# Create a user +# +# usage: ynh_psql_create_user user pwd [host] +# | arg: user - the user name to create +# | arg: pwd - the password to identify user by +ynh_psql_create_user() { + ynh_psql_execute_as_root \ + "CREATE USER ${1} WITH PASSWORD '${2}';" +} + +# Create a database and grant optionnaly privilegies to a user +# +# usage: ynh_psql_create_db db [user [pwd]] +# | arg: db - the database name to create +# | arg: user - the user to grant privilegies +# | arg: pwd - the password to identify user by +ynh_psql_create_db() { + db=$1 + # grant all privilegies to user + if [[ $# -gt 1 ]]; then + ynh_psql_create_user ${2} "${3}" + sudo su -c "createdb -O ${2} $db" - postgres + else + sudo su -c "createdb $db" - postgres + fi + +} + +# Drop a database +# +# usage: ynh_psql_drop_db db +# | arg: db - the database name to drop +ynh_psql_drop_db() { + sudo su -c "dropdb ${1}" - postgres +} + +# Drop a user +# +# usage: ynh_psql_drop_user user +# | arg: user - the user name to drop +ynh_psql_drop_user() { + sudo su -c "dropuser ${1}" - postgres +} \ No newline at end of file diff --git a/scripts/remove b/scripts/remove index df2cbdb..1469010 100755 --- a/scripts/remove +++ b/scripts/remove @@ -1,28 +1,34 @@ #!/bin/bash +# Source YunoHost helpers +source /usr/share/yunohost/helpers +source ./psql.sh + +# Stop script if errors +set -u + # Import common cmd source ./_common.sh -# Init script -init_script - -domain=$(ynh_app_setting_get $app domain) +# Retrieve app settings +domain=$(ynh_app_setting_get $app special_domain) +final_path=$(ynh_app_setting_get $app final_path) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) -sudo service matrix-synapse stop || true -sudo service coturn stop || true +systemctl stop matrix-synapse.service || true +systemctl stop coturn.service || true -ynh_package_autoremove matrix-synapse python-matrix-synapse-ldap3 coturn || true - -REMOVE_NGINX_CONF # Suppression de la configuration nginx -REMOVE_LOGROTATE_CONF # Suppression de la configuration de logrotate +# Suppression de la configuration nginx +ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf" +systemctl reload nginx.service +# Close firewall ports closeport() { - if sudo yunohost firewall list | grep -q "\- $port$" + if yunohost firewall list | grep -q "\- $port$" then echo "Close port $port" - sudo yunohost firewall disallow TCP $port > /dev/null + yunohost firewall disallow TCP $port > /dev/null fi } @@ -31,13 +37,37 @@ closeport port=$turnserver_tls_port closeport -sudo rm -rf /etc/apt/sources.list.d/matrix.list -sudo rm -rf /var/lib/matrix-synapse -ynh_package_update +# Remove the skipped url +python $final_path/remove_sso_conf.py -sudo yunohost service remove matrix-synapse +# Remove depandance +ynh_remove_app_dependencies || true -# Régénère la configuration de SSOwat -sudo yunohost app ssowatconf -sudo service nginx reload +# Clean all directory +ynh_secure_remove $final_path +ynh_secure_remove /var/lib/matrix-synapse +ynh_secure_remove /var/log/matrix-synapse +ynh_secure_remove /etc/matrix-synapse +ynh_secure_remove /etc/default/matrix-synapse + +# Remove systemd service +systemctl disable matrix-synapse.service +ynh_secure_remove /etc/systemd/system/matrix-synapse.service +systemctl daemon-reload + +# Remove database and user +ynh_psql_drop_db $synapse_db_name +ynh_psql_drop_user $synapse_db_user + +# Remove user +ynh_system_user_delete matrix-synapse + +# Remove logrotate +ynh_remove_logrotate + +# Remove Monitoring +yunohost service remove matrix-synapse + +# Reload nginx +systemctl reload nginx.service diff --git a/scripts/restore b/scripts/restore index 6db3805..b61ead4 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,236 +1,70 @@ #!/bin/bash -######## Actually we cant use common script in backup / restore script see this issue for more informations : https://dev.yunohost.org/issues/621 -# # Import common cmd -# source ./_common.sh -# +# Source YunoHost helpers +source /usr/share/yunohost/helpers -######## We implement manually this fonctions +# Stop script if errors +ynh_abort_if_errors -#!/bin/bash - -md5sum_python_nacl="34c44f8f5100170bae3b4329ffb43087" -md5sum_python_ujson="5b65f8cb6bedef7971fdc557e09effbe" -python_nacl_version="1.0.1-2" -python_ujson_version="1.35-1" - -init_script() { - # Exit on command errors and treat unset variables as an error - set -eu - - # Source YunoHost helpers - source /usr/share/yunohost/helpers - - # Retrieve arguments - app=$YNH_APP_INSTANCE_NAME - CHECK_VAR "$app" "app name not set" - GET_DEBIAN_VERSION - - if [ -n "$(uname -m | grep 64)" ]; then - ARCHITECTURE="amd64" - elif [ -n "$(uname -m | grep 86)" ]; then - ARCHITECTURE="386" - elif [ -n "$(uname -m | grep arm)" ]; then - ARCHITECTURE="arm" - else - ynh_die "Unable to find arch" - fi -} - -install_arm_package_dep() { - - wget -q -O '/tmp/python-nacl.deb' "http://ftp.ch.debian.org/debian/pool/main/p/python-nacl/python-nacl_${python_nacl_version}_armhf.deb" - wget -q -O '/tmp/python-ujson.deb' "http://ftp.ch.debian.org/debian/pool/main/u/ujson/python-ujson_${python_ujson_version}_armhf.deb" - - if ([[ ! -e '/tmp/python-nacl.deb' ]] || [[ $(md5sum '/tmp/python-nacl.deb' | cut -d' ' -f1) != $md5sum_python_nacl ]]) || \ - ([[ ! -e '/tmp/python-ujson.deb' ]] || [[ $(md5sum '/tmp/python-ujson.deb' | cut -d' ' -f1) != $md5sum_python_ujson ]]) - then - ynh_die "Error : can't get debian dependance package" - fi - - sudo dpkg -i /tmp/python-nacl.deb || true - sudo dpkg -i /tmp/python-ujson.deb || true -} - -GET_DEBIAN_VERSION() { - debian_version=$(sudo lsb_release -sc) - test -z $debian_version && ynh_die "Can't find debian version" - test $debian_version == 'jessie' || ynh_die "This package is not available for your debian version" -} - -enable_backport_repos() { - if [[ -z "$(grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list ; grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list.d/*)" ]] - then - echo "deb $(grep -m 1 "^deb .* $debian_version .*main" /etc/apt/sources.list | cut -d ' ' -f2) $debian_version-backports main contrib non-free" | sudo tee -a "/etc/apt/sources.list" - fi - ynh_package_update -} - -set_access() { # example : set_access USER FILE -user="$1" -file_to_set="$2" -while [[ 0 ]] -do - path_to_set="" - oldIFS="$IFS" - IFS="/" - for dirname in $file_to_set - do - if [[ -n "$dirname" ]] - then - sudo test -f "$path_to_set"/"$dirname" && sudo setfacl -m d:u:$user:r "$path_to_set" - - path_to_set="$path_to_set/$dirname" - - if $(sudo sudo -u $user test ! -r "$path_to_set") - then - sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx "$path_to_set" - sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set" - fi - fi - done - IFS="$oldIFS" - - if $(sudo test -L "$file_to_set") - then - if [[ -n "$(sudo readlink "$file_to_set" | grep -e "^/")" ]] - then - file_to_set=$(sudo readlink "$file_to_set") # If it is an absolute path - else - file_to_set=$(sudo realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(sudo readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path) - fi - else - break - fi -done -} - -CHECK_VAR () { # Vérifie que la variable n'est pas vide. -# $1 = Variable à vérifier -# $2 = Texte à afficher en cas d'erreur - test -n "$1" || (echo "$2" >&2 && false) -} - -CHECK_PATH () { # Vérifie la présence du / en début de path. Et son absence à la fin. - if [ "${path:0:1}" != "/" ]; then # Si le premier caractère n'est pas un / - path="/$path" # Ajoute un / en début de path - fi - if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # Si le dernier caractère est un / et que ce n'est pas le seul caractère. - path="${path:0:${#path}-1}" # Supprime le dernier caractère - fi -} - -CHECK_DOMAINPATH () { # Vérifie la disponibilité du path et du domaine. - sudo yunohost app checkurl $domain$path -a $app -} - -CHECK_FINALPATH () { # Vérifie que le dossier de destination n'est pas déjà utilisé. - final_path=/var/www/$app - if [ -e "$final_path" ] - then - echo "This path already contains a folder" >&2 - false - fi -} - -### REMOVE SCRIPT - -REMOVE_NGINX_CONF () { # Suppression de la configuration nginx - if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then # Delete nginx config - echo "Delete nginx config" - sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf" - sudo service nginx reload - fi -} - -REMOVE_LOGROTATE_CONF () { # Suppression de la configuration de logrotate - if [ -e "/etc/logrotate.d/$app" ]; then - echo "Delete logrotate config" - sudo rm "/etc/logrotate.d/$app" - fi -} - -######## End of common fonctions - -# Init script -init_script +# Import common cmd +source ../settings/scripts/_common.sh +source ../settings/scripts/psql.sh # Retrieve arguments -domain=$(ynh_app_setting_get $app domain) +domain=$(ynh_app_setting_get $app special_domain) +path=$(ynh_app_setting_get $app special_path) +final_path=$(ynh_app_setting_get $app final_path) +synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd) +is_public=$(ynh_app_setting_get $app is_public) synapse_port=$(ynh_app_setting_get $app synapse_port) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) +turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd) -# Restore Nginx -conf=/etc/nginx/conf.d/$domain.d/$app.conf -if [ -f $conf ]; then - ynh_die "There is already a nginx conf file at this path: $conf" -fi -sudo cp -a ./nginx.conf "/etc/nginx/conf.d/${domain}.d/${app}.conf" +# Check domain/path availability +ynh_webpath_available $domain $path || ynh_die "$domain/$path is not available, please use an other domain." # Make dh cert for synapse if it not exist -test ! -e /etc/yunohost/certs/$domain/dh.pem && sudo openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null - -# Get Matrix key repos -wget -q -O '/tmp/matrix-repo-key.asc' "https://matrix.org/packages/debian/repo-key.asc" -sudo apt-key add "/tmp/matrix-repo-key.asc" - -echo "matrix-synapse matrix-synapse/server-name select $domain" | sudo debconf-set-selections # Configure dpkg for no questions -echo "matrix-synapse matrix-synapse/report-stats select false" | sudo debconf-set-selections # Configure dpkg for no questions - -# Install coturn (the turn server) -ynh_package_install coturn - -# Enable debian-backports repos -enable_backport_repos - -# Enable Synapse repos -if [[ -n "$(uname -m | grep arm)" ]] -then - # Use special conf for arm arch because some binary are not available in jessie backport or in matrix repos - install_arm_package_dep - ynh_package_install -t $debian_version-backports -f - echo "deb [arch=i386] http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list" - ynh_package_update -else - echo "deb http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list" - ynh_package_update -fi - -# Install synapse package -# We neet to install python-cryptography to Solve a python error about dependance (from cryptography.hazmat.primitives.asymmetric.utils) -ynh_package_install -t $debian_version-backports matrix-synapse python-matrix-synapse-ldap3 python-cryptography - -# Restaure la configuration de logrotate -sudo cp -a ./logrotate /etc/logrotate.d/$app - -# Restore synapse config -sudo cp -a ./synapse_config/. "/etc/matrix-synapse/." - -# Restore coturn server -sudo cp -a ./coturn_config "/etc/turnserver.conf" -sudo cp -a ./coturn_config_default "/etc/default/coturn" - -# Restore synapse database -sudo cp -a ./data/. "/var/lib/matrix-synapse/." - -# Configure access for certificates -set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem -set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem -set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem - -set_access turnserver /etc/yunohost/certs/$domain/crt.pem -set_access turnserver /etc/yunohost/certs/$domain/key.pem -set_access turnserver /etc/yunohost/certs/$domain/dh.pem +test ! -e /etc/yunohost/certs/$domain/dh.pem && openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null # Ouvre le port dans le firewall -sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1 -sudo yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1 +yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1 +yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1 -# Régénère la configuration de SSOwat -sudo yunohost app ssowatconf +# Install all dependances +install_dependances + +# Create user +ynh_system_user_create $synapse_user /var/lib/matrix-synapse + +# Create directory Install synapse in virtualenv +install_from_source + +# Restore all config and data +ynh_restore + +# Configure access for certificates +set_certificat_access + +# Restore postgresql database +ynh_psql_create_user $synapse_db_user $synapse_db_pwd +ynh_psql_execute_as_root \ +"CREATE DATABASE $synapse_db_name + ENCODING 'UTF8' + LC_COLLATE='C' + LC_CTYPE='C' + template=template0 + OWNER $synapse_db_user;" +su -c "psql $synapse_db_name" postgres < ${YNH_CWD}/dump.sql + +# Enable systemd service +systemctl daemon-reload +systemctl enable matrix-synapse.service + +# register yunohost service +yunohost service add matrix-synapse # Reload webserver -sudo service nginx reload -sudo service matrix-synapse restart -sudo service coturn restart +systemctl reload nginx.service +systemctl restart matrix-synapse.service +systemctl restart coturn.service diff --git a/scripts/upgrade b/scripts/upgrade index 27e402c..bd6ea2e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,67 +1,128 @@ #!/bin/bash +# Source YunoHost helpers +source /usr/share/yunohost/helpers +source ./psql.sh + +# Stop script if errors +ynh_abort_if_errors + # Import common cmd source ./_common.sh -# Init script -init_script - # Retrieve arguments -domain=$(ynh_app_setting_get $app domain) -path=$(ynh_app_setting_get $app path) +domain=$(ynh_app_setting_get $app special_domain) +path=$(ynh_app_setting_get $app special_path) +final_path=$(ynh_app_setting_get $app final_path) +synapse_old_version=$(ynh_app_setting_get $app synapse_version) +synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd) is_public=$(ynh_app_setting_get $app is_public) synapse_port=$(ynh_app_setting_get $app synapse_port) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd) -CHECK_PATH # Vérifie et corrige la syntaxe du path. +systemctl stop matrix-synapse.service -if [[ -n "$(uname -m | grep arm)" ]] +if [[ -z $synapse_old_version ]] then - install_arm_package_dep + ynh_die "Update from this version is not available now. You need to wait for the next update." + + ## We move from debian package to new package with python virtualenv + # Change settings + path="/_matrix" + domain=$(ynh_app_setting_get $app domain) + final_path="/opt/yunohost/matrix-synapse" + ynh_app_setting_set $app special_domain $domain + ynh_app_setting_set $app special_path $path + ynh_app_setting_set $app final_path $final_path + ynh_app_setting_delete $app domain + ynh_app_setting_delete $app path + ynh_app_setting_delete $app skipped_uris + + # Remove old package and add new package as dependance + ynh_secure_remove /etc/apt/sources.list.d/matrix.list + ynh_package_autoremove --purge matrix-synapse python-matrix-synapse-ldap3 || true + + # If we don't remove these line in dpkg config, dpkg fail on every new package install + sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/lib/matrix-synapse\n@@g' /var/lib/dpkg/statoverride + sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/log/matrix-synapse\n@@g' /var/lib/dpkg/statoverride + sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /etc/matrix-synapse\n@@g' /var/lib/dpkg/statoverride + + # add new package as dependance and install dependance + install_dependances + + # Create directory Install synapse in virtualenv + install_from_source + + # Open access to server without a button the home + cp ../conf/add_sso_conf.py $final_path + cp ../conf/remove_sso_conf.py $final_path + python $final_path/add_sso_conf.py + + # Create user + ynh_system_user_create $synapse_user /var/lib/matrix-synapse + + # Create systemd service + ynh_secure_remove /etc/init.d/matrix-synapse + ynh_secure_remove /lib/systemd/system/matrix-synapse.service + ynh_secure_remove /etc/systemd/system/matrix-synapse.service + systemctl daemon-reload + systemctl disable matrix-synapse.service + + cp ../conf/default_matrix-synapse /etc/default/matrix-synapse + cp ../conf/matrix-synapse.service /etc/systemd/system/ + systemctl daemon-reload + systemctl enable matrix-synapse.service + + # Configuration de logrotate + ynh_use_logrotate /var/log/matrix-synapse/ + + # register yunohost service + yunohost service add matrix-synapse + + ## Move to postgresql from sqlite + + # We create the new settings + synapse_db_pwd=$(ynh_string_random 30) + ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd + + # Create postgresql database + ynh_psql_create_user $synapse_db_user $synapse_db_pwd + ynh_psql_execute_as_root \ + "CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" + + # Create config file for synapse with postgresql + config_synapse + + # Migrate database + /opt/yunohost/matrix-synapse/bin/synapse_port_db --sqlite-database /var/lib/matrix-synapse/homeserver.db \ + --postgres-config /etc/matrix-synapse/homeserver.yaml fi -# Et copie le fichier de config nginx -sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf - -# Modifie les variables dans le fichier de configuration nginx -sudo sed -i "s@__PATH__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf -sudo sed -i "s@__PORT__@$synapse_port@g" /etc/nginx/conf.d/$domain.d/$app.conf +# Update nginx config +config_nginx # Configure Synapse -sudo cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml -sudo sed -i "s@__DOMAIN__@$domain@g" /etc/matrix-synapse/homeserver.yaml -sudo sed -i "s@__PORT__@$synapse_port@g" /etc/matrix-synapse/homeserver.yaml -sudo sed -i "s@__TLS_PORT__@$synapse_tls_port@g" /etc/matrix-synapse/homeserver.yaml -sudo sed -i "s@__TURNSERVER_TLS_PORT__@$turnserver_tls_port@g" /etc/matrix-synapse/homeserver.yaml -sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/matrix-synapse/homeserver.yaml +config_synapse # Configure access for certificates -set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem -set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem -set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem - -set_access turnserver /etc/yunohost/certs/$domain/crt.pem -set_access turnserver /etc/yunohost/certs/$domain/key.pem -set_access turnserver /etc/yunohost/certs/$domain/dh.pem - -if [ "$is_public" = "0" ] -then - sudo sed -i "s@__ALLOWED_ACCESS__@False@g" /etc/matrix-synapse/homeserver.yaml -else - sudo sed -i "s@__ALLOWED_ACCESS__@True@g" /etc/matrix-synapse/homeserver.yaml -fi +set_certificat_access # Configure Coturn -sudo cp ../conf/turnserver.conf /etc/turnserver.conf -sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/turnserver.conf -sudo sed -i "s@__DOMAIN__@$domain@g" /etc/turnserver.conf -sudo sed -i "s@__TLS_PORT__@$turnserver_tls_port@g" /etc/turnserver.conf +config_coturn + +# Upgrade manually Synapse +PS1="" +source $final_path/bin/activate +pip install --upgrade pip +pip install --upgrade setuptools +pip install --upgrade https://github.com/matrix-org/synapse/tarball/master + +# Set new settings +ynh_app_setting_set $app synapse_version $synapse_version -# Régénère la configuration de SSOwat -sudo yunohost app ssowatconf # Recharge la configuration Nginx -sudo service nginx reload -sudo service matrix-synapse restart -sudo service coturn restart +systemctl reload nginx.service +systemctl start matrix-synapse.service +systemctl restart coturn.service