YunoHost-Apps/synapse_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00
Code Issues Activity Actions

Use new helper, migrate to postgresql, use virtualenvionement

Browse source
This commit is contained in:
Josué Tille 2017-07-21 22:28:49 +02:00
parent e8b97b61d5
commit 469b6dc07b
18 changed files with 606 additions and 584 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -11,6 +11,8 @@ If you don't have a dh.pem file in `/etc/yunohost/certs/YOUR DOMAIN/dh.pem` you
You could built it by this cmd : `sudo openssl dhparam -out /etc/yunohost/certs/YOUR DOMAIN/dh.pem 2048 > /dev/null` You could built it by this cmd : `sudo openssl dhparam -out /etc/yunohost/certs/YOUR DOMAIN/dh.pem 2048 > /dev/null`
After that you can install it without problem. After that you can install it without problem.
The install use the python virtualenvironement. Everything is built on the install and some package a compiled so it could take a long time if the processor is slow.
## Package update package ## Package update package
sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh

11
conf/add_sso_conf.py Normal file
View file

@ -0,0 +1,11 @@
import json
with open("/etc/ssowat/conf.json.persistent", "r") as jsonFile:
data = json.load(jsonFile)
if "skipped_urls" in data:
data["skipped_urls"].append("/_matrix")
else:
data["skipped_urls"] = ["/_matrix"]
with open("/etc/ssowat/conf.json.persistent", "w") as jsonFile:
jsonFile.write(json.dumps(data, indent=4, sort_keys=True))

3
conf/default_matrix-synapse Normal file
View file

@ -0,0 +1,3 @@
# Specify environment variables used when running Synapse
# SYNAPSE_CACHE_FACTOR=1 (default)

12
conf/homeserver.yaml
View file

@ -15,7 +15,6 @@ tls_dh_params_path: "/etc/yunohost/certs/__DOMAIN__/dh.pem"
# Don't bind to the https port # Don't bind to the https port
no_tls: False no_tls: False
## Server ## ## Server ##
server_name: "__DOMAIN__" server_name: "__DOMAIN__"
@ -109,11 +108,15 @@ listeners:
# Database configuration # Database configuration
database: database:
# The database engine name # The database engine name
name: "sqlite3" name: psycopg2
# Arguments to pass to the engine # Arguments to pass to the engine
args: args:
# Path to the database user: __SYNAPSE_DB_USER__
database: "/var/lib/matrix-synapse/homeserver.db" password: __SYNAPSE_DB_PWD__
database: matrix_synapse
host: localhost
cp_min: 5
cp_max: 10
# Number of events to cache in memory. # Number of events to cache in memory.
event_cache_size: "10K" event_cache_size: "10K"
@ -326,6 +329,7 @@ trusted_third_party_id_servers:
# Enable collection and rendering of performance metrics # Enable collection and rendering of performance metrics
enable_metrics: False enable_metrics: False
report_stats: False
## API Configuration ## ## API Configuration ##

36
conf/log.yaml Normal file
View file

@ -0,0 +1,36 @@
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
file:
class: logging.handlers.RotatingFileHandler
formatter: precise
filename: /var/log/matrix-synapse/homeserver.log
maxBytes: 104857600
backupCount: 10
filters: [context]
level: INFO
console:
class: logging.StreamHandler
formatter: precise
level: WARN
loggers:
synapse:
level: INFO
synapse.storage.SQL:
level: INFO
root:
level: INFO
handlers: [file, console]

20
conf/logrotate
View file

@ -1,20 +0,0 @@
/var/log/__APP_/.log {
# Effectue une rotation des logs tout les mois
monthly
# Ou si le fichier de log dépasse 100Mo
size 100M
# Garde un maximum de 12 anciens logs
rotate 12
# Compresse les logs avec gzip
compress
# Compresse le log au cycle suivant. Donc garde toujours 2 logs non compressés.
delaycompress
# Copie et tronque le journal pour permettre la poursuite de l'écriture. Plutôt que de déplacer le log.
copytruncate
# Ne renvoi pas d'erreur si le fichier de log est absent.
missingok
# Ne fait pas de rotation si le log est vide.
notifempty
# Garde les anciens logs dans le même dossier.
noolddir
}

15
conf/matrix-synapse.service Normal file
View file

@ -0,0 +1,15 @@
[Unit]
Description=Synapse Matrix homeserver
[Service]
Type=simple
User=matrix-synapse
WorkingDirectory=/var/lib/matrix-synapse
EnvironmentFile=/etc/default/matrix-synapse
ExecStartPre=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --generate-keys
ExecStart=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/
Restart=always
RestartSec=3
[Install]
WantedBy=multi-user.target

2
conf/nginx.conf
View file

@ -1,4 +1,6 @@
location __PATH__ { location __PATH__ {
proxy_pass http://localhost:__PORT__; proxy_pass http://localhost:__PORT__;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 100M;
} }

8
conf/remove_sso_conf.py Normal file
View file

@ -0,0 +1,8 @@
import json
with open("/etc/ssowat/conf.json.persistent", "r") as jsonFile:
data = json.load(jsonFile)
data["skipped_urls"].remove("/_matrix")
with open("/etc/ssowat/conf.json.persistent", "w") as jsonFile:
jsonFile.write(json.dumps(data, indent=4, sort_keys=True))

78
conf/virtualenv_activate Normal file
View file

@ -0,0 +1,78 @@
# This file must be used with "source bin/activate" *from bash*
# you cannot run it directly
deactivate () {
unset -f pydoc >/dev/null 2>&1
# reset old environment variables
# ! [ -z ${VAR+_} ] returns true if VAR is declared at all
if ! [ -z "${_OLD_VIRTUAL_PATH+_}" ] ; then
PATH="$_OLD_VIRTUAL_PATH"
export PATH
unset _OLD_VIRTUAL_PATH
fi
if ! [ -z "${_OLD_VIRTUAL_PYTHONHOME+_}" ] ; then
PYTHONHOME="$_OLD_VIRTUAL_PYTHONHOME"
export PYTHONHOME
unset _OLD_VIRTUAL_PYTHONHOME
fi
# This should detect bash and zsh, which have a hash command that must
# be called to get it to forget past commands. Without forgetting
# past commands the $PATH changes we made may not be respected
if [ -n "${BASH-}" ] || [ -n "${ZSH_VERSION-}" ] ; then
hash -r 2>/dev/null
fi
if ! [ -z "${_OLD_VIRTUAL_PS1+_}" ] ; then
PS1="$_OLD_VIRTUAL_PS1"
export PS1
unset _OLD_VIRTUAL_PS1
fi
unset VIRTUAL_ENV
if [ ! "${1-}" = "nondestructive" ] ; then
# Self destruct!
unset -f deactivate
fi
}
# unset irrelevant variables
deactivate nondestructive
VIRTUAL_ENV="/opt/yunohost/matrix-synapse"
export VIRTUAL_ENV
_OLD_VIRTUAL_PATH="$PATH"
PATH="$VIRTUAL_ENV/bin:$PATH"
export PATH
# unset PYTHONHOME if set
if ! [ -z "${PYTHONHOME+_}" ] ; then
_OLD_VIRTUAL_PYTHONHOME="$PYTHONHOME"
unset PYTHONHOME
fi
if [ -z "${VIRTUAL_ENV_DISABLE_PROMPT-}" ] ; then
_OLD_VIRTUAL_PS1="$PS1"
if [ "x" != x ] ; then
PS1="$PS1"
else
PS1="(`basename \"$VIRTUAL_ENV\"`) $PS1"
fi
export PS1
fi
# Make sure to unalias pydoc if it's already there
alias pydoc 2>/dev/null >/dev/null && unalias pydoc
pydoc () {
python -m pydoc "$@"
}
# This should detect bash and zsh, which have a hash command that must
# be called to get it to forget past commands. Without forgetting
# past commands the $PATH changes we made may not be respected
if [ -n "${BASH-}" ] || [ -n "${ZSH_VERSION-}" ] ; then
hash -r 2>/dev/null
fi

8
manifest.json
View file

@ -3,20 +3,20 @@
"id": "synapse", "id": "synapse",
"packaging_format": 1, "packaging_format": 1,
"requirements": { "requirements": {
"yunohost": ">= 2.4" "yunohost": ">= 2.6.4"
}, },
"description": { "description": {
"en": "Instant messaging server who use matrix", "en": "Instant messaging server who use matrix",
"fr": "Un serveur de messagerie instantané basé sur matrix" "fr": "Un serveur de messagerie instantané basé sur matrix"
}, },
"version": "1.0", "version": "0.22.0",
"url": "http://www.site", "url": "http://matrix.org",
"license": "free", "license": "free",
"maintainer": { "maintainer": {
"name": "Josué Tille", "name": "Josué Tille",
"email": "josue@tille.ch" "email": "josue@tille.ch"
}, },
"multi_instance": true, "multi_instance": false,
"services": [ "services": [
"nginx" "nginx"
], ],

204
scripts/_common.sh
View file

@ -1,71 +1,96 @@
#!/bin/bash #!/bin/bash
debian_repos="http://httpredir.debian.org/debian/" # Retrieve arguments
md5sum_python_nacl="34c44f8f5100170bae3b4329ffb43087" app=$YNH_APP_INSTANCE_NAME
md5sum_python_ujson="5b65f8cb6bedef7971fdc557e09effbe" synapse_user="matrix-synapse"
python_nacl_version="1.0.1-2" synapse_db_name="matrix_synapse"
python_ujson_version="1.35-1" synapse_db_user="matrix_synapse"
synapse_version="0.22.0"
init_script() { install_dependances() {
# Exit on command errors and treat unset variables as an error ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libjpeg-dev libpq-dev postgresql
set -eu pip install --upgrade pip
pip install --upgrade ndg-httpsclient
pip install --upgrade virtualenv
}
# Source YunoHost helpers install_from_source() {
source /usr/share/yunohost/helpers # Create empty dir for synapse
mkdir -p /var/lib/matrix-synapse
mkdir -p /var/log/matrix-synapse
mkdir -p /etc/matrix-synapse/conf.d
mkdir -p $final_path
# Retrieve arguments # Install synapse in virtualenv
app=$YNH_APP_INSTANCE_NAME virtualenv -p python2.7 $final_path
CHECK_VAR "$app" "app name not set" PS1=""
GET_DEBIAN_VERSION cp ../conf/virtualenv_activate $final_path/bin/activate
source $final_path/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
pip install https://github.com/matrix-org/synapse/tarball/master
pip install psycopg2
if [ -n "$(uname -m | grep 64)" ]; then # Set permission
ARCHITECTURE="amd64" chown $synapse_user:root -R $final_path
elif [ -n "$(uname -m | grep 86)" ]; then chown $synapse_user:root -R /var/lib/matrix-synapse
ARCHITECTURE="386" chown $synapse_user:root -R /var/log/matrix-synapse
elif [ -n "$(uname -m | grep arm)" ]; then chown $synapse_user:root -R /etc/matrix-synapse
ARCHITECTURE="arm" }
config_nginx() {
cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
ynh_replace_string __PATH__ $path /etc/nginx/conf.d/$domain.d/$app.conf
ynh_replace_string __PORT__ $synapse_port /etc/nginx/conf.d/$domain.d/$app.conf
systemctl reload nginx.service
}
config_synapse() {
cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml
cp ../conf/log.yaml /etc/matrix-synapse/log.yaml
ynh_replace_string __DOMAIN__ $domain /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __PORT__ $synapse_port /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-synapse/homeserver.yaml
if [ "$is_public" = "0" ]
then
ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-synapse/homeserver.yaml
else else
ynh_die "Unable to find arch" ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-synapse/homeserver.yaml
fi fi
} }
install_arm_package_dep() { config_coturn() {
cp ../conf/default_coturn /etc/default/coturn
cp ../conf/turnserver.conf /etc/turnserver.conf
wget -q -O '/tmp/python-nacl.deb' "${debian_repos}pool/main/p/python-nacl/python-nacl_${python_nacl_version}_armhf.deb" ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/turnserver.conf
wget -q -O '/tmp/python-ujson.deb' "${debian_repos}pool/main/u/ujson/python-ujson_${python_ujson_version}_armhf.deb" ynh_replace_string __DOMAIN__ $domain /etc/turnserver.conf
ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/turnserver.conf
if ([[ ! -e '/tmp/python-nacl.deb' ]] || [[ $(md5sum '/tmp/python-nacl.deb' | cut -d' ' -f1) != $md5sum_python_nacl ]]) || \
([[ ! -e '/tmp/python-ujson.deb' ]] || [[ $(md5sum '/tmp/python-ujson.deb' | cut -d' ' -f1) != $md5sum_python_ujson ]])
then
ynh_die "Error : can't get debian dependance package"
fi
sudo dpkg -i /tmp/python-nacl.deb || true
sudo dpkg -i /tmp/python-ujson.deb || true
} }
GET_DEBIAN_VERSION() { set_certificat_access() {
debian_version=$(sudo lsb_release -sc) set_access $synapse_user /etc/yunohost/certs/$domain/crt.pem
test -z $debian_version && ynh_die "Can't find debian version" set_access $synapse_user /etc/yunohost/certs/$domain/key.pem
test $debian_version == 'jessie' || ynh_die "This package is not available for your debian version" set_access $synapse_user /etc/yunohost/certs/$domain/dh.pem
}
enable_backport_repos() { set_access turnserver /etc/yunohost/certs/$domain/crt.pem
if [[ -z "$(grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list ; grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list.d/*.list)" ]] set_access turnserver /etc/yunohost/certs/$domain/key.pem
then set_access turnserver /etc/yunohost/certs/$domain/dh.pem
debian_repos_url=$(grep -m 1 "^deb .* $debian_version .*main" /etc/apt/sources.list | cut -d ' ' -f2)
test -z "$(echo $debian_repos_url | grep '://')" && debian_repos_url="$debian_repos"
echo "deb $debian_repos_url $debian_version-backports main contrib non-free" | sudo tee -a "/etc/apt/sources.list"
fi
ynh_package_update
} }
set_access() { # example : set_access USER FILE set_access() { # example : set_access USER FILE
user="$1" user="$1"
file_to_set="$2" file_to_set="$2"
while [[ 0 ]] while [[ 0 ]]
do do
path_to_set="" path_to_set=""
oldIFS="$IFS" oldIFS="$IFS"
IFS="/" IFS="/"
@ -73,90 +98,29 @@ do
do do
if [[ -n "$dirname" ]] if [[ -n "$dirname" ]]
then then
sudo test -f "$path_to_set"/"$dirname" && sudo setfacl -m d:u:$user:r "$path_to_set" test -f "$path_to_set"/"$dirname" && setfacl -m d:u:$user:r "$path_to_set"
path_to_set="$path_to_set/$dirname" path_to_set="$path_to_set/$dirname"
if $(sudo sudo -u $user test ! -r "$path_to_set") if $(sudo -u $user test ! -r "$path_to_set")
then then
sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx "$path_to_set" test -d "$path_to_set" && setfacl -m user:$user:rx "$path_to_set"
sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set" test -f "$path_to_set" && setfacl -m user:$user:r "$path_to_set"
fi fi
fi fi
done done
IFS="$oldIFS" IFS="$oldIFS"
if $(sudo test -L "$file_to_set") if $(test -L "$file_to_set")
then then
if [[ -n "$(sudo readlink "$file_to_set" | grep -e "^/")" ]] if [[ -n "$(readlink "$file_to_set" | grep -e "^/")" ]]
then then
file_to_set=$(sudo readlink "$file_to_set") # If it is an absolute path file_to_set=$(readlink "$file_to_set") # If it is an absolute path
else else
file_to_set=$(sudo realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(sudo readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path) file_to_set=$(realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path)
fi fi
else else
break break
fi fi
done
}
CHECK_VAR () { # Vérifie que la variable n'est pas vide.
# $1 = Variable à vérifier
# $2 = Texte à afficher en cas d'erreur
test -n "$1" || (echo "$2" >&2 && false)
}
CHECK_PATH () { # Vérifie la présence du / en début de path. Et son absence à la fin.
if [ "${path:0:1}" != "/" ]; then # Si le premier caractère n'est pas un /
path="/$path" # Ajoute un / en début de path
fi
if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # Si le dernier caractère est un / et que ce n'est pas le seul caractère.
path="${path:0:${#path}-1}" # Supprime le dernier caractère
fi
}
CHECK_DOMAINPATH () { # Vérifie la disponibilité du path et du domaine.
sudo yunohost app checkurl $domain$path -a $app
}
CHECK_FINALPATH () { # Vérifie que le dossier de destination n'est pas déjà utilisé.
final_path=/var/www/$app
if [ -e "$final_path" ]
then
echo "This path already contains a folder" >&2
false
fi
}
# Find a free port and return it
#
# example: port=$(ynh_find_port 8080)
#
# usage: ynh_find_port begin_port
# | arg: begin_port - port to start to search
ynh_find_port () {
port=$1
test -n "$port" || ynh_die "The argument of ynh_find_port must be a valid port."
while netcat -z 127.0.0.1 $port # Check if the port is free
do
port=$((port+1)) # Else, pass to next port
done done
echo $port
}
### REMOVE SCRIPT
REMOVE_NGINX_CONF () { # Suppression de la configuration nginx
if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then # Delete nginx config
echo "Delete nginx config"
sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf"
sudo service nginx reload
fi
}
REMOVE_LOGROTATE_CONF () { # Suppression de la configuration de logrotate
if [ -e "/etc/logrotate.d/$app" ]; then
echo "Delete logrotate config"
sudo rm "/etc/logrotate.d/$app"
fi
} }

63
scripts/backup
View file

@ -1,55 +1,17 @@
#!/bin/bash #!/bin/bash
######## Actually we cant use common script in backup / restore script see this issue for more informations : https://dev.yunohost.org/issues/621 # Source YunoHost helpers
# # Import common cmd source /usr/share/yunohost/helpers
# source ./_common.sh
#
######## We implement manually this fonctions # Stop script if errors
ynh_abort_if_errors
init_script() { # Import common cmd
# Exit on command errors and treat unset variables as an error source ../settings/scripts/_common.sh
set -eu source ../settings/scripts/psql.sh
# Source YunoHost helpers
source /usr/share/yunohost/helpers
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
CHECK_VAR "$app" "app name not set"
GET_DEBIAN_VERSION
if [ -n "$(uname -m | grep 64)" ]; then
ARCHITECTURE="amd64"
elif [ -n "$(uname -m | grep 86)" ]; then
ARCHITECTURE="386"
elif [ -n "$(uname -m | grep arm)" ]; then
ARCHITECTURE="arm"
else
ynh_die "Unable to find arch"
fi
}
GET_DEBIAN_VERSION() {
debian_version=$(sudo lsb_release -sc)
test -z $debian_version && ynh_die "Can't find debian version"
test $debian_version == 'jessie' || ynh_die "This package is not available for your debian version"
}
CHECK_VAR () { # Vérifie que la variable n'est pas vide.
# $1 = Variable à vérifier
# $2 = Texte à afficher en cas d'erreur
test -n "$1" || (echo "$2" >&2 && false)
}
######## End of common fonctions
# Init script
init_script
# Retrieve arguments # Retrieve arguments
final_path=$(ynh_app_setting_get $app final_path) domain=$(ynh_app_setting_get $app special_domain)
domain=$(ynh_app_setting_get $app domain)
# Copy Nginx config # Copy Nginx config
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf"
@ -62,9 +24,14 @@ ynh_backup "/etc/turnserver.conf" "coturn_config"
ynh_backup "/etc/default/coturn" "coturn_config_default" ynh_backup "/etc/default/coturn" "coturn_config_default"
# Backup synapse database # Backup synapse database
ynh_backup "/var/lib/matrix-synapse" "data" ynh_backup "/var/lib/matrix-synapse" "data" 1
# Backup Postgresql database
sudo su -c "pg_dump $synapse_db_name" postgres > ${YNH_CWD}/dump.sql
# Copie la configuration de logrotate # Copie la configuration de logrotate
ynh_backup "/etc/logrotate.d/$app" "logrotate" ynh_backup "/etc/logrotate.d/$app" "logrotate"
# Backup systemd service
ynh_backup "/etc/default/matrix-synapse"
ynh_backup "/etc/systemd/system/matrix-synapse.service"

129
scripts/install
View file

@ -1,122 +1,97 @@
#!/bin/bash #!/bin/bash
# Source YunoHost helpers
source /usr/share/yunohost/helpers
source ./psql.sh
# Stop script if errors
ynh_abort_if_errors
# Import common cmd # Import common cmd
source ./_common.sh source ./_common.sh
# Init script
init_script
# Retrieve arguments # Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path="/_matrix"
is_public=$YNH_APP_ARG_IS_PUBLIC is_public=$YNH_APP_ARG_IS_PUBLIC
path="/_matrix"
final_path="/opt/yunohost/matrix-synapse"
CHECK_PATH # Vérifie et corrige la syntaxe du path. # Check domain/path availability
CHECK_DOMAINPATH # Vérifie la disponibilité du path et du domaine. test $(ynh_webpath_available $domain $path) == 'True' || ynh_die "$domain$path is not available, please use an other domain."
CHECK_FINALPATH # Vérifie que le dossier de destination n'est pas déjà utilisé.
# Check Final Path availability
test ! -e "$final_path" || ynh_die "This path already contains a folder"
# Ouvre le port dans le firewall # Ouvre le port dans le firewall
synapse_tls_port=$(ynh_find_port 8448) synapse_tls_port=$(ynh_find_port 8448)
synapse_port=$(ynh_find_port 8008) synapse_port=$(ynh_find_port 8008)
turnserver_tls_port=$(ynh_find_port 5349) turnserver_tls_port=$(ynh_find_port 5349)
sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1 yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
sudo yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1 yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
# Make dh cert for synapse if it not exist # Make dh cert for synapse if it not exist
test ! -e /etc/yunohost/certs/$domain/dh.pem && sudo openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null test ! -e /etc/yunohost/certs/$domain/dh.pem && openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null
# Find password for turnserver # Find password for turnserver and database
turnserver_pwd=$(ynh_string_random 30) turnserver_pwd=$(ynh_string_random 30)
synapse_db_pwd=$(ynh_string_random 30)
# Enregistre les infos dans la config YunoHost # Enregistre les infos dans la config YunoHost
ynh_app_setting_set $app domain $domain ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app path $path ynh_app_setting_set $app special_path $path
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_set $app synapse_version $synapse_version
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app synapse_port $synapse_port ynh_app_setting_set $app synapse_port $synapse_port
ynh_app_setting_set $app synapse_tls_port $synapse_tls_port ynh_app_setting_set $app synapse_tls_port $synapse_tls_port
ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port
ynh_app_setting_set $app turnserver_pwd $turnserver_pwd ynh_app_setting_set $app turnserver_pwd $turnserver_pwd
# Et copie le fichier de config nginx # Install all dependances
sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf install_dependances
# Modifie les variables dans le fichier de configuration nginx # Create user
sudo sed -i "s@__PATH__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf ynh_system_user_create $synapse_user /var/lib/matrix-synapse
sudo sed -i "s@__PORT__@$synapse_port@g" /etc/nginx/conf.d/$domain.d/$app.conf
# Get Matrix key repos # Create postgresql database
wget -q -O '/tmp/matrix-repo-key.asc' "https://matrix.org/packages/debian/repo-key.asc" ynh_psql_create_user $synapse_db_user $synapse_db_pwd
sudo apt-key add "/tmp/matrix-repo-key.asc" ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
echo "matrix-synapse matrix-synapse/server-name select $domain" | sudo debconf-set-selections # Configure dpkg for no questions # Create directory Install synapse in virtualenv
echo "matrix-synapse matrix-synapse/report-stats select false" | sudo debconf-set-selections # Configure dpkg for no questions install_from_source
# Install coturn (the turn server) # Open access to server without a button the home
ynh_package_install coturn cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py
# Enable debian-backports repos # Create systemd service
enable_backport_repos cp ../conf/default_matrix-synapse /etc/default/matrix-synapse
cp ../conf/matrix-synapse.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable matrix-synapse.service
# Enable Synapse repos # Config nginx
if [[ -n "$(uname -m | grep arm)" ]] config_nginx
then
# Use special conf for arm arch because some binary are not available in jessie backport or in matrix repos
install_arm_package_dep
ynh_package_install -t $debian_version-backports -f
echo "deb [arch=i386] http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list"
ynh_package_update
else
echo "deb http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list"
ynh_package_update
fi
# Install synapse package
# We neet to install python-cryptography to Solve a python error about dependance (from cryptography.hazmat.primitives.asymmetric.utils)
ynh_package_install -t $debian_version-backports matrix-synapse python-matrix-synapse-ldap3 python-cryptography
# Configure Synapse # Configure Synapse
sudo cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml config_synapse
sudo sed -i "s@__DOMAIN__@$domain@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__PORT__@$synapse_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TLS_PORT__@$synapse_tls_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TURNSERVER_TLS_PORT__@$turnserver_tls_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/matrix-synapse/homeserver.yaml
if [ "$is_public" = "0" ]
then
sudo sed -i "s@__ALLOWED_ACCESS__@False@g" /etc/matrix-synapse/homeserver.yaml
else
sudo sed -i "s@__ALLOWED_ACCESS__@True@g" /etc/matrix-synapse/homeserver.yaml
fi
# Configure Coturn # Configure Coturn
sudo cp ../conf/default_coturn /etc/default/coturn config_coturn
sudo cp ../conf/turnserver.conf /etc/turnserver.conf
sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/turnserver.conf
sudo sed -i "s@__DOMAIN__@$domain@g" /etc/turnserver.conf
sudo sed -i "s@__TLS_PORT__@$turnserver_tls_port@g" /etc/turnserver.conf
# Configure access for certificates # Configure access for certificates
set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem set_certificat_access
set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
set_access turnserver /etc/yunohost/certs/$domain/crt.pem
set_access turnserver /etc/yunohost/certs/$domain/key.pem
set_access turnserver /etc/yunohost/certs/$domain/dh.pem
# Configuration de logrotate # Configuration de logrotate
sed -i "s@__APP__@$app@g" ../conf/logrotate ynh_use_logrotate /var/log/matrix-synapse/
sudo cp ../conf/logrotate /etc/logrotate.d/$app
ynh_app_setting_set $app skipped_uris "/"
# register yunohost service # register yunohost service
sudo yunohost service add matrix-synapse yunohost service add matrix-synapse
# Régénère la configuration de SSOwat
sudo yunohost app ssowatconf
# Recharge la configuration Nginx # Recharge la configuration Nginx
sudo service nginx reload systemctl restart matrix-synapse.service
sudo service matrix-synapse restart systemctl restart coturn.service
sudo service coturn restart

52
scripts/psql.sh Normal file
View file

@ -0,0 +1,52 @@
# # Execute a command as root user
#
# usage: ynh_psql_execute_as_root sql [db]
# | arg: sql - the SQL command to execute
# | arg: db - the database to connect to
ynh_psql_execute_as_root () {
sudo su -c "psql" - postgres <<< ${1}
}
# Create a user
#
# usage: ynh_psql_create_user user pwd [host]
# | arg: user - the user name to create
# | arg: pwd - the password to identify user by
ynh_psql_create_user() {
ynh_psql_execute_as_root \
"CREATE USER ${1} WITH PASSWORD '${2}';"
}
# Create a database and grant optionnaly privilegies to a user
#
# usage: ynh_psql_create_db db [user [pwd]]
# | arg: db - the database name to create
# | arg: user - the user to grant privilegies
# | arg: pwd - the password to identify user by
ynh_psql_create_db() {
db=$1
# grant all privilegies to user
if [[ $# -gt 1 ]]; then
ynh_psql_create_user ${2} "${3}"
sudo su -c "createdb -O ${2} $db" - postgres
else
sudo su -c "createdb $db" - postgres
fi
}
# Drop a database
#
# usage: ynh_psql_drop_db db
# | arg: db - the database name to drop
ynh_psql_drop_db() {
sudo su -c "dropdb ${1}" - postgres
}
# Drop a user
#
# usage: ynh_psql_drop_user user
# | arg: user - the user name to drop
ynh_psql_drop_user() {
sudo su -c "dropuser ${1}" - postgres
}

68
scripts/remove
View file

@ -1,28 +1,34 @@
#!/bin/bash #!/bin/bash
# Source YunoHost helpers
source /usr/share/yunohost/helpers
source ./psql.sh
# Stop script if errors
set -u
# Import common cmd # Import common cmd
source ./_common.sh source ./_common.sh
# Init script # Retrieve app settings
init_script domain=$(ynh_app_setting_get $app special_domain)
final_path=$(ynh_app_setting_get $app final_path)
domain=$(ynh_app_setting_get $app domain)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
sudo service matrix-synapse stop || true systemctl stop matrix-synapse.service || true
sudo service coturn stop || true systemctl stop coturn.service || true
ynh_package_autoremove matrix-synapse python-matrix-synapse-ldap3 coturn || true # Suppression de la configuration nginx
ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf"
REMOVE_NGINX_CONF # Suppression de la configuration nginx systemctl reload nginx.service
REMOVE_LOGROTATE_CONF # Suppression de la configuration de logrotate
# Close firewall ports
closeport() { closeport() {
if sudo yunohost firewall list | grep -q "\- $port$" if yunohost firewall list | grep -q "\- $port$"
then then
echo "Close port $port" echo "Close port $port"
sudo yunohost firewall disallow TCP $port > /dev/null yunohost firewall disallow TCP $port > /dev/null
fi fi
} }
@ -31,13 +37,37 @@ closeport
port=$turnserver_tls_port port=$turnserver_tls_port
closeport closeport
sudo rm -rf /etc/apt/sources.list.d/matrix.list # Remove the skipped url
sudo rm -rf /var/lib/matrix-synapse python $final_path/remove_sso_conf.py
ynh_package_update
sudo yunohost service remove matrix-synapse # Remove depandance
ynh_remove_app_dependencies || true
# Régénère la configuration de SSOwat # Clean all directory
sudo yunohost app ssowatconf ynh_secure_remove $final_path
sudo service nginx reload ynh_secure_remove /var/lib/matrix-synapse
ynh_secure_remove /var/log/matrix-synapse
ynh_secure_remove /etc/matrix-synapse
ynh_secure_remove /etc/default/matrix-synapse
# Remove systemd service
systemctl disable matrix-synapse.service
ynh_secure_remove /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
# Remove database and user
ynh_psql_drop_db $synapse_db_name
ynh_psql_drop_user $synapse_db_user
# Remove user
ynh_system_user_delete matrix-synapse
# Remove logrotate
ynh_remove_logrotate
# Remove Monitoring
yunohost service remove matrix-synapse
# Reload nginx
systemctl reload nginx.service

272
scripts/restore
View file

@ -1,236 +1,70 @@
#!/bin/bash #!/bin/bash
######## Actually we cant use common script in backup / restore script see this issue for more informations : https://dev.yunohost.org/issues/621 # Source YunoHost helpers
# # Import common cmd source /usr/share/yunohost/helpers
# source ./_common.sh
#
######## We implement manually this fonctions # Stop script if errors
ynh_abort_if_errors
#!/bin/bash # Import common cmd
source ../settings/scripts/_common.sh
md5sum_python_nacl="34c44f8f5100170bae3b4329ffb43087" source ../settings/scripts/psql.sh
md5sum_python_ujson="5b65f8cb6bedef7971fdc557e09effbe"
python_nacl_version="1.0.1-2"
python_ujson_version="1.35-1"
init_script() {
# Exit on command errors and treat unset variables as an error
set -eu
# Source YunoHost helpers
source /usr/share/yunohost/helpers
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
CHECK_VAR "$app" "app name not set"
GET_DEBIAN_VERSION
if [ -n "$(uname -m | grep 64)" ]; then
ARCHITECTURE="amd64"
elif [ -n "$(uname -m | grep 86)" ]; then
ARCHITECTURE="386"
elif [ -n "$(uname -m | grep arm)" ]; then
ARCHITECTURE="arm"
else
ynh_die "Unable to find arch"
fi
}
install_arm_package_dep() {
wget -q -O '/tmp/python-nacl.deb' "http://ftp.ch.debian.org/debian/pool/main/p/python-nacl/python-nacl_${python_nacl_version}_armhf.deb"
wget -q -O '/tmp/python-ujson.deb' "http://ftp.ch.debian.org/debian/pool/main/u/ujson/python-ujson_${python_ujson_version}_armhf.deb"
if ([[ ! -e '/tmp/python-nacl.deb' ]] || [[ $(md5sum '/tmp/python-nacl.deb' | cut -d' ' -f1) != $md5sum_python_nacl ]]) || \
([[ ! -e '/tmp/python-ujson.deb' ]] || [[ $(md5sum '/tmp/python-ujson.deb' | cut -d' ' -f1) != $md5sum_python_ujson ]])
then
ynh_die "Error : can't get debian dependance package"
fi
sudo dpkg -i /tmp/python-nacl.deb || true
sudo dpkg -i /tmp/python-ujson.deb || true
}
GET_DEBIAN_VERSION() {
debian_version=$(sudo lsb_release -sc)
test -z $debian_version && ynh_die "Can't find debian version"
test $debian_version == 'jessie' || ynh_die "This package is not available for your debian version"
}
enable_backport_repos() {
if [[ -z "$(grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list ; grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list.d/*)" ]]
then
echo "deb $(grep -m 1 "^deb .* $debian_version .*main" /etc/apt/sources.list | cut -d ' ' -f2) $debian_version-backports main contrib non-free" | sudo tee -a "/etc/apt/sources.list"
fi
ynh_package_update
}
set_access() { # example : set_access USER FILE
user="$1"
file_to_set="$2"
while [[ 0 ]]
do
path_to_set=""
oldIFS="$IFS"
IFS="/"
for dirname in $file_to_set
do
if [[ -n "$dirname" ]]
then
sudo test -f "$path_to_set"/"$dirname" && sudo setfacl -m d:u:$user:r "$path_to_set"
path_to_set="$path_to_set/$dirname"
if $(sudo sudo -u $user test ! -r "$path_to_set")
then
sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx "$path_to_set"
sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set"
fi
fi
done
IFS="$oldIFS"
if $(sudo test -L "$file_to_set")
then
if [[ -n "$(sudo readlink "$file_to_set" | grep -e "^/")" ]]
then
file_to_set=$(sudo readlink "$file_to_set") # If it is an absolute path
else
file_to_set=$(sudo realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(sudo readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path)
fi
else
break
fi
done
}
CHECK_VAR () { # Vérifie que la variable n'est pas vide.
# $1 = Variable à vérifier
# $2 = Texte à afficher en cas d'erreur
test -n "$1" || (echo "$2" >&2 && false)
}
CHECK_PATH () { # Vérifie la présence du / en début de path. Et son absence à la fin.
if [ "${path:0:1}" != "/" ]; then # Si le premier caractère n'est pas un /
path="/$path" # Ajoute un / en début de path
fi
if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # Si le dernier caractère est un / et que ce n'est pas le seul caractère.
path="${path:0:${#path}-1}" # Supprime le dernier caractère
fi
}
CHECK_DOMAINPATH () { # Vérifie la disponibilité du path et du domaine.
sudo yunohost app checkurl $domain$path -a $app
}
CHECK_FINALPATH () { # Vérifie que le dossier de destination n'est pas déjà utilisé.
final_path=/var/www/$app
if [ -e "$final_path" ]
then
echo "This path already contains a folder" >&2
false
fi
}
### REMOVE SCRIPT
REMOVE_NGINX_CONF () { # Suppression de la configuration nginx
if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then # Delete nginx config
echo "Delete nginx config"
sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf"
sudo service nginx reload
fi
}
REMOVE_LOGROTATE_CONF () { # Suppression de la configuration de logrotate
if [ -e "/etc/logrotate.d/$app" ]; then
echo "Delete logrotate config"
sudo rm "/etc/logrotate.d/$app"
fi
}
######## End of common fonctions
# Init script
init_script
# Retrieve arguments # Retrieve arguments
domain=$(ynh_app_setting_get $app domain) domain=$(ynh_app_setting_get $app special_domain)
path=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public)
synapse_port=$(ynh_app_setting_get $app synapse_port) synapse_port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
# Restore Nginx # Check domain/path availability
conf=/etc/nginx/conf.d/$domain.d/$app.conf ynh_webpath_available $domain $path || ynh_die "$domain/$path is not available, please use an other domain."
if [ -f $conf ]; then
ynh_die "There is already a nginx conf file at this path: $conf"
fi
sudo cp -a ./nginx.conf "/etc/nginx/conf.d/${domain}.d/${app}.conf"
# Make dh cert for synapse if it not exist # Make dh cert for synapse if it not exist
test ! -e /etc/yunohost/certs/$domain/dh.pem && sudo openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null test ! -e /etc/yunohost/certs/$domain/dh.pem && openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null
# Get Matrix key repos
wget -q -O '/tmp/matrix-repo-key.asc' "https://matrix.org/packages/debian/repo-key.asc"
sudo apt-key add "/tmp/matrix-repo-key.asc"
echo "matrix-synapse matrix-synapse/server-name select $domain" | sudo debconf-set-selections # Configure dpkg for no questions
echo "matrix-synapse matrix-synapse/report-stats select false" | sudo debconf-set-selections # Configure dpkg for no questions
# Install coturn (the turn server)
ynh_package_install coturn
# Enable debian-backports repos
enable_backport_repos
# Enable Synapse repos
if [[ -n "$(uname -m | grep arm)" ]]
then
# Use special conf for arm arch because some binary are not available in jessie backport or in matrix repos
install_arm_package_dep
ynh_package_install -t $debian_version-backports -f
echo "deb [arch=i386] http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list"
ynh_package_update
else
echo "deb http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list"
ynh_package_update
fi
# Install synapse package
# We neet to install python-cryptography to Solve a python error about dependance (from cryptography.hazmat.primitives.asymmetric.utils)
ynh_package_install -t $debian_version-backports matrix-synapse python-matrix-synapse-ldap3 python-cryptography
# Restaure la configuration de logrotate
sudo cp -a ./logrotate /etc/logrotate.d/$app
# Restore synapse config
sudo cp -a ./synapse_config/. "/etc/matrix-synapse/."
# Restore coturn server
sudo cp -a ./coturn_config "/etc/turnserver.conf"
sudo cp -a ./coturn_config_default "/etc/default/coturn"
# Restore synapse database
sudo cp -a ./data/. "/var/lib/matrix-synapse/."
# Configure access for certificates
set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
set_access turnserver /etc/yunohost/certs/$domain/crt.pem
set_access turnserver /etc/yunohost/certs/$domain/key.pem
set_access turnserver /etc/yunohost/certs/$domain/dh.pem
# Ouvre le port dans le firewall # Ouvre le port dans le firewall
sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1 yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
sudo yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1 yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
# Régénère la configuration de SSOwat # Install all dependances
sudo yunohost app ssowatconf install_dependances
# Create user
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
# Create directory Install synapse in virtualenv
install_from_source
# Restore all config and data
ynh_restore
# Configure access for certificates
set_certificat_access
# Restore postgresql database
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name
ENCODING 'UTF8'
LC_COLLATE='C'
LC_CTYPE='C'
template=template0
OWNER $synapse_db_user;"
su -c "psql $synapse_db_name" postgres < ${YNH_CWD}/dump.sql
# Enable systemd service
systemctl daemon-reload
systemctl enable matrix-synapse.service
# register yunohost service
yunohost service add matrix-synapse
# Reload webserver # Reload webserver
sudo service nginx reload systemctl reload nginx.service
sudo service matrix-synapse restart systemctl restart matrix-synapse.service
sudo service coturn restart systemctl restart coturn.service

147
scripts/upgrade
View file

@ -1,67 +1,128 @@
#!/bin/bash #!/bin/bash
# Source YunoHost helpers
source /usr/share/yunohost/helpers
source ./psql.sh
# Stop script if errors
ynh_abort_if_errors
# Import common cmd # Import common cmd
source ./_common.sh source ./_common.sh
# Init script
init_script
# Retrieve arguments # Retrieve arguments
domain=$(ynh_app_setting_get $app domain) domain=$(ynh_app_setting_get $app special_domain)
path=$(ynh_app_setting_get $app path) path=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
synapse_old_version=$(ynh_app_setting_get $app synapse_version)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public) is_public=$(ynh_app_setting_get $app is_public)
synapse_port=$(ynh_app_setting_get $app synapse_port) synapse_port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd) turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
CHECK_PATH # Vérifie et corrige la syntaxe du path. systemctl stop matrix-synapse.service
if [[ -n "$(uname -m | grep arm)" ]] if [[ -z $synapse_old_version ]]
then then
install_arm_package_dep ynh_die "Update from this version is not available now. You need to wait for the next update."
## We move from debian package to new package with python virtualenv
# Change settings
path="/_matrix"
domain=$(ynh_app_setting_get $app domain)
final_path="/opt/yunohost/matrix-synapse"
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_delete $app domain
ynh_app_setting_delete $app path
ynh_app_setting_delete $app skipped_uris
# Remove old package and add new package as dependance
ynh_secure_remove /etc/apt/sources.list.d/matrix.list
ynh_package_autoremove --purge matrix-synapse python-matrix-synapse-ldap3 || true
# If we don't remove these line in dpkg config, dpkg fail on every new package install
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/lib/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/log/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /etc/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
# add new package as dependance and install dependance
install_dependances
# Create directory Install synapse in virtualenv
install_from_source
# Open access to server without a button the home
cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py
# Create user
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
# Create systemd service
ynh_secure_remove /etc/init.d/matrix-synapse
ynh_secure_remove /lib/systemd/system/matrix-synapse.service
ynh_secure_remove /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
systemctl disable matrix-synapse.service
cp ../conf/default_matrix-synapse /etc/default/matrix-synapse
cp ../conf/matrix-synapse.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable matrix-synapse.service
# Configuration de logrotate
ynh_use_logrotate /var/log/matrix-synapse/
# register yunohost service
yunohost service add matrix-synapse
## Move to postgresql from sqlite
# We create the new settings
synapse_db_pwd=$(ynh_string_random 30)
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
# Create postgresql database
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
# Create config file for synapse with postgresql
config_synapse
# Migrate database
/opt/yunohost/matrix-synapse/bin/synapse_port_db --sqlite-database /var/lib/matrix-synapse/homeserver.db \
--postgres-config /etc/matrix-synapse/homeserver.yaml
fi fi
# Et copie le fichier de config nginx # Update nginx config
sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf config_nginx
# Modifie les variables dans le fichier de configuration nginx
sudo sed -i "s@__PATH__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf
sudo sed -i "s@__PORT__@$synapse_port@g" /etc/nginx/conf.d/$domain.d/$app.conf
# Configure Synapse # Configure Synapse
sudo cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml config_synapse
sudo sed -i "s@__DOMAIN__@$domain@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__PORT__@$synapse_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TLS_PORT__@$synapse_tls_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TURNSERVER_TLS_PORT__@$turnserver_tls_port@g" /etc/matrix-synapse/homeserver.yaml
sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/matrix-synapse/homeserver.yaml
# Configure access for certificates # Configure access for certificates
set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem set_certificat_access
set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
set_access turnserver /etc/yunohost/certs/$domain/crt.pem
set_access turnserver /etc/yunohost/certs/$domain/key.pem
set_access turnserver /etc/yunohost/certs/$domain/dh.pem
if [ "$is_public" = "0" ]
then
sudo sed -i "s@__ALLOWED_ACCESS__@False@g" /etc/matrix-synapse/homeserver.yaml
else
sudo sed -i "s@__ALLOWED_ACCESS__@True@g" /etc/matrix-synapse/homeserver.yaml
fi
# Configure Coturn # Configure Coturn
sudo cp ../conf/turnserver.conf /etc/turnserver.conf config_coturn
sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/turnserver.conf
sudo sed -i "s@__DOMAIN__@$domain@g" /etc/turnserver.conf # Upgrade manually Synapse
sudo sed -i "s@__TLS_PORT__@$turnserver_tls_port@g" /etc/turnserver.conf PS1=""
source $final_path/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
pip install --upgrade https://github.com/matrix-org/synapse/tarball/master
# Set new settings
ynh_app_setting_set $app synapse_version $synapse_version
# Régénère la configuration de SSOwat
sudo yunohost app ssowatconf
# Recharge la configuration Nginx # Recharge la configuration Nginx
sudo service nginx reload systemctl reload nginx.service
sudo service matrix-synapse restart systemctl start matrix-synapse.service
sudo service coturn restart systemctl restart coturn.service