diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index 7c523fb..83afbad 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -1217,7 +1217,7 @@ saml2_config: # Enable CAS for registration and login. # cas_config: - enabled: true + enabled: __SSO_ENABLED__ server_url: "https://__DOMAIN__/_matrix/cas_server.php" service_url: "https://__DOMAIN__" # #displayname_attribute: name diff --git a/conf/server_name.conf b/conf/server_name.conf index 3a1718f..fdf553e 100644 --- a/conf/server_name.conf +++ b/conf/server_name.conf @@ -1,5 +1,13 @@ - location /.well-known/matrix/ { - return 200 '{"m.server": "__DOMAIN__:__PORT__"}'; - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin '*'; +location /.well-known/matrix/server { + return 200 '{"m.server": "__DOMAIN__:__PORT__"}'; + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin '*'; +} + +location /.well-known/matrix/client { + return 200 '{"im.vector.riot.jitsi": + {"preferredDomain": "__JITSI_SERVER_ADDR__"} + }'; + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin '*'; } diff --git a/config_panel.toml b/config_panel.toml index c1043b1..a5c37e3 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -20,11 +20,19 @@ name = "Synapse configuration" help = "Is it a public server" [synapse_config.server_config.allow_public_rooms] - ask = "Server public" + ask = "Public rooms directory" type = "boolean" default = false help = "If set to 'false', requires authentication to access the server's public rooms directory through the client API and forbids any other homeserver to fetch the server's public rooms directory via federation." + [synapse_config.client_config] + name = "Matrix client configuration" + + [synapse_config.client_config.jitsi_server] + ask = "Jitsi server address for conference" + type = "string" + default = 'jitsi.riot.im' + help = "Address of the Jitsi server for conference. Note that it's only for conference in rooms with more than 2 person. With 2 person the stun/turn server is used." [package_config] name = "Package configuration" diff --git a/manifest.json b/manifest.json index 93c5bdc..39eac76 100644 --- a/manifest.json +++ b/manifest.json @@ -3,8 +3,8 @@ "id": "synapse", "packaging_format": 1, "description": { - "en": "Instant messaging server who use matrix", - "fr": "Un serveur de messagerie instantané basé sur matrix" + "en": "Instant messaging server which uses Matrix", + "fr": "Un serveur de messagerie instantané basé sur Matrix" }, "version": "1.12.4~ynh1", "url": "http://matrix.org", @@ -35,8 +35,8 @@ "name": "server_name", "type": "string", "ask": { - "en": "If your synapse domain is a subdomain, you can choose a name for your Synapse server to have your matrix user-ids looking like @user:domain.org instead of @user:synapse.domain.org", - "fr": "Si votre domaine pour synapse est un sous-domaine, vous pouvez choisir un nom pour votre serveur Synapse afin que vos identifiants matrix soient @utilisateur:domain.org plutôt que @utilisateur:synapse.domain.org" + "en": "If your Synapse domain is a subdomain, you can choose a name for your Synapse server to have your Matrix user-ids looking like @user:domain.org instead of @user:synapse.domain.org", + "fr": "Si votre domaine pour Synapse est un sous-domaine, vous pouvez choisir un nom pour votre serveur Synapse afin que vos identifiants Matrix soient @utilisateur:domain.org plutôt que @utilisateur:synapse.domain.org" }, "example": "domain.org", "default": "Same than the domain" @@ -45,7 +45,7 @@ "name": "is_public", "type": "boolean", "ask": { - "en": "Is it a public server ?", + "en": "Is it a public server?", "fr": "Est-ce un serveur public ?" }, "default": false, @@ -53,6 +53,16 @@ "en": "A public server means that anybody will be able to register on this server.", "fr": "Un serveur public signifie que n'importe qui pourra s'enregistrer sur ce serveur." } + }, + { + "name": "jitsi_server", + "type": "string", + "ask": { + "en": "Jitsi server address for conferencing?", + "fr": "Adresse du serveur Jitsi pour les conférences ?" + }, + "example": "domain.org", + "default": "jitsi.riot.im" } ] } diff --git a/scripts/change_url b/scripts/change_url index 833f8c7..cbd5146 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -80,6 +80,7 @@ then cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + ynh_replace_string --match_string=__JITSI_SERVER_ADDR__ --replace_string=$jitsi_server --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" fi @@ -127,11 +128,13 @@ ynh_print_ON ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml" -if [ "$is_public" = "0" ] +if [ $is_public -eq 0 ] then ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=False --target_file="$homeserver_config_path" + ynh_replace_string --match_string=__SSO_ENABLED__ --replace_string=True --target_file="$homeserver_config_path" else ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=True --target_file="$homeserver_config_path" + ynh_replace_string --match_string=__SSO_ENABLED__ --replace_string=False --target_file="$homeserver_config_path" fi ynh_store_file_checksum --file="$homeserver_config_path" diff --git a/scripts/config b/scripts/config index 582723a..6a4f2c5 100644 --- a/scripts/config +++ b/scripts/config @@ -22,8 +22,9 @@ source ./_common.sh app=$YNH_APP_INSTANCE_NAME report_stats=$(ynh_app_setting_get --app $app --key report_stats) allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) -backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_backup_before_upgrade) +disable_backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_backup_before_upgrade) is_public=$(ynh_app_setting_get --app $app --key is_public) +jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) #================================================= # SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND @@ -34,20 +35,15 @@ show_config() { # ynh_return "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value" ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS=$report_stats" ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS=$allow_public_rooms" + ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER=$jitsi_server" + ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=${is_public}" - if [[ ${backup_before_upgrade:-0} -eq 1 ]] + if [[ ${disable_backup_before_upgrade:-0} -eq 1 ]] then ynh_return "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=false" else ynh_return "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=true" fi - - if [[ ${is_public} -eq 1 ]] - then - ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=true" - else - ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=false" - fi } #================================================= @@ -57,17 +53,21 @@ show_config() { apply_config() { report_stats=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS:-$report_stats} allow_public_rooms=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS:-$allow_public_rooms} - backup_before_upgrade=${YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE:-$backup_before_upgrade} + do_backup_before_upgrade=${YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE:-} is_public=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC:-$is_public} + jitsi_server=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER:-$jitsi_server} ynh_app_setting_set --app $app --key report_stats --value $report_stats ynh_app_setting_set --app $app --key allow_public_rooms --value $allow_public_rooms ynh_app_setting_set --app $app --key is_public --value $is_public + ynh_app_setting_set --app $app --key jitsi_server --value $jitsi_server - if [ $backup_before_upgrade == 1 ]; then - ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 0 - else - ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 1 + if [[ -n $do_backup_before_upgrade ]]; then + if [ $do_backup_before_upgrade -eq 1 ]; then + ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 0 + else + ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 1 + fi fi domain=$(ynh_app_setting_get --app $app --key domain) @@ -96,7 +96,6 @@ apply_config() { ynh_backup_if_checksum_is_different "$homeserver_config_path" cp ../conf/homeserver.yaml "$homeserver_config_path" - cp ../conf/log.yaml /etc/matrix-$app/log.yaml ynh_replace_string --match_string __APP__ --replace_string $app --target_file "$homeserver_config_path" ynh_replace_string --match_string __DOMAIN__ --replace_string $domain --target_file "$homeserver_config_path" @@ -121,17 +120,30 @@ apply_config() { ynh_replace_special_string --match_string=__MACAROON_SECRET_KEY__ --replace_string="$macaroon_secret_key" --target_file="$homeserver_config_path" fi - if [ "$is_public" = "0" ] + if [ $is_public -eq 0 ] then - ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path" + ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=False --target_file="$homeserver_config_path" + ynh_replace_string --match_string=__SSO_ENABLED__ --replace_string=True --target_file="$homeserver_config_path" else - ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path" + ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=True --target_file="$homeserver_config_path" + ynh_replace_string --match_string=__SSO_ENABLED__ --replace_string=False --target_file="$homeserver_config_path" + fi + + # Create .well-known redirection for access by federation + if yunohost --output-as plain domain list | grep -q "^$server_name$" + then + cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf + ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + ynh_replace_string --match_string=__JITSI_SERVER_ADDR__ --replace_string=$jitsi_server --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" fi ynh_store_file_checksum --file "$homeserver_config_path" setfacl -R -m user:turnserver:rX /etc/matrix-$app systemctl restart matrix-$app + systemctl reload nginx } #================================================= diff --git a/scripts/install b/scripts/install index 58285fe..eb98c2c 100644 --- a/scripts/install +++ b/scripts/install @@ -49,6 +49,7 @@ default_domain_value="Same than the domain" domain=$YNH_APP_ARG_DOMAIN server_name=$YNH_APP_ARG_SERVER_NAME is_public=$YNH_APP_ARG_IS_PUBLIC +jitsi_server=$YNH_APP_ARG_JITSI_SERVER path_url="/_matrix" final_path="/opt/yunohost/matrix-$app" final_www_path="/var/www/$app" @@ -77,6 +78,7 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=no_sso --value true ynh_app_setting_set --app=$app --key=server_name --value=$server_name +ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version ynh_app_setting_set --app=$app --key=is_public --value=$is_public @@ -268,17 +270,19 @@ ynh_script_progression --message="Configuring nginx web server..." --weight=2 ynh_script_progression --message="Configuring application..." ynh_add_fpm_config -ynh_add_nginx_config app - # Create .well-known redirection for access by federation if yunohost --output-as plain domain list | grep -q "^$server_name$" then cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + ynh_replace_string --match_string=__JITSI_SERVER_ADDR__ --replace_string=$jitsi_server --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" fi +# Create a dedicated nginx config +ynh_add_nginx_config app + #================================================= # SET SYNAPSE CONFIG #================================================= @@ -322,8 +326,10 @@ ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/ if [ $is_public -eq 0 ] then ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=False --target_file="$homeserver_config_path" + ynh_replace_string --match_string=__SSO_ENABLED__ --replace_string=True --target_file="$homeserver_config_path" else ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=True --target_file="$homeserver_config_path" + ynh_replace_string --match_string=__SSO_ENABLED__ --replace_string=False --target_file="$homeserver_config_path" fi ynh_store_file_checksum --file="$homeserver_config_path" diff --git a/scripts/upgrade b/scripts/upgrade index cf4ba14..8239b74 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -19,6 +19,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) server_name=$(ynh_app_setting_get --app=$app --key=server_name) +jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) @@ -107,7 +108,13 @@ fi # Define $server_name if not already defined if [ -z $server_name ]; then server_name=$domain - ynh_app_setting_set $app server_name $domain + ynh_app_setting_set --app=$app --key=server_name --value=$domain +fi + +# Define $server_name if not already defined +if [ -z $jitsi_server ]; then + jitsi_server='jitsi.riot.im' + ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server fi #================================================= @@ -268,11 +275,13 @@ ynh_print_ON ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml" -if [ "$is_public" = "0" ] +if [ $is_public -eq 0 ] then ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=False --target_file="$homeserver_config_path" + ynh_replace_string --match_string=__SSO_ENABLED__ --replace_string=True --target_file="$homeserver_config_path" else ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=True --target_file="$homeserver_config_path" + ynh_replace_string --match_string=__SSO_ENABLED__ --replace_string=False --target_file="$homeserver_config_path" fi ynh_store_file_checksum --file="$homeserver_config_path" @@ -354,18 +363,19 @@ ynh_script_progression --message="Upgrading nginx web server configuration..." - ynh_script_progression --message="Configuring application..." ynh_add_fpm_config -# Create a dedicated nginx config -ynh_add_nginx_config app - # Create .well-known redirection for access by federation if yunohost --output-as plain domain list | grep -q "^$server_name$" then cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + ynh_replace_string --match_string=__JITSI_SERVER_ADDR__ --replace_string=$jitsi_server --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" fi +# Create a dedicated nginx config +ynh_add_nginx_config app + #================================================= # SPECIFIC UPGRADE #================================================= diff --git a/sources/Coturn_config_rotate.sh b/sources/Coturn_config_rotate.sh index e01c3fc..e1a99ac 100644 --- a/sources/Coturn_config_rotate.sh +++ b/sources/Coturn_config_rotate.sh @@ -23,10 +23,15 @@ else external_IP_line="${external_IP_line/',__IPV6__'/}" fi +old_config_line=$(egrep "^external-ip=.*\$" "/etc/matrix-$app_instance/coturn.conf") ynh_replace_string "^external-ip=.*\$" "$external_IP_line" "/etc/matrix-$app_instance/coturn.conf" +new_config_line=$(egrep "^external-ip=.*\$" "/etc/matrix-$app_instance/coturn.conf") setfacl -R -m user:turnserver:rX /etc/matrix-$app_instance -systemctl restart coturn-$app_instance.service +if [ "$old_config_line" != "$new_config_line" ] +then + systemctl restart coturn-$app_instance.service +fi exit 0