mirror of
https://github.com/YunoHost-Apps/synapse_ynh.git
synced 2024-09-03 20:26:38 +02:00
commit
62a94a7da9
9 changed files with 426 additions and 346 deletions
|
@ -45,15 +45,15 @@ modules:
|
||||||
# lowercase and may contain an explicit port.
|
# lowercase and may contain an explicit port.
|
||||||
# Examples: matrix.org, localhost:8080
|
# Examples: matrix.org, localhost:8080
|
||||||
#
|
#
|
||||||
server_name: "__SERVER_NAME__"
|
server_name: "{{ server_name }}"
|
||||||
|
|
||||||
# When running as a daemon, the file to store the pid in
|
# When running as a daemon, the file to store the pid in
|
||||||
#
|
#
|
||||||
pid_file: /run/matrix-__APP__/homeserver.pid
|
pid_file: /run/matrix-{{ app }}/homeserver.pid
|
||||||
|
|
||||||
# The absolute URL to the web client which / will redirect to.
|
# The absolute URL to the web client which / will redirect to.
|
||||||
#
|
#
|
||||||
web_client_location: __WEB_CLIENT_LOCATION__
|
web_client_location: {{ web_client_location }}
|
||||||
|
|
||||||
# The public-facing base URL that clients use to access this Homeserver (not
|
# The public-facing base URL that clients use to access this Homeserver (not
|
||||||
# including _matrix/...). This is the same URL a user might enter into the
|
# including _matrix/...). This is the same URL a user might enter into the
|
||||||
|
@ -64,7 +64,7 @@ web_client_location: __WEB_CLIENT_LOCATION__
|
||||||
#
|
#
|
||||||
# Defaults to 'https://<server_name>/'.
|
# Defaults to 'https://<server_name>/'.
|
||||||
#
|
#
|
||||||
public_baseurl: https://__DOMAIN__/
|
public_baseurl: https://{{ domain }}/
|
||||||
|
|
||||||
# Uncomment the following to tell other servers to send federation traffic on
|
# Uncomment the following to tell other servers to send federation traffic on
|
||||||
# port 443.
|
# port 443.
|
||||||
|
@ -125,12 +125,12 @@ presence:
|
||||||
# public rooms directory through the client API, meaning that anyone can
|
# public rooms directory through the client API, meaning that anyone can
|
||||||
# query the room directory. Defaults to 'false'.
|
# query the room directory. Defaults to 'false'.
|
||||||
#
|
#
|
||||||
allow_public_rooms_without_auth: __ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH__
|
allow_public_rooms_without_auth: {{ allow_public_rooms_without_auth }}
|
||||||
|
|
||||||
# If set to 'true', allows any other homeserver to fetch the server's public
|
# If set to 'true', allows any other homeserver to fetch the server's public
|
||||||
# rooms directory via federation. Defaults to 'false'.
|
# rooms directory via federation. Defaults to 'false'.
|
||||||
#
|
#
|
||||||
allow_public_rooms_over_federation: __ALLOW_PUBLIC_ROOMS_OVER_FEDERATION__
|
allow_public_rooms_over_federation: {{ allow_public_rooms_over_federation }}
|
||||||
|
|
||||||
# The default room version for newly created rooms.
|
# The default room version for newly created rooms.
|
||||||
#
|
#
|
||||||
|
@ -288,7 +288,7 @@ listeners:
|
||||||
# will also need to give Synapse a TLS key and certificate: see the TLS section
|
# will also need to give Synapse a TLS key and certificate: see the TLS section
|
||||||
# below.)
|
# below.)
|
||||||
#
|
#
|
||||||
- port: __PORT_SYNAPSE_TLS__
|
- port: {{ port_synapse_tls }}
|
||||||
type: http
|
type: http
|
||||||
tls: true
|
tls: true
|
||||||
resources:
|
resources:
|
||||||
|
@ -300,7 +300,7 @@ listeners:
|
||||||
# If you plan to use a reverse proxy, please see
|
# If you plan to use a reverse proxy, please see
|
||||||
# https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
|
# https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
|
||||||
#
|
#
|
||||||
- port: __PORT_SYNAPSE__
|
- port: {{ port_synapse }}
|
||||||
tls: false
|
tls: false
|
||||||
type: http
|
type: http
|
||||||
x_forwarded: true
|
x_forwarded: true
|
||||||
|
@ -613,11 +613,11 @@ admin_contact: 'mailto:root'
|
||||||
# any intermediate certificates (for instance, if using certbot, use
|
# any intermediate certificates (for instance, if using certbot, use
|
||||||
# `fullchain.pem` as your certificate, not `cert.pem`).
|
# `fullchain.pem` as your certificate, not `cert.pem`).
|
||||||
#
|
#
|
||||||
tls_certificate_path: "/etc/yunohost/certs/__DOMAIN__/crt.pem"
|
tls_certificate_path: "/etc/yunohost/certs/{{ domain }}/crt.pem"
|
||||||
|
|
||||||
# PEM-encoded private key for TLS
|
# PEM-encoded private key for TLS
|
||||||
#
|
#
|
||||||
tls_private_key_path: "/etc/yunohost/certs/__DOMAIN__/key.pem"
|
tls_private_key_path: "/etc/yunohost/certs/{{ domain }}/key.pem"
|
||||||
|
|
||||||
# Whether to verify TLS server certificates for outbound federation requests.
|
# Whether to verify TLS server certificates for outbound federation requests.
|
||||||
#
|
#
|
||||||
|
@ -804,9 +804,9 @@ database:
|
||||||
name: psycopg2
|
name: psycopg2
|
||||||
#txn_limit: 10000
|
#txn_limit: 10000
|
||||||
args:
|
args:
|
||||||
user: __DB_USER__
|
user: {{ db_user }}
|
||||||
password: __DB_PWD__
|
password: {{ db_pwd }}
|
||||||
database: __DB_NAME__
|
database: {{ db_name }}
|
||||||
host: localhost
|
host: localhost
|
||||||
port: 5432
|
port: 5432
|
||||||
cp_min: 5
|
cp_min: 5
|
||||||
|
@ -826,7 +826,7 @@ database:
|
||||||
# A yaml python logging config file as described by
|
# A yaml python logging config file as described by
|
||||||
# https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
|
# https://docs.python.org/3.7/library/logging.config.html#configuration-dictionary-schema
|
||||||
#
|
#
|
||||||
log_config: "/etc/matrix-__APP__/log.yaml"
|
log_config: "/etc/matrix-{{ app }}/log.yaml"
|
||||||
|
|
||||||
|
|
||||||
## Ratelimiting ##
|
## Ratelimiting ##
|
||||||
|
@ -959,7 +959,7 @@ log_config: "/etc/matrix-__APP__/log.yaml"
|
||||||
|
|
||||||
# Directory where uploaded images and attachments are stored.
|
# Directory where uploaded images and attachments are stored.
|
||||||
#
|
#
|
||||||
media_store_path: "__DATA_DIR__/media"
|
media_store_path: "{{ data_dir }}/media"
|
||||||
|
|
||||||
# Media storage providers allow media to be stored in different
|
# Media storage providers allow media to be stored in different
|
||||||
# locations.
|
# locations.
|
||||||
|
@ -973,7 +973,7 @@ media_storage_providers:
|
||||||
# Whether to wait for successful storage for local uploads
|
# Whether to wait for successful storage for local uploads
|
||||||
store_synchronous: false
|
store_synchronous: false
|
||||||
config:
|
config:
|
||||||
directory: "__DATA_DIR__/media_storage"
|
directory: "{{ data_dir }}/media_storage"
|
||||||
|
|
||||||
# The largest allowed upload size in bytes
|
# The largest allowed upload size in bytes
|
||||||
#
|
#
|
||||||
|
@ -981,7 +981,7 @@ media_storage_providers:
|
||||||
# your reverse proxy's config. Notably Nginx has a small max body size by default.
|
# your reverse proxy's config. Notably Nginx has a small max body size by default.
|
||||||
# See https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
|
# See https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
|
||||||
#
|
#
|
||||||
max_upload_size: __MAX_UPLOAD_SIZE__
|
max_upload_size: {{ max_upload_size }}
|
||||||
|
|
||||||
# Maximum number of pixels that will be thumbnailed
|
# Maximum number of pixels that will be thumbnailed
|
||||||
#
|
#
|
||||||
|
@ -1181,11 +1181,15 @@ oembed:
|
||||||
|
|
||||||
# The public URIs of the TURN server to give to clients
|
# The public URIs of the TURN server to give to clients
|
||||||
#
|
#
|
||||||
__TURN_SERVER_CONFIG__
|
{%- if enable_dtls_for_audio_video_turn_call == 'true' %}
|
||||||
|
turn_uris: [ "turns:{{ domain }}:{{ port_turnserver_tls }}", "turns:{{ domain }}:{{ port_turnserver_alt_tls }}" ]
|
||||||
|
{%- else %}
|
||||||
|
turn_uris: [ "turn:{{ domain }}:{{ port_turnserver_tls }}", "turn:{{ domain }}:{{ port_turnserver_alt_tls }}" ]
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
# The shared secret used to compute passwords for the TURN server
|
# The shared secret used to compute passwords for the TURN server
|
||||||
#
|
#
|
||||||
turn_shared_secret: "__TURNSERVER_PWD__"
|
turn_shared_secret: "{{ turnserver_pwd }}"
|
||||||
|
|
||||||
# The Username and password if the TURN server needs them and
|
# The Username and password if the TURN server needs them and
|
||||||
# does not use a token
|
# does not use a token
|
||||||
|
@ -1203,7 +1207,7 @@ turn_user_lifetime: 12h
|
||||||
# connect to arbitrary endpoints without having first signed up for a
|
# connect to arbitrary endpoints without having first signed up for a
|
||||||
# valid account (e.g. by passing a CAPTCHA).
|
# valid account (e.g. by passing a CAPTCHA).
|
||||||
#
|
#
|
||||||
turn_allow_guests: __ALLOW_GUEST_ACCESS__
|
turn_allow_guests: {{ allow_guest_access }}
|
||||||
|
|
||||||
|
|
||||||
## Registration ##
|
## Registration ##
|
||||||
|
@ -1215,7 +1219,7 @@ turn_allow_guests: __ALLOW_GUEST_ACCESS__
|
||||||
# you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration
|
# you use either captcha, email, or token-based verification to verify that new users are not bots. In order to enable registration
|
||||||
# without any verification, you must also set `enable_registration_without_verification`, found below.
|
# without any verification, you must also set `enable_registration_without_verification`, found below.
|
||||||
#
|
#
|
||||||
enable_registration: __ENABLE_REGISTRATION__
|
enable_registration: {{ enable_registration }}
|
||||||
|
|
||||||
# Enable registration without email or captcha verification. Note: this option is *not* recommended,
|
# Enable registration without email or captcha verification. Note: this option is *not* recommended,
|
||||||
# as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect
|
# as registration without verification is a known vector for spam and abuse. Defaults to false. Has no effect
|
||||||
|
@ -1274,26 +1278,41 @@ enable_registration: __ENABLE_REGISTRATION__
|
||||||
|
|
||||||
# The user must provide all of the below types of 3PID when registering.
|
# The user must provide all of the below types of 3PID when registering.
|
||||||
#
|
#
|
||||||
_REGISTRATION_REQUIRE_3PID_SED_PARAM_
|
{%- if registrations_require_3pid %}
|
||||||
|
registrations_require_3pid:
|
||||||
|
{%- for pid in registrations_require_3pid.split('&') %}
|
||||||
|
- {{ pid }}
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
# Explicitly disable asking for MSISDNs from the registration
|
# Explicitly disable asking for MSISDNs from the registration
|
||||||
# flow (overrides registrations_require_3pid if MSISDNs are set as required)
|
# flow (overrides registrations_require_3pid if MSISDNs are set as required)
|
||||||
#
|
#
|
||||||
disable_msisdn_registration: __DISABLE_MSISDN_REGISTRATION__
|
disable_msisdn_registration: {{ disable_msisdn_registration }}
|
||||||
|
|
||||||
# Mandate that users are only allowed to associate certain formats of
|
# Mandate that users are only allowed to associate certain formats of
|
||||||
# 3PIDs with accounts on this server.
|
# 3PIDs with accounts on this server.
|
||||||
#
|
#
|
||||||
_ALLOWD_LOCAL_3PIDS_SED_PARAM_
|
|
||||||
#allowed_local_3pids:
|
#allowed_local_3pids:
|
||||||
# - medium: email
|
# - medium: email
|
||||||
# pattern: '^[^@]+@vector\.im$'
|
# pattern: '^[^@]+@vector\.im$'
|
||||||
# - medium: msisdn
|
# - medium: msisdn
|
||||||
# pattern: '\+44'
|
# pattern: '\+44'
|
||||||
|
{%- if allowed_local_3pids_email or allowed_local_3pids_msisdn %}
|
||||||
|
allowed_local_3pids:
|
||||||
|
{%- for pattern in allowed_local_3pids_email.strip(',').split(',') %}
|
||||||
|
- medium: email
|
||||||
|
pattern: '{{ pattern }}'
|
||||||
|
{%- endfor %}
|
||||||
|
{%- for pattern in allowed_local_3pids_msisdn.strip(',').split(',') %}
|
||||||
|
- medium: msisdn
|
||||||
|
pattern: '{{ pattern }}'
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
# Enable 3PIDs lookup requests to identity servers from this server.
|
# Enable 3PIDs lookup requests to identity servers from this server.
|
||||||
#
|
#
|
||||||
enable_3pid_lookup: __ENABLE_3PID_LOOKUP__
|
enable_3pid_lookup: {{ enable_3pid_lookup }}
|
||||||
|
|
||||||
# Require users to submit a token during registration.
|
# Require users to submit a token during registration.
|
||||||
# Tokens can be managed using the admin API:
|
# Tokens can be managed using the admin API:
|
||||||
|
@ -1313,7 +1332,7 @@ enable_3pid_lookup: __ENABLE_3PID_LOOKUP__
|
||||||
# If set, allows registration of standard or admin accounts by anyone who
|
# If set, allows registration of standard or admin accounts by anyone who
|
||||||
# has the shared secret, even if registration is otherwise disabled.
|
# has the shared secret, even if registration is otherwise disabled.
|
||||||
#
|
#
|
||||||
registration_shared_secret: "__REGISTRATION_SHARED_SECRET__"
|
registration_shared_secret: "{{ registration_shared_secret }}"
|
||||||
|
|
||||||
# Set the number of bcrypt rounds used to generate password hash.
|
# Set the number of bcrypt rounds used to generate password hash.
|
||||||
# Larger numbers increase the work factor needed to generate the hash.
|
# Larger numbers increase the work factor needed to generate the hash.
|
||||||
|
@ -1327,7 +1346,7 @@ registration_shared_secret: "__REGISTRATION_SHARED_SECRET__"
|
||||||
# participate in rooms hosted on this server which have been made
|
# participate in rooms hosted on this server which have been made
|
||||||
# accessible to anonymous users.
|
# accessible to anonymous users.
|
||||||
#
|
#
|
||||||
allow_guest_access: __ALLOW_GUEST_ACCESS__
|
allow_guest_access: {{ allow_guest_access }}
|
||||||
|
|
||||||
# The identity server which we suggest that clients should use when users log
|
# The identity server which we suggest that clients should use when users log
|
||||||
# in on this server.
|
# in on this server.
|
||||||
|
@ -1335,7 +1354,7 @@ allow_guest_access: __ALLOW_GUEST_ACCESS__
|
||||||
# (By default, no suggestion is made, so it is left up to the client.
|
# (By default, no suggestion is made, so it is left up to the client.
|
||||||
# This setting is ignored unless public_baseurl is also explicitly set.)
|
# This setting is ignored unless public_baseurl is also explicitly set.)
|
||||||
#
|
#
|
||||||
default_identity_server: __DEFAULT_IDENTITY_SERVER__
|
default_identity_server: {{ default_identity_server }}
|
||||||
|
|
||||||
# Handle threepid (email/phone etc) registration and password resets through a set of
|
# Handle threepid (email/phone etc) registration and password resets through a set of
|
||||||
# *trusted* identity servers. Note that this allows the configured identity server to
|
# *trusted* identity servers. Note that this allows the configured identity server to
|
||||||
|
@ -1361,7 +1380,7 @@ default_identity_server: __DEFAULT_IDENTITY_SERVER__
|
||||||
# As email delegates is managed by the synapse server itself this email section is
|
# As email delegates is managed by the synapse server itself this email section is
|
||||||
# not necessary but msisdn format is still composed by msisdn: <value> on a new line
|
# not necessary but msisdn format is still composed by msisdn: <value> on a new line
|
||||||
account_threepid_delegates:
|
account_threepid_delegates:
|
||||||
msisdn: __ACCOUNT_THREEPID_DELEGATES_MSISDN__
|
msisdn: {{ account_threepid_delegates_msisdn }}
|
||||||
#email: https://example.com # Delegate email sending to example.com
|
#email: https://example.com # Delegate email sending to example.com
|
||||||
#msisdn: http://localhost:8090 # Delegate SMS sending to this local process
|
#msisdn: http://localhost:8090 # Delegate SMS sending to this local process
|
||||||
|
|
||||||
|
@ -1397,7 +1416,12 @@ account_threepid_delegates:
|
||||||
# If the room already exists, make certain it is a publicly joinable
|
# If the room already exists, make certain it is a publicly joinable
|
||||||
# room. The join rule of the room must be set to 'public'.
|
# room. The join rule of the room must be set to 'public'.
|
||||||
#
|
#
|
||||||
_AUTO_JOIN_ROOMS_SED_PARAM_
|
{%- if auto_join_rooms %}
|
||||||
|
auto_join_rooms:
|
||||||
|
{%- for room in auto_join_rooms.split(',') %}
|
||||||
|
- '{{ room }}'
|
||||||
|
{%- endfor %}
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
# Where auto_join_rooms are specified, setting this flag ensures that the
|
# Where auto_join_rooms are specified, setting this flag ensures that the
|
||||||
# the rooms exist by creating them when the first user on the
|
# the rooms exist by creating them when the first user on the
|
||||||
|
@ -1413,7 +1437,7 @@ _AUTO_JOIN_ROOMS_SED_PARAM_
|
||||||
# Defaults to true. Uncomment the following line to disable automatically
|
# Defaults to true. Uncomment the following line to disable automatically
|
||||||
# creating auto-join rooms.
|
# creating auto-join rooms.
|
||||||
#
|
#
|
||||||
autocreate_auto_join_rooms: __AUTOCREATE_AUTO_JOIN_ROOMS__
|
autocreate_auto_join_rooms: {{ autocreate_auto_join_rooms }}
|
||||||
|
|
||||||
# Whether the auto_join_rooms that are auto-created are available via
|
# Whether the auto_join_rooms that are auto-created are available via
|
||||||
# federation. Only has an effect if autocreate_auto_join_rooms is true.
|
# federation. Only has an effect if autocreate_auto_join_rooms is true.
|
||||||
|
@ -1464,7 +1488,7 @@ autocreate_auto_join_rooms: __AUTOCREATE_AUTO_JOIN_ROOMS__
|
||||||
#
|
#
|
||||||
# Defaults to true.
|
# Defaults to true.
|
||||||
#
|
#
|
||||||
auto_join_rooms_for_guests: __AUTO_JOIN_ROOMS_FOR_GUESTS__
|
auto_join_rooms_for_guests: {{ auto_join_rooms_for_guests }}
|
||||||
|
|
||||||
# Whether to inhibit errors raised when registering a new account if the user ID
|
# Whether to inhibit errors raised when registering a new account if the user ID
|
||||||
# already exists. If turned on, that requests to /register/available will always
|
# already exists. If turned on, that requests to /register/available will always
|
||||||
|
@ -1505,7 +1529,7 @@ metrics_flags:
|
||||||
|
|
||||||
# Whether or not to report anonymized homeserver usage statistics.
|
# Whether or not to report anonymized homeserver usage statistics.
|
||||||
#
|
#
|
||||||
report_stats: __REPORT_STATS__
|
report_stats: {{ report_stats }}
|
||||||
|
|
||||||
# The endpoint to report the anonymized homeserver usage statistics to.
|
# The endpoint to report the anonymized homeserver usage statistics to.
|
||||||
# Defaults to https://matrix.org/report-usage-stats/push
|
# Defaults to https://matrix.org/report-usage-stats/push
|
||||||
|
@ -1575,19 +1599,26 @@ room_prejoin_state:
|
||||||
# the registration_shared_secret is used, if one is given; otherwise,
|
# the registration_shared_secret is used, if one is given; otherwise,
|
||||||
# a secret key is derived from the signing key.
|
# a secret key is derived from the signing key.
|
||||||
#
|
#
|
||||||
__MACAROON_SECRET_KEY_PARAM__
|
|
||||||
|
# Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice.
|
||||||
|
# For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
|
||||||
|
# The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
|
||||||
|
# So for the old install we just leave this as it is. And for the new install we use a real macaroon.
|
||||||
|
{%- if macaroon_secret_key is defined %}
|
||||||
|
macaroon_secret_key: '{{ macaroon_secret_key }}'
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
# a secret which is used to calculate HMACs for form values, to stop
|
# a secret which is used to calculate HMACs for form values, to stop
|
||||||
# falsification of values. Must be specified for the User Consent
|
# falsification of values. Must be specified for the User Consent
|
||||||
# forms to work.
|
# forms to work.
|
||||||
#
|
#
|
||||||
form_secret: "__FORM_SECRET__"
|
form_secret: "{{ form_secret }}"
|
||||||
|
|
||||||
## Signing Keys ##
|
## Signing Keys ##
|
||||||
|
|
||||||
# Path to the signing key to sign messages with
|
# Path to the signing key to sign messages with
|
||||||
#
|
#
|
||||||
signing_key_path: "/etc/matrix-__APP__/homeserver.signing.key"
|
signing_key_path: "/etc/matrix-{{ app }}/homeserver.signing.key"
|
||||||
|
|
||||||
# The keys that the server used to sign messages with but won't use
|
# The keys that the server used to sign messages with but won't use
|
||||||
# to sign new messages.
|
# to sign new messages.
|
||||||
|
@ -2030,9 +2061,9 @@ oidc_providers:
|
||||||
# user_mapping_provider:
|
# user_mapping_provider:
|
||||||
# config:
|
# config:
|
||||||
# subject_claim: "id"
|
# subject_claim: "id"
|
||||||
# localpart_template: "{{ user.login }}"
|
# localpart_template: "{ { user.login } }"
|
||||||
# display_name_template: "{{ user.name }}"
|
# display_name_template: "{ { user.name } }"
|
||||||
# email_template: "{{ user.email }}"
|
# email_template: "{ { user.email } }"
|
||||||
# attribute_requirements:
|
# attribute_requirements:
|
||||||
# - attribute: userGroup
|
# - attribute: userGroup
|
||||||
# value: "synapseUsers"
|
# value: "synapseUsers"
|
||||||
|
@ -2048,7 +2079,7 @@ cas_config:
|
||||||
|
|
||||||
# The URL of the CAS authorization endpoint.
|
# The URL of the CAS authorization endpoint.
|
||||||
#
|
#
|
||||||
server_url: "https://__DOMAIN__/_matrix/cas_server.php"
|
server_url: "https://{{ domain }}/_matrix/cas_server.php"
|
||||||
|
|
||||||
# The attribute of the CAS response to use as the display name.
|
# The attribute of the CAS response to use as the display name.
|
||||||
#
|
#
|
||||||
|
@ -2090,7 +2121,9 @@ sso:
|
||||||
# By default, this list contains only the login fallback page.
|
# By default, this list contains only the login fallback page.
|
||||||
#
|
#
|
||||||
client_whitelist:
|
client_whitelist:
|
||||||
_DOMAIN_WHITELIST_CLIENT_
|
{%- for domain in domain_whitelist_client.splitlines() %}
|
||||||
|
- {{ domain }}
|
||||||
|
{%- endfor %}
|
||||||
|
|
||||||
# Uncomment to keep a user's profile fields in sync with information from
|
# Uncomment to keep a user's profile fields in sync with information from
|
||||||
# the identity provider. Currently only syncing the displayname is
|
# the identity provider. Currently only syncing the displayname is
|
||||||
|
@ -2169,7 +2202,7 @@ _DOMAIN_WHITELIST_CLIENT_
|
||||||
password_config:
|
password_config:
|
||||||
# Uncomment to disable password login
|
# Uncomment to disable password login
|
||||||
#
|
#
|
||||||
enabled: __PASSWORD_ENABLED__
|
enabled: {{ password_enabled }}
|
||||||
|
|
||||||
# Uncomment to disable authentication against the local password
|
# Uncomment to disable authentication against the local password
|
||||||
# database. This is ignored if `enabled` is false, and is only useful
|
# database. This is ignored if `enabled` is false, and is only useful
|
||||||
|
@ -2248,7 +2281,7 @@ password_providers:
|
||||||
uid: "uid"
|
uid: "uid"
|
||||||
mail: "mail"
|
mail: "mail"
|
||||||
name: "givenName"
|
name: "givenName"
|
||||||
filter: "(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))"
|
filter: "(&(objectClass=posixAccount)(permission=cn={{ app }}.main,ou=permission,dc=yunohost,dc=org))"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -2260,7 +2293,7 @@ password_providers:
|
||||||
email:
|
email:
|
||||||
# The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
|
# The hostname of the outgoing SMTP server to use. Defaults to 'localhost'.
|
||||||
#
|
#
|
||||||
smtp_host: "__DOMAIN__"
|
smtp_host: "{{ domain }}"
|
||||||
|
|
||||||
# The port on the mail server for outgoing SMTP. Defaults to 25.
|
# The port on the mail server for outgoing SMTP. Defaults to 25.
|
||||||
#
|
#
|
||||||
|
@ -2269,8 +2302,8 @@ email:
|
||||||
# Username/password for authentication to the SMTP server. By default, no
|
# Username/password for authentication to the SMTP server. By default, no
|
||||||
# authentication is attempted.
|
# authentication is attempted.
|
||||||
#
|
#
|
||||||
smtp_user: __APP__
|
smtp_user: {{ app }}
|
||||||
smtp_pass: __MAIL_PWD__
|
smtp_pass: {{ mail_pwd }}
|
||||||
|
|
||||||
# Uncomment the following to require TLS transport security for SMTP.
|
# Uncomment the following to require TLS transport security for SMTP.
|
||||||
# By default, Synapse will connect over plain text, and will then switch to
|
# By default, Synapse will connect over plain text, and will then switch to
|
||||||
|
@ -2297,7 +2330,7 @@ email:
|
||||||
# Note that the placeholder must be written '%(app)s', including the
|
# Note that the placeholder must be written '%(app)s', including the
|
||||||
# trailing 's'.
|
# trailing 's'.
|
||||||
#
|
#
|
||||||
notif_from: "Your Friendly %(app)s Home Server <__APP__@__DOMAIN__>"
|
notif_from: "Your Friendly %(app)s Home Server <{{ app }}@{{ domain }}>"
|
||||||
|
|
||||||
# app_name defines the default value for '%(app)s' in notif_from and email
|
# app_name defines the default value for '%(app)s' in notif_from and email
|
||||||
# subjects. It defaults to 'Matrix'.
|
# subjects. It defaults to 'Matrix'.
|
||||||
|
@ -2307,12 +2340,12 @@ email:
|
||||||
# Uncomment the following to enable sending emails for messages that the user
|
# Uncomment the following to enable sending emails for messages that the user
|
||||||
# has missed. Disabled by default.
|
# has missed. Disabled by default.
|
||||||
#
|
#
|
||||||
enable_notifs: __ENABLE_NOTIFS__
|
enable_notifs: {{ enable_notifs }}
|
||||||
|
|
||||||
# Uncomment the following to disable automatic subscription to email
|
# Uncomment the following to disable automatic subscription to email
|
||||||
# notifications for new users. Enabled by default.
|
# notifications for new users. Enabled by default.
|
||||||
#
|
#
|
||||||
notif_for_new_users: __NOTIF_FOR_NEW_USERS__
|
notif_for_new_users: {{ notif_for_new_users }}
|
||||||
|
|
||||||
# Custom URL for client links within the email notifications. By default
|
# Custom URL for client links within the email notifications. By default
|
||||||
# links will be based on "https://matrix.to".
|
# links will be based on "https://matrix.to".
|
||||||
|
@ -2320,7 +2353,7 @@ email:
|
||||||
# (This setting used to be called riot_base_url; the old name is still
|
# (This setting used to be called riot_base_url; the old name is still
|
||||||
# supported for backwards-compatibility but is now deprecated.)
|
# supported for backwards-compatibility but is now deprecated.)
|
||||||
#
|
#
|
||||||
client_base_url: __CLIENT_BASE_URL__
|
client_base_url: {{ client_base_url }}
|
||||||
|
|
||||||
# Configure the time that a validation email will expire after sending.
|
# Configure the time that a validation email will expire after sending.
|
||||||
# Defaults to 1h.
|
# Defaults to 1h.
|
||||||
|
@ -2331,7 +2364,7 @@ email:
|
||||||
# to the identity server as the org.matrix.web_client_location key. Defaults
|
# to the identity server as the org.matrix.web_client_location key. Defaults
|
||||||
# to unset, giving no guidance to the identity server.
|
# to unset, giving no guidance to the identity server.
|
||||||
#
|
#
|
||||||
invite_client_location: __INVITE_CLIENT_LOCATION__
|
invite_client_location: {{ invite_client_location }}
|
||||||
|
|
||||||
# Subjects to use when sending emails from Synapse.
|
# Subjects to use when sending emails from Synapse.
|
||||||
#
|
#
|
||||||
|
@ -2420,7 +2453,7 @@ push:
|
||||||
# The default value is "true" to include message details. Uncomment to only
|
# The default value is "true" to include message details. Uncomment to only
|
||||||
# include the event ID and room ID in push notification payloads.
|
# include the event ID and room ID in push notification payloads.
|
||||||
#
|
#
|
||||||
include_content: __PUSH_INCLUDE_CONTENT__
|
include_content: {{ push_include_content }}
|
||||||
|
|
||||||
# When a push notification is received, an unread count is also sent.
|
# When a push notification is received, an unread count is also sent.
|
||||||
# This number can either be calculated as the number of unread messages
|
# This number can either be calculated as the number of unread messages
|
||||||
|
@ -2450,12 +2483,12 @@ push:
|
||||||
# Note that this option will only affect rooms created after it is set. It
|
# Note that this option will only affect rooms created after it is set. It
|
||||||
# will also not affect rooms created by other servers.
|
# will also not affect rooms created by other servers.
|
||||||
#
|
#
|
||||||
encryption_enabled_by_default_for_room_type: __E2E_ENABLED_BY_DEFAULT__
|
encryption_enabled_by_default_for_room_type: {{ e2e_enabled_by_default }}
|
||||||
|
|
||||||
|
|
||||||
# Uncomment to allow non-server-admin users to create groups on this server
|
# Uncomment to allow non-server-admin users to create groups on this server
|
||||||
#
|
#
|
||||||
enable_group_creation: __ENABLE_GROUP_CREATION__
|
enable_group_creation: {{ enable_group_creation }}
|
||||||
|
|
||||||
# If enabled, non server admins can only create groups with local parts
|
# If enabled, non server admins can only create groups with local parts
|
||||||
# starting with this prefix
|
# starting with this prefix
|
||||||
|
|
|
@ -1,19 +1,23 @@
|
||||||
lt-cred-mech
|
lt-cred-mech
|
||||||
use-auth-secret
|
use-auth-secret
|
||||||
static-auth-secret=__TURNSERVER_PWD__
|
static-auth-secret={{ turnserver_pwd }}
|
||||||
realm=__DOMAIN__
|
realm={{ domain }}
|
||||||
|
|
||||||
tls-listening-port=__PORT_TURNSERVER_TLS__
|
tls-listening-port={{ port_turnserver_tls }}
|
||||||
alt-tls-listening-port=__PORT_TURNSERVER_ALT_TLS__
|
alt-tls-listening-port={{ port_turnserver_alt_tls }}
|
||||||
min-port=49153
|
min-port=49153
|
||||||
max-port=49193
|
max-port=49193
|
||||||
cli-port=__PORT_CLI__
|
cli-port={{ port_cli }}
|
||||||
|
|
||||||
cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
|
cert=/etc/yunohost/certs/{{ domain }}/crt.pem
|
||||||
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
|
pkey=/etc/yunohost/certs/{{ domain }}/key.pem
|
||||||
dh-file=/etc/ssl/private/dh2048.pem
|
dh-file=/etc/ssl/private/dh2048.pem
|
||||||
|
|
||||||
_TURN_CLEAR_COM_PARAM_
|
{% if enable_dtls_for_audio_video_turn_call == 'true' %}
|
||||||
|
# Block clear communication
|
||||||
|
no-udp
|
||||||
|
no-tcp
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
# Block old protocols
|
# Block old protocols
|
||||||
no-sslv2
|
no-sslv2
|
||||||
|
@ -21,8 +25,8 @@ no-sslv3
|
||||||
no-tlsv1
|
no-tlsv1
|
||||||
no-tlsv1_1
|
no-tlsv1_1
|
||||||
|
|
||||||
log-file=/var/log/matrix-__APP__/turnserver.log
|
log-file=/var/log/matrix-{{ app }}/turnserver.log
|
||||||
pidfile=/run/coturn-__APP__/turnserver.pid
|
pidfile=/run/coturn-{{ app }}/turnserver.pid
|
||||||
simple-log
|
simple-log
|
||||||
|
|
||||||
# consider whether you want to limit the quota of relayed streams per user (or total) to avoid risk of DoS.
|
# consider whether you want to limit the quota of relayed streams per user (or total) to avoid risk of DoS.
|
||||||
|
@ -38,4 +42,6 @@ denied-peer-ip=127.0.0.0-127.255.255.255
|
||||||
# Max time 12h
|
# Max time 12h
|
||||||
max-allocate-lifetime=43200
|
max-allocate-lifetime=43200
|
||||||
|
|
||||||
_TURN_EXTERNAL_IP_
|
{%- for ip in turn_external_ip.strip(',').split(',') %}
|
||||||
|
external-ip={{ ip }}
|
||||||
|
{%- endfor %}
|
||||||
|
|
|
@ -88,7 +88,7 @@ ram.runtime = "1G"
|
||||||
main.additional_urls = ["/_matrix/cas_server.php/login"]
|
main.additional_urls = ["/_matrix/cas_server.php/login"]
|
||||||
main.label = "Server SSO"
|
main.label = "Server SSO"
|
||||||
main.auth_header = true
|
main.auth_header = true
|
||||||
main.show_tile=false
|
main.show_tile = false
|
||||||
main.protected = true
|
main.protected = true
|
||||||
|
|
||||||
server_api.url = "/_matrix"
|
server_api.url = "/_matrix"
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
|
readonly python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
|
||||||
code_dir="/opt/yunohost/matrix-$app"
|
readonly code_dir="/opt/yunohost/matrix-$app"
|
||||||
|
readonly domain_whitelist_client="$(yunohost --output-as json domain list | jq -r '.domains | .[]')"
|
||||||
|
|
||||||
install_sources() {
|
install_sources() {
|
||||||
# Install/upgrade synapse in virtualenv
|
# Install/upgrade synapse in virtualenv
|
||||||
|
@ -54,65 +55,6 @@ install_sources() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
configure_synapse() {
|
|
||||||
local domain_whitelist_client=$(yunohost --output-as plain domain list \
|
|
||||||
| grep -E "^#" -v \
|
|
||||||
| sort | uniq \
|
|
||||||
| sed -r 's|^(.*)$| - \1|' \
|
|
||||||
| sed -z 's|\n|\\n|g')
|
|
||||||
local macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
|
|
||||||
local auto_join_rooms_sed_param=""
|
|
||||||
if [ -n "$auto_join_rooms" ]; then
|
|
||||||
auto_join_rooms_sed_param+='auto_join_rooms:'
|
|
||||||
while read -d, room; do
|
|
||||||
auto_join_rooms_sed_param+='\n - "'$room'"'
|
|
||||||
done <<< "${auto_join_rooms},"
|
|
||||||
fi
|
|
||||||
local registration_require_3pid_sed_param=""
|
|
||||||
case ${registrations_require_3pid} in
|
|
||||||
'email')
|
|
||||||
registration_require_3pid_sed_param="registrations_require_3pid:\n - email"
|
|
||||||
;;
|
|
||||||
'msisdn')
|
|
||||||
registration_require_3pid_sed_param="registrations_require_3pid:\n - msisdn"
|
|
||||||
;;
|
|
||||||
'email&msisdn')
|
|
||||||
registration_require_3pid_sed_param="registrations_require_3pid:\n - email\n - msisdn"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
local allowd_local_3pids_sed_param=""
|
|
||||||
if [ -n "$allowed_local_3pids_email" ] || [ -n "$allowed_local_3pids_msisdn" ]; then
|
|
||||||
allowd_local_3pids_sed_param="allowed_local_3pids:"
|
|
||||||
|
|
||||||
if [ -n "$allowed_local_3pids_email" ]; then
|
|
||||||
while read -d, pattern ; do
|
|
||||||
allowd_local_3pids_sed_param+="\n - medium: email\n pattern: '$pattern'"
|
|
||||||
done <<< "${allowed_local_3pids_email},"
|
|
||||||
fi
|
|
||||||
if [ -n "$allowed_local_3pids_msisdn" ]; then
|
|
||||||
while read -d, pattern ; do
|
|
||||||
allowd_local_3pids_sed_param+="\n - medium: msisdn\n pattern: '$pattern'"
|
|
||||||
done <<< "${allowed_local_3pids_msisdn},"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
local turn_server_config=""
|
|
||||||
if $enable_dtls_for_audio_video_turn_call; then
|
|
||||||
turn_server_config='turn_uris: [ "turns:'$domain:$port_turnserver_tls'", "turns:'$domain:$port_turnserver_alt_tls'" ]'
|
|
||||||
else
|
|
||||||
turn_server_config='turn_uris: [ "turn:'$domain:$port_turnserver_tls'", "turn:'$domain:$port_turnserver_alt_tls'" ]'
|
|
||||||
fi
|
|
||||||
|
|
||||||
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
|
|
||||||
sed -i "s|_DOMAIN_WHITELIST_CLIENT_|$domain_whitelist_client|g" /etc/matrix-$app/homeserver.yaml
|
|
||||||
sed -i "s|_AUTO_JOIN_ROOMS_SED_PARAM_|$auto_join_rooms_sed_param|g" /etc/matrix-$app/homeserver.yaml
|
|
||||||
sed -i "s|_REGISTRATION_REQUIRE_3PID_SED_PARAM_|$registration_require_3pid_sed_param|g" /etc/matrix-$app/homeserver.yaml
|
|
||||||
sed -i "s|_ALLOWD_LOCAL_3PIDS_SED_PARAM_|$allowd_local_3pids_sed_param|g" /etc/matrix-$app/homeserver.yaml
|
|
||||||
ynh_store_file_checksum --file=/etc/matrix-$app/homeserver.yaml
|
|
||||||
|
|
||||||
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
|
|
||||||
}
|
|
||||||
|
|
||||||
configure_coturn() {
|
configure_coturn() {
|
||||||
# Get public IP and set as external IP for coturn
|
# Get public IP and set as external IP for coturn
|
||||||
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
|
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
|
||||||
|
@ -122,22 +64,13 @@ configure_coturn() {
|
||||||
local turn_external_ip=""
|
local turn_external_ip=""
|
||||||
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
|
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
|
||||||
then
|
then
|
||||||
turn_external_ip+="external-ip=$public_ip4\\n"
|
turn_external_ip+="$public_ip4,"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
|
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
|
||||||
then
|
then
|
||||||
turn_external_ip+="external-ip=$public_ip6\\n"
|
turn_external_ip+="$public_ip6"
|
||||||
fi
|
fi
|
||||||
local turn_clear_com_param=''
|
ynh_add_jinja_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
|
||||||
if $enable_dtls_for_audio_video_turn_call; then
|
|
||||||
turn_clear_com_param+='# Block clear communication\nno-udp\nno-tcp'
|
|
||||||
fi
|
|
||||||
|
|
||||||
ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
|
|
||||||
sed -i "s|_TURN_CLEAR_COM_PARAM_|$turn_clear_com_param|g" /etc/matrix-$app/coturn.conf
|
|
||||||
sed -i "s|_TURN_EXTERNAL_IP_|$turn_external_ip|g" /etc/matrix-$app/coturn.conf
|
|
||||||
ynh_store_file_checksum --file=/etc/matrix-$app/coturn.conf
|
|
||||||
}
|
}
|
||||||
|
|
||||||
configure_nginx() {
|
configure_nginx() {
|
||||||
|
@ -159,28 +92,170 @@ configure_nginx() {
|
||||||
ynh_add_nginx_config
|
ynh_add_nginx_config
|
||||||
}
|
}
|
||||||
|
|
||||||
set_permissions() {
|
ensure_vars_set() {
|
||||||
chown $app:$app -R $code_dir
|
if [ -z "${report_stats:-}" ]; then
|
||||||
chmod o= -R $code_dir
|
report_stats=false
|
||||||
|
ynh_app_setting_set --app="$app" --key=report_stats --value="$report_stats"
|
||||||
|
fi
|
||||||
|
if [ -z "${e2e_enabled_by_default:-}" ] ; then
|
||||||
|
e2e_enabled_by_default=invite
|
||||||
|
ynh_app_setting_set --app="$app" --key=e2e_enabled_by_default --value="$e2e_enabled_by_default"
|
||||||
|
fi
|
||||||
|
|
||||||
chmod 770 $code_dir/Coturn_config_rotate.sh
|
if [ -z "${web_client_location:-}" ]
|
||||||
chmod 700 $code_dir/update_synapse_for_appservice.sh
|
then
|
||||||
chmod 700 $code_dir/set_admin_user.sh
|
web_client_location="https://matrix.to/"
|
||||||
|
|
||||||
|
element_instance=element
|
||||||
|
if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then
|
||||||
|
element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
|
||||||
|
element_path=$(ynh_app_setting_get --app $element_instance --key path)
|
||||||
|
web_client_location="https://""$element_domain""$element_path"
|
||||||
|
fi
|
||||||
|
ynh_app_setting_set --app="$app" --key=web_client_location --value="$web_client_location"
|
||||||
|
fi
|
||||||
|
if [ -z "${client_base_url:-}" ]
|
||||||
|
then
|
||||||
|
client_base_url="$web_client_location"
|
||||||
|
ynh_app_setting_set --app="$app" --key=client_base_url --value="$client_base_url"
|
||||||
|
fi
|
||||||
|
if [ -z "${invite_client_location:-}" ]
|
||||||
|
then
|
||||||
|
invite_client_location="$web_client_location"
|
||||||
|
ynh_app_setting_set --app="$app" --key=invite_client_location --value="$invite_client_location"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${allow_public_rooms_without_auth:-}" ]
|
||||||
|
then
|
||||||
|
allow_public_rooms_without_auth=${allow_public_rooms:-false}
|
||||||
|
ynh_app_setting_set --app="$app" --key=allow_public_rooms_without_auth --value="$allow_public_rooms_without_auth"
|
||||||
|
fi
|
||||||
|
if [ -z "${allow_public_rooms_over_federation:-}" ]
|
||||||
|
then
|
||||||
|
allow_public_rooms_over_federation=${allow_public_rooms:-false}
|
||||||
|
ynh_app_setting_set --app="$app" --key=allow_public_rooms_over_federation --value="$allow_public_rooms_over_federation"
|
||||||
|
fi
|
||||||
|
if [ -z "${max_upload_size:-}" ]
|
||||||
|
then
|
||||||
|
max_upload_size=100M
|
||||||
|
ynh_app_setting_set --app="$app" --key=max_upload_size --value="$max_upload_size"
|
||||||
|
fi
|
||||||
|
if [ -z "${disable_msisdn_registration:-}" ]
|
||||||
|
then
|
||||||
|
disable_msisdn_registration=true
|
||||||
|
ynh_app_setting_set --app="$app" --key=disable_msisdn_registration --value=$disable_msisdn_registration
|
||||||
|
fi
|
||||||
|
if [ -z "${account_threepid_delegates_msisdn:-}" ]
|
||||||
|
then
|
||||||
|
account_threepid_delegates_msisdn=''
|
||||||
|
ynh_app_setting_set --app="$app" --key=account_threepid_delegates_msisdn --value="$account_threepid_delegates_msisdn"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${registrations_require_3pid:-}" ]
|
||||||
|
then
|
||||||
|
registrations_require_3pid=email
|
||||||
|
ynh_app_setting_set --app="$app" --key=registrations_require_3pid --value="$registrations_require_3pid"
|
||||||
|
fi
|
||||||
|
if [ -z "${allowed_local_3pids_email:-}" ]
|
||||||
|
then
|
||||||
|
allowed_local_3pids_email=''
|
||||||
|
ynh_app_setting_set --app="$app" --key=allowed_local_3pids_email --value="$allowed_local_3pids_email"
|
||||||
|
fi
|
||||||
|
if [ -z "${allowed_local_3pids_msisdn:-}" ]
|
||||||
|
then
|
||||||
|
allowed_local_3pids_msisdn=''
|
||||||
|
ynh_app_setting_set --app="$app" --key=allowed_local_3pids_msisdn --value="$allowed_local_3pids_msisdn"
|
||||||
|
fi
|
||||||
|
if [ -z "${account_threepid_delegates_msisdn:-}" ]
|
||||||
|
then
|
||||||
|
account_threepid_delegates_msisdn=""
|
||||||
|
ynh_app_setting_set --app="$app" --key=account_threepid_delegates_msisdn --value="$account_threepid_delegates_msisdn"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${allow_guest_access:-}" ]
|
||||||
|
then
|
||||||
|
allow_guest_access=false
|
||||||
|
ynh_app_setting_set --app="$app" --key=allow_guest_access --value="$allow_guest_access"
|
||||||
|
fi
|
||||||
|
if [ -z "${default_identity_server:-}" ]
|
||||||
|
then
|
||||||
|
default_identity_server='https://matrix.org'
|
||||||
|
ynh_app_setting_set --app=$app --key=default_identity_server --value="$default_identity_server"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${auto_join_rooms:-}" ]
|
||||||
|
then
|
||||||
|
auto_join_rooms=''
|
||||||
|
ynh_app_setting_set --app="$app" --key=auto_join_rooms --value="$auto_join_rooms"
|
||||||
|
fi
|
||||||
|
if [ -z "${autocreate_auto_join_rooms:-}" ]
|
||||||
|
then
|
||||||
|
autocreate_auto_join_rooms=false
|
||||||
|
ynh_app_setting_set --app="$app" --key=autocreate_auto_join_rooms --value="$autocreate_auto_join_rooms"
|
||||||
|
fi
|
||||||
|
if [ -z "${auto_join_rooms_for_guests:-}" ]
|
||||||
|
then
|
||||||
|
auto_join_rooms_for_guests=true
|
||||||
|
ynh_app_setting_set --app="$app" --key=auto_join_rooms_for_guests --value="$auto_join_rooms_for_guests"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${enable_notifs:-}" ]
|
||||||
|
then
|
||||||
|
enable_notifs=true
|
||||||
|
ynh_app_setting_set --app="$app" --key=enable_notifs --value="$enable_notifs"
|
||||||
|
fi
|
||||||
|
if [ -z "${notif_for_new_users:-}" ]
|
||||||
|
then
|
||||||
|
notif_for_new_users=true
|
||||||
|
ynh_app_setting_set --app="$app" --key=notif_for_new_users --value="$notif_for_new_users"
|
||||||
|
fi
|
||||||
|
if [ -z "${enable_group_creation:-}" ]
|
||||||
|
then
|
||||||
|
enable_group_creation=true
|
||||||
|
ynh_app_setting_set --app="$app" --key=enable_group_creation --value="$enable_group_creation"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${enable_3pid_lookup:-}" ]
|
||||||
|
then
|
||||||
|
enable_3pid_lookup=false
|
||||||
|
ynh_app_setting_set --app="$app" --key=enable_3pid_lookup --value="$enable_3pid_lookup"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${push_include_content:-}" ]
|
||||||
|
then
|
||||||
|
push_include_content=true
|
||||||
|
ynh_app_setting_set --app="$app" --key=push_include_content --value="$push_include_content"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "${enable_dtls_for_audio_video_turn_call:-}" ]
|
||||||
|
then
|
||||||
|
enable_dtls_for_audio_video_turn_call=true
|
||||||
|
ynh_app_setting_set --app="$app" --key=enable_dtls_for_audio_video_turn_call --value="$enable_dtls_for_audio_video_turn_call"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
set_permissions() {
|
||||||
|
chown $app:$app -R "$code_dir"
|
||||||
|
chmod o= -R "$code_dir"
|
||||||
|
|
||||||
|
chmod 770 "$code_dir"/Coturn_config_rotate.sh
|
||||||
|
chmod 700 "$code_dir"/update_synapse_for_appservice.sh
|
||||||
|
chmod 700 "$code_dir"/set_admin_user.sh
|
||||||
|
|
||||||
if [ "${1:-}" == data ]; then
|
if [ "${1:-}" == data ]; then
|
||||||
find $data_dir \( \! -perm -o= \
|
find "$data_dir" \( \! -perm -o= \
|
||||||
-o \! -user $app \
|
-o \! -user "$app" \
|
||||||
-o \! -group $app \) \
|
-o \! -group "$app" \) \
|
||||||
-exec chown $app:$app {} \; \
|
-exec chown "$app:$app" {} \; \
|
||||||
-exec chmod o= {} \;
|
-exec chmod o= {} \;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
chown $app:$app -R /etc/matrix-$app
|
chown "$app:$app" -R /etc/matrix-"$app"
|
||||||
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
|
chmod u=rwX,g=rX,o= -R /etc/matrix-"$app"
|
||||||
setfacl -R -m user:turnserver:rX /etc/matrix-$app
|
setfacl -R -m user:turnserver:rX /etc/matrix-"$app"
|
||||||
|
|
||||||
chmod 600 /etc/matrix-$app/$server_name.signing.key
|
chmod 600 /etc/matrix-"$app"/"$server_name".signing.key
|
||||||
|
|
||||||
chown $app:root -R /var/log/matrix-$app
|
chown "$app":root -R /var/log/matrix-"$app"
|
||||||
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
|
setfacl -R -m user:turnserver:rwX /var/log/matrix-"$app"
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,8 +28,8 @@ configure_nginx
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
ynh_script_progression --message="Updating Synapse config..." --weight=2
|
ynh_script_progression --message="Updating Synapse config..." --weight=2
|
||||||
|
ynh_add_jinja_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
|
||||||
configure_synapse
|
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SECURE FILES AND DIRECTORIES
|
# SECURE FILES AND DIRECTORIES
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
# IMPORT GENERIC HELPERS
|
# IMPORT GENERIC HELPERS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
|
source ./experimental_helper.sh
|
||||||
source ./_common.sh
|
source ./_common.sh
|
||||||
source /usr/share/yunohost/helpers
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
|
@ -26,7 +27,8 @@ ynh_app_config_validate() {
|
||||||
ynh_app_config_apply() {
|
ynh_app_config_apply() {
|
||||||
_ynh_app_config_apply
|
_ynh_app_config_apply
|
||||||
configure_nginx
|
configure_nginx
|
||||||
configure_synapse
|
ynh_add_jinja_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
|
||||||
|
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
|
||||||
set_permissions
|
set_permissions
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,135 @@
|
||||||
|
# Create a dedicated config file from a jinja template
|
||||||
|
#
|
||||||
|
# usage: ynh_add_jinja_config --template="template" --destination="destination"
|
||||||
|
# | arg: -t, --template= - Template config file to use
|
||||||
|
# | arg: -d, --destination= - Destination of the config file
|
||||||
|
# | arg: -i, --ignore_vars= - List separated by space of script variables to ignore and don't pass in the jinja context.
|
||||||
|
# | This could be useful mainly for special share which can't be retried by reference name (like the array).
|
||||||
|
#
|
||||||
|
# examples:
|
||||||
|
# ynh_add_jinja_config --template="app.conf" --destination="$install_dir/app.conf"
|
||||||
|
# ynh_add_jinja_config --template="app-env" --destination="$install_dir/app-env" --ignore_vars="complex_array yolo"
|
||||||
|
#
|
||||||
|
# The template can be by default the name of a file in the conf directory
|
||||||
|
#
|
||||||
|
# The helper will verify the checksum and backup the destination file
|
||||||
|
# if it's different before applying the new template.
|
||||||
|
#
|
||||||
|
# And it will calculate and store the destination file checksum
|
||||||
|
# into the app settings when configuration is done.
|
||||||
|
#
|
||||||
|
##
|
||||||
|
## About the variables passed to the template:
|
||||||
|
##
|
||||||
|
#
|
||||||
|
# All variable defined in the script are available into the template (as string) except someone described below.
|
||||||
|
# If a variable make crash the helper for some reason (by example if the variable is of type array)
|
||||||
|
# or you just want to don't pass a specific variable for some other reason you can add it in the '--ignore_vars=' parameter as described above.
|
||||||
|
# Here are the list of ignored variable and so there won't never be available in the template:
|
||||||
|
# - All system environment variable like (TERM, USER, PATH, LANG, etc).
|
||||||
|
# If you need someone you just need to declare an other variable with the same value.
|
||||||
|
# Note that all Yunohost variable whose name begins by 'YNH_' are available and can be used in the template.
|
||||||
|
# - This following list:
|
||||||
|
# legacy_args args_array template destination ignore_vars template_path python_env_var ignore_var_regex
|
||||||
|
# progress_scale progress_string0 progress_string1 progress_string2
|
||||||
|
# old changed binds types file_hash formats
|
||||||
|
#
|
||||||
|
##
|
||||||
|
## Usage in templates:
|
||||||
|
##
|
||||||
|
#
|
||||||
|
# For a full documentation of the template you can refer to: https://jinja.palletsprojects.com/en/3.1.x/templates/
|
||||||
|
# In Yunohost context there are no really some specificity except that all variable passed are of type string.
|
||||||
|
# So here are some example of recommended usage:
|
||||||
|
#
|
||||||
|
# If you need a conditional block
|
||||||
|
#
|
||||||
|
# {% if should_my_block_be_shown == 'true' %}
|
||||||
|
# ...
|
||||||
|
# {% endif %}
|
||||||
|
#
|
||||||
|
# or
|
||||||
|
#
|
||||||
|
# {% if should_my_block_be_shown == '1' %}
|
||||||
|
# ...
|
||||||
|
# {% endif %}
|
||||||
|
#
|
||||||
|
# If you need to iterate with loop:
|
||||||
|
#
|
||||||
|
# {% for yolo in var_with_multiline_value.splitlines() %}
|
||||||
|
# ...
|
||||||
|
# {% endfor %}
|
||||||
|
#
|
||||||
|
# or
|
||||||
|
#
|
||||||
|
# {% for jail in my_var_with_coma.split(',') %}
|
||||||
|
# ...
|
||||||
|
# {% endfor %}
|
||||||
|
#
|
||||||
|
ynh_add_jinja_config() {
|
||||||
|
# Declare an array to define the options of this helper.
|
||||||
|
local legacy_args=tdi
|
||||||
|
local -A args_array=([t]=template= [d]=destination= [i]=ignore_vars= )
|
||||||
|
local template
|
||||||
|
local destination
|
||||||
|
local ignore_vars
|
||||||
|
# Manage arguments with getopts
|
||||||
|
ynh_handle_getopts_args "$@"
|
||||||
|
local template_path
|
||||||
|
|
||||||
|
#
|
||||||
|
## List of all vars ignored and not passed to the template
|
||||||
|
# WARNING Update the list on the helper documentation at the top of the helper, if you change this list
|
||||||
|
#
|
||||||
|
|
||||||
|
# local vars used in the helper
|
||||||
|
ignore_vars+=" legacy_args args_array template destination ignore_vars template_path python_env_var ignore_var_regex"
|
||||||
|
# yunohost helpers
|
||||||
|
ignore_vars+=" progress_scale progress_string0 progress_string1 progress_string2"
|
||||||
|
# Arrays used in config panel
|
||||||
|
ignore_vars+=" old changed binds types file_hash formats"
|
||||||
|
|
||||||
|
if [ -f "$YNH_APP_BASEDIR/conf/$template" ]; then
|
||||||
|
template_path="$YNH_APP_BASEDIR/conf/$template"
|
||||||
|
elif [ -f "$template" ]; then
|
||||||
|
template_path=$template
|
||||||
|
else
|
||||||
|
ynh_die --message="The provided template $template doesn't exist"
|
||||||
|
fi
|
||||||
|
|
||||||
|
ynh_backup_if_checksum_is_different --file="$destination"
|
||||||
|
|
||||||
|
# Make sure to set the permissions before we copy the file
|
||||||
|
# This is to cover a case where an attacker could have
|
||||||
|
# created a file beforehand to have control over it
|
||||||
|
# (cp won't overwrite ownership / modes by default...)
|
||||||
|
touch "$destination"
|
||||||
|
chown root:root "$destination"
|
||||||
|
chmod 640 "$destination"
|
||||||
|
|
||||||
|
local python_env_var=''
|
||||||
|
local ignore_var_regex
|
||||||
|
ignore_var_regex="$(echo "$ignore_vars" | sed -E 's@^\s*(.*\w)\s*$@\1@g' | sed -E 's@(\s+)@|@g')"
|
||||||
|
while read -r one_var; do
|
||||||
|
# Blacklist of var to not pass to template
|
||||||
|
if { [[ "$one_var" =~ ^[A-Z0-9_]+$ ]] && [[ "$one_var" != YNH_* ]]; } \
|
||||||
|
|| [[ "$one_var" =~ ^($ignore_var_regex)$ ]]; then
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
# Well python is very bad for the last character on raw string
|
||||||
|
# https://stackoverflow.com/questions/647769/why-cant-pythons-raw-string-literals-end-with-a-single-backslash
|
||||||
|
# So the solution here is to add one last char '-' so we know what it is
|
||||||
|
# and we are sure that it not \ or ' or something else which will be problematic with python
|
||||||
|
# And then we remove it while we are processing
|
||||||
|
python_env_var+="$one_var=r'''${!one_var}-'''[:-1],"
|
||||||
|
done <<< "$(compgen -v)"
|
||||||
|
|
||||||
|
_ynh_apply_default_permissions "$destination"
|
||||||
|
(
|
||||||
|
python3 -c 'import os, sys, jinja2; sys.stdout.write(
|
||||||
|
jinja2.Template(source=sys.stdin.read(),
|
||||||
|
undefined=jinja2.StrictUndefined,
|
||||||
|
).render('"$python_env_var"'));' <"$template_path" >"$destination"
|
||||||
|
)
|
||||||
|
ynh_store_file_checksum --file="$destination"
|
||||||
|
}
|
|
@ -23,76 +23,19 @@ fi
|
||||||
|
|
||||||
ynh_script_progression --message="Storing installation settings..." --weight=1
|
ynh_script_progression --message="Storing installation settings..." --weight=1
|
||||||
|
|
||||||
report_stats="false"
|
ensure_vars_set
|
||||||
e2e_enabled_by_default="off"
|
|
||||||
allow_public_rooms_without_auth="false"
|
|
||||||
allow_public_rooms_over_federation="false"
|
|
||||||
max_upload_size="100M"
|
|
||||||
disable_msisdn_registration="true"
|
|
||||||
registrations_require_3pid=email
|
|
||||||
allowed_local_3pids_email=""
|
|
||||||
allowed_local_3pids_msisdn=""
|
|
||||||
allow_guest_access="false"
|
|
||||||
account_threepid_delegates_msisdn=""
|
|
||||||
default_identity_server="https://matrix.org"
|
|
||||||
auto_join_rooms=""
|
|
||||||
autocreate_auto_join_rooms="false"
|
|
||||||
auto_join_rooms_for_guests="true"
|
|
||||||
enable_notifs="true"
|
|
||||||
notif_for_new_users="true"
|
|
||||||
enable_group_creation="true"
|
|
||||||
push_include_content="true"
|
|
||||||
enable_3pid_lookup=false
|
|
||||||
enable_dtls_for_audio_video_turn_call=true
|
|
||||||
|
|
||||||
if [ "$is_free_registration" -eq 0 ]
|
if [ "$is_free_registration" -eq 0 ]
|
||||||
then
|
then
|
||||||
enable_registration="false"
|
enable_registration=false
|
||||||
password_enabled="false"
|
password_enabled=false
|
||||||
else
|
else
|
||||||
enable_registration="true"
|
enable_registration=true
|
||||||
password_enabled="true"
|
password_enabled=true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
element_ynh_url="https://matrix.to/"
|
ynh_app_setting_set --app="$app" --key=password_enabled --value="$password_enabled"
|
||||||
# Get app name of first Element Instance (can be changed later in Config Panel)
|
ynh_app_setting_set --app="$app" --key=enable_registration --value="$enable_registration"
|
||||||
element_instance="element"
|
|
||||||
if yunohost --output-as plain app list | grep -q "^$element_instance$"; then
|
|
||||||
element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
|
|
||||||
element_path=$(ynh_app_setting_get --app $element_instance --key path)
|
|
||||||
element_ynh_url="https://""$element_domain""$element_path"
|
|
||||||
fi
|
|
||||||
web_client_location=$element_ynh_url
|
|
||||||
client_base_url=$element_ynh_url
|
|
||||||
invite_client_location=$element_ynh_url
|
|
||||||
|
|
||||||
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
|
|
||||||
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
|
|
||||||
ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location
|
|
||||||
ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url
|
|
||||||
ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
|
|
||||||
ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth
|
|
||||||
ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation
|
|
||||||
ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size
|
|
||||||
ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration
|
|
||||||
ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid
|
|
||||||
ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email
|
|
||||||
ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn
|
|
||||||
ynh_app_setting_set --app=$app --key=account_threepid_delegates_msisdn --value=$account_threepid_delegates_msisdn
|
|
||||||
ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access
|
|
||||||
ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server
|
|
||||||
ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms
|
|
||||||
ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms
|
|
||||||
ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests
|
|
||||||
ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
|
|
||||||
ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs
|
|
||||||
ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users
|
|
||||||
ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation
|
|
||||||
ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
|
|
||||||
ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
|
|
||||||
ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
|
|
||||||
ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
|
|
||||||
ynh_app_setting_set --app=$app --key=enable_dtls_for_audio_video_turn_call --value=$enable_dtls_for_audio_video_turn_call
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD MODIFICATIONS
|
# STANDARD MODIFICATIONS
|
||||||
|
@ -216,8 +159,8 @@ ynh_script_progression --message="Configuring Synapse..." --weight=2
|
||||||
# Find password for turnserver and database
|
# Find password for turnserver and database
|
||||||
turnserver_pwd=$(ynh_string_random --length=30)
|
turnserver_pwd=$(ynh_string_random --length=30)
|
||||||
ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
|
ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
|
||||||
|
ynh_add_jinja_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
|
||||||
configure_synapse
|
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SET COTURN CONFIG
|
# SET COTURN CONFIG
|
||||||
|
|
130
scripts/upgrade
130
scripts/upgrade
|
@ -33,6 +33,8 @@ if [ -z "${domain:-}" ]; then
|
||||||
ynh_app_setting_set --app=$app --key=no_sso --value true
|
ynh_app_setting_set --app=$app --key=no_sso --value true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
ensure_vars_set
|
||||||
|
|
||||||
# Define $server_name if not already defined
|
# Define $server_name if not already defined
|
||||||
if [ -z "${server_name:-}" ]; then
|
if [ -z "${server_name:-}" ]; then
|
||||||
server_name=$domain
|
server_name=$domain
|
||||||
|
@ -45,135 +47,30 @@ if [ -z "${jitsi_server:-}" ]; then
|
||||||
ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server
|
ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Define $e2e_enabled_by_default if not already defined
|
|
||||||
if [ -z "${e2e_enabled_by_default:-}" ] ; then
|
|
||||||
e2e_enabled_by_default="invite"
|
|
||||||
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "$e2e_enabled_by_default" = "true" ] ; then
|
if [ "$e2e_enabled_by_default" = "true" ] ; then
|
||||||
e2e_enabled_by_default="all"
|
e2e_enabled_by_default="all"
|
||||||
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
|
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$e2e_enabled_by_default" = "false" ]; then
|
if [ "$e2e_enabled_by_default" = "false" ]; then
|
||||||
e2e_enabled_by_default="off"
|
e2e_enabled_by_default="off"
|
||||||
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
|
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "${report_stats:-}" ]; then
|
if [ "${registrations_require_3pid}" == none ]
|
||||||
report_stats="false"
|
|
||||||
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "${web_client_location:-}" ]
|
|
||||||
then
|
|
||||||
web_client_location="https://matrix.to/"
|
|
||||||
|
|
||||||
element_instance="element"
|
|
||||||
if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then
|
|
||||||
element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
|
|
||||||
element_path=$(ynh_app_setting_get --app $element_instance --key path)
|
|
||||||
web_client_location="https://""$element_domain""$element_path"
|
|
||||||
fi
|
|
||||||
ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location
|
|
||||||
fi
|
|
||||||
if [ -z "${client_base_url:-}" ]
|
|
||||||
then
|
|
||||||
client_base_url=$web_client_location
|
|
||||||
ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url
|
|
||||||
fi
|
|
||||||
if [ -z "${invite_client_location:-}" ]
|
|
||||||
then
|
|
||||||
invite_client_location=$web_client_location
|
|
||||||
ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
|
|
||||||
fi
|
|
||||||
if [ -z "${allow_public_rooms_without_auth:-}" ]
|
|
||||||
then
|
|
||||||
allow_public_rooms_without_auth=${allow_public_rooms:-false}
|
|
||||||
ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth
|
|
||||||
fi
|
|
||||||
if [ -z "${allow_public_rooms_over_federation:-}" ]
|
|
||||||
then
|
|
||||||
allow_public_rooms_over_federation=${allow_public_rooms:-false}
|
|
||||||
ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation
|
|
||||||
fi
|
|
||||||
if [ -z "${max_upload_size:-}" ]
|
|
||||||
then
|
|
||||||
max_upload_size="100M"
|
|
||||||
ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size
|
|
||||||
fi
|
|
||||||
if [ -z "${disable_msisdn_registration:-}" ]
|
|
||||||
then
|
|
||||||
disable_msisdn_registration="true"
|
|
||||||
ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration
|
|
||||||
fi
|
|
||||||
if [ -z "${registrations_require_3pid:-}" ] || [ "${registrations_require_3pid}" == none ]
|
|
||||||
then
|
then
|
||||||
registrations_require_3pid=email
|
registrations_require_3pid=email
|
||||||
ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid
|
ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid
|
||||||
fi
|
fi
|
||||||
if [ -z "${allowed_local_3pids_email:-}" ] || [[ "${allowed_local_3pids_email}" =~ \'.*\' ]] # Also remove shit value from previous config panel
|
if [[ "${allowed_local_3pids_email}" =~ \'.*\' ]] # Also remove shit value from previous config panel
|
||||||
then
|
then
|
||||||
allowed_local_3pids_email=''
|
allowed_local_3pids_email=''
|
||||||
ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email
|
ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email
|
||||||
fi
|
fi
|
||||||
if [ -z "${allowed_local_3pids_msisdn:-}" ] || [[ "${allowed_local_3pids_msisdn}" =~ \'.*\' ]] # Also remove shit value from previous config panel
|
if [[ "${allowed_local_3pids_msisdn}" =~ \'.*\' ]] # Also remove shit value from previous config panel
|
||||||
then
|
then
|
||||||
allowed_local_3pids_msisdn=''
|
allowed_local_3pids_msisdn=''
|
||||||
ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn
|
ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn
|
||||||
fi
|
fi
|
||||||
if [ -z "${account_threepid_delegates_msisdn:-}" ]
|
|
||||||
then
|
|
||||||
account_threepid_delegates_msisdn=""
|
|
||||||
ynh_app_setting_set --app=$app --key=account_threepid_delegates_msisdn --value=$account_threepid_delegates_msisdn
|
|
||||||
fi
|
|
||||||
if [ -z "${allow_guest_access:-}" ]
|
|
||||||
then
|
|
||||||
allow_guest_access="false"
|
|
||||||
ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access
|
|
||||||
fi
|
|
||||||
if [ -z "${default_identity_server:-}" ]
|
|
||||||
then
|
|
||||||
default_identity_server="https://matrix.org"
|
|
||||||
ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server
|
|
||||||
fi
|
|
||||||
if [ -z "${auto_join_rooms:-}" ]
|
|
||||||
then
|
|
||||||
auto_join_rooms=""
|
|
||||||
ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms
|
|
||||||
fi
|
|
||||||
if [ -z "${autocreate_auto_join_rooms:-}" ]
|
|
||||||
then
|
|
||||||
autocreate_auto_join_rooms="false"
|
|
||||||
ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms
|
|
||||||
fi
|
|
||||||
if [ -z "${auto_join_rooms_for_guests:-}" ]
|
|
||||||
then
|
|
||||||
auto_join_rooms_for_guests="true"
|
|
||||||
ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests
|
|
||||||
fi
|
|
||||||
if [ -z "${enable_notifs:-}" ]
|
|
||||||
then
|
|
||||||
enable_notifs="true"
|
|
||||||
ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs
|
|
||||||
fi
|
|
||||||
if [ -z "${notif_for_new_users:-}" ]
|
|
||||||
then
|
|
||||||
notif_for_new_users="true"
|
|
||||||
ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users
|
|
||||||
fi
|
|
||||||
if [ -z "${enable_group_creation:-}" ]
|
|
||||||
then
|
|
||||||
enable_group_creation="true"
|
|
||||||
ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation
|
|
||||||
fi
|
|
||||||
if [ -z "${enable_3pid_lookup:-}" ]
|
|
||||||
then
|
|
||||||
enable_3pid_lookup=false
|
|
||||||
ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
if [ -z "${enable_registration:-}" ]
|
if [ -z "${enable_registration:-}" ]
|
||||||
then
|
then
|
||||||
|
@ -194,17 +91,6 @@ then
|
||||||
ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
|
ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "${push_include_content:-}" ]
|
|
||||||
then
|
|
||||||
push_include_content="true"
|
|
||||||
ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
|
|
||||||
fi
|
|
||||||
if [ -z "${enable_dtls_for_audio_video_turn_call:-}" ]
|
|
||||||
then
|
|
||||||
enable_dtls_for_audio_video_turn_call=true
|
|
||||||
ynh_app_setting_set --app=$app --key=enable_dtls_for_audio_video_turn_call --value=$enable_dtls_for_audio_video_turn_call
|
|
||||||
fi
|
|
||||||
|
|
||||||
# remove legacy env file into /etc/default
|
# remove legacy env file into /etc/default
|
||||||
ynh_secure_remove --file=/etc/default/coturn-$app
|
ynh_secure_remove --file=/etc/default/coturn-$app
|
||||||
|
|
||||||
|
@ -349,7 +235,7 @@ if grep -q "^matrix-$app" /etc/passwd; then
|
||||||
# Must stop php before remove user as user is used by php
|
# Must stop php before remove user as user is used by php
|
||||||
systemctl stop php$YNH_PHP_VERSION-fpm.service
|
systemctl stop php$YNH_PHP_VERSION-fpm.service
|
||||||
|
|
||||||
ynh_''system_user_delete --username=matrix-$app
|
ynh_''system_user_delete --username=matrix-"$app" || true
|
||||||
yunohost user delete $app || true
|
yunohost user delete $app || true
|
||||||
ynh_''system_user_create --username=$app --home_dir=$code_dir
|
ynh_''system_user_create --username=$app --home_dir=$code_dir
|
||||||
adduser $app ssl-cert
|
adduser $app ssl-cert
|
||||||
|
@ -393,8 +279,8 @@ fi
|
||||||
# UPDATE SYNAPSE CONFIG
|
# UPDATE SYNAPSE CONFIG
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Updating synapse config..." --weight=2
|
ynh_script_progression --message="Updating synapse config..." --weight=2
|
||||||
|
ynh_add_jinja_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
|
||||||
configure_synapse
|
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CREATE SMALL CAS SERVER
|
# CREATE SMALL CAS SERVER
|
||||||
|
|
Loading…
Reference in a new issue