From 6486566bb25d65ca4a4e6145de20c91680a1127e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 6 Jun 2023 23:42:18 +0200 Subject: [PATCH] v2 --- conf/nginx.conf | 1 - doc/ADMIN.md | 10 ++--- doc/DESCRIPTION.md | 4 +- doc/POST_INSTALL.md | 6 +-- scripts/change_url | 49 ++++------------------- scripts/restore | 28 +++---------- scripts/upgrade | 98 ++++++--------------------------------------- 7 files changed, 35 insertions(+), 161 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 94bc415..f79dfea 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -18,7 +18,6 @@ location __PATH__/ { } } - location _synapse/ { proxy_pass http://localhost:__PORT__; proxy_set_header X-Forwarded-For $remote_addr; diff --git a/doc/ADMIN.md b/doc/ADMIN.md index 364a074..88f5101 100644 --- a/doc/ADMIN.md +++ b/doc/ADMIN.md @@ -15,7 +15,7 @@ If you want a web client you can also install Element with this package: https:/ ### Access by federation -If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation. +If your server name is identical to the domain on which synapse is installed, and the default port __PORT_SYNAPSE_TLD__ is used, your server is normally already accessible by the federation. If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation. @@ -26,7 +26,7 @@ for example ``` _matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. ``` -You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` +You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME __PORT_SYNAPSE_TLD__` For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md @@ -40,8 +40,8 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: ``` -yunohost app setting synapse turnserver_tls_port -yunohost app setting synapse turnserver_alt_tls_port +yunohost app setting synapse __PORT_TURNSERVER_TLS__ +yunohost app setting synapse __PORT_TURNSERVER_ALT_TLS__ ``` The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. @@ -175,7 +175,7 @@ Use the `--purge` flag with the command, or remove it manually to purge app user To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: ``` -yunohost app setting synapse__ synapse_tls_port +yunohost app setting synapse__ port_synapse_tls ``` Before installing a second instance of the app it's really recommended to update all existing instances. diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index bbe3d66..a61c441 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -1,3 +1,3 @@ -Instant messaging server matrix network. +Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Matrix is an open standard for communications on the internet, supporting federation, encryption and VoIP. -Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) +YunoHost chatroom with Matrix: [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org) diff --git a/doc/POST_INSTALL.md b/doc/POST_INSTALL.md index 83cbee0..c54cbb1 100644 --- a/doc/POST_INSTALL.md +++ b/doc/POST_INSTALL.md @@ -1,7 +1,7 @@ To federate this app you need to add this line in your DNS configuration: -` _matrix._tcp.$domain. 3600 IN SRV 10 0 $port_synapse_tls $domain` +`_matrix._tcp.__DOMAIN__. 3600 IN SRV 10 0 __PORT__SYNAPSE_TLS__ __DOMAIN__` -You also need to open the TCP port $port_synapse_tls on your ISP box if it's not automatically done. +You also need to open the TCP port __PORT__SYNAPSE_TLS__ on your ISP box if it's not automatically done. -Your Synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh . +Your Synapse server also implements a Turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh . diff --git a/scripts/change_url b/scripts/change_url index 75398f0..4908c9b 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -7,47 +7,19 @@ # IMPORT GENERIC HELPERS source /usr/share/yunohost/helpers -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - # Import common cmd source ./experimental_helper.sh source ./_common.sh -#REMOVEME? ynh_script_progression --message="Loading installation settings..." - # RETRIEVE ARGUMENTS #REMOVEME? old_domain=$YNH_APP_OLD_DOMAIN domain=$YNH_APP_NEW_DOMAIN path=$(ynh_normalize_url_path --path $YNH_APP_NEW_PATH) -#REMOVEME? app=$YNH_APP_INSTANCE_NAME -#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) -#REMOVEME? jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) -#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration) -#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=synapse_port) -#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) -#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) -#REMOVEME? report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) -#REMOVEME? allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) -#REMOVEME? e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) -#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) -#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) -#REMOVEME? registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) -#REMOVEME? form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) -#REMOVEME? macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) -#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) main_domain=$(yunohost domain list --output-as json | jq -r .main) synapse_user="matrix-$app" synapse_user_app="$app" -synapse_db_name="matrix_$app" -synapse_db_user="matrix_$app" -synapse_db_name="matrix_$app" upstream_version=$(ynh_app_upstream_version) domain_whitelist_client_=$(get_domain_list) domain_whitelist_client=${domain_whitelist_client_%"\n"} @@ -67,25 +39,14 @@ ynh_systemd_action --service_name=matrix-$app.service --action=stop #================================================= # NGINX CONFIGURATION #================================================= - ynh_script_progression --message="Updating NGINX configuration..." ynh_change_url_nginx_config -# MODIFY URL IN NGINX CONF -#REMOVEME? nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -#REMOVEME? # Change the domain for nginx -# Delete file checksum for the old conf file location -#REMOVEME? ynh_delete_file_checksum --file "$nginx_conf_path" -#REMOVEME? mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf -# Store file checksum for the new config file location -#REMOVEME? ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf" - # Create .well-known redirection for access by federation if yunohost --output-as plain domain list | grep -q "^$server_name$" then -#REMOVEME? ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" fi #================================================= @@ -130,9 +91,13 @@ chmod u=rwX,g=rX,o= -R /etc/matrix-$app #================================================= # RELOAD SERVICES #================================================= -ynh_script_progression --message="Restarting Synapse services..." --weight=5 +ynh_script_progression --message="Starting a systemd service..." --weight=5 ynh_systemd_action --service_name=coturn-$app.service --action=restart -ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 +ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 + +#================================================= +# END OF SCRIPT +#================================================= ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/restore b/scripts/restore index 7967534..622ab54 100644 --- a/scripts/restore +++ b/scripts/restore @@ -16,18 +16,6 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Loading settings..." -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) -#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) -#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -#REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) -#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) -#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) main_domain=$(yunohost domain list --output-as json | jq -r .main) #================================================= @@ -36,20 +24,17 @@ main_domain=$(yunohost domain list --output-as json | jq -r .main) synapse_user="matrix-$app" synapse_user_app="$app" -synapse_db_name="matrix_$app" -synapse_db_user="matrix_$app" -synapse_db_name="matrix_$app" upstream_version=$(ynh_app_upstream_version) final_www_path="/var/www/$app" -data_path="/home/yunohost.app/matrix-$app" #================================================= # RECREATE THE DEDICATED USER #================================================= -#REMOVEME? ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 +ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 # Create the dedicated user (if not existing) -#REMOVEME? ynh_system_user_create --username=$synapse_user --home_dir=$install_dir +ynh_system_user_create --username=$synapse_user --home_dir=$install_dir + # The format to create an user account varies depending on the version of YunoHost currently installed. ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost) if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then @@ -63,7 +48,6 @@ adduser turnserver ssl-cert #================================================= # RESTORE ALL CONFIG AND DATA #================================================= - ynh_script_progression --message="Restoring directory and configuration..." --weight=10 ynh_restore mkdir -p /etc/matrix-$app/app-service @@ -116,8 +100,8 @@ systemctl enable coturn-$app.service --quiet # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port -yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port +yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls +yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls #================================================= # CREATE A DH FILE @@ -182,7 +166,7 @@ ynh_script_progression --message="Configuring file permission..." chown $synapse_user:root -R $install_dir chmod 770 $install_dir/Coturn_config_rotate.sh chmod 700 $install_dir/update_synapse_for_appservice.sh -chown $synapse_user:root -R $data_path +chown $synapse_user:root -R $data_dir chown $synapse_user:root -R /var/log/matrix-$app chown $synapse_user:root -R /etc/matrix-$app chmod u=rwX,g=rX,o= -R /etc/matrix-$app diff --git a/scripts/upgrade b/scripts/upgrade index 3be9a38..eb9de24 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -44,23 +44,11 @@ then fi #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +# STOP SYSTEMD SERVICE #================================================= -#REMOVEME? ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30 +ynh_script_progression --message="Stopping a systemd service..." --weight=1 -#REMOVEME? # We stop the service before to set ynh_clean_setup -ynh_systemd_action --service_name=matrix-$app.service --action=stop - -# Backup the current version of the app -#REMOVEME? if [ "0$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade)" -ne 1 ] -then -#REMOVEME? ynh_backup_before_upgrade -#REMOVEME? ynh_clean_setup () { - # Clean installation remainings that are not handled by the remove script. - ynh_clean_check_starting -#REMOVEME? ynh_restore_upgradebackup - } -fi +ynh_systemd_action --service_name=matrix-$app.service --action="stop" #--log_path="/var/log/$app/$app.log" #================================================= # STANDARD UPGRADE STEPS @@ -82,7 +70,7 @@ fi # Define $server_name if not already defined if [ -z $server_name ]; then server_name=$domain -#REMOVEME? ynh_app_setting_set --app=$app --key=server_name --value=$domain + ynh_app_setting_set --app=$app --key=server_name --value=$domain fi # Define $jitsi_server if not already defined @@ -99,7 +87,7 @@ fi if [ -z $report_stats ]; then report_stats="false" -#REMOVEME? ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats + ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats fi if [ -z $allow_public_rooms ]; then @@ -108,7 +96,7 @@ if [ -z $allow_public_rooms ]; then fi if [ -z $is_free_registration ]; then -#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public) + is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public) ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_registration fi @@ -129,28 +117,19 @@ fi #================================================= if [ -e "/var/lib/matrix-$app" ]; then - ynh_script_progression --message="Moving data directory to $data_path..." --weight=1 - if [ -e "$data_path" ]; then - old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')" + ynh_script_progression --message="Moving data directory to $data_data..." --weight=1 + if [ -e "$data_dir" ]; then + old_data_dir_path="$data_data$(date '+%Y%m%d.%H%M%S')" ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path" - mv "$data_path" "$old_data_dir_path" + mv "$data_dir" "$old_data_dir_path" fi - mv "/var/lib/matrix-$app" "$data_path" + mv "/var/lib/matrix-$app" "$data_dir" fi if ! grep -q "$install_dir" /etc/passwd; then # matrix-synapse:x:994:994::/var/lib/matrix-synapse:/usr/sbin/nologin sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$install_dir\:/usr/sbin/nologin@g" /etc/passwd fi -#================================================= -# INSTALL DEPENDENCIES -#================================================= -#REMOVEME? ynh_script_progression --message="Upgrading dependencies..." --weight=6 - -# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE -# For any update do it in all files -#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -247,15 +226,6 @@ then # Disable default config for turnserver and create a new service systemctl stop coturn.service - # Set a port for each service in turnserver -#REMOVEME? turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1))) -#REMOVEME? cli_port=$(ynh_find_port --port=5766) - -#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port -#REMOVEME? ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port - - yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 - #================================================= # MAKE A CLEAN LOGROTATE CONFIG #================================================= @@ -300,9 +270,6 @@ fi #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2 -# Create a dedicated php-fpm config -ynh_script_progression --message="Configuring application..." - ynh_add_fpm_config --usage=low --footprint=low # Create .well-known redirection for access by federation @@ -392,47 +359,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=8 ynh_add_fail2ban_config --use_template -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP PERMISSIONS -#================================================= -#REMOVEME? ynh_script_progression --message="Configuring permissions..." --weight=1 -#REMOVEME? ynh_legacy_permissions_delete_all - -ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true -#REMOVEME? ynh_permission_update --permission=main --show_tile=false --protected=true - -#REMOVEME? if ! ynh_permission_exists --permission=server_api; then -#REMOVEME? ynh_permission_create --permission=server_api --url=$domain/_matrix \ - --label="Server access for client apps." --show_tile=false --allowed=visitors \ - --auth_header=false --protected=true - python3 remove_sso_conf_persistent.py $domain $server_name \ - || ynh_print_warn --message="Your file /etc/ssowat/""conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually." -else - ynh_permission_url --permission=server_api --url=$domain/_matrix --remove_url=$server_name/.well-known/matrix \ - --auth_header=false -#REMOVEME? ynh_permission_update --permission=server_api --label="Server access for client apps." --show_tile=false \ - --protected=true -fi - -#REMOVEME? if yunohost --output-as plain domain list | grep -q "^$server_name"'$' && ! ynh_permission_exists --permission=server_client_infos; then -#REMOVEME? ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ - --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ - --auth_header=false --protected=true -elif yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then - ynh_permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \ - --auth_header=false -#REMOVEME? ynh_permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \ - --protected=true -fi - -#REMOVEME? if ! ynh_permission_exists --permission=admin_api; then -#REMOVEME? ynh_permission_create --permission=admin_api --url=$domain/_synapse \ - --label="Server administration API." --show_tile=false \ - --auth_header=false --allowed=visitors -fi - #================================================= # SECURE FILES AND DIRECTORIES #================================================= @@ -442,7 +368,7 @@ fi chown $synapse_user:root -R $install_dir chmod 770 $install_dir/Coturn_config_rotate.sh chmod 700 $install_dir/update_synapse_for_appservice.sh -chown $synapse_user:root -R $data_path +chown $synapse_user:root -R $data_dir chown $synapse_user:root -R /var/log/matrix-$app chown $synapse_user:root -R /etc/matrix-$app chmod u=rwX,g=rX,o= -R /etc/matrix-$app