YunoHost-Apps/synapse_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00
Code Issues Activity Actions

v2

Browse source
This commit is contained in:
Éric Gaspar 2023-06-06 23:42:18 +02:00
parent 0ba42a00ea
commit 6486566bb2
7 changed files with 35 additions and 161 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
conf/nginx.conf
View file

@ -18,7 +18,6 @@ location __PATH__/ {
}
}
location _synapse/ {
proxy_pass http://localhost:__PORT__;
proxy_set_header X-Forwarded-For $remote_addr;

10
doc/ADMIN.md
View file

@ -15,7 +15,7 @@ If you want a web client you can also install Element with this package: https:/
### Access by federation
If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
If your server name is identical to the domain on which synapse is installed, and the default port __PORT_SYNAPSE_TLD__ is used, your server is normally already accessible by the federation.
If not, you can add the following line in the dns configuration but you normally don't need it as a .well-known file is edited during the install to declare your server name and port to the federation.
@ -26,7 +26,7 @@ for example
```
_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com.
```
You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port`
You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME __PORT_SYNAPSE_TLD__`
For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md
@ -40,8 +40,8 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu
For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
```
yunohost app setting synapse turnserver_tls_port
yunohost app setting synapse turnserver_alt_tls_port
yunohost app setting synapse __PORT_TURNSERVER_TLS__
yunohost app setting synapse __PORT_TURNSERVER_ALT_TLS__
```
The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
@ -175,7 +175,7 @@ Use the `--purge` flag with the command, or remove it manually to purge app user
To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command:
```
yunohost app setting synapse__<instancenumber> synapse_tls_port
yunohost app setting synapse__<instancenumber> port_synapse_tls
```
Before installing a second instance of the app it's really recommended to update all existing instances.

4
doc/DESCRIPTION.md
View file

@ -1,3 +1,3 @@
Instant messaging server matrix network.
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Matrix is an open standard for communications on the internet, supporting federation, encryption and VoIP.
Yunohost chatroom with matrix : [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)
YunoHost chatroom with Matrix: [https://matrix.to/#/#yunohost:matrix.org](https://matrix.to/#/#yunohost:matrix.org)

6
doc/POST_INSTALL.md
View file

@ -1,7 +1,7 @@
To federate this app you need to add this line in your DNS configuration:
` _matrix._tcp.$domain. 3600 IN SRV 10 0 $port_synapse_tls $domain`
`_matrix._tcp.__DOMAIN__. 3600 IN SRV 10 0 __PORT__SYNAPSE_TLS__ __DOMAIN__`
You also need to open the TCP port $port_synapse_tls on your ISP box if it's not automatically done.
You also need to open the TCP port __PORT__SYNAPSE_TLS__ on your ISP box if it's not automatically done.
Your Synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
Your Synapse server also implements a Turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .

49
scripts/change_url
View file

@ -7,47 +7,19 @@
# IMPORT GENERIC HELPERS
source /usr/share/yunohost/helpers
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
# Import common cmd
source ./experimental_helper.sh
source ./_common.sh
#REMOVEME? ynh_script_progression --message="Loading installation settings..."
# RETRIEVE ARGUMENTS
#REMOVEME? old_domain=$YNH_APP_OLD_DOMAIN
domain=$YNH_APP_NEW_DOMAIN
path=$(ynh_normalize_url_path --path $YNH_APP_NEW_PATH)
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name)
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
#REMOVEME? synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
#REMOVEME? jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration)
#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=synapse_port)
#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
#REMOVEME? report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
#REMOVEME? allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
#REMOVEME? e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
#REMOVEME? registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
#REMOVEME? form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
#REMOVEME? macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
main_domain=$(yunohost domain list --output-as json | jq -r .main)
synapse_user="matrix-$app"
synapse_user_app="$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
domain_whitelist_client_=$(get_domain_list)
domain_whitelist_client=${domain_whitelist_client_%"\n"}
@ -67,25 +39,14 @@ ynh_systemd_action --service_name=matrix-$app.service --action=stop
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Updating NGINX configuration..."
ynh_change_url_nginx_config
# MODIFY URL IN NGINX CONF
#REMOVEME? nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
#REMOVEME? # Change the domain for nginx
# Delete file checksum for the old conf file location
#REMOVEME? ynh_delete_file_checksum --file "$nginx_conf_path"
#REMOVEME? mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf
# Store file checksum for the new config file location
#REMOVEME? ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf"
# Create .well-known redirection for access by federation
if yunohost --output-as plain domain list | grep -q "^$server_name$"
then
#REMOVEME? ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
fi
#=================================================
@ -130,9 +91,13 @@ chmod u=rwX,g=rX,o= -R /etc/matrix-$app
#=================================================
# RELOAD SERVICES
#=================================================
ynh_script_progression --message="Restarting Synapse services..." --weight=5
ynh_script_progression --message="Starting a systemd service..." --weight=5
ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Change of URL completed for $app" --last

28
scripts/restore
View file

@ -16,18 +16,6 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_script_progression --message="Loading settings..."
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain)
#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name)
#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path)
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
#REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
main_domain=$(yunohost domain list --output-as json | jq -r .main)
#=================================================
@ -36,20 +24,17 @@ main_domain=$(yunohost domain list --output-as json | jq -r .main)
synapse_user="matrix-$app"
synapse_user_app="$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
final_www_path="/var/www/$app"
data_path="/home/yunohost.app/matrix-$app"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
#REMOVEME? ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
# Create the dedicated user (if not existing)
#REMOVEME? ynh_system_user_create --username=$synapse_user --home_dir=$install_dir
ynh_system_user_create --username=$synapse_user --home_dir=$install_dir
# The format to create an user account varies depending on the version of YunoHost currently installed.
ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost)
if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then
@ -63,7 +48,6 @@ adduser turnserver ssl-cert
#=================================================
# RESTORE ALL CONFIG AND DATA
#=================================================
ynh_script_progression --message="Restoring directory and configuration..." --weight=10
ynh_restore
mkdir -p /etc/matrix-$app/app-service
@ -116,8 +100,8 @@ systemctl enable coturn-$app.service --quiet
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls
yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls
#=================================================
# CREATE A DH FILE
@ -182,7 +166,7 @@ ynh_script_progression --message="Configuring file permission..."
chown $synapse_user:root -R $install_dir
chmod 770 $install_dir/Coturn_config_rotate.sh
chmod 700 $install_dir/update_synapse_for_appservice.sh
chown $synapse_user:root -R $data_path
chown $synapse_user:root -R $data_dir
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app

98
scripts/upgrade
View file

@ -44,23 +44,11 @@ then
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
# STOP SYSTEMD SERVICE
#=================================================
#REMOVEME? ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30
ynh_script_progression --message="Stopping a systemd service..." --weight=1
#REMOVEME? # We stop the service before to set ynh_clean_setup
ynh_systemd_action --service_name=matrix-$app.service --action=stop
# Backup the current version of the app
#REMOVEME? if [ "0$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade)" -ne 1 ]
then
#REMOVEME? ynh_backup_before_upgrade
#REMOVEME? ynh_clean_setup () {
# Clean installation remainings that are not handled by the remove script.
ynh_clean_check_starting
#REMOVEME? ynh_restore_upgradebackup
}
fi
ynh_systemd_action --service_name=matrix-$app.service --action="stop" #--log_path="/var/log/$app/$app.log"
#=================================================
# STANDARD UPGRADE STEPS
@ -82,7 +70,7 @@ fi
# Define $server_name if not already defined
if [ -z $server_name ]; then
server_name=$domain
#REMOVEME? ynh_app_setting_set --app=$app --key=server_name --value=$domain
ynh_app_setting_set --app=$app --key=server_name --value=$domain
fi
# Define $jitsi_server if not already defined
@ -99,7 +87,7 @@ fi
if [ -z $report_stats ]; then
report_stats="false"
#REMOVEME? ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
fi
if [ -z $allow_public_rooms ]; then
@ -108,7 +96,7 @@ if [ -z $allow_public_rooms ]; then
fi
if [ -z $is_free_registration ]; then
#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public)
is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public)
ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_registration
fi
@ -129,28 +117,19 @@ fi
#=================================================
if [ -e "/var/lib/matrix-$app" ]; then
ynh_script_progression --message="Moving data directory to $data_path..." --weight=1
if [ -e "$data_path" ]; then
old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')"
ynh_script_progression --message="Moving data directory to $data_data..." --weight=1
if [ -e "$data_dir" ]; then
old_data_dir_path="$data_data$(date '+%Y%m%d.%H%M%S')"
ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path"
mv "$data_path" "$old_data_dir_path"
mv "$data_dir" "$old_data_dir_path"
fi
mv "/var/lib/matrix-$app" "$data_path"
mv "/var/lib/matrix-$app" "$data_dir"
fi
if ! grep -q "$install_dir" /etc/passwd; then
# matrix-synapse:x:994:994::/var/lib/matrix-synapse:/usr/sbin/nologin
sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$install_dir\:/usr/sbin/nologin@g" /etc/passwd
fi
#=================================================
# INSTALL DEPENDENCIES
#=================================================
#REMOVEME? ynh_script_progression --message="Upgrading dependencies..." --weight=6
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -247,15 +226,6 @@ then
# Disable default config for turnserver and create a new service
systemctl stop coturn.service
# Set a port for each service in turnserver
#REMOVEME? turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
#REMOVEME? cli_port=$(ynh_find_port --port=5766)
#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
#REMOVEME? ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
#=================================================
# MAKE A CLEAN LOGROTATE CONFIG
#=================================================
@ -300,9 +270,6 @@ fi
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
# Create a dedicated php-fpm config
ynh_script_progression --message="Configuring application..."
ynh_add_fpm_config --usage=low --footprint=low
# Create .well-known redirection for access by federation
@ -392,47 +359,6 @@ ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=8
ynh_add_fail2ban_config --use_template
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP PERMISSIONS
#=================================================
#REMOVEME? ynh_script_progression --message="Configuring permissions..." --weight=1
#REMOVEME? ynh_legacy_permissions_delete_all
ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true
#REMOVEME? ynh_permission_update --permission=main --show_tile=false --protected=true
#REMOVEME? if ! ynh_permission_exists --permission=server_api; then
#REMOVEME? ynh_permission_create --permission=server_api --url=$domain/_matrix \
--label="Server access for client apps." --show_tile=false --allowed=visitors \
--auth_header=false --protected=true
python3 remove_sso_conf_persistent.py $domain $server_name \
|| ynh_print_warn --message="Your file /etc/ssowat/""conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually."
else
ynh_permission_url --permission=server_api --url=$domain/_matrix --remove_url=$server_name/.well-known/matrix \
--auth_header=false
#REMOVEME? ynh_permission_update --permission=server_api --label="Server access for client apps." --show_tile=false \
--protected=true
fi
#REMOVEME? if yunohost --output-as plain domain list | grep -q "^$server_name"'$' && ! ynh_permission_exists --permission=server_client_infos; then
#REMOVEME? ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \
--label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \
--auth_header=false --protected=true
elif yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then
ynh_permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \
--auth_header=false
#REMOVEME? ynh_permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \
--protected=true
fi
#REMOVEME? if ! ynh_permission_exists --permission=admin_api; then
#REMOVEME? ynh_permission_create --permission=admin_api --url=$domain/_synapse \
--label="Server administration API." --show_tile=false \
--auth_header=false --allowed=visitors
fi
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
@ -442,7 +368,7 @@ fi
chown $synapse_user:root -R $install_dir
chmod 770 $install_dir/Coturn_config_rotate.sh
chmod 700 $install_dir/update_synapse_for_appservice.sh
chown $synapse_user:root -R $data_path
chown $synapse_user:root -R $data_dir
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app