YunoHost-Apps/synapse_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00
Code Issues Activity Actions

Merge pull request #34 from YunoHost-Apps/fix_for_official_release

Browse source 
Fix for official release
This commit is contained in:
Maniack Crudelis 2018-02-13 16:48:59 +01:00 committed by GitHub
commit 6ebc6d6087
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 1177 additions and 516 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

99
README.md
View file

@ -1,14 +1,25 @@
Synapse for YunoHost
====================
![](https://matrix.org/blog/wp-content/uploads/2015/01/logo1.png)
[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://ci-apps.yunohost.org/jenkins/job/synapse%20%28Community%29/lastBuild/consoleFull)
[![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=synapse)
> *This package allow you to install synapse quickly and simply on a YunoHost server.
If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
Overview
--------
Instant messaging server matrix network.
Yunohost chattroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org)
[Yunohost project](https://yunohost.org/#/)
**Shipped version:** 0.26.0
[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://ci-apps.yunohost.org/jenkins/job/synapse%20%28Community%29/lastBuild/consoleFull)
Setup
-----
Configuration
-------------
### Install for ARM arch (or slow arch)
@ -19,13 +30,9 @@ After that you can install it without problem.
The package use a prebuild python virtualenvironnement. The binary are taken from this repos : https://github.com/Josue-T/synapse_python_build
The script to build the binary is also available.
### Package update package
`sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh`
### Web client
If you want a web client you can also install riot with this package : https://github.com/YunoHost-Apps/riot_ynh . But
If you want a web client you can also install riot with this package : https://github.com/YunoHost-Apps/riot_ynh .
### Access by federation
@ -50,24 +57,42 @@ We have put some coarse mitigations into place to try to protect against this
situation, but it's still not good practice to do it in the first place. See
https://github.com/vector-im/riot-web/issues/1977 for more details.
Install
-------
Documentation
-------------
From command line:
- Official documentation: https://github.com/matrix-org/synapse
- YunoHost documentation: to be created ; feel free to help!
`sudo yunohost app install -l synapse https://github.com/YunoHost-Apps/synapse_ynh`
YunoHost specific features
--------------------------
Upgrade
-------
### Multi-users support
From command line:
Supported with LDAP.
`sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh`
### Supported architectures
Issue
- Tested on x86_64
- Tested on ARM (with specific build)
Limitations
-----------
Synapse take a lot of ressurce. So in slow architecture (like small ARM board), this app could take a lot of CPU and RAM.
This app don't contains any real good web interface. So it's recommended to use Riot client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/riot_ynh)
Links
-----
Any issue is welcome here : https://github.com/YunoHost-Apps/synapse_ynh/issues
- Report a bug: https://github.com/YunoHost-Apps/synapse_ynh/issues
- Matrix website: https://matrix.org/
- YunoHost website: https://yunohost.org/
Additionnal informations
-----
Administation
-------------
@ -93,8 +118,16 @@ To solve the issue [#30](https://github.com/YunoHost-Apps/synapse_ynh/issues/30)
`yunohost app setting synapse disable_backup_before_upgrade -v 1`
Migration from old package
--------------------------
### Multi instance support
To give a possiblity to have multiple domain you can use synapse in multiple instance. In this case all instance will run on differents port so it's really important to use put a SRV record in your domain. You can get the port that your need to put in your SRV record by this following command :
```
yunohost app setting synapse__<instancenumber> synapse_tls_port
```
Before to install a second instance of the app it's really recommend to update all instance already installed.
### Migration from old package
The old synapse package had some problem, the package has been reviewed in the summer 2017. The old package was made with the debian package with the synapse apt repos. The database used sqlite. To improve the performance and to have a better compatibility the new package use python virtual environment and postgresql as database. The Upgrade was made to make the migration from the old package to the new package. The part of this script is available here : https://github.com/YunoHost-Apps/synapse_ynh/blob/master/scripts/upgrade#L40-L119 .
@ -109,19 +142,21 @@ To do a backup before the upgrade use this command : `sudo yunohost backup creat
If anything fail while you are doing the upgrade please make an issue here : https://github.com/YunoHost-Apps/synapse_ynh/issues
License
-------
### License
Synapse is published under the Apache License : https://github.com/matrix-org/synapse/blob/master/LICENSE
To do
-----
---
- Doc (issue about domain)
- Test arm
- Riot doc
- Test production
Developers infos
----------------
### Todo for official App
Please do your pull request to the testing branch.
- Improve documentation
To try the testing branch, please proceed like that:
```bash
sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --verbose
or
sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --verbose
```

25
check_process
View file

@ -1,32 +1,28 @@
;; General
auto_remove=1
# Commentaire ignoré
; Manifest
domain="domain.tld" (DOMAIN)
path="/_matrix" (PATH)
path="/_matrix/client/#/login" (PATH)
is_public=1 (PUBLIC|public=1|private=0)
; Checks
pkg_linter=1
setup_sub_dir=0
setup_sub_dir=1
setup_root=0
setup_nourl=1
setup_nourl=0
setup_private=0
setup_public=1
upgrade=1
upgrade=1 from_commit=a62bce7dbc6bc0e1f1b4e872286ff124747ea009
upgrade=1 from_commit=f050f88fbfe7bad1bf74d4584ec62ffcf28248e7
backup_restore=1
multi_instance=0
wrong_user=0
wrong_path=1
multi_instance=1
incorrect_path=0
corrupt_source=1
fail_download_source=1
port_already_use=1 (8008)
final_path_already_use=1
port_already_use=1 (8448)
change_url=0
;;; Levels
Level 1=auto
Level 2=auto
Level 3=auto
# https://github.com/YunoHost-Apps/synapse_ynh/blob/master/conf/homeserver.yaml#L443-L454
Level 4=1
Level 5=auto
Level 6=auto
@ -34,3 +30,8 @@
Level 8=0
Level 9=0
Level 10=0
;;; Upgrade options
; commit=a62bce7dbc6bc0e1f1b4e872286ff124747ea009
name=Before multi_instance
; commit=f050f88fbfe7bad1bf74d4584ec62ffcf28248e7
name=Old version package

27
conf/coturn-synapse.service Normal file
View file

@ -0,0 +1,27 @@
[Unit]
Description=coturn
Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1)
After=syslog.target network.target
[Service]
User=turnserver
Group=turnserver
Type=forking
EnvironmentFile=/etc/default/coturn-__APP__
PIDFile=/var/run/coturn-__APP__/turnserver.pid
RuntimeDirectory=coturn-__APP__
RuntimeDirectoryMode=0755
ExecStart=/usr/bin/turnserver -o -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS
ExecStopPost=/bin/rm -f /var/run/coturn-__APP__/turnserver.pid
Restart=on-abort
LimitCORE=infinity
LimitNOFILE=999999
LimitNPROC=60000
LimitRTPRIO=infinity
LimitRTTIME=7000000
CPUSchedulingPolicy=other
UMask=0007
[Install]
WantedBy=multi-user.target

12
conf/homeserver.yaml
View file

@ -10,7 +10,7 @@ tls_certificate_path: "/etc/yunohost/certs/__DOMAIN__/crt.pem"
tls_private_key_path: "/etc/yunohost/certs/__DOMAIN__/key.pem"
# PEM dh parameters for ephemeral keys
tls_dh_params_path: "/etc/matrix-synapse/dh.pem"
tls_dh_params_path: "/etc/matrix-__APP__/dh.pem"
# Don't bind to the https port
no_tls: False
@ -20,7 +20,7 @@ no_tls: False
server_name: "__DOMAIN__"
# When running as a daemon, the file to store the pid in
pid_file: "/var/run/matrix-synapse.pid"
pid_file: "/var/run/matrix-__APP__.pid"
# Whether to serve a web client from the HTTP/HTTPS root resource.
web_client: False
@ -113,7 +113,7 @@ database:
args:
user: __SYNAPSE_DB_USER__
password: __SYNAPSE_DB_PWD__
database: matrix_synapse
database: matrix___APP__
host: localhost
cp_min: 5
cp_max: 10
@ -123,7 +123,7 @@ event_cache_size: "10K"
# A yaml python logging config file
log_config: "/etc/matrix-synapse/log.yaml"
log_config: "/etc/matrix-__APP__/log.yaml"
# Stop twisted from discarding the stack traces of exceptions in
# deferreds by waiting a reactor tick before running a deferred's
@ -161,7 +161,7 @@ federation_rc_concurrent: 3
# Directory where uploaded images and attachments are stored.
media_store_path: "/var/lib/matrix-synapse/media"
media_store_path: "/var/lib/matrix-__APP__/media"
# The largest allowed upload size in bytes
max_upload_size: "10M"
@ -353,7 +353,7 @@ expire_access_token: False
## Signing Keys ##
# Path to the signing key to sign messages with
signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
signing_key_path: "/etc/matrix-__APP__/homeserver.signing.key"
# The keys that the server used to sign messages with but won't use
# to sign new messages. E.g. it has lost its private key

2
conf/log.yaml
View file

@ -14,7 +14,7 @@ handlers:
file:
class: logging.handlers.RotatingFileHandler
formatter: precise
filename: /var/log/matrix-synapse/homeserver.log
filename: /var/log/matrix-__APP__/homeserver.log
maxBytes: 104857600
backupCount: 10
filters: [context]

10
conf/matrix-synapse.service
View file

@ -3,11 +3,11 @@ Description=Synapse Matrix homeserver
[Service]
Type=simple
User=matrix-synapse
WorkingDirectory=/var/lib/matrix-synapse
EnvironmentFile=/etc/default/matrix-synapse
ExecStartPre=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --generate-keys
ExecStart=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/
User=matrix-__APP__
WorkingDirectory=/var/lib/matrix-__APP__
EnvironmentFile=/etc/default/matrix-__APP__
ExecStartPre=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ --generate-keys
ExecStart=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/
Restart=always
RestartSec=3

2
conf/python_source.src Normal file
View file

@ -0,0 +1,2 @@
SOURCE_URL=https://github.com/matrix-org/synapse/archive/v0.26.0.tar.gz
SOURCE_SUM=234dd5fa44895e855d11fbf50de9184d057977b10b296f594d2c3758f693eff3

11
conf/turnserver.conf
View file

@ -5,10 +5,17 @@ realm=__DOMAIN__
no-stun
tls-listening-port=__TLS_PORT__
alt-tls-listening-port=__TLS_ALT_PORT__
cli-port=__CLI_PORT__
cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
dh-file=/etc/yunohost/certs/__DOMAIN__/dh.pem
dh-file=/etc/matrix-__APP__/dh.pem
no-sslv2
no-sslv3
no-sslv3
no-udp
no-tcp
log-file=/var/log/matrix-__APP__/turnserver.log
pidfile="/var/run/coturn-__APP__/turnserver.pid"

2
conf/virtualenv_activate
View file

@ -40,7 +40,7 @@ deactivate () {
# unset irrelevant variables
deactivate nondestructive
VIRTUAL_ENV="/opt/yunohost/matrix-synapse"
VIRTUAL_ENV="__FINAL_PATH__"
export VIRTUAL_ENV
_OLD_VIRTUAL_PATH="$PATH"

6
manifest.json
View file

@ -3,20 +3,20 @@
"id": "synapse",
"packaging_format": 1,
"requirements": {
"yunohost": ">= 2.7.2"
"yunohost": ">= 2.7.9"
},
"description": {
"en": "Instant messaging server who use matrix",
"fr": "Un serveur de messagerie instantané basé sur matrix"
},
"version": "0.26.0",
"version": "0.26.0~ynh1",
"url": "http://matrix.org",
"license": "Apache-2.0",
"maintainer": {
"name": "Josué Tille",
"email": "josue@tille.ch"
},
"multi_instance": false,
"multi_instance": true,
"services": [
"nginx"
],

205
scripts/_common.sh
View file

@ -1,205 +0,0 @@
#!/bin/bash
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-synapse"
synapse_db_name="matrix_synapse"
synapse_db_user="matrix_synapse"
get_app_version_from_json() {
manifest_path="../manifest.json"
if [ ! -e "$manifest_path" ]; then
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
fi
echo $(grep '\"version\": ' "$manifest_path" | cut -d '"' -f 4) # Retrieve the version number in the manifest file.
}
APP_VERSION=$(get_app_version_from_json)
install_dependances() {
ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libxml2-dev libxslt1-dev python-lxml libjpeg-dev libpq-dev postgresql acl
pip install --upgrade pip
pip install --upgrade virtualenv
}
setup_dir() {
# Create empty dir for synapse
mkdir -p /var/lib/matrix-synapse
mkdir -p /var/log/matrix-synapse
mkdir -p /var/log/turnserver
mkdir -p /etc/matrix-synapse/conf.d
mkdir -p $final_path
}
set_permission() {
# Set permission
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-synapse
chown $synapse_user:root -R /var/log/matrix-synapse
chown turnserver:root -R /var/log/turnserver
chown $synapse_user:root -R /etc/matrix-synapse
chmod 600 /etc/matrix-synapse/dh.pem
}
install_source() {
if [ -n "$(uname -m | grep arm)" ]
then
ynh_setup_source $final_path/ "armv7"
else
# Install virtualenv if it don't exist
test -e $final_path/bin || virtualenv -p python2.7 $final_path
# Install synapse in virtualenv
PS1=""
cp ../conf/virtualenv_activate $final_path/bin/activate
source $final_path/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
pip install --upgrade cffi ndg-httpsclient psycopg2 lxml
pip install --upgrade https://github.com/matrix-org/synapse/archive/v$APP_VERSION.tar.gz
# Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29
test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\
pip uninstall -y msgpack-python msgpack; \
pip install msgpack-python)
deactivate
fi
}
config_nginx() {
cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf
ynh_replace_string __PATH__ $path /etc/nginx/conf.d/$domain.d/$app.conf
ynh_replace_string __PORT__ $synapse_port /etc/nginx/conf.d/$domain.d/$app.conf
systemctl reload nginx.service
}
config_synapse() {
cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml
cp ../conf/log.yaml /etc/matrix-synapse/log.yaml
ynh_replace_string __DOMAIN__ $domain /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __PORT__ $synapse_port /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-synapse/homeserver.yaml
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-synapse/homeserver.yaml
if [ "$is_public" = "0" ]
then
ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-synapse/homeserver.yaml
else
ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-synapse/homeserver.yaml
fi
}
config_coturn() {
cp ../conf/default_coturn /etc/default/coturn
cp ../conf/turnserver.conf /etc/turnserver.conf
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/turnserver.conf
ynh_replace_string __DOMAIN__ $domain /etc/turnserver.conf
ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/turnserver.conf
}
####### Solve issue https://dev.yunohost.org/issues/1006
# Build and install a package from an equivs control file
#
# example: generate an empty control file with `equivs-control`, adjust its
# content and use helper to build and install the package:
# ynh_package_install_from_equivs /path/to/controlfile
#
# usage: ynh_package_install_from_equivs controlfile
# | arg: controlfile - path of the equivs control file
ynh_package_install_from_equivs () {
controlfile=$1
# Check if the equivs package is installed. Or install it.
ynh_package_is_installed 'equivs' \
|| ynh_package_install equivs
# retrieve package information
pkgname=$(grep '^Package: ' $controlfile | cut -d' ' -f 2) # Retrieve the name of the debian package
pkgversion=$(grep '^Version: ' $controlfile | cut -d' ' -f 2) # And its version number
[[ -z "$pkgname" || -z "$pkgversion" ]] \
&& echo "Invalid control file" && exit 1 # Check if this 2 variables aren't empty.
# Update packages cache
ynh_package_update
# Build and install the package
TMPDIR=$(mktemp -d)
# Note that the cd executes into a sub shell
# Create a fake deb package with equivs-build and the given control file
# Install the fake package without its dependencies with dpkg
# Install missing dependencies with ynh_package_install
(cp "$controlfile" "${TMPDIR}/control" && cd "$TMPDIR" \
&& equivs-build ./control 1>/dev/null \
&& sudo dpkg --force-depends \
-i "./${pkgname}_${pkgversion}_all.deb" 2>&1 \
&& ynh_package_install -f) || ynh_die "Unable to install dependencies"
[[ -n "$TMPDIR" ]] && rm -rf $TMPDIR # Remove the temp dir.
# check if the package is actually installed
ynh_package_is_installed "$pkgname"
}
# Implement PR : https://github.com/YunoHost/yunohost/pull/392
# Use logrotate to manage the logfile
#
# usage: ynh_use_logrotate [logfile] [--non-append]
# | arg: logfile - absolute path of logfile
# | option: --non-append - Replace the config file instead of appending this new config.
#
# If no argument provided, a standard directory will be use. /var/log/${app}
# You can provide a path with the directory only or with the logfile.
# /parentdir/logdir
# /parentdir/logdir/logfile.log
#
# It's possible to use this helper several times, each config will be added to the same logrotate config file.
# Unless you use the option --non-append
ynh_use_logrotate () {
local customtee="tee -a"
if [ $# -gt 0 ] && [ "$1" == "--non-append" ]; then
customtee="tee"
# Destroy this argument for the next command.
shift
elif [ $# -gt 1 ] && [ "$2" == "--non-append" ]; then
customtee="tee"
fi
if [ $# -gt 0 ]; then
if [ "$(echo ${1##*.})" == "log" ]; then # Keep only the extension to check if it's a logfile
logfile=$1 # In this case, focus logrotate on the logfile
else
logfile=$1/*.log # Else, uses the directory and all logfile into it.
fi
else
logfile="/var/log/${app}/*.log" # Without argument, use a defaut directory in /var/log
fi
cat > ./${app}-logrotate << EOF # Build a config file for logrotate
$logfile {
# Rotate if the logfile exceeds 100Mo
size 100M
# Keep 12 old log maximum
rotate 12
# Compress the logs with gzip
compress
# Compress the log at the next cycle. So keep always 2 non compressed logs
delaycompress
# Copy and truncate the log to allow to continue write on it. Instead of move the log.
copytruncate
# Do not do an error if the log is missing
missingok
# Not rotate if the log is empty
notifempty
# Keep old logs in the same dir
noolddir
}
EOF
sudo mkdir -p $(dirname "$logfile") # Create the log directory, if not exist
cat ${app}-logrotate | sudo $customtee /etc/logrotate.d/$app > /dev/null # Append this config to the existing config file, or replace the whole config file (depending on $customtee)
}

92
scripts/backup
View file

@ -1,42 +1,88 @@
#!/bin/bash
# Source YunoHost helpers
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
# Stop script if errors
ynh_abort_if_errors
# Import common cmd
source ../settings/scripts/_common.sh
source ../settings/scripts/psql.sh
source ../settings/scripts/experimental_helper.sh
source ../settings/scripts/_common.sh
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
# Retrieve arguments
domain=$(ynh_app_setting_get $app special_domain)
final_path="/opt/yunohost/matrix-synapse"
final_path=$(ynh_app_setting_get $app final_path)
# Copy Nginx config
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf"
#=================================================
# STANDARD BACKUP STEPS
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
# Backup synapse config
ynh_backup "/etc/matrix-synapse" "synapse_config"
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf"
# Backup coturn server
ynh_backup "/etc/turnserver.conf" "coturn_config"
ynh_backup "/etc/default/coturn" "coturn_config_default"
#=================================================
# BACKUP SYNAPSE CONFIG
#=================================================
# Backup synapse database
ynh_backup "/var/lib/matrix-synapse" "data" 1
ynh_backup "/etc/matrix-$app"
# Backup Postgresql database
sudo su -c "pg_dump $synapse_db_name" postgres > ${YNH_CWD}/dump.sql
#=================================================
# BACKUP COTURN CONFIG
#=================================================
# Copy the logs
ynh_backup "/var/log/matrix-synapse" "log"
ynh_backup "/var/log/turnserver" "log_turnserver"
ynh_backup "/etc/turnserver.conf"
ynh_backup "/etc/default/coturn"
# Backup systemd service
ynh_backup "/etc/default/matrix-synapse"
ynh_backup "/etc/systemd/system/matrix-synapse.service"
#=================================================
# BACKUP SYSTEMD
#=================================================
# Backup synapse binary
ynh_backup "$final_path" "bin"
ynh_backup "/etc/default/matrix-$app"
ynh_backup "/etc/systemd/system/matrix-$app.service"
ynh_backup "/etc/default/coturn-$app"
ynh_backup "/etc/systemd/system/coturn-$app.service"
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup "$final_path" "bin"
#=================================================
# BACKUP SYNAPSE DATA
#=================================================
ynh_backup "/var/lib/matrix-$app" "data" 1
#=================================================
# BACKUP THE POSTGRESQL DATABASE
#=================================================
ynh_psql_dump_db "$synapse_db_name" > ${YNH_CWD}/dump.sql
#=================================================
# BACKUP SYNAPSE LOG
#=================================================
ynh_backup "/var/log/matrix-$app"

184
scripts/experimental_helper.sh Normal file
View file

@ -0,0 +1,184 @@
# Read the value of a key in a ynh manifest file
#
# usage: ynh_read_manifest manifest key
# | arg: manifest - Path of the manifest to read
# | arg: key - Name of the key to find
ynh_read_manifest () {
manifest="$1"
key="$2"
python3 -c "import sys, json;print(json.load(open('$manifest'))['$key'])"
}
# Read the upstream version from the manifest
# this include the number before ~ynh
#
# usage: ynh_app_upstream_version
ynh_app_upstream_version () {
manifest_path="../manifest.json"
if [ ! -e "$manifest_path" ]; then
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
fi
version_key=$(ynh_read_manifest "$manifest_path" "version")
echo "${version_key/~ynh*/}"
}
# Read package version from the manifest
# this include the number after ~ynh
#
# usage: ynh_app_package_version
ynh_app_package_version () {
manifest_path="../manifest.json"
if [ ! -e "$manifest_path" ]; then
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
fi
version_key=$(ynh_read_manifest "$manifest_path" "version")
echo "${version_key/*~ynh/}"
}
####### Solve issue https://dev.yunohost.org/issues/1006
# Build and install a package from an equivs control file
#
# example: generate an empty control file with `equivs-control`, adjust its
# content and use helper to build and install the package:
# ynh_package_install_from_equivs /path/to/controlfile
#
# usage: ynh_package_install_from_equivs controlfile
# | arg: controlfile - path of the equivs control file
ynh_package_install_from_equivs () {
controlfile=$1
# Check if the equivs package is installed. Or install it.
ynh_package_is_installed 'equivs' \
|| ynh_package_install equivs
# retrieve package information
pkgname=$(grep '^Package: ' $controlfile | cut -d' ' -f 2) # Retrieve the name of the debian package
pkgversion=$(grep '^Version: ' $controlfile | cut -d' ' -f 2) # And its version number
[[ -z "$pkgname" || -z "$pkgversion" ]] \
&& echo "Invalid control file" && exit 1 # Check if this 2 variables aren't empty.
# Update packages cache
ynh_package_update
# Build and install the package
TMPDIR=$(mktemp -d)
# Note that the cd executes into a sub shell
# Create a fake deb package with equivs-build and the given control file
# Install the fake package without its dependencies with dpkg
# Install missing dependencies with ynh_package_install
(cp "$controlfile" "${TMPDIR}/control" && cd "$TMPDIR" \
&& equivs-build ./control 1>/dev/null \
&& sudo dpkg --force-depends \
-i "./${pkgname}_${pkgversion}_all.deb" 2>&1 \
&& ynh_package_install -f) || ynh_die "Unable to install dependencies"
[[ -n "$TMPDIR" ]] && rm -rf $TMPDIR # Remove the temp dir.
# check if the package is actually installed
ynh_package_is_installed "$pkgname"
}
# Start or restart a service and follow its booting
#
# usage: ynh_check_starting "Line to match" [Log file] [Timeout] [Service name]
#
# | arg: Line to match - The line to find in the log to attest the service have finished to boot.
# | arg: Log file - The log file to watch
# | arg: Service name
# /var/log/$app/$app.log will be used if no other log is defined.
# | arg: Timeout - The maximum time to wait before ending the watching. Defaut 300 seconds.
ynh_check_starting () {
local line_to_match="$1"
local service_name="${4:-$app}"
local app_log="${2:-/var/log/$service_name/$service_name.log}"
local timeout=${3:-300}
ynh_clean_check_starting () {
# Stop the execution of tail.
kill -s 15 $pid_tail 2>&1
ynh_secure_remove "$templog" 2>&1
}
echo "Starting of $service_name" >&2
systemctl restart $service_name
local templog="$(mktemp)"
# Following the starting of the app in its log
tail -F -n1 "$app_log" > "$templog" &
# Get the PID of the tail command
local pid_tail=$!
local i=0
for i in `seq 1 $timeout`
do
# Read the log until the sentence is found, that means the app finished to start. Or run until the timeout
if grep --quiet "$line_to_match" "$templog"
then
echo "The service $service_name has correctly started." >&2
break
fi
echo -n "." >&2
sleep 1
done
if [ $i -eq $timeout ]
then
echo "The service $service_name didn't fully started before the timeout." >&2
fi
echo ""
ynh_clean_check_starting
}
# Create a dedicated systemd config
#
# usage: ynh_add_systemd_config [Service name] [Source file]
# | arg: Service name
# | arg: Systemd source file (for example appname.service)
#
# This will use a template in ../conf/systemd.service
# and will replace the following keywords with
# global variables that should be defined before calling
# this helper :
#
# __APP__ by $app
# __FINALPATH__ by $final_path
#
# usage: ynh_add_systemd_config
ynh_add_systemd_config () {
local service_name="${1:-$app}"
finalsystemdconf="/etc/systemd/system/$service_name.service"
ynh_backup_if_checksum_is_different "$finalsystemdconf"
sudo cp ../conf/${2:-systemd.service} "$finalsystemdconf"
# To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
# Substitute in a nginx config file only if the variable is not empty
if test -n "${final_path:-}"; then
ynh_replace_string "__FINALPATH__" "$final_path" "$finalsystemdconf"
fi
if test -n "${app:-}"; then
ynh_replace_string "__APP__" "$app" "$finalsystemdconf"
fi
ynh_store_file_checksum "$finalsystemdconf"
sudo chown root: "$finalsystemdconf"
sudo systemctl enable $service_name
sudo systemctl daemon-reload
}
# Remove the dedicated systemd config
#
# usage: ynh_remove_systemd_config [Service name]
# | arg: Service name
#
# usage: ynh_remove_systemd_config
ynh_remove_systemd_config () {
local service_name="${1:-$app}"
local finalsystemdconf="/etc/systemd/system/$service_name.service"
if [ -e "$finalsystemdconf" ]; then
sudo systemctl stop $service_name
sudo systemctl disable $service_name
ynh_secure_remove "$finalsystemdconf"
sudo systemctl daemon-reload
fi
}

319
scripts/install
View file

@ -1,104 +1,301 @@
#!/bin/bash
# Source YunoHost helpers
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
source ./psql.sh
# Stop script if errors
ynh_abort_if_errors
# Import common cmd
# Import common fonctions
source ./psql.sh
source ./experimental_helper.sh
source ./_common.sh
# Retrieve arguments
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
is_public=$YNH_APP_ARG_IS_PUBLIC
path="/_matrix"
final_path="/opt/yunohost/matrix-synapse"
path_url="/_matrix"
final_path="/opt/yunohost/matrix-$app"
# Check domain/path availability
test $(ynh_webpath_available $domain $path) == 'True' || ynh_die "$domain$path is not available, please use an other domain."
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_webpath_available $domain $path_url || ynh_die "$domain is not available as domain, please use an other domain."
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die "$domain is not available as domain, please use an other domain."
# Check Final Path availability
test ! -e "$final_path" || ynh_die "This path already contains a folder"
# Ouvre le port dans le firewall
synapse_tls_port=$(ynh_find_port 8448)
synapse_port=$(ynh_find_port 8008)
turnserver_tls_port=$(ynh_find_port 5349)
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
# Make dh cert for synapse if it not exist
test ! -e /etc/matrix-synapse/dh.pem && \
mkdir -p /etc/matrix-synapse && \
openssl dhparam -out /etc/matrix-synapse/dh.pem 2048 > /dev/null
# Find password for turnserver and database
turnserver_pwd=$(ynh_string_random 30)
synapse_db_pwd=$(ynh_string_random 30)
# Enregistre les infos dans la config YunoHost
# For the domain and the path we can't use the standard keys "domain" and "path" with the standard function ynh_webpath_register because it create automatically a button on the user pannel.
# The idea is to create a custom key (specia_domain and special_path instead of domain and key).
# By this the ssowatconf fonction don't create a button on the pannel.
# This hack solve the issue : https://github.com/YunoHost-Apps/synapse_ynh/issues/14
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path
ynh_app_setting_set $app special_path $path_url
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_set $app synapse_version $APP_VERSION
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
ynh_app_setting_set $app synapse_version $upstream_version
ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app synapse_port $synapse_port
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
# Find a free port
synapse_tls_port=$(ynh_find_port 8448)
port=$(ynh_find_port 8008)
turnserver_tls_port=$(ynh_find_port 5349)
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766)
# Open this port
yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
# Store opened ports
ynh_app_setting_set $app synapse_port $port
ynh_app_setting_set $app synapse_tls_port $synapse_tls_port
ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port
ynh_app_setting_set $app turnserver_pwd $turnserver_pwd
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
ynh_app_setting_set $app cli_port $cli_port
# Install all dependances
install_dependances
#=================================================
# CREATE A DH FILE
#=================================================
# Create user
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
# Make dh cert for synapse if it not exist
test ! -e /etc/matrix-$app/dh.pem && \
mkdir -p /etc/matrix-$app && \
openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null
#=================================================
# INSTALL DEPENDENCIES
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libxml2-dev libxslt1-dev python-lxml libjpeg-dev libpq-dev postgresql acl
pip install --upgrade pip
pip install --upgrade virtualenv
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_system_user_create $synapse_user /var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
synapse_db_pwd=$(ynh_string_random 30)
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
# Create postgresql database
ynh_psql_test_if_first_run
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
# Create directory and Install synapse in virtualenv
setup_dir
install_source
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Open access to server without a button the home
cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py
# Create empty dir for synapse
# Create systemd service
cp ../conf/default_matrix-synapse /etc/default/matrix-synapse
cp ../conf/matrix-synapse.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable matrix-synapse.service
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
mkdir -p /var/lib/matrix-$app
mkdir -p /var/log/matrix-$app
mkdir -p /etc/matrix-$app/conf.d
mkdir -p $final_path
# Config nginx
config_nginx
# Install synapse in virtualenv
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times)
# For any update do it in all files
if [ -n "$(uname -m | grep arm)" ]
then
ynh_setup_source $final_path/ "armv7"
else
# Install virtualenv if it don't exist
test -e $final_path/bin || virtualenv -p python2.7 $final_path
# Install synapse in virtualenv
PS1=""
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
# We set all necessary environement variable to create a python virtualenvironnement.
source $final_path/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
pip install --upgrade cffi ndg-httpsclient psycopg2 lxml
# Download and check the checksum for the synapse source
src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
wget -nv -O synapse_source.tar.gz "$src_url"
echo "${src_sum} synapse_source.tar.gz" | sha256sum -c --status \
|| ynh_die "Corrupt source"
pip install --upgrade synapse_source.tar.gz
# Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29
test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\
pip uninstall -y msgpack-python msgpack; \
pip install msgpack-python)
# This fonction was defined while we call "source $final_path/bin/activate". By this fonction de undo what does "$final_path/bin/activate"
deactivate
fi
#=================================================
# SETUP SYSTEMD
#=================================================
# Create systemd service for synapse and turnserver
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
ynh_add_systemd_config matrix-$app matrix-synapse.service
cp ../conf/default_coturn /etc/default/coturn-$app
ynh_add_systemd_config coturn-$app coturn-synapse.service
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_add_nginx_config
#=================================================
# SET SYNAPSE CONFIG
#=================================================
# Find password for turnserver and database
turnserver_pwd=$(ynh_string_random 30)
ynh_app_setting_set $app turnserver_pwd $turnserver_pwd
# Configure Synapse
config_synapse
# Configure Coturn
config_coturn
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times)
# For any update do it in all files
# Configuration de logrotate
ynh_use_logrotate /var/log/matrix-synapse
ynh_use_logrotate /var/log/turnserver
homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
# Set Permission for all directory
set_permission
cp ../conf/homeserver.yaml "$homeserver_config_path"
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
# register yunohost service
yunohost service add matrix-synapse
ynh_replace_string __APP__ $app "$homeserver_config_path"
ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path"
ynh_replace_string __PORT__ $port "$homeserver_config_path"
ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path"
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path"
# Recharge la configuration Nginx
systemctl restart matrix-synapse.service
systemctl restart coturn.service
ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml"
if [ "$is_public" = "0" ]
then
ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path"
else
ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path"
fi
ynh_store_file_checksum "$homeserver_config_path"
ynh_store_file_checksum "/etc/matrix-$app/log.yaml"
#=================================================
# SET COTURN CONFIG
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
coturn_config_path="/etc/matrix-$app/coturn.conf"
cp ../conf/turnserver.conf "$coturn_config_path"
ynh_replace_string __APP__ $app "$coturn_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path"
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path"
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
ynh_store_file_checksum "$coturn_config_path"
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_use_logrotate /var/log/matrix-$app
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP SSOWAT
#=================================================
# Open access to server without a button the home
# The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls".
cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py || ynh_die "Your file /etc/ssowat/conf.json.persistent don't respect the json synaxe. Please fix the synaxe to install this app. For more information see here : https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times), RESTORE
# For any update do it in all files
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/dh.pem
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log"
yunohost service add coturn-$app
#=================================================
# RELOAD SERVICES
#=================================================
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"

1
scripts/psql.sh
View file

@ -117,7 +117,6 @@ ynh_psql_drop_user() {
su --command="dropuser \"${user}\"" postgres
}
ynh_psql_test_if_first_run() {
if [ -f /etc/yunohost/psql ];
then

118
scripts/remove
View file

@ -1,73 +1,115 @@
#!/bin/bash
# Source YunoHost helpers
source /usr/share/yunohost/helpers
source ./psql.sh
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
# Stop script if errors
set -u
source /usr/share/yunohost/helpers
# Import common cmd
source ./psql.sh
source ./experimental_helper.sh
source ./_common.sh
# Retrieve app settings
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
domain=$(ynh_app_setting_get $app special_domain)
final_path=$(ynh_app_setting_get $app final_path)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
systemctl stop matrix-synapse.service || true
systemctl stop coturn.service || true
#=================================================
# STANDARD REMOVE
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
# Suppression de la configuration nginx
ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf"
systemctl reload nginx.service
ynh_remove_systemd_config matrix-$app
ynh_remove_systemd_config coturn-$app
#=================================================
# CLOSE A PORT
#=================================================
# Close firewall ports
closeport() {
local port=$1
if yunohost firewall list | grep -q "\- $port$"
then
echo "Close port $port"
yunohost firewall disallow TCP $port > /dev/null
yunohost firewall disallow Both $port > /dev/null
fi
}
port=$synapse_tls_port
closeport
port=$turnserver_tls_port
closeport
closeport $synapse_tls_port
closeport $turnserver_tls_port
closeport $turnserver_alt_tls_port
#=================================================
# SETUP SSOWAT
#=================================================
# Remove the skipped url
python $final_path/remove_sso_conf.py
# Remove depandance
ynh_remove_app_dependencies || true
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_remove_app_dependencies
#=================================================
# REMOVE APP DIR
#=================================================
# Clean all directory
ynh_secure_remove $final_path
ynh_secure_remove /var/lib/matrix-synapse
ynh_secure_remove /var/log/matrix-synapse
ynh_secure_remove /var/log/turnserver
ynh_secure_remove /etc/matrix-synapse
ynh_secure_remove /etc/default/matrix-synapse
ynh_secure_remove /var/lib/matrix-$app
ynh_secure_remove /var/log/matrix-$app
ynh_secure_remove /etc/matrix-$app
ynh_secure_remove /etc/default/matrix-$app
ynh_secure_remove /etc/default/coturn-$app
# Remove systemd service
systemctl disable matrix-synapse.service
ynh_secure_remove /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_remove_nginx_config
#=================================================
# REMOVE THE POSTGRESQL DATABASE
#=================================================
# Remove database and user
ynh_psql_remove_db $synapse_db_name $synapse_db_user
# Remove user
ynh_system_user_delete matrix-synapse
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_system_user_delete $synapse_user
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
# Remove logrotate
ynh_remove_logrotate
# Remove Monitoring
yunohost service remove matrix-synapse
# Reload nginx
systemctl reload nginx.service
#=================================================
# REMOVE SERVICE FROM ADMIN PANEL
#=================================================
yunohost service remove matrix-$app
yunohost service remove coturn-$app

147
scripts/restore
View file

@ -1,48 +1,99 @@
#!/bin/bash
# Source YunoHost helpers
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
# Stop script if errors
ynh_abort_if_errors
# Import common cmd
source ../settings/scripts/_common.sh
source ../settings/scripts/psql.sh
source ../settings/scripts/experimental_helper.sh
source ../settings/scripts/_common.sh
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
# Retrieve arguments
domain=$(ynh_app_setting_get $app special_domain)
path=$(ynh_app_setting_get $app special_path)
path_url=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public)
synapse_port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
# Check domain/path availability
ynh_webpath_available $domain $path || ynh_die "$domain/$path is not available, please use an other domain."
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
# Ouvre le port dans le firewall
yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
ynh_webpath_available $domain $path_url || ynh_die "$domain/$path_url is not available, please use an other domain."
# Install all dependances
install_dependances
# Create user
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RESTORE ALL FILES
#=================================================
# Restore all config and data
ynh_restore
# Open access to server without a button the home
python $final_path/add_sso_conf.py
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libxml2-dev libxslt1-dev python-lxml libjpeg-dev libpq-dev postgresql acl
pip install --upgrade pip
pip install --upgrade virtualenv
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_system_user_create $synapse_user /var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
#=================================================
# SPECIFIC RESTORATION
#=================================================
# OPEN THE PORT
#=================================================
# Ouvre le port dans le firewall
yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
#=================================================
# SETUP SSOWAT
#=================================================
# Open access to server without a button the home
# The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls".
python $final_path/add_sso_conf.py || ynh_die "Your file /etc/ssowat/conf.json.persistent don't respect the json synaxe. Please fix the synaxe to install this app. For more information see here : https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
#=================================================
# RESTORE THE POSTGRESQL DATABASE
#=================================================
# Restore postgresql database
ynh_psql_test_if_first_run
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
@ -52,23 +103,49 @@ ynh_psql_execute_as_root \
LC_CTYPE='C'
template=template0
OWNER $synapse_db_user;"
su -c "psql $synapse_db_name" postgres < ${YNH_CWD}/dump.sql
ynh_psql_execute_file_as_root "${YNH_CWD}/dump.sql" "$synapse_db_name"
#=================================================
# RESTORE SYSTEMD
#=================================================
# Enable systemd service
systemctl daemon-reload
systemctl enable matrix-synapse.service
systemctl enable matrix-$app.service
# Configuration de logrotate
ynh_use_logrotate /var/log/matrix-synapse
ynh_use_logrotate /var/log/turnserver
#=================================================
# SETUP LOGROTATE
#=================================================
# Set the permission
set_permission
ynh_use_logrotate /var/log/matrix-$app
# register yunohost service
yunohost service add matrix-synapse
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/dh.pem
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log"
yunohost service add coturn-$app
#=================================================
# RELOAD NGINX, SYNAPSE AND COTURN
#=================================================
# Reload webserver
systemctl reload nginx.service
systemctl restart matrix-synapse.service
systemctl restart coturn.service
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"

431
scripts/upgrade
View file

@ -1,26 +1,51 @@
#!/bin/bash
# Source YunoHost helpers
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
source ./psql.sh
# Stop script if errors
ynh_abort_if_errors
# Import common cmd
source ./psql.sh
source ./experimental_helper.sh
source ./_common.sh
# Retrieve arguments
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
domain=$(ynh_app_setting_get $app special_domain)
path=$(ynh_app_setting_get $app special_path)
path_url=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
synapse_old_version=$(ynh_app_setting_get $app synapse_version)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public)
synapse_port=$(ynh_app_setting_get $app synapse_port)
port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
cli_port=$(ynh_app_setting_get $app cli_port)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
# To be sure that the migration is sucessfull we check that the old synapse version is compatible with the synapse_port_db script.
if [[ -z $synapse_old_version ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.25") != 1 ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.26") != 1 ]]
@ -28,8 +53,14 @@ then
ynh_die "Update from this synapse version is not available now. You need to wait for the next update."
fi
systemctl stop matrix-synapse.service
#=================================================
# BACKUP BEFORE UPGRADE
#=================================================
# We stop the service before to set ynh_clean_setup
systemctl stop matrix-$app.service
# Backup the current version of the app
if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]]
then
ynh_backup_before_upgrade
@ -38,124 +69,342 @@ then
}
fi
ynh_abort_if_errors
#=================================================
# UPGRADE FROM DIFFERENTS PACKAGE EVOLUTION
#=================================================
# MIGRATION 1 : UPGRADE FROM OLD PACKAGE VERSION
# DEBIAN PACKAGE-> PYTHON VIRTUALENVIRONNEMENT
# SQLITE -> POSTGRESQL
# PART NO 1
#=================================================
# Actually this package use pythonvirtualenvironnement. The old package used the debian package. So if the app is not already migrated from the old package version we need to migrade the app from the debian package to a python virtualenvironnement. In the same time the package migrated from sqlite to postgresql for the database. So we do these both things in the same time.
if [[ -z $synapse_old_version ]]
then
## We move from debian package to new package with python virtualenv
# Change settings
path="/_matrix"
domain=$(ynh_app_setting_get $app domain)
final_path="/opt/yunohost/matrix-synapse"
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_delete $app domain
ynh_app_setting_delete $app path
ynh_app_setting_delete $app skipped_uris
#=================================================
# UPDATE SETTINGS
#=================================================
# Remove old package and add new package as dependance
ynh_secure_remove /etc/apt/sources.list.d/matrix.list
ynh_package_autoremove --purge matrix-synapse python-matrix-synapse-ldap3 || true
path_url="/_matrix"
domain=$(ynh_app_setting_get $app domain)
final_path="/opt/yunohost/matrix-synapse"
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path_url
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_delete $app domain
ynh_app_setting_delete $app path
ynh_app_setting_delete $app skipped_uris
# If we don't remove these line in dpkg config, dpkg fail on every new package install
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/lib/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/log/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /etc/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
#=================================================
# REMOVE OLD DEPENDDANCE
#=================================================
# add new package as dependance and install dependance
install_dependances
ynh_secure_remove /etc/apt/sources.list.d/matrix.list
ynh_package_autoremove --purge matrix-synapse python-matrix-synapse-ldap3 || true
# Create directory Install synapse in virtualenv
setup_dir || true # If the dir aready exist the command could fail
install_source
cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-synapse/dh.pem
set_permission
# If we don't remove these line in dpkg config, dpkg fail on every new package install
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/lib/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/log/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /etc/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
# Open access to server without a button the home
cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py || echo "Error while sso config, please add '/_matrix' in /etc/ssowat/conf.json.persistent"
#=================================================
# INSTALL NEW DEPENDENCIES
#=================================================
# Create user
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
# add new package as dependance and install dependance
# WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libxml2-dev libxslt1-dev python-lxml libjpeg-dev libpq-dev postgresql acl
pip install --upgrade pip
pip install --upgrade virtualenv
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
synapse_db_pwd=$(ynh_string_random 30)
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
# Create postgresql database
ynh_psql_test_if_first_run
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
#=================================================
# CREATE EMPTY DIR FOR SYNAPSE
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
mkdir -p /var/lib/matrix-$app
mkdir -p /var/log/matrix-$app
mkdir -p /etc/matrix-$app/conf.d
mkdir -p $final_path
fi
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Install/upgrade synapse in virtualenv
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
if [ -n "$(uname -m | grep arm)" ]
then
ynh_setup_source $final_path/ "armv7"
else
# Install virtualenv if it don't exist
test -e $final_path/bin || virtualenv -p python2.7 $final_path
# Install synapse in virtualenv
PS1=""
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
# We set all necessary environement variable to create a python virtualenvironnement.
source $final_path/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
pip install --upgrade cffi ndg-httpsclient psycopg2 lxml
# Download and check the checksum for the synapse source
src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
wget -nv -O synapse_source.tar.gz "$src_url"
echo "${src_sum} synapse_source.tar.gz" | sha256sum -c --status \
|| ynh_die "Corrupt source"
pip install --upgrade synapse_source.tar.gz
# Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29
test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\
pip uninstall -y msgpack-python msgpack; \
pip install msgpack-python)
# This fonction was defined while we call "source $final_path/bin/activate". By this fonction de undo what does "$final_path/bin/activate"
deactivate
fi
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# UPDATE SYNAPSE CONFIG
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
cp ../conf/homeserver.yaml "$homeserver_config_path"
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string __APP__ $app "$homeserver_config_path"
ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path"
ynh_replace_string __PORT__ $port "$homeserver_config_path"
ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path"
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path"
ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml"
if [ "$is_public" = "0" ]
then
ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path"
else
ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path"
fi
ynh_store_file_checksum "$homeserver_config_path"
ynh_store_file_checksum "/etc/matrix-$app/log.yaml"
#=================================================
# MIGRATION 1 : UPGRADE FROM OLD PACKAGE VERSION
# DEBIAN PACKAGE-> PYTHON VIRTUALENVIRONNEMENT
# SQLITE -> POSTGRESQL
# PART NO 2
#=================================================
if [[ -z $synapse_old_version ]]
then
#=================================================
# UPDATE SSOWAT CONF
#=================================================
cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py || echo "Error while sso config, please add '/_matrix' in /etc/ssowat/conf.json.persistent"
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
# Create systemd service
ynh_secure_remove /etc/init.d/matrix-synapse
ynh_secure_remove /lib/systemd/system/matrix-synapse.service
ynh_secure_remove /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
systemctl disable matrix-synapse.service
# In the old synapse instance we stored the dh.pem in /etc/yunohost/certs/DOMAIN.TLD/ but it was problematics with lets'encrypt witch made a link to the key. While the letsencrypt key was changed the dh.pem file was lost. So we decided to move to /etc/matrix-synapse/ witch is a directory witch is not managed by any other component.
# Here we check if the dh.pem file is already moved. If not we try to copy the file from the old place. If the file in the old place was already removed (by letsencrypt) we create a new one.
test -e /etc/matrix-$app/dh.pem || \
cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem || \
openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null
#=================================================
# SETUP SYSTEMD
#=================================================
cp ../conf/default_matrix-synapse /etc/default/matrix-synapse
cp ../conf/matrix-synapse.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable matrix-synapse.service
ynh_secure_remove /etc/init.d/matrix-synapse
ynh_secure_remove /lib/systemd/system/matrix-synapse.service
ynh_secure_remove /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
systemctl disable matrix-synapse.service
# Configuration de logrotate
ynh_use_logrotate /var/log/matrix-synapse
cp ../conf/default_matrix-synapse /etc/default/matrix-synapse
cp ../conf/matrix-synapse.service /etc/systemd/system/matrix-synapse.service
ynh_replace_string __APP__ $app /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
systemctl enable matrix-synapse.service
# register yunohost service
yunohost service add matrix-synapse
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
## Move to postgresql from sqlite
yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log"
yunohost service add coturn-$app
# We create the new settings
synapse_db_pwd=$(ynh_string_random 30)
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
#=================================================
# MIGRATE DATABASE
#=================================================
# Create postgresql database
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
# We get the last version of the synapse_port_db script because an old version could be buggy.
cp ../sources/synapse_port_db /opt/yunohost/matrix-synapse/bin/synapse_port_db
# Create config file for synapse with postgresql
config_synapse
# We get the last version of the synapse_port_db script because an old version could be buggy.
cp ../sources/synapse_port_db /opt/yunohost/matrix-synapse/bin/synapse_port_db
# Migrate database (in virtualenv)
source $final_path/bin/activate
/opt/yunohost/matrix-synapse/bin/synapse_port_db --sqlite-database /var/lib/matrix-synapse/homeserver.db \
--postgres-config /etc/matrix-synapse/homeserver.yaml
deactivate
# Migrate database (in virtualenv)
source $final_path/bin/activate
/opt/yunohost/matrix-synapse/bin/synapse_port_db --sqlite-database /var/lib/matrix-synapse/homeserver.db \
--postgres-config /etc/matrix-synapse/homeserver.yaml
deactivate
fi
# If the turnserver log is not ready configured we configure it now
test -e /var/log/turnserver || (mkdir -p /var/log/turnserver && ynh_use_logrotate /var/log/turnserver)
#=================================================
# MIGRATION 2 : MULTINSTANCE SUPPORT
#=================================================
if [[ ! -e /etc/matrix-$app/coturn.conf ]]
then
#=================================================
# CREATE AN INDEPENDANT SERVICE FOR COTURN
#=================================================
# Disable default config for turnserver and create a new service
systemctl stop coturn.service
# Set by default the system config for coturn
echo "" > /etc/turnserver.conf
ynh_replace_string "TURNSERVER_ENABLED=1" "TURNSERVER_ENABLED=0" /etc/default/coturn
# Set a port for each service in turnserver
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766)
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
ynh_app_setting_set $app cli_port $cli_port
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
# Configure systemd
cp ../conf/default_coturn /etc/default/coturn-$app
ynh_add_systemd_config coturn-$app coturn-synapse.service
#=================================================
# MAKE A CLEAN LOGROTATE CONFIG
#=================================================
ynh_use_logrotate /var/log/matrix-$app --non-append
fi
#=================================================
# MIGRATION 3 : USE STANDARD ACCESS FOR CERTIFCATE
# AND USE INDEPENDANT DH FILE
#=================================================
# Fix issue about certificates access
if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-synapse" /etc/group) ]]
if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]]
then
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
fi
test -e /etc/matrix-synapse/dh.pem || cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-synapse/dh.pem
# In the old synapse instance we stored the dh.pem in /etc/yunohost/certs/DOMAIN.TLD/ but it was problematics with lets'encrypt witch made a link to the key. While the letsencrypt key was changed the dh.pem file was lost. So we decided to move to /etc/matrix-synapse/ witch is a directory witch is not managed by any other component.
# Here we check if the dh.pem file is already moved. If not we try to copy the file from the old place. If the file in the old place was already removed (by letsencrypt) we create a new one.
test -e /etc/matrix-$app/dh.pem || \
cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem || \
openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null
# Upgrade manually Synapse
install_source
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# NGINX CONFIGURATION
#=================================================
# Update nginx config
config_nginx
ynh_add_nginx_config
# Configure Synapse
config_synapse
#=================================================
# UPDATE COTURN CONFIG
#=================================================
# Configure Coturn
config_coturn
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
# Set Permission for all directory
set_permission
coturn_config_path="/etc/matrix-$app/coturn.conf"
# Set new settings
ynh_app_setting_set $app synapse_version $APP_VERSION
ynh_backup_if_checksum_is_different "$coturn_config_path"
# Recharge la configuration Nginx
systemctl reload nginx.service
systemctl start matrix-synapse.service
systemctl restart coturn.service
cp ../conf/turnserver.conf "$coturn_config_path"
ynh_replace_string __APP__ $app "$coturn_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path"
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path"
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
ynh_store_file_checksum "$coturn_config_path"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times), RESTORE
# For any update do it in all files
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/dh.pem
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#=================================================
# UPDATE VERSION SETTINGS
#=================================================
ynh_app_setting_set $app synapse_version $upstream_version
#=================================================
# RELOAD SERVICES
#=================================================
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"