diff --git a/README.md b/README.md index 8a49220..b9dff7e 100644 --- a/README.md +++ b/README.md @@ -1,14 +1,25 @@ Synapse for YunoHost ==================== +![](https://matrix.org/blog/wp-content/uploads/2015/01/logo1.png) + +[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://ci-apps.yunohost.org/jenkins/job/synapse%20%28Community%29/lastBuild/consoleFull) +[![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=synapse) + +> *This package allow you to install synapse quickly and simply on a YunoHost server. +If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* + +Overview +-------- + +Instant messaging server matrix network. + Yunohost chattroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) -[Yunohost project](https://yunohost.org/#/) +**Shipped version:** 0.26.0 -[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://ci-apps.yunohost.org/jenkins/job/synapse%20%28Community%29/lastBuild/consoleFull) - -Setup ------ +Configuration +------------- ### Install for ARM arch (or slow arch) @@ -19,13 +30,9 @@ After that you can install it without problem. The package use a prebuild python virtualenvironnement. The binary are taken from this repos : https://github.com/Josue-T/synapse_python_build The script to build the binary is also available. -### Package update package - -`sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh` - ### Web client -If you want a web client you can also install riot with this package : https://github.com/YunoHost-Apps/riot_ynh . But +If you want a web client you can also install riot with this package : https://github.com/YunoHost-Apps/riot_ynh . ### Access by federation @@ -50,24 +57,42 @@ We have put some coarse mitigations into place to try to protect against this situation, but it's still not good practice to do it in the first place. See https://github.com/vector-im/riot-web/issues/1977 for more details. -Install -------- +Documentation +------------- -From command line: +- Official documentation: https://github.com/matrix-org/synapse +- YunoHost documentation: to be created ; feel free to help! -`sudo yunohost app install -l synapse https://github.com/YunoHost-Apps/synapse_ynh` +YunoHost specific features +-------------------------- -Upgrade -------- +### Multi-users support -From command line: +Supported with LDAP. -`sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh` +### Supported architectures -Issue +- Tested on x86_64 +- Tested on ARM (with specific build) + +Limitations +----------- + +Synapse take a lot of ressurce. So in slow architecture (like small ARM board), this app could take a lot of CPU and RAM. + +This app don't contains any real good web interface. So it's recommended to use Riot client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/riot_ynh) + +Links ----- -Any issue is welcome here : https://github.com/YunoHost-Apps/synapse_ynh/issues +- Report a bug: https://github.com/YunoHost-Apps/synapse_ynh/issues +- Matrix website: https://matrix.org/ +- YunoHost website: https://yunohost.org/ + +Additionnal informations +----- + + Administation ------------- @@ -93,8 +118,16 @@ To solve the issue [#30](https://github.com/YunoHost-Apps/synapse_ynh/issues/30) `yunohost app setting synapse disable_backup_before_upgrade -v 1` -Migration from old package --------------------------- +### Multi instance support + +To give a possiblity to have multiple domain you can use synapse in multiple instance. In this case all instance will run on differents port so it's really important to use put a SRV record in your domain. You can get the port that your need to put in your SRV record by this following command : +``` +yunohost app setting synapse__ synapse_tls_port +``` + +Before to install a second instance of the app it's really recommend to update all instance already installed. + +### Migration from old package The old synapse package had some problem, the package has been reviewed in the summer 2017. The old package was made with the debian package with the synapse apt repos. The database used sqlite. To improve the performance and to have a better compatibility the new package use python virtual environment and postgresql as database. The Upgrade was made to make the migration from the old package to the new package. The part of this script is available here : https://github.com/YunoHost-Apps/synapse_ynh/blob/master/scripts/upgrade#L40-L119 . @@ -109,19 +142,21 @@ To do a backup before the upgrade use this command : `sudo yunohost backup creat If anything fail while you are doing the upgrade please make an issue here : https://github.com/YunoHost-Apps/synapse_ynh/issues -License -------- +### License Synapse is published under the Apache License : https://github.com/matrix-org/synapse/blob/master/LICENSE -To do ------ +--- -- Doc (issue about domain) -- Test arm -- Riot doc -- Test production +Developers infos +---------------- -### Todo for official App +Please do your pull request to the testing branch. -- Improve documentation +To try the testing branch, please proceed like that: + +```bash +sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --verbose +or +sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --verbose +``` diff --git a/check_process b/check_process index 8d35bbf..4f1b45b 100644 --- a/check_process +++ b/check_process @@ -1,32 +1,28 @@ ;; General - auto_remove=1 -# Commentaire ignoré ; Manifest domain="domain.tld" (DOMAIN) - path="/_matrix" (PATH) + path="/_matrix/client/#/login" (PATH) is_public=1 (PUBLIC|public=1|private=0) ; Checks pkg_linter=1 - setup_sub_dir=0 + setup_sub_dir=1 setup_root=0 - setup_nourl=1 + setup_nourl=0 setup_private=0 setup_public=1 upgrade=1 + upgrade=1 from_commit=a62bce7dbc6bc0e1f1b4e872286ff124747ea009 + upgrade=1 from_commit=f050f88fbfe7bad1bf74d4584ec62ffcf28248e7 backup_restore=1 - multi_instance=0 - wrong_user=0 - wrong_path=1 + multi_instance=1 incorrect_path=0 - corrupt_source=1 - fail_download_source=1 - port_already_use=1 (8008) - final_path_already_use=1 + port_already_use=1 (8448) change_url=0 ;;; Levels Level 1=auto Level 2=auto Level 3=auto + # https://github.com/YunoHost-Apps/synapse_ynh/blob/master/conf/homeserver.yaml#L443-L454 Level 4=1 Level 5=auto Level 6=auto @@ -34,3 +30,8 @@ Level 8=0 Level 9=0 Level 10=0 +;;; Upgrade options + ; commit=a62bce7dbc6bc0e1f1b4e872286ff124747ea009 + name=Before multi_instance + ; commit=f050f88fbfe7bad1bf74d4584ec62ffcf28248e7 + name=Old version package diff --git a/conf/coturn-synapse.service b/conf/coturn-synapse.service new file mode 100644 index 0000000..94884a7 --- /dev/null +++ b/conf/coturn-synapse.service @@ -0,0 +1,27 @@ +[Unit] +Description=coturn +Documentation=man:coturn(1) man:turnadmin(1) man:turnserver(1) +After=syslog.target network.target + +[Service] +User=turnserver +Group=turnserver +Type=forking +EnvironmentFile=/etc/default/coturn-__APP__ +PIDFile=/var/run/coturn-__APP__/turnserver.pid +RuntimeDirectory=coturn-__APP__ +RuntimeDirectoryMode=0755 +ExecStart=/usr/bin/turnserver -o -c /etc/matrix-__APP__/coturn.conf $EXTRA_OPTIONS +ExecStopPost=/bin/rm -f /var/run/coturn-__APP__/turnserver.pid +Restart=on-abort + +LimitCORE=infinity +LimitNOFILE=999999 +LimitNPROC=60000 +LimitRTPRIO=infinity +LimitRTTIME=7000000 +CPUSchedulingPolicy=other +UMask=0007 + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index c43fbad..0d17b22 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -10,7 +10,7 @@ tls_certificate_path: "/etc/yunohost/certs/__DOMAIN__/crt.pem" tls_private_key_path: "/etc/yunohost/certs/__DOMAIN__/key.pem" # PEM dh parameters for ephemeral keys -tls_dh_params_path: "/etc/matrix-synapse/dh.pem" +tls_dh_params_path: "/etc/matrix-__APP__/dh.pem" # Don't bind to the https port no_tls: False @@ -20,7 +20,7 @@ no_tls: False server_name: "__DOMAIN__" # When running as a daemon, the file to store the pid in -pid_file: "/var/run/matrix-synapse.pid" +pid_file: "/var/run/matrix-__APP__.pid" # Whether to serve a web client from the HTTP/HTTPS root resource. web_client: False @@ -113,7 +113,7 @@ database: args: user: __SYNAPSE_DB_USER__ password: __SYNAPSE_DB_PWD__ - database: matrix_synapse + database: matrix___APP__ host: localhost cp_min: 5 cp_max: 10 @@ -123,7 +123,7 @@ event_cache_size: "10K" # A yaml python logging config file -log_config: "/etc/matrix-synapse/log.yaml" +log_config: "/etc/matrix-__APP__/log.yaml" # Stop twisted from discarding the stack traces of exceptions in # deferreds by waiting a reactor tick before running a deferred's @@ -161,7 +161,7 @@ federation_rc_concurrent: 3 # Directory where uploaded images and attachments are stored. -media_store_path: "/var/lib/matrix-synapse/media" +media_store_path: "/var/lib/matrix-__APP__/media" # The largest allowed upload size in bytes max_upload_size: "10M" @@ -353,7 +353,7 @@ expire_access_token: False ## Signing Keys ## # Path to the signing key to sign messages with -signing_key_path: "/etc/matrix-synapse/homeserver.signing.key" +signing_key_path: "/etc/matrix-__APP__/homeserver.signing.key" # The keys that the server used to sign messages with but won't use # to sign new messages. E.g. it has lost its private key diff --git a/conf/log.yaml b/conf/log.yaml index 97846ec..62e0bb7 100644 --- a/conf/log.yaml +++ b/conf/log.yaml @@ -14,7 +14,7 @@ handlers: file: class: logging.handlers.RotatingFileHandler formatter: precise - filename: /var/log/matrix-synapse/homeserver.log + filename: /var/log/matrix-__APP__/homeserver.log maxBytes: 104857600 backupCount: 10 filters: [context] diff --git a/conf/matrix-synapse.service b/conf/matrix-synapse.service index c415f71..f6207c1 100644 --- a/conf/matrix-synapse.service +++ b/conf/matrix-synapse.service @@ -3,11 +3,11 @@ Description=Synapse Matrix homeserver [Service] Type=simple -User=matrix-synapse -WorkingDirectory=/var/lib/matrix-synapse -EnvironmentFile=/etc/default/matrix-synapse -ExecStartPre=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ --generate-keys -ExecStart=/opt/yunohost/matrix-synapse/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-synapse/homeserver.yaml --config-path=/etc/matrix-synapse/conf.d/ +User=matrix-__APP__ +WorkingDirectory=/var/lib/matrix-__APP__ +EnvironmentFile=/etc/default/matrix-__APP__ +ExecStartPre=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ --generate-keys +ExecStart=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ Restart=always RestartSec=3 diff --git a/conf/python_source.src b/conf/python_source.src new file mode 100644 index 0000000..4d05e76 --- /dev/null +++ b/conf/python_source.src @@ -0,0 +1,2 @@ +SOURCE_URL=https://github.com/matrix-org/synapse/archive/v0.26.0.tar.gz +SOURCE_SUM=234dd5fa44895e855d11fbf50de9184d057977b10b296f594d2c3758f693eff3 diff --git a/conf/turnserver.conf b/conf/turnserver.conf index a8506fe..3c4d578 100644 --- a/conf/turnserver.conf +++ b/conf/turnserver.conf @@ -5,10 +5,17 @@ realm=__DOMAIN__ no-stun tls-listening-port=__TLS_PORT__ +alt-tls-listening-port=__TLS_ALT_PORT__ +cli-port=__CLI_PORT__ cert=/etc/yunohost/certs/__DOMAIN__/crt.pem pkey=/etc/yunohost/certs/__DOMAIN__/key.pem -dh-file=/etc/yunohost/certs/__DOMAIN__/dh.pem +dh-file=/etc/matrix-__APP__/dh.pem no-sslv2 -no-sslv3 \ No newline at end of file +no-sslv3 +no-udp +no-tcp + +log-file=/var/log/matrix-__APP__/turnserver.log +pidfile="/var/run/coturn-__APP__/turnserver.pid" diff --git a/conf/virtualenv_activate b/conf/virtualenv_activate index ae3c5b2..df0ab76 100644 --- a/conf/virtualenv_activate +++ b/conf/virtualenv_activate @@ -40,7 +40,7 @@ deactivate () { # unset irrelevant variables deactivate nondestructive -VIRTUAL_ENV="/opt/yunohost/matrix-synapse" +VIRTUAL_ENV="__FINAL_PATH__" export VIRTUAL_ENV _OLD_VIRTUAL_PATH="$PATH" diff --git a/manifest.json b/manifest.json index 5103d38..c710677 100644 --- a/manifest.json +++ b/manifest.json @@ -3,20 +3,20 @@ "id": "synapse", "packaging_format": 1, "requirements": { - "yunohost": ">= 2.7.2" + "yunohost": ">= 2.7.9" }, "description": { "en": "Instant messaging server who use matrix", "fr": "Un serveur de messagerie instantané basé sur matrix" }, - "version": "0.26.0", + "version": "0.26.0~ynh1", "url": "http://matrix.org", "license": "Apache-2.0", "maintainer": { "name": "Josué Tille", "email": "josue@tille.ch" }, - "multi_instance": false, + "multi_instance": true, "services": [ "nginx" ], diff --git a/scripts/_common.sh b/scripts/_common.sh index f06ae36..e69de29 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,205 +0,0 @@ -#!/bin/bash - -# Retrieve arguments -app=$YNH_APP_INSTANCE_NAME -synapse_user="matrix-synapse" -synapse_db_name="matrix_synapse" -synapse_db_user="matrix_synapse" - -get_app_version_from_json() { - manifest_path="../manifest.json" - if [ ! -e "$manifest_path" ]; then - manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place - fi - echo $(grep '\"version\": ' "$manifest_path" | cut -d '"' -f 4) # Retrieve the version number in the manifest file. -} -APP_VERSION=$(get_app_version_from_json) - -install_dependances() { - ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libxml2-dev libxslt1-dev python-lxml libjpeg-dev libpq-dev postgresql acl - pip install --upgrade pip - pip install --upgrade virtualenv -} - -setup_dir() { - # Create empty dir for synapse - mkdir -p /var/lib/matrix-synapse - mkdir -p /var/log/matrix-synapse - mkdir -p /var/log/turnserver - mkdir -p /etc/matrix-synapse/conf.d - mkdir -p $final_path -} - -set_permission() { - # Set permission - chown $synapse_user:root -R $final_path - chown $synapse_user:root -R /var/lib/matrix-synapse - chown $synapse_user:root -R /var/log/matrix-synapse - chown turnserver:root -R /var/log/turnserver - chown $synapse_user:root -R /etc/matrix-synapse - chmod 600 /etc/matrix-synapse/dh.pem -} - -install_source() { - if [ -n "$(uname -m | grep arm)" ] - then - ynh_setup_source $final_path/ "armv7" - else - # Install virtualenv if it don't exist - test -e $final_path/bin || virtualenv -p python2.7 $final_path - - # Install synapse in virtualenv - PS1="" - cp ../conf/virtualenv_activate $final_path/bin/activate - source $final_path/bin/activate - pip install --upgrade pip - pip install --upgrade setuptools - pip install --upgrade cffi ndg-httpsclient psycopg2 lxml - pip install --upgrade https://github.com/matrix-org/synapse/archive/v$APP_VERSION.tar.gz - - # Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29 - test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\ - pip uninstall -y msgpack-python msgpack; \ - pip install msgpack-python) - - deactivate - fi -} - -config_nginx() { - cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf - - ynh_replace_string __PATH__ $path /etc/nginx/conf.d/$domain.d/$app.conf - ynh_replace_string __PORT__ $synapse_port /etc/nginx/conf.d/$domain.d/$app.conf - - systemctl reload nginx.service -} - -config_synapse() { - cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml - cp ../conf/log.yaml /etc/matrix-synapse/log.yaml - - ynh_replace_string __DOMAIN__ $domain /etc/matrix-synapse/homeserver.yaml - ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-synapse/homeserver.yaml - ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-synapse/homeserver.yaml - ynh_replace_string __PORT__ $synapse_port /etc/matrix-synapse/homeserver.yaml - ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-synapse/homeserver.yaml - ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-synapse/homeserver.yaml - ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-synapse/homeserver.yaml - - if [ "$is_public" = "0" ] - then - ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-synapse/homeserver.yaml - else - ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-synapse/homeserver.yaml - fi -} - -config_coturn() { - cp ../conf/default_coturn /etc/default/coturn - cp ../conf/turnserver.conf /etc/turnserver.conf - - ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/turnserver.conf - ynh_replace_string __DOMAIN__ $domain /etc/turnserver.conf - ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/turnserver.conf -} - -####### Solve issue https://dev.yunohost.org/issues/1006 - -# Build and install a package from an equivs control file -# -# example: generate an empty control file with `equivs-control`, adjust its -# content and use helper to build and install the package: -# ynh_package_install_from_equivs /path/to/controlfile -# -# usage: ynh_package_install_from_equivs controlfile -# | arg: controlfile - path of the equivs control file -ynh_package_install_from_equivs () { - controlfile=$1 - - # Check if the equivs package is installed. Or install it. - ynh_package_is_installed 'equivs' \ - || ynh_package_install equivs - - # retrieve package information - pkgname=$(grep '^Package: ' $controlfile | cut -d' ' -f 2) # Retrieve the name of the debian package - pkgversion=$(grep '^Version: ' $controlfile | cut -d' ' -f 2) # And its version number - [[ -z "$pkgname" || -z "$pkgversion" ]] \ - && echo "Invalid control file" && exit 1 # Check if this 2 variables aren't empty. - - # Update packages cache - ynh_package_update - - # Build and install the package - TMPDIR=$(mktemp -d) - # Note that the cd executes into a sub shell - # Create a fake deb package with equivs-build and the given control file - # Install the fake package without its dependencies with dpkg - # Install missing dependencies with ynh_package_install - (cp "$controlfile" "${TMPDIR}/control" && cd "$TMPDIR" \ - && equivs-build ./control 1>/dev/null \ - && sudo dpkg --force-depends \ - -i "./${pkgname}_${pkgversion}_all.deb" 2>&1 \ - && ynh_package_install -f) || ynh_die "Unable to install dependencies" - [[ -n "$TMPDIR" ]] && rm -rf $TMPDIR # Remove the temp dir. - - # check if the package is actually installed - ynh_package_is_installed "$pkgname" -} - -# Implement PR : https://github.com/YunoHost/yunohost/pull/392 - -# Use logrotate to manage the logfile -# -# usage: ynh_use_logrotate [logfile] [--non-append] -# | arg: logfile - absolute path of logfile -# | option: --non-append - Replace the config file instead of appending this new config. -# -# If no argument provided, a standard directory will be use. /var/log/${app} -# You can provide a path with the directory only or with the logfile. -# /parentdir/logdir -# /parentdir/logdir/logfile.log -# -# It's possible to use this helper several times, each config will be added to the same logrotate config file. -# Unless you use the option --non-append -ynh_use_logrotate () { - local customtee="tee -a" - if [ $# -gt 0 ] && [ "$1" == "--non-append" ]; then - customtee="tee" - # Destroy this argument for the next command. - shift - elif [ $# -gt 1 ] && [ "$2" == "--non-append" ]; then - customtee="tee" - fi - if [ $# -gt 0 ]; then - if [ "$(echo ${1##*.})" == "log" ]; then # Keep only the extension to check if it's a logfile - logfile=$1 # In this case, focus logrotate on the logfile - else - logfile=$1/*.log # Else, uses the directory and all logfile into it. - fi - else - logfile="/var/log/${app}/*.log" # Without argument, use a defaut directory in /var/log - fi - cat > ./${app}-logrotate << EOF # Build a config file for logrotate -$logfile { - # Rotate if the logfile exceeds 100Mo - size 100M - # Keep 12 old log maximum - rotate 12 - # Compress the logs with gzip - compress - # Compress the log at the next cycle. So keep always 2 non compressed logs - delaycompress - # Copy and truncate the log to allow to continue write on it. Instead of move the log. - copytruncate - # Do not do an error if the log is missing - missingok - # Not rotate if the log is empty - notifempty - # Keep old logs in the same dir - noolddir -} -EOF - sudo mkdir -p $(dirname "$logfile") # Create the log directory, if not exist - cat ${app}-logrotate | sudo $customtee /etc/logrotate.d/$app > /dev/null # Append this config to the existing config file, or replace the whole config file (depending on $customtee) -} diff --git a/scripts/backup b/scripts/backup index eed32e8..5f2b2f0 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,42 +1,88 @@ #!/bin/bash -# Source YunoHost helpers +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + source /usr/share/yunohost/helpers # Stop script if errors ynh_abort_if_errors # Import common cmd -source ../settings/scripts/_common.sh source ../settings/scripts/psql.sh +source ../settings/scripts/experimental_helper.sh +source ../settings/scripts/_common.sh + +#================================================= +# SET ALL CONSTANT +#================================================= + +app=$YNH_APP_INSTANCE_NAME +synapse_user="matrix-$app" +synapse_db_name="matrix_$app" +synapse_db_user="matrix_$app" +upstream_version=$(ynh_app_upstream_version) + +#================================================= +# LOAD SETTINGS +#================================================= -# Retrieve arguments domain=$(ynh_app_setting_get $app special_domain) -final_path="/opt/yunohost/matrix-synapse" +final_path=$(ynh_app_setting_get $app final_path) -# Copy Nginx config -ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" +#================================================= +# STANDARD BACKUP STEPS +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= -# Backup synapse config -ynh_backup "/etc/matrix-synapse" "synapse_config" +ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" -# Backup coturn server -ynh_backup "/etc/turnserver.conf" "coturn_config" -ynh_backup "/etc/default/coturn" "coturn_config_default" +#================================================= +# BACKUP SYNAPSE CONFIG +#================================================= -# Backup synapse database -ynh_backup "/var/lib/matrix-synapse" "data" 1 +ynh_backup "/etc/matrix-$app" -# Backup Postgresql database -sudo su -c "pg_dump $synapse_db_name" postgres > ${YNH_CWD}/dump.sql +#================================================= +# BACKUP COTURN CONFIG +#================================================= -# Copy the logs -ynh_backup "/var/log/matrix-synapse" "log" -ynh_backup "/var/log/turnserver" "log_turnserver" +ynh_backup "/etc/turnserver.conf" +ynh_backup "/etc/default/coturn" -# Backup systemd service -ynh_backup "/etc/default/matrix-synapse" -ynh_backup "/etc/systemd/system/matrix-synapse.service" +#================================================= +# BACKUP SYSTEMD +#================================================= -# Backup synapse binary -ynh_backup "$final_path" "bin" \ No newline at end of file +ynh_backup "/etc/default/matrix-$app" +ynh_backup "/etc/systemd/system/matrix-$app.service" +ynh_backup "/etc/default/coturn-$app" +ynh_backup "/etc/systemd/system/coturn-$app.service" + +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= + +ynh_backup "$final_path" "bin" + +#================================================= +# BACKUP SYNAPSE DATA +#================================================= + +ynh_backup "/var/lib/matrix-$app" "data" 1 + +#================================================= +# BACKUP THE POSTGRESQL DATABASE +#================================================= + +ynh_psql_dump_db "$synapse_db_name" > ${YNH_CWD}/dump.sql + +#================================================= +# BACKUP SYNAPSE LOG +#================================================= + +ynh_backup "/var/log/matrix-$app" \ No newline at end of file diff --git a/scripts/experimental_helper.sh b/scripts/experimental_helper.sh new file mode 100644 index 0000000..c53defa --- /dev/null +++ b/scripts/experimental_helper.sh @@ -0,0 +1,184 @@ +# Read the value of a key in a ynh manifest file +# +# usage: ynh_read_manifest manifest key +# | arg: manifest - Path of the manifest to read +# | arg: key - Name of the key to find +ynh_read_manifest () { + manifest="$1" + key="$2" + python3 -c "import sys, json;print(json.load(open('$manifest'))['$key'])" +} + +# Read the upstream version from the manifest +# this include the number before ~ynh +# +# usage: ynh_app_upstream_version +ynh_app_upstream_version () { + manifest_path="../manifest.json" + if [ ! -e "$manifest_path" ]; then + manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place + fi + version_key=$(ynh_read_manifest "$manifest_path" "version") + echo "${version_key/~ynh*/}" +} + +# Read package version from the manifest +# this include the number after ~ynh +# +# usage: ynh_app_package_version +ynh_app_package_version () { + manifest_path="../manifest.json" + if [ ! -e "$manifest_path" ]; then + manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place + fi + version_key=$(ynh_read_manifest "$manifest_path" "version") + echo "${version_key/*~ynh/}" +} + +####### Solve issue https://dev.yunohost.org/issues/1006 + +# Build and install a package from an equivs control file +# +# example: generate an empty control file with `equivs-control`, adjust its +# content and use helper to build and install the package: +# ynh_package_install_from_equivs /path/to/controlfile +# +# usage: ynh_package_install_from_equivs controlfile +# | arg: controlfile - path of the equivs control file +ynh_package_install_from_equivs () { + controlfile=$1 + + # Check if the equivs package is installed. Or install it. + ynh_package_is_installed 'equivs' \ + || ynh_package_install equivs + + # retrieve package information + pkgname=$(grep '^Package: ' $controlfile | cut -d' ' -f 2) # Retrieve the name of the debian package + pkgversion=$(grep '^Version: ' $controlfile | cut -d' ' -f 2) # And its version number + [[ -z "$pkgname" || -z "$pkgversion" ]] \ + && echo "Invalid control file" && exit 1 # Check if this 2 variables aren't empty. + + # Update packages cache + ynh_package_update + + # Build and install the package + TMPDIR=$(mktemp -d) + # Note that the cd executes into a sub shell + # Create a fake deb package with equivs-build and the given control file + # Install the fake package without its dependencies with dpkg + # Install missing dependencies with ynh_package_install + (cp "$controlfile" "${TMPDIR}/control" && cd "$TMPDIR" \ + && equivs-build ./control 1>/dev/null \ + && sudo dpkg --force-depends \ + -i "./${pkgname}_${pkgversion}_all.deb" 2>&1 \ + && ynh_package_install -f) || ynh_die "Unable to install dependencies" + [[ -n "$TMPDIR" ]] && rm -rf $TMPDIR # Remove the temp dir. + + # check if the package is actually installed + ynh_package_is_installed "$pkgname" +} + +# Start or restart a service and follow its booting +# +# usage: ynh_check_starting "Line to match" [Log file] [Timeout] [Service name] +# +# | arg: Line to match - The line to find in the log to attest the service have finished to boot. +# | arg: Log file - The log file to watch +# | arg: Service name +# /var/log/$app/$app.log will be used if no other log is defined. +# | arg: Timeout - The maximum time to wait before ending the watching. Defaut 300 seconds. +ynh_check_starting () { + local line_to_match="$1" + local service_name="${4:-$app}" + local app_log="${2:-/var/log/$service_name/$service_name.log}" + local timeout=${3:-300} + + ynh_clean_check_starting () { + # Stop the execution of tail. + kill -s 15 $pid_tail 2>&1 + ynh_secure_remove "$templog" 2>&1 + } + + echo "Starting of $service_name" >&2 + systemctl restart $service_name + local templog="$(mktemp)" + # Following the starting of the app in its log + tail -F -n1 "$app_log" > "$templog" & + # Get the PID of the tail command + local pid_tail=$! + + local i=0 + for i in `seq 1 $timeout` + do + # Read the log until the sentence is found, that means the app finished to start. Or run until the timeout + if grep --quiet "$line_to_match" "$templog" + then + echo "The service $service_name has correctly started." >&2 + break + fi + echo -n "." >&2 + sleep 1 + done + if [ $i -eq $timeout ] + then + echo "The service $service_name didn't fully started before the timeout." >&2 + fi + + echo "" + ynh_clean_check_starting +} + +# Create a dedicated systemd config +# +# usage: ynh_add_systemd_config [Service name] [Source file] +# | arg: Service name +# | arg: Systemd source file (for example appname.service) +# +# This will use a template in ../conf/systemd.service +# and will replace the following keywords with +# global variables that should be defined before calling +# this helper : +# +# __APP__ by $app +# __FINALPATH__ by $final_path +# +# usage: ynh_add_systemd_config +ynh_add_systemd_config () { + local service_name="${1:-$app}" + + finalsystemdconf="/etc/systemd/system/$service_name.service" + ynh_backup_if_checksum_is_different "$finalsystemdconf" + sudo cp ../conf/${2:-systemd.service} "$finalsystemdconf" + + # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. + # Substitute in a nginx config file only if the variable is not empty + if test -n "${final_path:-}"; then + ynh_replace_string "__FINALPATH__" "$final_path" "$finalsystemdconf" + fi + if test -n "${app:-}"; then + ynh_replace_string "__APP__" "$app" "$finalsystemdconf" + fi + ynh_store_file_checksum "$finalsystemdconf" + + sudo chown root: "$finalsystemdconf" + sudo systemctl enable $service_name + sudo systemctl daemon-reload +} + +# Remove the dedicated systemd config +# +# usage: ynh_remove_systemd_config [Service name] +# | arg: Service name +# +# usage: ynh_remove_systemd_config +ynh_remove_systemd_config () { + local service_name="${1:-$app}" + + local finalsystemdconf="/etc/systemd/system/$service_name.service" + if [ -e "$finalsystemdconf" ]; then + sudo systemctl stop $service_name + sudo systemctl disable $service_name + ynh_secure_remove "$finalsystemdconf" + sudo systemctl daemon-reload + fi +} diff --git a/scripts/install b/scripts/install index 0332f6b..e55de83 100644 --- a/scripts/install +++ b/scripts/install @@ -1,104 +1,301 @@ #!/bin/bash -# Source YunoHost helpers +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + source /usr/share/yunohost/helpers -source ./psql.sh # Stop script if errors ynh_abort_if_errors -# Import common cmd +# Import common fonctions +source ./psql.sh +source ./experimental_helper.sh source ./_common.sh -# Retrieve arguments +#================================================= +# SET ALL CONSTANT +#================================================= + +app=$YNH_APP_INSTANCE_NAME +synapse_user="matrix-$app" +synapse_db_name="matrix_$app" +synapse_db_user="matrix_$app" +upstream_version=$(ynh_app_upstream_version) + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= + domain=$YNH_APP_ARG_DOMAIN is_public=$YNH_APP_ARG_IS_PUBLIC -path="/_matrix" -final_path="/opt/yunohost/matrix-synapse" +path_url="/_matrix" +final_path="/opt/yunohost/matrix-$app" -# Check domain/path availability -test $(ynh_webpath_available $domain $path) == 'True' || ynh_die "$domain$path is not available, please use an other domain." +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= + +ynh_webpath_available $domain $path_url || ynh_die "$domain is not available as domain, please use an other domain." +test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die "$domain is not available as domain, please use an other domain." # Check Final Path availability test ! -e "$final_path" || ynh_die "This path already contains a folder" -# Ouvre le port dans le firewall -synapse_tls_port=$(ynh_find_port 8448) -synapse_port=$(ynh_find_port 8008) -turnserver_tls_port=$(ynh_find_port 5349) +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= -yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1 -yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1 - -# Make dh cert for synapse if it not exist -test ! -e /etc/matrix-synapse/dh.pem && \ - mkdir -p /etc/matrix-synapse && \ - openssl dhparam -out /etc/matrix-synapse/dh.pem 2048 > /dev/null - -# Find password for turnserver and database -turnserver_pwd=$(ynh_string_random 30) -synapse_db_pwd=$(ynh_string_random 30) - -# Enregistre les infos dans la config YunoHost +# For the domain and the path we can't use the standard keys "domain" and "path" with the standard function ynh_webpath_register because it create automatically a button on the user pannel. +# The idea is to create a custom key (specia_domain and special_path instead of domain and key). +# By this the ssowatconf fonction don't create a button on the pannel. +# This hack solve the issue : https://github.com/YunoHost-Apps/synapse_ynh/issues/14 ynh_app_setting_set $app special_domain $domain -ynh_app_setting_set $app special_path $path +ynh_app_setting_set $app special_path $path_url ynh_app_setting_set $app final_path $final_path -ynh_app_setting_set $app synapse_version $APP_VERSION -ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd +ynh_app_setting_set $app synapse_version $upstream_version ynh_app_setting_set $app is_public $is_public -ynh_app_setting_set $app synapse_port $synapse_port + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# FIND AND OPEN A PORT +#================================================= + +# Find a free port +synapse_tls_port=$(ynh_find_port 8448) +port=$(ynh_find_port 8008) +turnserver_tls_port=$(ynh_find_port 5349) +turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1))) +cli_port=$(ynh_find_port 5766) + +# Open this port +yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1 +yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1 +yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 + +# Store opened ports +ynh_app_setting_set $app synapse_port $port ynh_app_setting_set $app synapse_tls_port $synapse_tls_port ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port -ynh_app_setting_set $app turnserver_pwd $turnserver_pwd +ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port +ynh_app_setting_set $app cli_port $cli_port -# Install all dependances -install_dependances +#================================================= +# CREATE A DH FILE +#================================================= -# Create user -ynh_system_user_create $synapse_user /var/lib/matrix-synapse +# Make dh cert for synapse if it not exist +test ! -e /etc/matrix-$app/dh.pem && \ + mkdir -p /etc/matrix-$app && \ + openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null + +#================================================= +# INSTALL DEPENDENCIES +#================================================= + +# WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE +# For any update do it in all files +ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libxml2-dev libxslt1-dev python-lxml libjpeg-dev libpq-dev postgresql acl +pip install --upgrade pip +pip install --upgrade virtualenv + +#================================================= +# CREATE DEDICATED USER +#================================================= + +ynh_system_user_create $synapse_user /var/lib/matrix-$app adduser $synapse_user ssl-cert adduser turnserver ssl-cert +#================================================= +# CREATE A POSTGRESQL DATABASE +#================================================= + +synapse_db_pwd=$(ynh_string_random 30) +ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd + # Create postgresql database ynh_psql_test_if_first_run ynh_psql_create_user $synapse_db_user $synapse_db_pwd ynh_psql_execute_as_root \ "CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" -# Create directory and Install synapse in virtualenv -setup_dir -install_source +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= -# Open access to server without a button the home -cp ../conf/add_sso_conf.py $final_path -cp ../conf/remove_sso_conf.py $final_path -python $final_path/add_sso_conf.py +# Create empty dir for synapse -# Create systemd service -cp ../conf/default_matrix-synapse /etc/default/matrix-synapse -cp ../conf/matrix-synapse.service /etc/systemd/system/ -systemctl daemon-reload -systemctl enable matrix-synapse.service +# WARRNING : theses command are used in INSTALL, UPGRADE +# For any update do it in all files +mkdir -p /var/lib/matrix-$app +mkdir -p /var/log/matrix-$app +mkdir -p /etc/matrix-$app/conf.d +mkdir -p $final_path -# Config nginx -config_nginx +# Install synapse in virtualenv + +# WARRNING : theses command are used in INSTALL, UPGRADE (2 times) +# For any update do it in all files +if [ -n "$(uname -m | grep arm)" ] +then + ynh_setup_source $final_path/ "armv7" +else + # Install virtualenv if it don't exist + test -e $final_path/bin || virtualenv -p python2.7 $final_path + + # Install synapse in virtualenv + PS1="" + cp ../conf/virtualenv_activate $final_path/bin/activate + ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate + + # We set all necessary environement variable to create a python virtualenvironnement. + source $final_path/bin/activate + pip install --upgrade pip + pip install --upgrade setuptools + pip install --upgrade cffi ndg-httpsclient psycopg2 lxml + + # Download and check the checksum for the synapse source + src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-) + src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-) + + wget -nv -O synapse_source.tar.gz "$src_url" + echo "${src_sum} synapse_source.tar.gz" | sha256sum -c --status \ + || ynh_die "Corrupt source" + pip install --upgrade synapse_source.tar.gz + + # Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29 + test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\ + pip uninstall -y msgpack-python msgpack; \ + pip install msgpack-python) + + # This fonction was defined while we call "source $final_path/bin/activate". By this fonction de undo what does "$final_path/bin/activate" + deactivate +fi + +#================================================= +# SETUP SYSTEMD +#================================================= + +# Create systemd service for synapse and turnserver +cp ../conf/default_matrix-synapse /etc/default/matrix-$app +ynh_add_systemd_config matrix-$app matrix-synapse.service + +cp ../conf/default_coturn /etc/default/coturn-$app +ynh_add_systemd_config coturn-$app coturn-synapse.service + +#================================================= +# NGINX CONFIGURATION +#================================================= + +ynh_add_nginx_config + +#================================================= +# SET SYNAPSE CONFIG +#================================================= + +# Find password for turnserver and database +turnserver_pwd=$(ynh_string_random 30) +ynh_app_setting_set $app turnserver_pwd $turnserver_pwd # Configure Synapse -config_synapse -# Configure Coturn -config_coturn +# WARRNING : theses command are used in INSTALL, UPGRADE (2 times) +# For any update do it in all files -# Configuration de logrotate -ynh_use_logrotate /var/log/matrix-synapse -ynh_use_logrotate /var/log/turnserver +homeserver_config_path="/etc/matrix-$app/homeserver.yaml" -# Set Permission for all directory -set_permission +cp ../conf/homeserver.yaml "$homeserver_config_path" +cp ../conf/log.yaml /etc/matrix-$app/log.yaml -# register yunohost service -yunohost service add matrix-synapse +ynh_replace_string __APP__ $app "$homeserver_config_path" +ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path" +ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path" +ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path" +ynh_replace_string __PORT__ $port "$homeserver_config_path" +ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path" +ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path" +ynh_replace_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path" -# Recharge la configuration Nginx -systemctl restart matrix-synapse.service -systemctl restart coturn.service +ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml" + +if [ "$is_public" = "0" ] +then + ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path" +else + ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path" +fi + +ynh_store_file_checksum "$homeserver_config_path" +ynh_store_file_checksum "/etc/matrix-$app/log.yaml" + +#================================================= +# SET COTURN CONFIG +#================================================= + +# WARRNING : theses command are used in INSTALL, UPGRADE +# For any update do it in all files + +coturn_config_path="/etc/matrix-$app/coturn.conf" + +cp ../conf/turnserver.conf "$coturn_config_path" + +ynh_replace_string __APP__ $app "$coturn_config_path" +ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path" +ynh_replace_string __DOMAIN__ $domain "$coturn_config_path" +ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path" +ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path" +ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path" + +ynh_store_file_checksum "$coturn_config_path" + +#================================================= +# SETUP LOGROTATE +#================================================= + +ynh_use_logrotate /var/log/matrix-$app + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SETUP SSOWAT +#================================================= + +# Open access to server without a button the home +# The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls". +cp ../conf/add_sso_conf.py $final_path +cp ../conf/remove_sso_conf.py $final_path +python $final_path/add_sso_conf.py || ynh_die "Your file /etc/ssowat/conf.json.persistent don't respect the json synaxe. Please fix the synaxe to install this app. For more information see here : https://github.com/YunoHost-Apps/synapse_ynh/issues/32" + +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# WARRNING : theses command are used in INSTALL, UPGRADE (2 times), RESTORE +# For any update do it in all files +chown $synapse_user:root -R $final_path +chown $synapse_user:root -R /var/lib/matrix-$app +chown $synapse_user:root -R /var/log/matrix-$app +chown $synapse_user:root -R /etc/matrix-$app +chmod u=rwX,g=rX,o= -R /etc/matrix-$app +chmod 600 /etc/matrix-$app/dh.pem +setfacl -R -m user:turnserver:rX /etc/matrix-$app +setfacl -R -m user:turnserver:rwX /var/log/matrix-$app + +#================================================= +# ADVERTISE SERVICE IN ADMIN PANEL +#================================================= + +yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log" +yunohost service add coturn-$app + +#================================================= +# RELOAD SERVICES +#================================================= + +systemctl restart coturn-$app.service +ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app" diff --git a/scripts/psql.sh b/scripts/psql.sh index 9789a29..286e60f 100644 --- a/scripts/psql.sh +++ b/scripts/psql.sh @@ -117,7 +117,6 @@ ynh_psql_drop_user() { su --command="dropuser \"${user}\"" postgres } - ynh_psql_test_if_first_run() { if [ -f /etc/yunohost/psql ]; then diff --git a/scripts/remove b/scripts/remove index 108e09f..9261541 100755 --- a/scripts/remove +++ b/scripts/remove @@ -1,73 +1,115 @@ #!/bin/bash -# Source YunoHost helpers -source /usr/share/yunohost/helpers -source ./psql.sh +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Stop script if errors -set -u +source /usr/share/yunohost/helpers # Import common cmd +source ./psql.sh +source ./experimental_helper.sh source ./_common.sh -# Retrieve app settings +#================================================= +# SET ALL CONSTANT +#================================================= + +app=$YNH_APP_INSTANCE_NAME +synapse_user="matrix-$app" +synapse_db_name="matrix_$app" +synapse_db_user="matrix_$app" +upstream_version=$(ynh_app_upstream_version) + +#================================================= +# LOAD SETTINGS +#================================================= + domain=$(ynh_app_setting_get $app special_domain) final_path=$(ynh_app_setting_get $app final_path) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) +turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port) -systemctl stop matrix-synapse.service || true -systemctl stop coturn.service || true +#================================================= +# STANDARD REMOVE +#================================================= +# STOP AND REMOVE SERVICE +#================================================= -# Suppression de la configuration nginx -ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf" -systemctl reload nginx.service +ynh_remove_systemd_config matrix-$app +ynh_remove_systemd_config coturn-$app + +#================================================= +# CLOSE A PORT +#================================================= -# Close firewall ports closeport() { + local port=$1 if yunohost firewall list | grep -q "\- $port$" then echo "Close port $port" - yunohost firewall disallow TCP $port > /dev/null + yunohost firewall disallow Both $port > /dev/null fi } -port=$synapse_tls_port -closeport -port=$turnserver_tls_port -closeport +closeport $synapse_tls_port +closeport $turnserver_tls_port +closeport $turnserver_alt_tls_port + +#================================================= +# SETUP SSOWAT +#================================================= # Remove the skipped url python $final_path/remove_sso_conf.py -# Remove depandance -ynh_remove_app_dependencies || true +#================================================= +# REMOVE DEPENDENCIES +#================================================= + +ynh_remove_app_dependencies + +#================================================= +# REMOVE APP DIR +#================================================= -# Clean all directory ynh_secure_remove $final_path -ynh_secure_remove /var/lib/matrix-synapse -ynh_secure_remove /var/log/matrix-synapse -ynh_secure_remove /var/log/turnserver -ynh_secure_remove /etc/matrix-synapse -ynh_secure_remove /etc/default/matrix-synapse +ynh_secure_remove /var/lib/matrix-$app +ynh_secure_remove /var/log/matrix-$app +ynh_secure_remove /etc/matrix-$app +ynh_secure_remove /etc/default/matrix-$app +ynh_secure_remove /etc/default/coturn-$app -# Remove systemd service -systemctl disable matrix-synapse.service -ynh_secure_remove /etc/systemd/system/matrix-synapse.service -systemctl daemon-reload +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= + +ynh_remove_nginx_config + +#================================================= +# REMOVE THE POSTGRESQL DATABASE +#================================================= -# Remove database and user ynh_psql_remove_db $synapse_db_name $synapse_db_user -# Remove user -ynh_system_user_delete matrix-synapse +#================================================= +# REMOVE DEDICATED USER +#================================================= + +ynh_system_user_delete $synapse_user + +#================================================= +# REMOVE LOGROTATE CONFIGURATION +#================================================= -# Remove logrotate ynh_remove_logrotate -# Remove Monitoring -yunohost service remove matrix-synapse - -# Reload nginx -systemctl reload nginx.service +#================================================= +# REMOVE SERVICE FROM ADMIN PANEL +#================================================= +yunohost service remove matrix-$app +yunohost service remove coturn-$app diff --git a/scripts/restore b/scripts/restore index 8b2b0a2..1c79f96 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,48 +1,99 @@ #!/bin/bash -# Source YunoHost helpers +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + source /usr/share/yunohost/helpers # Stop script if errors ynh_abort_if_errors # Import common cmd -source ../settings/scripts/_common.sh source ../settings/scripts/psql.sh +source ../settings/scripts/experimental_helper.sh +source ../settings/scripts/_common.sh + +#================================================= +# SET ALL CONSTANT +#================================================= + +app=$YNH_APP_INSTANCE_NAME +synapse_user="matrix-$app" +synapse_db_name="matrix_$app" +synapse_db_user="matrix_$app" +upstream_version=$(ynh_app_upstream_version) + +#================================================= +# LOAD SETTINGS +#================================================= -# Retrieve arguments domain=$(ynh_app_setting_get $app special_domain) -path=$(ynh_app_setting_get $app special_path) +path_url=$(ynh_app_setting_get $app special_path) final_path=$(ynh_app_setting_get $app final_path) synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd) -is_public=$(ynh_app_setting_get $app is_public) -synapse_port=$(ynh_app_setting_get $app synapse_port) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) -turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd) +turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port) -# Check domain/path availability -ynh_webpath_available $domain $path || ynh_die "$domain/$path is not available, please use an other domain." +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= -# Ouvre le port dans le firewall -yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1 -yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1 +ynh_webpath_available $domain $path_url || ynh_die "$domain/$path_url is not available, please use an other domain." -# Install all dependances -install_dependances - -# Create user -ynh_system_user_create $synapse_user /var/lib/matrix-synapse -adduser $synapse_user ssl-cert -adduser turnserver ssl-cert +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE ALL FILES +#================================================= # Restore all config and data ynh_restore -# Open access to server without a button the home -python $final_path/add_sso_conf.py +#================================================= +# REINSTALL DEPENDENCIES +#================================================= + +# WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE +# For any update do it in all files +ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libxml2-dev libxslt1-dev python-lxml libjpeg-dev libpq-dev postgresql acl +pip install --upgrade pip +pip install --upgrade virtualenv + +#================================================= +# RECREATE THE DEDICATED USER +#================================================= + +ynh_system_user_create $synapse_user /var/lib/matrix-$app +adduser $synapse_user ssl-cert +adduser turnserver ssl-cert + +#================================================= +# SPECIFIC RESTORATION +#================================================= +# OPEN THE PORT +#================================================= + +# Ouvre le port dans le firewall +yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1 +yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1 +yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 + +#================================================= +# SETUP SSOWAT +#================================================= + +# Open access to server without a button the home +# The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls". +python $final_path/add_sso_conf.py || ynh_die "Your file /etc/ssowat/conf.json.persistent don't respect the json synaxe. Please fix the synaxe to install this app. For more information see here : https://github.com/YunoHost-Apps/synapse_ynh/issues/32" + +#================================================= +# RESTORE THE POSTGRESQL DATABASE +#================================================= -# Restore postgresql database ynh_psql_test_if_first_run ynh_psql_create_user $synapse_db_user $synapse_db_pwd ynh_psql_execute_as_root \ @@ -52,23 +103,49 @@ ynh_psql_execute_as_root \ LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" -su -c "psql $synapse_db_name" postgres < ${YNH_CWD}/dump.sql +ynh_psql_execute_file_as_root "${YNH_CWD}/dump.sql" "$synapse_db_name" + +#================================================= +# RESTORE SYSTEMD +#================================================= -# Enable systemd service systemctl daemon-reload -systemctl enable matrix-synapse.service +systemctl enable matrix-$app.service -# Configuration de logrotate -ynh_use_logrotate /var/log/matrix-synapse -ynh_use_logrotate /var/log/turnserver +#================================================= +# SETUP LOGROTATE +#================================================= -# Set the permission -set_permission +ynh_use_logrotate /var/log/matrix-$app -# register yunohost service -yunohost service add matrix-synapse +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE +# For any update do it in all files +chown $synapse_user:root -R $final_path +chown $synapse_user:root -R /var/lib/matrix-$app +chown $synapse_user:root -R /var/log/matrix-$app +chown $synapse_user:root -R /etc/matrix-$app +chmod u=rwX,g=rX,o= -R /etc/matrix-$app +chmod 600 /etc/matrix-$app/dh.pem +setfacl -R -m user:turnserver:rX /etc/matrix-$app +setfacl -R -m user:turnserver:rwX /var/log/matrix-$app + +#================================================= +# ADVERTISE SERVICE IN ADMIN PANEL +#================================================= + +yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log" +yunohost service add coturn-$app + +#================================================= +# RELOAD NGINX, SYNAPSE AND COTURN +#================================================= -# Reload webserver systemctl reload nginx.service -systemctl restart matrix-synapse.service -systemctl restart coturn.service +systemctl restart coturn-$app.service +ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app" diff --git a/scripts/upgrade b/scripts/upgrade index 00526aa..9d552ce 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,26 +1,51 @@ #!/bin/bash -# Source YunoHost helpers +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + source /usr/share/yunohost/helpers -source ./psql.sh # Stop script if errors ynh_abort_if_errors # Import common cmd +source ./psql.sh +source ./experimental_helper.sh source ./_common.sh -# Retrieve arguments +#================================================= +# SET ALL CONSTANT +#================================================= + +app=$YNH_APP_INSTANCE_NAME +synapse_user="matrix-$app" +synapse_db_name="matrix_$app" +synapse_db_user="matrix_$app" +upstream_version=$(ynh_app_upstream_version) + +#================================================= +# LOAD SETTINGS +#================================================= + domain=$(ynh_app_setting_get $app special_domain) -path=$(ynh_app_setting_get $app special_path) +path_url=$(ynh_app_setting_get $app special_path) final_path=$(ynh_app_setting_get $app final_path) synapse_old_version=$(ynh_app_setting_get $app synapse_version) synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd) is_public=$(ynh_app_setting_get $app is_public) -synapse_port=$(ynh_app_setting_get $app synapse_port) +port=$(ynh_app_setting_get $app synapse_port) synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) +turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port) turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd) +cli_port=$(ynh_app_setting_get $app cli_port) + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= # To be sure that the migration is sucessfull we check that the old synapse version is compatible with the synapse_port_db script. if [[ -z $synapse_old_version ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.25") != 1 ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.26") != 1 ]] @@ -28,8 +53,14 @@ then ynh_die "Update from this synapse version is not available now. You need to wait for the next update." fi -systemctl stop matrix-synapse.service +#================================================= +# BACKUP BEFORE UPGRADE +#================================================= +# We stop the service before to set ynh_clean_setup +systemctl stop matrix-$app.service + +# Backup the current version of the app if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]] then ynh_backup_before_upgrade @@ -38,124 +69,342 @@ then } fi -ynh_abort_if_errors +#================================================= +# UPGRADE FROM DIFFERENTS PACKAGE EVOLUTION +#================================================= +# MIGRATION 1 : UPGRADE FROM OLD PACKAGE VERSION +# DEBIAN PACKAGE-> PYTHON VIRTUALENVIRONNEMENT +# SQLITE -> POSTGRESQL +# PART NO 1 +#================================================= +# Actually this package use pythonvirtualenvironnement. The old package used the debian package. So if the app is not already migrated from the old package version we need to migrade the app from the debian package to a python virtualenvironnement. In the same time the package migrated from sqlite to postgresql for the database. So we do these both things in the same time. if [[ -z $synapse_old_version ]] then - ## We move from debian package to new package with python virtualenv - # Change settings - path="/_matrix" - domain=$(ynh_app_setting_get $app domain) - final_path="/opt/yunohost/matrix-synapse" - ynh_app_setting_set $app special_domain $domain - ynh_app_setting_set $app special_path $path - ynh_app_setting_set $app final_path $final_path - ynh_app_setting_delete $app domain - ynh_app_setting_delete $app path - ynh_app_setting_delete $app skipped_uris + #================================================= + # UPDATE SETTINGS + #================================================= - # Remove old package and add new package as dependance - ynh_secure_remove /etc/apt/sources.list.d/matrix.list - ynh_package_autoremove --purge matrix-synapse python-matrix-synapse-ldap3 || true + path_url="/_matrix" + domain=$(ynh_app_setting_get $app domain) + final_path="/opt/yunohost/matrix-synapse" + ynh_app_setting_set $app special_domain $domain + ynh_app_setting_set $app special_path $path_url + ynh_app_setting_set $app final_path $final_path + ynh_app_setting_delete $app domain + ynh_app_setting_delete $app path + ynh_app_setting_delete $app skipped_uris - # If we don't remove these line in dpkg config, dpkg fail on every new package install - sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/lib/matrix-synapse\n@@g' /var/lib/dpkg/statoverride - sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/log/matrix-synapse\n@@g' /var/lib/dpkg/statoverride - sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /etc/matrix-synapse\n@@g' /var/lib/dpkg/statoverride + #================================================= + # REMOVE OLD DEPENDDANCE + #================================================= - # add new package as dependance and install dependance - install_dependances + ynh_secure_remove /etc/apt/sources.list.d/matrix.list + ynh_package_autoremove --purge matrix-synapse python-matrix-synapse-ldap3 || true - # Create directory Install synapse in virtualenv - setup_dir || true # If the dir aready exist the command could fail - install_source - cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-synapse/dh.pem - set_permission + # If we don't remove these line in dpkg config, dpkg fail on every new package install + sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/lib/matrix-synapse\n@@g' /var/lib/dpkg/statoverride + sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/log/matrix-synapse\n@@g' /var/lib/dpkg/statoverride + sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /etc/matrix-synapse\n@@g' /var/lib/dpkg/statoverride - # Open access to server without a button the home - cp ../conf/add_sso_conf.py $final_path - cp ../conf/remove_sso_conf.py $final_path - python $final_path/add_sso_conf.py || echo "Error while sso config, please add '/_matrix' in /etc/ssowat/conf.json.persistent" + #================================================= + # INSTALL NEW DEPENDENCIES + #================================================= - # Create user - ynh_system_user_create $synapse_user /var/lib/matrix-synapse + # add new package as dependance and install dependance + # WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE + # For any update do it in all files + ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libxml2-dev libxslt1-dev python-lxml libjpeg-dev libpq-dev postgresql acl + pip install --upgrade pip + pip install --upgrade virtualenv + + #================================================= + # CREATE A POSTGRESQL DATABASE + #================================================= + + synapse_db_pwd=$(ynh_string_random 30) + ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd + + # Create postgresql database + ynh_psql_test_if_first_run + ynh_psql_create_user $synapse_db_user $synapse_db_pwd + ynh_psql_execute_as_root \ + "CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" + + #================================================= + # CREATE EMPTY DIR FOR SYNAPSE + #================================================= + + # WARRNING : theses command are used in INSTALL, UPGRADE + # For any update do it in all files + mkdir -p /var/lib/matrix-$app + mkdir -p /var/log/matrix-$app + mkdir -p /etc/matrix-$app/conf.d + mkdir -p $final_path +fi + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +# Install/upgrade synapse in virtualenv + +# WARRNING : theses command are used in INSTALL, UPGRADE +# For any update do it in all files + +if [ -n "$(uname -m | grep arm)" ] +then + ynh_setup_source $final_path/ "armv7" +else + # Install virtualenv if it don't exist + test -e $final_path/bin || virtualenv -p python2.7 $final_path + + # Install synapse in virtualenv + PS1="" + cp ../conf/virtualenv_activate $final_path/bin/activate + ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate + + # We set all necessary environement variable to create a python virtualenvironnement. + source $final_path/bin/activate + pip install --upgrade pip + pip install --upgrade setuptools + pip install --upgrade cffi ndg-httpsclient psycopg2 lxml + + # Download and check the checksum for the synapse source + src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-) + src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-) + + wget -nv -O synapse_source.tar.gz "$src_url" + echo "${src_sum} synapse_source.tar.gz" | sha256sum -c --status \ + || ynh_die "Corrupt source" + pip install --upgrade synapse_source.tar.gz + + # Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29 + test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\ + pip uninstall -y msgpack-python msgpack; \ + pip install msgpack-python) + + # This fonction was defined while we call "source $final_path/bin/activate". By this fonction de undo what does "$final_path/bin/activate" + deactivate +fi + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# UPDATE SYNAPSE CONFIG +#================================================= + +# WARRNING : theses command are used in INSTALL, UPGRADE +# For any update do it in all files + +homeserver_config_path="/etc/matrix-$app/homeserver.yaml" + +cp ../conf/homeserver.yaml "$homeserver_config_path" +cp ../conf/log.yaml /etc/matrix-$app/log.yaml + +ynh_replace_string __APP__ $app "$homeserver_config_path" +ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path" +ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path" +ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path" +ynh_replace_string __PORT__ $port "$homeserver_config_path" +ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path" +ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path" +ynh_replace_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path" + +ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml" + +if [ "$is_public" = "0" ] +then + ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path" +else + ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path" +fi + +ynh_store_file_checksum "$homeserver_config_path" +ynh_store_file_checksum "/etc/matrix-$app/log.yaml" + +#================================================= +# MIGRATION 1 : UPGRADE FROM OLD PACKAGE VERSION +# DEBIAN PACKAGE-> PYTHON VIRTUALENVIRONNEMENT +# SQLITE -> POSTGRESQL +# PART NO 2 +#================================================= + +if [[ -z $synapse_old_version ]] +then + + #================================================= + # UPDATE SSOWAT CONF + #================================================= + + cp ../conf/add_sso_conf.py $final_path + cp ../conf/remove_sso_conf.py $final_path + python $final_path/add_sso_conf.py || echo "Error while sso config, please add '/_matrix' in /etc/ssowat/conf.json.persistent" + + #================================================= + # CREATE DEDICATED USER + #================================================= + + ynh_system_user_create $synapse_user /var/lib/matrix-synapse adduser $synapse_user ssl-cert adduser turnserver ssl-cert - # Create systemd service - ynh_secure_remove /etc/init.d/matrix-synapse - ynh_secure_remove /lib/systemd/system/matrix-synapse.service - ynh_secure_remove /etc/systemd/system/matrix-synapse.service - systemctl daemon-reload - systemctl disable matrix-synapse.service + # In the old synapse instance we stored the dh.pem in /etc/yunohost/certs/DOMAIN.TLD/ but it was problematics with lets'encrypt witch made a link to the key. While the letsencrypt key was changed the dh.pem file was lost. So we decided to move to /etc/matrix-synapse/ witch is a directory witch is not managed by any other component. + # Here we check if the dh.pem file is already moved. If not we try to copy the file from the old place. If the file in the old place was already removed (by letsencrypt) we create a new one. + test -e /etc/matrix-$app/dh.pem || \ + cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem || \ + openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null + + #================================================= + # SETUP SYSTEMD + #================================================= - cp ../conf/default_matrix-synapse /etc/default/matrix-synapse - cp ../conf/matrix-synapse.service /etc/systemd/system/ - systemctl daemon-reload - systemctl enable matrix-synapse.service + ynh_secure_remove /etc/init.d/matrix-synapse + ynh_secure_remove /lib/systemd/system/matrix-synapse.service + ynh_secure_remove /etc/systemd/system/matrix-synapse.service + systemctl daemon-reload + systemctl disable matrix-synapse.service - # Configuration de logrotate - ynh_use_logrotate /var/log/matrix-synapse + cp ../conf/default_matrix-synapse /etc/default/matrix-synapse + cp ../conf/matrix-synapse.service /etc/systemd/system/matrix-synapse.service + ynh_replace_string __APP__ $app /etc/systemd/system/matrix-synapse.service + systemctl daemon-reload + systemctl enable matrix-synapse.service - # register yunohost service - yunohost service add matrix-synapse + #================================================= + # ADVERTISE SERVICE IN ADMIN PANEL + #================================================= - ## Move to postgresql from sqlite + yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log" + yunohost service add coturn-$app - # We create the new settings - synapse_db_pwd=$(ynh_string_random 30) - ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd + #================================================= + # MIGRATE DATABASE + #================================================= - # Create postgresql database - ynh_psql_create_user $synapse_db_user $synapse_db_pwd - ynh_psql_execute_as_root \ - "CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" + # We get the last version of the synapse_port_db script because an old version could be buggy. + cp ../sources/synapse_port_db /opt/yunohost/matrix-synapse/bin/synapse_port_db - # Create config file for synapse with postgresql - config_synapse - - # We get the last version of the synapse_port_db script because an old version could be buggy. - cp ../sources/synapse_port_db /opt/yunohost/matrix-synapse/bin/synapse_port_db - - # Migrate database (in virtualenv) - source $final_path/bin/activate - /opt/yunohost/matrix-synapse/bin/synapse_port_db --sqlite-database /var/lib/matrix-synapse/homeserver.db \ - --postgres-config /etc/matrix-synapse/homeserver.yaml - deactivate + # Migrate database (in virtualenv) + source $final_path/bin/activate + /opt/yunohost/matrix-synapse/bin/synapse_port_db --sqlite-database /var/lib/matrix-synapse/homeserver.db \ + --postgres-config /etc/matrix-synapse/homeserver.yaml + deactivate fi -# If the turnserver log is not ready configured we configure it now -test -e /var/log/turnserver || (mkdir -p /var/log/turnserver && ynh_use_logrotate /var/log/turnserver) +#================================================= +# MIGRATION 2 : MULTINSTANCE SUPPORT +#================================================= + +if [[ ! -e /etc/matrix-$app/coturn.conf ]] +then + + #================================================= + # CREATE AN INDEPENDANT SERVICE FOR COTURN + #================================================= + + # Disable default config for turnserver and create a new service + systemctl stop coturn.service + + # Set by default the system config for coturn + echo "" > /etc/turnserver.conf + ynh_replace_string "TURNSERVER_ENABLED=1" "TURNSERVER_ENABLED=0" /etc/default/coturn + + # Set a port for each service in turnserver + turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1))) + cli_port=$(ynh_find_port 5766) + + ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port + ynh_app_setting_set $app cli_port $cli_port + + yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 + + # Configure systemd + cp ../conf/default_coturn /etc/default/coturn-$app + ynh_add_systemd_config coturn-$app coturn-synapse.service + + #================================================= + # MAKE A CLEAN LOGROTATE CONFIG + #================================================= + + ynh_use_logrotate /var/log/matrix-$app --non-append +fi + +#================================================= +# MIGRATION 3 : USE STANDARD ACCESS FOR CERTIFCATE +# AND USE INDEPENDANT DH FILE +#================================================= # Fix issue about certificates access -if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-synapse" /etc/group) ]] +if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]] then adduser $synapse_user ssl-cert adduser turnserver ssl-cert fi -test -e /etc/matrix-synapse/dh.pem || cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-synapse/dh.pem +# In the old synapse instance we stored the dh.pem in /etc/yunohost/certs/DOMAIN.TLD/ but it was problematics with lets'encrypt witch made a link to the key. While the letsencrypt key was changed the dh.pem file was lost. So we decided to move to /etc/matrix-synapse/ witch is a directory witch is not managed by any other component. +# Here we check if the dh.pem file is already moved. If not we try to copy the file from the old place. If the file in the old place was already removed (by letsencrypt) we create a new one. +test -e /etc/matrix-$app/dh.pem || \ + cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem || \ + openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null -# Upgrade manually Synapse -install_source +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# NGINX CONFIGURATION +#================================================= -# Update nginx config -config_nginx +ynh_add_nginx_config -# Configure Synapse -config_synapse +#================================================= +# UPDATE COTURN CONFIG +#================================================= -# Configure Coturn -config_coturn +# WARRNING : theses command are used in INSTALL, UPGRADE +# For any update do it in all files -# Set Permission for all directory -set_permission +coturn_config_path="/etc/matrix-$app/coturn.conf" -# Set new settings -ynh_app_setting_set $app synapse_version $APP_VERSION +ynh_backup_if_checksum_is_different "$coturn_config_path" -# Recharge la configuration Nginx -systemctl reload nginx.service -systemctl start matrix-synapse.service -systemctl restart coturn.service +cp ../conf/turnserver.conf "$coturn_config_path" + +ynh_replace_string __APP__ $app "$coturn_config_path" +ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path" +ynh_replace_string __DOMAIN__ $domain "$coturn_config_path" +ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path" +ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path" +ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path" + +ynh_store_file_checksum "$coturn_config_path" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# WARRNING : theses command are used in INSTALL, UPGRADE (2 times), RESTORE +# For any update do it in all files +chown $synapse_user:root -R $final_path +chown $synapse_user:root -R /var/lib/matrix-$app +chown $synapse_user:root -R /var/log/matrix-$app +chown $synapse_user:root -R /etc/matrix-$app +chmod u=rwX,g=rX,o= -R /etc/matrix-$app +chmod 600 /etc/matrix-$app/dh.pem +setfacl -R -m user:turnserver:rX /etc/matrix-$app +setfacl -R -m user:turnserver:rwX /var/log/matrix-$app + +#================================================= +# UPDATE VERSION SETTINGS +#================================================= + +ynh_app_setting_set $app synapse_version $upstream_version + +#================================================= +# RELOAD SERVICES +#================================================= + +systemctl restart coturn-$app.service +ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"