1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00

Merge pull request #311 from YunoHost-Apps/improve_configuration

Improve configuration
This commit is contained in:
Josue-T 2022-06-19 09:51:44 +02:00 committed by GitHub
commit 7553c14931
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 1873 additions and 624 deletions

View file

@ -5,7 +5,7 @@ It shall NOT be edited by hand.
# Synapse for YunoHost # Synapse for YunoHost
[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) [![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Working status](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg)
[![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) [![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
*[Lire ce readme en français.](./README_fr.md)* *[Lire ce readme en français.](./README_fr.md)*
@ -20,10 +20,7 @@ Instant messaging server matrix network.
Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org)
**Shipped version:** 1.59.0~ynh1 **Shipped version:** 1.61.0~ynh1
## Disclaimers / important information ## Disclaimers / important information
## Configuration ## Configuration
@ -144,20 +141,21 @@ Before installing a second instance of the app it's really recommended to update
## Documentation and resources ## Documentation and resources
* Official app website: https://matrix.org/ * Official app website: <https://matrix.org/>
* Upstream app code repository: https://github.com/matrix-org/synapse * Upstream app code repository: <https://github.com/matrix-org/synapse>
* YunoHost documentation for this app: https://yunohost.org/app_synapse * YunoHost documentation for this app: <https://yunohost.org/app_synapse>
* Report a bug: https://github.com/YunoHost-Apps/synapse_ynh/issues * Report a bug: <https://github.com/YunoHost-Apps/synapse_ynh/issues>
## Developer info ## Developer info
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
To try the testing branch, please proceed like that. To try the testing branch, please proceed like that.
```
``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
or or
sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
``` ```
**More info regarding app packaging:** https://yunohost.org/packaging_apps **More info regarding app packaging:** <https://yunohost.org/packaging_apps>

View file

@ -1,10 +1,14 @@
<!--
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
It shall NOT be edited by hand.
-->
# Synapse pour YunoHost # Synapse pour YunoHost
[![Niveau d'intégration](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg) [![Niveau d'intégration](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg)
[![Installer Synapse avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse) [![Installer Synapse avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
*[Read this readme in english.](./README.md)* *[Read this readme in english.](./README.md)*
*[Lire ce readme en français.](./README_fr.md)*
> *Ce package vous permet d'installer Synapse rapidement et simplement sur un serveur YunoHost. > *Ce package vous permet d'installer Synapse rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
@ -16,10 +20,7 @@ Instant messaging server matrix network.
Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org) Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org)
**Version incluse :** 1.59.0~ynh1 **Version incluse :** 1.61.0~ynh1
## Avertissements / informations importantes ## Avertissements / informations importantes
## Configuration ## Configuration
@ -140,20 +141,21 @@ Before installing a second instance of the app it's really recommended to update
## Documentations et ressources ## Documentations et ressources
* Site officiel de l'app : https://matrix.org/ * Site officiel de l'app : <https://matrix.org/>
* Dépôt de code officiel de l'app : https://github.com/matrix-org/synapse * Dépôt de code officiel de l'app : <https://github.com/matrix-org/synapse>
* Documentation YunoHost pour cette app : https://yunohost.org/app_synapse * Documentation YunoHost pour cette app : <https://yunohost.org/app_synapse>
* Signaler un bug : https://github.com/YunoHost-Apps/synapse_ynh/issues * Signaler un bug : <https://github.com/YunoHost-Apps/synapse_ynh/issues>
## Informations pour les développeurs ## Informations pour les développeurs
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing). Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
Pour essayer la branche testing, procédez comme suit. Pour essayer la branche testing, procédez comme suit.
```
``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
ou ou
sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
``` ```
**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps **Plus d'infos sur le packaging d'applications :** <https://yunohost.org/packaging_apps>

View file

@ -2,7 +2,7 @@
; Manifest ; Manifest
domain="domain.tld" (DOMAIN) domain="domain.tld" (DOMAIN)
path="/_matrix/static/" (PATH) path="/_matrix/static/" (PATH)
is_public=1 (PUBLIC|public=1|private=0) is_free_registration=1 (PUBLIC|public=1|private=0)
server_name="domain.tld" (DOMAIN) server_name="domain.tld" (DOMAIN)
; Checks ; Checks
pkg_linter=1 pkg_linter=1
@ -13,6 +13,7 @@
setup_public=1 setup_public=1
upgrade=1 upgrade=1
upgrade=1 from_commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19 upgrade=1 from_commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19
upgrade=1 from_commit=6af39e6e086e70e2063eb8f63c48a1e4a597300d
backup_restore=1 backup_restore=1
multi_instance=0 multi_instance=0
incorrect_path=0 incorrect_path=0
@ -23,3 +24,5 @@
;;; Upgrade options ;;; Upgrade options
; commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19 ; commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19
name=Before permission implementation (branch old_version_for_CI_4) name=Before permission implementation (branch old_version_for_CI_4)
; commit=6af39e6e086e70e2063eb8f63c48a1e4a597300d
name=Before app user creation

View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.59.0/matrix-synapse_1.59.0-bullseye-bin1_armv7l.tar.gz SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.61.0/matrix-synapse_1.61.0-bullseye-bin1_armv7l.tar.gz
SOURCE_SUM=aedd3fe868dc9ad9359da0ce5124c602945267e9ab69a5ed0249367391cd44e7 SOURCE_SUM=e5da2f1ecb1511b3aeb514a948811c2645a7014eb0bdf8f5988fe6208e1bfb0f
# (Optional) Program to check the integrity (sha256sum, md5sum...) # (Optional) Program to check the integrity (sha256sum, md5sum...)
# default: sha256 # default: sha256
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum

View file

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.59.0/matrix-synapse_1.59.0-buster-bin1_armv7l.tar.gz SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.61.0/matrix-synapse_1.61.0-buster-bin1_armv7l.tar.gz
SOURCE_SUM=3a1e4602507594d4a38c5613edd1e16ebeef6e67cb7d40a7847fb0a32aeade22 SOURCE_SUM=970d173b23243043f5d95c5332426d54600c07bfa685e5a6e1423718533283a3
# (Optional) Program to check the integrity (sha256sum, md5sum...) # (Optional) Program to check the integrity (sha256sum, md5sum...)
# default: sha256 # default: sha256
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum

View file

@ -23,5 +23,34 @@ LimitRTTIME=7000000
CPUSchedulingPolicy=other CPUSchedulingPolicy=other
UMask=0007 UMask=0007
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

File diff suppressed because it is too large Load diff

View file

@ -6,12 +6,42 @@ After=network.target
Type=simple Type=simple
User=matrix-__APP__ User=matrix-__APP__
WorkingDirectory=/opt/yunohost/matrix-__APP__ WorkingDirectory=/opt/yunohost/matrix-__APP__
BindPaths=/etc/matrix-__APP__
EnvironmentFile=/etc/default/matrix-__APP__ EnvironmentFile=/etc/default/matrix-__APP__
ExecStartPre=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ --generate-keys ExecStartPre=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ --generate-keys
ExecStart=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ ExecStart=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/
Restart=always Restart=always
RestartSec=3 RestartSec=3
RuntimeDirectory=%i
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

View file

@ -13,11 +13,11 @@ name = "Synapse configuration"
default = false default = false
help = "True to send anonymous statistics about synapse to improve the performances" help = "True to send anonymous statistics about synapse to improve the performances"
[synapse_config.server_config.is_public] [synapse_config.server_config.is_free_registration]
ask = "Server public" ask = "Server with free registration"
type = "boolean" type = "boolean"
default = false default = false
help = "Is it a public server" help = "A public server means that anybody will be able to register on this server."
[synapse_config.server_config.allow_public_rooms] [synapse_config.server_config.allow_public_rooms]
ask = "Public rooms directory" ask = "Public rooms directory"

View file

@ -6,7 +6,7 @@
"en": "Instant messaging server which uses Matrix", "en": "Instant messaging server which uses Matrix",
"fr": "Un serveur de messagerie instantané basé sur Matrix" "fr": "Un serveur de messagerie instantané basé sur Matrix"
}, },
"version": "1.59.0~ynh1", "version": "1.61.0~ynh1",
"url": "http://matrix.org", "url": "http://matrix.org",
"license": "Apache-2.0", "license": "Apache-2.0",
"maintainer": { "maintainer": {
@ -29,12 +29,7 @@
"install" : [ "install" : [
{ {
"name": "domain", "name": "domain",
"type": "domain", "type": "domain"
"ask": {
"en": "Choose a domain for Synapse",
"fr": "Choisissez un domaine pour Synapse"
},
"example": "synapse.domain.org"
}, },
{ {
"name": "server_name", "name": "server_name",
@ -47,11 +42,11 @@
"default": "Same than the domain" "default": "Same than the domain"
}, },
{ {
"name": "is_public", "name": "is_free_registration",
"type": "boolean", "type": "boolean",
"ask": { "ask": {
"en": "Is it a public server?", "en": "Is it a server with free registration ?",
"fr": "Est-ce un serveur public ?" "fr": "Est-ce un serveur avec création de compte libre ?"
}, },
"default": false, "default": false,
"help": { "help": {

View file

@ -1,5 +1,6 @@
dependances="coturn build-essential python3-dev libffi-dev python3-pip python3-setuptools sqlite3 libssl-dev python3-venv libxml2-dev libxslt1-dev python3-lxml zlib1g-dev libjpeg-dev libpq-dev postgresql acl" dependances="coturn build-essential python3-dev libffi-dev python3-pip python3-setuptools sqlite3 libssl-dev python3-venv libxml2-dev libxslt1-dev python3-lxml zlib1g-dev libjpeg-dev libpq-dev postgresql acl"
python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)" python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
app=$YNH_APP_INSTANCE_NAME
install_sources() { install_sources() {
# Install/upgrade synapse in virtualenv # Install/upgrade synapse in virtualenv
@ -45,7 +46,12 @@ install_sources() {
set +$u_arg; set +$u_arg;
source $final_path/bin/activate source $final_path/bin/activate
set -$u_arg; set -$u_arg;
pip3 install --upgrade setuptools wheel pip if [ $(lsb_release --codename --short) == "bullseye" ]; then
pip3 install --upgrade setuptools==60.8.2 wheel pip
else
pip3 install --upgrade setuptools wheel pip
fi
chown $synapse_user:root -R $final_path chown $synapse_user:root -R $final_path
sudo -u $synapse_user env PATH=$PATH pip3 install --upgrade 'cryptography>=3.4.7' sudo -u $synapse_user env PATH=$PATH pip3 install --upgrade 'cryptography>=3.4.7'
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2 pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
@ -62,3 +68,9 @@ install_sources() {
ynh_secure_remove --file=$final_path/.cargo ynh_secure_remove --file=$final_path/.cargo
fi fi
} }
get_domain_list() {
yunohost --output-as plain domain list | grep -E "^#" -v | sort | uniq | while read domain; do
echo -n " - https://$domain\n"
done
}

View file

@ -26,7 +26,7 @@ server_name=$(ynh_app_setting_get --app=$app --key=server_name)
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
is_public=$(ynh_app_setting_get --app=$app --key=is_public) is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration)
port=$(ynh_app_setting_get --app=$app --key=synapse_port) port=$(ynh_app_setting_get --app=$app --key=synapse_port)
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
@ -35,19 +35,20 @@ cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
ynh_print_OFF
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
ynh_print_ON synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
synapse_user="matrix-$app" synapse_user="matrix-$app"
synapse_user_app="$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app" synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
upstream_version=$(ynh_app_upstream_version) upstream_version=$(ynh_app_upstream_version)
domain_whitelist_client=$(get_domain_list)
# Check if the new path stay /_matrix if not exit # Check if the new path stay /_matrix if not exit
@ -102,7 +103,7 @@ else
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
fi fi
if [ $is_public -eq 0 ] if [ $is_free_registration -eq 0 ]
then then
allowed_access=False allowed_access=False
sso_enabled=True sso_enabled=True

View file

@ -23,9 +23,11 @@ app=$YNH_APP_INSTANCE_NAME
report_stats=$(ynh_app_setting_get --app $app --key report_stats) report_stats=$(ynh_app_setting_get --app $app --key report_stats)
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
disable_backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_backup_before_upgrade) disable_backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_backup_before_upgrade)
is_public=$(ynh_app_setting_get --app $app --key is_public) is_free_registration=$(ynh_app_setting_get --app $app --key is_free_registration)
jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
domain_whitelist_client=$(get_domain_list)
#================================================= #=================================================
# SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND # SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND
@ -37,7 +39,7 @@ show_config() {
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS=$report_stats" ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS=$report_stats"
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS=$allow_public_rooms" ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS=$allow_public_rooms"
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER=$jitsi_server" ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER=$jitsi_server"
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=${is_public}" ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_FREE_REGISTRATION=${is_free_registration}"
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT=${e2e_enabled_by_default}" ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT=${e2e_enabled_by_default}"
if [[ ${disable_backup_before_upgrade:-0} -eq 1 ]] if [[ ${disable_backup_before_upgrade:-0} -eq 1 ]]
@ -56,7 +58,7 @@ apply_config() {
report_stats=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS:-$report_stats} report_stats=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS:-$report_stats}
allow_public_rooms=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS:-$allow_public_rooms} allow_public_rooms=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS:-$allow_public_rooms}
do_backup_before_upgrade=${YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE:-} do_backup_before_upgrade=${YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE:-}
is_public=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC:-$is_public} is_free_registration=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_FREE_REGISTRATION:-$is_free_registration}
jitsi_server=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER:-$jitsi_server} jitsi_server=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER:-$jitsi_server}
e2e_enabled_by_default=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT:-$e2e_enabled_by_default} e2e_enabled_by_default=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT:-$e2e_enabled_by_default}
@ -81,7 +83,7 @@ apply_config() {
ynh_app_setting_set --app $app --key report_stats --value $report_stats ynh_app_setting_set --app $app --key report_stats --value $report_stats
ynh_app_setting_set --app $app --key allow_public_rooms --value $allow_public_rooms ynh_app_setting_set --app $app --key allow_public_rooms --value $allow_public_rooms
ynh_app_setting_set --app $app --key is_public --value $is_public ynh_app_setting_set --app $app --key is_free_registration --value $is_free_registration
ynh_app_setting_set --app $app --key jitsi_server --value $jitsi_server ynh_app_setting_set --app $app --key jitsi_server --value $jitsi_server
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
@ -96,7 +98,7 @@ apply_config() {
domain=$(ynh_app_setting_get --app $app --key domain) domain=$(ynh_app_setting_get --app $app --key domain)
server_name=$(ynh_app_setting_get --app $app --key server_name) server_name=$(ynh_app_setting_get --app $app --key server_name)
synapse_db_pwd=$(ynh_app_setting_get --app $app --key synapse_db_pwd) synapse_db_pwd=$(ynh_app_setting_get --app $app --key synapse_db_pwd)
is_public=$(ynh_app_setting_get --app $app --key is_public) is_free_registration=$(ynh_app_setting_get --app $app --key is_free_registration)
port=$(ynh_app_setting_get --app $app --key synapse_port) port=$(ynh_app_setting_get --app $app --key synapse_port)
synapse_tls_port=$(ynh_app_setting_get --app $app --key synapse_tls_port) synapse_tls_port=$(ynh_app_setting_get --app $app --key synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app $app --key turnserver_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app $app --key turnserver_tls_port)
@ -124,7 +126,7 @@ apply_config() {
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
fi fi
if [ $is_public -eq 0 ] if [ $is_free_registration -eq 0 ]
then then
allowed_access=False allowed_access=False
sso_enabled=True sso_enabled=True

View file

@ -21,20 +21,13 @@ ynh_clean_setup () {
# Exit if an error occurs during the execution of the script # Exit if an error occurs during the execution of the script
ynh_abort_if_errors ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
is_public=$YNH_APP_ARG_IS_PUBLIC
app=$YNH_APP_INSTANCE_NAME
#================================================= #=================================================
# SET CONSTANTS # SET CONSTANTS
#================================================= #=================================================
synapse_user="matrix-$app" synapse_user="matrix-$app"
synapse_user_app="$app"
synapse_user_app_pwd="$(ynh_string_random --length=30)"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app" synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
@ -43,6 +36,7 @@ report_stats="false"
allow_public_rooms="false" allow_public_rooms="false"
e2e_enabled_by_default="true" e2e_enabled_by_default="true"
default_domain_value="Same than the domain" default_domain_value="Same than the domain"
domain_whitelist_client=$(get_domain_list)
#================================================= #=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST # RETRIEVE ARGUMENTS FROM THE MANIFEST
@ -50,7 +44,7 @@ default_domain_value="Same than the domain"
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
server_name=$YNH_APP_ARG_SERVER_NAME server_name=$YNH_APP_ARG_SERVER_NAME
is_public=$YNH_APP_ARG_IS_PUBLIC is_free_registration=$YNH_APP_ARG_IS_FREE_REGISTRATION
jitsi_server=$YNH_APP_ARG_JITSI_SERVER jitsi_server=$YNH_APP_ARG_JITSI_SERVER
path_url="/_matrix" path_url="/_matrix"
final_path="/opt/yunohost/matrix-$app" final_path="/opt/yunohost/matrix-$app"
@ -65,8 +59,6 @@ fi
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#================================================= #=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=2 ynh_script_progression --message="Validating installation parameters..." --weight=2
[ $(ynh_webpath_available --domain=$domain --path_url=$path_url) == "True" ] || ynh_die --message="$domain is not available as domain, please use an other domain."
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain." test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain."
# Check Final Path availability # Check Final Path availability
@ -90,10 +82,11 @@ ynh_app_setting_set --app=$app --key=server_name --value=$server_name
ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server
ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=final_path --value=$final_path
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_registration
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS
@ -152,6 +145,7 @@ ynh_install_app_dependencies $dependances
ynh_script_progression --message="Configuring system user..." --weight=3 ynh_script_progression --message="Configuring system user..." --weight=3
ynh_system_user_create --username=$synapse_user --home_dir=$final_path ynh_system_user_create --username=$synapse_user --home_dir=$final_path
yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd"
adduser $synapse_user ssl-cert adduser $synapse_user ssl-cert
adduser turnserver ssl-cert adduser turnserver ssl-cert
@ -160,16 +154,12 @@ adduser turnserver ssl-cert
#================================================= #=================================================
ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4 ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4
ynh_print_OFF
synapse_db_pwd=$(ynh_string_random --length=30) synapse_db_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd
ynh_print_ON
# Create postgresql database # Create postgresql database
ynh_psql_test_if_first_run ynh_psql_test_if_first_run
ynh_print_OFF
ynh_psql_create_user $synapse_db_user $synapse_db_pwd ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_print_ON
ynh_psql_execute_as_root \ ynh_psql_execute_as_root \
--sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" --sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
@ -222,7 +212,6 @@ deactivate
set -u; set -u;
# Get random values from config # Get random values from config
ynh_print_OFF
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2) registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2) form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
macaroon_secret_key=$(egrep "^macaroon_secret_key:" homeserver.yml | cut -d'"' -f2) macaroon_secret_key=$(egrep "^macaroon_secret_key:" homeserver.yml | cut -d'"' -f2)
@ -231,7 +220,6 @@ macaroon_secret_key=$(egrep "^macaroon_secret_key:" homeserver.yml | cut -d'"' -
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret" ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret" ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
ynh_app_setting_set --app=$app --key=macaroon_secret_key --value="$macaroon_secret_key" ynh_app_setting_set --app=$app --key=macaroon_secret_key --value="$macaroon_secret_key"
ynh_print_ON
#================================================= #=================================================
# SETUP SYSTEMD # SETUP SYSTEMD
@ -279,7 +267,7 @@ ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
if [ $is_public -eq 0 ] if [ $is_free_registration -eq 0 ]
then then
allowed_access=False allowed_access=False
sso_enabled=True sso_enabled=True

View file

@ -29,6 +29,7 @@ turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tl
#================================================= #=================================================
synapse_user="matrix-$app" synapse_user="matrix-$app"
synapse_user_app="$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app" synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
@ -142,6 +143,7 @@ ynh_script_progression --message="Removing the dedicated system user" --weight=1
# Delete a system user # Delete a system user
ynh_system_user_delete --username=$synapse_user ynh_system_user_delete --username=$synapse_user
yunohost user delete $synapse_user_app
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

View file

@ -37,15 +37,15 @@ synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
ynh_print_OFF
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
ynh_print_ON synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
#================================================= #=================================================
# SET ALL CONSTANT # SET ALL CONSTANT
#================================================= #=================================================
synapse_user="matrix-$app" synapse_user="matrix-$app"
synapse_user_app="$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app" synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
@ -58,8 +58,6 @@ data_path="/home/yunohost.app/matrix-$app"
#================================================= #=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=2 ynh_script_progression --message="Validating restoration parameters..." --weight=2
ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die --message="Path not available: ${domain}${path_url}"
test ! -d $final_path \ test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path " || ynh_die --message="There is already a directory: $final_path "
@ -81,6 +79,7 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei
# Create the dedicated user (if not existing) # Create the dedicated user (if not existing)
ynh_system_user_create --username=$synapse_user --home_dir=$final_path ynh_system_user_create --username=$synapse_user --home_dir=$final_path
yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd"
adduser $synapse_user ssl-cert adduser $synapse_user ssl-cert
adduser turnserver ssl-cert adduser turnserver ssl-cert
@ -110,9 +109,7 @@ ynh_systemd_action --action=restart --service_name=fail2ban
ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13 ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13
ynh_psql_test_if_first_run ynh_psql_test_if_first_run
ynh_print_OFF
ynh_psql_create_user $synapse_db_user $synapse_db_pwd ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_print_ON
ynh_psql_execute_as_root \ ynh_psql_execute_as_root \
--sql="CREATE DATABASE $synapse_db_name --sql="CREATE DATABASE $synapse_db_name
ENCODING 'UTF8' ENCODING 'UTF8'
@ -165,9 +162,7 @@ ynh_script_progression --message="Reconfiguring coturn..." --weight=23
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
ynh_print_OFF
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
ynh_print_ON
# WARNING : these commands are used in INSTALL, UPGRADE # WARNING : these commands are used in INSTALL, UPGRADE
# For any update do it in all files # For any update do it in all files

View file

@ -26,7 +26,7 @@ jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
path_url=$(ynh_app_setting_get --app=$app --key=path) path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
is_public=$(ynh_app_setting_get --app=$app --key=is_public) is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration)
port=$(ynh_app_setting_get --app=$app --key=synapse_port) port=$(ynh_app_setting_get --app=$app --key=synapse_port)
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
@ -35,19 +35,20 @@ cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
ynh_print_OFF
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
ynh_print_ON synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
domain_whitelist_client=$(get_domain_list)
#================================================= #=================================================
# SET ALL CONSTANT # SET ALL CONSTANT
#================================================= #=================================================
synapse_user="matrix-$app" synapse_user="matrix-$app"
synapse_user_app="$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app" synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
@ -131,6 +132,17 @@ if [ -z $allow_public_rooms ]; then
ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms
fi fi
if [ -z $is_free_registration ]; then
is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public)
ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_registration
fi
if [ -z $synapse_user_app_pwd ]; then
synapse_user_app_pwd="$(ynh_string_random --length=30)"
ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd"
fi
#================================================= #=================================================
# MIGRATION 6 : Migrate data directory # MIGRATION 6 : Migrate data directory
#================================================= #=================================================
@ -183,10 +195,8 @@ chown $synapse_user:root -R $final_www_path
# MIGRATION 1 : GENERATE SYNAPSE SECRET # MIGRATION 1 : GENERATE SYNAPSE SECRET
#================================================= #=================================================
ynh_print_OFF
if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ] if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ]
then then
ynh_print_ON
ynh_script_progression --message="Generating synapse secret..." --weight=1 ynh_script_progression --message="Generating synapse secret..." --weight=1
# Go in virtualenvironnement # Go in virtualenvironnement
@ -203,16 +213,13 @@ then
set -u; set -u;
# Get random values from config # Get random values from config
ynh_print_OFF
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2) registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2) form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
# store in yunohost settings # store in yunohost settings
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret" ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret" ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
ynh_print_ON
fi fi
ynh_print_ON
#================================================= #=================================================
# UPDATE SYNAPSE CONFIG # UPDATE SYNAPSE CONFIG
@ -232,7 +239,7 @@ else
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
fi fi
if [ $is_public -eq 0 ] if [ $is_free_registration -eq 0 ]
then then
allowed_access=False allowed_access=False
sso_enabled=True sso_enabled=True