mirror of
https://github.com/YunoHost-Apps/synapse_ynh.git
synced 2024-09-03 20:26:38 +02:00
Merge pull request #311 from YunoHost-Apps/improve_configuration
Improve configuration
This commit is contained in:
commit
7553c14931
17 changed files with 1873 additions and 624 deletions
20
README.md
20
README.md
|
@ -5,7 +5,7 @@ It shall NOT be edited by hand.
|
||||||
|
|
||||||
# Synapse for YunoHost
|
# Synapse for YunoHost
|
||||||
|
|
||||||
[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg)
|
[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Working status](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg)
|
||||||
[![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
|
[![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
|
||||||
|
|
||||||
*[Lire ce readme en français.](./README_fr.md)*
|
*[Lire ce readme en français.](./README_fr.md)*
|
||||||
|
@ -20,10 +20,7 @@ Instant messaging server matrix network.
|
||||||
Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org)
|
Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org)
|
||||||
|
|
||||||
|
|
||||||
**Shipped version:** 1.59.0~ynh1
|
**Shipped version:** 1.61.0~ynh1
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Disclaimers / important information
|
## Disclaimers / important information
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
@ -144,20 +141,21 @@ Before installing a second instance of the app it's really recommended to update
|
||||||
|
|
||||||
## Documentation and resources
|
## Documentation and resources
|
||||||
|
|
||||||
* Official app website: https://matrix.org/
|
* Official app website: <https://matrix.org/>
|
||||||
* Upstream app code repository: https://github.com/matrix-org/synapse
|
* Upstream app code repository: <https://github.com/matrix-org/synapse>
|
||||||
* YunoHost documentation for this app: https://yunohost.org/app_synapse
|
* YunoHost documentation for this app: <https://yunohost.org/app_synapse>
|
||||||
* Report a bug: https://github.com/YunoHost-Apps/synapse_ynh/issues
|
* Report a bug: <https://github.com/YunoHost-Apps/synapse_ynh/issues>
|
||||||
|
|
||||||
## Developer info
|
## Developer info
|
||||||
|
|
||||||
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
|
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
|
||||||
|
|
||||||
To try the testing branch, please proceed like that.
|
To try the testing branch, please proceed like that.
|
||||||
```
|
|
||||||
|
``` bash
|
||||||
sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
|
sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
|
||||||
or
|
or
|
||||||
sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
|
sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
|
||||||
```
|
```
|
||||||
|
|
||||||
**More info regarding app packaging:** https://yunohost.org/packaging_apps
|
**More info regarding app packaging:** <https://yunohost.org/packaging_apps>
|
||||||
|
|
26
README_fr.md
26
README_fr.md
|
@ -1,10 +1,14 @@
|
||||||
|
<!--
|
||||||
|
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
|
||||||
|
It shall NOT be edited by hand.
|
||||||
|
-->
|
||||||
|
|
||||||
# Synapse pour YunoHost
|
# Synapse pour YunoHost
|
||||||
|
|
||||||
[![Niveau d'intégration](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg)
|
[![Niveau d'intégration](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/synapse.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/synapse.maintain.svg)
|
||||||
[![Installer Synapse avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
|
[![Installer Synapse avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=synapse)
|
||||||
|
|
||||||
*[Read this readme in english.](./README.md)*
|
*[Read this readme in english.](./README.md)*
|
||||||
*[Lire ce readme en français.](./README_fr.md)*
|
|
||||||
|
|
||||||
> *Ce package vous permet d'installer Synapse rapidement et simplement sur un serveur YunoHost.
|
> *Ce package vous permet d'installer Synapse rapidement et simplement sur un serveur YunoHost.
|
||||||
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
|
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
|
||||||
|
@ -16,10 +20,7 @@ Instant messaging server matrix network.
|
||||||
Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org)
|
Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org)
|
||||||
|
|
||||||
|
|
||||||
**Version incluse :** 1.59.0~ynh1
|
**Version incluse :** 1.61.0~ynh1
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Avertissements / informations importantes
|
## Avertissements / informations importantes
|
||||||
|
|
||||||
## Configuration
|
## Configuration
|
||||||
|
@ -140,20 +141,21 @@ Before installing a second instance of the app it's really recommended to update
|
||||||
|
|
||||||
## Documentations et ressources
|
## Documentations et ressources
|
||||||
|
|
||||||
* Site officiel de l'app : https://matrix.org/
|
* Site officiel de l'app : <https://matrix.org/>
|
||||||
* Dépôt de code officiel de l'app : https://github.com/matrix-org/synapse
|
* Dépôt de code officiel de l'app : <https://github.com/matrix-org/synapse>
|
||||||
* Documentation YunoHost pour cette app : https://yunohost.org/app_synapse
|
* Documentation YunoHost pour cette app : <https://yunohost.org/app_synapse>
|
||||||
* Signaler un bug : https://github.com/YunoHost-Apps/synapse_ynh/issues
|
* Signaler un bug : <https://github.com/YunoHost-Apps/synapse_ynh/issues>
|
||||||
|
|
||||||
## Informations pour les développeurs
|
## Informations pour les développeurs
|
||||||
|
|
||||||
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
|
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
|
||||||
|
|
||||||
Pour essayer la branche testing, procédez comme suit.
|
Pour essayer la branche testing, procédez comme suit.
|
||||||
```
|
|
||||||
|
``` bash
|
||||||
sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
|
sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
|
||||||
ou
|
ou
|
||||||
sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
|
sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
|
||||||
```
|
```
|
||||||
|
|
||||||
**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps
|
**Plus d'infos sur le packaging d'applications :** <https://yunohost.org/packaging_apps>
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
; Manifest
|
; Manifest
|
||||||
domain="domain.tld" (DOMAIN)
|
domain="domain.tld" (DOMAIN)
|
||||||
path="/_matrix/static/" (PATH)
|
path="/_matrix/static/" (PATH)
|
||||||
is_public=1 (PUBLIC|public=1|private=0)
|
is_free_registration=1 (PUBLIC|public=1|private=0)
|
||||||
server_name="domain.tld" (DOMAIN)
|
server_name="domain.tld" (DOMAIN)
|
||||||
; Checks
|
; Checks
|
||||||
pkg_linter=1
|
pkg_linter=1
|
||||||
|
@ -13,6 +13,7 @@
|
||||||
setup_public=1
|
setup_public=1
|
||||||
upgrade=1
|
upgrade=1
|
||||||
upgrade=1 from_commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19
|
upgrade=1 from_commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19
|
||||||
|
upgrade=1 from_commit=6af39e6e086e70e2063eb8f63c48a1e4a597300d
|
||||||
backup_restore=1
|
backup_restore=1
|
||||||
multi_instance=0
|
multi_instance=0
|
||||||
incorrect_path=0
|
incorrect_path=0
|
||||||
|
@ -23,3 +24,5 @@
|
||||||
;;; Upgrade options
|
;;; Upgrade options
|
||||||
; commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19
|
; commit=0a485e0d6bcd14392b9203b3b27e7e1a7ba21d19
|
||||||
name=Before permission implementation (branch old_version_for_CI_4)
|
name=Before permission implementation (branch old_version_for_CI_4)
|
||||||
|
; commit=6af39e6e086e70e2063eb8f63c48a1e4a597300d
|
||||||
|
name=Before app user creation
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.59.0/matrix-synapse_1.59.0-bullseye-bin1_armv7l.tar.gz
|
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.61.0/matrix-synapse_1.61.0-bullseye-bin1_armv7l.tar.gz
|
||||||
SOURCE_SUM=aedd3fe868dc9ad9359da0ce5124c602945267e9ab69a5ed0249367391cd44e7
|
SOURCE_SUM=e5da2f1ecb1511b3aeb514a948811c2645a7014eb0bdf8f5988fe6208e1bfb0f
|
||||||
# (Optional) Program to check the integrity (sha256sum, md5sum...)
|
# (Optional) Program to check the integrity (sha256sum, md5sum...)
|
||||||
# default: sha256
|
# default: sha256
|
||||||
SOURCE_SUM_PRG=sha256sum
|
SOURCE_SUM_PRG=sha256sum
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.59.0/matrix-synapse_1.59.0-buster-bin1_armv7l.tar.gz
|
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.61.0/matrix-synapse_1.61.0-buster-bin1_armv7l.tar.gz
|
||||||
SOURCE_SUM=3a1e4602507594d4a38c5613edd1e16ebeef6e67cb7d40a7847fb0a32aeade22
|
SOURCE_SUM=970d173b23243043f5d95c5332426d54600c07bfa685e5a6e1423718533283a3
|
||||||
# (Optional) Program to check the integrity (sha256sum, md5sum...)
|
# (Optional) Program to check the integrity (sha256sum, md5sum...)
|
||||||
# default: sha256
|
# default: sha256
|
||||||
SOURCE_SUM_PRG=sha256sum
|
SOURCE_SUM_PRG=sha256sum
|
||||||
|
|
|
@ -23,5 +23,34 @@ LimitRTTIME=7000000
|
||||||
CPUSchedulingPolicy=other
|
CPUSchedulingPolicy=other
|
||||||
UMask=0007
|
UMask=0007
|
||||||
|
|
||||||
|
# Sandboxing options to harden security
|
||||||
|
# Depending on specificities of your service/app, you may need to tweak these
|
||||||
|
# .. but this should be a good baseline
|
||||||
|
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||||
|
NoNewPrivileges=yes
|
||||||
|
PrivateTmp=yes
|
||||||
|
PrivateDevices=yes
|
||||||
|
RestrictNamespaces=yes
|
||||||
|
RestrictRealtime=yes
|
||||||
|
DevicePolicy=closed
|
||||||
|
ProtectSystem=full
|
||||||
|
ProtectControlGroups=yes
|
||||||
|
ProtectKernelModules=yes
|
||||||
|
ProtectKernelTunables=yes
|
||||||
|
LockPersonality=yes
|
||||||
|
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
|
||||||
|
|
||||||
|
# Denying access to capabilities that should not be relevant for webapps
|
||||||
|
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||||
|
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||||
|
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||||
|
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||||
|
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||||
|
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||||
|
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
2251
conf/homeserver.yaml
2251
conf/homeserver.yaml
File diff suppressed because it is too large
Load diff
|
@ -6,12 +6,42 @@ After=network.target
|
||||||
Type=simple
|
Type=simple
|
||||||
User=matrix-__APP__
|
User=matrix-__APP__
|
||||||
WorkingDirectory=/opt/yunohost/matrix-__APP__
|
WorkingDirectory=/opt/yunohost/matrix-__APP__
|
||||||
|
BindPaths=/etc/matrix-__APP__
|
||||||
EnvironmentFile=/etc/default/matrix-__APP__
|
EnvironmentFile=/etc/default/matrix-__APP__
|
||||||
ExecStartPre=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ --generate-keys
|
ExecStartPre=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/ --generate-keys
|
||||||
ExecStart=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/
|
ExecStart=/opt/yunohost/matrix-__APP__/bin/python -m synapse.app.homeserver --config-path=/etc/matrix-__APP__/homeserver.yaml --config-path=/etc/matrix-__APP__/conf.d/
|
||||||
Restart=always
|
Restart=always
|
||||||
RestartSec=3
|
RestartSec=3
|
||||||
RuntimeDirectory=%i
|
|
||||||
|
# Sandboxing options to harden security
|
||||||
|
# Depending on specificities of your service/app, you may need to tweak these
|
||||||
|
# .. but this should be a good baseline
|
||||||
|
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
|
||||||
|
NoNewPrivileges=yes
|
||||||
|
PrivateTmp=yes
|
||||||
|
PrivateDevices=yes
|
||||||
|
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
|
||||||
|
RestrictNamespaces=yes
|
||||||
|
RestrictRealtime=yes
|
||||||
|
DevicePolicy=closed
|
||||||
|
ProtectSystem=full
|
||||||
|
ProtectControlGroups=yes
|
||||||
|
ProtectKernelModules=yes
|
||||||
|
ProtectKernelTunables=yes
|
||||||
|
LockPersonality=yes
|
||||||
|
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
|
||||||
|
|
||||||
|
# Denying access to capabilities that should not be relevant for webapps
|
||||||
|
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
|
||||||
|
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
|
||||||
|
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
|
||||||
|
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
|
||||||
|
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
|
||||||
|
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
|
||||||
|
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
|
||||||
|
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -13,11 +13,11 @@ name = "Synapse configuration"
|
||||||
default = false
|
default = false
|
||||||
help = "True to send anonymous statistics about synapse to improve the performances"
|
help = "True to send anonymous statistics about synapse to improve the performances"
|
||||||
|
|
||||||
[synapse_config.server_config.is_public]
|
[synapse_config.server_config.is_free_registration]
|
||||||
ask = "Server public"
|
ask = "Server with free registration"
|
||||||
type = "boolean"
|
type = "boolean"
|
||||||
default = false
|
default = false
|
||||||
help = "Is it a public server"
|
help = "A public server means that anybody will be able to register on this server."
|
||||||
|
|
||||||
[synapse_config.server_config.allow_public_rooms]
|
[synapse_config.server_config.allow_public_rooms]
|
||||||
ask = "Public rooms directory"
|
ask = "Public rooms directory"
|
||||||
|
|
|
@ -6,7 +6,7 @@
|
||||||
"en": "Instant messaging server which uses Matrix",
|
"en": "Instant messaging server which uses Matrix",
|
||||||
"fr": "Un serveur de messagerie instantané basé sur Matrix"
|
"fr": "Un serveur de messagerie instantané basé sur Matrix"
|
||||||
},
|
},
|
||||||
"version": "1.59.0~ynh1",
|
"version": "1.61.0~ynh1",
|
||||||
"url": "http://matrix.org",
|
"url": "http://matrix.org",
|
||||||
"license": "Apache-2.0",
|
"license": "Apache-2.0",
|
||||||
"maintainer": {
|
"maintainer": {
|
||||||
|
@ -29,12 +29,7 @@
|
||||||
"install" : [
|
"install" : [
|
||||||
{
|
{
|
||||||
"name": "domain",
|
"name": "domain",
|
||||||
"type": "domain",
|
"type": "domain"
|
||||||
"ask": {
|
|
||||||
"en": "Choose a domain for Synapse",
|
|
||||||
"fr": "Choisissez un domaine pour Synapse"
|
|
||||||
},
|
|
||||||
"example": "synapse.domain.org"
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "server_name",
|
"name": "server_name",
|
||||||
|
@ -47,11 +42,11 @@
|
||||||
"default": "Same than the domain"
|
"default": "Same than the domain"
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"name": "is_public",
|
"name": "is_free_registration",
|
||||||
"type": "boolean",
|
"type": "boolean",
|
||||||
"ask": {
|
"ask": {
|
||||||
"en": "Is it a public server?",
|
"en": "Is it a server with free registration ?",
|
||||||
"fr": "Est-ce un serveur public ?"
|
"fr": "Est-ce un serveur avec création de compte libre ?"
|
||||||
},
|
},
|
||||||
"default": false,
|
"default": false,
|
||||||
"help": {
|
"help": {
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
dependances="coturn build-essential python3-dev libffi-dev python3-pip python3-setuptools sqlite3 libssl-dev python3-venv libxml2-dev libxslt1-dev python3-lxml zlib1g-dev libjpeg-dev libpq-dev postgresql acl"
|
dependances="coturn build-essential python3-dev libffi-dev python3-pip python3-setuptools sqlite3 libssl-dev python3-venv libxml2-dev libxslt1-dev python3-lxml zlib1g-dev libjpeg-dev libpq-dev postgresql acl"
|
||||||
python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
|
python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
|
||||||
|
app=$YNH_APP_INSTANCE_NAME
|
||||||
|
|
||||||
install_sources() {
|
install_sources() {
|
||||||
# Install/upgrade synapse in virtualenv
|
# Install/upgrade synapse in virtualenv
|
||||||
|
@ -45,7 +46,12 @@ install_sources() {
|
||||||
set +$u_arg;
|
set +$u_arg;
|
||||||
source $final_path/bin/activate
|
source $final_path/bin/activate
|
||||||
set -$u_arg;
|
set -$u_arg;
|
||||||
pip3 install --upgrade setuptools wheel pip
|
if [ $(lsb_release --codename --short) == "bullseye" ]; then
|
||||||
|
pip3 install --upgrade setuptools==60.8.2 wheel pip
|
||||||
|
else
|
||||||
|
pip3 install --upgrade setuptools wheel pip
|
||||||
|
fi
|
||||||
|
|
||||||
chown $synapse_user:root -R $final_path
|
chown $synapse_user:root -R $final_path
|
||||||
sudo -u $synapse_user env PATH=$PATH pip3 install --upgrade 'cryptography>=3.4.7'
|
sudo -u $synapse_user env PATH=$PATH pip3 install --upgrade 'cryptography>=3.4.7'
|
||||||
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
|
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
|
||||||
|
@ -62,3 +68,9 @@ install_sources() {
|
||||||
ynh_secure_remove --file=$final_path/.cargo
|
ynh_secure_remove --file=$final_path/.cargo
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
get_domain_list() {
|
||||||
|
yunohost --output-as plain domain list | grep -E "^#" -v | sort | uniq | while read domain; do
|
||||||
|
echo -n " - https://$domain\n"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
|
@ -26,7 +26,7 @@ server_name=$(ynh_app_setting_get --app=$app --key=server_name)
|
||||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||||
synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
|
synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
|
||||||
jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
|
jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
|
||||||
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration)
|
||||||
port=$(ynh_app_setting_get --app=$app --key=synapse_port)
|
port=$(ynh_app_setting_get --app=$app --key=synapse_port)
|
||||||
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
|
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
|
||||||
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
||||||
|
@ -35,19 +35,20 @@ cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
|
||||||
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
|
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
|
||||||
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
|
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
|
||||||
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
|
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
|
||||||
ynh_print_OFF
|
|
||||||
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
|
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
|
||||||
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
||||||
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
|
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
|
||||||
form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
|
form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
|
||||||
macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
|
macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
|
||||||
ynh_print_ON
|
synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
|
||||||
|
|
||||||
synapse_user="matrix-$app"
|
synapse_user="matrix-$app"
|
||||||
|
synapse_user_app="$app"
|
||||||
synapse_db_name="matrix_$app"
|
synapse_db_name="matrix_$app"
|
||||||
synapse_db_user="matrix_$app"
|
synapse_db_user="matrix_$app"
|
||||||
synapse_db_name="matrix_$app"
|
synapse_db_name="matrix_$app"
|
||||||
upstream_version=$(ynh_app_upstream_version)
|
upstream_version=$(ynh_app_upstream_version)
|
||||||
|
domain_whitelist_client=$(get_domain_list)
|
||||||
|
|
||||||
# Check if the new path stay /_matrix if not exit
|
# Check if the new path stay /_matrix if not exit
|
||||||
|
|
||||||
|
@ -102,7 +103,7 @@ else
|
||||||
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
|
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $is_public -eq 0 ]
|
if [ $is_free_registration -eq 0 ]
|
||||||
then
|
then
|
||||||
allowed_access=False
|
allowed_access=False
|
||||||
sso_enabled=True
|
sso_enabled=True
|
||||||
|
|
|
@ -23,9 +23,11 @@ app=$YNH_APP_INSTANCE_NAME
|
||||||
report_stats=$(ynh_app_setting_get --app $app --key report_stats)
|
report_stats=$(ynh_app_setting_get --app $app --key report_stats)
|
||||||
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
|
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
|
||||||
disable_backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_backup_before_upgrade)
|
disable_backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_backup_before_upgrade)
|
||||||
is_public=$(ynh_app_setting_get --app $app --key is_public)
|
is_free_registration=$(ynh_app_setting_get --app $app --key is_free_registration)
|
||||||
jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
|
jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
|
||||||
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
|
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
|
||||||
|
synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
|
||||||
|
domain_whitelist_client=$(get_domain_list)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND
|
# SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND
|
||||||
|
@ -37,7 +39,7 @@ show_config() {
|
||||||
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS=$report_stats"
|
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS=$report_stats"
|
||||||
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS=$allow_public_rooms"
|
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS=$allow_public_rooms"
|
||||||
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER=$jitsi_server"
|
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER=$jitsi_server"
|
||||||
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=${is_public}"
|
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_FREE_REGISTRATION=${is_free_registration}"
|
||||||
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT=${e2e_enabled_by_default}"
|
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT=${e2e_enabled_by_default}"
|
||||||
|
|
||||||
if [[ ${disable_backup_before_upgrade:-0} -eq 1 ]]
|
if [[ ${disable_backup_before_upgrade:-0} -eq 1 ]]
|
||||||
|
@ -56,7 +58,7 @@ apply_config() {
|
||||||
report_stats=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS:-$report_stats}
|
report_stats=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS:-$report_stats}
|
||||||
allow_public_rooms=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS:-$allow_public_rooms}
|
allow_public_rooms=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS:-$allow_public_rooms}
|
||||||
do_backup_before_upgrade=${YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE:-}
|
do_backup_before_upgrade=${YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE:-}
|
||||||
is_public=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC:-$is_public}
|
is_free_registration=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_FREE_REGISTRATION:-$is_free_registration}
|
||||||
jitsi_server=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER:-$jitsi_server}
|
jitsi_server=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER:-$jitsi_server}
|
||||||
e2e_enabled_by_default=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT:-$e2e_enabled_by_default}
|
e2e_enabled_by_default=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT:-$e2e_enabled_by_default}
|
||||||
|
|
||||||
|
@ -81,7 +83,7 @@ apply_config() {
|
||||||
|
|
||||||
ynh_app_setting_set --app $app --key report_stats --value $report_stats
|
ynh_app_setting_set --app $app --key report_stats --value $report_stats
|
||||||
ynh_app_setting_set --app $app --key allow_public_rooms --value $allow_public_rooms
|
ynh_app_setting_set --app $app --key allow_public_rooms --value $allow_public_rooms
|
||||||
ynh_app_setting_set --app $app --key is_public --value $is_public
|
ynh_app_setting_set --app $app --key is_free_registration --value $is_free_registration
|
||||||
ynh_app_setting_set --app $app --key jitsi_server --value $jitsi_server
|
ynh_app_setting_set --app $app --key jitsi_server --value $jitsi_server
|
||||||
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
|
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
|
||||||
|
|
||||||
|
@ -96,7 +98,7 @@ apply_config() {
|
||||||
domain=$(ynh_app_setting_get --app $app --key domain)
|
domain=$(ynh_app_setting_get --app $app --key domain)
|
||||||
server_name=$(ynh_app_setting_get --app $app --key server_name)
|
server_name=$(ynh_app_setting_get --app $app --key server_name)
|
||||||
synapse_db_pwd=$(ynh_app_setting_get --app $app --key synapse_db_pwd)
|
synapse_db_pwd=$(ynh_app_setting_get --app $app --key synapse_db_pwd)
|
||||||
is_public=$(ynh_app_setting_get --app $app --key is_public)
|
is_free_registration=$(ynh_app_setting_get --app $app --key is_free_registration)
|
||||||
port=$(ynh_app_setting_get --app $app --key synapse_port)
|
port=$(ynh_app_setting_get --app $app --key synapse_port)
|
||||||
synapse_tls_port=$(ynh_app_setting_get --app $app --key synapse_tls_port)
|
synapse_tls_port=$(ynh_app_setting_get --app $app --key synapse_tls_port)
|
||||||
turnserver_tls_port=$(ynh_app_setting_get --app $app --key turnserver_tls_port)
|
turnserver_tls_port=$(ynh_app_setting_get --app $app --key turnserver_tls_port)
|
||||||
|
@ -124,7 +126,7 @@ apply_config() {
|
||||||
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
|
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $is_public -eq 0 ]
|
if [ $is_free_registration -eq 0 ]
|
||||||
then
|
then
|
||||||
allowed_access=False
|
allowed_access=False
|
||||||
sso_enabled=True
|
sso_enabled=True
|
||||||
|
|
|
@ -21,20 +21,13 @@ ynh_clean_setup () {
|
||||||
# Exit if an error occurs during the execution of the script
|
# Exit if an error occurs during the execution of the script
|
||||||
ynh_abort_if_errors
|
ynh_abort_if_errors
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
domain=$YNH_APP_ARG_DOMAIN
|
|
||||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
|
||||||
|
|
||||||
app=$YNH_APP_INSTANCE_NAME
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SET CONSTANTS
|
# SET CONSTANTS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
synapse_user="matrix-$app"
|
synapse_user="matrix-$app"
|
||||||
|
synapse_user_app="$app"
|
||||||
|
synapse_user_app_pwd="$(ynh_string_random --length=30)"
|
||||||
synapse_db_name="matrix_$app"
|
synapse_db_name="matrix_$app"
|
||||||
synapse_db_user="matrix_$app"
|
synapse_db_user="matrix_$app"
|
||||||
synapse_db_name="matrix_$app"
|
synapse_db_name="matrix_$app"
|
||||||
|
@ -43,6 +36,7 @@ report_stats="false"
|
||||||
allow_public_rooms="false"
|
allow_public_rooms="false"
|
||||||
e2e_enabled_by_default="true"
|
e2e_enabled_by_default="true"
|
||||||
default_domain_value="Same than the domain"
|
default_domain_value="Same than the domain"
|
||||||
|
domain_whitelist_client=$(get_domain_list)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
||||||
|
@ -50,7 +44,7 @@ default_domain_value="Same than the domain"
|
||||||
|
|
||||||
domain=$YNH_APP_ARG_DOMAIN
|
domain=$YNH_APP_ARG_DOMAIN
|
||||||
server_name=$YNH_APP_ARG_SERVER_NAME
|
server_name=$YNH_APP_ARG_SERVER_NAME
|
||||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
is_free_registration=$YNH_APP_ARG_IS_FREE_REGISTRATION
|
||||||
jitsi_server=$YNH_APP_ARG_JITSI_SERVER
|
jitsi_server=$YNH_APP_ARG_JITSI_SERVER
|
||||||
path_url="/_matrix"
|
path_url="/_matrix"
|
||||||
final_path="/opt/yunohost/matrix-$app"
|
final_path="/opt/yunohost/matrix-$app"
|
||||||
|
@ -65,8 +59,6 @@ fi
|
||||||
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Validating installation parameters..." --weight=2
|
ynh_script_progression --message="Validating installation parameters..." --weight=2
|
||||||
|
|
||||||
[ $(ynh_webpath_available --domain=$domain --path_url=$path_url) == "True" ] || ynh_die --message="$domain is not available as domain, please use an other domain."
|
|
||||||
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain."
|
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain."
|
||||||
|
|
||||||
# Check Final Path availability
|
# Check Final Path availability
|
||||||
|
@ -90,10 +82,11 @@ ynh_app_setting_set --app=$app --key=server_name --value=$server_name
|
||||||
ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server
|
ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server
|
||||||
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
||||||
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
|
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
|
||||||
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
|
ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_registration
|
||||||
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
|
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
|
||||||
ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms
|
ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms
|
||||||
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
|
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
|
||||||
|
ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD MODIFICATIONS
|
# STANDARD MODIFICATIONS
|
||||||
|
@ -152,6 +145,7 @@ ynh_install_app_dependencies $dependances
|
||||||
ynh_script_progression --message="Configuring system user..." --weight=3
|
ynh_script_progression --message="Configuring system user..." --weight=3
|
||||||
|
|
||||||
ynh_system_user_create --username=$synapse_user --home_dir=$final_path
|
ynh_system_user_create --username=$synapse_user --home_dir=$final_path
|
||||||
|
yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd"
|
||||||
adduser $synapse_user ssl-cert
|
adduser $synapse_user ssl-cert
|
||||||
adduser turnserver ssl-cert
|
adduser turnserver ssl-cert
|
||||||
|
|
||||||
|
@ -160,16 +154,12 @@ adduser turnserver ssl-cert
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4
|
ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4
|
||||||
|
|
||||||
ynh_print_OFF
|
|
||||||
synapse_db_pwd=$(ynh_string_random --length=30)
|
synapse_db_pwd=$(ynh_string_random --length=30)
|
||||||
ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd
|
ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd
|
||||||
ynh_print_ON
|
|
||||||
|
|
||||||
# Create postgresql database
|
# Create postgresql database
|
||||||
ynh_psql_test_if_first_run
|
ynh_psql_test_if_first_run
|
||||||
ynh_print_OFF
|
|
||||||
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
|
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
|
||||||
ynh_print_ON
|
|
||||||
ynh_psql_execute_as_root \
|
ynh_psql_execute_as_root \
|
||||||
--sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
|
--sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
|
||||||
|
|
||||||
|
@ -222,7 +212,6 @@ deactivate
|
||||||
set -u;
|
set -u;
|
||||||
|
|
||||||
# Get random values from config
|
# Get random values from config
|
||||||
ynh_print_OFF
|
|
||||||
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
|
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
|
||||||
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
|
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
|
||||||
macaroon_secret_key=$(egrep "^macaroon_secret_key:" homeserver.yml | cut -d'"' -f2)
|
macaroon_secret_key=$(egrep "^macaroon_secret_key:" homeserver.yml | cut -d'"' -f2)
|
||||||
|
@ -231,7 +220,6 @@ macaroon_secret_key=$(egrep "^macaroon_secret_key:" homeserver.yml | cut -d'"' -
|
||||||
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
|
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
|
||||||
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
|
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
|
||||||
ynh_app_setting_set --app=$app --key=macaroon_secret_key --value="$macaroon_secret_key"
|
ynh_app_setting_set --app=$app --key=macaroon_secret_key --value="$macaroon_secret_key"
|
||||||
ynh_print_ON
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP SYSTEMD
|
# SETUP SYSTEMD
|
||||||
|
@ -279,7 +267,7 @@ ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
|
||||||
|
|
||||||
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
|
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
|
||||||
|
|
||||||
if [ $is_public -eq 0 ]
|
if [ $is_free_registration -eq 0 ]
|
||||||
then
|
then
|
||||||
allowed_access=False
|
allowed_access=False
|
||||||
sso_enabled=True
|
sso_enabled=True
|
||||||
|
|
|
@ -29,6 +29,7 @@ turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tl
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
synapse_user="matrix-$app"
|
synapse_user="matrix-$app"
|
||||||
|
synapse_user_app="$app"
|
||||||
synapse_db_name="matrix_$app"
|
synapse_db_name="matrix_$app"
|
||||||
synapse_db_user="matrix_$app"
|
synapse_db_user="matrix_$app"
|
||||||
synapse_db_name="matrix_$app"
|
synapse_db_name="matrix_$app"
|
||||||
|
@ -142,6 +143,7 @@ ynh_script_progression --message="Removing the dedicated system user" --weight=1
|
||||||
|
|
||||||
# Delete a system user
|
# Delete a system user
|
||||||
ynh_system_user_delete --username=$synapse_user
|
ynh_system_user_delete --username=$synapse_user
|
||||||
|
yunohost user delete $synapse_user_app
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# END OF SCRIPT
|
# END OF SCRIPT
|
||||||
|
|
|
@ -37,15 +37,15 @@ synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
|
||||||
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
||||||
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
||||||
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
|
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
|
||||||
ynh_print_OFF
|
|
||||||
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
|
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
|
||||||
ynh_print_ON
|
synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SET ALL CONSTANT
|
# SET ALL CONSTANT
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
synapse_user="matrix-$app"
|
synapse_user="matrix-$app"
|
||||||
|
synapse_user_app="$app"
|
||||||
synapse_db_name="matrix_$app"
|
synapse_db_name="matrix_$app"
|
||||||
synapse_db_user="matrix_$app"
|
synapse_db_user="matrix_$app"
|
||||||
synapse_db_name="matrix_$app"
|
synapse_db_name="matrix_$app"
|
||||||
|
@ -58,8 +58,6 @@ data_path="/home/yunohost.app/matrix-$app"
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Validating restoration parameters..." --weight=2
|
ynh_script_progression --message="Validating restoration parameters..." --weight=2
|
||||||
|
|
||||||
ynh_webpath_available --domain=$domain --path_url=$path_url \
|
|
||||||
|| ynh_die --message="Path not available: ${domain}${path_url}"
|
|
||||||
test ! -d $final_path \
|
test ! -d $final_path \
|
||||||
|| ynh_die --message="There is already a directory: $final_path "
|
|| ynh_die --message="There is already a directory: $final_path "
|
||||||
|
|
||||||
|
@ -81,6 +79,7 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei
|
||||||
|
|
||||||
# Create the dedicated user (if not existing)
|
# Create the dedicated user (if not existing)
|
||||||
ynh_system_user_create --username=$synapse_user --home_dir=$final_path
|
ynh_system_user_create --username=$synapse_user --home_dir=$final_path
|
||||||
|
yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd"
|
||||||
adduser $synapse_user ssl-cert
|
adduser $synapse_user ssl-cert
|
||||||
adduser turnserver ssl-cert
|
adduser turnserver ssl-cert
|
||||||
|
|
||||||
|
@ -110,9 +109,7 @@ ynh_systemd_action --action=restart --service_name=fail2ban
|
||||||
ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13
|
ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13
|
||||||
|
|
||||||
ynh_psql_test_if_first_run
|
ynh_psql_test_if_first_run
|
||||||
ynh_print_OFF
|
|
||||||
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
|
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
|
||||||
ynh_print_ON
|
|
||||||
ynh_psql_execute_as_root \
|
ynh_psql_execute_as_root \
|
||||||
--sql="CREATE DATABASE $synapse_db_name
|
--sql="CREATE DATABASE $synapse_db_name
|
||||||
ENCODING 'UTF8'
|
ENCODING 'UTF8'
|
||||||
|
@ -165,9 +162,7 @@ ynh_script_progression --message="Reconfiguring coturn..." --weight=23
|
||||||
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
||||||
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
||||||
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
|
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
|
||||||
ynh_print_OFF
|
|
||||||
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
||||||
ynh_print_ON
|
|
||||||
|
|
||||||
# WARNING : these commands are used in INSTALL, UPGRADE
|
# WARNING : these commands are used in INSTALL, UPGRADE
|
||||||
# For any update do it in all files
|
# For any update do it in all files
|
||||||
|
|
|
@ -26,7 +26,7 @@ jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
|
||||||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||||
synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
|
synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
|
||||||
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration)
|
||||||
port=$(ynh_app_setting_get --app=$app --key=synapse_port)
|
port=$(ynh_app_setting_get --app=$app --key=synapse_port)
|
||||||
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
|
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
|
||||||
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
||||||
|
@ -35,19 +35,20 @@ cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
|
||||||
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
|
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
|
||||||
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
|
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
|
||||||
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
|
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
|
||||||
ynh_print_OFF
|
|
||||||
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
|
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
|
||||||
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
||||||
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
|
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
|
||||||
form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
|
form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
|
||||||
macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
|
macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
|
||||||
ynh_print_ON
|
synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
|
||||||
|
domain_whitelist_client=$(get_domain_list)
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SET ALL CONSTANT
|
# SET ALL CONSTANT
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
synapse_user="matrix-$app"
|
synapse_user="matrix-$app"
|
||||||
|
synapse_user_app="$app"
|
||||||
synapse_db_name="matrix_$app"
|
synapse_db_name="matrix_$app"
|
||||||
synapse_db_user="matrix_$app"
|
synapse_db_user="matrix_$app"
|
||||||
synapse_db_name="matrix_$app"
|
synapse_db_name="matrix_$app"
|
||||||
|
@ -131,6 +132,17 @@ if [ -z $allow_public_rooms ]; then
|
||||||
ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms
|
ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_rooms
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -z $is_free_registration ]; then
|
||||||
|
is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public)
|
||||||
|
ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_registration
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z $synapse_user_app_pwd ]; then
|
||||||
|
synapse_user_app_pwd="$(ynh_string_random --length=30)"
|
||||||
|
ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
|
||||||
|
yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd"
|
||||||
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# MIGRATION 6 : Migrate data directory
|
# MIGRATION 6 : Migrate data directory
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -183,10 +195,8 @@ chown $synapse_user:root -R $final_www_path
|
||||||
# MIGRATION 1 : GENERATE SYNAPSE SECRET
|
# MIGRATION 1 : GENERATE SYNAPSE SECRET
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
ynh_print_OFF
|
|
||||||
if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ]
|
if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ]
|
||||||
then
|
then
|
||||||
ynh_print_ON
|
|
||||||
ynh_script_progression --message="Generating synapse secret..." --weight=1
|
ynh_script_progression --message="Generating synapse secret..." --weight=1
|
||||||
|
|
||||||
# Go in virtualenvironnement
|
# Go in virtualenvironnement
|
||||||
|
@ -203,16 +213,13 @@ then
|
||||||
set -u;
|
set -u;
|
||||||
|
|
||||||
# Get random values from config
|
# Get random values from config
|
||||||
ynh_print_OFF
|
|
||||||
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
|
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
|
||||||
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
|
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
|
||||||
|
|
||||||
# store in yunohost settings
|
# store in yunohost settings
|
||||||
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
|
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
|
||||||
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
|
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
|
||||||
ynh_print_ON
|
|
||||||
fi
|
fi
|
||||||
ynh_print_ON
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# UPDATE SYNAPSE CONFIG
|
# UPDATE SYNAPSE CONFIG
|
||||||
|
@ -232,7 +239,7 @@ else
|
||||||
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
|
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ $is_public -eq 0 ]
|
if [ $is_free_registration -eq 0 ]
|
||||||
then
|
then
|
||||||
allowed_access=False
|
allowed_access=False
|
||||||
sso_enabled=True
|
sso_enabled=True
|
||||||
|
|
Loading…
Reference in a new issue