YunoHost-Apps/synapse_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00
Code Issues Activity Actions

Merge pull request #118 from YunoHost-Apps/package_upgrade

Browse source 
Normalization from example_ynh
This commit is contained in:
Josue-T 2019-10-31 20:02:58 +01:00 committed by GitHub
commit 958fa3e2cb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 747 additions and 1093 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
README.md
View file

@ -1,16 +1,14 @@
Synapse for YunoHost
====================
# Synapse for YunoHost
![](https://matrix.org/blog/wp-content/uploads/2015/01/logo1.png)
[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://ci-apps.yunohost.org/jenkins/job/synapse%20%28Community%29/lastBuild/consoleFull)
[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse)
[![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=synapse)
> *This package allows you to install synapse quickly and simply on a YunoHost server.
> *This package allows you to install Synapse quickly and simply on a YunoHost server.
If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
Overview
--------
## Overview
Instant messaging server matrix network.
@ -18,8 +16,7 @@ Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org
**Shipped version:** 1.3.1
Configuration
-------------
## Configuration
### Install for ARM arch (or slow arch)
@ -93,14 +90,12 @@ We have put some coarse mitigations into place to try to protect against this
situation, but it's still not a good practice to do it in the first place. See
https://github.com/vector-im/riot-web/issues/1977 for more details.
Documentation
-------------
## Documentation
- Official documentation: https://github.com/matrix-org/synapse
- YunoHost documentation: to be created; feel free to help!
YunoHost specific features
--------------------------
## YunoHost specific features
### Multi-users support
@ -108,30 +103,20 @@ Supported with LDAP.
### Supported architectures
- Tested on x86_64
- Tested on ARM (with specific build)
Limitations
-----------
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/synapse%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/synapse/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/synapse%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/synapse/)
* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/synapse%20%28Apps%29.svg)](https://ci-stretch.nohost.me/ci/apps/synapse/)
## Limitations
Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM.
This app doesn't provide any real good web interface. So it's recommended to use Riot client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/riot_ynh)
Links
-----
## Additional information
- Report a bug: https://github.com/YunoHost-Apps/synapse_ynh/issues
- Matrix website: https://matrix.org/
- YunoHost website: https://yunohost.org/
Additional information
-----
Administation
-------------
## Administation
**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.**
@ -182,17 +167,24 @@ If anything fails while you are doing the upgrade please create an issue here: h
Synapse is published under the Apache License: https://github.com/matrix-org/synapse/blob/master/LICENSE
## Links
- Report a bug: https://github.com/YunoHost-Apps/synapse_ynh/issues
- Matrix website: https://matrix.org/
- Synapse repository: https://github.com/matrix-org/synapse
- YunoHost website: https://yunohost.org/
---
Developers infos
----------------
Please do your pull request to the testing branch.
Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
To try the testing branch, please proceed like that:
```bash
sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --verbose
sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
or
sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --verbose
sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
```

10
check_process
View file

@ -19,17 +19,7 @@
port_already_use=1 (8448)
change_url=0
;;; Levels
Level 1=auto
Level 2=auto
Level 3=auto
# https://github.com/YunoHost-Apps/synapse_ynh/blob/master/conf/homeserver.yaml#L443-L454
Level 4=1
Level 5=auto
Level 6=auto
Level 7=auto
Level 8=0
Level 9=0
Level 10=0
;;; Upgrade options
; commit=db374d2bff981d2660ebdac52ee77c684383c00d
name=Fix postgresql helper from old_version_for_CI_2 branch

11
conf/armv7_jessie.src
View file

@ -1,11 +0,0 @@
SOURCE_URL=https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.0.0/matrix-synapse_1.0.0-jessie-bin1_armv7l.tar.gz
SOURCE_SUM=
# (Optional) Program to check the integrity (sha256sum, md5sum...)
# default: sha256
SOURCE_SUM_PRG=sha256sum
# (Optional) Archive format
# default: tar.gz
SOURCE_FORMAT=tar.gz
# (Optional) Put false if sources are directly in the archive root
# default: true
SOURCE_IN_SUBDIR=true

4
conf/nginx.conf
View file

@ -1,6 +1,6 @@
location __PATH__ {
proxy_pass http://localhost:__PORT__;
proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 100M;
}
}

10
manifest.json
View file

@ -2,9 +2,6 @@
"name": "Synapse",
"id": "synapse",
"packaging_format": 1,
"requirements": {
"yunohost": ">= 3.5.0"
},
"description": {
"en": "Instant messaging server who use matrix",
"fr": "Un serveur de messagerie instantané basé sur matrix"
@ -16,6 +13,9 @@
"name": "Josué Tille",
"email": "josue@tille.ch"
},
"requirements": {
"yunohost": ">= 3.5"
},
"multi_instance": true,
"services": [
"nginx"
@ -48,11 +48,11 @@
"en": "Is it a public server ?",
"fr": "Est-ce un serveur public ?"
},
"default": false,
"help": {
"en": "A public server means that anybody will be able to register on this server.",
"fr": "Un serveur public signifie que n'importe qui pourra s'enregistrer sur ce serveur."
},
"default": 0
}
}
]
}

105
scripts/backup
View file

@ -6,83 +6,102 @@
# IMPORT GENERIC HELPERS
#=================================================
source ../settings/scripts/_common.sh
source ../settings/scripts/experimental_helper.sh
source /usr/share/yunohost/helpers
# Stop script if errors
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
# Import common cmd
source ../settings/scripts/psql.sh
source ../settings/scripts/experimental_helper.sh
source ../settings/scripts/_common.sh
#=================================================
# SET ALL CONSTANT
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=2
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# SET CONSTANTS
#=================================================
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
domain=$(ynh_app_setting_get $app special_domain)
final_path=$(ynh_app_setting_get $app final_path)
#=================================================
# STANDARD BACKUP STEPS
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf"
#=================================================
# BACKUP SYNAPSE CONFIG
#=================================================
ynh_backup "/etc/matrix-$app"
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_backup "/etc/default/matrix-$app"
ynh_backup "/etc/systemd/system/matrix-$app.service"
ynh_backup "/etc/default/coturn-$app"
ynh_backup "/etc/systemd/system/coturn-$app.service"
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Backing up the main app directory..." --weight=1
ynh_backup "$final_path" "bin"
ynh_backup --src_path="$final_path"
#=================================================
# BACKUP SYNAPSE DATA
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Backing up nginx web server configuration..." --weight=1
ynh_backup "/var/lib/matrix-$app" "data" 1
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Backing up the PostgreSQL database..." --weight=2
ynh_psql_dump_db "$synapse_db_name" > ${YNH_CWD}/dump.sql
ynh_psql_dump_db --database="$synapse_db_name" > ${YNH_CWD}/dump.sql
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Backing up fail2ban configuration" --weight=1
ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP SYNAPSE CONFIG
#=================================================
ynh_script_progression --message="Backing up synapse configuration..." --weight=2
ynh_backup --src_path="/etc/matrix-$app"
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_script_progression --message="Backing up systemd configuration..." --weight=1
ynh_backup --src_path="/etc/default/matrix-$app"
ynh_backup --src_path="/etc/systemd/system/matrix-$app.service"
ynh_backup --src_path="/etc/default/coturn-$app"
ynh_backup --src_path="/etc/systemd/system/coturn-$app.service"
#=================================================
# BACKUP SYNAPSE DATA
#=================================================
ynh_script_progression --message="Backing up synapse data..." --weight=1
ynh_backup --src_path="/var/lib/matrix-$app"
#=================================================
# BACKUP SYNAPSE LOG
#=================================================
ynh_script_progression --message="Backing up synapse log..." --weight=1
ynh_backup "/var/log/matrix-$app"
ynh_backup --src_path="/var/log/matrix-$app"
#=================================================
# BACKUP FAIL2BAN CONFIG
# END OF SCRIPT
#=================================================
ynh_backup "/etc/fail2ban/jail.d/$app.conf"
ynh_backup "/etc/fail2ban/filter.d/$app.conf"
ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last

64
scripts/config
View file

@ -29,16 +29,16 @@ app=$YNH_APP_INSTANCE_NAME
show_config() {
# here you are supposed to read some config file/database/other then print the values
# echo "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value"
echo "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS=$(ynh_app_setting_get $app report_stats)"
echo "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS=$(ynh_app_setting_get --app $app --key report_stats)"
backup_before_upgrade=$(ynh_app_setting_get $app disable_backup_before_upgrade)
backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_backup_before_upgrade)
if [[ ${backup_before_upgrade:-0} -eq 1 ]]
then
echo "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=False"
else
echo "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=True"
fi
is_public=$(ynh_app_setting_get $app is_public)
is_public=$(ynh_app_setting_get --app $app --key is_public)
if [[ ${is_public} -eq 1 ]]
then
echo "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=False"
@ -52,33 +52,33 @@ show_config() {
#=================================================
apply_config() {
ynh_app_setting_set $app report_stats $YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS
ynh_app_setting_set --app $app --key report_stats --value $YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS
if ${YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE,,}
then
ynh_app_setting_set $app disable_backup_before_upgrade 0
ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 0
else
ynh_app_setting_set $app disable_backup_before_upgrade 1
ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 1
fi
if ${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC,,}
then
ynh_app_setting_set $app is_public 1
ynh_app_setting_set --app $app --key is_public --value 1
else
ynh_app_setting_set $app is_public 0
ynh_app_setting_set --app $app --key is_public --value 0
fi
domain=$(ynh_app_setting_get $app special_domain)
server_name=$(ynh_app_setting_get $app server_name)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public)
port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
registration_shared_secret=$(ynh_app_setting_get $app registration_shared_secret)
form_secret=$(ynh_app_setting_get $app form_secret)
report_stats=$(ynh_app_setting_get $app report_stats)
domain=$(ynh_app_setting_get --app $app --key special_domain)
server_name=$(ynh_app_setting_get --app $app --key server_name)
synapse_db_pwd=$(ynh_app_setting_get --app $app --key synapse_db_pwd)
is_public=$(ynh_app_setting_get --app $app --key is_public)
port=$(ynh_app_setting_get --app $app --key synapse_port)
synapse_tls_port=$(ynh_app_setting_get --app $app --key synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app $app --key turnserver_tls_port)
turnserver_pwd=$(ynh_app_setting_get --app $app --key turnserver_pwd)
registration_shared_secret=$(ynh_app_setting_get --app $app --key registration_shared_secret)
form_secret=$(ynh_app_setting_get --app $app --key form_secret)
report_stats=$(ynh_app_setting_get --app $app --key report_stats)
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
@ -95,18 +95,18 @@ apply_config() {
cp ../conf/homeserver.yaml "$homeserver_config_path"
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string __APP__ $app "$homeserver_config_path"
ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path"
ynh_replace_string __SERVER_NAME__ $server_name "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path"
ynh_replace_string __PORT__ $port "$homeserver_config_path"
ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path"
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path"
ynh_replace_string __REGISTRATION_SECRET__ "$registration_shared_secret" "$homeserver_config_path"
ynh_replace_string __FORM_SECRET__ "$form_secret" "$homeserver_config_path"
ynh_replace_string __REPORT_STATS__ "$report_stats" "$homeserver_config_path"
ynh_replace_string --match_string __APP__ --replace_string $app --target_file "$homeserver_config_path"
ynh_replace_string --match_string __DOMAIN__ --replace_string $domain --target_file "$homeserver_config_path"
ynh_replace_string --match_string __SERVER_NAME__ --replace_string $server_name --target_file "$homeserver_config_path"
ynh_replace_string --match_string __SYNAPSE_DB_USER__ --replace_string $synapse_db_user --target_file "$homeserver_config_path"
ynh_replace_string --match_string __SYNAPSE_DB_PWD__ --replace_string $synapse_db_pwd --target_file "$homeserver_config_path"
ynh_replace_string --match_string __PORT__ --replace_string $port --target_file "$homeserver_config_path"
ynh_replace_string --match_string __TLS_PORT__ --replace_string $synapse_tls_port --target_file "$homeserver_config_path"
ynh_replace_string --match_string __TURNSERVER_TLS_PORT__ --replace_string $turnserver_tls_port --target_file "$homeserver_config_path"
ynh_replace_string --match_string __TURNPWD__ --replace_string $turnserver_pwd --target_file "$homeserver_config_path"
ynh_replace_string --match_string __REGISTRATION_SECRET__ --replace_string "$registration_shared_secret" --target_file "$homeserver_config_path"
ynh_replace_string --match_string __FORM_SECRET__ --replace_string "$form_secret" --target_file "$homeserver_config_path"
ynh_replace_string --match_string __REPORT_STATS__ --replace_string "$report_stats" --target_file "$homeserver_config_path"
if [ "$is_public" = "0" ]
then
@ -115,7 +115,7 @@ apply_config() {
ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path"
fi
ynh_store_file_checksum "$homeserver_config_path"
ynh_store_file_checksum --file "$homeserver_config_path"
setfacl -R -m user:turnserver:rX /etc/matrix-$app
systemctl restart matrix-$app

535
scripts/experimental_helper.sh
View file

@ -1,101 +1,30 @@
# Read the value of a key in a ynh manifest file
#
# usage: ynh_read_manifest manifest key
# | arg: manifest - Path of the manifest to read
# | arg: key - Name of the key to find
ynh_read_manifest () {
manifest="$1"
key="$2"
python3 -c "import sys, json;print(json.load(open('$manifest', encoding='utf-8'))['$key'])"
}
# Read the upstream version from the manifest
# this include the number before ~ynh
#
# usage: ynh_app_upstream_version
ynh_app_upstream_version () {
manifest_path="../manifest.json"
if [ ! -e "$manifest_path" ]; then
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
fi
version_key=$(ynh_read_manifest "$manifest_path" "version")
echo "${version_key/~ynh*/}"
}
# Read package version from the manifest
# this include the number after ~ynh
#
# usage: ynh_app_package_version
ynh_app_package_version () {
manifest_path="../manifest.json"
if [ ! -e "$manifest_path" ]; then
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
fi
version_key=$(ynh_read_manifest "$manifest_path" "version")
echo "${version_key/*~ynh/}"
}
# Start or restart a service and follow its booting
#
# usage: ynh_check_starting "Line to match" [Log file] [Timeout] [Service name]
#
# | arg: Line to match - The line to find in the log to attest the service have finished to boot.
# | arg: Log file - The log file to watch
# | arg: Service name
# /var/log/$app/$app.log will be used if no other log is defined.
# | arg: Timeout - The maximum time to wait before ending the watching. Defaut 300 seconds.
ynh_check_starting () {
local line_to_match="$1"
local service_name="${4:-$app}"
local app_log="${2:-/var/log/$service_name/$service_name.log}"
local timeout=${3:-300}
ynh_clean_check_starting () {
# Stop the execution of tail.
kill -s 15 $pid_tail 2>&1
ynh_secure_remove "$templog" 2>&1
}
echo "Starting of $service_name" >&2
systemctl restart $service_name
local templog="$(mktemp)"
# Following the starting of the app in its log
tail -F -n1 "$app_log" > "$templog" &
# Get the PID of the tail command
local pid_tail=$!
local i=0
for i in `seq 1 $timeout`
do
# Read the log until the sentence is found, that means the app finished to start. Or run until the timeout
if grep --quiet "$line_to_match" "$templog"
then
echo "The service $service_name has correctly started." >&2
break
fi
echo -n "." >&2
sleep 1
done
if [ $i -eq $timeout ]
then
echo "The service $service_name didn't fully started before the timeout." >&2
fi
echo ""
ynh_clean_check_starting
}
#!/bin/bash
# Send an email to inform the administrator
#
# usage: ynh_send_readme_to_admin app_message [recipients]
# | arg: app_message - The message to send to the administrator.
# | arg: recipients - The recipients of this email. Use spaces to separate multiples recipients. - default: root
# usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type]
# | arg: -m --app_message= - The file with the content to send to the administrator.
# | arg: -r, --recipients= - The recipients of this email. Use spaces to separate multiples recipients. - default: root
# example: "root admin@domain"
# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you
# example: "root admin@domain user1 user2"
# | arg: -t, --type= - Type of mail, could be 'backup', 'change_url', 'install', 'remove', 'restore', 'upgrade'
ynh_send_readme_to_admin() {
local app_message="${1:-...No specific information...}"
local recipients="${2:-root}"
# Declare an array to define the options of this helper.
declare -Ar args_array=( [m]=app_message= [r]=recipients= [t]=type= )
local app_message
local recipients
local type
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
app_message="${app_message:-}"
recipients="${recipients:-root}"
type="${type:-install}"
# Get the value of admin_mail_html
admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
admin_mail_html="${admin_mail_html:-0}"
# Retrieve the email of users
find_mails () {
@ -121,18 +50,75 @@ ynh_send_readme_to_admin() {
}
recipients=$(find_mails "$recipients")
local mail_subject="☁️🆈🅽🅷☁️: \`$app\` was just installed!"
# Subject base
local mail_subject="☁️🆈🅽🅷☁️: \`$app\`"
# Adapt the subject according to the type of mail required.
if [ "$type" = "backup" ]; then
mail_subject="$mail_subject has just been backup."
elif [ "$type" = "change_url" ]; then
mail_subject="$mail_subject has just been moved to a new URL!"
elif [ "$type" = "remove" ]; then
mail_subject="$mail_subject has just been removed!"
elif [ "$type" = "restore" ]; then
mail_subject="$mail_subject has just been restored!"
elif [ "$type" = "upgrade" ]; then
mail_subject="$mail_subject has just been upgraded!"
else # install
mail_subject="$mail_subject has just been installed!"
fi
local mail_message="This is an automated message from your beloved YunoHost server.
Specific information for the application $app.
$app_message
$(if [ -n "$app_message" ]
then
cat "$app_message"
else
echo "...No specific information..."
fi)
---
Automatic diagnosis data from YunoHost
$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')"
__PRE_TAG1__$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')__PRE_TAG2__"
# Store the message into a file for further modifications.
echo "$mail_message" > mail_to_send
# If a html email is required. Apply html tags to the message.
if [ "$admin_mail_html" -eq 1 ]
then
# Insert 'br' tags at each ending of lines.
ynh_replace_string "$" "<br>" mail_to_send
# Insert starting HTML tags
sed --in-place '1s@^@<!DOCTYPE html>\n<html>\n<head></head>\n<body>\n@' mail_to_send
# Keep tabulations
ynh_replace_string " " "\&#160;\&#160;" mail_to_send
ynh_replace_string "\t" "\&#160;\&#160;" mail_to_send
# Insert url links tags
ynh_replace_string "__URL_TAG1__\(.*\)__URL_TAG2__\(.*\)__URL_TAG3__" "<a href=\"\2\">\1</a>" mail_to_send
# Insert pre tags
ynh_replace_string "__PRE_TAG1__" "<pre>" mail_to_send
ynh_replace_string "__PRE_TAG2__" "<\pre>" mail_to_send
# Insert finishing HTML tags
echo -e "\n</body>\n</html>" >> mail_to_send
# Otherwise, remove tags to keep a plain text.
else
# Remove URL tags
ynh_replace_string "__URL_TAG[1,3]__" "" mail_to_send
ynh_replace_string "__URL_TAG2__" ": " mail_to_send
# Remove PRE tags
ynh_replace_string "__PRE_TAG[1-2]__" "" mail_to_send
fi
# Define binary to use for mail command
if [ -e /usr/bin/bsd-mailx ]
@ -142,361 +128,14 @@ $(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')"
local mail_bin=/usr/bin/mail.mailutils
fi
# Send the email to the recipients
echo "$mail_message" | $mail_bin -a "Content-Type: text/plain; charset=UTF-8" -s "$mail_subject" "$recipients"
}
# Internal helper design to allow helpers to use getopts to manage their arguments
#
# [internal]
#
# example: function my_helper()
# {
# declare -Ar args_array=( [a]=arg1= [b]=arg2= [c]=arg3 )
# local arg1
# local arg2
# local arg3
# ynh_handle_getopts_args "$@"
#
# [...]
# }
# my_helper --arg1 "val1" -b val2 -c
#
# usage: ynh_handle_getopts_args "$@"
# | arg: $@ - Simply "$@" to tranfert all the positionnal arguments to the function
#
# This helper need an array, named "args_array" with all the arguments used by the helper
# that want to use ynh_handle_getopts_args
# Be carreful, this array has to be an associative array, as the following example:
# declare -Ar args_array=( [a]=arg1 [b]=arg2= [c]=arg3 )
# Let's explain this array:
# a, b and c are short options, -a, -b and -c
# arg1, arg2 and arg3 are the long options associated to the previous short ones. --arg1, --arg2 and --arg3
# For each option, a short and long version has to be defined.
# Let's see something more significant
# declare -Ar args_array=( [u]=user [f]=finalpath= [d]=database )
#
# NB: Because we're using 'declare' without -g, the array will be declared as a local variable.
#
# Please keep in mind that the long option will be used as a variable to store the values for this option.
# For the previous example, that means that $finalpath will be fill with the value given as argument for this option.
#
# Also, in the previous example, finalpath has a '=' at the end. That means this option need a value.
# So, the helper has to be call with --finalpath /final/path, --finalpath=/final/path or -f /final/path, the variable $finalpath will get the value /final/path
# If there's many values for an option, -f /final /path, the value will be separated by a ';' $finalpath=/final;/path
# For an option without value, like --user in the example, the helper can be called only with --user or -u. $user will then get the value 1.
#
# To keep a retrocompatibility, a package can still call a helper, using getopts, with positional arguments.
# The "legacy mode" will manage the positional arguments and fill the variable in the same order than they are given in $args_array.
# e.g. for `my_helper "val1" val2`, arg1 will be filled with val1, and arg2 with val2.
ynh_handle_getopts_args () {
# Manage arguments only if there's some provided
set +x
if [ $# -ne 0 ]
if [ "$admin_mail_html" -eq 1 ]
then
# Store arguments in an array to keep each argument separated
local arguments=("$@")
# For each option in the array, reduce to short options for getopts (e.g. for [u]=user, --user will be -u)
# And built parameters string for getopts
# ${!args_array[@]} is the list of all option_flags in the array (An option_flag is 'u' in [u]=user, user is a value)
local getopts_parameters=""
local option_flag=""
for option_flag in "${!args_array[@]}"
do
# Concatenate each option_flags of the array to build the string of arguments for getopts
# Will looks like 'abcd' for -a -b -c -d
# If the value of an option_flag finish by =, it's an option with additionnal values. (e.g. --user bob or -u bob)
# Check the last character of the value associate to the option_flag
if [ "${args_array[$option_flag]: -1}" = "=" ]
then
# For an option with additionnal values, add a ':' after the letter for getopts.
getopts_parameters="${getopts_parameters}${option_flag}:"
else
getopts_parameters="${getopts_parameters}${option_flag}"
fi
# Check each argument given to the function
local arg=""
# ${#arguments[@]} is the size of the array
for arg in `seq 0 $(( ${#arguments[@]} - 1 ))`
do
# And replace long option (value of the option_flag) by the short option, the option_flag itself
# (e.g. for [u]=user, --user will be -u)
# Replace long option with =
arguments[arg]="${arguments[arg]//--${args_array[$option_flag]}/-${option_flag} }"
# And long option without =
arguments[arg]="${arguments[arg]//--${args_array[$option_flag]%=}/-${option_flag}}"
done
done
# Read and parse all the arguments
# Use a function here, to use standart arguments $@ and be able to use shift.
parse_arg () {
# Read all arguments, until no arguments are left
while [ $# -ne 0 ]
do
# Initialize the index of getopts
OPTIND=1
# Parse with getopts only if the argument begin by -, that means the argument is an option
# getopts will fill $parameter with the letter of the option it has read.
local parameter=""
getopts ":$getopts_parameters" parameter || true
if [ "$parameter" = "?" ]
then
ynh_die --message="Invalid argument: -${OPTARG:-}"
elif [ "$parameter" = ":" ]
then
ynh_die --message="-$OPTARG parameter requires an argument."
else
local shift_value=1
# Use the long option, corresponding to the short option read by getopts, as a variable
# (e.g. for [u]=user, 'user' will be used as a variable)
# Also, remove '=' at the end of the long option
# The variable name will be stored in 'option_var'
local option_var="${args_array[$parameter]%=}"
# If this option doesn't take values
# if there's a '=' at the end of the long option name, this option takes values
if [ "${args_array[$parameter]: -1}" != "=" ]
then
# 'eval ${option_var}' will use the content of 'option_var'
eval ${option_var}=1
else
# Read all other arguments to find multiple value for this option.
# Load args in a array
local all_args=("$@")
# If the first argument is longer than 2 characters,
# There's a value attached to the option, in the same array cell
if [ ${#all_args[0]} -gt 2 ]; then
# Remove the option and the space, so keep only the value itself.
all_args[0]="${all_args[0]#-${parameter} }"
# Reduce the value of shift, because the option has been removed manually
shift_value=$(( shift_value - 1 ))
fi
# Declare the content of option_var as a variable.
eval ${option_var}=""
# Then read the array value per value
local i
for i in `seq 0 $(( ${#all_args[@]} - 1 ))`
do
# If this argument is an option, end here.
if [ "${all_args[$i]:0:1}" == "-" ]
then
# Ignore the first value of the array, which is the option itself
if [ "$i" -ne 0 ]; then
break
fi
else
# Else, add this value to this option
# Each value will be separated by ';'
if [ -n "${!option_var}" ]
then
# If there's already another value for this option, add a ; before adding the new value
eval ${option_var}+="\;"
fi
# Escape double quote to prevent any interpretation during the eval
all_args[$i]="${all_args[$i]//\"/\\\"}"
eval ${option_var}+=\"${all_args[$i]}\"
shift_value=$(( shift_value + 1 ))
fi
done
fi
fi
# Shift the parameter and its argument(s)
shift $shift_value
done
}
# LEGACY MODE
# Check if there's getopts arguments
if [ "${arguments[0]:0:1}" != "-" ]
then
# If not, enter in legacy mode and manage the arguments as positionnal ones..
# Dot not echo, to prevent to go through a helper output. But print only in the log.
set -x; echo "! Helper used in legacy mode !" > /dev/null; set +x
local i
for i in `seq 0 $(( ${#arguments[@]} -1 ))`
do
# Try to use legacy_args as a list of option_flag of the array args_array
# Otherwise, fallback to getopts_parameters to get the option_flag. But an associative arrays isn't always sorted in the correct order...
# Remove all ':' in getopts_parameters
getopts_parameters=${legacy_args:-${getopts_parameters//:}}
# Get the option_flag from getopts_parameters, by using the option_flag according to the position of the argument.
option_flag=${getopts_parameters:$i:1}
if [ -z "$option_flag" ]; then
ynh_print_warn --message="Too many arguments ! \"${arguments[$i]}\" will be ignored."
continue
fi
# Use the long option, corresponding to the option_flag, as a variable
# (e.g. for [u]=user, 'user' will be used as a variable)
# Also, remove '=' at the end of the long option
# The variable name will be stored in 'option_var'
local option_var="${args_array[$option_flag]%=}"
# Escape double quote to prevent any interpretation during the eval
arguments[$i]="${arguments[$i]//\"/\\\"}"
# Store each value given as argument in the corresponding variable
# The values will be stored in the same order than $args_array
eval ${option_var}+=\"${arguments[$i]}\"
done
unset legacy_args
else
# END LEGACY MODE
# Call parse_arg and pass the modified list of args as an array of arguments.
parse_arg "${arguments[@]}"
fi
content_type="text/html"
else
content_type="text/plain"
fi
set -x
# Send the email to the recipients
cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients"
}
# Create a dedicated fail2ban config (jail and filter conf files)
#
# usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports]
# | arg: -l, --logpath= - Log file to be checked by fail2ban
# | arg: -r, --failregex= - Failregex to be looked for by fail2ban
# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3
# | arg: -p, --ports= - Ports blocked for a banned IP address - default: http,https
#
# -----------------------------------------------------------------------------
#
# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"]
# | arg: -t, --use_template - Use this helper in template mode
# | arg: -v, --others_var= - List of others variables to replace separeted by a space
# | for example : 'var_1 var_2 ...'
#
# This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf
# __APP__ by $app
#
# You can dynamically replace others variables by example :
# __VAR_1__ by $var_1
# __VAR_2__ by $var_2
#
# Generally your template will look like that by example (for synapse):
#
# f2b_jail.conf:
# [__APP__]
# enabled = true
# port = http,https
# filter = __APP__
# logpath = /var/log/__APP__/logfile.log
# maxretry = 3
#
# f2b_filter.conf:
# [INCLUDES]
# before = common.conf
# [Definition]
#
# # Part of regex definition (just used to make more easy to make the global regex)
# __synapse_start_line = .? \- synapse\..+ \-
#
# # Regex definition.
# failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- <HOST> \- \d+ \- Received request\: POST /_matrix/client/r0/login\??<SKIPLINES>%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'<SKIPLINES>%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$
#
# ignoreregex =
#
# -----------------------------------------------------------------------------
#
# Note about the "failregex" option:
# regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
#
# You can find some more explainations about how to make a regex here :
# https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
#
# Note that the logfile need to exist before to call this helper !!
#
# To validate your regex you can test with this command:
# fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf
#
ynh_add_fail2ban_config () {
# Declare an array to define the options of this helper.
local legacy_args=lrmptv
declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
local logpath
local failregex
local max_retry
local ports
local others_var
local use_template
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
use_template="${use_template:-0}"
max_retry=${max_retry:-3}
ports=${ports:-http,https}
finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
ynh_backup_if_checksum_is_different "$finalfail2banjailconf"
ynh_backup_if_checksum_is_different "$finalfail2banfilterconf"
if [ $use_template -eq 1 ]
then
# Usage 2, templates
cp ../conf/f2b_jail.conf $finalfail2banjailconf
cp ../conf/f2b_filter.conf $finalfail2banfilterconf
if [ -n "${app:-}" ]
then
ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf"
ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf"
fi
# Replace all other variable given as arguments
for var_to_replace in ${others_var:-}; do
# ${var_to_replace^^} make the content of the variable on upper-cases
# ${!var_to_replace} get the content of the variable named $var_to_replace
ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banjailconf"
ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banfilterconf"
done
else
# Usage 1, no template. Build a config file from scratch.
test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
tee $finalfail2banjailconf <<EOF
[$app]
enabled = true
port = $ports
filter = $app
logpath = $logpath
maxretry = $max_retry
EOF
tee $finalfail2banfilterconf <<EOF
[INCLUDES]
before = common.conf
[Definition]
failregex = $failregex
ignoreregex =
EOF
fi
# Common to usage 1 and 2.
ynh_store_file_checksum "$finalfail2banjailconf"
ynh_store_file_checksum "$finalfail2banfilterconf"
systemctl try-reload-or-restart fail2ban
local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
if [[ -n "$fail2ban_error" ]]; then
ynh_print_err --message="Fail2ban failed to load the jail for $app"
ynh_print_warn --message="${fail2ban_error#*WARNING}"
fi
}
# Remove the dedicated fail2ban config (jail and filter conf files)
#
# usage: ynh_remove_fail2ban_config
ynh_remove_fail2ban_config () {
ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
systemctl try-reload-or-restart fail2ban
}

229
scripts/install
View file

@ -6,21 +6,34 @@
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source experimental_helper.sh
source /usr/share/yunohost/helpers
# Stop script if errors
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
# Clean installation remainings that are not handled by the remove script.
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
# Import common fonctions
source ./psql.sh
source ./experimental_helper.sh
source ./_common.sh
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
#=================================================
# SET ALL CONSTANT
#=================================================
domain=$YNH_APP_ARG_DOMAIN
is_public=$YNH_APP_ARG_IS_PUBLIC
app=$YNH_APP_INSTANCE_NAME
#=================================================
# SET CONSTANTS
#=================================================
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
@ -34,75 +47,80 @@ default_domain_value="Same than the domain"
domain=$YNH_APP_ARG_DOMAIN
server_name=$YNH_APP_ARG_SERVER_NAME
if [[ "$server_name" == "$default_domain_value" ]]; then
server_name=$domain
fi
is_public=$YNH_APP_ARG_IS_PUBLIC
path_url="/_matrix"
final_path="/opt/yunohost/matrix-$app"
if [[ "$server_name" == "$default_domain_value" ]]; then
server_name=$domain
fi
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=2
ynh_webpath_available $domain $path_url || ynh_die "$domain is not available as domain, please use an other domain."
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die "$domain is not available as domain, please use an other domain."
[ $(ynh_webpath_available --domain=$domain --path_url=$path_url) == "True" ] || ynh_die --message="$domain is not available as domain, please use an other domain."
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain."
# Check Final Path availability
test ! -e "$final_path" || ynh_die "This path already contains a folder"
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..." --weight=1
# For the domain and the path we can't use the standard keys "domain" and "path" with the standard function ynh_webpath_register because it create automatically a button on the user pannel.
# The idea is to create a custom key (specia_domain and special_path instead of domain and key).
# By this the ssowatconf fonction don't create a button on the pannel.
# This hack solve the issue : https://github.com/YunoHost-Apps/synapse_ynh/issues/14
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path_url
ynh_app_setting_set $app server_name $server_name
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_set $app synapse_version $upstream_version
ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app report_stats $report_stats
ynh_app_setting_set --app=$app --key=special_domain --value=$domain
ynh_app_setting_set --app=$app --key=special_path --value=$path_url
ynh_app_setting_set --app=$app --key=server_name --value=$server_name
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Configuring firewall..." --weight=19
# Find a free port
synapse_tls_port=$(ynh_find_port 8448)
port=$(ynh_find_port 8008)
turnserver_tls_port=$(ynh_find_port 5349)
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766)
synapse_tls_port=$(ynh_find_port --port=8448)
port=$(ynh_find_port --port=8008)
turnserver_tls_port=$(ynh_find_port --port=5349)
turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
cli_port=$(ynh_find_port --port=5766)
# Open this port
yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
# Store opened ports
ynh_app_setting_set $app synapse_port $port
ynh_app_setting_set $app synapse_tls_port $synapse_tls_port
ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
ynh_app_setting_set $app cli_port $cli_port
ynh_app_setting_set --app=$app --key=synapse_port --value=$port
ynh_app_setting_set --app=$app --key=synapse_tls_port --value=$synapse_tls_port
ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port
ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
#=================================================
# CREATE A DH FILE
#=================================================
ynh_script_progression --message="Creating a dh file..." --weight=3
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
# Make dh cert for synapse if doesn't exist
if [[ ! -e /etc/ssl/private/dh2048.pem ]]
# Make dh cert for synapse if it doesn't exist
if [ ! -e /etc/ssl/private/dh2048.pem ]
then
openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam 2> /dev/null
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
chown root:ssl-cert /etc/ssl/private/dh2048.pem
chmod 640 /etc/ssl/private/dh2048.pem
fi
@ -110,6 +128,7 @@ fi
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=80
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
@ -118,27 +137,34 @@ ynh_install_app_dependencies $dependances
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=3
ynh_system_user_create $synapse_user /var/lib/matrix-$app
ynh_system_user_create --username=$synapse_user --home_dir=/var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4
synapse_db_pwd=$(ynh_string_random 30)
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
ynh_print_OFF
synapse_db_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd
ynh_print_ON
# Create postgresql database
ynh_psql_test_if_first_run
ynh_print_OFF
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_print_ON
ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
--sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=50
# Create empty dir for synapse
@ -155,14 +181,14 @@ mkdir -p $final_path
# For any update do it in all files
if [ -n "$(uname -m | grep arm)" ]
then
ynh_setup_source $final_path/ "armv7_$(lsb_release --codename --short)"
ynh_setup_source --dest_dir=$final_path/ --source_id="armv7_$(lsb_release --codename --short)"
else
# Install virtualenv if it don't exist
test -e $final_path/bin/python3 || python3 -m venv $final_path
# Install synapse in virtualenv
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
ynh_replace_string --match_string=__FINAL_PATH__ --replace_string=$final_path --target_file=$final_path/bin/activate
# We set all necessary environement variable to create a python virtualenvironnement.
source $final_path/bin/activate
@ -178,6 +204,7 @@ fi
#=================================================
# CREATE SYNAPSE CONFIG
#=================================================
ynh_script_progression --message="Creating synapse config..." --weight=3
# Go in virtualenvironnement
PS1=${PS1:-}
@ -190,37 +217,44 @@ python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-c
deactivate
# Get random values from config
ynh_print_OFF
registration_shared_secret=$(egrep "^registration_shared_secret" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f2)
# store in yunohost settings
ynh_app_setting_set $app registration_shared_secret "$registration_shared_secret"
ynh_app_setting_set $app form_secret "$form_secret"
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
ynh_print_ON
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Configuring a systemd service..." --weight=2
# Create systemd service for synapse and turnserver
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
ynh_add_systemd_config matrix-$app matrix-synapse.service
ynh_add_systemd_config --service=matrix-$app --template=matrix-synapse.service
cp ../conf/default_coturn /etc/default/coturn-$app
ynh_add_systemd_config coturn-$app coturn-synapse.service
ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring nginx web server..." --weight=2
ynh_add_nginx_config
#=================================================
# SET SYNAPSE CONFIG
#=================================================
ynh_script_progression --message="Configuring synapse..." --weight=2
# Find password for turnserver and database
turnserver_pwd=$(ynh_string_random 30)
ynh_app_setting_set $app turnserver_pwd $turnserver_pwd
ynh_print_OFF
turnserver_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
ynh_print_ON
# Configure Synapse
@ -232,34 +266,37 @@ homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
cp ../conf/homeserver.yaml "$homeserver_config_path"
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string __APP__ $app "$homeserver_config_path"
ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path"
ynh_replace_string __SERVER_NAME__ $server_name "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path"
ynh_replace_string __PORT__ $port "$homeserver_config_path"
ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path"
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path"
ynh_replace_special_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path"
ynh_replace_special_string __REGISTRATION_SECRET__ "$registration_shared_secret" "$homeserver_config_path"
ynh_replace_string __FORM_SECRET__ "$form_secret" "$homeserver_config_path"
ynh_replace_string __REPORT_STATS__ "$report_stats" "$homeserver_config_path"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__SERVER_NAME__ --replace_string=$server_name --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__SYNAPSE_DB_USER__ --replace_string=$synapse_db_user --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path"
ynh_print_OFF
ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
ynh_print_ON
ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml"
if [ "$is_public" = "0" ]
if [ $is_public -eq 0 ]
then
ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path"
ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=False --target_file="$homeserver_config_path"
else
ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path"
ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=True --target_file="$homeserver_config_path"
fi
ynh_store_file_checksum "$homeserver_config_path"
ynh_store_file_checksum "/etc/matrix-$app/log.yaml"
ynh_store_file_checksum --file="$homeserver_config_path"
ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml"
#=================================================
# SET COTURN CONFIG
#=================================================
ynh_script_progression --message="Configuring coturn..." --weight=1
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
@ -268,39 +305,42 @@ coturn_config_path="/etc/matrix-$app/coturn.conf"
cp ../conf/turnserver.conf "$coturn_config_path"
ynh_replace_string __APP__ $app "$coturn_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path"
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path"
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
ynh_print_OFF
ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
ynh_print_ON
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
ynh_replace_string --match_string='__IPV4__' --replace_string="$public_ip4" --target_file="$coturn_config_path"
else
ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
ynh_replace_string --match_string='__IPV4__,' --replace_string="" --target_file="$coturn_config_path"
fi
if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6"
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
ynh_replace_string --match_string='__IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config_path"
else
ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
ynh_replace_string --match_string=',__IPV6__' --replace_string="" --target_file="$coturn_config_path"
fi
ynh_store_file_checksum "$coturn_config_path"
ynh_store_file_checksum --file="$coturn_config_path"
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=2
ynh_use_logrotate /var/log/matrix-$app
ynh_use_logrotate --logfile "/var/log/matrix-$app"
#=================================================
# ADD SCRIPT FOR COTURN CRON
@ -310,17 +350,18 @@ ynh_use_logrotate /var/log/matrix-$app
# For any update do it in all files
cp ../sources/Coturn_config_rotate.sh $final_path/
ynh_replace_string __APP__ $app "$final_path/Coturn_config_rotate.sh"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring SSOwat..." --weight=1
# Open access to server without a button the home
# The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls".
python3 ../conf/add_sso_conf.py || ynh_die "Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app. For more information see here: https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
python3 ../conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app. For more information see here: https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
#=================================================
# SECURE FILES AND DIRECTORIES
@ -342,24 +383,26 @@ setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log"
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log"
yunohost service add coturn-$app
#=================================================
# RELOAD SERVICES
#=================================================
ynh_script_progression --message="Restarting synapse services..." --weight=11
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on TCP port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"
ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring fail2ban..." --weight=10
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
ynh_add_fail2ban_config -t
ynh_add_fail2ban_config --use_template
#=================================================
# SEND A README FOR THE ADMIN
@ -368,7 +411,7 @@ ynh_add_fail2ban_config -t
# WARNING : theses command are used in INSTALL, RESTORE
# For any update do it in all files
message="If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
echo "If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
If not, you may need to put the following line in the dns configuration:
@ -382,6 +425,12 @@ Your synapse server also implements a turnserver (for VoIP), to have this fully
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh
You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en"
You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en" > mail_to_send
ynh_send_readme_to_admin "$message"
ynh_send_readme_to_admin --app_message="mail_to_send" --type="install"
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --last

147
scripts/psql.sh
View file

@ -1,147 +0,0 @@
#=================================================
# POSTGRES HELPERS
#=================================================
# Open a connection as a user
#
# example: ynh_psql_connect_as 'user' 'pass' <<< "UPDATE ...;"
# example: ynh_psql_connect_as 'user' 'pass' < /path/to/file.sql
#
# usage: ynh_psql_connect_as user pwd [db]
# | arg: user - the user name to connect as
# | arg: pwd - the user password
# | arg: db - the database to connect to
ynh_psql_connect_as() {
user="$1"
pwd="$2"
db="$3"
su --command="PGUSER=\"${user}\" PGPASSWORD=\"${pwd}\" psql \"${db}\"" postgres
}
# # Execute a command as root user
#
# usage: ynh_psql_execute_as_root sql [db]
# | arg: sql - the SQL command to execute
# | arg: db - the database to connect to
ynh_psql_execute_as_root () {
sql="$1"
su --command="psql" postgres <<< "$sql"
}
# Execute a command from a file as root user
#
# usage: ynh_psql_execute_file_as_root file [db]
# | arg: file - the file containing SQL commands
# | arg: db - the database to connect to
ynh_psql_execute_file_as_root() {
file="$1"
db="$2"
su -c "psql $db" postgres < "$file"
}
# Create a database, an user and its password. Then store the password in the app's config
#
# After executing this helper, the password of the created database will be available in $db_pwd
# It will also be stored as "psqlpwd" into the app settings.
#
# usage: ynh_psql_setup_db user name [pwd]
# | arg: user - Owner of the database
# | arg: name - Name of the database
# | arg: pwd - Password of the database. If not given, a password will be generated
ynh_psql_setup_db () {
db_user="$1"
app="$1"
db_name="$2"
new_db_pwd=$(ynh_string_random) # Generate a random password
# If $3 is not given, use new_db_pwd instead for db_pwd.
db_pwd="${3:-$new_db_pwd}"
ynh_psql_create_db "$db_name" "$db_user" "$db_pwd" # Create the database
ynh_app_setting_set "$app" psqlpwd "$db_pwd" # Store the password in the app's config
}
# Create a database and grant optionnaly privilegies to a user
#
# usage: ynh_psql_create_db db [user [pwd]]
# | arg: db - the database name to create
# | arg: user - the user to grant privilegies
# | arg: pwd - the user password
ynh_psql_create_db() {
db="$1"
user="$2"
pwd="$3"
ynh_psql_create_user "$user" "$pwd"
su --command="createdb --owner=\"${user}\" \"${db}\"" postgres
}
# Drop a database
#
# usage: ynh_psql_drop_db db user
# | arg: db - the database name to drop
# | arg: user - the user to drop
ynh_psql_remove_db() {
db="$1"
user="$2"
su --command="dropdb \"${db}\"" postgres
ynh_psql_drop_user "${user}"
}
# Dump a database
#
# example: ynh_psql_dump_db 'roundcube' > ./dump.sql
#
# usage: ynh_psql_dump_db db
# | arg: db - the database name to dump
# | ret: the psqldump output
ynh_psql_dump_db() {
db="$1"
su --command="pg_dump \"${db}\"" postgres
}
# Create a user
#
# usage: ynh_psql_create_user user pwd [host]
# | arg: user - the user name to create
ynh_psql_create_user() {
user="$1"
pwd="$2"
su --command="psql -c\"CREATE USER ${user} WITH PASSWORD '${pwd}'\"" postgres
}
# Drop a user
#
# usage: ynh_psql_drop_user user
# | arg: user - the user name to drop
ynh_psql_drop_user() {
user="$1"
su --command="dropuser \"${user}\"" postgres
}
ynh_psql_test_if_first_run() {
if [ -f /etc/yunohost/psql ];
then
echo "PostgreSQL is already installed, no need to create master password"
else
pgsql=$(ynh_string_random)
pg_hba=""
echo "$pgsql" >> /etc/yunohost/psql
if [ -e /etc/postgresql/9.4/ ]
then
pg_hba=/etc/postgresql/9.4/main/pg_hba.conf
elif [ -e /etc/postgresql/9.6/ ]
then
pg_hba=/etc/postgresql/9.6/main/pg_hba.conf
else
ynh_die "postgresql shoud be 9.4 or 9.6"
fi
systemctl start postgresql
su --command="psql -c\"ALTER user postgres WITH PASSWORD '${pgsql}'\"" postgres
# we can't use peer since YunoHost create users with nologin
sed -i '/local\s*all\s*all\s*peer/i \
local all all password' "$pg_hba"
systemctl enable postgresql
systemctl reload postgresql
fi
}

157
scripts/remove
View file

@ -6,58 +6,72 @@
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source experimental_helper.sh
source /usr/share/yunohost/helpers
# Import common cmd
source ./psql.sh
source ./experimental_helper.sh
source ./_common.sh
#=================================================
# SET ALL CONSTANT
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=3
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
#=================================================
# SET CONSTANTS
#=================================================
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
domain=$(ynh_app_setting_get $app special_domain)
final_path=$(ynh_app_setting_get $app final_path)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE SERVICE FROM ADMIN PANEL
#=================================================
# Remove a service from the admin panel, added by `yunohost service add`
if yunohost service status matrix-$app >/dev/null 2>&1
then
yunohost service remove matrix-$app
fi
if yunohost service status coturn-$app >/dev/null 2>&1
then
yunohost service remove coturn-$app
fi
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
ynh_script_progression --message="Stopping and removing the systemd service" --weight=2
ynh_remove_systemd_config matrix-$app
ynh_remove_systemd_config coturn-$app
ynh_remove_systemd_config --service=matrix-$app
ynh_remove_systemd_config --service=coturn-$app
#=================================================
# CLOSE A PORT
# REMOVE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Removing the PostgreSQL database" --weight=2
closeport() {
local port=$1
if yunohost firewall list | grep -q "\- $port$"
then
echo "Close port $port"
yunohost firewall disallow Both $port > /dev/null
fi
}
# Remove a database if it exists, along with the associated user
ynh_psql_remove_db --db_user=$synapse_db_name --db_name=$synapse_db_user
closeport $synapse_tls_port
closeport $turnserver_tls_port
closeport $turnserver_alt_tls_port
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies" --weight=15
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
# SETUP SSOWAT
@ -67,55 +81,70 @@ closeport $turnserver_alt_tls_port
python3 ../conf/remove_sso_conf.py
#=================================================
# REMOVE DEPENDENCIES
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory" --weight=2
ynh_remove_app_dependencies
#=================================================
# REMOVE APP DIR
#=================================================
ynh_secure_remove $final_path
ynh_secure_remove /var/lib/matrix-$app
ynh_secure_remove /var/log/matrix-$app
ynh_secure_remove /etc/matrix-$app
ynh_secure_remove /etc/default/matrix-$app
ynh_secure_remove /etc/default/coturn-$app
ynh_secure_remove --file=$final_path
ynh_secure_remove --file=/var/lib/matrix-$app
ynh_secure_remove --file=/var/log/matrix-$app
ynh_secure_remove --file=/etc/matrix-$app
ynh_secure_remove --file=/etc/default/matrix-$app
ynh_secure_remove --file=/etc/default/coturn-$app
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing nginx web server configuration" --weight=2
# Remove the dedicated nginx config
ynh_remove_nginx_config
#=================================================
# REMOVE THE POSTGRESQL DATABASE
#=================================================
ynh_psql_remove_db $synapse_db_name $synapse_db_user
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_system_user_delete $synapse_user
#=================================================
# REMOVE FAIL2BAN CONFIG
#=================================================
ynh_remove_fail2ban_config $synapse_user
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration" --weight=1
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# REMOVE SERVICE FROM ADMIN PANEL
# CLOSE A PORT
#=================================================
yunohost service remove matrix-$app
yunohost service remove coturn-$app
closeport() {
local port=$1
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $port"
ynh_exec_warn_less yunohost firewall disallow Both $port
fi
}
closeport $synapse_tls_port
closeport $turnserver_tls_port
closeport $turnserver_alt_tls_port
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Removing fail2ban configuration..." --weight=8
# Remove the dedicated fail2ban config
ynh_remove_fail2ban_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user" --weight=1
# Delete a system user
ynh_system_user_delete --username=$synapse_user
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Removal of $app completed" --last

256
scripts/restore
View file

@ -6,96 +6,160 @@
# IMPORT GENERIC HELPERS
#=================================================
#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source ../settings/scripts/experimental_helper.sh
source /usr/share/yunohost/helpers
# Stop script if errors
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
# Clean installation remainings that are not handled by the remove script.
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
# Import common cmd
source ../settings/scripts/psql.sh
source ../settings/scripts/experimental_helper.sh
source ../settings/scripts/_common.sh
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
server_name=$(ynh_app_setting_get --app=$app --key=server_name)
path_url=$(ynh_app_setting_get --app=$app --key=special_path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
ynh_print_OFF
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
ynh_print_ON
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
domain=$(ynh_app_setting_get $app special_domain)
server_name=$(ynh_app_setting_get $app server_name)
path_url=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=2
ynh_webpath_available $domain $path_url || ynh_die "$domain/$path_url is not available, please use an other domain."
ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die --message="Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RESTORE ALL FILES
# RESTORE ALL CONFIG AND DATA
#=================================================
# Restore all config and data
ynh_script_progression --message="Restoring directory and configuration..." --weight=10
ynh_restore
#=================================================
# RESTORE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Reload fail2ban..." --weight=6
ynh_systemd_action --action=restart --service_name=fail2ban
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=70
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
ynh_install_app_dependencies $dependances
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$synapse_user --home_dir=/var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
#=================================================
# RESTORE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13
ynh_psql_test_if_first_run
ynh_print_OFF
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_print_ON
ynh_psql_execute_as_root \
--sql="CREATE DATABASE $synapse_db_name
ENCODING 'UTF8'
LC_COLLATE='C'
LC_CTYPE='C'
template=template0
OWNER $synapse_db_user;"
ynh_psql_execute_file_as_root --file="${YNH_CWD}/dump.sql" --database="$synapse_db_name"
#=================================================
# RESTORE SYSTEMD
#=================================================
ynh_script_progression --message="Enable systemd services" --weight=2
# systemctl daemon-reload
systemctl enable matrix-$app.service
systemctl enable coturn-$app.service
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log"
yunohost service add coturn-$app
#=================================================
# CREATE A DH FILE
#=================================================
ynh_script_progression --message="Creating a dh file..." --weight=40
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
# Make dh cert for synapse if it doesn't exist
if [[ ! -e /etc/ssl/private/dh2048.pem ]]
if [ ! -e /etc/ssl/private/dh2048.pem ]
then
openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam 2> /dev/null
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
chown root:ssl-cert /etc/ssl/private/dh2048.pem
chmod 640 /etc/ssl/private/dh2048.pem
fi
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
ynh_install_app_dependencies $dependances
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_system_user_create $synapse_user /var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
#=================================================
# RECONFIGURE THE TURNSERVER
#=================================================
ynh_script_progression --message="Reconfiguring coturn..." --weight=23
# To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config
# Retrieve specific settings
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
cli_port=$(ynh_app_setting_get $app cli_port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
ynh_print_OFF
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
ynh_print_ON
# WARNING : these commands are used in INSTALL, UPGRADE
# For any update do it in all files
@ -104,80 +168,60 @@ coturn_config_path="/etc/matrix-$app/coturn.conf"
cp ../settings/conf/turnserver.conf "$coturn_config_path"
ynh_replace_string __APP__ $app "$coturn_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path"
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path"
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
ynh_print_OFF
ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
ynh_print_ON
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
ynh_replace_string --match_string='__IPV4__' --replace_string="$public_ip4" --target_file="$coturn_config_path"
else
ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
ynh_replace_string --match_string='__IPV4__,' --replace_string="" --target_file="$coturn_config_path"
fi
if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6"
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
ynh_replace_string --match_string='__IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config_path"
else
ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
ynh_replace_string --match_string=',__IPV6__' --replace_string="" --target_file="$coturn_config_path"
fi
ynh_store_file_checksum "$coturn_config_path"
ynh_store_file_checksum --file="$coturn_config_path"
#=================================================
# SPECIFIC RESTORATION
#=================================================
# OPEN THE PORT
#=================================================
# Ouvre le port dans le firewall
yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring SSOwat..."
# Open access to server without a button the home
# The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls".
python3 ../settings/conf/add_sso_conf.py || ynh_die "Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app. For more information see here: https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
#=================================================
# RESTORE THE POSTGRESQL DATABASE
#=================================================
ynh_psql_test_if_first_run
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name
ENCODING 'UTF8'
LC_COLLATE='C'
LC_CTYPE='C'
template=template0
OWNER $synapse_db_user;"
ynh_psql_execute_file_as_root "${YNH_CWD}/dump.sql" "$synapse_db_name"
#=================================================
# RESTORE SYSTEMD
#=================================================
systemctl daemon-reload
systemctl enable matrix-$app.service
python3 ../settings/conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app. For more information see here: https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..."
ynh_use_logrotate /var/log/matrix-$app
ynh_use_logrotate --logfile /var/log/matrix-$app
#=================================================
# GENERIC FINALIZATION
@ -197,26 +241,13 @@ chmod 600 /etc/matrix-$app/$server_name.signing.key
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log"
yunohost service add coturn-$app
#=================================================
# RELOAD NGINX, SYNAPSE AND COTURN
#=================================================
ynh_script_progression --message="Restarting synapse services..." --weight=7
systemctl reload nginx.service
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on TCP port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"
#=================================================
# SETUP FAIL2BAN
#=================================================
systemctl try-reload-or-restart fail2ban
ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
#=================================================
# SEND A README FOR THE ADMIN
@ -225,7 +256,7 @@ systemctl try-reload-or-restart fail2ban
# WARNING : theses command are used in INSTALL, RESTORE
# For any update do it in all files
message="To federate this app you need to add this line in your DNS configuration:
echo "To federate this app you need to add this line in your DNS configuration:
_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain.
@ -233,6 +264,21 @@ You also need to open the TCP port $synapse_tls_port on your ISP box if it's not
Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh"
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" > mail_to_send
ynh_send_readme_to_admin "$message"
ynh_send_readme_to_admin --app_message="mail_to_send" --type="restore"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --last

256
scripts/upgrade
View file

@ -6,55 +6,60 @@
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source experimental_helper.sh
source /usr/share/yunohost/helpers
# Stop script if errors
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=3
# Import common cmd
source ./psql.sh
source ./experimental_helper.sh
source ./_common.sh
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
server_name=$(ynh_app_setting_get --app=$app --key=server_name)
path_url=$(ynh_app_setting_get --app=$app --key=special_path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
port=$(ynh_app_setting_get --app=$app --key=synapse_port)
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
ynh_print_OFF
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
ynh_print_ON
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
# CHECK VERSION
#=================================================
domain=$(ynh_app_setting_get $app special_domain)
server_name=$(ynh_app_setting_get $app server_name)
path_url=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
synapse_old_version=$(ynh_app_setting_get $app synapse_version)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public)
port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
cli_port=$(ynh_app_setting_get $app cli_port)
registration_shared_secret=$(ynh_app_setting_get $app registration_shared_secret)
form_secret=$(ynh_app_setting_get $app form_secret)
report_stats=$(ynh_app_setting_get $app report_stats)
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
# Following the discussion here https://github.com/YunoHost-Apps/synapse_ynh/pull/51 we decided to remove definitely the support of the old package migration.
if [[ -z $synapse_old_version ]]
if [ -z "$synapse_old_version" ]
then
ynh_die "Update from this synapse version is not available. You need to remove this package and reinstall the new package version."
ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version."
fi
if [ -z $server_name ]; then
@ -62,26 +67,33 @@ if [ -z $server_name ]; then
ynh_app_setting_set $app server_name $domain
fi
#=================================================
# BACKUP BEFORE UPGRADE
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30
# We stop the service before to set ynh_clean_setup
systemctl stop matrix-$app.service
ynh_systemd_action --service_name=matrix-$app.service --action=stop
# Backup the current version of the app
if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]]
if [ "$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade)" != '1' ]
then
ynh_backup_before_upgrade
ynh_clean_setup () {
# Clean installation remainings that are not handled by the remove script.
ynh_clean_check_starting
ynh_restore_upgradebackup
}
fi
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=6
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
@ -91,41 +103,50 @@ ynh_install_app_dependencies $dependances
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Install/upgrade synapse in virtualenv
# Clean venv is it was on python2.7
test -e $final_path/bin/python3 || ynh_secure_remove $final_path
# WARNING : these commands are used in INSTALL, UPGRADE
# For any update do it in all files
if [ -n "$(uname -m | grep arm)" ]
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_setup_source $final_path/ "armv7_$(lsb_release --codename --short)"
else
# Install virtualenv if it don't exist
test -e $final_path/bin/python3 || python3 -m venv $final_path
ynh_script_progression --message="Upgrading source files..." --weight=6
# Install synapse in virtualenv
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
# Install/upgrade synapse in virtualenv
# We set all necessary environement variable to create a python virtualenvironnement.
source $final_path/bin/activate
pip3 install --upgrade setuptools wheel
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
pip3 install --upgrade matrix-synapse==$upstream_version matrix-synapse-ldap3
# Clean venv is it was on python2.7
test -e $final_path/bin/python3 || ynh_secure_remove --file=$final_path
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does
deactivate
# WARNING : these commands are used in INSTALL, UPGRADE
# For any update do it in all files
if [ -n "$(uname -m | grep arm)" ]
then
ynh_setup_source --dest_dir=$final_path/ --source_id="armv7_$(lsb_release --codename --short)"
else
# Install virtualenv if it don't exist
test -e $final_path/bin/python3 || python3 -m venv $final_path
# Install synapse in virtualenv
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string --match_string=__FINAL_PATH__ --replace_string=$final_path --target_file=$final_path/bin/activate
# We set all necessary environement variable to create a python virtualenvironnement.
source $final_path/bin/activate
pip3 install --upgrade setuptools wheel
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
pip3 install --upgrade matrix-synapse==$upstream_version matrix-synapse-ldap3
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does
deactivate
fi
fi
#=================================================
# MIGRATION 1 : GENERATE SYNAPSE SECRET
#=================================================
if [[ -z "$registration_shared_secret" ]]
ynh_print_OFF
if [ -z "$registration_shared_secret" ]
then
ynh_print_ON
ynh_script_progression --message="Generating synapse secret..." --weight=1
# Go in virtualenvironnement
PS1=${PS1:-}
source $final_path/bin/activate
@ -137,60 +158,67 @@ then
deactivate
# Get random values from config
ynh_print_OFF
registration_shared_secret=$(egrep "^registration_shared_secret" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f1)
# store in yunohost settings
ynh_app_setting_set $app registration_shared_secret "$registration_shared_secret"
ynh_app_setting_set $app form_secret "$form_secret"
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
ynh_print_ON
fi
ynh_print_ON
#=================================================
# UPDATE SYNAPSE CONFIG
#=================================================
ynh_script_progression --message="Updating synapse config..." --weight=2
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG
# For any update do it in all files
homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
ynh_backup_if_checksum_is_different "$homeserver_config_path"
ynh_backup_if_checksum_is_different /etc/matrix-$app/log.yaml
ynh_backup_if_checksum_is_different --file="$homeserver_config_path"
ynh_backup_if_checksum_is_different --file=/etc/matrix-$app/log.yaml
cp ../conf/homeserver.yaml "$homeserver_config_path"
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string __APP__ $app "$homeserver_config_path"
ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path"
ynh_replace_string __SERVER_NAME__ $server_name "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path"
ynh_replace_string __PORT__ $port "$homeserver_config_path"
ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path"
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path"
ynh_replace_special_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path"
ynh_replace_special_string __REGISTRATION_SECRET__ "$registration_shared_secret" "$homeserver_config_path"
ynh_replace_string __FORM_SECRET__ "$form_secret" "$homeserver_config_path"
ynh_replace_string __REPORT_STATS__ "$report_stats" "$homeserver_config_path"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__SERVER_NAME__ --replace_string=$server_name --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__SYNAPSE_DB_USER__ --replace_string=$synapse_db_user --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path"
ynh_print_OFF
ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
ynh_print_ON
ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml"
if [ "$is_public" = "0" ]
then
ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path"
ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=False --target_file="$homeserver_config_path"
else
ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path"
ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=True --target_file="$homeserver_config_path"
fi
ynh_store_file_checksum "$homeserver_config_path"
ynh_store_file_checksum "/etc/matrix-$app/log.yaml"
ynh_store_file_checksum --file="$homeserver_config_path"
ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml"
#=================================================
# MIGRATION 2 : MULTINSTANCE SUPPORT
#=================================================
if [[ ! -e /etc/matrix-$app/coturn.conf ]]
if [ ! -e /etc/matrix-$app/coturn.conf ]
then
ynh_script_progression --message="Creating an independant service for coturn..." --weight=1
#=================================================
# CREATE AN INDEPENDANT SERVICE FOR COTURN
@ -201,14 +229,14 @@ then
# Set by default the system config for coturn
echo "" > /etc/turnserver.conf
ynh_replace_string "TURNSERVER_ENABLED=1" "TURNSERVER_ENABLED=0" /etc/default/coturn
ynh_replace_string --match_string="TURNSERVER_ENABLED=1" --replace_string="TURNSERVER_ENABLED=0" --target_file=/etc/default/coturn
# Set a port for each service in turnserver
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766)
turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
cli_port=$(ynh_find_port --port=5766)
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
ynh_app_setting_set $app cli_port $cli_port
ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
@ -216,7 +244,7 @@ then
# MAKE A CLEAN LOGROTATE CONFIG
#=================================================
ynh_use_logrotate /var/log/matrix-$app --non-append
ynh_use_logrotate --logfile /var/log/matrix-$app --non-append
fi
#=================================================
@ -224,8 +252,10 @@ fi
#=================================================
# Fix issue about certificates access
if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]]
if [ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]
then
ynh_script_progression --message="Use standard access for certificate..." --weight=1
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
fi
@ -238,8 +268,10 @@ fi
# For any update do it in all files
# Make dh cert for synapse if it doesn't exist
if [[ ! -e /etc/ssl/private/dh2048.pem ]]
if [ ! -e /etc/ssl/private/dh2048.pem ]
then
ynh_script_progression --message="Creating a dh file..." --weight=1
openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam 2> /dev/null
chown root:ssl-cert /etc/ssl/private/dh2048.pem
chmod 640 /etc/ssl/private/dh2048.pem
@ -250,12 +282,17 @@ fi
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=2
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# UPDATE COTURN CONFIG
#=================================================
ynh_script_progression --message="Updating coturn config..." --weight=1
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
@ -264,33 +301,35 @@ coturn_config_path="/etc/matrix-$app/coturn.conf"
cp ../conf/turnserver.conf "$coturn_config_path"
ynh_replace_string __APP__ $app "$coturn_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path"
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path"
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
ynh_print_OFF
ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
ynh_print_ON
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
ynh_replace_string --match_string='__IPV4__' --replace_string="$public_ip4" --target_file="$coturn_config_path"
else
ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
ynh_replace_string --match_string='__IPV4__,' --replace_string="" --target_file="$coturn_config_path"
fi
if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6"
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
ynh_replace_string --match_string='__IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config_path"
else
ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
ynh_replace_string --match_string=',__IPV6__' --replace_string="" --target_file="$coturn_config_path"
fi
ynh_store_file_checksum "$coturn_config_path"
ynh_store_file_checksum --file="$coturn_config_path"
#=================================================
# ADD SCRIPT FOR COTURN CRON
@ -300,27 +339,29 @@ ynh_store_file_checksum "$coturn_config_path"
# For any update do it in all files
cp ../sources/Coturn_config_rotate.sh $final_path/
ynh_replace_string __APP__ $app "$final_path/Coturn_config_rotate.sh"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
#=================================================
# UPDATE SYSTEMD
#=================================================
ynh_script_progression --message="Upgrading systemd configuration..." --weight=3
# Create systemd service for synapse and turnserver
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
ynh_add_systemd_config matrix-$app matrix-synapse.service
ynh_add_systemd_config --service=matrix-$app --template=matrix-synapse.service
cp ../conf/default_coturn /etc/default/coturn-$app
ynh_add_systemd_config coturn-$app coturn-synapse.service
ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service
#=================================================
# SETUP FAIL2BAN
# UPGRADE FAIL2BAN
#=================================================
ynh_script_progression --message="Reconfiguring fail2ban..." --weight=8
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
ynh_add_fail2ban_config -t
ynh_add_fail2ban_config --use_template
#=================================================
# GENERIC FINALIZATION
@ -344,11 +385,18 @@ setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
# UPDATE VERSION SETTINGS
#=================================================
ynh_app_setting_set $app synapse_version $upstream_version
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
#=================================================
# RELOAD SERVICES
#=================================================
ynh_script_progression --message="Restarting synapse services..." --weight=5
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on TCP port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"
ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last