mirror of
https://github.com/YunoHost-Apps/synapse_ynh.git
synced 2024-09-03 20:26:38 +02:00
Normalization from example_ynh
This commit is contained in:
parent
e62bd19eda
commit
a2e19998d4
11 changed files with 706 additions and 1047 deletions
55
README.md
55
README.md
|
@ -1,16 +1,14 @@
|
|||
Synapse for YunoHost
|
||||
====================
|
||||
# Synapse for YunoHost
|
||||
|
||||
![](https://matrix.org/blog/wp-content/uploads/2015/01/logo1.png)
|
||||
|
||||
[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://ci-apps.yunohost.org/jenkins/job/synapse%20%28Community%29/lastBuild/consoleFull)
|
||||
[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse)
|
||||
[![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=synapse)
|
||||
|
||||
> *This package allows you to install synapse quickly and simply on a YunoHost server.
|
||||
> *This package allows you to install Synapse quickly and simply on a YunoHost server.
|
||||
If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
|
||||
|
||||
Overview
|
||||
--------
|
||||
## Overview
|
||||
|
||||
Instant messaging server matrix network.
|
||||
|
||||
|
@ -18,8 +16,7 @@ Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org
|
|||
|
||||
**Shipped version:** 0.99.2
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
## Configuration
|
||||
|
||||
### Install for ARM arch (or slow arch)
|
||||
|
||||
|
@ -93,14 +90,12 @@ We have put some coarse mitigations into place to try to protect against this
|
|||
situation, but it's still not a good practice to do it in the first place. See
|
||||
https://github.com/vector-im/riot-web/issues/1977 for more details.
|
||||
|
||||
Documentation
|
||||
-------------
|
||||
## Documentation
|
||||
|
||||
- Official documentation: https://github.com/matrix-org/synapse
|
||||
- YunoHost documentation: to be created; feel free to help!
|
||||
|
||||
YunoHost specific features
|
||||
--------------------------
|
||||
## YunoHost specific features
|
||||
|
||||
### Multi-users support
|
||||
|
||||
|
@ -108,30 +103,20 @@ Supported with LDAP.
|
|||
|
||||
### Supported architectures
|
||||
|
||||
- Tested on x86_64
|
||||
- Tested on ARM (with specific build)
|
||||
|
||||
Limitations
|
||||
-----------
|
||||
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/synapse%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/synapse/)
|
||||
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/synapse%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/synapse/)
|
||||
* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/synapse%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/synapse/)
|
||||
|
||||
## Limitations
|
||||
|
||||
Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM.
|
||||
|
||||
This app doesn't provide any real good web interface. So it's recommended to use Riot client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/riot_ynh)
|
||||
|
||||
Links
|
||||
-----
|
||||
## Additional information
|
||||
|
||||
- Report a bug: https://github.com/YunoHost-Apps/synapse_ynh/issues
|
||||
- Matrix website: https://matrix.org/
|
||||
- YunoHost website: https://yunohost.org/
|
||||
|
||||
Additional information
|
||||
-----
|
||||
|
||||
|
||||
|
||||
Administation
|
||||
-------------
|
||||
## Administation
|
||||
|
||||
**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.**
|
||||
|
||||
|
@ -182,17 +167,23 @@ If anything fails while you are doing the upgrade please create an issue here: h
|
|||
|
||||
Synapse is published under the Apache License: https://github.com/matrix-org/synapse/blob/master/LICENSE
|
||||
|
||||
## Links
|
||||
|
||||
- Report a bug: https://github.com/YunoHost-Apps/synapse_ynh/issues
|
||||
- Matrix website: https://matrix.org/
|
||||
- YunoHost website: https://yunohost.org/
|
||||
|
||||
---
|
||||
|
||||
Developers infos
|
||||
----------------
|
||||
|
||||
Please do your pull request to the testing branch.
|
||||
Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
|
||||
|
||||
To try the testing branch, please proceed like that:
|
||||
|
||||
```bash
|
||||
sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --verbose
|
||||
sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
|
||||
or
|
||||
sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --verbose
|
||||
sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
|
||||
```
|
||||
|
|
|
@ -19,17 +19,7 @@
|
|||
port_already_use=1 (8448)
|
||||
change_url=0
|
||||
;;; Levels
|
||||
Level 1=auto
|
||||
Level 2=auto
|
||||
Level 3=auto
|
||||
# https://github.com/YunoHost-Apps/synapse_ynh/blob/master/conf/homeserver.yaml#L443-L454
|
||||
Level 4=1
|
||||
Level 5=auto
|
||||
Level 6=auto
|
||||
Level 7=auto
|
||||
Level 8=0
|
||||
Level 9=0
|
||||
Level 10=0
|
||||
;;; Upgrade options
|
||||
; commit=db374d2bff981d2660ebdac52ee77c684383c00d
|
||||
name=Fix postgresql helper from old_version_for_CI_2 branch
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
location __PATH__ {
|
||||
proxy_pass http://localhost:__PORT__;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
|
||||
|
||||
client_max_body_size 100M;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,20 +2,20 @@
|
|||
"name": "Synapse",
|
||||
"id": "synapse",
|
||||
"packaging_format": 1,
|
||||
"requirements": {
|
||||
"yunohost": ">= 2.7.14"
|
||||
},
|
||||
"description": {
|
||||
"en": "Instant messaging server who use matrix",
|
||||
"fr": "Un serveur de messagerie instantané basé sur matrix"
|
||||
},
|
||||
"version": "0.99.2~ynh1",
|
||||
"version": "0.99.2~ynh2",
|
||||
"url": "http://matrix.org",
|
||||
"license": "Apache-2.0",
|
||||
"maintainer": {
|
||||
"name": "Josué Tille",
|
||||
"email": "josue@tille.ch"
|
||||
},
|
||||
"requirements": {
|
||||
"yunohost": ">= 3.5"
|
||||
},
|
||||
"multi_instance": true,
|
||||
"services": [
|
||||
"nginx"
|
||||
|
@ -38,7 +38,7 @@
|
|||
"en": "Is it a public server ?",
|
||||
"fr": "Est-ce un serveur public ?"
|
||||
},
|
||||
"default": 0
|
||||
"default": false
|
||||
}
|
||||
]
|
||||
}
|
||||
|
|
105
scripts/backup
105
scripts/backup
|
@ -6,83 +6,102 @@
|
|||
# IMPORT GENERIC HELPERS
|
||||
#=================================================
|
||||
|
||||
source ../settings/scripts/_common.sh
|
||||
source ../settings/scripts/experimental_helper.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
# Stop script if errors
|
||||
#=================================================
|
||||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
# Import common cmd
|
||||
source ../settings/scripts/psql.sh
|
||||
source ../settings/scripts/experimental_helper.sh
|
||||
source ../settings/scripts/_common.sh
|
||||
|
||||
#=================================================
|
||||
# SET ALL CONSTANT
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Loading installation settings..." --weight=2
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
|
||||
#=================================================
|
||||
# SET CONSTANTS
|
||||
#=================================================
|
||||
|
||||
synapse_user="matrix-$app"
|
||||
synapse_db_name="matrix_$app"
|
||||
synapse_db_user="matrix_$app"
|
||||
upstream_version=$(ynh_app_upstream_version)
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
|
||||
domain=$(ynh_app_setting_get $app special_domain)
|
||||
final_path=$(ynh_app_setting_get $app final_path)
|
||||
|
||||
#=================================================
|
||||
# STANDARD BACKUP STEPS
|
||||
#=================================================
|
||||
# BACKUP THE NGINX CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf"
|
||||
|
||||
#=================================================
|
||||
# BACKUP SYNAPSE CONFIG
|
||||
#=================================================
|
||||
|
||||
ynh_backup "/etc/matrix-$app"
|
||||
|
||||
#=================================================
|
||||
# BACKUP SYSTEMD
|
||||
#=================================================
|
||||
|
||||
ynh_backup "/etc/default/matrix-$app"
|
||||
ynh_backup "/etc/systemd/system/matrix-$app.service"
|
||||
ynh_backup "/etc/default/coturn-$app"
|
||||
ynh_backup "/etc/systemd/system/coturn-$app.service"
|
||||
|
||||
#=================================================
|
||||
# BACKUP THE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up the main app directory..." --weight=1
|
||||
|
||||
ynh_backup "$final_path" "bin"
|
||||
ynh_backup --src_path="$final_path"
|
||||
|
||||
#=================================================
|
||||
# BACKUP SYNAPSE DATA
|
||||
# BACKUP THE NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up nginx web server configuration..." --weight=1
|
||||
|
||||
ynh_backup "/var/lib/matrix-$app" "data" 1
|
||||
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# BACKUP THE POSTGRESQL DATABASE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up the PostgreSQL database..." --weight=2
|
||||
|
||||
ynh_psql_dump_db "$synapse_db_name" > ${YNH_CWD}/dump.sql
|
||||
ynh_psql_dump_db --database="$synapse_db_name" > ${YNH_CWD}/dump.sql
|
||||
|
||||
#=================================================
|
||||
# BACKUP FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up fail2ban configuration" --weight=1
|
||||
|
||||
ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC BACKUP
|
||||
#=================================================
|
||||
# BACKUP SYNAPSE CONFIG
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up synapse configuration..." --weight=2
|
||||
|
||||
ynh_backup --src_path="/etc/matrix-$app"
|
||||
|
||||
#=================================================
|
||||
# BACKUP SYSTEMD
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up systemd configuration..." --weight=1
|
||||
|
||||
ynh_backup --src_path="/etc/default/matrix-$app"
|
||||
ynh_backup --src_path="/etc/systemd/system/matrix-$app.service"
|
||||
ynh_backup --src_path="/etc/default/coturn-$app"
|
||||
ynh_backup --src_path="/etc/systemd/system/coturn-$app.service"
|
||||
|
||||
#=================================================
|
||||
# BACKUP SYNAPSE DATA
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up synapse data..." --weight=1
|
||||
|
||||
ynh_backup --src_path="/var/lib/matrix-$app" --is_big
|
||||
|
||||
#=================================================
|
||||
# BACKUP SYNAPSE LOG
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up synapse log..." --weight=1
|
||||
|
||||
ynh_backup "/var/log/matrix-$app"
|
||||
ynh_backup --src_path="/var/log/matrix-$app"
|
||||
|
||||
#=================================================
|
||||
# BACKUP FAIL2BAN CONFIG
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_backup "/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_backup "/etc/fail2ban/filter.d/$app.conf"
|
||||
ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last
|
||||
|
|
|
@ -1,101 +1,30 @@
|
|||
# Read the value of a key in a ynh manifest file
|
||||
#
|
||||
# usage: ynh_read_manifest manifest key
|
||||
# | arg: manifest - Path of the manifest to read
|
||||
# | arg: key - Name of the key to find
|
||||
ynh_read_manifest () {
|
||||
manifest="$1"
|
||||
key="$2"
|
||||
python3 -c "import sys, json;print(json.load(open('$manifest', encoding='utf-8'))['$key'])"
|
||||
}
|
||||
|
||||
# Read the upstream version from the manifest
|
||||
# this include the number before ~ynh
|
||||
#
|
||||
# usage: ynh_app_upstream_version
|
||||
ynh_app_upstream_version () {
|
||||
manifest_path="../manifest.json"
|
||||
if [ ! -e "$manifest_path" ]; then
|
||||
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
|
||||
fi
|
||||
version_key=$(ynh_read_manifest "$manifest_path" "version")
|
||||
echo "${version_key/~ynh*/}"
|
||||
}
|
||||
|
||||
# Read package version from the manifest
|
||||
# this include the number after ~ynh
|
||||
#
|
||||
# usage: ynh_app_package_version
|
||||
ynh_app_package_version () {
|
||||
manifest_path="../manifest.json"
|
||||
if [ ! -e "$manifest_path" ]; then
|
||||
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
|
||||
fi
|
||||
version_key=$(ynh_read_manifest "$manifest_path" "version")
|
||||
echo "${version_key/*~ynh/}"
|
||||
}
|
||||
|
||||
# Start or restart a service and follow its booting
|
||||
#
|
||||
# usage: ynh_check_starting "Line to match" [Log file] [Timeout] [Service name]
|
||||
#
|
||||
# | arg: Line to match - The line to find in the log to attest the service have finished to boot.
|
||||
# | arg: Log file - The log file to watch
|
||||
# | arg: Service name
|
||||
# /var/log/$app/$app.log will be used if no other log is defined.
|
||||
# | arg: Timeout - The maximum time to wait before ending the watching. Defaut 300 seconds.
|
||||
ynh_check_starting () {
|
||||
local line_to_match="$1"
|
||||
local service_name="${4:-$app}"
|
||||
local app_log="${2:-/var/log/$service_name/$service_name.log}"
|
||||
local timeout=${3:-300}
|
||||
|
||||
ynh_clean_check_starting () {
|
||||
# Stop the execution of tail.
|
||||
kill -s 15 $pid_tail 2>&1
|
||||
ynh_secure_remove "$templog" 2>&1
|
||||
}
|
||||
|
||||
echo "Starting of $service_name" >&2
|
||||
systemctl restart $service_name
|
||||
local templog="$(mktemp)"
|
||||
# Following the starting of the app in its log
|
||||
tail -F -n1 "$app_log" > "$templog" &
|
||||
# Get the PID of the tail command
|
||||
local pid_tail=$!
|
||||
|
||||
local i=0
|
||||
for i in `seq 1 $timeout`
|
||||
do
|
||||
# Read the log until the sentence is found, that means the app finished to start. Or run until the timeout
|
||||
if grep --quiet "$line_to_match" "$templog"
|
||||
then
|
||||
echo "The service $service_name has correctly started." >&2
|
||||
break
|
||||
fi
|
||||
echo -n "." >&2
|
||||
sleep 1
|
||||
done
|
||||
if [ $i -eq $timeout ]
|
||||
then
|
||||
echo "The service $service_name didn't fully started before the timeout." >&2
|
||||
fi
|
||||
|
||||
echo ""
|
||||
ynh_clean_check_starting
|
||||
}
|
||||
#!/bin/bash
|
||||
|
||||
# Send an email to inform the administrator
|
||||
#
|
||||
# usage: ynh_send_readme_to_admin app_message [recipients]
|
||||
# | arg: app_message - The message to send to the administrator.
|
||||
# | arg: recipients - The recipients of this email. Use spaces to separate multiples recipients. - default: root
|
||||
# usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type]
|
||||
# | arg: -m --app_message= - The file with the content to send to the administrator.
|
||||
# | arg: -r, --recipients= - The recipients of this email. Use spaces to separate multiples recipients. - default: root
|
||||
# example: "root admin@domain"
|
||||
# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you
|
||||
# example: "root admin@domain user1 user2"
|
||||
# | arg: -t, --type= - Type of mail, could be 'backup', 'change_url', 'install', 'remove', 'restore', 'upgrade'
|
||||
ynh_send_readme_to_admin() {
|
||||
local app_message="${1:-...No specific information...}"
|
||||
local recipients="${2:-root}"
|
||||
# Declare an array to define the options of this helper.
|
||||
declare -Ar args_array=( [m]=app_message= [r]=recipients= [t]=type= )
|
||||
local app_message
|
||||
local recipients
|
||||
local type
|
||||
# Manage arguments with getopts
|
||||
|
||||
ynh_handle_getopts_args "$@"
|
||||
app_message="${app_message:-}"
|
||||
recipients="${recipients:-root}"
|
||||
type="${type:-install}"
|
||||
|
||||
# Get the value of admin_mail_html
|
||||
admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
|
||||
admin_mail_html="${admin_mail_html:-0}"
|
||||
|
||||
# Retrieve the email of users
|
||||
find_mails () {
|
||||
|
@ -121,18 +50,75 @@ ynh_send_readme_to_admin() {
|
|||
}
|
||||
recipients=$(find_mails "$recipients")
|
||||
|
||||
local mail_subject="☁️🆈🅽🅷☁️: \`$app\` was just installed!"
|
||||
# Subject base
|
||||
local mail_subject="☁️🆈🅽🅷☁️: \`$app\`"
|
||||
|
||||
# Adapt the subject according to the type of mail required.
|
||||
if [ "$type" = "backup" ]; then
|
||||
mail_subject="$mail_subject has just been backup."
|
||||
elif [ "$type" = "change_url" ]; then
|
||||
mail_subject="$mail_subject has just been moved to a new URL!"
|
||||
elif [ "$type" = "remove" ]; then
|
||||
mail_subject="$mail_subject has just been removed!"
|
||||
elif [ "$type" = "restore" ]; then
|
||||
mail_subject="$mail_subject has just been restored!"
|
||||
elif [ "$type" = "upgrade" ]; then
|
||||
mail_subject="$mail_subject has just been upgraded!"
|
||||
else # install
|
||||
mail_subject="$mail_subject has just been installed!"
|
||||
fi
|
||||
|
||||
local mail_message="This is an automated message from your beloved YunoHost server.
|
||||
|
||||
Specific information for the application $app.
|
||||
|
||||
$app_message
|
||||
$(if [ -n "$app_message" ]
|
||||
then
|
||||
cat "$app_message"
|
||||
else
|
||||
echo "...No specific information..."
|
||||
fi)
|
||||
|
||||
---
|
||||
Automatic diagnosis data from YunoHost
|
||||
|
||||
$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')"
|
||||
__PRE_TAG1__$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')__PRE_TAG2__"
|
||||
|
||||
# Store the message into a file for further modifications.
|
||||
echo "$mail_message" > mail_to_send
|
||||
|
||||
# If a html email is required. Apply html tags to the message.
|
||||
if [ "$admin_mail_html" -eq 1 ]
|
||||
then
|
||||
# Insert 'br' tags at each ending of lines.
|
||||
ynh_replace_string "$" "<br>" mail_to_send
|
||||
|
||||
# Insert starting HTML tags
|
||||
sed --in-place '1s@^@<!DOCTYPE html>\n<html>\n<head></head>\n<body>\n@' mail_to_send
|
||||
|
||||
# Keep tabulations
|
||||
ynh_replace_string " " "\ \ " mail_to_send
|
||||
ynh_replace_string "\t" "\ \ " mail_to_send
|
||||
|
||||
# Insert url links tags
|
||||
ynh_replace_string "__URL_TAG1__\(.*\)__URL_TAG2__\(.*\)__URL_TAG3__" "<a href=\"\2\">\1</a>" mail_to_send
|
||||
|
||||
# Insert pre tags
|
||||
ynh_replace_string "__PRE_TAG1__" "<pre>" mail_to_send
|
||||
ynh_replace_string "__PRE_TAG2__" "<\pre>" mail_to_send
|
||||
|
||||
# Insert finishing HTML tags
|
||||
echo -e "\n</body>\n</html>" >> mail_to_send
|
||||
|
||||
# Otherwise, remove tags to keep a plain text.
|
||||
else
|
||||
# Remove URL tags
|
||||
ynh_replace_string "__URL_TAG[1,3]__" "" mail_to_send
|
||||
ynh_replace_string "__URL_TAG2__" ": " mail_to_send
|
||||
|
||||
# Remove PRE tags
|
||||
ynh_replace_string "__PRE_TAG[1-2]__" "" mail_to_send
|
||||
fi
|
||||
|
||||
# Define binary to use for mail command
|
||||
if [ -e /usr/bin/bsd-mailx ]
|
||||
|
@ -142,361 +128,13 @@ $(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')"
|
|||
local mail_bin=/usr/bin/mail.mailutils
|
||||
fi
|
||||
|
||||
# Send the email to the recipients
|
||||
echo "$mail_message" | $mail_bin -a "Content-Type: text/plain; charset=UTF-8" -s "$mail_subject" "$recipients"
|
||||
}
|
||||
|
||||
# Internal helper design to allow helpers to use getopts to manage their arguments
|
||||
#
|
||||
# [internal]
|
||||
#
|
||||
# example: function my_helper()
|
||||
# {
|
||||
# declare -Ar args_array=( [a]=arg1= [b]=arg2= [c]=arg3 )
|
||||
# local arg1
|
||||
# local arg2
|
||||
# local arg3
|
||||
# ynh_handle_getopts_args "$@"
|
||||
#
|
||||
# [...]
|
||||
# }
|
||||
# my_helper --arg1 "val1" -b val2 -c
|
||||
#
|
||||
# usage: ynh_handle_getopts_args "$@"
|
||||
# | arg: $@ - Simply "$@" to tranfert all the positionnal arguments to the function
|
||||
#
|
||||
# This helper need an array, named "args_array" with all the arguments used by the helper
|
||||
# that want to use ynh_handle_getopts_args
|
||||
# Be carreful, this array has to be an associative array, as the following example:
|
||||
# declare -Ar args_array=( [a]=arg1 [b]=arg2= [c]=arg3 )
|
||||
# Let's explain this array:
|
||||
# a, b and c are short options, -a, -b and -c
|
||||
# arg1, arg2 and arg3 are the long options associated to the previous short ones. --arg1, --arg2 and --arg3
|
||||
# For each option, a short and long version has to be defined.
|
||||
# Let's see something more significant
|
||||
# declare -Ar args_array=( [u]=user [f]=finalpath= [d]=database )
|
||||
#
|
||||
# NB: Because we're using 'declare' without -g, the array will be declared as a local variable.
|
||||
#
|
||||
# Please keep in mind that the long option will be used as a variable to store the values for this option.
|
||||
# For the previous example, that means that $finalpath will be fill with the value given as argument for this option.
|
||||
#
|
||||
# Also, in the previous example, finalpath has a '=' at the end. That means this option need a value.
|
||||
# So, the helper has to be call with --finalpath /final/path, --finalpath=/final/path or -f /final/path, the variable $finalpath will get the value /final/path
|
||||
# If there's many values for an option, -f /final /path, the value will be separated by a ';' $finalpath=/final;/path
|
||||
# For an option without value, like --user in the example, the helper can be called only with --user or -u. $user will then get the value 1.
|
||||
#
|
||||
# To keep a retrocompatibility, a package can still call a helper, using getopts, with positional arguments.
|
||||
# The "legacy mode" will manage the positional arguments and fill the variable in the same order than they are given in $args_array.
|
||||
# e.g. for `my_helper "val1" val2`, arg1 will be filled with val1, and arg2 with val2.
|
||||
ynh_handle_getopts_args () {
|
||||
# Manage arguments only if there's some provided
|
||||
set +x
|
||||
if [ $# -ne 0 ]
|
||||
if [ "$admin_mail_html" -eq 1 ]
|
||||
then
|
||||
# Store arguments in an array to keep each argument separated
|
||||
local arguments=("$@")
|
||||
|
||||
# For each option in the array, reduce to short options for getopts (e.g. for [u]=user, --user will be -u)
|
||||
# And built parameters string for getopts
|
||||
# ${!args_array[@]} is the list of all option_flags in the array (An option_flag is 'u' in [u]=user, user is a value)
|
||||
local getopts_parameters=""
|
||||
local option_flag=""
|
||||
for option_flag in "${!args_array[@]}"
|
||||
do
|
||||
# Concatenate each option_flags of the array to build the string of arguments for getopts
|
||||
# Will looks like 'abcd' for -a -b -c -d
|
||||
# If the value of an option_flag finish by =, it's an option with additionnal values. (e.g. --user bob or -u bob)
|
||||
# Check the last character of the value associate to the option_flag
|
||||
if [ "${args_array[$option_flag]: -1}" = "=" ]
|
||||
then
|
||||
# For an option with additionnal values, add a ':' after the letter for getopts.
|
||||
getopts_parameters="${getopts_parameters}${option_flag}:"
|
||||
else
|
||||
getopts_parameters="${getopts_parameters}${option_flag}"
|
||||
fi
|
||||
# Check each argument given to the function
|
||||
local arg=""
|
||||
# ${#arguments[@]} is the size of the array
|
||||
for arg in `seq 0 $(( ${#arguments[@]} - 1 ))`
|
||||
do
|
||||
# And replace long option (value of the option_flag) by the short option, the option_flag itself
|
||||
# (e.g. for [u]=user, --user will be -u)
|
||||
# Replace long option with =
|
||||
arguments[arg]="${arguments[arg]//--${args_array[$option_flag]}/-${option_flag} }"
|
||||
# And long option without =
|
||||
arguments[arg]="${arguments[arg]//--${args_array[$option_flag]%=}/-${option_flag}}"
|
||||
done
|
||||
done
|
||||
|
||||
# Read and parse all the arguments
|
||||
# Use a function here, to use standart arguments $@ and be able to use shift.
|
||||
parse_arg () {
|
||||
# Read all arguments, until no arguments are left
|
||||
while [ $# -ne 0 ]
|
||||
do
|
||||
# Initialize the index of getopts
|
||||
OPTIND=1
|
||||
# Parse with getopts only if the argument begin by -, that means the argument is an option
|
||||
# getopts will fill $parameter with the letter of the option it has read.
|
||||
local parameter=""
|
||||
getopts ":$getopts_parameters" parameter || true
|
||||
|
||||
if [ "$parameter" = "?" ]
|
||||
then
|
||||
ynh_die --message="Invalid argument: -${OPTARG:-}"
|
||||
elif [ "$parameter" = ":" ]
|
||||
then
|
||||
ynh_die --message="-$OPTARG parameter requires an argument."
|
||||
else
|
||||
local shift_value=1
|
||||
# Use the long option, corresponding to the short option read by getopts, as a variable
|
||||
# (e.g. for [u]=user, 'user' will be used as a variable)
|
||||
# Also, remove '=' at the end of the long option
|
||||
# The variable name will be stored in 'option_var'
|
||||
local option_var="${args_array[$parameter]%=}"
|
||||
# If this option doesn't take values
|
||||
# if there's a '=' at the end of the long option name, this option takes values
|
||||
if [ "${args_array[$parameter]: -1}" != "=" ]
|
||||
then
|
||||
# 'eval ${option_var}' will use the content of 'option_var'
|
||||
eval ${option_var}=1
|
||||
else
|
||||
# Read all other arguments to find multiple value for this option.
|
||||
# Load args in a array
|
||||
local all_args=("$@")
|
||||
|
||||
# If the first argument is longer than 2 characters,
|
||||
# There's a value attached to the option, in the same array cell
|
||||
if [ ${#all_args[0]} -gt 2 ]; then
|
||||
# Remove the option and the space, so keep only the value itself.
|
||||
all_args[0]="${all_args[0]#-${parameter} }"
|
||||
# Reduce the value of shift, because the option has been removed manually
|
||||
shift_value=$(( shift_value - 1 ))
|
||||
fi
|
||||
|
||||
# Declare the content of option_var as a variable.
|
||||
eval ${option_var}=""
|
||||
# Then read the array value per value
|
||||
local i
|
||||
for i in `seq 0 $(( ${#all_args[@]} - 1 ))`
|
||||
do
|
||||
# If this argument is an option, end here.
|
||||
if [ "${all_args[$i]:0:1}" == "-" ]
|
||||
then
|
||||
# Ignore the first value of the array, which is the option itself
|
||||
if [ "$i" -ne 0 ]; then
|
||||
break
|
||||
fi
|
||||
else
|
||||
# Else, add this value to this option
|
||||
# Each value will be separated by ';'
|
||||
if [ -n "${!option_var}" ]
|
||||
then
|
||||
# If there's already another value for this option, add a ; before adding the new value
|
||||
eval ${option_var}+="\;"
|
||||
fi
|
||||
# Escape double quote to prevent any interpretation during the eval
|
||||
all_args[$i]="${all_args[$i]//\"/\\\"}"
|
||||
|
||||
eval ${option_var}+=\"${all_args[$i]}\"
|
||||
shift_value=$(( shift_value + 1 ))
|
||||
fi
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
# Shift the parameter and its argument(s)
|
||||
shift $shift_value
|
||||
done
|
||||
}
|
||||
|
||||
# LEGACY MODE
|
||||
# Check if there's getopts arguments
|
||||
if [ "${arguments[0]:0:1}" != "-" ]
|
||||
then
|
||||
# If not, enter in legacy mode and manage the arguments as positionnal ones..
|
||||
# Dot not echo, to prevent to go through a helper output. But print only in the log.
|
||||
set -x; echo "! Helper used in legacy mode !" > /dev/null; set +x
|
||||
local i
|
||||
for i in `seq 0 $(( ${#arguments[@]} -1 ))`
|
||||
do
|
||||
# Try to use legacy_args as a list of option_flag of the array args_array
|
||||
# Otherwise, fallback to getopts_parameters to get the option_flag. But an associative arrays isn't always sorted in the correct order...
|
||||
# Remove all ':' in getopts_parameters
|
||||
getopts_parameters=${legacy_args:-${getopts_parameters//:}}
|
||||
# Get the option_flag from getopts_parameters, by using the option_flag according to the position of the argument.
|
||||
option_flag=${getopts_parameters:$i:1}
|
||||
if [ -z "$option_flag" ]; then
|
||||
ynh_print_warn --message="Too many arguments ! \"${arguments[$i]}\" will be ignored."
|
||||
continue
|
||||
fi
|
||||
# Use the long option, corresponding to the option_flag, as a variable
|
||||
# (e.g. for [u]=user, 'user' will be used as a variable)
|
||||
# Also, remove '=' at the end of the long option
|
||||
# The variable name will be stored in 'option_var'
|
||||
local option_var="${args_array[$option_flag]%=}"
|
||||
|
||||
# Escape double quote to prevent any interpretation during the eval
|
||||
arguments[$i]="${arguments[$i]//\"/\\\"}"
|
||||
|
||||
# Store each value given as argument in the corresponding variable
|
||||
# The values will be stored in the same order than $args_array
|
||||
eval ${option_var}+=\"${arguments[$i]}\"
|
||||
done
|
||||
unset legacy_args
|
||||
else
|
||||
# END LEGACY MODE
|
||||
# Call parse_arg and pass the modified list of args as an array of arguments.
|
||||
parse_arg "${arguments[@]}"
|
||||
fi
|
||||
content_type="text/html"
|
||||
else
|
||||
content_type="text/plain"
|
||||
fi
|
||||
set -x
|
||||
}
|
||||
|
||||
# Create a dedicated fail2ban config (jail and filter conf files)
|
||||
#
|
||||
# usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports]
|
||||
# | arg: -l, --logpath= - Log file to be checked by fail2ban
|
||||
# | arg: -r, --failregex= - Failregex to be looked for by fail2ban
|
||||
# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3
|
||||
# | arg: -p, --ports= - Ports blocked for a banned IP address - default: http,https
|
||||
#
|
||||
# -----------------------------------------------------------------------------
|
||||
#
|
||||
# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"]
|
||||
# | arg: -t, --use_template - Use this helper in template mode
|
||||
# | arg: -v, --others_var= - List of others variables to replace separeted by a space
|
||||
# | for example : 'var_1 var_2 ...'
|
||||
#
|
||||
# This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf
|
||||
# __APP__ by $app
|
||||
#
|
||||
# You can dynamically replace others variables by example :
|
||||
# __VAR_1__ by $var_1
|
||||
# __VAR_2__ by $var_2
|
||||
#
|
||||
# Generally your template will look like that by example (for synapse):
|
||||
#
|
||||
# f2b_jail.conf:
|
||||
# [__APP__]
|
||||
# enabled = true
|
||||
# port = http,https
|
||||
# filter = __APP__
|
||||
# logpath = /var/log/__APP__/logfile.log
|
||||
# maxretry = 3
|
||||
#
|
||||
# f2b_filter.conf:
|
||||
# [INCLUDES]
|
||||
# before = common.conf
|
||||
# [Definition]
|
||||
#
|
||||
# # Part of regex definition (just used to make more easy to make the global regex)
|
||||
# __synapse_start_line = .? \- synapse\..+ \-
|
||||
#
|
||||
# # Regex definition.
|
||||
# failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- <HOST> \- \d+ \- Received request\: POST /_matrix/client/r0/login\??<SKIPLINES>%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'<SKIPLINES>%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$
|
||||
#
|
||||
# ignoreregex =
|
||||
#
|
||||
# -----------------------------------------------------------------------------
|
||||
#
|
||||
# Note about the "failregex" option:
|
||||
# regex to match the password failure messages in the logfile. The
|
||||
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||
# be used for standard IP/hostname matching and is only an alias for
|
||||
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||
#
|
||||
# You can find some more explainations about how to make a regex here :
|
||||
# https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
|
||||
#
|
||||
# Note that the logfile need to exist before to call this helper !!
|
||||
#
|
||||
# To validate your regex you can test with this command:
|
||||
# fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf
|
||||
#
|
||||
ynh_add_fail2ban_config () {
|
||||
# Declare an array to define the options of this helper.
|
||||
local legacy_args=lrmptv
|
||||
declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
|
||||
local logpath
|
||||
local failregex
|
||||
local max_retry
|
||||
local ports
|
||||
local others_var
|
||||
local use_template
|
||||
# Manage arguments with getopts
|
||||
ynh_handle_getopts_args "$@"
|
||||
use_template="${use_template:-0}"
|
||||
max_retry=${max_retry:-3}
|
||||
ports=${ports:-http,https}
|
||||
|
||||
finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
|
||||
finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
|
||||
ynh_backup_if_checksum_is_different "$finalfail2banjailconf"
|
||||
ynh_backup_if_checksum_is_different "$finalfail2banfilterconf"
|
||||
|
||||
if [ $use_template -eq 1 ]
|
||||
then
|
||||
# Usage 2, templates
|
||||
cp ../conf/f2b_jail.conf $finalfail2banjailconf
|
||||
cp ../conf/f2b_filter.conf $finalfail2banfilterconf
|
||||
|
||||
if [ -n "${app:-}" ]
|
||||
then
|
||||
ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf"
|
||||
ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf"
|
||||
fi
|
||||
|
||||
# Replace all other variable given as arguments
|
||||
for var_to_replace in ${others_var:-}; do
|
||||
# ${var_to_replace^^} make the content of the variable on upper-cases
|
||||
# ${!var_to_replace} get the content of the variable named $var_to_replace
|
||||
ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banjailconf"
|
||||
ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banfilterconf"
|
||||
done
|
||||
|
||||
else
|
||||
# Usage 1, no template. Build a config file from scratch.
|
||||
test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
|
||||
test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
|
||||
|
||||
tee $finalfail2banjailconf <<EOF
|
||||
[$app]
|
||||
enabled = true
|
||||
port = $ports
|
||||
filter = $app
|
||||
logpath = $logpath
|
||||
maxretry = $max_retry
|
||||
EOF
|
||||
|
||||
tee $finalfail2banfilterconf <<EOF
|
||||
[INCLUDES]
|
||||
before = common.conf
|
||||
[Definition]
|
||||
failregex = $failregex
|
||||
ignoreregex =
|
||||
EOF
|
||||
fi
|
||||
|
||||
# Common to usage 1 and 2.
|
||||
ynh_store_file_checksum "$finalfail2banjailconf"
|
||||
ynh_store_file_checksum "$finalfail2banfilterconf"
|
||||
|
||||
systemctl try-reload-or-restart fail2ban
|
||||
|
||||
local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
|
||||
if [[ -n "$fail2ban_error" ]]; then
|
||||
ynh_print_err --message="Fail2ban failed to load the jail for $app"
|
||||
ynh_print_warn --message="${fail2ban_error#*WARNING}"
|
||||
fi
|
||||
}
|
||||
|
||||
# Remove the dedicated fail2ban config (jail and filter conf files)
|
||||
#
|
||||
# usage: ynh_remove_fail2ban_config
|
||||
ynh_remove_fail2ban_config () {
|
||||
ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
|
||||
systemctl try-reload-or-restart fail2ban
|
||||
|
||||
# Send the email to the recipients
|
||||
cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients"
|
||||
}
|
||||
|
|
218
scripts/install
218
scripts/install
|
@ -6,97 +6,108 @@
|
|||
# IMPORT GENERIC HELPERS
|
||||
#=================================================
|
||||
|
||||
source _common.sh
|
||||
source experimental_helper.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
# Stop script if errors
|
||||
#=================================================
|
||||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
ynh_clean_setup () {
|
||||
# Clean installation remainings that are not handled by the remove script.
|
||||
ynh_clean_check_starting
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
# Import common fonctions
|
||||
source ./psql.sh
|
||||
source ./experimental_helper.sh
|
||||
source ./_common.sh
|
||||
|
||||
#=================================================
|
||||
# SET ALL CONSTANT
|
||||
#=================================================
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
synapse_user="matrix-$app"
|
||||
synapse_db_name="matrix_$app"
|
||||
synapse_db_user="matrix_$app"
|
||||
upstream_version=$(ynh_app_upstream_version)
|
||||
report_stats="False"
|
||||
|
||||
#=================================================
|
||||
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
||||
#=================================================
|
||||
|
||||
domain=$YNH_APP_ARG_DOMAIN
|
||||
is_public=$YNH_APP_ARG_IS_PUBLIC
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
#=================================================
|
||||
# SET CONSTANTS
|
||||
#=================================================
|
||||
|
||||
synapse_user="matrix-$app"
|
||||
synapse_db_name="matrix_$app"
|
||||
synapse_db_user="matrix_$app"
|
||||
upstream_version=$(ynh_app_upstream_version)
|
||||
report_stats="False"
|
||||
|
||||
path_url="/_matrix"
|
||||
final_path="/opt/yunohost/matrix-$app"
|
||||
|
||||
#=================================================
|
||||
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Validating installation parameters..." --weight=2
|
||||
|
||||
ynh_webpath_available $domain $path_url || ynh_die "$domain is not available as domain, please use an other domain."
|
||||
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die "$domain is not available as domain, please use an other domain."
|
||||
ynh_webpath_available --domain=$domain --path_url=$path_url || ynh_die --message="$domain is not available as domain, please use an other domain."
|
||||
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain."
|
||||
|
||||
# Check Final Path availability
|
||||
test ! -e "$final_path" || ynh_die "This path already contains a folder"
|
||||
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
|
||||
|
||||
#=================================================
|
||||
# STORE SETTINGS FROM MANIFEST
|
||||
#=================================================
|
||||
ynh_script_progression --message="Storing installation settings..." --weight=1
|
||||
|
||||
# For the domain and the path we can't use the standard keys "domain" and "path" with the standard function ynh_webpath_register because it create automatically a button on the user pannel.
|
||||
# The idea is to create a custom key (specia_domain and special_path instead of domain and key).
|
||||
# By this the ssowatconf fonction don't create a button on the pannel.
|
||||
# This hack solve the issue : https://github.com/YunoHost-Apps/synapse_ynh/issues/14
|
||||
ynh_app_setting_set $app special_domain $domain
|
||||
ynh_app_setting_set $app special_path $path_url
|
||||
ynh_app_setting_set $app final_path $final_path
|
||||
ynh_app_setting_set $app synapse_version $upstream_version
|
||||
ynh_app_setting_set $app is_public $is_public
|
||||
ynh_app_setting_set $app report_stats $report_stats
|
||||
ynh_app_setting_set --app=$app --key=special_domain --value=$domain
|
||||
ynh_app_setting_set --app=$app --key=special_path --value=$path_url
|
||||
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
||||
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
|
||||
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
|
||||
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
|
||||
|
||||
#=================================================
|
||||
# STANDARD MODIFICATIONS
|
||||
#=================================================
|
||||
# FIND AND OPEN A PORT
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring firewall..." --weight=19
|
||||
|
||||
# Find a free port
|
||||
synapse_tls_port=$(ynh_find_port 8448)
|
||||
port=$(ynh_find_port 8008)
|
||||
turnserver_tls_port=$(ynh_find_port 5349)
|
||||
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
|
||||
cli_port=$(ynh_find_port 5766)
|
||||
synapse_tls_port=$(ynh_find_port --port=8448)
|
||||
port=$(ynh_find_port --port=8008)
|
||||
turnserver_tls_port=$(ynh_find_port --port=5349)
|
||||
turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
|
||||
cli_port=$(ynh_find_port --port=5766)
|
||||
|
||||
# Open this port
|
||||
yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1
|
||||
yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1
|
||||
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
|
||||
ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
|
||||
|
||||
# Store opened ports
|
||||
ynh_app_setting_set $app synapse_port $port
|
||||
ynh_app_setting_set $app synapse_tls_port $synapse_tls_port
|
||||
ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port
|
||||
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
|
||||
ynh_app_setting_set $app cli_port $cli_port
|
||||
ynh_app_setting_set --app=$app --key=synapse_port --value=$port
|
||||
ynh_app_setting_set --app=$app --key=synapse_tls_port --value=$synapse_tls_port
|
||||
ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port
|
||||
ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
|
||||
ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
|
||||
|
||||
#=================================================
|
||||
# CREATE A DH FILE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Creating a dh file..." --weight=3
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
||||
# For any update do it in all files
|
||||
|
||||
# Make dh cert for synapse if doesn't exist
|
||||
if [[ ! -e /etc/ssl/private/dh2048.pem ]]
|
||||
# Make dh cert for synapse if it doesn't exist
|
||||
if [ ! -e /etc/ssl/private/dh2048.pem ]
|
||||
then
|
||||
openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam 2> /dev/null
|
||||
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
|
||||
chown root:ssl-cert /etc/ssl/private/dh2048.pem
|
||||
chmod 640 /etc/ssl/private/dh2048.pem
|
||||
fi
|
||||
|
@ -104,6 +115,7 @@ fi
|
|||
#=================================================
|
||||
# INSTALL DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Installing dependencies..." --weight=80
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
||||
# For any update do it in all files
|
||||
|
@ -112,27 +124,30 @@ ynh_install_app_dependencies $dependances
|
|||
#=================================================
|
||||
# CREATE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring system user..." --weight=3
|
||||
|
||||
ynh_system_user_create $synapse_user /var/lib/matrix-$app
|
||||
ynh_system_user_create --username=$synapse_user --home_dir=/var/lib/matrix-$app
|
||||
adduser $synapse_user ssl-cert
|
||||
adduser turnserver ssl-cert
|
||||
|
||||
#=================================================
|
||||
# CREATE A POSTGRESQL DATABASE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4
|
||||
|
||||
synapse_db_pwd=$(ynh_string_random 30)
|
||||
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
|
||||
synapse_db_pwd=$(ynh_string_random --length=30)
|
||||
ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd
|
||||
|
||||
# Create postgresql database
|
||||
ynh_psql_test_if_first_run
|
||||
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
|
||||
ynh_psql_execute_as_root \
|
||||
"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
|
||||
--sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
|
||||
|
||||
#=================================================
|
||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Setting up source files..." --weight=50
|
||||
|
||||
# Create empty dir for synapse
|
||||
|
||||
|
@ -149,14 +164,14 @@ mkdir -p $final_path
|
|||
# For any update do it in all files
|
||||
if [ -n "$(uname -m | grep arm)" ]
|
||||
then
|
||||
ynh_setup_source $final_path/ "armv7_$(lsb_release --codename --short)"
|
||||
ynh_setup_source --dest_dir=$final_path/ --source_id="armv7_$(lsb_release --codename --short)"
|
||||
else
|
||||
# Install virtualenv if it don't exist
|
||||
test -e $final_path/bin/python3 || python3 -m venv $final_path
|
||||
|
||||
# Install synapse in virtualenv
|
||||
cp ../conf/virtualenv_activate $final_path/bin/activate
|
||||
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
|
||||
ynh_replace_string --match_string=__FINAL_PATH__ --replace_string=$final_path --target_file=$final_path/bin/activate
|
||||
|
||||
# We set all necessary environement variable to create a python virtualenvironnement.
|
||||
source $final_path/bin/activate
|
||||
|
@ -172,6 +187,7 @@ fi
|
|||
#=================================================
|
||||
# CREATE SYNAPSE CONFIG
|
||||
#=================================================
|
||||
ynh_script_progression --message="Creating synapse config..." --weight=3
|
||||
|
||||
# Go in virtualenvironnement
|
||||
PS1=${PS1:-}
|
||||
|
@ -188,33 +204,36 @@ registration_shared_secret=$(egrep "^registration_shared_secret" homeserver.yml
|
|||
form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f2)
|
||||
|
||||
# store in yunohost settings
|
||||
ynh_app_setting_set $app registration_shared_secret "$registration_shared_secret"
|
||||
ynh_app_setting_set $app form_secret "$form_secret"
|
||||
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
|
||||
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
|
||||
|
||||
#=================================================
|
||||
# SETUP SYSTEMD
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring a systemd service..." --weight=2
|
||||
|
||||
# Create systemd service for synapse and turnserver
|
||||
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
|
||||
ynh_add_systemd_config matrix-$app matrix-synapse.service
|
||||
ynh_add_systemd_config --service=matrix-$app --template=matrix-synapse.service
|
||||
|
||||
cp ../conf/default_coturn /etc/default/coturn-$app
|
||||
ynh_add_systemd_config coturn-$app coturn-synapse.service
|
||||
ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service
|
||||
|
||||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring nginx web server..." --weight=2
|
||||
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
# SET SYNAPSE CONFIG
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring synapse..." --weight=2
|
||||
|
||||
# Find password for turnserver and database
|
||||
turnserver_pwd=$(ynh_string_random 30)
|
||||
ynh_app_setting_set $app turnserver_pwd $turnserver_pwd
|
||||
turnserver_pwd=$(ynh_string_random --length=30)
|
||||
ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
|
||||
|
||||
# Configure Synapse
|
||||
|
||||
|
@ -226,33 +245,34 @@ homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
|
|||
cp ../conf/homeserver.yaml "$homeserver_config_path"
|
||||
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
|
||||
|
||||
ynh_replace_string __APP__ $app "$homeserver_config_path"
|
||||
ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path"
|
||||
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path"
|
||||
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path"
|
||||
ynh_replace_string __PORT__ $port "$homeserver_config_path"
|
||||
ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path"
|
||||
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path"
|
||||
ynh_replace_special_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path"
|
||||
ynh_replace_special_string __REGISTRATION_SECRET__ "$registration_shared_secret" "$homeserver_config_path"
|
||||
ynh_replace_string __FORM_SECRET__ "$form_secret" "$homeserver_config_path"
|
||||
ynh_replace_string __REPORT_STATS__ "$report_stats" "$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__SYNAPSE_DB_USER__ --replace_string=$synapse_db_user --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path"
|
||||
ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path"
|
||||
ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path"
|
||||
|
||||
ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml"
|
||||
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml"
|
||||
|
||||
if [ "$is_public" = "0" ]
|
||||
if [ $is_public -eq 0 ]
|
||||
then
|
||||
ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=False --target_file="$homeserver_config_path"
|
||||
else
|
||||
ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=True --target_file="$homeserver_config_path"
|
||||
fi
|
||||
|
||||
ynh_store_file_checksum "$homeserver_config_path"
|
||||
ynh_store_file_checksum "/etc/matrix-$app/log.yaml"
|
||||
ynh_store_file_checksum --file="$homeserver_config_path"
|
||||
ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml"
|
||||
|
||||
#=================================================
|
||||
# SET COTURN CONFIG
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring coturn..." --weight=1
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
||||
# For any update do it in all files
|
||||
|
@ -261,39 +281,40 @@ coturn_config_path="/etc/matrix-$app/coturn.conf"
|
|||
|
||||
cp ../conf/turnserver.conf "$coturn_config_path"
|
||||
|
||||
ynh_replace_string __APP__ $app "$coturn_config_path"
|
||||
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path"
|
||||
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path"
|
||||
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
|
||||
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
|
||||
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
|
||||
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
|
||||
ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
|
||||
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
|
||||
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
|
||||
ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
|
||||
ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
|
||||
|
||||
# Get public IP and set as external IP for coturn
|
||||
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
|
||||
public_ip4="$(curl ip.yunohost.org)" || true
|
||||
public_ip6="$(curl ipv6.yunohost.org)" || true
|
||||
|
||||
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
|
||||
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
|
||||
then
|
||||
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
|
||||
ynh_replace_string --match_string='__IPV4__' --replace_string="$public_ip4" --target_file="$coturn_config_path"
|
||||
else
|
||||
ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
|
||||
ynh_replace_string --match_string='__IPV4__,' --replace_string="" --target_file="$coturn_config_path"
|
||||
fi
|
||||
|
||||
if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6"
|
||||
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
|
||||
then
|
||||
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
|
||||
ynh_replace_string --match_string='__IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config_path"
|
||||
else
|
||||
ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
|
||||
ynh_replace_string --match_string=',__IPV6__' --replace_string="" --target_file="$coturn_config_path"
|
||||
fi
|
||||
|
||||
ynh_store_file_checksum "$coturn_config_path"
|
||||
ynh_store_file_checksum --file="$coturn_config_path"
|
||||
|
||||
#=================================================
|
||||
# SETUP LOGROTATE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring log rotation..." --weight=2
|
||||
|
||||
ynh_use_logrotate /var/log/matrix-$app
|
||||
ynh_use_logrotate "/var/log/matrix-$app"
|
||||
|
||||
#=================================================
|
||||
# ADD SCRIPT FOR COTURN CRON
|
||||
|
@ -303,19 +324,20 @@ ynh_use_logrotate /var/log/matrix-$app
|
|||
# For any update do it in all files
|
||||
|
||||
cp ../sources/Coturn_config_rotate.sh $final_path/
|
||||
ynh_replace_string __APP__ $app "$final_path/Coturn_config_rotate.sh"
|
||||
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring SSOwat..." --weight=1
|
||||
|
||||
# Open access to server without a button the home
|
||||
# The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls".
|
||||
cp ../conf/add_sso_conf.py $final_path
|
||||
cp ../conf/remove_sso_conf.py $final_path
|
||||
python3 $final_path/add_sso_conf.py || ynh_die "Your file /etc/ssowat/conf.json.persistent don't respect the json synaxe. Please fix the synaxe to install this app. For more information see here : https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
|
||||
python3 $final_path/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent don't respect the json synaxe. Please fix the synaxe to install this app. For more information see here : https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
|
||||
|
||||
#=================================================
|
||||
# SECURE FILES AND DIRECTORIES
|
||||
|
@ -337,24 +359,26 @@ setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
|
|||
# ADVERTISE SERVICE IN ADMIN PANEL
|
||||
#=================================================
|
||||
|
||||
yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log"
|
||||
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log"
|
||||
yunohost service add coturn-$app
|
||||
|
||||
#=================================================
|
||||
# RELOAD SERVICES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restarting synapse services..." --weight=11
|
||||
|
||||
systemctl restart coturn-$app.service
|
||||
ynh_check_starting "Synapse now listening on TCP port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"
|
||||
ynh_systemd_action --service_name=coturn-$app.service --action=restart
|
||||
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
|
||||
|
||||
#=================================================
|
||||
# SETUP FAIL2BAN
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring fail2ban..." --weight=10
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
||||
# For any update do it in all files
|
||||
|
||||
ynh_add_fail2ban_config -t
|
||||
ynh_add_fail2ban_config --use_template
|
||||
|
||||
#=================================================
|
||||
# SEND A README FOR THE ADMIN
|
||||
|
@ -363,7 +387,7 @@ ynh_add_fail2ban_config -t
|
|||
# WARNING : theses command are used in INSTALL, RESTORE
|
||||
# For any update do it in all files
|
||||
|
||||
message="If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
|
||||
echo "If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
|
||||
|
||||
If not, you may need to put the following line in the dns configuration:
|
||||
|
||||
|
@ -377,6 +401,12 @@ Your synapse server also implements a turnserver (for VoIP), to have this fully
|
|||
|
||||
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh
|
||||
|
||||
You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en"
|
||||
You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en" > mail_to_send
|
||||
|
||||
ynh_send_readme_to_admin "$message"
|
||||
ynh_send_readme_to_admin --app_message="mail_to_send" --type="install"
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_script_progression --message="Installation of $app completed" --last
|
||||
|
|
147
scripts/psql.sh
147
scripts/psql.sh
|
@ -1,147 +0,0 @@
|
|||
#=================================================
|
||||
# POSTGRES HELPERS
|
||||
#=================================================
|
||||
|
||||
# Open a connection as a user
|
||||
#
|
||||
# example: ynh_psql_connect_as 'user' 'pass' <<< "UPDATE ...;"
|
||||
# example: ynh_psql_connect_as 'user' 'pass' < /path/to/file.sql
|
||||
#
|
||||
# usage: ynh_psql_connect_as user pwd [db]
|
||||
# | arg: user - the user name to connect as
|
||||
# | arg: pwd - the user password
|
||||
# | arg: db - the database to connect to
|
||||
ynh_psql_connect_as() {
|
||||
user="$1"
|
||||
pwd="$2"
|
||||
db="$3"
|
||||
su --command="PGUSER=\"${user}\" PGPASSWORD=\"${pwd}\" psql \"${db}\"" postgres
|
||||
}
|
||||
|
||||
# # Execute a command as root user
|
||||
#
|
||||
# usage: ynh_psql_execute_as_root sql [db]
|
||||
# | arg: sql - the SQL command to execute
|
||||
# | arg: db - the database to connect to
|
||||
ynh_psql_execute_as_root () {
|
||||
sql="$1"
|
||||
su --command="psql" postgres <<< "$sql"
|
||||
}
|
||||
|
||||
# Execute a command from a file as root user
|
||||
#
|
||||
# usage: ynh_psql_execute_file_as_root file [db]
|
||||
# | arg: file - the file containing SQL commands
|
||||
# | arg: db - the database to connect to
|
||||
ynh_psql_execute_file_as_root() {
|
||||
file="$1"
|
||||
db="$2"
|
||||
su -c "psql $db" postgres < "$file"
|
||||
}
|
||||
|
||||
# Create a database, an user and its password. Then store the password in the app's config
|
||||
#
|
||||
# After executing this helper, the password of the created database will be available in $db_pwd
|
||||
# It will also be stored as "psqlpwd" into the app settings.
|
||||
#
|
||||
# usage: ynh_psql_setup_db user name [pwd]
|
||||
# | arg: user - Owner of the database
|
||||
# | arg: name - Name of the database
|
||||
# | arg: pwd - Password of the database. If not given, a password will be generated
|
||||
ynh_psql_setup_db () {
|
||||
db_user="$1"
|
||||
app="$1"
|
||||
db_name="$2"
|
||||
new_db_pwd=$(ynh_string_random) # Generate a random password
|
||||
# If $3 is not given, use new_db_pwd instead for db_pwd.
|
||||
db_pwd="${3:-$new_db_pwd}"
|
||||
ynh_psql_create_db "$db_name" "$db_user" "$db_pwd" # Create the database
|
||||
ynh_app_setting_set "$app" psqlpwd "$db_pwd" # Store the password in the app's config
|
||||
}
|
||||
|
||||
# Create a database and grant optionnaly privilegies to a user
|
||||
#
|
||||
# usage: ynh_psql_create_db db [user [pwd]]
|
||||
# | arg: db - the database name to create
|
||||
# | arg: user - the user to grant privilegies
|
||||
# | arg: pwd - the user password
|
||||
ynh_psql_create_db() {
|
||||
db="$1"
|
||||
user="$2"
|
||||
pwd="$3"
|
||||
ynh_psql_create_user "$user" "$pwd"
|
||||
su --command="createdb --owner=\"${user}\" \"${db}\"" postgres
|
||||
}
|
||||
|
||||
# Drop a database
|
||||
#
|
||||
# usage: ynh_psql_drop_db db user
|
||||
# | arg: db - the database name to drop
|
||||
# | arg: user - the user to drop
|
||||
ynh_psql_remove_db() {
|
||||
db="$1"
|
||||
user="$2"
|
||||
su --command="dropdb \"${db}\"" postgres
|
||||
ynh_psql_drop_user "${user}"
|
||||
}
|
||||
|
||||
# Dump a database
|
||||
#
|
||||
# example: ynh_psql_dump_db 'roundcube' > ./dump.sql
|
||||
#
|
||||
# usage: ynh_psql_dump_db db
|
||||
# | arg: db - the database name to dump
|
||||
# | ret: the psqldump output
|
||||
ynh_psql_dump_db() {
|
||||
db="$1"
|
||||
su --command="pg_dump \"${db}\"" postgres
|
||||
}
|
||||
|
||||
|
||||
# Create a user
|
||||
#
|
||||
# usage: ynh_psql_create_user user pwd [host]
|
||||
# | arg: user - the user name to create
|
||||
ynh_psql_create_user() {
|
||||
user="$1"
|
||||
pwd="$2"
|
||||
su --command="psql -c\"CREATE USER ${user} WITH PASSWORD '${pwd}'\"" postgres
|
||||
}
|
||||
|
||||
# Drop a user
|
||||
#
|
||||
# usage: ynh_psql_drop_user user
|
||||
# | arg: user - the user name to drop
|
||||
ynh_psql_drop_user() {
|
||||
user="$1"
|
||||
su --command="dropuser \"${user}\"" postgres
|
||||
}
|
||||
|
||||
ynh_psql_test_if_first_run() {
|
||||
if [ -f /etc/yunohost/psql ];
|
||||
then
|
||||
echo "PostgreSQL is already installed, no need to create master password"
|
||||
else
|
||||
pgsql=$(ynh_string_random)
|
||||
pg_hba=""
|
||||
echo "$pgsql" >> /etc/yunohost/psql
|
||||
|
||||
if [ -e /etc/postgresql/9.4/ ]
|
||||
then
|
||||
pg_hba=/etc/postgresql/9.4/main/pg_hba.conf
|
||||
elif [ -e /etc/postgresql/9.6/ ]
|
||||
then
|
||||
pg_hba=/etc/postgresql/9.6/main/pg_hba.conf
|
||||
else
|
||||
ynh_die "postgresql shoud be 9.4 or 9.6"
|
||||
fi
|
||||
|
||||
systemctl start postgresql
|
||||
su --command="psql -c\"ALTER user postgres WITH PASSWORD '${pgsql}'\"" postgres
|
||||
# we can't use peer since YunoHost create users with nologin
|
||||
sed -i '/local\s*all\s*all\s*peer/i \
|
||||
local all all password' "$pg_hba"
|
||||
systemctl enable postgresql
|
||||
systemctl reload postgresql
|
||||
fi
|
||||
}
|
157
scripts/remove
157
scripts/remove
|
@ -6,58 +6,72 @@
|
|||
# IMPORT GENERIC HELPERS
|
||||
#=================================================
|
||||
|
||||
source _common.sh
|
||||
source experimental_helper.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
# Import common cmd
|
||||
source ./psql.sh
|
||||
source ./experimental_helper.sh
|
||||
source ./_common.sh
|
||||
|
||||
#=================================================
|
||||
# SET ALL CONSTANT
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Loading installation settings..." --weight=3
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
|
||||
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
||||
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
||||
|
||||
#=================================================
|
||||
# SET CONSTANTS
|
||||
#=================================================
|
||||
|
||||
synapse_user="matrix-$app"
|
||||
synapse_db_name="matrix_$app"
|
||||
synapse_db_user="matrix_$app"
|
||||
upstream_version=$(ynh_app_upstream_version)
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
|
||||
domain=$(ynh_app_setting_get $app special_domain)
|
||||
final_path=$(ynh_app_setting_get $app final_path)
|
||||
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
|
||||
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
|
||||
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
|
||||
|
||||
#=================================================
|
||||
# STANDARD REMOVE
|
||||
#=================================================
|
||||
# REMOVE SERVICE FROM ADMIN PANEL
|
||||
#=================================================
|
||||
|
||||
# Remove a service from the admin panel, added by `yunohost service add`
|
||||
if yunohost service status matrix-$app >/dev/null 2>&1
|
||||
then
|
||||
yunohost service remove matrix-$app
|
||||
fi
|
||||
|
||||
if yunohost service status coturn-$app >/dev/null 2>&1
|
||||
then
|
||||
yunohost service remove coturn-$app
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# STOP AND REMOVE SERVICE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Stopping and removing the systemd service" --weight=2
|
||||
|
||||
ynh_remove_systemd_config matrix-$app
|
||||
ynh_remove_systemd_config coturn-$app
|
||||
ynh_remove_systemd_config --service=matrix-$app
|
||||
ynh_remove_systemd_config --service=coturn-$app
|
||||
|
||||
#=================================================
|
||||
# CLOSE A PORT
|
||||
# REMOVE THE POSTGRESQL DATABASE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing the PostgreSQL database" --weight=2
|
||||
|
||||
closeport() {
|
||||
local port=$1
|
||||
if yunohost firewall list | grep -q "\- $port$"
|
||||
then
|
||||
echo "Close port $port"
|
||||
yunohost firewall disallow Both $port > /dev/null
|
||||
fi
|
||||
}
|
||||
# Remove a database if it exists, along with the associated user
|
||||
ynh_psql_remove_db --db_user=$synapse_db_name --db_name=$synapse_db_user
|
||||
|
||||
closeport $synapse_tls_port
|
||||
closeport $turnserver_tls_port
|
||||
closeport $turnserver_alt_tls_port
|
||||
#=================================================
|
||||
# REMOVE DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing dependencies" --weight=15
|
||||
|
||||
# Remove metapackage and its dependencies
|
||||
ynh_remove_app_dependencies
|
||||
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
|
@ -67,55 +81,70 @@ closeport $turnserver_alt_tls_port
|
|||
python3 $final_path/remove_sso_conf.py
|
||||
|
||||
#=================================================
|
||||
# REMOVE DEPENDENCIES
|
||||
# REMOVE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing app main directory" --weight=2
|
||||
|
||||
ynh_remove_app_dependencies
|
||||
|
||||
#=================================================
|
||||
# REMOVE APP DIR
|
||||
#=================================================
|
||||
|
||||
ynh_secure_remove $final_path
|
||||
ynh_secure_remove /var/lib/matrix-$app
|
||||
ynh_secure_remove /var/log/matrix-$app
|
||||
ynh_secure_remove /etc/matrix-$app
|
||||
ynh_secure_remove /etc/default/matrix-$app
|
||||
ynh_secure_remove /etc/default/coturn-$app
|
||||
ynh_secure_remove --file=$final_path
|
||||
ynh_secure_remove --file=/var/lib/matrix-$app
|
||||
ynh_secure_remove --file=/var/log/matrix-$app
|
||||
ynh_secure_remove --file=/etc/matrix-$app
|
||||
ynh_secure_remove --file=/etc/default/matrix-$app
|
||||
ynh_secure_remove --file=/etc/default/coturn-$app
|
||||
|
||||
#=================================================
|
||||
# REMOVE NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing nginx web server configuration" --weight=2
|
||||
|
||||
# Remove the dedicated nginx config
|
||||
ynh_remove_nginx_config
|
||||
|
||||
#=================================================
|
||||
# REMOVE THE POSTGRESQL DATABASE
|
||||
#=================================================
|
||||
|
||||
ynh_psql_remove_db $synapse_db_name $synapse_db_user
|
||||
|
||||
#=================================================
|
||||
# REMOVE DEDICATED USER
|
||||
#=================================================
|
||||
|
||||
ynh_system_user_delete $synapse_user
|
||||
|
||||
#=================================================
|
||||
# REMOVE FAIL2BAN CONFIG
|
||||
#=================================================
|
||||
|
||||
ynh_remove_fail2ban_config $synapse_user
|
||||
|
||||
#=================================================
|
||||
# REMOVE LOGROTATE CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing logrotate configuration" --weight=1
|
||||
|
||||
# Remove the app-specific logrotate config
|
||||
ynh_remove_logrotate
|
||||
|
||||
#=================================================
|
||||
# REMOVE SERVICE FROM ADMIN PANEL
|
||||
# CLOSE A PORT
|
||||
#=================================================
|
||||
|
||||
yunohost service remove matrix-$app
|
||||
yunohost service remove coturn-$app
|
||||
closeport() {
|
||||
local port=$1
|
||||
if yunohost firewall list | grep -q "\- $port$"
|
||||
then
|
||||
ynh_script_progression --message="Closing port $port"
|
||||
ynh_exec_warn_less yunohost firewall disallow Both $port
|
||||
fi
|
||||
}
|
||||
|
||||
closeport $synapse_tls_port
|
||||
closeport $turnserver_tls_port
|
||||
closeport $turnserver_alt_tls_port
|
||||
|
||||
#=================================================
|
||||
# REMOVE FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing fail2ban configuration..." --weight=8
|
||||
|
||||
# Remove the dedicated fail2ban config
|
||||
ynh_remove_fail2ban_config
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# REMOVE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Removing the dedicated system user" --weight=1
|
||||
|
||||
# Delete a system user
|
||||
ynh_system_user_delete --username=$synapse_user
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_script_progression --message="Removal of $app completed" --last
|
||||
|
|
272
scripts/restore
272
scripts/restore
|
@ -6,95 +6,180 @@
|
|||
# IMPORT GENERIC HELPERS
|
||||
#=================================================
|
||||
|
||||
#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
|
||||
source ../settings/scripts/_common.sh
|
||||
source ../settings/scripts/experimental_helper.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
# Stop script if errors
|
||||
#=================================================
|
||||
# MANAGE SCRIPT FAILURE
|
||||
#=================================================
|
||||
|
||||
ynh_clean_setup () {
|
||||
# Clean installation remainings that are not handled by the remove script.
|
||||
ynh_clean_check_starting
|
||||
}
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
# Import common cmd
|
||||
source ../settings/scripts/psql.sh
|
||||
source ../settings/scripts/experimental_helper.sh
|
||||
source ../settings/scripts/_common.sh
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Loading settings..."
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
|
||||
path_url=$(ynh_app_setting_get --app=$app --key=special_path)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
|
||||
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
|
||||
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
||||
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
||||
|
||||
#=================================================
|
||||
# SET ALL CONSTANT
|
||||
#=================================================
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
synapse_user="matrix-$app"
|
||||
synapse_db_name="matrix_$app"
|
||||
synapse_db_user="matrix_$app"
|
||||
upstream_version=$(ynh_app_upstream_version)
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
|
||||
domain=$(ynh_app_setting_get $app special_domain)
|
||||
path_url=$(ynh_app_setting_get $app special_path)
|
||||
final_path=$(ynh_app_setting_get $app final_path)
|
||||
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
|
||||
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
|
||||
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
|
||||
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
|
||||
|
||||
#=================================================
|
||||
# CHECK IF THE APP CAN BE RESTORED
|
||||
#=================================================
|
||||
ynh_script_progression --message="Validating restoration parameters..." --weight=2
|
||||
|
||||
ynh_webpath_available $domain $path_url || ynh_die "$domain/$path_url is not available, please use an other domain."
|
||||
ynh_webpath_available --domain=$domain --path_url=$path_url \
|
||||
|| ynh_die --message="Path not available: ${domain}${path_url}"
|
||||
test ! -d $final_path \
|
||||
|| ynh_die --message="There is already a directory: $final_path "
|
||||
|
||||
#=================================================
|
||||
# STANDARD RESTORATION STEPS
|
||||
#=================================================
|
||||
# RESTORE ALL FILES
|
||||
# RESTORE THE NGINX CONFIGURATION
|
||||
#=================================================
|
||||
|
||||
# Restore all config and data
|
||||
ynh_restore
|
||||
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE APP MAIN DIR
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the app main directory..."
|
||||
|
||||
ynh_restore_file --origin_path="$final_path"
|
||||
|
||||
#=================================================
|
||||
# RESTORE SYNAPSE LOG
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring synapse log..."
|
||||
|
||||
ynh_restore_file --origin_path="/var/log/matrix-$app"
|
||||
|
||||
#=================================================
|
||||
# RESTORE FAIL2BAN CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the fail2ban configuration..." --weight=6
|
||||
|
||||
ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
|
||||
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
|
||||
ynh_systemd_action --action=restart --service_name=fail2ban
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC RESTORATION
|
||||
#=================================================
|
||||
# REINSTALL DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reinstalling dependencies..." --weight=70
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
||||
# For any update do it in all files
|
||||
ynh_install_app_dependencies $dependances
|
||||
|
||||
#=================================================
|
||||
# RECREATE THE DEDICATED USER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
|
||||
|
||||
# Create the dedicated user (if not existing)
|
||||
ynh_system_user_create --username=$synapse_user --home_dir=/var/lib/matrix-$app
|
||||
adduser $synapse_user ssl-cert
|
||||
adduser turnserver ssl-cert
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE POSTGRESQL DATABASE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13
|
||||
|
||||
ynh_psql_test_if_first_run
|
||||
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
|
||||
ynh_psql_execute_as_root \
|
||||
--sql="CREATE DATABASE $synapse_db_name
|
||||
ENCODING 'UTF8'
|
||||
LC_COLLATE='C'
|
||||
LC_CTYPE='C'
|
||||
template=template0
|
||||
OWNER $synapse_db_user;"
|
||||
ynh_psql_execute_file_as_root --file="${YNH_CWD}/dump.sql" --database="$synapse_db_name"
|
||||
|
||||
#=================================================
|
||||
# RESTORE SYSTEMD
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring the systemd configuration..." --weight=2
|
||||
|
||||
ynh_restore_file --origin_path="/etc/default/matrix-$app"
|
||||
ynh_restore_file --origin_path="/etc/systemd/system/matrix-$app.service"
|
||||
ynh_restore_file --origin_path="/etc/default/coturn-$app"
|
||||
ynh_restore_file --origin_path="/etc/systemd/system/coturn-$app.service"
|
||||
|
||||
# systemctl daemon-reload
|
||||
systemctl enable matrix-$app.service
|
||||
systemctl enable coturn-$app.service
|
||||
|
||||
#=================================================
|
||||
# ADVERTISE SERVICE IN ADMIN PANEL
|
||||
#=================================================
|
||||
|
||||
yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log"
|
||||
yunohost service add coturn-$app
|
||||
|
||||
#=================================================
|
||||
# CREATE A DH FILE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Creating a dh file..." --weight=40
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
||||
# For any update do it in all files
|
||||
|
||||
# Make dh cert for synapse if it doesn't exist
|
||||
if [[ ! -e /etc/ssl/private/dh2048.pem ]]
|
||||
if [ ! -e /etc/ssl/private/dh2048.pem ]
|
||||
then
|
||||
openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam 2> /dev/null
|
||||
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
|
||||
chown root:ssl-cert /etc/ssl/private/dh2048.pem
|
||||
chmod 640 /etc/ssl/private/dh2048.pem
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# REINSTALL DEPENDENCIES
|
||||
# RESTORE SYNAPSE CONFIG
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring synapse configuration..."
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
||||
# For any update do it in all files
|
||||
ynh_install_app_dependencies $dependances
|
||||
|
||||
#=================================================
|
||||
# RECREATE THE DEDICATED USER
|
||||
#=================================================
|
||||
|
||||
ynh_system_user_create $synapse_user /var/lib/matrix-$app
|
||||
adduser $synapse_user ssl-cert
|
||||
adduser turnserver ssl-cert
|
||||
ynh_restore_file --origin_path="/etc/matrix-$app"
|
||||
|
||||
#=================================================
|
||||
# RECONFIGURE THE TURNSERVER
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reconfiguring coturn..." --weight=23
|
||||
|
||||
# To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config
|
||||
|
||||
# Retrieve specific settings
|
||||
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
|
||||
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
|
||||
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
|
||||
cli_port=$(ynh_app_setting_get $app cli_port)
|
||||
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
||||
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
||||
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
||||
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
|
||||
|
||||
# WARNING : these commands are used in INSTALL, UPGRADE
|
||||
# For any update do it in all files
|
||||
|
@ -103,81 +188,66 @@ coturn_config_path="/etc/matrix-$app/coturn.conf"
|
|||
|
||||
cp ../settings/conf/turnserver.conf "$coturn_config_path"
|
||||
|
||||
ynh_replace_string __APP__ $app "$coturn_config_path"
|
||||
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path"
|
||||
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path"
|
||||
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
|
||||
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
|
||||
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
|
||||
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
|
||||
ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
|
||||
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
|
||||
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
|
||||
ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
|
||||
ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
|
||||
|
||||
# Get public IP and set as external IP for coturn
|
||||
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
|
||||
public_ip4="$(curl ip.yunohost.org)" || true
|
||||
public_ip6="$(curl ipv6.yunohost.org)" || true
|
||||
|
||||
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
|
||||
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 --ip_address="$public_ip4"
|
||||
then
|
||||
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
|
||||
ynh_replace_string --match_string='__IPV4__' --replace_string="$public_ip4" --target_file="$coturn_config_path"
|
||||
else
|
||||
ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
|
||||
ynh_replace_string --match_string='__IPV4__,' --replace_string="" --target_file="$coturn_config_path"
|
||||
fi
|
||||
|
||||
if [[ -n "$public_ip6" ]] && ynh_valide_ip6 "$public_ip6"
|
||||
if [[ -n "$public_ip6" ]] && ynh_valide_ip6 --ip_address="$public_ip6"
|
||||
then
|
||||
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
|
||||
ynh_replace_string --match_string='__IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config_path"
|
||||
else
|
||||
ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
|
||||
ynh_replace_string --match_string=',__IPV6__' --replace_string="" --target_file="$coturn_config_path"
|
||||
fi
|
||||
|
||||
ynh_store_file_checksum "$coturn_config_path"
|
||||
ynh_store_file_checksum --file="$coturn_config_path"
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC RESTORATION
|
||||
#=================================================
|
||||
# OPEN THE PORT
|
||||
#=================================================
|
||||
|
||||
# Ouvre le port dans le firewall
|
||||
yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1
|
||||
yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1
|
||||
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
|
||||
ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
|
||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
|
||||
|
||||
#=================================================
|
||||
# SETUP SSOWAT
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring SSOwat..."
|
||||
|
||||
# Open access to server without a button the home
|
||||
# The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls".
|
||||
python3 $final_path/add_sso_conf.py || ynh_die "Your file /etc/ssowat/conf.json.persistent don't respect the json synaxe. Please fix the synaxe to install this app. For more information see here : https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
|
||||
|
||||
#=================================================
|
||||
# RESTORE THE POSTGRESQL DATABASE
|
||||
#=================================================
|
||||
|
||||
ynh_psql_test_if_first_run
|
||||
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
|
||||
ynh_psql_execute_as_root \
|
||||
"CREATE DATABASE $synapse_db_name
|
||||
ENCODING 'UTF8'
|
||||
LC_COLLATE='C'
|
||||
LC_CTYPE='C'
|
||||
template=template0
|
||||
OWNER $synapse_db_user;"
|
||||
ynh_psql_execute_file_as_root "${YNH_CWD}/dump.sql" "$synapse_db_name"
|
||||
|
||||
#=================================================
|
||||
# RESTORE SYSTEMD
|
||||
#=================================================
|
||||
|
||||
systemctl daemon-reload
|
||||
systemctl enable matrix-$app.service
|
||||
python3 $final_path/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent don't respect the json synaxe. Please fix the synaxe to install this app. For more information see here : https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
|
||||
|
||||
#=================================================
|
||||
# SETUP LOGROTATE
|
||||
#=================================================
|
||||
ynh_script_progression --message="Configuring log rotation..."
|
||||
|
||||
ynh_use_logrotate /var/log/matrix-$app
|
||||
|
||||
#=================================================
|
||||
# RESTORE SYNAPSE DATA
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restoring synapse data..."
|
||||
|
||||
ynh_restore_file --origin_path="/var/lib/matrix-$app"
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
|
@ -196,26 +266,13 @@ chmod 600 /etc/matrix-$app/$domain.signing.key
|
|||
setfacl -R -m user:turnserver:rX /etc/matrix-$app
|
||||
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
|
||||
|
||||
#=================================================
|
||||
# ADVERTISE SERVICE IN ADMIN PANEL
|
||||
#=================================================
|
||||
|
||||
yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log"
|
||||
yunohost service add coturn-$app
|
||||
|
||||
#=================================================
|
||||
# RELOAD NGINX, SYNAPSE AND COTURN
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restarting synapse services..." --weight=7
|
||||
|
||||
systemctl reload nginx.service
|
||||
systemctl restart coturn-$app.service
|
||||
ynh_check_starting "Synapse now listening on TCP port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"
|
||||
|
||||
#=================================================
|
||||
# SETUP FAIL2BAN
|
||||
#=================================================
|
||||
|
||||
systemctl try-reload-or-restart fail2ban
|
||||
ynh_systemd_action --service_name=coturn-$app.service --action=restart
|
||||
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
|
||||
|
||||
#=================================================
|
||||
# SEND A README FOR THE ADMIN
|
||||
|
@ -224,7 +281,7 @@ systemctl try-reload-or-restart fail2ban
|
|||
# WARNING : theses command are used in INSTALL, RESTORE
|
||||
# For any update do it in all files
|
||||
|
||||
message="To federate this app you need to add this line in your DNS configuration:
|
||||
echo "To federate this app you need to add this line in your DNS configuration:
|
||||
|
||||
_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain.
|
||||
|
||||
|
@ -232,6 +289,21 @@ You also need to open the TCP port $synapse_tls_port on your ISP box if it's not
|
|||
|
||||
Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
|
||||
|
||||
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh"
|
||||
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" > mail_to_send
|
||||
|
||||
ynh_send_readme_to_admin "$message"
|
||||
ynh_send_readme_to_admin --app_message="mail_to_send" --type="restore"
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
#=================================================
|
||||
# RELOAD NGINX
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reloading nginx web server..."
|
||||
|
||||
ynh_systemd_action --service_name=nginx --action=reload
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_script_progression --message="Restoration completed for $app" --last
|
||||
|
|
239
scripts/upgrade
239
scripts/upgrade
|
@ -6,77 +6,87 @@
|
|||
# IMPORT GENERIC HELPERS
|
||||
#=================================================
|
||||
|
||||
source _common.sh
|
||||
source experimental_helper.sh
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
# Stop script if errors
|
||||
ynh_abort_if_errors
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
#=================================================
|
||||
ynh_script_progression --message="Loading installation settings..." --weight=3
|
||||
|
||||
# Import common cmd
|
||||
source ./psql.sh
|
||||
source ./experimental_helper.sh
|
||||
source ./_common.sh
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
|
||||
path_url=$(ynh_app_setting_get --app=$app --key=special_path)
|
||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||||
synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
|
||||
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
|
||||
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
||||
port=$(ynh_app_setting_get --app=$app --key=synapse_port)
|
||||
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
|
||||
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
||||
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
||||
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
||||
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
|
||||
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
|
||||
form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
|
||||
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
|
||||
|
||||
#=================================================
|
||||
# SET ALL CONSTANT
|
||||
#=================================================
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
synapse_user="matrix-$app"
|
||||
synapse_db_name="matrix_$app"
|
||||
synapse_db_user="matrix_$app"
|
||||
upstream_version=$(ynh_app_upstream_version)
|
||||
|
||||
#=================================================
|
||||
# LOAD SETTINGS
|
||||
# CHECK VERSION
|
||||
#=================================================
|
||||
|
||||
domain=$(ynh_app_setting_get $app special_domain)
|
||||
path_url=$(ynh_app_setting_get $app special_path)
|
||||
final_path=$(ynh_app_setting_get $app final_path)
|
||||
synapse_old_version=$(ynh_app_setting_get $app synapse_version)
|
||||
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
|
||||
is_public=$(ynh_app_setting_get $app is_public)
|
||||
port=$(ynh_app_setting_get $app synapse_port)
|
||||
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
|
||||
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
|
||||
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
|
||||
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
|
||||
cli_port=$(ynh_app_setting_get $app cli_port)
|
||||
registration_shared_secret=$(ynh_app_setting_get $app registration_shared_secret)
|
||||
form_secret=$(ynh_app_setting_get $app form_secret)
|
||||
report_stats=$(ynh_app_setting_get $app report_stats)
|
||||
upgrade_type=$(ynh_check_app_version_changed)
|
||||
|
||||
#=================================================
|
||||
# ENSURE DOWNWARD COMPATIBILITY
|
||||
#=================================================
|
||||
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
|
||||
|
||||
# Following the discussion here https://github.com/YunoHost-Apps/synapse_ynh/pull/51 we decided to remove definitely the support of the old package migration.
|
||||
if [[ -z $synapse_old_version ]]
|
||||
if [ -z "$synapse_old_version" ]
|
||||
then
|
||||
ynh_die "Update from this synapse version is not available. You need to remove this package and reinstall the new package version."
|
||||
ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version."
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# BACKUP BEFORE UPGRADE
|
||||
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
||||
#=================================================
|
||||
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30
|
||||
|
||||
# We stop the service before to set ynh_clean_setup
|
||||
systemctl stop matrix-$app.service
|
||||
ynh_systemd_action --service_name=matrix-$app.service --action=stop
|
||||
|
||||
# Backup the current version of the app
|
||||
if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]]
|
||||
if [ "$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade)" != '1' ]
|
||||
then
|
||||
ynh_backup_before_upgrade
|
||||
ynh_clean_setup () {
|
||||
# Clean installation remainings that are not handled by the remove script.
|
||||
ynh_clean_check_starting
|
||||
|
||||
ynh_restore_upgradebackup
|
||||
}
|
||||
fi
|
||||
# Exit if an error occurs during the execution of the script
|
||||
ynh_abort_if_errors
|
||||
|
||||
#=================================================
|
||||
# STANDARD UPGRADE STEPS
|
||||
#=================================================
|
||||
# INSTALL DEPENDENCIES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading dependencies..." --weight=6
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
||||
# For any update do it in all files
|
||||
|
@ -86,41 +96,48 @@ ynh_install_app_dependencies $dependances
|
|||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||
#=================================================
|
||||
|
||||
# Install/upgrade synapse in virtualenv
|
||||
|
||||
# Clean venv is it was on python2.7
|
||||
test -e $final_path/bin/python3 || ynh_secure_remove $final_path
|
||||
|
||||
# WARNING : these commands are used in INSTALL, UPGRADE
|
||||
# For any update do it in all files
|
||||
|
||||
if [ -n "$(uname -m | grep arm)" ]
|
||||
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
||||
then
|
||||
ynh_setup_source $final_path/ "armv7_$(lsb_release --codename --short)"
|
||||
else
|
||||
# Install virtualenv if it don't exist
|
||||
test -e $final_path/bin/python3 || python3 -m venv $final_path
|
||||
ynh_script_progression --message="Upgrading source files..." --weight=6
|
||||
|
||||
# Install synapse in virtualenv
|
||||
cp ../conf/virtualenv_activate $final_path/bin/activate
|
||||
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
|
||||
# Install/upgrade synapse in virtualenv
|
||||
|
||||
# We set all necessary environement variable to create a python virtualenvironnement.
|
||||
source $final_path/bin/activate
|
||||
pip3 install --upgrade setuptools wheel
|
||||
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml
|
||||
pip3 install --upgrade matrix-synapse==$upstream_version matrix-synapse-ldap3
|
||||
# Clean venv is it was on python2.7
|
||||
test -e $final_path/bin/python3 || ynh_secure_remove --file=$final_path
|
||||
|
||||
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does
|
||||
deactivate
|
||||
# WARNING : these commands are used in INSTALL, UPGRADE
|
||||
# For any update do it in all files
|
||||
|
||||
if [ -n "$(uname -m | grep arm)" ]
|
||||
then
|
||||
ynh_setup_source --dest_dir=$final_path/ --source_id="armv7_$(lsb_release --codename --short)"
|
||||
else
|
||||
# Install virtualenv if it don't exist
|
||||
test -e $final_path/bin/python3 || python3 -m venv $final_path
|
||||
|
||||
# Install synapse in virtualenv
|
||||
cp ../conf/virtualenv_activate $final_path/bin/activate
|
||||
ynh_replace_string --match_string=__FINAL_PATH__ --replace_string=$final_path --target_file=$final_path/bin/activate
|
||||
|
||||
# We set all necessary environement variable to create a python virtualenvironnement.
|
||||
source $final_path/bin/activate
|
||||
pip3 install --upgrade setuptools wheel
|
||||
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml
|
||||
pip3 install --upgrade matrix-synapse==$upstream_version matrix-synapse-ldap3
|
||||
|
||||
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does
|
||||
deactivate
|
||||
fi
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# MIGRATION 1 : GENERATE SYNAPSE SECRET
|
||||
#=================================================
|
||||
|
||||
if [[ -z "$registration_shared_secret" ]]
|
||||
if [ -z "$registration_shared_secret" ]
|
||||
then
|
||||
ynh_script_progression --message="Generating synapse secret..." --weight=1
|
||||
|
||||
# Go in virtualenvironnement
|
||||
PS1=${PS1:-}
|
||||
source $final_path/bin/activate
|
||||
|
@ -136,55 +153,57 @@ then
|
|||
form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f1)
|
||||
|
||||
# store in yunohost settings
|
||||
ynh_app_setting_set $app registration_shared_secret "$registration_shared_secret"
|
||||
ynh_app_setting_set $app form_secret "$form_secret"
|
||||
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
|
||||
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
|
||||
fi
|
||||
|
||||
#=================================================
|
||||
# UPDATE SYNAPSE CONFIG
|
||||
#=================================================
|
||||
ynh_script_progression --message="Updating synapse config..." --weight=2
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG
|
||||
# For any update do it in all files
|
||||
|
||||
homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
|
||||
|
||||
ynh_backup_if_checksum_is_different "$homeserver_config_path"
|
||||
ynh_backup_if_checksum_is_different /etc/matrix-$app/log.yaml
|
||||
ynh_backup_if_checksum_is_different --file="$homeserver_config_path"
|
||||
ynh_backup_if_checksum_is_different --file=/etc/matrix-$app/log.yaml
|
||||
|
||||
cp ../conf/homeserver.yaml "$homeserver_config_path"
|
||||
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
|
||||
|
||||
ynh_replace_string __APP__ $app "$homeserver_config_path"
|
||||
ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path"
|
||||
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path"
|
||||
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path"
|
||||
ynh_replace_string __PORT__ $port "$homeserver_config_path"
|
||||
ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path"
|
||||
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path"
|
||||
ynh_replace_special_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path"
|
||||
ynh_replace_special_string __REGISTRATION_SECRET__ "$registration_shared_secret" "$homeserver_config_path"
|
||||
ynh_replace_string __FORM_SECRET__ "$form_secret" "$homeserver_config_path"
|
||||
ynh_replace_string __REPORT_STATS__ "$report_stats" "$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__SYNAPSE_DB_USER__ --replace_string=$synapse_db_user --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path"
|
||||
ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path"
|
||||
ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path"
|
||||
|
||||
ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml"
|
||||
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml"
|
||||
|
||||
if [ "$is_public" = "0" ]
|
||||
then
|
||||
ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=False --target_file="$homeserver_config_path"
|
||||
else
|
||||
ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path"
|
||||
ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=True --target_file="$homeserver_config_path"
|
||||
fi
|
||||
|
||||
ynh_store_file_checksum "$homeserver_config_path"
|
||||
ynh_store_file_checksum "/etc/matrix-$app/log.yaml"
|
||||
ynh_store_file_checksum --file="$homeserver_config_path"
|
||||
ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml"
|
||||
|
||||
#=================================================
|
||||
# MIGRATION 2 : MULTINSTANCE SUPPORT
|
||||
#=================================================
|
||||
|
||||
if [[ ! -e /etc/matrix-$app/coturn.conf ]]
|
||||
if [ ! -e /etc/matrix-$app/coturn.conf ]
|
||||
then
|
||||
ynh_script_progression --message="Creating an independant service for coturn..." --weight=1
|
||||
|
||||
#=================================================
|
||||
# CREATE AN INDEPENDANT SERVICE FOR COTURN
|
||||
|
@ -195,14 +214,14 @@ then
|
|||
|
||||
# Set by default the system config for coturn
|
||||
echo "" > /etc/turnserver.conf
|
||||
ynh_replace_string "TURNSERVER_ENABLED=1" "TURNSERVER_ENABLED=0" /etc/default/coturn
|
||||
ynh_replace_string --match_string="TURNSERVER_ENABLED=1" --replace_string="TURNSERVER_ENABLED=0" --target_file=/etc/default/coturn
|
||||
|
||||
# Set a port for each service in turnserver
|
||||
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
|
||||
cli_port=$(ynh_find_port 5766)
|
||||
turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
|
||||
cli_port=$(ynh_find_port --port=5766)
|
||||
|
||||
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
|
||||
ynh_app_setting_set $app cli_port $cli_port
|
||||
ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
|
||||
ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
|
||||
|
||||
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
|
||||
|
||||
|
@ -218,8 +237,10 @@ fi
|
|||
#=================================================
|
||||
|
||||
# Fix issue about certificates access
|
||||
if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]]
|
||||
if [ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]
|
||||
then
|
||||
ynh_script_progression --message="Use standard access for certificate..." --weight=1
|
||||
|
||||
adduser $synapse_user ssl-cert
|
||||
adduser turnserver ssl-cert
|
||||
fi
|
||||
|
@ -232,8 +253,10 @@ fi
|
|||
# For any update do it in all files
|
||||
|
||||
# Make dh cert for synapse if it doesn't exist
|
||||
if [[ ! -e /etc/ssl/private/dh2048.pem ]]
|
||||
if [ ! -e /etc/ssl/private/dh2048.pem ]
|
||||
then
|
||||
ynh_script_progression --message="Creating a dh file..." --weight=1
|
||||
|
||||
openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam 2> /dev/null
|
||||
chown root:ssl-cert /etc/ssl/private/dh2048.pem
|
||||
chmod 640 /etc/ssl/private/dh2048.pem
|
||||
|
@ -244,12 +267,17 @@ fi
|
|||
#=================================================
|
||||
# NGINX CONFIGURATION
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=2
|
||||
|
||||
# Create a dedicated nginx config
|
||||
ynh_add_nginx_config
|
||||
|
||||
#=================================================
|
||||
# SPECIFIC UPGRADE
|
||||
#=================================================
|
||||
# UPDATE COTURN CONFIG
|
||||
#=================================================
|
||||
ynh_script_progression --message="Updating coturn config..." --weight=1
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
||||
# For any update do it in all files
|
||||
|
@ -258,33 +286,33 @@ coturn_config_path="/etc/matrix-$app/coturn.conf"
|
|||
|
||||
cp ../conf/turnserver.conf "$coturn_config_path"
|
||||
|
||||
ynh_replace_string __APP__ $app "$coturn_config_path"
|
||||
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path"
|
||||
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path"
|
||||
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
|
||||
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
|
||||
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
|
||||
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
|
||||
ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
|
||||
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
|
||||
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
|
||||
ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
|
||||
ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
|
||||
|
||||
# Get public IP and set as external IP for coturn
|
||||
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
|
||||
public_ip4="$(curl ip.yunohost.org)" || true
|
||||
public_ip6="$(curl ipv6.yunohost.org)" || true
|
||||
|
||||
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
|
||||
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
|
||||
then
|
||||
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
|
||||
ynh_replace_string --match_string='__IPV4__' --replace_string="$public_ip4" --target_file="$coturn_config_path"
|
||||
else
|
||||
ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
|
||||
ynh_replace_string --match_string='__IPV4__,' --replace_string="" --target_file="$coturn_config_path"
|
||||
fi
|
||||
|
||||
if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6"
|
||||
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
|
||||
then
|
||||
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
|
||||
ynh_replace_string --match_string='__IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config_path"
|
||||
else
|
||||
ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
|
||||
ynh_replace_string --match_string=',__IPV6__' --replace_string="" --target_file="$coturn_config_path"
|
||||
fi
|
||||
|
||||
ynh_store_file_checksum "$coturn_config_path"
|
||||
ynh_store_file_checksum --file="$coturn_config_path"
|
||||
|
||||
#=================================================
|
||||
# ADD SCRIPT FOR COTURN CRON
|
||||
|
@ -294,27 +322,29 @@ ynh_store_file_checksum "$coturn_config_path"
|
|||
# For any update do it in all files
|
||||
|
||||
cp ../sources/Coturn_config_rotate.sh $final_path/
|
||||
ynh_replace_string __APP__ $app "$final_path/Coturn_config_rotate.sh"
|
||||
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
|
||||
|
||||
#=================================================
|
||||
# UPDATE SYSTEMD
|
||||
#=================================================
|
||||
ynh_script_progression --message="Upgrading systemd configuration..." --weight=3
|
||||
|
||||
# Create systemd service for synapse and turnserver
|
||||
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
|
||||
ynh_add_systemd_config matrix-$app matrix-synapse.service
|
||||
ynh_add_systemd_config --service=matrix-$app --template=matrix-synapse.service
|
||||
|
||||
cp ../conf/default_coturn /etc/default/coturn-$app
|
||||
ynh_add_systemd_config coturn-$app coturn-synapse.service
|
||||
ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service
|
||||
|
||||
#=================================================
|
||||
# SETUP FAIL2BAN
|
||||
# UPGRADE FAIL2BAN
|
||||
#=================================================
|
||||
ynh_script_progression --message="Reconfiguring fail2ban..." --weight=8
|
||||
|
||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
||||
# For any update do it in all files
|
||||
|
||||
ynh_add_fail2ban_config -t
|
||||
ynh_add_fail2ban_config --use_template
|
||||
|
||||
#=================================================
|
||||
# GENERIC FINALIZATION
|
||||
|
@ -338,11 +368,18 @@ setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
|
|||
# UPDATE VERSION SETTINGS
|
||||
#=================================================
|
||||
|
||||
ynh_app_setting_set $app synapse_version $upstream_version
|
||||
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
|
||||
|
||||
#=================================================
|
||||
# RELOAD SERVICES
|
||||
#=================================================
|
||||
ynh_script_progression --message="Restarting synapse services..." --weight=5
|
||||
|
||||
systemctl restart coturn-$app.service
|
||||
ynh_check_starting "Synapse now listening on TCP port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"
|
||||
ynh_systemd_action --service_name=coturn-$app.service --action=restart
|
||||
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
|
||||
|
||||
#=================================================
|
||||
# END OF SCRIPT
|
||||
#=================================================
|
||||
|
||||
ynh_script_progression --message="Upgrade of $app completed" --last
|
||||
|
|
Loading…
Reference in a new issue