1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00

Normalization from example_ynh

This commit is contained in:
Maniack Crudelis 2019-04-30 19:15:33 +02:00
parent e62bd19eda
commit a2e19998d4
11 changed files with 706 additions and 1047 deletions

View file

@ -1,16 +1,14 @@
Synapse for YunoHost # Synapse for YunoHost
====================
![](https://matrix.org/blog/wp-content/uploads/2015/01/logo1.png) ![](https://matrix.org/blog/wp-content/uploads/2015/01/logo1.png)
[![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://ci-apps.yunohost.org/jenkins/job/synapse%20%28Community%29/lastBuild/consoleFull) [![Integration level](https://dash.yunohost.org/integration/synapse.svg)](https://dash.yunohost.org/appci/app/synapse)
[![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=synapse) [![Install Synapse with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=synapse)
> *This package allows you to install synapse quickly and simply on a YunoHost server. > *This package allows you to install Synapse quickly and simply on a YunoHost server.
If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
Overview ## Overview
--------
Instant messaging server matrix network. Instant messaging server matrix network.
@ -18,8 +16,7 @@ Yunohost chatroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org
**Shipped version:** 0.99.2 **Shipped version:** 0.99.2
Configuration ## Configuration
-------------
### Install for ARM arch (or slow arch) ### Install for ARM arch (or slow arch)
@ -93,14 +90,12 @@ We have put some coarse mitigations into place to try to protect against this
situation, but it's still not a good practice to do it in the first place. See situation, but it's still not a good practice to do it in the first place. See
https://github.com/vector-im/riot-web/issues/1977 for more details. https://github.com/vector-im/riot-web/issues/1977 for more details.
Documentation ## Documentation
-------------
- Official documentation: https://github.com/matrix-org/synapse - Official documentation: https://github.com/matrix-org/synapse
- YunoHost documentation: to be created; feel free to help! - YunoHost documentation: to be created; feel free to help!
YunoHost specific features ## YunoHost specific features
--------------------------
### Multi-users support ### Multi-users support
@ -108,30 +103,20 @@ Supported with LDAP.
### Supported architectures ### Supported architectures
- Tested on x86_64
- Tested on ARM (with specific build)
Limitations * x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/synapse%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/synapse/)
----------- * ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/synapse%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/synapse/)
* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/synapse%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/synapse/)
## Limitations
Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM. Synapse uses a lot of ressource. So on slow architecture (like small ARM board), this app could take a lot of CPU and RAM.
This app doesn't provide any real good web interface. So it's recommended to use Riot client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/riot_ynh) This app doesn't provide any real good web interface. So it's recommended to use Riot client to connect to this app. This app is available [here](https://github.com/YunoHost-Apps/riot_ynh)
Links ## Additional information
-----
- Report a bug: https://github.com/YunoHost-Apps/synapse_ynh/issues ## Administation
- Matrix website: https://matrix.org/
- YunoHost website: https://yunohost.org/
Additional information
-----
Administation
-------------
**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** **All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.**
@ -182,17 +167,23 @@ If anything fails while you are doing the upgrade please create an issue here: h
Synapse is published under the Apache License: https://github.com/matrix-org/synapse/blob/master/LICENSE Synapse is published under the Apache License: https://github.com/matrix-org/synapse/blob/master/LICENSE
## Links
- Report a bug: https://github.com/YunoHost-Apps/synapse_ynh/issues
- Matrix website: https://matrix.org/
- YunoHost website: https://yunohost.org/
--- ---
Developers infos Developers infos
---------------- ----------------
Please do your pull request to the testing branch. Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/synapse_ynh/tree/testing).
To try the testing branch, please proceed like that: To try the testing branch, please proceed like that:
```bash ```bash
sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --verbose sudo yunohost app install https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
or or
sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --verbose sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug
``` ```

View file

@ -19,17 +19,7 @@
port_already_use=1 (8448) port_already_use=1 (8448)
change_url=0 change_url=0
;;; Levels ;;; Levels
Level 1=auto
Level 2=auto
Level 3=auto
# https://github.com/YunoHost-Apps/synapse_ynh/blob/master/conf/homeserver.yaml#L443-L454
Level 4=1
Level 5=auto Level 5=auto
Level 6=auto
Level 7=auto
Level 8=0
Level 9=0
Level 10=0
;;; Upgrade options ;;; Upgrade options
; commit=db374d2bff981d2660ebdac52ee77c684383c00d ; commit=db374d2bff981d2660ebdac52ee77c684383c00d
name=Fix postgresql helper from old_version_for_CI_2 branch name=Fix postgresql helper from old_version_for_CI_2 branch

View file

@ -1,6 +1,6 @@
location __PATH__ { location __PATH__ {
proxy_pass http://localhost:__PORT__; proxy_pass http://localhost:__PORT__;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 100M; client_max_body_size 100M;
} }

View file

@ -2,20 +2,20 @@
"name": "Synapse", "name": "Synapse",
"id": "synapse", "id": "synapse",
"packaging_format": 1, "packaging_format": 1,
"requirements": {
"yunohost": ">= 2.7.14"
},
"description": { "description": {
"en": "Instant messaging server who use matrix", "en": "Instant messaging server who use matrix",
"fr": "Un serveur de messagerie instantané basé sur matrix" "fr": "Un serveur de messagerie instantané basé sur matrix"
}, },
"version": "0.99.2~ynh1", "version": "0.99.2~ynh2",
"url": "http://matrix.org", "url": "http://matrix.org",
"license": "Apache-2.0", "license": "Apache-2.0",
"maintainer": { "maintainer": {
"name": "Josué Tille", "name": "Josué Tille",
"email": "josue@tille.ch" "email": "josue@tille.ch"
}, },
"requirements": {
"yunohost": ">= 3.5"
},
"multi_instance": true, "multi_instance": true,
"services": [ "services": [
"nginx" "nginx"
@ -38,7 +38,7 @@
"en": "Is it a public server ?", "en": "Is it a public server ?",
"fr": "Est-ce un serveur public ?" "fr": "Est-ce un serveur public ?"
}, },
"default": 0 "default": false
} }
] ]
} }

View file

@ -6,83 +6,102 @@
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
source ../settings/scripts/_common.sh
source ../settings/scripts/experimental_helper.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
# Stop script if errors #=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors ynh_abort_if_errors
# Import common cmd
source ../settings/scripts/psql.sh
source ../settings/scripts/experimental_helper.sh
source ../settings/scripts/_common.sh
#================================================= #=================================================
# SET ALL CONSTANT # LOAD SETTINGS
#================================================= #=================================================
ynh_script_progression --message="Loading installation settings..." --weight=2
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# SET CONSTANTS
#=================================================
synapse_user="matrix-$app" synapse_user="matrix-$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app" synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version) upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
domain=$(ynh_app_setting_get $app special_domain)
final_path=$(ynh_app_setting_get $app final_path)
#================================================= #=================================================
# STANDARD BACKUP STEPS # STANDARD BACKUP STEPS
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf"
#=================================================
# BACKUP SYNAPSE CONFIG
#=================================================
ynh_backup "/etc/matrix-$app"
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_backup "/etc/default/matrix-$app"
ynh_backup "/etc/systemd/system/matrix-$app.service"
ynh_backup "/etc/default/coturn-$app"
ynh_backup "/etc/systemd/system/coturn-$app.service"
#================================================= #=================================================
# BACKUP THE APP MAIN DIR # BACKUP THE APP MAIN DIR
#================================================= #=================================================
ynh_script_progression --message="Backing up the main app directory..." --weight=1
ynh_backup "$final_path" "bin" ynh_backup --src_path="$final_path"
#================================================= #=================================================
# BACKUP SYNAPSE DATA # BACKUP THE NGINX CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Backing up nginx web server configuration..." --weight=1
ynh_backup "/var/lib/matrix-$app" "data" 1 ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#================================================= #=================================================
# BACKUP THE POSTGRESQL DATABASE # BACKUP THE POSTGRESQL DATABASE
#================================================= #=================================================
ynh_script_progression --message="Backing up the PostgreSQL database..." --weight=2
ynh_psql_dump_db "$synapse_db_name" > ${YNH_CWD}/dump.sql ynh_psql_dump_db --database="$synapse_db_name" > ${YNH_CWD}/dump.sql
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Backing up fail2ban configuration" --weight=1
ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP SYNAPSE CONFIG
#=================================================
ynh_script_progression --message="Backing up synapse configuration..." --weight=2
ynh_backup --src_path="/etc/matrix-$app"
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_script_progression --message="Backing up systemd configuration..." --weight=1
ynh_backup --src_path="/etc/default/matrix-$app"
ynh_backup --src_path="/etc/systemd/system/matrix-$app.service"
ynh_backup --src_path="/etc/default/coturn-$app"
ynh_backup --src_path="/etc/systemd/system/coturn-$app.service"
#=================================================
# BACKUP SYNAPSE DATA
#=================================================
ynh_script_progression --message="Backing up synapse data..." --weight=1
ynh_backup --src_path="/var/lib/matrix-$app" --is_big
#================================================= #=================================================
# BACKUP SYNAPSE LOG # BACKUP SYNAPSE LOG
#================================================= #=================================================
ynh_script_progression --message="Backing up synapse log..." --weight=1
ynh_backup "/var/log/matrix-$app" ynh_backup --src_path="/var/log/matrix-$app"
#================================================= #=================================================
# BACKUP FAIL2BAN CONFIG # END OF SCRIPT
#================================================= #=================================================
ynh_backup "/etc/fail2ban/jail.d/$app.conf" ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last
ynh_backup "/etc/fail2ban/filter.d/$app.conf"

View file

@ -1,101 +1,30 @@
# Read the value of a key in a ynh manifest file #!/bin/bash
#
# usage: ynh_read_manifest manifest key
# | arg: manifest - Path of the manifest to read
# | arg: key - Name of the key to find
ynh_read_manifest () {
manifest="$1"
key="$2"
python3 -c "import sys, json;print(json.load(open('$manifest', encoding='utf-8'))['$key'])"
}
# Read the upstream version from the manifest
# this include the number before ~ynh
#
# usage: ynh_app_upstream_version
ynh_app_upstream_version () {
manifest_path="../manifest.json"
if [ ! -e "$manifest_path" ]; then
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
fi
version_key=$(ynh_read_manifest "$manifest_path" "version")
echo "${version_key/~ynh*/}"
}
# Read package version from the manifest
# this include the number after ~ynh
#
# usage: ynh_app_package_version
ynh_app_package_version () {
manifest_path="../manifest.json"
if [ ! -e "$manifest_path" ]; then
manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place
fi
version_key=$(ynh_read_manifest "$manifest_path" "version")
echo "${version_key/*~ynh/}"
}
# Start or restart a service and follow its booting
#
# usage: ynh_check_starting "Line to match" [Log file] [Timeout] [Service name]
#
# | arg: Line to match - The line to find in the log to attest the service have finished to boot.
# | arg: Log file - The log file to watch
# | arg: Service name
# /var/log/$app/$app.log will be used if no other log is defined.
# | arg: Timeout - The maximum time to wait before ending the watching. Defaut 300 seconds.
ynh_check_starting () {
local line_to_match="$1"
local service_name="${4:-$app}"
local app_log="${2:-/var/log/$service_name/$service_name.log}"
local timeout=${3:-300}
ynh_clean_check_starting () {
# Stop the execution of tail.
kill -s 15 $pid_tail 2>&1
ynh_secure_remove "$templog" 2>&1
}
echo "Starting of $service_name" >&2
systemctl restart $service_name
local templog="$(mktemp)"
# Following the starting of the app in its log
tail -F -n1 "$app_log" > "$templog" &
# Get the PID of the tail command
local pid_tail=$!
local i=0
for i in `seq 1 $timeout`
do
# Read the log until the sentence is found, that means the app finished to start. Or run until the timeout
if grep --quiet "$line_to_match" "$templog"
then
echo "The service $service_name has correctly started." >&2
break
fi
echo -n "." >&2
sleep 1
done
if [ $i -eq $timeout ]
then
echo "The service $service_name didn't fully started before the timeout." >&2
fi
echo ""
ynh_clean_check_starting
}
# Send an email to inform the administrator # Send an email to inform the administrator
# #
# usage: ynh_send_readme_to_admin app_message [recipients] # usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type]
# | arg: app_message - The message to send to the administrator. # | arg: -m --app_message= - The file with the content to send to the administrator.
# | arg: recipients - The recipients of this email. Use spaces to separate multiples recipients. - default: root # | arg: -r, --recipients= - The recipients of this email. Use spaces to separate multiples recipients. - default: root
# example: "root admin@domain" # example: "root admin@domain"
# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you # If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you
# example: "root admin@domain user1 user2" # example: "root admin@domain user1 user2"
# | arg: -t, --type= - Type of mail, could be 'backup', 'change_url', 'install', 'remove', 'restore', 'upgrade'
ynh_send_readme_to_admin() { ynh_send_readme_to_admin() {
local app_message="${1:-...No specific information...}" # Declare an array to define the options of this helper.
local recipients="${2:-root}" declare -Ar args_array=( [m]=app_message= [r]=recipients= [t]=type= )
local app_message
local recipients
local type
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
app_message="${app_message:-}"
recipients="${recipients:-root}"
type="${type:-install}"
# Get the value of admin_mail_html
admin_mail_html=$(ynh_app_setting_get $app admin_mail_html)
admin_mail_html="${admin_mail_html:-0}"
# Retrieve the email of users # Retrieve the email of users
find_mails () { find_mails () {
@ -121,18 +50,75 @@ ynh_send_readme_to_admin() {
} }
recipients=$(find_mails "$recipients") recipients=$(find_mails "$recipients")
local mail_subject="☁️🆈🅽🅷☁️: \`$app\` was just installed!" # Subject base
local mail_subject="☁️🆈🅽🅷☁️: \`$app\`"
# Adapt the subject according to the type of mail required.
if [ "$type" = "backup" ]; then
mail_subject="$mail_subject has just been backup."
elif [ "$type" = "change_url" ]; then
mail_subject="$mail_subject has just been moved to a new URL!"
elif [ "$type" = "remove" ]; then
mail_subject="$mail_subject has just been removed!"
elif [ "$type" = "restore" ]; then
mail_subject="$mail_subject has just been restored!"
elif [ "$type" = "upgrade" ]; then
mail_subject="$mail_subject has just been upgraded!"
else # install
mail_subject="$mail_subject has just been installed!"
fi
local mail_message="This is an automated message from your beloved YunoHost server. local mail_message="This is an automated message from your beloved YunoHost server.
Specific information for the application $app. Specific information for the application $app.
$app_message $(if [ -n "$app_message" ]
then
cat "$app_message"
else
echo "...No specific information..."
fi)
--- ---
Automatic diagnosis data from YunoHost Automatic diagnosis data from YunoHost
$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')" __PRE_TAG1__$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')__PRE_TAG2__"
# Store the message into a file for further modifications.
echo "$mail_message" > mail_to_send
# If a html email is required. Apply html tags to the message.
if [ "$admin_mail_html" -eq 1 ]
then
# Insert 'br' tags at each ending of lines.
ynh_replace_string "$" "<br>" mail_to_send
# Insert starting HTML tags
sed --in-place '1s@^@<!DOCTYPE html>\n<html>\n<head></head>\n<body>\n@' mail_to_send
# Keep tabulations
ynh_replace_string " " "\&#160;\&#160;" mail_to_send
ynh_replace_string "\t" "\&#160;\&#160;" mail_to_send
# Insert url links tags
ynh_replace_string "__URL_TAG1__\(.*\)__URL_TAG2__\(.*\)__URL_TAG3__" "<a href=\"\2\">\1</a>" mail_to_send
# Insert pre tags
ynh_replace_string "__PRE_TAG1__" "<pre>" mail_to_send
ynh_replace_string "__PRE_TAG2__" "<\pre>" mail_to_send
# Insert finishing HTML tags
echo -e "\n</body>\n</html>" >> mail_to_send
# Otherwise, remove tags to keep a plain text.
else
# Remove URL tags
ynh_replace_string "__URL_TAG[1,3]__" "" mail_to_send
ynh_replace_string "__URL_TAG2__" ": " mail_to_send
# Remove PRE tags
ynh_replace_string "__PRE_TAG[1-2]__" "" mail_to_send
fi
# Define binary to use for mail command # Define binary to use for mail command
if [ -e /usr/bin/bsd-mailx ] if [ -e /usr/bin/bsd-mailx ]
@ -142,361 +128,13 @@ $(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')"
local mail_bin=/usr/bin/mail.mailutils local mail_bin=/usr/bin/mail.mailutils
fi fi
# Send the email to the recipients if [ "$admin_mail_html" -eq 1 ]
echo "$mail_message" | $mail_bin -a "Content-Type: text/plain; charset=UTF-8" -s "$mail_subject" "$recipients"
}
# Internal helper design to allow helpers to use getopts to manage their arguments
#
# [internal]
#
# example: function my_helper()
# {
# declare -Ar args_array=( [a]=arg1= [b]=arg2= [c]=arg3 )
# local arg1
# local arg2
# local arg3
# ynh_handle_getopts_args "$@"
#
# [...]
# }
# my_helper --arg1 "val1" -b val2 -c
#
# usage: ynh_handle_getopts_args "$@"
# | arg: $@ - Simply "$@" to tranfert all the positionnal arguments to the function
#
# This helper need an array, named "args_array" with all the arguments used by the helper
# that want to use ynh_handle_getopts_args
# Be carreful, this array has to be an associative array, as the following example:
# declare -Ar args_array=( [a]=arg1 [b]=arg2= [c]=arg3 )
# Let's explain this array:
# a, b and c are short options, -a, -b and -c
# arg1, arg2 and arg3 are the long options associated to the previous short ones. --arg1, --arg2 and --arg3
# For each option, a short and long version has to be defined.
# Let's see something more significant
# declare -Ar args_array=( [u]=user [f]=finalpath= [d]=database )
#
# NB: Because we're using 'declare' without -g, the array will be declared as a local variable.
#
# Please keep in mind that the long option will be used as a variable to store the values for this option.
# For the previous example, that means that $finalpath will be fill with the value given as argument for this option.
#
# Also, in the previous example, finalpath has a '=' at the end. That means this option need a value.
# So, the helper has to be call with --finalpath /final/path, --finalpath=/final/path or -f /final/path, the variable $finalpath will get the value /final/path
# If there's many values for an option, -f /final /path, the value will be separated by a ';' $finalpath=/final;/path
# For an option without value, like --user in the example, the helper can be called only with --user or -u. $user will then get the value 1.
#
# To keep a retrocompatibility, a package can still call a helper, using getopts, with positional arguments.
# The "legacy mode" will manage the positional arguments and fill the variable in the same order than they are given in $args_array.
# e.g. for `my_helper "val1" val2`, arg1 will be filled with val1, and arg2 with val2.
ynh_handle_getopts_args () {
# Manage arguments only if there's some provided
set +x
if [ $# -ne 0 ]
then then
# Store arguments in an array to keep each argument separated content_type="text/html"
local arguments=("$@") else
content_type="text/plain"
# For each option in the array, reduce to short options for getopts (e.g. for [u]=user, --user will be -u)
# And built parameters string for getopts
# ${!args_array[@]} is the list of all option_flags in the array (An option_flag is 'u' in [u]=user, user is a value)
local getopts_parameters=""
local option_flag=""
for option_flag in "${!args_array[@]}"
do
# Concatenate each option_flags of the array to build the string of arguments for getopts
# Will looks like 'abcd' for -a -b -c -d
# If the value of an option_flag finish by =, it's an option with additionnal values. (e.g. --user bob or -u bob)
# Check the last character of the value associate to the option_flag
if [ "${args_array[$option_flag]: -1}" = "=" ]
then
# For an option with additionnal values, add a ':' after the letter for getopts.
getopts_parameters="${getopts_parameters}${option_flag}:"
else
getopts_parameters="${getopts_parameters}${option_flag}"
fi
# Check each argument given to the function
local arg=""
# ${#arguments[@]} is the size of the array
for arg in `seq 0 $(( ${#arguments[@]} - 1 ))`
do
# And replace long option (value of the option_flag) by the short option, the option_flag itself
# (e.g. for [u]=user, --user will be -u)
# Replace long option with =
arguments[arg]="${arguments[arg]//--${args_array[$option_flag]}/-${option_flag} }"
# And long option without =
arguments[arg]="${arguments[arg]//--${args_array[$option_flag]%=}/-${option_flag}}"
done
done
# Read and parse all the arguments
# Use a function here, to use standart arguments $@ and be able to use shift.
parse_arg () {
# Read all arguments, until no arguments are left
while [ $# -ne 0 ]
do
# Initialize the index of getopts
OPTIND=1
# Parse with getopts only if the argument begin by -, that means the argument is an option
# getopts will fill $parameter with the letter of the option it has read.
local parameter=""
getopts ":$getopts_parameters" parameter || true
if [ "$parameter" = "?" ]
then
ynh_die --message="Invalid argument: -${OPTARG:-}"
elif [ "$parameter" = ":" ]
then
ynh_die --message="-$OPTARG parameter requires an argument."
else
local shift_value=1
# Use the long option, corresponding to the short option read by getopts, as a variable
# (e.g. for [u]=user, 'user' will be used as a variable)
# Also, remove '=' at the end of the long option
# The variable name will be stored in 'option_var'
local option_var="${args_array[$parameter]%=}"
# If this option doesn't take values
# if there's a '=' at the end of the long option name, this option takes values
if [ "${args_array[$parameter]: -1}" != "=" ]
then
# 'eval ${option_var}' will use the content of 'option_var'
eval ${option_var}=1
else
# Read all other arguments to find multiple value for this option.
# Load args in a array
local all_args=("$@")
# If the first argument is longer than 2 characters,
# There's a value attached to the option, in the same array cell
if [ ${#all_args[0]} -gt 2 ]; then
# Remove the option and the space, so keep only the value itself.
all_args[0]="${all_args[0]#-${parameter} }"
# Reduce the value of shift, because the option has been removed manually
shift_value=$(( shift_value - 1 ))
fi
# Declare the content of option_var as a variable.
eval ${option_var}=""
# Then read the array value per value
local i
for i in `seq 0 $(( ${#all_args[@]} - 1 ))`
do
# If this argument is an option, end here.
if [ "${all_args[$i]:0:1}" == "-" ]
then
# Ignore the first value of the array, which is the option itself
if [ "$i" -ne 0 ]; then
break
fi
else
# Else, add this value to this option
# Each value will be separated by ';'
if [ -n "${!option_var}" ]
then
# If there's already another value for this option, add a ; before adding the new value
eval ${option_var}+="\;"
fi
# Escape double quote to prevent any interpretation during the eval
all_args[$i]="${all_args[$i]//\"/\\\"}"
eval ${option_var}+=\"${all_args[$i]}\"
shift_value=$(( shift_value + 1 ))
fi
done
fi
fi
# Shift the parameter and its argument(s)
shift $shift_value
done
}
# LEGACY MODE
# Check if there's getopts arguments
if [ "${arguments[0]:0:1}" != "-" ]
then
# If not, enter in legacy mode and manage the arguments as positionnal ones..
# Dot not echo, to prevent to go through a helper output. But print only in the log.
set -x; echo "! Helper used in legacy mode !" > /dev/null; set +x
local i
for i in `seq 0 $(( ${#arguments[@]} -1 ))`
do
# Try to use legacy_args as a list of option_flag of the array args_array
# Otherwise, fallback to getopts_parameters to get the option_flag. But an associative arrays isn't always sorted in the correct order...
# Remove all ':' in getopts_parameters
getopts_parameters=${legacy_args:-${getopts_parameters//:}}
# Get the option_flag from getopts_parameters, by using the option_flag according to the position of the argument.
option_flag=${getopts_parameters:$i:1}
if [ -z "$option_flag" ]; then
ynh_print_warn --message="Too many arguments ! \"${arguments[$i]}\" will be ignored."
continue
fi
# Use the long option, corresponding to the option_flag, as a variable
# (e.g. for [u]=user, 'user' will be used as a variable)
# Also, remove '=' at the end of the long option
# The variable name will be stored in 'option_var'
local option_var="${args_array[$option_flag]%=}"
# Escape double quote to prevent any interpretation during the eval
arguments[$i]="${arguments[$i]//\"/\\\"}"
# Store each value given as argument in the corresponding variable
# The values will be stored in the same order than $args_array
eval ${option_var}+=\"${arguments[$i]}\"
done
unset legacy_args
else
# END LEGACY MODE
# Call parse_arg and pass the modified list of args as an array of arguments.
parse_arg "${arguments[@]}"
fi
fi fi
set -x
} # Send the email to the recipients
cat mail_to_send | $mail_bin -a "Content-Type: $content_type; charset=UTF-8" -s "$mail_subject" "$recipients"
# Create a dedicated fail2ban config (jail and filter conf files)
#
# usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports]
# | arg: -l, --logpath= - Log file to be checked by fail2ban
# | arg: -r, --failregex= - Failregex to be looked for by fail2ban
# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3
# | arg: -p, --ports= - Ports blocked for a banned IP address - default: http,https
#
# -----------------------------------------------------------------------------
#
# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"]
# | arg: -t, --use_template - Use this helper in template mode
# | arg: -v, --others_var= - List of others variables to replace separeted by a space
# | for example : 'var_1 var_2 ...'
#
# This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf
# __APP__ by $app
#
# You can dynamically replace others variables by example :
# __VAR_1__ by $var_1
# __VAR_2__ by $var_2
#
# Generally your template will look like that by example (for synapse):
#
# f2b_jail.conf:
# [__APP__]
# enabled = true
# port = http,https
# filter = __APP__
# logpath = /var/log/__APP__/logfile.log
# maxretry = 3
#
# f2b_filter.conf:
# [INCLUDES]
# before = common.conf
# [Definition]
#
# # Part of regex definition (just used to make more easy to make the global regex)
# __synapse_start_line = .? \- synapse\..+ \-
#
# # Regex definition.
# failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- <HOST> \- \d+ \- Received request\: POST /_matrix/client/r0/login\??<SKIPLINES>%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'<SKIPLINES>%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$
#
# ignoreregex =
#
# -----------------------------------------------------------------------------
#
# Note about the "failregex" option:
# regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
#
# You can find some more explainations about how to make a regex here :
# https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
#
# Note that the logfile need to exist before to call this helper !!
#
# To validate your regex you can test with this command:
# fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf
#
ynh_add_fail2ban_config () {
# Declare an array to define the options of this helper.
local legacy_args=lrmptv
declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
local logpath
local failregex
local max_retry
local ports
local others_var
local use_template
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
use_template="${use_template:-0}"
max_retry=${max_retry:-3}
ports=${ports:-http,https}
finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
ynh_backup_if_checksum_is_different "$finalfail2banjailconf"
ynh_backup_if_checksum_is_different "$finalfail2banfilterconf"
if [ $use_template -eq 1 ]
then
# Usage 2, templates
cp ../conf/f2b_jail.conf $finalfail2banjailconf
cp ../conf/f2b_filter.conf $finalfail2banfilterconf
if [ -n "${app:-}" ]
then
ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf"
ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf"
fi
# Replace all other variable given as arguments
for var_to_replace in ${others_var:-}; do
# ${var_to_replace^^} make the content of the variable on upper-cases
# ${!var_to_replace} get the content of the variable named $var_to_replace
ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banjailconf"
ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banfilterconf"
done
else
# Usage 1, no template. Build a config file from scratch.
test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
tee $finalfail2banjailconf <<EOF
[$app]
enabled = true
port = $ports
filter = $app
logpath = $logpath
maxretry = $max_retry
EOF
tee $finalfail2banfilterconf <<EOF
[INCLUDES]
before = common.conf
[Definition]
failregex = $failregex
ignoreregex =
EOF
fi
# Common to usage 1 and 2.
ynh_store_file_checksum "$finalfail2banjailconf"
ynh_store_file_checksum "$finalfail2banfilterconf"
systemctl try-reload-or-restart fail2ban
local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
if [[ -n "$fail2ban_error" ]]; then
ynh_print_err --message="Fail2ban failed to load the jail for $app"
ynh_print_warn --message="${fail2ban_error#*WARNING}"
fi
}
# Remove the dedicated fail2ban config (jail and filter conf files)
#
# usage: ynh_remove_fail2ban_config
ynh_remove_fail2ban_config () {
ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
systemctl try-reload-or-restart fail2ban
} }

View file

@ -6,97 +6,108 @@
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
source _common.sh
source experimental_helper.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
# Stop script if errors #=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
# Clean installation remainings that are not handled by the remove script.
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors ynh_abort_if_errors
# Import common fonctions
source ./psql.sh
source ./experimental_helper.sh
source ./_common.sh
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
report_stats="False"
#================================================= #=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST # RETRIEVE ARGUMENTS FROM THE MANIFEST
#================================================= #=================================================
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
is_public=$YNH_APP_ARG_IS_PUBLIC is_public=$YNH_APP_ARG_IS_PUBLIC
app=$YNH_APP_INSTANCE_NAME
#=================================================
# SET CONSTANTS
#=================================================
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
report_stats="False"
path_url="/_matrix" path_url="/_matrix"
final_path="/opt/yunohost/matrix-$app" final_path="/opt/yunohost/matrix-$app"
#================================================= #=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#================================================= #=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=2
ynh_webpath_available $domain $path_url || ynh_die "$domain is not available as domain, please use an other domain." ynh_webpath_available --domain=$domain --path_url=$path_url || ynh_die --message="$domain is not available as domain, please use an other domain."
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die "$domain is not available as domain, please use an other domain." test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain."
# Check Final Path availability # Check Final Path availability
test ! -e "$final_path" || ynh_die "This path already contains a folder" test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
#================================================= #=================================================
# STORE SETTINGS FROM MANIFEST # STORE SETTINGS FROM MANIFEST
#================================================= #=================================================
ynh_script_progression --message="Storing installation settings..." --weight=1
# For the domain and the path we can't use the standard keys "domain" and "path" with the standard function ynh_webpath_register because it create automatically a button on the user pannel. # For the domain and the path we can't use the standard keys "domain" and "path" with the standard function ynh_webpath_register because it create automatically a button on the user pannel.
# The idea is to create a custom key (specia_domain and special_path instead of domain and key). # The idea is to create a custom key (specia_domain and special_path instead of domain and key).
# By this the ssowatconf fonction don't create a button on the pannel. # By this the ssowatconf fonction don't create a button on the pannel.
# This hack solve the issue : https://github.com/YunoHost-Apps/synapse_ynh/issues/14 # This hack solve the issue : https://github.com/YunoHost-Apps/synapse_ynh/issues/14
ynh_app_setting_set $app special_domain $domain ynh_app_setting_set --app=$app --key=special_domain --value=$domain
ynh_app_setting_set $app special_path $path_url ynh_app_setting_set --app=$app --key=special_path --value=$path_url
ynh_app_setting_set $app final_path $final_path ynh_app_setting_set --app=$app --key=final_path --value=$final_path
ynh_app_setting_set $app synapse_version $upstream_version ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
ynh_app_setting_set $app is_public $is_public ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set $app report_stats $report_stats ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS
#================================================= #=================================================
# FIND AND OPEN A PORT # FIND AND OPEN A PORT
#================================================= #=================================================
ynh_script_progression --message="Configuring firewall..." --weight=19
# Find a free port # Find a free port
synapse_tls_port=$(ynh_find_port 8448) synapse_tls_port=$(ynh_find_port --port=8448)
port=$(ynh_find_port 8008) port=$(ynh_find_port --port=8008)
turnserver_tls_port=$(ynh_find_port 5349) turnserver_tls_port=$(ynh_find_port --port=5349)
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1))) turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766) cli_port=$(ynh_find_port --port=5766)
# Open this port # Open this port
yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1 ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port
yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1 ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
# Store opened ports # Store opened ports
ynh_app_setting_set $app synapse_port $port ynh_app_setting_set --app=$app --key=synapse_port --value=$port
ynh_app_setting_set $app synapse_tls_port $synapse_tls_port ynh_app_setting_set --app=$app --key=synapse_tls_port --value=$synapse_tls_port
ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
ynh_app_setting_set $app cli_port $cli_port ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
#================================================= #=================================================
# CREATE A DH FILE # CREATE A DH FILE
#================================================= #=================================================
ynh_script_progression --message="Creating a dh file..." --weight=3
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE # WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files # For any update do it in all files
# Make dh cert for synapse if doesn't exist # Make dh cert for synapse if it doesn't exist
if [[ ! -e /etc/ssl/private/dh2048.pem ]] if [ ! -e /etc/ssl/private/dh2048.pem ]
then then
openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam 2> /dev/null ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
chown root:ssl-cert /etc/ssl/private/dh2048.pem chown root:ssl-cert /etc/ssl/private/dh2048.pem
chmod 640 /etc/ssl/private/dh2048.pem chmod 640 /etc/ssl/private/dh2048.pem
fi fi
@ -104,6 +115,7 @@ fi
#================================================= #=================================================
# INSTALL DEPENDENCIES # INSTALL DEPENDENCIES
#================================================= #=================================================
ynh_script_progression --message="Installing dependencies..." --weight=80
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE # WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files # For any update do it in all files
@ -112,27 +124,30 @@ ynh_install_app_dependencies $dependances
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
#================================================= #=================================================
ynh_script_progression --message="Configuring system user..." --weight=3
ynh_system_user_create $synapse_user /var/lib/matrix-$app ynh_system_user_create --username=$synapse_user --home_dir=/var/lib/matrix-$app
adduser $synapse_user ssl-cert adduser $synapse_user ssl-cert
adduser turnserver ssl-cert adduser turnserver ssl-cert
#================================================= #=================================================
# CREATE A POSTGRESQL DATABASE # CREATE A POSTGRESQL DATABASE
#================================================= #=================================================
ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4
synapse_db_pwd=$(ynh_string_random 30) synapse_db_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd
# Create postgresql database # Create postgresql database
ynh_psql_test_if_first_run ynh_psql_test_if_first_run
ynh_psql_create_user $synapse_db_user $synapse_db_pwd ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \ ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" --sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
ynh_script_progression --message="Setting up source files..." --weight=50
# Create empty dir for synapse # Create empty dir for synapse
@ -149,14 +164,14 @@ mkdir -p $final_path
# For any update do it in all files # For any update do it in all files
if [ -n "$(uname -m | grep arm)" ] if [ -n "$(uname -m | grep arm)" ]
then then
ynh_setup_source $final_path/ "armv7_$(lsb_release --codename --short)" ynh_setup_source --dest_dir=$final_path/ --source_id="armv7_$(lsb_release --codename --short)"
else else
# Install virtualenv if it don't exist # Install virtualenv if it don't exist
test -e $final_path/bin/python3 || python3 -m venv $final_path test -e $final_path/bin/python3 || python3 -m venv $final_path
# Install synapse in virtualenv # Install synapse in virtualenv
cp ../conf/virtualenv_activate $final_path/bin/activate cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate ynh_replace_string --match_string=__FINAL_PATH__ --replace_string=$final_path --target_file=$final_path/bin/activate
# We set all necessary environement variable to create a python virtualenvironnement. # We set all necessary environement variable to create a python virtualenvironnement.
source $final_path/bin/activate source $final_path/bin/activate
@ -172,6 +187,7 @@ fi
#================================================= #=================================================
# CREATE SYNAPSE CONFIG # CREATE SYNAPSE CONFIG
#================================================= #=================================================
ynh_script_progression --message="Creating synapse config..." --weight=3
# Go in virtualenvironnement # Go in virtualenvironnement
PS1=${PS1:-} PS1=${PS1:-}
@ -188,33 +204,36 @@ registration_shared_secret=$(egrep "^registration_shared_secret" homeserver.yml
form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f2) form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f2)
# store in yunohost settings # store in yunohost settings
ynh_app_setting_set $app registration_shared_secret "$registration_shared_secret" ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
ynh_app_setting_set $app form_secret "$form_secret" ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
#================================================= #=================================================
# SETUP SYSTEMD # SETUP SYSTEMD
#================================================= #=================================================
ynh_script_progression --message="Configuring a systemd service..." --weight=2
# Create systemd service for synapse and turnserver # Create systemd service for synapse and turnserver
cp ../conf/default_matrix-synapse /etc/default/matrix-$app cp ../conf/default_matrix-synapse /etc/default/matrix-$app
ynh_add_systemd_config matrix-$app matrix-synapse.service ynh_add_systemd_config --service=matrix-$app --template=matrix-synapse.service
cp ../conf/default_coturn /etc/default/coturn-$app cp ../conf/default_coturn /etc/default/coturn-$app
ynh_add_systemd_config coturn-$app coturn-synapse.service ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service
#================================================= #=================================================
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Configuring nginx web server..." --weight=2
ynh_add_nginx_config ynh_add_nginx_config
#================================================= #=================================================
# SET SYNAPSE CONFIG # SET SYNAPSE CONFIG
#================================================= #=================================================
ynh_script_progression --message="Configuring synapse..." --weight=2
# Find password for turnserver and database # Find password for turnserver and database
turnserver_pwd=$(ynh_string_random 30) turnserver_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set $app turnserver_pwd $turnserver_pwd ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
# Configure Synapse # Configure Synapse
@ -226,33 +245,34 @@ homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
cp ../conf/homeserver.yaml "$homeserver_config_path" cp ../conf/homeserver.yaml "$homeserver_config_path"
cp ../conf/log.yaml /etc/matrix-$app/log.yaml cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string __APP__ $app "$homeserver_config_path" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$homeserver_config_path"
ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path" ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path" ynh_replace_string --match_string=__SYNAPSE_DB_USER__ --replace_string=$synapse_db_user --target_file="$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path" ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
ynh_replace_string __PORT__ $port "$homeserver_config_path" ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file="$homeserver_config_path"
ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path" ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path"
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path" ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path"
ynh_replace_special_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path" ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path"
ynh_replace_special_string __REGISTRATION_SECRET__ "$registration_shared_secret" "$homeserver_config_path" ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path"
ynh_replace_string __FORM_SECRET__ "$form_secret" "$homeserver_config_path" ynh_replace_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
ynh_replace_string __REPORT_STATS__ "$report_stats" "$homeserver_config_path" ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path"
ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml"
if [ "$is_public" = "0" ] if [ $is_public -eq 0 ]
then then
ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path" ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=False --target_file="$homeserver_config_path"
else else
ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path" ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=True --target_file="$homeserver_config_path"
fi fi
ynh_store_file_checksum "$homeserver_config_path" ynh_store_file_checksum --file="$homeserver_config_path"
ynh_store_file_checksum "/etc/matrix-$app/log.yaml" ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml"
#================================================= #=================================================
# SET COTURN CONFIG # SET COTURN CONFIG
#================================================= #=================================================
ynh_script_progression --message="Configuring coturn..." --weight=1
# WARNING : theses command are used in INSTALL, UPGRADE # WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files # For any update do it in all files
@ -261,39 +281,40 @@ coturn_config_path="/etc/matrix-$app/coturn.conf"
cp ../conf/turnserver.conf "$coturn_config_path" cp ../conf/turnserver.conf "$coturn_config_path"
ynh_replace_string __APP__ $app "$coturn_config_path" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path" ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path" ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path" ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path" ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path" ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
# Get public IP and set as external IP for coturn # Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true public_ip6="$(curl ipv6.yunohost.org)" || true
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4" if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then then
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path" ynh_replace_string --match_string='__IPV4__' --replace_string="$public_ip4" --target_file="$coturn_config_path"
else else
ynh_replace_string '__IPV4__,' "" "$coturn_config_path" ynh_replace_string --match_string='__IPV4__,' --replace_string="" --target_file="$coturn_config_path"
fi fi
if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6" if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then then
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path" ynh_replace_string --match_string='__IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config_path"
else else
ynh_replace_string ',__IPV6__' "" "$coturn_config_path" ynh_replace_string --match_string=',__IPV6__' --replace_string="" --target_file="$coturn_config_path"
fi fi
ynh_store_file_checksum "$coturn_config_path" ynh_store_file_checksum --file="$coturn_config_path"
#================================================= #=================================================
# SETUP LOGROTATE # SETUP LOGROTATE
#================================================= #=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=2
ynh_use_logrotate /var/log/matrix-$app ynh_use_logrotate "/var/log/matrix-$app"
#================================================= #=================================================
# ADD SCRIPT FOR COTURN CRON # ADD SCRIPT FOR COTURN CRON
@ -303,19 +324,20 @@ ynh_use_logrotate /var/log/matrix-$app
# For any update do it in all files # For any update do it in all files
cp ../sources/Coturn_config_rotate.sh $final_path/ cp ../sources/Coturn_config_rotate.sh $final_path/
ynh_replace_string __APP__ $app "$final_path/Coturn_config_rotate.sh" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================
ynh_script_progression --message="Configuring SSOwat..." --weight=1
# Open access to server without a button the home # Open access to server without a button the home
# The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls". # The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls".
cp ../conf/add_sso_conf.py $final_path cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path cp ../conf/remove_sso_conf.py $final_path
python3 $final_path/add_sso_conf.py || ynh_die "Your file /etc/ssowat/conf.json.persistent don't respect the json synaxe. Please fix the synaxe to install this app. For more information see here : https://github.com/YunoHost-Apps/synapse_ynh/issues/32" python3 $final_path/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent don't respect the json synaxe. Please fix the synaxe to install this app. For more information see here : https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
#================================================= #=================================================
# SECURE FILES AND DIRECTORIES # SECURE FILES AND DIRECTORIES
@ -337,24 +359,26 @@ setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
# ADVERTISE SERVICE IN ADMIN PANEL # ADVERTISE SERVICE IN ADMIN PANEL
#================================================= #=================================================
yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log" yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log"
yunohost service add coturn-$app yunohost service add coturn-$app
#================================================= #=================================================
# RELOAD SERVICES # RELOAD SERVICES
#================================================= #=================================================
ynh_script_progression --message="Restarting synapse services..." --weight=11
systemctl restart coturn-$app.service ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_check_starting "Synapse now listening on TCP port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app" ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
#================================================= #=================================================
# SETUP FAIL2BAN # SETUP FAIL2BAN
#================================================= #=================================================
ynh_script_progression --message="Configuring fail2ban..." --weight=10
# WARNING : theses command are used in INSTALL, UPGRADE # WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files # For any update do it in all files
ynh_add_fail2ban_config -t ynh_add_fail2ban_config --use_template
#================================================= #=================================================
# SEND A README FOR THE ADMIN # SEND A README FOR THE ADMIN
@ -363,7 +387,7 @@ ynh_add_fail2ban_config -t
# WARNING : theses command are used in INSTALL, RESTORE # WARNING : theses command are used in INSTALL, RESTORE
# For any update do it in all files # For any update do it in all files
message="If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation. echo "If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
If not, you may need to put the following line in the dns configuration: If not, you may need to put the following line in the dns configuration:
@ -377,6 +401,12 @@ Your synapse server also implements a turnserver (for VoIP), to have this fully
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh
You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en" You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en" > mail_to_send
ynh_send_readme_to_admin "$message" ynh_send_readme_to_admin --app_message="mail_to_send" --type="install"
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --last

View file

@ -1,147 +0,0 @@
#=================================================
# POSTGRES HELPERS
#=================================================
# Open a connection as a user
#
# example: ynh_psql_connect_as 'user' 'pass' <<< "UPDATE ...;"
# example: ynh_psql_connect_as 'user' 'pass' < /path/to/file.sql
#
# usage: ynh_psql_connect_as user pwd [db]
# | arg: user - the user name to connect as
# | arg: pwd - the user password
# | arg: db - the database to connect to
ynh_psql_connect_as() {
user="$1"
pwd="$2"
db="$3"
su --command="PGUSER=\"${user}\" PGPASSWORD=\"${pwd}\" psql \"${db}\"" postgres
}
# # Execute a command as root user
#
# usage: ynh_psql_execute_as_root sql [db]
# | arg: sql - the SQL command to execute
# | arg: db - the database to connect to
ynh_psql_execute_as_root () {
sql="$1"
su --command="psql" postgres <<< "$sql"
}
# Execute a command from a file as root user
#
# usage: ynh_psql_execute_file_as_root file [db]
# | arg: file - the file containing SQL commands
# | arg: db - the database to connect to
ynh_psql_execute_file_as_root() {
file="$1"
db="$2"
su -c "psql $db" postgres < "$file"
}
# Create a database, an user and its password. Then store the password in the app's config
#
# After executing this helper, the password of the created database will be available in $db_pwd
# It will also be stored as "psqlpwd" into the app settings.
#
# usage: ynh_psql_setup_db user name [pwd]
# | arg: user - Owner of the database
# | arg: name - Name of the database
# | arg: pwd - Password of the database. If not given, a password will be generated
ynh_psql_setup_db () {
db_user="$1"
app="$1"
db_name="$2"
new_db_pwd=$(ynh_string_random) # Generate a random password
# If $3 is not given, use new_db_pwd instead for db_pwd.
db_pwd="${3:-$new_db_pwd}"
ynh_psql_create_db "$db_name" "$db_user" "$db_pwd" # Create the database
ynh_app_setting_set "$app" psqlpwd "$db_pwd" # Store the password in the app's config
}
# Create a database and grant optionnaly privilegies to a user
#
# usage: ynh_psql_create_db db [user [pwd]]
# | arg: db - the database name to create
# | arg: user - the user to grant privilegies
# | arg: pwd - the user password
ynh_psql_create_db() {
db="$1"
user="$2"
pwd="$3"
ynh_psql_create_user "$user" "$pwd"
su --command="createdb --owner=\"${user}\" \"${db}\"" postgres
}
# Drop a database
#
# usage: ynh_psql_drop_db db user
# | arg: db - the database name to drop
# | arg: user - the user to drop
ynh_psql_remove_db() {
db="$1"
user="$2"
su --command="dropdb \"${db}\"" postgres
ynh_psql_drop_user "${user}"
}
# Dump a database
#
# example: ynh_psql_dump_db 'roundcube' > ./dump.sql
#
# usage: ynh_psql_dump_db db
# | arg: db - the database name to dump
# | ret: the psqldump output
ynh_psql_dump_db() {
db="$1"
su --command="pg_dump \"${db}\"" postgres
}
# Create a user
#
# usage: ynh_psql_create_user user pwd [host]
# | arg: user - the user name to create
ynh_psql_create_user() {
user="$1"
pwd="$2"
su --command="psql -c\"CREATE USER ${user} WITH PASSWORD '${pwd}'\"" postgres
}
# Drop a user
#
# usage: ynh_psql_drop_user user
# | arg: user - the user name to drop
ynh_psql_drop_user() {
user="$1"
su --command="dropuser \"${user}\"" postgres
}
ynh_psql_test_if_first_run() {
if [ -f /etc/yunohost/psql ];
then
echo "PostgreSQL is already installed, no need to create master password"
else
pgsql=$(ynh_string_random)
pg_hba=""
echo "$pgsql" >> /etc/yunohost/psql
if [ -e /etc/postgresql/9.4/ ]
then
pg_hba=/etc/postgresql/9.4/main/pg_hba.conf
elif [ -e /etc/postgresql/9.6/ ]
then
pg_hba=/etc/postgresql/9.6/main/pg_hba.conf
else
ynh_die "postgresql shoud be 9.4 or 9.6"
fi
systemctl start postgresql
su --command="psql -c\"ALTER user postgres WITH PASSWORD '${pgsql}'\"" postgres
# we can't use peer since YunoHost create users with nologin
sed -i '/local\s*all\s*all\s*peer/i \
local all all password' "$pg_hba"
systemctl enable postgresql
systemctl reload postgresql
fi
}

View file

@ -6,58 +6,72 @@
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
source _common.sh
source experimental_helper.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
# Import common cmd
source ./psql.sh
source ./experimental_helper.sh
source ./_common.sh
#================================================= #=================================================
# SET ALL CONSTANT # LOAD SETTINGS
#================================================= #=================================================
ynh_script_progression --message="Loading installation settings..." --weight=3
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
#=================================================
# SET CONSTANTS
#=================================================
synapse_user="matrix-$app" synapse_user="matrix-$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app" synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version) upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
domain=$(ynh_app_setting_get $app special_domain)
final_path=$(ynh_app_setting_get $app final_path)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
#================================================= #=================================================
# STANDARD REMOVE # STANDARD REMOVE
#=================================================
# REMOVE SERVICE FROM ADMIN PANEL
#=================================================
# Remove a service from the admin panel, added by `yunohost service add`
if yunohost service status matrix-$app >/dev/null 2>&1
then
yunohost service remove matrix-$app
fi
if yunohost service status coturn-$app >/dev/null 2>&1
then
yunohost service remove coturn-$app
fi
#================================================= #=================================================
# STOP AND REMOVE SERVICE # STOP AND REMOVE SERVICE
#================================================= #=================================================
ynh_script_progression --message="Stopping and removing the systemd service" --weight=2
ynh_remove_systemd_config matrix-$app ynh_remove_systemd_config --service=matrix-$app
ynh_remove_systemd_config coturn-$app ynh_remove_systemd_config --service=coturn-$app
#================================================= #=================================================
# CLOSE A PORT # REMOVE THE POSTGRESQL DATABASE
#================================================= #=================================================
ynh_script_progression --message="Removing the PostgreSQL database" --weight=2
closeport() { # Remove a database if it exists, along with the associated user
local port=$1 ynh_psql_remove_db --db_user=$synapse_db_name --db_name=$synapse_db_user
if yunohost firewall list | grep -q "\- $port$"
then
echo "Close port $port"
yunohost firewall disallow Both $port > /dev/null
fi
}
closeport $synapse_tls_port #=================================================
closeport $turnserver_tls_port # REMOVE DEPENDENCIES
closeport $turnserver_alt_tls_port #=================================================
ynh_script_progression --message="Removing dependencies" --weight=15
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
@ -67,55 +81,70 @@ closeport $turnserver_alt_tls_port
python3 $final_path/remove_sso_conf.py python3 $final_path/remove_sso_conf.py
#================================================= #=================================================
# REMOVE DEPENDENCIES # REMOVE APP MAIN DIR
#================================================= #=================================================
ynh_script_progression --message="Removing app main directory" --weight=2
ynh_remove_app_dependencies ynh_secure_remove --file=$final_path
ynh_secure_remove --file=/var/lib/matrix-$app
#================================================= ynh_secure_remove --file=/var/log/matrix-$app
# REMOVE APP DIR ynh_secure_remove --file=/etc/matrix-$app
#================================================= ynh_secure_remove --file=/etc/default/matrix-$app
ynh_secure_remove --file=/etc/default/coturn-$app
ynh_secure_remove $final_path
ynh_secure_remove /var/lib/matrix-$app
ynh_secure_remove /var/log/matrix-$app
ynh_secure_remove /etc/matrix-$app
ynh_secure_remove /etc/default/matrix-$app
ynh_secure_remove /etc/default/coturn-$app
#================================================= #=================================================
# REMOVE NGINX CONFIGURATION # REMOVE NGINX CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Removing nginx web server configuration" --weight=2
# Remove the dedicated nginx config
ynh_remove_nginx_config ynh_remove_nginx_config
#=================================================
# REMOVE THE POSTGRESQL DATABASE
#=================================================
ynh_psql_remove_db $synapse_db_name $synapse_db_user
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_system_user_delete $synapse_user
#=================================================
# REMOVE FAIL2BAN CONFIG
#=================================================
ynh_remove_fail2ban_config $synapse_user
#================================================= #=================================================
# REMOVE LOGROTATE CONFIGURATION # REMOVE LOGROTATE CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Removing logrotate configuration" --weight=1
# Remove the app-specific logrotate config
ynh_remove_logrotate ynh_remove_logrotate
#================================================= #=================================================
# REMOVE SERVICE FROM ADMIN PANEL # CLOSE A PORT
#================================================= #=================================================
yunohost service remove matrix-$app closeport() {
yunohost service remove coturn-$app local port=$1
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $port"
ynh_exec_warn_less yunohost firewall disallow Both $port
fi
}
closeport $synapse_tls_port
closeport $turnserver_tls_port
closeport $turnserver_alt_tls_port
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Removing fail2ban configuration..." --weight=8
# Remove the dedicated fail2ban config
ynh_remove_fail2ban_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user" --weight=1
# Delete a system user
ynh_system_user_delete --username=$synapse_user
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Removal of $app completed" --last

View file

@ -6,95 +6,180 @@
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source ../settings/scripts/experimental_helper.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
# Stop script if errors #=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
# Clean installation remainings that are not handled by the remove script.
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors ynh_abort_if_errors
# Import common cmd #=================================================
source ../settings/scripts/psql.sh # LOAD SETTINGS
source ../settings/scripts/experimental_helper.sh #=================================================
source ../settings/scripts/_common.sh ynh_script_progression --message="Loading settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
path_url=$(ynh_app_setting_get --app=$app --key=special_path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
#================================================= #=================================================
# SET ALL CONSTANT # SET ALL CONSTANT
#================================================= #=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app" synapse_user="matrix-$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app" synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version) upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
domain=$(ynh_app_setting_get $app special_domain)
path_url=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
#================================================= #=================================================
# CHECK IF THE APP CAN BE RESTORED # CHECK IF THE APP CAN BE RESTORED
#================================================= #=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=2
ynh_webpath_available $domain $path_url || ynh_die "$domain/$path_url is not available, please use an other domain." ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die --message="Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#================================================= #=================================================
# STANDARD RESTORATION STEPS # STANDARD RESTORATION STEPS
#================================================= #=================================================
# RESTORE ALL FILES # RESTORE THE NGINX CONFIGURATION
#================================================= #=================================================
# Restore all config and data ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..."
ynh_restore_file --origin_path="$final_path"
#=================================================
# RESTORE SYNAPSE LOG
#=================================================
ynh_script_progression --message="Restoring synapse log..."
ynh_restore_file --origin_path="/var/log/matrix-$app"
#=================================================
# RESTORE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the fail2ban configuration..." --weight=6
ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
ynh_systemd_action --action=restart --service_name=fail2ban
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=70
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
ynh_install_app_dependencies $dependances
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$synapse_user --home_dir=/var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
#=================================================
# RESTORE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13
ynh_psql_test_if_first_run
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
--sql="CREATE DATABASE $synapse_db_name
ENCODING 'UTF8'
LC_COLLATE='C'
LC_CTYPE='C'
template=template0
OWNER $synapse_db_user;"
ynh_psql_execute_file_as_root --file="${YNH_CWD}/dump.sql" --database="$synapse_db_name"
#=================================================
# RESTORE SYSTEMD
#=================================================
ynh_script_progression --message="Restoring the systemd configuration..." --weight=2
ynh_restore_file --origin_path="/etc/default/matrix-$app"
ynh_restore_file --origin_path="/etc/systemd/system/matrix-$app.service"
ynh_restore_file --origin_path="/etc/default/coturn-$app"
ynh_restore_file --origin_path="/etc/systemd/system/coturn-$app.service"
# systemctl daemon-reload
systemctl enable matrix-$app.service
systemctl enable coturn-$app.service
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log"
yunohost service add coturn-$app
#================================================= #=================================================
# CREATE A DH FILE # CREATE A DH FILE
#================================================= #=================================================
ynh_script_progression --message="Creating a dh file..." --weight=40
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE # WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files # For any update do it in all files
# Make dh cert for synapse if it doesn't exist # Make dh cert for synapse if it doesn't exist
if [[ ! -e /etc/ssl/private/dh2048.pem ]] if [ ! -e /etc/ssl/private/dh2048.pem ]
then then
openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam 2> /dev/null ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
chown root:ssl-cert /etc/ssl/private/dh2048.pem chown root:ssl-cert /etc/ssl/private/dh2048.pem
chmod 640 /etc/ssl/private/dh2048.pem chmod 640 /etc/ssl/private/dh2048.pem
fi fi
#================================================= #=================================================
# REINSTALL DEPENDENCIES # RESTORE SYNAPSE CONFIG
#================================================= #=================================================
ynh_script_progression --message="Restoring synapse configuration..."
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE ynh_restore_file --origin_path="/etc/matrix-$app"
# For any update do it in all files
ynh_install_app_dependencies $dependances
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_system_user_create $synapse_user /var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
#================================================= #=================================================
# RECONFIGURE THE TURNSERVER # RECONFIGURE THE TURNSERVER
#================================================= #=================================================
ynh_script_progression --message="Reconfiguring coturn..." --weight=23
# To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config # To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config
# Retrieve specific settings # Retrieve specific settings
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port) turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd) turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
cli_port=$(ynh_app_setting_get $app cli_port) cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
# WARNING : these commands are used in INSTALL, UPGRADE # WARNING : these commands are used in INSTALL, UPGRADE
# For any update do it in all files # For any update do it in all files
@ -103,81 +188,66 @@ coturn_config_path="/etc/matrix-$app/coturn.conf"
cp ../settings/conf/turnserver.conf "$coturn_config_path" cp ../settings/conf/turnserver.conf "$coturn_config_path"
ynh_replace_string __APP__ $app "$coturn_config_path" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path" ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path" ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path" ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path" ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path" ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
# Get public IP and set as external IP for coturn # Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true public_ip6="$(curl ipv6.yunohost.org)" || true
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4" if [[ -n "$public_ip4" ]] && ynh_validate_ip4 --ip_address="$public_ip4"
then then
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path" ynh_replace_string --match_string='__IPV4__' --replace_string="$public_ip4" --target_file="$coturn_config_path"
else else
ynh_replace_string '__IPV4__,' "" "$coturn_config_path" ynh_replace_string --match_string='__IPV4__,' --replace_string="" --target_file="$coturn_config_path"
fi fi
if [[ -n "$public_ip6" ]] && ynh_valide_ip6 "$public_ip6" if [[ -n "$public_ip6" ]] && ynh_valide_ip6 --ip_address="$public_ip6"
then then
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path" ynh_replace_string --match_string='__IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config_path"
else else
ynh_replace_string ',__IPV6__' "" "$coturn_config_path" ynh_replace_string --match_string=',__IPV6__' --replace_string="" --target_file="$coturn_config_path"
fi fi
ynh_store_file_checksum "$coturn_config_path" ynh_store_file_checksum --file="$coturn_config_path"
#=================================================
# SPECIFIC RESTORATION
#================================================= #=================================================
# OPEN THE PORT # OPEN THE PORT
#================================================= #=================================================
# Ouvre le port dans le firewall # Ouvre le port dans le firewall
yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1 ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port
yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1 ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================
ynh_script_progression --message="Configuring SSOwat..."
# Open access to server without a button the home # Open access to server without a button the home
# The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls". # The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls".
python3 $final_path/add_sso_conf.py || ynh_die "Your file /etc/ssowat/conf.json.persistent don't respect the json synaxe. Please fix the synaxe to install this app. For more information see here : https://github.com/YunoHost-Apps/synapse_ynh/issues/32" python3 $final_path/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent don't respect the json synaxe. Please fix the synaxe to install this app. For more information see here : https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
#=================================================
# RESTORE THE POSTGRESQL DATABASE
#=================================================
ynh_psql_test_if_first_run
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name
ENCODING 'UTF8'
LC_COLLATE='C'
LC_CTYPE='C'
template=template0
OWNER $synapse_db_user;"
ynh_psql_execute_file_as_root "${YNH_CWD}/dump.sql" "$synapse_db_name"
#=================================================
# RESTORE SYSTEMD
#=================================================
systemctl daemon-reload
systemctl enable matrix-$app.service
#================================================= #=================================================
# SETUP LOGROTATE # SETUP LOGROTATE
#================================================= #=================================================
ynh_script_progression --message="Configuring log rotation..."
ynh_use_logrotate /var/log/matrix-$app ynh_use_logrotate /var/log/matrix-$app
#=================================================
# RESTORE SYNAPSE DATA
#=================================================
ynh_script_progression --message="Restoring synapse data..."
ynh_restore_file --origin_path="/var/lib/matrix-$app"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
@ -196,26 +266,13 @@ chmod 600 /etc/matrix-$app/$domain.signing.key
setfacl -R -m user:turnserver:rX /etc/matrix-$app setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log"
yunohost service add coturn-$app
#================================================= #=================================================
# RELOAD NGINX, SYNAPSE AND COTURN # RELOAD NGINX, SYNAPSE AND COTURN
#================================================= #=================================================
ynh_script_progression --message="Restarting synapse services..." --weight=7
systemctl reload nginx.service ynh_systemd_action --service_name=coturn-$app.service --action=restart
systemctl restart coturn-$app.service ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
ynh_check_starting "Synapse now listening on TCP port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"
#=================================================
# SETUP FAIL2BAN
#=================================================
systemctl try-reload-or-restart fail2ban
#================================================= #=================================================
# SEND A README FOR THE ADMIN # SEND A README FOR THE ADMIN
@ -224,7 +281,7 @@ systemctl try-reload-or-restart fail2ban
# WARNING : theses command are used in INSTALL, RESTORE # WARNING : theses command are used in INSTALL, RESTORE
# For any update do it in all files # For any update do it in all files
message="To federate this app you need to add this line in your DNS configuration: echo "To federate this app you need to add this line in your DNS configuration:
_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain. _matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain.
@ -232,6 +289,21 @@ You also need to open the TCP port $synapse_tls_port on your ISP box if it's not
Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh . Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" > mail_to_send
ynh_send_readme_to_admin "$message" ynh_send_readme_to_admin --app_message="mail_to_send" --type="restore"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --last

View file

@ -6,77 +6,87 @@
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
source _common.sh
source experimental_helper.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
# Stop script if errors #=================================================
ynh_abort_if_errors # LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=3
# Import common cmd app=$YNH_APP_INSTANCE_NAME
source ./psql.sh
source ./experimental_helper.sh domain=$(ynh_app_setting_get --app=$app --key=special_domain)
source ./_common.sh path_url=$(ynh_app_setting_get --app=$app --key=special_path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
port=$(ynh_app_setting_get --app=$app --key=synapse_port)
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
#================================================= #=================================================
# SET ALL CONSTANT # SET ALL CONSTANT
#================================================= #=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app" synapse_user="matrix-$app"
synapse_db_name="matrix_$app" synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app" synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version) upstream_version=$(ynh_app_upstream_version)
#================================================= #=================================================
# LOAD SETTINGS # CHECK VERSION
#================================================= #=================================================
domain=$(ynh_app_setting_get $app special_domain) upgrade_type=$(ynh_check_app_version_changed)
path_url=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
synapse_old_version=$(ynh_app_setting_get $app synapse_version)
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
is_public=$(ynh_app_setting_get $app is_public)
port=$(ynh_app_setting_get $app synapse_port)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
cli_port=$(ynh_app_setting_get $app cli_port)
registration_shared_secret=$(ynh_app_setting_get $app registration_shared_secret)
form_secret=$(ynh_app_setting_get $app form_secret)
report_stats=$(ynh_app_setting_get $app report_stats)
#================================================= #=================================================
# ENSURE DOWNWARD COMPATIBILITY # ENSURE DOWNWARD COMPATIBILITY
#================================================= #=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
# Following the discussion here https://github.com/YunoHost-Apps/synapse_ynh/pull/51 we decided to remove definitely the support of the old package migration. # Following the discussion here https://github.com/YunoHost-Apps/synapse_ynh/pull/51 we decided to remove definitely the support of the old package migration.
if [[ -z $synapse_old_version ]] if [ -z "$synapse_old_version" ]
then then
ynh_die "Update from this synapse version is not available. You need to remove this package and reinstall the new package version." ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version."
fi fi
#================================================= #=================================================
# BACKUP BEFORE UPGRADE # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#================================================= #=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30
# We stop the service before to set ynh_clean_setup # We stop the service before to set ynh_clean_setup
systemctl stop matrix-$app.service ynh_systemd_action --service_name=matrix-$app.service --action=stop
# Backup the current version of the app # Backup the current version of the app
if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]] if [ "$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade)" != '1' ]
then then
ynh_backup_before_upgrade ynh_backup_before_upgrade
ynh_clean_setup () { ynh_clean_setup () {
# Clean installation remainings that are not handled by the remove script.
ynh_clean_check_starting
ynh_restore_upgradebackup ynh_restore_upgradebackup
} }
fi fi
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#================================================= #=================================================
# STANDARD UPGRADE STEPS # STANDARD UPGRADE STEPS
#================================================= #=================================================
# INSTALL DEPENDENCIES # INSTALL DEPENDENCIES
#================================================= #=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=6
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE # WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files # For any update do it in all files
@ -86,41 +96,48 @@ ynh_install_app_dependencies $dependances
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
# Install/upgrade synapse in virtualenv if [ "$upgrade_type" == "UPGRADE_APP" ]
# Clean venv is it was on python2.7
test -e $final_path/bin/python3 || ynh_secure_remove $final_path
# WARNING : these commands are used in INSTALL, UPGRADE
# For any update do it in all files
if [ -n "$(uname -m | grep arm)" ]
then then
ynh_setup_source $final_path/ "armv7_$(lsb_release --codename --short)" ynh_script_progression --message="Upgrading source files..." --weight=6
else
# Install virtualenv if it don't exist
test -e $final_path/bin/python3 || python3 -m venv $final_path
# Install synapse in virtualenv # Install/upgrade synapse in virtualenv
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
# We set all necessary environement variable to create a python virtualenvironnement. # Clean venv is it was on python2.7
source $final_path/bin/activate test -e $final_path/bin/python3 || ynh_secure_remove --file=$final_path
pip3 install --upgrade setuptools wheel
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml
pip3 install --upgrade matrix-synapse==$upstream_version matrix-synapse-ldap3
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does # WARNING : these commands are used in INSTALL, UPGRADE
deactivate # For any update do it in all files
if [ -n "$(uname -m | grep arm)" ]
then
ynh_setup_source --dest_dir=$final_path/ --source_id="armv7_$(lsb_release --codename --short)"
else
# Install virtualenv if it don't exist
test -e $final_path/bin/python3 || python3 -m venv $final_path
# Install synapse in virtualenv
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string --match_string=__FINAL_PATH__ --replace_string=$final_path --target_file=$final_path/bin/activate
# We set all necessary environement variable to create a python virtualenvironnement.
source $final_path/bin/activate
pip3 install --upgrade setuptools wheel
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml
pip3 install --upgrade matrix-synapse==$upstream_version matrix-synapse-ldap3
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does
deactivate
fi
fi fi
#================================================= #=================================================
# MIGRATION 1 : GENERATE SYNAPSE SECRET # MIGRATION 1 : GENERATE SYNAPSE SECRET
#================================================= #=================================================
if [[ -z "$registration_shared_secret" ]] if [ -z "$registration_shared_secret" ]
then then
ynh_script_progression --message="Generating synapse secret..." --weight=1
# Go in virtualenvironnement # Go in virtualenvironnement
PS1=${PS1:-} PS1=${PS1:-}
source $final_path/bin/activate source $final_path/bin/activate
@ -136,55 +153,57 @@ then
form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f1) form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f1)
# store in yunohost settings # store in yunohost settings
ynh_app_setting_set $app registration_shared_secret "$registration_shared_secret" ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
ynh_app_setting_set $app form_secret "$form_secret" ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
fi fi
#================================================= #=================================================
# UPDATE SYNAPSE CONFIG # UPDATE SYNAPSE CONFIG
#================================================= #=================================================
ynh_script_progression --message="Updating synapse config..." --weight=2
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG # WARNING : theses command are used in INSTALL, UPGRADE, CONFIG
# For any update do it in all files # For any update do it in all files
homeserver_config_path="/etc/matrix-$app/homeserver.yaml" homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
ynh_backup_if_checksum_is_different "$homeserver_config_path" ynh_backup_if_checksum_is_different --file="$homeserver_config_path"
ynh_backup_if_checksum_is_different /etc/matrix-$app/log.yaml ynh_backup_if_checksum_is_different --file=/etc/matrix-$app/log.yaml
cp ../conf/homeserver.yaml "$homeserver_config_path" cp ../conf/homeserver.yaml "$homeserver_config_path"
cp ../conf/log.yaml /etc/matrix-$app/log.yaml cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string __APP__ $app "$homeserver_config_path" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$homeserver_config_path"
ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path" ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path" ynh_replace_string --match_string=__SYNAPSE_DB_USER__ --replace_string=$synapse_db_user --target_file="$homeserver_config_path"
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path" ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
ynh_replace_string __PORT__ $port "$homeserver_config_path" ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file="$homeserver_config_path"
ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path" ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path"
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path" ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path"
ynh_replace_special_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path" ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path"
ynh_replace_special_string __REGISTRATION_SECRET__ "$registration_shared_secret" "$homeserver_config_path" ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path"
ynh_replace_string __FORM_SECRET__ "$form_secret" "$homeserver_config_path" ynh_replace_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
ynh_replace_string __REPORT_STATS__ "$report_stats" "$homeserver_config_path" ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path"
ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml"
if [ "$is_public" = "0" ] if [ "$is_public" = "0" ]
then then
ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path" ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=False --target_file="$homeserver_config_path"
else else
ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path" ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=True --target_file="$homeserver_config_path"
fi fi
ynh_store_file_checksum "$homeserver_config_path" ynh_store_file_checksum --file="$homeserver_config_path"
ynh_store_file_checksum "/etc/matrix-$app/log.yaml" ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml"
#================================================= #=================================================
# MIGRATION 2 : MULTINSTANCE SUPPORT # MIGRATION 2 : MULTINSTANCE SUPPORT
#================================================= #=================================================
if [[ ! -e /etc/matrix-$app/coturn.conf ]] if [ ! -e /etc/matrix-$app/coturn.conf ]
then then
ynh_script_progression --message="Creating an independant service for coturn..." --weight=1
#================================================= #=================================================
# CREATE AN INDEPENDANT SERVICE FOR COTURN # CREATE AN INDEPENDANT SERVICE FOR COTURN
@ -195,14 +214,14 @@ then
# Set by default the system config for coturn # Set by default the system config for coturn
echo "" > /etc/turnserver.conf echo "" > /etc/turnserver.conf
ynh_replace_string "TURNSERVER_ENABLED=1" "TURNSERVER_ENABLED=0" /etc/default/coturn ynh_replace_string --match_string="TURNSERVER_ENABLED=1" --replace_string="TURNSERVER_ENABLED=0" --target_file=/etc/default/coturn
# Set a port for each service in turnserver # Set a port for each service in turnserver
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1))) turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766) cli_port=$(ynh_find_port --port=5766)
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
ynh_app_setting_set $app cli_port $cli_port ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
@ -218,8 +237,10 @@ fi
#================================================= #=================================================
# Fix issue about certificates access # Fix issue about certificates access
if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]] if [ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]
then then
ynh_script_progression --message="Use standard access for certificate..." --weight=1
adduser $synapse_user ssl-cert adduser $synapse_user ssl-cert
adduser turnserver ssl-cert adduser turnserver ssl-cert
fi fi
@ -232,8 +253,10 @@ fi
# For any update do it in all files # For any update do it in all files
# Make dh cert for synapse if it doesn't exist # Make dh cert for synapse if it doesn't exist
if [[ ! -e /etc/ssl/private/dh2048.pem ]] if [ ! -e /etc/ssl/private/dh2048.pem ]
then then
ynh_script_progression --message="Creating a dh file..." --weight=1
openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam 2> /dev/null openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam 2> /dev/null
chown root:ssl-cert /etc/ssl/private/dh2048.pem chown root:ssl-cert /etc/ssl/private/dh2048.pem
chmod 640 /etc/ssl/private/dh2048.pem chmod 640 /etc/ssl/private/dh2048.pem
@ -244,12 +267,17 @@ fi
#================================================= #=================================================
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=2
# Create a dedicated nginx config
ynh_add_nginx_config ynh_add_nginx_config
#=================================================
# SPECIFIC UPGRADE
#================================================= #=================================================
# UPDATE COTURN CONFIG # UPDATE COTURN CONFIG
#================================================= #=================================================
ynh_script_progression --message="Updating coturn config..." --weight=1
# WARNING : theses command are used in INSTALL, UPGRADE # WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files # For any update do it in all files
@ -258,33 +286,33 @@ coturn_config_path="/etc/matrix-$app/coturn.conf"
cp ../conf/turnserver.conf "$coturn_config_path" cp ../conf/turnserver.conf "$coturn_config_path"
ynh_replace_string __APP__ $app "$coturn_config_path" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path" ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path" ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path" ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path" ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path" ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
# Get public IP and set as external IP for coturn # Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true public_ip6="$(curl ipv6.yunohost.org)" || true
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4" if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then then
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path" ynh_replace_string --match_string='__IPV4__' --replace_string="$public_ip4" --target_file="$coturn_config_path"
else else
ynh_replace_string '__IPV4__,' "" "$coturn_config_path" ynh_replace_string --match_string='__IPV4__,' --replace_string="" --target_file="$coturn_config_path"
fi fi
if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6" if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then then
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path" ynh_replace_string --match_string='__IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config_path"
else else
ynh_replace_string ',__IPV6__' "" "$coturn_config_path" ynh_replace_string --match_string=',__IPV6__' --replace_string="" --target_file="$coturn_config_path"
fi fi
ynh_store_file_checksum "$coturn_config_path" ynh_store_file_checksum --file="$coturn_config_path"
#================================================= #=================================================
# ADD SCRIPT FOR COTURN CRON # ADD SCRIPT FOR COTURN CRON
@ -294,27 +322,29 @@ ynh_store_file_checksum "$coturn_config_path"
# For any update do it in all files # For any update do it in all files
cp ../sources/Coturn_config_rotate.sh $final_path/ cp ../sources/Coturn_config_rotate.sh $final_path/
ynh_replace_string __APP__ $app "$final_path/Coturn_config_rotate.sh" ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
#================================================= #=================================================
# UPDATE SYSTEMD # UPDATE SYSTEMD
#================================================= #=================================================
ynh_script_progression --message="Upgrading systemd configuration..." --weight=3
# Create systemd service for synapse and turnserver # Create systemd service for synapse and turnserver
cp ../conf/default_matrix-synapse /etc/default/matrix-$app cp ../conf/default_matrix-synapse /etc/default/matrix-$app
ynh_add_systemd_config matrix-$app matrix-synapse.service ynh_add_systemd_config --service=matrix-$app --template=matrix-synapse.service
cp ../conf/default_coturn /etc/default/coturn-$app cp ../conf/default_coturn /etc/default/coturn-$app
ynh_add_systemd_config coturn-$app coturn-synapse.service ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service
#================================================= #=================================================
# SETUP FAIL2BAN # UPGRADE FAIL2BAN
#================================================= #=================================================
ynh_script_progression --message="Reconfiguring fail2ban..." --weight=8
# WARNING : theses command are used in INSTALL, UPGRADE # WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files # For any update do it in all files
ynh_add_fail2ban_config -t ynh_add_fail2ban_config --use_template
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
@ -338,11 +368,18 @@ setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
# UPDATE VERSION SETTINGS # UPDATE VERSION SETTINGS
#================================================= #=================================================
ynh_app_setting_set $app synapse_version $upstream_version ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
#================================================= #=================================================
# RELOAD SERVICES # RELOAD SERVICES
#================================================= #=================================================
ynh_script_progression --message="Restarting synapse services..." --weight=5
systemctl restart coturn-$app.service ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_check_starting "Synapse now listening on TCP port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app" ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last