diff --git a/README.md b/README.md index d5f21bc..e98cfd0 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ for example ``` _matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. ``` -You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` +You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls` For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md @@ -66,8 +66,8 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: ``` -yunohost app setting synapse turnserver_tls_port -yunohost app setting synapse turnserver_alt_tls_port +yunohost app setting synapse port_turnserver_tls +yunohost app setting synapse port_turnserver_alt_tls ``` The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. @@ -162,12 +162,6 @@ Then, to log in the API with your credentials, you need to set your user as admi ### Upgrade -By default a backup is made before the upgrade. If for some reason you want to upgrade without backup: -- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` -- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line: - -`yunohost app setting synapse backup_before_upgrade -v 0` - After this settings will be applied for **all** next upgrade. From command line: @@ -201,7 +195,7 @@ Use the `--purge` flag with the command, or remove it manually to purge app user To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: ``` -yunohost app setting synapse__ synapse_tls_port +yunohost app setting synapse__ port_synapse_tls ``` Before installing a second instance of the app it's really recommended to update all existing instances. diff --git a/README_fr.md b/README_fr.md index 9119a82..603424f 100644 --- a/README_fr.md +++ b/README_fr.md @@ -52,7 +52,7 @@ for example ``` _matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. ``` -You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` +You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls` For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md @@ -66,8 +66,8 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: ``` -yunohost app setting synapse turnserver_tls_port -yunohost app setting synapse turnserver_alt_tls_port +yunohost app setting synapse port_turnserver_tls +yunohost app setting synapse port_turnserver_alt_tls ``` The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. @@ -162,12 +162,6 @@ Then, to log in the API with your credentials, you need to set your user as admi ### Upgrade -By default a backup is made before the upgrade. If for some reason you want to upgrade without backup: -- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` -- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line: - -`yunohost app setting synapse backup_before_upgrade -v 0` - After this settings will be applied for **all** next upgrade. From command line: @@ -201,7 +195,7 @@ Use the `--purge` flag with the command, or remove it manually to purge app user To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: ``` -yunohost app setting synapse__ synapse_tls_port +yunohost app setting synapse__ port_synapse_tls ``` Before installing a second instance of the app it's really recommended to update all existing instances. @@ -224,4 +218,4 @@ ou sudo yunohost app upgrade synapse -u https://github.com/YunoHost-Apps/synapse_ynh/tree/testing --debug ``` -**Plus d’infos sur le packaging d’applications :** \ No newline at end of file +**Plus d’infos sur le packaging d’applications :** diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index ed4b65e..8834e73 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -285,7 +285,7 @@ listeners: # will also need to give Synapse a TLS key and certificate: see the TLS section # below.) # - - port: __SYNAPSE_TLS_PORT__ + - port: __PORT_SYNAPSE_TLS__ type: http tls: true resources: @@ -297,7 +297,7 @@ listeners: # If you plan to use a reverse proxy, please see # https://matrix-org.github.io/synapse/latest/reverse_proxy.html. # - - port: __PORT__ + - port: __PORT_SYNAPSE__ tls: false type: http x_forwarded: true @@ -801,9 +801,9 @@ database: name: psycopg2 #txn_limit: 10000 args: - user: __SYNAPSE_DB_USER__ - password: __SYNAPSE_DB_PWD__ - database: __SYNAPSE_DB_NAME__ + user: __DB_USER__ + password: __DB_PWD__ + database: __DB_NAME__ host: localhost port: 5432 cp_min: 5 @@ -1178,7 +1178,7 @@ oembed: # The public URIs of the TURN server to give to clients # -turn_uris: [ "turn:__DOMAIN__:__TURNSERVER_TLS_PORT__?transport=udp", "turn:__DOMAIN__:__TURNSERVER_TLS_PORT__?transport=tcp" ] +turn_uris: [ "turn:__DOMAIN__:__PORT_TURNSERVER_TLS__?transport=udp", "turn:__DOMAIN__:__PORT_TURNSERVER_TLS__?transport=tcp" ] # The shared secret used to compute passwords for the TURN server # @@ -1271,9 +1271,7 @@ enable_registration: __ENABLE_REGISTRATION__ # The user must provide all of the below types of 3PID when registering. # -registrations_require_3pid: - - email -# - msisdn +_REGISTRATION_REQUIRE_3PID_SED_PARAM_ # Explicitly disable asking for MSISDNs from the registration # flow (overrides registrations_require_3pid if MSISDNs are set as required) @@ -1283,6 +1281,7 @@ disable_msisdn_registration: __DISABLE_MSISDN_REGISTRATION__ # Mandate that users are only allowed to associate certain formats of # 3PIDs with accounts on this server. # +_ALLOWD_LOCAL_3PIDS_SED_PARAM_ #allowed_local_3pids: # - medium: email # pattern: '^[^@]+@vector\.im$' @@ -1356,9 +1355,9 @@ default_identity_server: __DEFAULT_IDENTITY_SERVER__ # by the Matrix Identity Service API specification: # https://matrix.org/docs/spec/identity_service/latest # -# As email delegates is managed by the synapse server itself this email section is +# As email delegates is managed by the synapse server itself this email section is # not necessary but msisdn format is still composed by msisdn: on a new line -account_threepid_delegates: +account_threepid_delegates: msisdn: __ACCOUNT_THREEPID_DELEGATES_MSISDN__ #email: https://example.com # Delegate email sending to example.com #msisdn: http://localhost:8090 # Delegate SMS sending to this local process @@ -1395,8 +1394,7 @@ account_threepid_delegates: # If the room already exists, make certain it is a publicly joinable # room. The join rule of the room must be set to 'public'. # -auto_join_rooms: - - "#example:example.com" +_AUTO_JOIN_ROOMS_SED_PARAM_ # Where auto_join_rooms are specified, setting this flag ensures that the # the rooms exist by creating them when the first user on the @@ -2089,7 +2087,7 @@ sso: # By default, this list contains only the login fallback page. # client_whitelist: -__DOMAIN_WHITELIST_CLIENT__ +_DOMAIN_WHITELIST_CLIENT_ # Uncomment to keep a user's profile fields in sync with information from # the identity provider. Currently only syncing the displayname is @@ -2247,12 +2245,12 @@ password_providers: uid: "uid" mail: "mail" name: "givenName" - bind_dn: "uid=__SYNAPSE_USER_APP__,ou=users,dc=yunohost,dc=org" - bind_password: __SYNAPSE_USER_APP_PWD__ + # bind_dn: "uid=_SYNAPSE_USER_APP_,ou=users,dc=yunohost,dc=org" + # bind_password: _SYNAPSE_USER_APP_PWD_ filter: "(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))" - + # Configuration for sending emails from Synapse. # # Server admins can configure custom templates for email content. See @@ -2270,8 +2268,8 @@ email: # Username/password for authentication to the SMTP server. By default, no # authentication is attempted. # - smtp_user: __SYNAPSE_USER_APP__ - smtp_pass: __SYNAPSE_USER_APP_PWD__ + # smtp_user: _SYNAPSE_USER_APP_ + # smtp_pass: _SYNAPSE_USER_APP_PWD_ # Uncomment the following to require TLS transport security for SMTP. # By default, Synapse will connect over plain text, and will then switch to @@ -2298,7 +2296,7 @@ email: # Note that the placeholder must be written '%(app)s', including the # trailing 's'. # - notif_from: "Your Friendly %(app)s Home Server <__SYNAPSE_USER_APP__@__DOMAIN__>" + notif_from: "Your Friendly %(app)s Home Server <__APP__@__DOMAIN__>" # app_name defines the default value for '%(app)s' in notif_from and email # subjects. It defaults to 'Matrix'. diff --git a/conf/nginx.conf b/conf/nginx.conf index 8957d4a..6a141fc 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,10 +1,10 @@ location __PATH__/ { - proxy_pass http://localhost:__PORT__; + proxy_pass http://localhost:__PORT_SYNAPSE__; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; - client_max_body_size 100M; + client_max_body_size __MAX_UPLOAD_SIZE__; # Use the specific path for the php file. It's more secure than global php path location __PATH__/cas_server.php { @@ -20,7 +20,7 @@ location __PATH__/ { location /_synapse/ { - proxy_pass http://localhost:__PORT__; + proxy_pass http://localhost:__PORT_SYNAPSE__; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; diff --git a/conf/server_name.conf b/conf/server_name.conf index 4cb77de..54f48ff 100644 --- a/conf/server_name.conf +++ b/conf/server_name.conf @@ -1,5 +1,5 @@ location /.well-known/matrix/server { - return 200 '{"m.server": "__DOMAIN__:__SYNAPSE_TLS_PORT__"}'; + return 200 '{"m.server": "__DOMAIN__:__PORT_SYNAPSE_TLS__"}'; add_header Content-Type application/json; add_header Access-Control-Allow-Origin '*'; } @@ -8,7 +8,7 @@ location /.well-known/matrix/client { return 200 '{ "m.homeserver": { "base_url": "https://__DOMAIN__" }, "im.vector.riot.jitsi": {"preferredDomain": "__JITSI_SERVER__"}, - "im.vector.riot.e2ee": {"default": __E2E_ENABLED_BY_DEFAULT__ } + "im.vector.riot.e2ee": {"default": __E2E_ENABLED_BY_DEFAULT_CLIENT_CONFIG__ } }'; add_header Content-Type application/json; add_header Access-Control-Allow-Origin '*'; diff --git a/conf/turnserver.conf b/conf/turnserver.conf index 4d4494a..746f234 100644 --- a/conf/turnserver.conf +++ b/conf/turnserver.conf @@ -3,11 +3,11 @@ use-auth-secret static-auth-secret=__TURNSERVER_PWD__ realm=__DOMAIN__ -tls-listening-port=__TURNSERVER_TLS_PORT__ -alt-tls-listening-port=__TURNSERVER_ALT_TLS_PORT__ +tls-listening-port=__PORT_TURNSERVER_TLS__ +alt-tls-listening-port=__PORT_TURNSERVER_ALT_TLS__ min-port=49153 max-port=49193 -cli-port=__CLI_PORT__ +cli-port=__PORT_CLI__ cert=/etc/yunohost/certs/__DOMAIN__/crt.pem pkey=/etc/yunohost/certs/__DOMAIN__/key.pem @@ -26,4 +26,4 @@ log-file=/var/log/matrix-__APP__/turnserver.log pidfile=/run/coturn-__APP__/turnserver.pid simple-log -__TURN_EXTERNAL_IP__ +_TURN_EXTERNAL_IP_ diff --git a/config_panel.toml b/config_panel.toml index 28c208f..227e995 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -13,7 +13,6 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Defaults to 'false'. If 'true', it is highly recommended to use either captcha, email, or token-based verification to avoid SPAM." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [main.welcome.password_enabled] ask = "Enable Password Login?" @@ -21,14 +20,13 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "If disabled, Login with Non-YunoHost Users impossible. But it simplies Login process if your Matrix server only has YunoHost SSO Users." - bind = "password_config>enabled:/etc/matrix-__APP__/homeserver.yaml" visible = "! enable_registration" [main.welcome.registrations_require_3pid] ask = "Registration requires all following 3PID personal identifier." type = "select" choices = ["none","email", "msisdn", "email&msisdn"] - help = "! Warning msisdn (Phone number) registration require a third party service which send confirmation token by SMS.\n Do not select any option including msisdn if you don't know what to do. And don't user email nor msisdn if you don't understand privacy flow\nDefaults to: 'none'." + help = "! Warning msisdn (Phone number) registration require a third party service which send confirmation token by SMS.\nDo not select any option including msisdn if you don't know what to do. And don't user email nor msisdn if you don't understand privacy flow\nDefaults to: 'none'." visible = "enable_registration" [main.welcome.allowed_local_3pids_email] @@ -49,28 +47,25 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Overrides 3PID settings if MSISDNs are set as required." - bind = ":/etc/matrix-__APP__/homeserver.yaml" visible = "enable_registration" [main.welcome.account_threepid_delegates_msisdn] ask = "Specify a third party server to send confirmation code by SMS." type = "string" help = "That should be an URL with port or API." - bind = "account_threepid_delegates>msisdn:/etc/matrix-__APP__/homeserver.yaml" visible = 'enable_registration && (registrations_require_3pid == "email&msisdn" || registrations_require_3pid == "msisdn")' - + [main.welcome.auto_join_rooms] ask = "Auto Join new Users in following Rooms:" type = "tags" - help = "( e.g. \\\\#example:example.com ) Note that \\\\# will write # in homeserver.yaml. Users who register on this homeserver will automatically be joined to these rooms. If the room already exists, the join rule must be set to 'public'. See also next setting." - + help = "( e.g. #example:example.com ) Users who register on this homeserver will automatically be joined to these rooms. If the room already exists, the join rule must be set to 'public'. See also next setting." + [main.welcome.autocreate_auto_join_rooms] ask = "Auto-Create room for Auto Join if not existing?" type = "boolean" yes = "true" no = "false" help = "Setting to false means that if the rooms are not manually created, users cannot be auto-joined. Auto-created rooms will be public and federated by default, this can be customised in CLI with the settings auto_join_*." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [main.welcome.notif_for_new_users] ask = "Enable email notifications for new users?" @@ -78,12 +73,11 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Defaults to 'true'." - bind = ":/etc/matrix-__APP__/homeserver.yaml" visible = "enable_notifs" [main.privacy] name = "Data Privacy" - + [main.privacy.text] ask = ''' * "all": any locally-created room @@ -97,15 +91,13 @@ services = ["matrix-__APP__"] type = "select" choices = ["all", "invite", "off"] help = "Note that encryption can always be turned on manually, even after creation." - bind = "encryption_enabled_by_default_for_room_type:/etc/matrix-__APP__/homeserver.yaml" - + [main.privacy.allow_public_rooms_over_federation] ask = "Access Public Rooms Directory over Federation?" type = "boolean" yes = "true" no = "false" help = "Disabled by default. If disabled, users on other homeserver will not be able to look for a public room on your homeserver. They will have to type the ID of the room to join." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [main.privacy.push_include_content] ask = "Disable content sharing inside push notification." @@ -113,7 +105,6 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Send content message and sender information in push notification. Set to false increase privacy when GAFAM notification service is used (ie: when element client is downloaded thrue Gplay store)." - bind = "push>include_content:/etc/matrix-__APP__/homeserver.yaml" [main.experience] name = "User Experience" @@ -122,7 +113,6 @@ services = ["matrix-__APP__"] ask = "Element instance your HomeServer should redirect to." type = "url" help = "URL to the web client which / will redirect to." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [main.experience.enable_group_creation] ask = "Allow non-server-admin Users to create Spaces?" @@ -130,7 +120,6 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Disabled by default: only server admins can create Spaces" - bind = ":/etc/matrix-__APP__/homeserver.yaml" [main.experience.enable_notifs] ask = "Enable sending emails for messages the user missed?" @@ -138,18 +127,16 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Defaults to 'false'." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [main.experience.client_base_url] ask = "URL for client links within the email notifications." type = "url" help = "Used to be called 'riot_base_url', still supported" - bind = ":/etc/matrix-__APP__/homeserver.yaml" visible = "enable_notifs" [resources] name = "Resource Usage" -services = ["matrix-__APP__", "nginx"] +services = ["matrix-__APP__"] [resources.media] name = "Manage Media growth and clean-up" @@ -158,7 +145,6 @@ services = ["matrix-__APP__", "nginx"] ask = "Largest allowed media upload size in bytes." type = "string" help = "Defaults to: '10M' . Format : <[GMK]?>" - bind = ":/etc/matrix-__APP__/homeserver.yaml" [advanced] name = "Advanced Settings" @@ -176,20 +162,12 @@ services = ["matrix-__APP__"] [advanced.others] name = "Others" - [advanced.others.backup_before_upgrade] - ask = "Backup before upgrade?" - type = "boolean" - yes = "true" - no = "false" - help = "!! If disabled, do a manual backup before upgrade !! Disable if your Synapse instance is huge and you prefer to disable the backup that is normally automatically done before each upgrade." - - [advanced.others.server_statistics] + [advanced.others.report_stats] ask = "Server statistics" type = "boolean" yes = "true" no = "false" help = "Enable to send anonymous statistics to Synapse Developers to improve performance." - bind = "report_stats:/etc/matrix-__APP__/homeserver.yaml" [advanced.guests] name = "Experience for Guests / Anonymous" @@ -198,7 +176,6 @@ services = ["matrix-__APP__"] ask = "Web client location to direct users to during an invite." type = "url" help = "This is passed to the identity server as the org.matrix.web_client_location key. Defaults to unset, giving no guidance to the identity server." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [advanced.guests.allow_guest_access] ask = "Allow Users to Register as Guests?" @@ -206,7 +183,6 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Guests can participate on this server in rooms with guest access enabled, without a password/email/etc." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [advanced.guests.auto_join_rooms_for_guests] ask = "Enable Auto Join Room for Guests?" @@ -214,7 +190,6 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Defaults to 'true'." - bind = ":/etc/matrix-__APP__/homeserver.yaml" visible = "allow_guest_access" [advanced.privacy] @@ -226,13 +201,11 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Enable 3PIDs lookup requests to identity servers from this server. See Settings->General->Discovery in Element." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [advanced.privacy.default_identity_server] ask = "Identity server suggested to clients?" type = "url" help = "Identity server allows to discover, be discovered and invite people you know with phone number or email. If not set, users will probably chose centralized vector.im. See Settings->General->Discovery in Element." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [advanced.privacy.allow_public_rooms_without_auth] ask = "Access Public Rooms Directory without authentification?" @@ -240,7 +213,6 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "Disabled by default. If enabled, anyone can query the Public Rooms Directory (access through the client API). This only makes sense if you want everyone to be able to scroll your public room to see what's interesting on your Homeserver" - bind = ":/etc/matrix-__APP__/homeserver.yaml" [advanced.registration] name = "Account Registration" @@ -249,7 +221,6 @@ services = ["matrix-__APP__"] ask = "Shared Secret for Registration." type = "string" help = "Allows registration of standard or admin accounts, even if Registration disabled." - bind = ":/etc/matrix-__APP__/homeserver.yaml" [advanced.registration.turn_allow_guests] ask = "Should guests be allowed to use the TURN server?" @@ -257,4 +228,3 @@ services = ["matrix-__APP__"] yes = "true" no = "false" help = "This defaults to True, otherwise VoIP will be unreliable for guests. However, it does introduce a slight security risk as it allows users to connect to arbitrary endpoints without having first signed up for a valid account (e.g. by passing a CAPTCHA)." - bind = ":/etc/matrix-__APP__/homeserver.yaml" diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 1ed7203..6b4d8d8 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -26,7 +26,7 @@ for example ``` _matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. ``` -You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` +You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls` For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md @@ -40,8 +40,8 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: ``` -yunohost app setting synapse turnserver_tls_port -yunohost app setting synapse turnserver_alt_tls_port +yunohost app setting synapse port_turnserver_tls +yunohost app setting synapse port_turnserver_alt_tls ``` The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. @@ -136,12 +136,6 @@ Then, to log in the API with your credentials, you need to set your user as admi ### Upgrade -By default a backup is made before the upgrade. If for some reason you want to upgrade without backup: -- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` -- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line: - -`yunohost app setting synapse backup_before_upgrade -v 0` - After this settings will be applied for **all** next upgrade. From command line: @@ -175,7 +169,7 @@ Use the `--purge` flag with the command, or remove it manually to purge app user To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: ``` -yunohost app setting synapse__ synapse_tls_port +yunohost app setting synapse__ port_synapse_tls ``` Before installing a second instance of the app it's really recommended to update all existing instances. diff --git a/doc/POST_INSTALL.md b/doc/POST_INSTALL.md new file mode 100644 index 0000000..67749a8 --- /dev/null +++ b/doc/POST_INSTALL.md @@ -0,0 +1,15 @@ +If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation. + +If not, you may need to put the following line in the dns configuration: + +_matrix._tcp.$domain. 3600 IN SRV 10 0 $port_synapse_tls $domain. + +For more details, see : https://github.com/matrix-org/synapse#setting-up-federation + +You also need to open the TCP port $port_synapse_tls on your ISP box if it's not automatically done. + +Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh . + +If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh + +You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en diff --git a/manifest.toml b/manifest.toml index aaf0fe6..734d26c 100644 --- a/manifest.toml +++ b/manifest.toml @@ -54,21 +54,29 @@ ram.runtime = "200M" example = "domain.org" default = "jitsi.riot.im" + [install.init_main_permission] + help.en = "Define the users allowed to access to synapse. Setting this to 'visitors' don't make sens in this case." + type = "group" + example = "all_users" + default = "all_users" + [resources] [resources.sources.prebuilt_bookworm] - armv7.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bookworm-bin1_armv7l.tar.gz" - armv7.sha256 = "1a1d9248b139f67d23a89a20745d14d88c5b8627f76872d7f94f66952b5f1253" + prefetch = false + armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bookworm-bin1_armv7l.tar.gz" + armhf.sha256 = "1a1d9248b139f67d23a89a20745d14d88c5b8627f76872d7f94f66952b5f1253" [resources.sources.prebuilt_bullseye] - armv7.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bullseye-bin1_armv7l.tar.gz" - armv7.sha256 = "97e9942bea9bcecc2a75228255a1824298300302559a9332e50816fa54193738" + prefetch = false + armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bullseye-bin1_armv7l.tar.gz" + armhf.sha256 = "97e9942bea9bcecc2a75228255a1824298300302559a9332e50816fa54193738" [resources.system_user] allow_email = true home = "/opt/yunohost/matrix-__APP__" [resources.install_dir] - dir = "/opt/yunohost/matrix-__APP__" + dir = "/var/www/__APP__" owner = "__APP__:rwX" group = "__APP__:rX" @@ -76,7 +84,8 @@ ram.runtime = "200M" dir = "/home/yunohost.app/__APP__" [resources.permissions] - main.url = "__DOMAIN__/_matrix/cas_server.php/login" + main.url = "/" + main.additional_url = "__DOMAIN__/_matrix/cas_server.php/login" main.label = "Server SSO" main.auth_header = true main.show_tile=false @@ -84,7 +93,7 @@ ram.runtime = "200M" server_api.url = "__DOMAIN__/_matrix" server_api.label = "Server access for client apps" - admin_api.allowed = "visitors" + server_api.allowed = "visitors" server_api.auth_header = false server_api.show_tile = false server_api.protected = true @@ -98,13 +107,16 @@ ram.runtime = "200M" [resources.ports] synapse_tls.default = 8448 - main.default = 8008 + synapse_tls.exposed = "TCP" + synapse.default = 8008 turnserver_tls.default = 5349 + turnserver_tls.exposed = "Both" turnserver_alt_tls.default = 5350 + turnserver_alt_tls.exposed = "Both" cli.default = 5766 [resources.apt] - packages = ["coturn", "acl", + packages = ["coturn", "acl", "postgresql", "php-fpm", "python3-dev", "python3-venv", "python3-pip", "python3-setuptools", "python3-lxml", "build-essential", "libffi-dev", "libssl-dev", "libxml2-dev", "libxslt1-dev", "zlib1g-dev", "libjpeg-dev", "libpq-dev"] diff --git a/scripts/_common.sh b/scripts/_common.sh index 44a5391..0563909 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,65 +1,169 @@ -dependances="coturn build-essential python3-dev libffi-dev python3-pip python3-setuptools sqlite3 libssl-dev python3-venv libxml2-dev libxslt1-dev python3-lxml zlib1g-dev libjpeg-dev libpq-dev postgresql acl" -python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)" -#REMOVEME? app=$YNH_APP_INSTANCE_NAME + + +main_domain=$(yunohost domain list --output-as json | jq -r .main) +code_dir="/opt/yunohost/matrix-$app" +base_api_url="/_matrix" install_sources() { # Install/upgrade synapse in virtualenv # Clean venv is it was on python2.7 or python3 with old version in case major upgrade of debian - if [ ! -e $install_dir/bin/python3 ] || [ ! -e $install_dir/lib/python$python_version ]; then -#REMOVEME? ynh_secure_remove --file=$install_dir/bin -#REMOVEME? ynh_secure_remove --file=$install_dir/lib -#REMOVEME? ynh_secure_remove --file=$install_dir/lib64 -#REMOVEME? ynh_secure_remove --file=$install_dir/include -#REMOVEME? ynh_secure_remove --file=$install_dir/share -#REMOVEME? ynh_secure_remove --file=$install_dir/pyvenv.cfg + if [ ! -e $code_dir/bin/python3 ] || [ ! -e $code_dir/lib/python$python_version ]; then + ynh_secure_remove --file=$code_dir/bin + ynh_secure_remove --file=$code_dir/lib + ynh_secure_remove --file=$code_dir/lib64 + ynh_secure_remove --file=$code_dir/include + ynh_secure_remove --file=$code_dir/share + ynh_secure_remove --file=$code_dir/pyvenv.cfg fi - mkdir -p $install_dir - chown $synapse_user:root -R $install_dir + mkdir -p $code_dir + chown $YNH_APP_ID:root -R $code_dir if [ -n "$(uname -m | grep arm)" ] then # Clean old file, sometimes it could make some big issues if we don't do this!! -#REMOVEME? ynh_secure_remove --file=$install_dir/bin -#REMOVEME? ynh_secure_remove --file=$install_dir/lib -#REMOVEME? ynh_secure_remove --file=$install_dir/include -#REMOVEME? ynh_secure_remove --file=$install_dir/share + ynh_secure_remove --file=$code_dir/bin + ynh_secure_remove --file=$code_dir/lib + ynh_secure_remove --file=$code_dir/include + ynh_secure_remove --file=$code_dir/share - ynh_setup_source --dest_dir=$install_dir/ --source_id="armv7_$(lsb_release --codename --short)" + ynh_setup_source --dest_dir=$code_dir/ --source_id="armv7_$(lsb_release --codename --short)" # Fix multi-instance support - for f in $(ls $install_dir/bin); do + for f in $(ls $code_dir/bin); do if ! [[ $f =~ "__" ]]; then - ynh_replace_special_string --match_string='#!/opt/yunohost/matrix-synapse' --replace_string='#!'$install_dir --target_file=$install_dir/bin/$f + ynh_replace_special_string --match_string='#!/opt/yunohost/matrix-synapse' --replace_string='#!'$code_dir --target_file=$code_dir/bin/$f fi done else # Install virtualenv if it don't exist -#REMOVEME? test -e $install_dir/bin/python3 || python3 -m venv $install_dir + test -e $code_dir/bin/python3 || python3 -m venv $code_dir # Install synapse in virtualenv # We set all necessary environement variable to create a python virtualenvironnement. u_arg='u' set +$u_arg; - source $install_dir/bin/activate + source $code_dir/bin/activate set -$u_arg; - + pip3 install --upgrade setuptools wheel pip pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2 pip3 install --upgrade -r $YNH_APP_BASEDIR/conf/requirement_$(lsb_release --codename --short).txt - # This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does + # This function was defined when we called "source $code_dir/bin/activate". With this function we undo what "$code_dir/bin/activate" does set +$u_arg; deactivate set -$u_arg; fi } -get_domain_list() { - yunohost --output-as plain domain list | grep -E "^#" -v | sort | uniq | while read domain; do - echo -n " - https://$domain\n" - done +configure_synapse() { + local domain_whitelist_client=$(yunohost --output-as plain domain list \ + | grep -E "^#" -v \ + | sort | uniq \ + | sed -r 's|^(.*)$| - \1|' \ + | sed -z 's|\n|\\n|g') + local macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' + local auto_join_rooms_sed_param="" + if [ -n $auto_join_rooms ]; then + auto_join_rooms_sed_param='auto_join_rooms:\n - "'$auto_join_rooms'"' + fi + local registration_require_3pid_sed_param="" + case ${registrations_require_3pid} in + 'email') + registration_require_3pid_sed_param="registrations_require_3pid:\n - email" + ;; + 'msisdn') + registration_require_3pid_sed_param="registrations_require_3pid:\n - msisdn" + ;; + 'email&msisdn') + registration_require_3pid_sed_param="registrations_require_3pid:\n - email\n - msisdn" + ;; + esac + + local allowd_local_3pids_sed_param="" + if [ -n "$allowed_local_3pids_email" ] || [ -n "$allowed_local_3pids_msisdn" ]; then + allowd_local_3pids_sed_param="allowed_local_3pids:" + + if [ -n "$allowed_local_3pids_email" ]; then + allowd_local_3pids_sed_param+="\n - medium: email\n pattern: '$allowed_local_3pids_email'" + fi + if [ -n "$allowed_local_3pids_msisdn" ]; then + allowd_local_3pids_sed_param+="\n - medium: msisdn\n pattern: '$allowed_local_3pids_msisdn'" + fi + fi + + ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml" + sed -i "s|_DOMAIN_WHITELIST_CLIENT_|$domain_whitelist_client|g" /etc/matrix-$app/homeserver.yaml + sed -i "s|_AUTO_JOIN_ROOMS_SED_PARAM_|$auto_join_rooms_sed_param|g" /etc/matrix-$app/homeserver.yaml + sed -i "s|_REGISTRATION_REQUIRE_3PID_SED_PARAM_|$registration_require_3pid_sed_param|g" /etc/matrix-$app/homeserver.yaml + sed -i "s|_ALLOWD_LOCAL_3PIDS_SED_PARAM_|$allowd_local_3pids_sed_param|g" /etc/matrix-$app/homeserver.yaml + + ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" +} + +configure_coturn() { + # Get public IP and set as external IP for coturn + # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 + local public_ip4="$(curl -s ip.yunohost.org)" || true + local public_ip6="$(curl -s ipv6.yunohost.org)" || true + + local turn_external_ip="" + if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4" + then + turn_external_ip+="external-ip=$public_ip4\\n" + fi + + if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6" + then + turn_external_ip+="external-ip=$public_ip6\\n" + fi + + ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf" + sed -i "s|_TURN_EXTERNAL_IP_|$turn_external_ip|g" /etc/matrix-$app/coturn.conf +} + +configure_nginx() { + local e2e_enabled_by_default_client_config + + # Create .well-known redirection for access by federation + if yunohost --output-as plain domain list | grep -q "^$server_name$" + then + local e2e_enabled_by_default_client_config + if [ $e2e_enabled_by_default == "off" ]; then + e2e_enabled_by_default_client_config=false + else + e2e_enabled_by_default_client_config=true + fi + ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" + fi + + # Create a dedicated NGINX config + ynh_add_nginx_config +} + +set_permissions() { + chown $YNH_APP_ID:$YNH_APP_ID -R $code_dir + chmod o= -R $code_dir + + chmod 770 $code_dir/Coturn_config_rotate.sh + chmod 700 $code_dir/update_synapse_for_appservice.sh + + find $data_dir \( \! -perm -o= \ + -o \! -user $YNH_APP_ID \ + -o \! -group $YNH_APP_ID \) \ + -exec chown $YNH_APP_ID:$YNH_APP_ID {} \; \ + -exec chmod o= {} \; + + chown $YNH_APP_ID:$YNH_APP_ID -R /etc/matrix-$app + chmod u=rwX,g=rX,o= -R /etc/matrix-$app + setfacl -R -m user:turnserver:rX /etc/matrix-$app + + chmod 600 /etc/matrix-$app/$server_name.signing.key + + chown $YNH_APP_ID:root -R /var/log/matrix-$app + setfacl -R -m user:turnserver:rwX /var/log/matrix-$app } diff --git a/scripts/backup b/scripts/backup index c3588b0..7a30a65 100644 --- a/scripts/backup +++ b/scripts/backup @@ -14,37 +14,10 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -#REMOVEME? ynh_print_info --message="Loading installation settings..." - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) - if [[ ! "$(systemctl status matrix-$app.service)" =~ "Active: inactive (dead)" ]]; then ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop $app service with this command before to run the backup 'systemctl stop matrix-$app.service'" fi -#================================================= -# SET CONSTANTS -#================================================= - -synapse_user="matrix-$app" -synapse_db_name="matrix_$app" -synapse_db_user="matrix_$app" -synapse_db_name="matrix_$app" -upstream_version=$(ynh_app_upstream_version) -final_www_path="/var/www/$app" -data_path="/home/yunohost.app/matrix-$app" - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -56,8 +29,8 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= +ynh_backup --src_path="$code_dir" ynh_backup --src_path="$install_dir" -ynh_backup --src_path="$final_www_path" #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/change_url b/scripts/change_url index 75398f0..877fdbf 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -5,61 +5,20 @@ #================================================= # IMPORT GENERIC HELPERS -source /usr/share/yunohost/helpers - -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - -# Import common cmd source ./experimental_helper.sh source ./_common.sh +source /usr/share/yunohost/helpers -#REMOVEME? ynh_script_progression --message="Loading installation settings..." - -# RETRIEVE ARGUMENTS -#REMOVEME? old_domain=$YNH_APP_OLD_DOMAIN -domain=$YNH_APP_NEW_DOMAIN -path=$(ynh_normalize_url_path --path $YNH_APP_NEW_PATH) -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) -#REMOVEME? jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) -#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration) -#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=synapse_port) -#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) -#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) -#REMOVEME? report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) -#REMOVEME? allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) -#REMOVEME? e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) -#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) -#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) -#REMOVEME? registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) -#REMOVEME? form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) -#REMOVEME? macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) -#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) -main_domain=$(yunohost domain list --output-as json | jq -r .main) - -synapse_user="matrix-$app" -synapse_user_app="$app" -synapse_db_name="matrix_$app" -synapse_db_user="matrix_$app" -synapse_db_name="matrix_$app" -upstream_version=$(ynh_app_upstream_version) -domain_whitelist_client_=$(get_domain_list) -domain_whitelist_client=${domain_whitelist_client_%"\n"} +path=$new_path +domain=$new_domain # Check if the new path stay /_matrix if not exit - if [[ $path != "/_matrix" ]] then ynh_die --message "You can't use an other path than '/_matrix'. You can only change the domain." fi -#REMOVEME? # We stop the service before to set ynh_clean_setup +# We stop the service ynh_systemd_action --service_name=matrix-$app.service --action=stop #================================================= @@ -71,22 +30,7 @@ ynh_systemd_action --service_name=matrix-$app.service --action=stop ynh_script_progression --message="Updating NGINX configuration..." ynh_change_url_nginx_config - -# MODIFY URL IN NGINX CONF -#REMOVEME? nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -#REMOVEME? # Change the domain for nginx -# Delete file checksum for the old conf file location -#REMOVEME? ynh_delete_file_checksum --file "$nginx_conf_path" -#REMOVEME? mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf -# Store file checksum for the new config file location -#REMOVEME? ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf" - -# Create .well-known redirection for access by federation -if yunohost --output-as plain domain list | grep -q "^$server_name$" -then -#REMOVEME? ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" -fi +configure_nginx #================================================= # UPDATE SYNAPSE CONFIG @@ -94,38 +38,14 @@ fi ynh_script_progression --message="Updating Synapse config..." --weight=2 -# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) -# For any update do it in all files - -if [ -z $macaroon_secret_key ]; then - # Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice. - # For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/ - # The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !! - # So for the old install we just leave this as it is. And for the new install we use a real macaroon. - macaroon_secret_key_param='# macaroon_secret_key: ""' -else - macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' -fi - -if [ $is_free_registration -eq 0 ] -then - allowed_access=False - sso_enabled=True -else - allowed_access=True - sso_enabled=False -fi - -ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml" -ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" +configure_synapse #================================================= # SECURE FILES AND DIRECTORIES #================================================= -# Only setting permissions for the two config files updated above -chown $synapse_user:root -R /etc/matrix-$app -chmod u=rwX,g=rX,o= -R /etc/matrix-$app +ynh_script_progression --message="Protecting directories..." --weight=3 +set_permissions #================================================= # RELOAD SERVICES @@ -133,6 +53,6 @@ chmod u=rwX,g=rX,o= -R /etc/matrix-$app ynh_script_progression --message="Restarting Synapse services..." --weight=5 ynh_systemd_action --service_name=coturn-$app.service --action=restart -ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 +ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/config b/scripts/config index 59ce2f8..0004273 100644 --- a/scripts/config +++ b/scripts/config @@ -6,161 +6,14 @@ # IMPORT GENERIC HELPERS #================================================= +source ./_common.sh source /usr/share/yunohost/helpers -# Stop script if errors -ynh_abort_if_errors -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -get__max_upload_size() { - max_upload_size=$(ynh_app_setting_get --app $app --key max_upload_size) - echo "${max_upload_size}" -} - -set__max_upload_size() { - ynh_write_var_in_file --file=/etc/matrix-$app/homeserver.yaml --key=max_upload_size --value="${max_upload_size}" - sed -i -r "s|client_max_body_size\s[[:digit:]]*[GMK]?;|client_max_body_size ${max_upload_size};|g" "/etc/nginx/conf.d/$domain.d/$app.conf" - ynh_add_nginx_conf -} - -get__registrations_require_3pid() { - registrations_require_3pid=$(ynh_app_setting_get --app $app --key registrations_require_3pid) - echo "${registrations_require_3pid}" -} - -# set__registrations_require_3pid() this function is setting datas for registrations_require_3pid field and allowed_local_3pids_(email/msisdn) -# it consist on comment or not "registrations_require_3pid:", " - email" and/or " - msisdn" -# then depending on the "registrations_require_3pid" value it comment or not "allowed_local_3pids:" lines -# and generate all it sub configuration : -# -# allowed_local_3pids: -# - medium: email -# pattern: * -# ... -# - medium: msisdn -# pattern: * -# -# sed -z and \n as new line carracter do the trick on this kind of multline replacement. - -set__registrations_require_3pid() { - - # search pattern to replace (it correspond to the complete section) - allowedLocal3pids="s;#?([^\S\n]*allowed_local_3pids:)\n(#?([^\S\n]*-[^\S\n]*medium:[^\S\n]*(email|msisdn)\n)#?([^\S\n]*pattern:[^\S\n]*[^\n]*\n))*;" - - case ${registrations_require_3pid} in - 'email') - # registrations_require_3pid: part - sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|registrations_require_3pid:\n - email\n# - msisdn|" "/etc/matrix-$app/homeserver.yaml" - - # allowed_local_3pids: part - allowedLocal3pids=${allowedLocal3pids}"\1" - - readarray -td, arr3pidemail < <(echo ${allowed_local_3pids_email}); - for pidemail in "${arr3pidemail[@]}"; do - # add it to regex substitution part - allowedLocal3pids=${allowedLocal3pids}"\n - medium: email"; - allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidemail})'"; - done; - ;; - - 'msisdn') - # registrations_require_3pid: part - sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|registrations_require_3pid:\n# - email\n - msisdn|" "/etc/matrix-$app/homeserver.yaml" - - # allowed_local_3pids: part - allowedLocal3pids=${allowedLocal3pids}"\1" - - readarray -td, arr3pidmsisdn < <(echo ${allowed_local_3pids_msisdn}); - for pidmsisdn in "${arr3pidmsisdn[@]}"; do - # add it to regex substitution part - allowedLocal3pids=${allowedLocal3pids}"\n - medium: msisdn"; - allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidmsisdn})'"; - done; - ;; - - 'email&msisdn') - # registrations_require_3pid: part - sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|registrations_require_3pid:\n - email\n - msisdn|" "/etc/matrix-$app/homeserver.yaml" - - # allowed_local_3pids: part - allowedLocal3pids=${allowedLocal3pids}"\1" - - readarray -td, arr3pidemail < <(echo ${allowed_local_3pids_email}); - for pidemail in "${arr3pidemail[@]}"; do - # add it to regex substitution part - allowedLocal3pids=${allowedLocal3pids}"\n - medium: email"; - allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidemail})'"; - done; - - readarray -td, arr3pidmsisdn < <(echo ${allowed_local_3pids_msisdn}); - for pidmsisdn in "${arr3pidmsisdn[@]}"; do - # add it to regex substitution part - allowedLocal3pids=${allowedLocal3pids}"\n - medium: msisdn"; - allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidmsisdn})'"; - done; - ;; - - *) - sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|#registrations_require_3pid:\n# - email\n# - msisdn|" "/etc/matrix-$app/homeserver.yaml" - - # empty fields and comment registration - allowedLocal3pids=${allowedLocal3pids}"#\1" - ;; - esac - - # finalize regex then apply sed command on the homeserver conf file - allowedLocal3pids="${allowedLocal3pids}\n;"; - sed -i -z -r "${allowedLocal3pids}" "/etc/matrix-$app/homeserver.yaml" - - - ynh_app_setting_set --app=$app --key=registrations_require_3pid --value="${registrations_require_3pid}" -} - -get__allowed_local_3pids_email() { - allowed_local_3pids_email=$(ynh_app_setting_get --app $app --key allowed_local_3pids_email) - echo "${allowed_local_3pids_email}" -} - -set__allowed_local_3pids_email() { - set__registrations_require_3pid; - ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value="${allowed_local_3pids_email}" -} - -get__allowed_local_3pids_msisdn() { - allowed_local_3pids_msisdn=$(ynh_app_setting_get --app $app --key allowed_local_3pids_msisdn) - echo "${allowed_local_3pids_msisdn}" -} - -set__allowed_local_3pids_msisdn() { - set__registrations_require_3pid; - ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value="${allowed_local_3pids_msisdn}" -} - -get__auto_join_rooms() { - auto_join_rooms=$(ynh_app_setting_get --app $app --key auto_join_rooms) - auto_join_rooms=$(echo ${auto_join_rooms} | sed "s~(\\\\)*\#~\\\\\#~g") - echo "${auto_join_rooms}" -} - -set__auto_join_rooms() { - - if [ -z ${auto_join_rooms} ] ; then - # remove all values comment header and example value - sed -i -z -r "s|#?([^\S\n]*auto_join_rooms:\n)#?([^\S\n]*-[^\n]*\n)*|#\1# - \"#example:example.com\"\n|" "/etc/matrix-$app/homeserver.yaml" - else - - readarray -td, arrroom < <(echo ${auto_join_rooms}); - - # print header then all space separated values - autoJoinRooms="s|#?([^\S\n]*auto_join_rooms:)\n(#?[^\S\n]*-[^\n]*\n)*|\1"; - for room in "${arrroom[@]}"; do - autoJoinRooms="${autoJoinRooms}\n - '$(echo ${room})'"; - done; - autoJoinRooms="${autoJoinRooms}\n|"; - sed -i -z -r "${autoJoinRooms}" "/etc/matrix-$app/homeserver.yaml" - fi - - ynh_app_setting_set --app=$app --key=auto_join_rooms --value="${auto_join_rooms}" +ynh_app_config_apply() { + _ynh_app_config_apply + configure_nginx + configure_synapse + set_permissions } #================================================= diff --git a/scripts/install b/scripts/install index f78cf6a..ee3cf72 100644 --- a/scripts/install +++ b/scripts/install @@ -1,7 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -10,83 +8,42 @@ source _common.sh source experimental_helper.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -#REMOVEME? ynh_clean_setup () { -# Clean installation remainings that are not handled by the remove script. - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - -#================================================= -# SET CONSTANTS -#================================================= - -synapse_user="matrix-$app" -synapse_user_app="$app" -synapse_user_app_pwd="$(ynh_string_random --length=30)" -synapse_db_name="matrix_$app" -synapse_db_user="matrix_$app" -synapse_db_name="matrix_$app" -upstream_version=$(ynh_app_upstream_version) -report_stats="false" -e2e_enabled_by_default="off" -default_domain_value="Same than the domain" -domain_whitelist_client_=$(get_domain_list) -domain_whitelist_client=${domain_whitelist_client_%"\n"} - #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -#REMOVEME? domain=$YNH_APP_ARG_DOMAIN -#REMOVEME? server_name=$YNH_APP_ARG_SERVER_NAME -#REMOVEME? is_free_registration=$YNH_APP_ARG_IS_FREE_REGISTRATION -#REMOVEME? jitsi_server=$YNH_APP_ARG_JITSI_SERVER -path="/_matrix" -#REMOVEME? install_dir="/opt/yunohost/matrix-$app" -final_www_path="/var/www/$app" -data_path="/home/yunohost.app/matrix-$app" -main_domain=$(yunohost domain list --output-as json | jq -r .main) - -if [[ "$server_name" == "$default_domain_value" ]]; then +if [ "$server_name" == "Same than the domain" ]; then server_name=$domain + ynh_app_setting_set --app=$app --key=server_name --value=$server_name fi #================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +## SET STANDARD SETTINGS FROM DEFAULT CONFIG #================================================= -#REMOVEME? ynh_script_progression --message="Validating installation parameters..." --weight=2 -test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain." -# Check Final Path availability -#REMOVEME? test ! -e "$install_dir" || ynh_die --message="This path already contains a folder" +ynh_script_progression --message="Storing installation settings..." --weight=1 -if [ -e "$data_path" ]; then - old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')" - ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path" - mv "$data_path" "$old_data_dir_path" -fi +report_stats="false" +e2e_enabled_by_default="off" +allow_public_rooms_without_auth="false" +allow_public_rooms_over_federation="false" +max_upload_size="10M" +disable_msisdn_registration="true" +registrations_require_3pid="none" +allowed_local_3pids_email="" +allowed_local_3pids_msisdn="" +allow_guest_access="false" +account_threepid_delegates_msisdn="" +default_identity_server="https://matrix.org" +auto_join_rooms="" +autocreate_auto_join_rooms="false" +auto_join_rooms_for_guests="true" +enable_notifs="true" +notif_for_new_users="true" +enable_group_creation="true" +push_include_content="true" -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -#REMOVEME? ynh_script_progression --message="Storing installation settings..." --weight=1 - -#REMOVEME? ynh_app_setting_set --app=$app --key=domain --value=$domain -#REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path -ynh_app_setting_set --app=$app --key=server_name --value=$server_name -ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server -#REMOVEME? ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir -ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version -#REMOVEME? ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats -ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default -ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd - -if [ "$is_free_registration" -eq "0" ] +if [ "$is_free_registration" -eq 0 ] then enable_registration="false" turn_allow_guests="false" @@ -101,52 +58,19 @@ else enable_3pid_lookup="true" fi -ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration -ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests -ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled -#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled -ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup - -#================================================= -## SET STANDARD SETTINGS FROM DEFAULT CONFIG -#================================================= - element_ynh_url="https://matrix.to/" # Get app name of first Element Instance (can be changed later in Config Panel) element_instance="element" if yunohost --output-as plain app list | grep -q "^$element_instance$"; then -#REMOVEME? element_domain=$(ynh_app_setting_get --app $element_instance --key domain) -#REMOVEME? element_path=$(ynh_app_setting_get --app $element_instance --key path) + element_domain=$(ynh_app_setting_get --app $element_instance --key domain) + element_path=$(ynh_app_setting_get --app $element_instance --key path) element_ynh_url="https://""$element_domain""$element_path" fi web_client_location=$element_ynh_url client_base_url=$element_ynh_url invite_client_location=$element_ynh_url -backup_before_upgrade="true" -server_statistics="false" -allow_public_rooms_without_auth="false" -allow_public_rooms_over_federation="false" -max_upload_size="10M" -disable_msisdn_registration="true" -registrations_require_3pid="none" -# here we need sed magic to transform $server_name -allowed_local_3pids_email="" -allowed_local_3pids_msisdn="" -allow_guest_access="false" -account_threepid_delegates_msisdn="" -default_identity_server="https://matrix.org" -auto_join_rooms="#auto_join_room:""$server_name" -autocreate_auto_join_rooms="false" -auto_join_rooms_for_guests="true" -password_enabled="true" -enable_notifs="true" -notif_for_new_users="true" -enable_group_creation="true" -push_include_content="true" - -ynh_app_setting_set --app=$app --key=backup_before_upgrade --value=$backup_before_upgrade -ynh_app_setting_set --app=$app --key=server_statistics --value=$server_statistics +ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location @@ -163,39 +87,19 @@ ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_id ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests -#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled +ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content - +ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration +ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests +ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled +ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled +ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup #================================================= # STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Configuring firewall..." --weight=19 - -# Find a free port -#REMOVEME? synapse_tls_port=$(ynh_find_port --port=8448) -#REMOVEME? port=$(ynh_find_port --port=8008) -#REMOVEME? turnserver_tls_port=$(ynh_find_port --port=5349) -#REMOVEME? turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1))) -#REMOVEME? cli_port=$(ynh_find_port --port=5766) - -# Open this port -ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port -ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port -ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port - -# Store opened ports -#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_port --value=$port -#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_tls_port --value=$synapse_tls_port -#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port -#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port -#REMOVEME? ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port - #================================================= # CREATE A DH FILE #================================================= @@ -212,45 +116,18 @@ then chmod 640 /etc/ssl/private/dh2048.pem fi -#================================================= -# INSTALL DEPENDENCIES -#================================================= -#REMOVEME? ynh_script_progression --message="Installing dependencies..." --weight=80 - -# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE -# For any update do it in all files -#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances - #================================================= # CREATE DEDICATED USER #================================================= -#REMOVEME? ynh_script_progression --message="Configuring system user..." --weight=3 +ynh_script_progression --message="Creating $app user..." --weight=1 -#REMOVEME? ynh_system_user_create --username=$synapse_user --home_dir=$install_dir -# The format to create an user account varies depending on the version of YunoHost currently installed. -ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost) -if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then - yunohost user create $synapse_user_app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" -else - yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd" -fi -adduser $synapse_user ssl-cert +synapse_user_app_pwd="$(ynh_string_random --length=30)" +ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd +# yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" + +adduser $YNH_APP_ID ssl-cert adduser turnserver ssl-cert -#================================================= -# CREATE A POSTGRESQL DATABASE -#================================================= -#REMOVEME? ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4 - -synapse_db_pwd=$(ynh_string_random --length=30) -#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd - -# Create postgresql database -#REMOVEME? ynh_psql_test_if_first_run -ynh_psql_create_user $synapse_db_user $synapse_db_pwd -ynh_psql_execute_as_root \ ---sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -260,7 +137,6 @@ ynh_script_progression --message="Setting up source files..." --weight=50 # WARNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files -mkdir -p $data_path mkdir -p /var/log/matrix-$app mkdir -p /etc/matrix-$app/conf.d mkdir -p /etc/matrix-$app/app-service @@ -275,10 +151,9 @@ install_sources # WARNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files -mkdir -p $final_www_path -cp ../sources/cas_server.php $final_www_path/ -chmod u=rwX,g=rX,o= -R $final_www_path -chown $synapse_user:root -R $final_www_path +cp ../sources/cas_server.php $install_dir/ +chmod u=rwX,g=rX,o= -R $install_dir +chown $YNH_APP_ID:$YNH_APP_ID -R $install_dir #================================================= # CREATE SYNAPSE CONFIG @@ -287,17 +162,18 @@ chown $synapse_user:root -R $final_www_path ynh_script_progression --message="Creating Synapse config..." --weight=3 # Go in virtualenvironnement -set +u; -source $install_dir/bin/activate -set -u; +u_arg='u' +set +$u_arg; +source $code_dir/bin/activate +set -$u_arg; # Generate config python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --server-name $server_name --report-stats=no -c homeserver.yml -# This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does -set +u; +# This function was defined when we called "source $code_dir/bin/activate". With this function we undo what "$code_dir/bin/activate" does +set +$u_arg; deactivate -set -u; +set -$u_arg; # Get random values from config registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2) @@ -331,14 +207,7 @@ ynh_script_progression --message="Configuring application..." ynh_add_fpm_config --usage=low --footprint=low -# Create .well-known redirection for access by federation -if yunohost --output-as plain domain list | grep -q "^$server_name$" -then - ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" -fi - -# Create a dedicated nginx config -ynh_add_nginx_config app +configure_nginx #================================================= # SET SYNAPSE CONFIG @@ -349,41 +218,14 @@ ynh_script_progression --message="Configuring Synapse..." --weight=2 turnserver_pwd=$(ynh_string_random --length=30) ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd -# Configure Synapse - -# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) -# For any update do it in all files - -macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' - -ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml" -ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" +configure_synapse #================================================= # SET COTURN CONFIG #================================================= ynh_script_progression --message="Configuring Coturn..." --weight=1 -# WARNING : theses command are used in INSTALL, UPGRADE -# For any update do it in all files - -# Get public IP and set as external IP for coturn -# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 -public_ip4="$(curl -s ip.yunohost.org)" || true -public_ip6="$(curl -s ipv6.yunohost.org)" || true - -turn_external_ip="" -if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4" -then - turn_external_ip+="external-ip="$public_ip4%"\n" -fi - -if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6" -then - turn_external_ip+="external-ip="$public_ip6%"\n" -fi - -ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf" +configure_coturn #================================================= # SETUP LOGROTATE @@ -399,8 +241,8 @@ ynh_use_logrotate --logfile "/var/log/matrix-$app" # WARNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files -ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$install_dir/Coturn_config_rotate.sh" -ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$install_dir/update_synapse_for_appservice.sh" +ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$code_dir/Coturn_config_rotate.sh" +ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$code_dir/update_synapse_for_appservice.sh" #================================================= # GENERIC FINALIZATION @@ -411,7 +253,7 @@ ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destin ynh_script_progression --message="Configuring permissions..." --weight=1 if yunohost --output-as plain domain list | grep -q "^$server_name$"; then - ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ + ynh_""permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ --auth_header=false --protected=true fi @@ -429,25 +271,15 @@ ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update # SECURE FILES AND DIRECTORIES #================================================= -# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE -# For any update do it in all files -chown $synapse_user:root -R $install_dir -chmod 770 $install_dir/Coturn_config_rotate.sh -chmod 700 $install_dir/update_synapse_for_appservice.sh -chown $synapse_user:root -R $data_path -chown $synapse_user:root -R /var/log/matrix-$app -chown $synapse_user:root -R /etc/matrix-$app -chmod u=rwX,g=rX,o= -R /etc/matrix-$app -chmod 600 /etc/matrix-$app/$server_name.signing.key -setfacl -R -m user:turnserver:rX /etc/matrix-$app -setfacl -R -m user:turnserver:rwX /var/log/matrix-$app +ynh_script_progression --message="Protecting directories..." --weight=3 +set_permissions #================================================= # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port -yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port +yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls +yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls #================================================= # RELOAD SERVICES @@ -455,43 +287,15 @@ yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port ynh_script_progression --message="Restarting Synapse services..." --weight=11 ynh_systemd_action --service_name=coturn-$app.service --action=restart -ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 +ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 #================================================= # SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2Ban..." --weight=10 -# WARNING : theses command are used in INSTALL, UPGRADE -# For any update do it in all files - ynh_add_fail2ban_config --use_template -#================================================= -# SEND A README FOR THE ADMIN -#================================================= - -# WARNING : theses command are used in INSTALL, RESTORE -# For any update do it in all files - -echo "If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation. - -If not, you may need to put the following line in the dns configuration: - -_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain. - -For more details, see : https://github.com/matrix-org/synapse#setting-up-federation - -You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done. - -Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh . - -If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh - -You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en" > mail_to_send - -ynh_send_readme_to_admin --app_message="mail_to_send" --type="install" - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index d158136..6f688f8 100755 --- a/scripts/remove +++ b/scripts/remove @@ -10,32 +10,6 @@ source _common.sh source experimental_helper.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=3 - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) -#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) - -#================================================= -# SET CONSTANTS -#================================================= - -synapse_user="matrix-$app" -synapse_user_app="$app" -synapse_db_name="matrix_$app" -synapse_db_user="matrix_$app" -synapse_db_name="matrix_$app" -upstream_version=$(ynh_app_upstream_version) -final_www_path="/var/www/$app" - #================================================= # STANDARD REMOVE #================================================= @@ -61,29 +35,12 @@ ynh_script_progression --message="Stopping and removing the systemd service" --w ynh_remove_systemd_config --service=matrix-$app ynh_remove_systemd_config --service=coturn-$app -#================================================= -# REMOVE THE POSTGRESQL DATABASE -#================================================= -#REMOVEME? ynh_script_progression --message="Removing the PostgreSQL database" --weight=2 - -# Remove a database if it exists, along with the associated user -#REMOVEME? ynh_psql_remove_db --db_user=$synapse_db_name --db_name=$synapse_db_user - -#================================================= -# REMOVE DEPENDENCIES -#================================================= -#REMOVEME? ynh_script_progression --message="Removing dependencies" --weight=15 - -# Remove metapackage and its dependencies -#REMOVEME? ynh_remove_app_dependencies - #================================================= # REMOVE APP MAIN DIR #================================================= -#REMOVEME? ynh_script_progression --message="Removing app main directory" --weight=2 +ynh_script_progression --message="Removing app main directory" --weight=2 -#REMOVEME? ynh_secure_remove --file=$install_dir -ynh_secure_remove --file=$final_www_path +ynh_secure_remove --file=$code_dir ynh_secure_remove --file=/var/log/matrix-$app ynh_secure_remove --file=/etc/matrix-$app ynh_secure_remove --file=/etc/default/matrix-$app @@ -109,23 +66,6 @@ ynh_script_progression --message="Removing logrotate configuration" --weight=1 # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# CLOSE A PORT -#================================================= - -closeport() { - local port=$1 - if yunohost firewall list | grep -q "\- $port$" - then - ynh_script_progression --message="Closing port $port" - ynh_exec_warn_less yunohost firewall disallow Both $port - fi -} - -closeport $synapse_tls_port -closeport $turnserver_tls_port -closeport $turnserver_alt_tls_port - #================================================= # REMOVE FAIL2BAN CONFIGURATION #================================================= @@ -139,11 +79,10 @@ ynh_remove_fail2ban_config #================================================= # REMOVE DEDICATED USER #================================================= -#REMOVEME? ynh_script_progression --message="Removing the dedicated system user" --weight=1 +ynh_script_progression --message="Removing the dedicated system user" --weight=1 # Delete a system user -#REMOVEME? ynh_system_user_delete --username=$synapse_user -yunohost user delete $synapse_user_app +yunohost user delete $YNH_APP_ID #================================================= # END OF SCRIPT diff --git a/scripts/remove_sso_conf_persistent.py b/scripts/remove_sso_conf_persistent.py deleted file mode 100644 index b0fde80..0000000 --- a/scripts/remove_sso_conf_persistent.py +++ /dev/null @@ -1,39 +0,0 @@ -import json -import sys - -with open("/etc/ssowat/" + "conf.json.persistent", "r", encoding='utf-8') as jsonFile: - data = json.load(jsonFile) - - for domain in ("", sys.argv[1], sys.argv[2]): - for path in ("/_matrix", "/.well-known/matrix/", "/_matrix/cas_server.php/login"): - url = domain + path - try: - uri_list = data["skipped_urls"] - while url in uri_list: - uri_list.remove(url) - except: - pass - - try: - uri_list = data["protected_urls"] - while url in uri_list: - uri_list.remove(url) - except: - pass - - try: - uri_list = data["permissions"]["custom_protected"]["uris"] - while url in uri_list: - uri_list.remove(url) - except: - pass - - try: - uri_list = data["permissions"]["custom_skipped"]["uris"] - while url in uri_list: - uri_list.remove(url) - except: - pass - -with open("/etc/ssowat/" + "conf.json.persistent", "w", encoding='utf-8') as jsonFile: - jsonFile.write(json.dumps(data, indent=4, sort_keys=True)) diff --git a/scripts/restore b/scripts/restore index d4a1908..fe5a03c 100644 --- a/scripts/restore +++ b/scripts/restore @@ -11,83 +11,19 @@ source ../settings/scripts/_common.sh source ../settings/scripts/experimental_helper.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -#REMOVEME? ynh_clean_setup () { -# Clean installation remainings that are not handled by the remove script. - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - #================================================= # LOAD SETTINGS #================================================= ynh_script_progression --message="Loading settings..." -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) -#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) -#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -#REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) -#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) -#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) -main_domain=$(yunohost domain list --output-as json | jq -r .main) - -#================================================= -# SET ALL CONSTANT -#================================================= - -synapse_user="matrix-$app" -synapse_user_app="$app" -synapse_db_name="matrix_$app" -synapse_db_user="matrix_$app" -synapse_db_name="matrix_$app" -upstream_version=$(ynh_app_upstream_version) -final_www_path="/var/www/$app" -data_path="/home/yunohost.app/matrix-$app" - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -#REMOVEME? ynh_script_progression --message="Validating restoration parameters..." --weight=2 - -#REMOVEME? test ! -d $install_dir \ - || ynh_die --message="There is already a directory: $install_dir " - -#================================================= -# STANDARD RESTORATION STEPS -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -#REMOVEME? ynh_script_progression --message="Reinstalling dependencies..." --weight=70 - -# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE -# For any update do it in all files -#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances - #================================================= # RECREATE THE DEDICATED USER #================================================= -#REMOVEME? ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 +ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 # Create the dedicated user (if not existing) -#REMOVEME? ynh_system_user_create --username=$synapse_user --home_dir=$install_dir -# The format to create an user account varies depending on the version of YunoHost currently installed. -ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost) -if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then - yunohost user create $synapse_user_app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" -else - yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd" -fi -adduser $synapse_user ssl-cert +yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" +adduser $YNH_APP_ID ssl-cert adduser turnserver ssl-cert #================================================= @@ -113,17 +49,8 @@ ynh_systemd_action --action=restart --service_name=fail2ban #================================================= # RESTORE THE POSTGRESQL DATABASE #================================================= -#REMOVEME? ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13 +ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13 -#REMOVEME? ynh_psql_test_if_first_run -ynh_psql_create_user $synapse_db_user $synapse_db_pwd -ynh_psql_execute_as_root \ ---sql="CREATE DATABASE $synapse_db_name - ENCODING 'UTF8' - LC_COLLATE='C' - LC_CTYPE='C' - template=template0 - OWNER $synapse_db_user;" ynh_psql_execute_file_as_root --file="${YNH_CWD}/dump.sql" --database="$synapse_db_name" #================================================= @@ -139,8 +66,8 @@ systemctl enable coturn-$app.service --quiet # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port -yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port +yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls +yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls #================================================= # CREATE A DH FILE @@ -163,43 +90,7 @@ fi #================================================= ynh_script_progression --message="Reconfiguring Coturn..." --weight=23 -# To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config - -# Retrieve specific settings -#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) -#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) - -# WARNING : these commands are used in INSTALL, UPGRADE -# For any update do it in all files - -# Get public IP and set as external IP for coturn -# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 -public_ip4="$(curl -s ip.yunohost.org)" || true -public_ip6="$(curl -s ipv6.yunohost.org)" || true - -turn_external_ip="" -if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4" -then - turn_external_ip+="external-ip="$public_ip4%"\n" -fi - -if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6" -then - turn_external_ip+="external-ip="$public_ip6%"\n" -fi - -ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf" - -#================================================= -# OPEN THE PORT -#================================================= - -# Ouvre le port dans le firewall -ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port -ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port -ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port +configure_coturn #================================================= # SETUP LOGROTATE @@ -214,21 +105,8 @@ ynh_use_logrotate --logfile /var/log/matrix-$app # SECURE FILES AND DIRECTORIES #================================================= -# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE (3 times) -# For any update do it in all files -ynh_script_progression --message="Configuring file permission..." -chown $synapse_user:root -R $install_dir -chmod 770 $install_dir/Coturn_config_rotate.sh -chmod 700 $install_dir/update_synapse_for_appservice.sh -chown $synapse_user:root -R $data_path -chown $synapse_user:root -R /var/log/matrix-$app -chown $synapse_user:root -R /etc/matrix-$app -chmod u=rwX,g=rX,o= -R /etc/matrix-$app -chmod 600 /etc/matrix-$app/$server_name.signing.key -setfacl -R -m user:turnserver:rX /etc/matrix-$app -setfacl -R -m user:turnserver:rwX /var/log/matrix-$app -chmod u=rwX,g=rX,o= -R $final_www_path -chown $synapse_user:root -R $final_www_path +ynh_script_progression --message="Protecting directories..." --weight=3 +set_permissions #================================================= # RELOAD NGINX, SYNAPSE AND COTURN @@ -236,26 +114,7 @@ chown $synapse_user:root -R $final_www_path ynh_script_progression --message="Restarting Synapse services..." --weight=7 ynh_systemd_action --service_name=coturn-$app.service --action=restart -ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 - -#================================================= -# SEND A README FOR THE ADMIN -#================================================= - -# WARNING : theses command are used in INSTALL, RESTORE -# For any update do it in all files - -echo "To federate this app you need to add this line in your DNS configuration: - -_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain. - -You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done. - -Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh . - -If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" > mail_to_send - -ynh_send_readme_to_admin --app_message="mail_to_send" --type="restore" +ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index c567090..3544a64 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -10,85 +10,11 @@ source _common.sh source experimental_helper.sh source /usr/share/yunohost/helpers -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=3 - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name) -#REMOVEME? jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) -#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version) -#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration) -#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=synapse_port) -#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port) -#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) -#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) -#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) -#REMOVEME? report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) -#REMOVEME? e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) -#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) -#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) -#REMOVEME? registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret) -#REMOVEME? form_secret=$(ynh_app_setting_get --app=$app --key=form_secret) -#REMOVEME? macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) -#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd) -domain_whitelist_client_=$(get_domain_list) -domain_whitelist_client=${domain_whitelist_client_%"\n"} -main_domain=$(yunohost domain list --output-as json | jq -r .main) - #================================================= # SET ALL CONSTANT #================================================= -synapse_user="matrix-$app" -synapse_user_app="$app" -synapse_db_name="matrix_$app" -synapse_db_user="matrix_$app" -synapse_db_name="matrix_$app" -upstream_version=$(ynh_app_upstream_version) upgrade_type=$(ynh_check_app_version_changed) -final_www_path="/var/www/$app" -data_path="/home/yunohost.app/matrix-$app" - -#================================================= -# GET CONFIG PANEL SETTINGS -#================================================= - -#REMOVEME? server_statistics=$(ynh_app_setting_get --app=$app --key=server_statistics) -#REMOVEME? web_client_location=$(ynh_app_setting_get --app=$app --key=web_client_location) -#REMOVEME? client_base_url=$(ynh_app_setting_get --app=$app --key=client_base_url) -#REMOVEME? invite_client_location=$(ynh_app_setting_get --app=$app --key=invite_client_location) -#REMOVEME? allow_public_rooms_without_auth=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_without_auth) -#REMOVEME? allow_public_rooms_over_federation=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_over_federation) -#REMOVEME? max_upload_size=$(ynh_app_setting_get --app=$app --key=max_upload_size) -#REMOVEME? disable_msisdn_registration=$(ynh_app_setting_get --app=$app --key=disable_msisdn_registration) -#REMOVEME? registrations_require_3pid=$(ynh_app_setting_get --app=$app --key=registrations_require_3pid) -#REMOVEME? allowed_local_3pids_email=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_email) -#REMOVEME? allowed_local_3pids_msisdn=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_msisdn) -#REMOVEME? account_threepid_delegates_msisdn=$(ynh_app_setting_get --app=$app --key=account_threepid_delegates_msisdn) -#REMOVEME? allow_guest_access=$(ynh_app_setting_get --app=$app --key=allow_guest_access) -#REMOVEME? default_identity_server=$(ynh_app_setting_get --app=$app --key=default_identity_server) -#REMOVEME? auto_join_rooms=$(ynh_app_setting_get --app=$app --key=auto_join_rooms) -#REMOVEME? autocreate_auto_join_rooms=$(ynh_app_setting_get --app=$app --key=autocreate_auto_join_rooms) -#REMOVEME? auto_join_rooms_for_guests=$(ynh_app_setting_get --app=$app --key=auto_join_rooms_for_guests) -#REMOVEME? enable_notifs=$(ynh_app_setting_get --app=$app --key=enable_notifs) -#REMOVEME? notif_for_new_users=$(ynh_app_setting_get --app=$app --key=notif_for_new_users) -#REMOVEME? enable_group_creation=$(ynh_app_setting_get --app=$app --key=enable_group_creation) - -#REMOVEME? enable_registration=$(ynh_app_setting_get --app=$app --key=enable_registration) -#REMOVEME? turn_allow_guests=$(ynh_app_setting_get --app=$app --key=turn_allow_guests) -#REMOVEME? sso_enabled=$(ynh_app_setting_get --app=$app --key=sso_enabled) -#REMOVEME? password_enabled=$(ynh_app_setting_get --app=$app --key=password_enabled) -#REMOVEME? enable_3pid_lookup=$(ynh_app_setting_get --app=$app --key=enable_3pid_lookup) -#REMOVEME? push_include_content=$(ynh_app_setting_get --app=$app --key=push_include_content) #================================================= # ENSURE DOWNWARD COMPATIBILITY @@ -98,40 +24,7 @@ ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # Following the discussion here https://github.com/YunoHost-Apps/synapse_ynh/pull/51 we decided to remove definitely the support of the old package migration. if [ -z "$synapse_old_version" ] then - ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version." -fi - -#================================================= -# MIGRATION 7 : Working config panel v1 -#================================================= -#REMOVEME? backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=backup_before_upgrade) -if [ -z $backup_before_upgrade ] ; then - backup_before_upgrade="true" -#REMOVEME? disable_backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade) - if [ "0$disable_backup_before_upgrade" -ne 0 ]; then - backup_before_upgrade="false" - fi - ynh_app_setting_set --app=$app --key=backup_before_upgrade --value=$backup_before_upgrade -fi - -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= - -#REMOVEME? # We stop the service before to set ynh_clean_setup -ynh_systemd_action --service_name=matrix-$app.service --action=stop - -# Backup the current version of the app -if $backup_before_upgrade ; then -#REMOVEME? ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30 -#REMOVEME? ynh_backup_before_upgrade -#REMOVEME? ynh_clean_setup () { - # Clean installation remainings that are not handled by the remove script. - ynh_clean_check_starting -#REMOVEME? ynh_restore_upgradebackup - } -else -#REMOVEME? ynh_script_progression --message="NOT Backing up the app before upgrading..." --weight=1 + ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version." fi #================================================= @@ -142,10 +35,10 @@ fi # Migrate from settings 'special_domain' to 'domain' and 'special_path' to 'path' if [ -z $domain ]; then -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=special_domain) -#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=special_path) -#REMOVEME? ynh_app_setting_set --app=$app --key=domain --value=$domain -#REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path + domain=$(ynh_app_setting_get --app=$app --key=special_domain) + path=$(ynh_app_setting_get --app=$app --key=special_path) + ynh_app_setting_set --app=$app --key=domain --value=$domain + ynh_app_setting_set --app=$app --key=path --value=$path ynh_app_setting_delete --app=$app --key=special_domain ynh_app_setting_delete --app=$app --key=special_path ynh_app_setting_set --app=$app --key=no_sso --value true @@ -153,193 +46,146 @@ fi # Define $server_name if not already defined if [ -z $server_name ]; then - server_name=$domain -#REMOVEME? ynh_app_setting_set --app=$app --key=server_name --value=$domain + server_name=$domain + ynh_app_setting_set --app=$app --key=server_name --value=$domain fi # Define $jitsi_server if not already defined if [ -z $jitsi_server ]; then - jitsi_server='jitsi.riot.im' - ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server + jitsi_server='jitsi.riot.im' + ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server fi # Define $e2e_enabled_by_default if not already defined if [ -z $e2e_enabled_by_default ] ; then - e2e_enabled_by_default="invite" - ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default + e2e_enabled_by_default="invite" + ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default fi if [ "$e2e_enabled_by_default" = "true" ] ; then - e2e_enabled_by_default="all" - ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default + e2e_enabled_by_default="all" + ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default fi if [ "$e2e_enabled_by_default" = "false" ]; then - e2e_enabled_by_default="off" - ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default + e2e_enabled_by_default="off" + ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default fi if [ -z $report_stats ]; then report_stats="false" -#REMOVEME? ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats + ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats fi -if [ -z $is_free_registration ]; then -#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public) -fi - -if [ -z $synapse_user_app_pwd ]; then - synapse_user_app_pwd="$(ynh_string_random --length=30)" - ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd - # The format to create an user account varies depending on the version of YunoHost currently installed. - ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost) - if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then - yunohost user create $synapse_user_app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" - else - yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd" - fi -fi - -#================================================= -# MIGRATION 6 : Migrate data directory -#================================================= - -if [ -e "/var/lib/matrix-$app" ]; then - ynh_script_progression --message="Moving data directory to $data_path..." --weight=1 - if [ -e "$data_path" ]; then - old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')" - ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path" - mv "$data_path" "$old_data_dir_path" - fi - mv "/var/lib/matrix-$app" "$data_path" -fi -if ! grep -q "$install_dir" /etc/passwd; then - # matrix-synapse:x:994:994::/var/lib/matrix-synapse:/usr/sbin/nologin - sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$install_dir\:/usr/sbin/nologin@g" /etc/passwd -fi - -#================================================= -# MIGRATION 7 : Working config panel v1 -#================================================= - -#REMOVEME? allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) -if [ -z $allow_public_rooms ]; then - allow_public_rooms="false" -fi - -# SET STANDARD SETTINGS FROM DEFAULT CONFIG - # Get app name of first Element Instance element_ynh_url="https://matrix.to/" -element_domain="" -element_path="" web_client_location=$element_ynh_url client_base_url=$element_ynh_url invite_client_location=$element_ynh_url -element_instance="element" + if [ -z "$web_client_location" ] then - if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then -#REMOVEME? element_domain=$(ynh_app_setting_get --app $element_instance --key domain) -#REMOVEME? element_path=$(ynh_app_setting_get --app $element_instance --key path) - element_ynh_url="https://""$element_domain""$element_path" - fi - web_client_location=$element_ynh_url - client_base_url=$element_ynh_url - invite_client_location=$element_ynh_url - ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location - ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url - ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location + element_instance="element" + if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then + element_domain=$(ynh_app_setting_get --app $element_instance --key domain) + element_path=$(ynh_app_setting_get --app $element_instance --key path) + element_ynh_url="https://""$element_domain""$element_path" + fi + web_client_location=$element_ynh_url + client_base_url=$element_ynh_url + invite_client_location=$element_ynh_url + ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location + ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url + ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location fi -if [ -z "$server_statistics" ] -then - server_statistics="false" - ynh_app_setting_set --app=$app --key=server_statistics --value=$server_statistics -fi if [ -z "$allow_public_rooms_without_auth" ] then - allow_public_rooms_without_auth=$allow_public_rooms - ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth + allow_public_rooms_without_auth=${allow_public_rooms:-false} + ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth fi if [ -z "$allow_public_rooms_over_federation" ] then - allow_public_rooms_over_federation=$allow_public_rooms - ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation + allow_public_rooms_over_federation=${allow_public_rooms:-false} + ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation fi if [ -z "$max_upload_size" ] then - max_upload_size="10M" - ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size + max_upload_size="10M" + ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size fi if [ -z "$disable_msisdn_registration" ] then - disable_msisdn_registration="true" - ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration + disable_msisdn_registration="true" + ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration fi if [ -z "$registrations_require_3pid" ] then - registrations_require_3pid="none" - ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid + registrations_require_3pid="none" + ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid fi if [ -z "$allowed_local_3pids_email" ] then - allowed_local_3pids_email="'^[^@]+@""matrix""\.org$'" - ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email + allowed_local_3pids_email="'^[^@]+@""matrix""\.org$'" + ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email fi if [ -z "$allowed_local_3pids_msisdn" ] then - allowed_local_3pids_msisdn="'\+33'" - ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn + allowed_local_3pids_msisdn="'\+33'" + ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn fi if [ -z "$account_threepid_delegates_msisdn" ] then - account_threepid_delegates_msisdn="" - ynh_app_setting_set --app=$app --key=account_threepid_delegates_msisdn --value=$account_threepid_delegates_msisdn + account_threepid_delegates_msisdn="" + ynh_app_setting_set --app=$app --key=account_threepid_delegates_msisdn --value=$account_threepid_delegates_msisdn fi if [ -z "$allow_guest_access" ] then - allow_guest_access="false" - ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access + allow_guest_access="false" + ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access fi if [ -z "$default_identity_server" ] then - default_identity_server="https://matrix.org" - ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server + default_identity_server="https://matrix.org" + ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server fi if [ -z "$auto_join_rooms" ] then - auto_join_rooms="#auto_join_room:""$server_name" - ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms + auto_join_rooms="#auto_join_room:""$server_name" + ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms fi if [ -z "$autocreate_auto_join_rooms" ] then - autocreate_auto_join_rooms="false" - ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms + autocreate_auto_join_rooms="false" + ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms fi if [ -z "$auto_join_rooms_for_guests" ] then - auto_join_rooms_for_guests="true" - ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests + auto_join_rooms_for_guests="true" + ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests fi if [ -z "$enable_notifs" ] then - enable_notifs="true" - ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs + enable_notifs="true" + ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs fi if [ -z "$notif_for_new_users" ] then - notif_for_new_users="true" - ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users + notif_for_new_users="true" + ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users fi if [ -z "$enable_group_creation" ] then - enable_group_creation="true" - ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation + enable_group_creation="true" + ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation fi if [ -z "$enable_registration" ] then + if [ -z $is_free_registration ]; then + is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public) + fi + if [ "$is_free_registration" -eq "0" ] then enable_registration="false" @@ -357,126 +203,42 @@ then ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled -#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled + ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup fi if [ -z "$push_include_content" ] then - push_include_content="true" - ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content + push_include_content="true" + ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content fi -#================================================= -# INSTALL DEPENDENCIES -#================================================= -#REMOVEME? ynh_script_progression --message="Upgrading dependencies..." --weight=6 - -# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE -# For any update do it in all files -#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances - -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE -#================================================= - -if [ "$upgrade_type" == "UPGRADE_APP" ] || [ ! -e $install_dir/bin/python3 ] || [ ! -e $install_dir/lib/python$python_version ] -then - ynh_script_progression --message="Upgrading source files..." --weight=6 - install_sources +if [ -z $synapse_user_app_pwd ]; then + synapse_user_app_pwd="$(ynh_string_random --length=30)" + ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd + # The format to create an user account varies depending on the version of YunoHost currently installed. + yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" fi -#================================================= -# CREATE SMALL CAS SERVER -#================================================= -# WARNING : theses command are used in INSTALL, UPGRADE -# For any update do it in all files - -mkdir -p $final_www_path -cp ../sources/cas_server.php $final_www_path/ -chmod u=rwX,g=rX,o= -R $final_www_path -chown $synapse_user:root -R $final_www_path +# We stop the service +ynh_systemd_action --service_name=matrix-$app.service --action=stop #================================================= -# MIGRATION 1 : GENERATE SYNAPSE SECRET +# MIGRATION 6 : Migrate data directory #================================================= -if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ] -then - ynh_script_progression --message="Generating synapse secret..." --weight=1 - - # Go in virtualenvironnement - set +u - source $install_dir/bin/activate - set -u - - # Generate config and keys - python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml - - # This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does - set +u; - deactivate - set -u; - - # Get random values from config - registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2) - form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2) - - # store in yunohost settings - ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret" - ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret" +if [ -e "/var/lib/matrix-$app" ]; then + ynh_script_progression --message="Moving data directory to $data_path..." --weight=1 + if [ -e "$data_path" ]; then + old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')" + ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path" + mv "$data_path" "$old_data_dir_path" + fi + mv "/var/lib/matrix-$app" "$data_path" fi - -#================================================= -# UPDATE SYNAPSE CONFIG -#================================================= -ynh_script_progression --message="Updating synapse config..." --weight=2 - -# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) -# For any update do it in all files - -if [ -z $macaroon_secret_key ]; then - # Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice. - # For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/ - # The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !! - # So for the old install we just leave this as it is. And for the new install we use a real macaroon. - macaroon_secret_key_param='# macaroon_secret_key: ""' -else - macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' -fi - -ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml" -ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" - -#================================================= -# MIGRATION 2 : MULTINSTANCE SUPPORT -#================================================= - -if [ ! -e /etc/matrix-$app/coturn.conf ] -then - ynh_script_progression --message="Creating an independant service for coturn..." --weight=1 - - #================================================= - # CREATE AN INDEPENDANT SERVICE FOR COTURN - #================================================= - - # Disable default config for turnserver and create a new service - systemctl stop coturn.service - - # Set a port for each service in turnserver -#REMOVEME? turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1))) -#REMOVEME? cli_port=$(ynh_find_port --port=5766) - -#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port -#REMOVEME? ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port - - yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 - - #================================================= - # MAKE A CLEAN LOGROTATE CONFIG - #================================================= - - ynh_use_logrotate --logfile /var/log/matrix-$app --nonappend +if ! grep -q "$code_dir" /etc/passwd; then + # matrix-synapse:x:994:994::/var/lib/matrix-synapse:/usr/sbin/nologin + sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$code_dir\:/usr/sbin/nologin@g" /etc/passwd fi #================================================= @@ -488,7 +250,7 @@ if [ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ] then ynh_script_progression --message="Use standard access for certificate..." --weight=1 - adduser $synapse_user ssl-cert + adduser $YNH_APP_ID ssl-cert adduser turnserver ssl-cert fi @@ -509,8 +271,99 @@ then chmod 640 /etc/ssl/private/dh2048.pem fi +#================================================= +# MIGRATION 2 : MULTINSTANCE SUPPORT +#================================================= + +if [ ! -e /etc/matrix-$app/coturn.conf ] +then + ynh_script_progression --message="Creating an independant service for coturn..." --weight=1 + + #================================================= + # CREATE AN INDEPENDANT SERVICE FOR COTURN + #================================================= + + # Disable default config for turnserver and create a new service + systemctl stop coturn.service + + #================================================= + # MAKE A CLEAN LOGROTATE CONFIG + #================================================= + + ynh_use_logrotate --logfile /var/log/matrix-$app --nonappend +fi + +######################################### WARNING ################################ + +# TODO manage of migration of data path +# TODO manage of migration of db name +# TODO delete legacy user matrix-synapse +# TODO maybe need to close port to leave managed port to manage this + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +if [ "$upgrade_type" == "UPGRADE_APP" ] || [ ! -e $code_dir/bin/python3 ] || [ ! -e $code_dir/lib/python$python_version ] +then + ynh_script_progression --message="Upgrading source files..." --weight=6 + install_sources +fi + +#================================================= +# MIGRATION 1 : GENERATE SYNAPSE SECRET +#================================================= + +if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ] +then + ynh_script_progression --message="Generating synapse secret..." --weight=1 + + # Go in virtualenvironnement + u_arg='u' + set +$u_arg; + source $code_dir/bin/activate + set -$u_arg; + + # Generate config and keys + python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml + + # This function was defined when we called "source $code_dir/bin/activate". With this function we undo what "$code_dir/bin/activate" does + set +$u_arg; + deactivate + set -$u_arg; + + # Get random values from config + registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2) + form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2) + + # store in yunohost settings + ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret" + ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret" +fi + #================================================= # STANDARD UPGRADE STEPS +#================================================= + +#================================================= +# UPDATE SYNAPSE CONFIG +#================================================= +ynh_script_progression --message="Updating synapse config..." --weight=2 + +configure_synapse + +#================================================= +# CREATE SMALL CAS SERVER +#================================================= +# WARNING : theses command are used in INSTALL, UPGRADE +# For any update do it in all files + +mkdir -p $install_dir +cp ../sources/cas_server.php $install_dir/ +chmod u=rwX,g=rX,o= -R $install_dir +chown $YNH_APP_ID:root -R $install_dir + + #================================================= # NGINX CONFIGURATION #================================================= @@ -521,14 +374,7 @@ ynh_script_progression --message="Configuring application..." ynh_add_fpm_config --usage=low --footprint=low -# Create .well-known redirection for access by federation -if yunohost --output-as plain domain list | grep -q "^$server_name$" -then - ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" -fi - -# Create a dedicated NGINX config -ynh_add_nginx_config app +configure_nginx #================================================= # SPECIFIC UPGRADE @@ -537,26 +383,7 @@ ynh_add_nginx_config app #================================================= ynh_script_progression --message="Updating Coturn config..." --weight=1 -# WARNING : theses command are used in INSTALL, UPGRADE -# For any update do it in all files - -# Get public IP and set as external IP for coturn -# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 -public_ip4="$(curl -s ip.yunohost.org)" || true -public_ip6="$(curl -s ipv6.yunohost.org)" || true - -turn_external_ip="" -if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4" -then - turn_external_ip+="external-ip="$public_ip4%"\n" -fi - -if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6" -then - turn_external_ip+="external-ip="$public_ip6%"\n" -fi - -ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf" +configure_coturn #================================================= # ADD SCRIPT FOR COTURN CRON AND APP SERVICE @@ -565,8 +392,8 @@ ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/cotu # WARNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files -ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$install_dir/Coturn_config_rotate.sh" -ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$install_dir/update_synapse_for_appservice.sh" +ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$code_dir/Coturn_config_rotate.sh" +ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$code_dir/update_synapse_for_appservice.sh" # Ensure app-service folder has exists and the config file exit (Migration) mkdir -p /etc/matrix-$app/app-service @@ -583,8 +410,8 @@ fi # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port -yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port +yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls +yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls #================================================= # UPDATE SYSTEMD @@ -603,9 +430,6 @@ ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service #================================================= ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=8 -# WARNING : theses command are used in INSTALL, UPGRADE -# For any update do it in all files - ynh_add_fail2ban_config --use_template #================================================= @@ -613,58 +437,28 @@ ynh_add_fail2ban_config --use_template #================================================= # SETUP PERMISSIONS #================================================= -#REMOVEME? ynh_script_progression --message="Configuring permissions..." --weight=1 -#REMOVEME? ynh_legacy_permissions_delete_all -ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true -#REMOVEME? ynh_permission_update --permission=main --show_tile=false --protected=true +ynh_script_progression --message="Configuring permissions..." --weight=1 -#REMOVEME? if ! ynh_permission_exists --permission=server_api; then -#REMOVEME? ynh_permission_create --permission=server_api --url=$domain/_matrix \ - --label="Server access for client apps." --show_tile=false --allowed=visitors \ - --auth_header=false --protected=true - python3 remove_sso_conf_persistent.py $domain $server_name \ - || ynh_print_warn --message="Your file /etc/ssowat/""conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually." -else - ynh_permission_url --permission=server_api --url=$domain/_matrix --remove_url=$server_name/.well-known/matrix \ - --auth_header=false -#REMOVEME? ynh_permission_update --permission=server_api --label="Server access for client apps." --show_tile=false \ - --protected=true -fi - -#REMOVEME? if yunohost --output-as plain domain list | grep -q "^$server_name"'$' && ! ynh_permission_exists --permission=server_client_infos; then -#REMOVEME? ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ - --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ - --auth_header=false --protected=true -elif yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then - ynh_permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \ - --auth_header=false -#REMOVEME? ynh_permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \ - --protected=true -fi - -#REMOVEME? if ! ynh_permission_exists --permission=admin_api; then -#REMOVEME? ynh_permission_create --permission=admin_api --url=$domain/_synapse \ - --label="Server administration API." --show_tile=false \ - --auth_header=false --allowed=visitors +if yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then + if ! ynh_""permission_exists --permission=server_client_infos; then + ynh_""permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ + --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ + --auth_header=false --protected=true + else yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then + ynh_""permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \ + --auth_header=false + ynh_""permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \ + --protected=true + fi fi #================================================= # SECURE FILES AND DIRECTORIES #================================================= -# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE -# For any update do it in all files -chown $synapse_user:root -R $install_dir -chmod 770 $install_dir/Coturn_config_rotate.sh -chmod 700 $install_dir/update_synapse_for_appservice.sh -chown $synapse_user:root -R $data_path -chown $synapse_user:root -R /var/log/matrix-$app -chown $synapse_user:root -R /etc/matrix-$app -chmod u=rwX,g=rX,o= -R /etc/matrix-$app -chmod 600 /etc/matrix-$app/$server_name.signing.key -setfacl -R -m user:turnserver:rX /etc/matrix-$app -setfacl -R -m user:turnserver:rwX /var/log/matrix-$app +ynh_script_progression --message="Protecting directories..." --weight=3 +set_permissions #================================================= # UPDATE HOOKS @@ -675,19 +469,13 @@ setfacl -R -m user:turnserver:rwX /var/log/matrix-$app ynh_replace_string __APP__ $app ../hooks/post_cert_update ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update -#================================================= -# UPDATE VERSION SETTINGS -#================================================= - -ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version - #================================================= # RELOAD SERVICES #================================================= ynh_script_progression --message="Restarting Synapse services..." --weight=5 ynh_systemd_action --service_name=coturn-$app.service --action=restart -ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 +ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 #================================================= # END OF SCRIPT