1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00

Full rework of all scripts

- Adapt all script with packaging v2
- Rework cleanly control pannel and remove all replace in file as it's breaken after each update
- Cleanup
This commit is contained in:
Josué Tille 2023-11-01 18:52:07 +01:00
parent 1be257483e
commit b435f316a2
No known key found for this signature in database
GPG key ID: 716A6C99B04194EF
19 changed files with 505 additions and 1327 deletions

View file

@ -52,7 +52,7 @@ for example
``` ```
_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. _matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com.
``` ```
You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls`
For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md
@ -66,8 +66,8 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu
For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
``` ```
yunohost app setting synapse turnserver_tls_port yunohost app setting synapse port_turnserver_tls
yunohost app setting synapse turnserver_alt_tls_port yunohost app setting synapse port_turnserver_alt_tls
``` ```
The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
@ -162,12 +162,6 @@ Then, to log in the API with your credentials, you need to set your user as admi
### Upgrade ### Upgrade
By default a backup is made before the upgrade. If for some reason you want to upgrade without backup:
- Call the command with the `-b` flag: `yunohost app upgrade synapse -b`
- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line:
`yunohost app setting synapse backup_before_upgrade -v 0`
After this settings will be applied for **all** next upgrade. After this settings will be applied for **all** next upgrade.
From command line: From command line:
@ -201,7 +195,7 @@ Use the `--purge` flag with the command, or remove it manually to purge app user
To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command:
``` ```
yunohost app setting synapse__<instancenumber> synapse_tls_port yunohost app setting synapse__<instancenumber> port_synapse_tls
``` ```
Before installing a second instance of the app it's really recommended to update all existing instances. Before installing a second instance of the app it's really recommended to update all existing instances.

View file

@ -52,7 +52,7 @@ for example
``` ```
_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. _matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com.
``` ```
You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls`
For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md
@ -66,8 +66,8 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu
For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
``` ```
yunohost app setting synapse turnserver_tls_port yunohost app setting synapse port_turnserver_tls
yunohost app setting synapse turnserver_alt_tls_port yunohost app setting synapse port_turnserver_alt_tls
``` ```
The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
@ -162,12 +162,6 @@ Then, to log in the API with your credentials, you need to set your user as admi
### Upgrade ### Upgrade
By default a backup is made before the upgrade. If for some reason you want to upgrade without backup:
- Call the command with the `-b` flag: `yunohost app upgrade synapse -b`
- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line:
`yunohost app setting synapse backup_before_upgrade -v 0`
After this settings will be applied for **all** next upgrade. After this settings will be applied for **all** next upgrade.
From command line: From command line:
@ -201,7 +195,7 @@ Use the `--purge` flag with the command, or remove it manually to purge app user
To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command:
``` ```
yunohost app setting synapse__<instancenumber> synapse_tls_port yunohost app setting synapse__<instancenumber> port_synapse_tls
``` ```
Before installing a second instance of the app it's really recommended to update all existing instances. Before installing a second instance of the app it's really recommended to update all existing instances.

View file

@ -285,7 +285,7 @@ listeners:
# will also need to give Synapse a TLS key and certificate: see the TLS section # will also need to give Synapse a TLS key and certificate: see the TLS section
# below.) # below.)
# #
- port: __SYNAPSE_TLS_PORT__ - port: __PORT_SYNAPSE_TLS__
type: http type: http
tls: true tls: true
resources: resources:
@ -297,7 +297,7 @@ listeners:
# If you plan to use a reverse proxy, please see # If you plan to use a reverse proxy, please see
# https://matrix-org.github.io/synapse/latest/reverse_proxy.html. # https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
# #
- port: __PORT__ - port: __PORT_SYNAPSE__
tls: false tls: false
type: http type: http
x_forwarded: true x_forwarded: true
@ -801,9 +801,9 @@ database:
name: psycopg2 name: psycopg2
#txn_limit: 10000 #txn_limit: 10000
args: args:
user: __SYNAPSE_DB_USER__ user: __DB_USER__
password: __SYNAPSE_DB_PWD__ password: __DB_PWD__
database: __SYNAPSE_DB_NAME__ database: __DB_NAME__
host: localhost host: localhost
port: 5432 port: 5432
cp_min: 5 cp_min: 5
@ -1178,7 +1178,7 @@ oembed:
# The public URIs of the TURN server to give to clients # The public URIs of the TURN server to give to clients
# #
turn_uris: [ "turn:__DOMAIN__:__TURNSERVER_TLS_PORT__?transport=udp", "turn:__DOMAIN__:__TURNSERVER_TLS_PORT__?transport=tcp" ] turn_uris: [ "turn:__DOMAIN__:__PORT_TURNSERVER_TLS__?transport=udp", "turn:__DOMAIN__:__PORT_TURNSERVER_TLS__?transport=tcp" ]
# The shared secret used to compute passwords for the TURN server # The shared secret used to compute passwords for the TURN server
# #
@ -1271,9 +1271,7 @@ enable_registration: __ENABLE_REGISTRATION__
# The user must provide all of the below types of 3PID when registering. # The user must provide all of the below types of 3PID when registering.
# #
registrations_require_3pid: _REGISTRATION_REQUIRE_3PID_SED_PARAM_
- email
# - msisdn
# Explicitly disable asking for MSISDNs from the registration # Explicitly disable asking for MSISDNs from the registration
# flow (overrides registrations_require_3pid if MSISDNs are set as required) # flow (overrides registrations_require_3pid if MSISDNs are set as required)
@ -1283,6 +1281,7 @@ disable_msisdn_registration: __DISABLE_MSISDN_REGISTRATION__
# Mandate that users are only allowed to associate certain formats of # Mandate that users are only allowed to associate certain formats of
# 3PIDs with accounts on this server. # 3PIDs with accounts on this server.
# #
_ALLOWD_LOCAL_3PIDS_SED_PARAM_
#allowed_local_3pids: #allowed_local_3pids:
# - medium: email # - medium: email
# pattern: '^[^@]+@vector\.im$' # pattern: '^[^@]+@vector\.im$'
@ -1395,8 +1394,7 @@ account_threepid_delegates:
# If the room already exists, make certain it is a publicly joinable # If the room already exists, make certain it is a publicly joinable
# room. The join rule of the room must be set to 'public'. # room. The join rule of the room must be set to 'public'.
# #
auto_join_rooms: _AUTO_JOIN_ROOMS_SED_PARAM_
- "#example:example.com"
# Where auto_join_rooms are specified, setting this flag ensures that the # Where auto_join_rooms are specified, setting this flag ensures that the
# the rooms exist by creating them when the first user on the # the rooms exist by creating them when the first user on the
@ -2089,7 +2087,7 @@ sso:
# By default, this list contains only the login fallback page. # By default, this list contains only the login fallback page.
# #
client_whitelist: client_whitelist:
__DOMAIN_WHITELIST_CLIENT__ _DOMAIN_WHITELIST_CLIENT_
# Uncomment to keep a user's profile fields in sync with information from # Uncomment to keep a user's profile fields in sync with information from
# the identity provider. Currently only syncing the displayname is # the identity provider. Currently only syncing the displayname is
@ -2247,8 +2245,8 @@ password_providers:
uid: "uid" uid: "uid"
mail: "mail" mail: "mail"
name: "givenName" name: "givenName"
bind_dn: "uid=__SYNAPSE_USER_APP__,ou=users,dc=yunohost,dc=org" # bind_dn: "uid=_SYNAPSE_USER_APP_,ou=users,dc=yunohost,dc=org"
bind_password: __SYNAPSE_USER_APP_PWD__ # bind_password: _SYNAPSE_USER_APP_PWD_
filter: "(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))" filter: "(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))"
@ -2270,8 +2268,8 @@ email:
# Username/password for authentication to the SMTP server. By default, no # Username/password for authentication to the SMTP server. By default, no
# authentication is attempted. # authentication is attempted.
# #
smtp_user: __SYNAPSE_USER_APP__ # smtp_user: _SYNAPSE_USER_APP_
smtp_pass: __SYNAPSE_USER_APP_PWD__ # smtp_pass: _SYNAPSE_USER_APP_PWD_
# Uncomment the following to require TLS transport security for SMTP. # Uncomment the following to require TLS transport security for SMTP.
# By default, Synapse will connect over plain text, and will then switch to # By default, Synapse will connect over plain text, and will then switch to
@ -2298,7 +2296,7 @@ email:
# Note that the placeholder must be written '%(app)s', including the # Note that the placeholder must be written '%(app)s', including the
# trailing 's'. # trailing 's'.
# #
notif_from: "Your Friendly %(app)s Home Server <__SYNAPSE_USER_APP__@__DOMAIN__>" notif_from: "Your Friendly %(app)s Home Server <__APP__@__DOMAIN__>"
# app_name defines the default value for '%(app)s' in notif_from and email # app_name defines the default value for '%(app)s' in notif_from and email
# subjects. It defaults to 'Matrix'. # subjects. It defaults to 'Matrix'.

View file

@ -1,10 +1,10 @@
location __PATH__/ { location __PATH__/ {
proxy_pass http://localhost:__PORT__; proxy_pass http://localhost:__PORT_SYNAPSE__;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host; proxy_set_header Host $host;
client_max_body_size 100M; client_max_body_size __MAX_UPLOAD_SIZE__;
# Use the specific path for the php file. It's more secure than global php path # Use the specific path for the php file. It's more secure than global php path
location __PATH__/cas_server.php { location __PATH__/cas_server.php {
@ -20,7 +20,7 @@ location __PATH__/ {
location /_synapse/ { location /_synapse/ {
proxy_pass http://localhost:__PORT__; proxy_pass http://localhost:__PORT_SYNAPSE__;
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host; proxy_set_header Host $host;

View file

@ -1,5 +1,5 @@
location /.well-known/matrix/server { location /.well-known/matrix/server {
return 200 '{"m.server": "__DOMAIN__:__SYNAPSE_TLS_PORT__"}'; return 200 '{"m.server": "__DOMAIN__:__PORT_SYNAPSE_TLS__"}';
add_header Content-Type application/json; add_header Content-Type application/json;
add_header Access-Control-Allow-Origin '*'; add_header Access-Control-Allow-Origin '*';
} }
@ -8,7 +8,7 @@ location /.well-known/matrix/client {
return 200 '{ return 200 '{
"m.homeserver": { "base_url": "https://__DOMAIN__" }, "m.homeserver": { "base_url": "https://__DOMAIN__" },
"im.vector.riot.jitsi": {"preferredDomain": "__JITSI_SERVER__"}, "im.vector.riot.jitsi": {"preferredDomain": "__JITSI_SERVER__"},
"im.vector.riot.e2ee": {"default": __E2E_ENABLED_BY_DEFAULT__ } "im.vector.riot.e2ee": {"default": __E2E_ENABLED_BY_DEFAULT_CLIENT_CONFIG__ }
}'; }';
add_header Content-Type application/json; add_header Content-Type application/json;
add_header Access-Control-Allow-Origin '*'; add_header Access-Control-Allow-Origin '*';

View file

@ -3,11 +3,11 @@ use-auth-secret
static-auth-secret=__TURNSERVER_PWD__ static-auth-secret=__TURNSERVER_PWD__
realm=__DOMAIN__ realm=__DOMAIN__
tls-listening-port=__TURNSERVER_TLS_PORT__ tls-listening-port=__PORT_TURNSERVER_TLS__
alt-tls-listening-port=__TURNSERVER_ALT_TLS_PORT__ alt-tls-listening-port=__PORT_TURNSERVER_ALT_TLS__
min-port=49153 min-port=49153
max-port=49193 max-port=49193
cli-port=__CLI_PORT__ cli-port=__PORT_CLI__
cert=/etc/yunohost/certs/__DOMAIN__/crt.pem cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
@ -26,4 +26,4 @@ log-file=/var/log/matrix-__APP__/turnserver.log
pidfile=/run/coturn-__APP__/turnserver.pid pidfile=/run/coturn-__APP__/turnserver.pid
simple-log simple-log
__TURN_EXTERNAL_IP__ _TURN_EXTERNAL_IP_

View file

@ -13,7 +13,6 @@ services = ["matrix-__APP__"]
yes = "true" yes = "true"
no = "false" no = "false"
help = "Defaults to 'false'. If 'true', it is highly recommended to use either captcha, email, or token-based verification to avoid SPAM." help = "Defaults to 'false'. If 'true', it is highly recommended to use either captcha, email, or token-based verification to avoid SPAM."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[main.welcome.password_enabled] [main.welcome.password_enabled]
ask = "Enable Password Login?" ask = "Enable Password Login?"
@ -21,7 +20,6 @@ services = ["matrix-__APP__"]
yes = "true" yes = "true"
no = "false" no = "false"
help = "If disabled, Login with Non-YunoHost Users impossible. But it simplies Login process if your Matrix server only has YunoHost SSO Users." help = "If disabled, Login with Non-YunoHost Users impossible. But it simplies Login process if your Matrix server only has YunoHost SSO Users."
bind = "password_config>enabled:/etc/matrix-__APP__/homeserver.yaml"
visible = "! enable_registration" visible = "! enable_registration"
[main.welcome.registrations_require_3pid] [main.welcome.registrations_require_3pid]
@ -49,20 +47,18 @@ services = ["matrix-__APP__"]
yes = "true" yes = "true"
no = "false" no = "false"
help = "Overrides 3PID settings if MSISDNs are set as required." help = "Overrides 3PID settings if MSISDNs are set as required."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
visible = "enable_registration" visible = "enable_registration"
[main.welcome.account_threepid_delegates_msisdn] [main.welcome.account_threepid_delegates_msisdn]
ask = "Specify a third party server to send confirmation code by SMS." ask = "Specify a third party server to send confirmation code by SMS."
type = "string" type = "string"
help = "That should be an URL with port or API." help = "That should be an URL with port or API."
bind = "account_threepid_delegates>msisdn:/etc/matrix-__APP__/homeserver.yaml"
visible = 'enable_registration && (registrations_require_3pid == "email&msisdn" || registrations_require_3pid == "msisdn")' visible = 'enable_registration && (registrations_require_3pid == "email&msisdn" || registrations_require_3pid == "msisdn")'
[main.welcome.auto_join_rooms] [main.welcome.auto_join_rooms]
ask = "Auto Join new Users in following Rooms:" ask = "Auto Join new Users in following Rooms:"
type = "tags" type = "tags"
help = "( e.g. \\\\#example:example.com ) Note that \\\\# will write # in homeserver.yaml. Users who register on this homeserver will automatically be joined to these rooms. If the room already exists, the join rule must be set to 'public'. See also next setting." help = "( e.g. #example:example.com ) Users who register on this homeserver will automatically be joined to these rooms. If the room already exists, the join rule must be set to 'public'. See also next setting."
[main.welcome.autocreate_auto_join_rooms] [main.welcome.autocreate_auto_join_rooms]
ask = "Auto-Create room for Auto Join if not existing?" ask = "Auto-Create room for Auto Join if not existing?"
@ -70,7 +66,6 @@ services = ["matrix-__APP__"]
yes = "true" yes = "true"
no = "false" no = "false"
help = "Setting to false means that if the rooms are not manually created, users cannot be auto-joined. Auto-created rooms will be public and federated by default, this can be customised in CLI with the settings auto_join_*." help = "Setting to false means that if the rooms are not manually created, users cannot be auto-joined. Auto-created rooms will be public and federated by default, this can be customised in CLI with the settings auto_join_*."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[main.welcome.notif_for_new_users] [main.welcome.notif_for_new_users]
ask = "Enable email notifications for new users?" ask = "Enable email notifications for new users?"
@ -78,7 +73,6 @@ services = ["matrix-__APP__"]
yes = "true" yes = "true"
no = "false" no = "false"
help = "Defaults to 'true'." help = "Defaults to 'true'."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
visible = "enable_notifs" visible = "enable_notifs"
[main.privacy] [main.privacy]
@ -97,7 +91,6 @@ services = ["matrix-__APP__"]
type = "select" type = "select"
choices = ["all", "invite", "off"] choices = ["all", "invite", "off"]
help = "Note that encryption can always be turned on manually, even after creation." help = "Note that encryption can always be turned on manually, even after creation."
bind = "encryption_enabled_by_default_for_room_type:/etc/matrix-__APP__/homeserver.yaml"
[main.privacy.allow_public_rooms_over_federation] [main.privacy.allow_public_rooms_over_federation]
ask = "Access Public Rooms Directory over Federation?" ask = "Access Public Rooms Directory over Federation?"
@ -105,7 +98,6 @@ services = ["matrix-__APP__"]
yes = "true" yes = "true"
no = "false" no = "false"
help = "Disabled by default. If disabled, users on other homeserver will not be able to look for a public room on your homeserver. They will have to type the ID of the room to join." help = "Disabled by default. If disabled, users on other homeserver will not be able to look for a public room on your homeserver. They will have to type the ID of the room to join."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[main.privacy.push_include_content] [main.privacy.push_include_content]
ask = "Disable content sharing inside push notification." ask = "Disable content sharing inside push notification."
@ -113,7 +105,6 @@ services = ["matrix-__APP__"]
yes = "true" yes = "true"
no = "false" no = "false"
help = "Send content message and sender information in push notification. Set to false increase privacy when GAFAM notification service is used (ie: when element client is downloaded thrue Gplay store)." help = "Send content message and sender information in push notification. Set to false increase privacy when GAFAM notification service is used (ie: when element client is downloaded thrue Gplay store)."
bind = "push>include_content:/etc/matrix-__APP__/homeserver.yaml"
[main.experience] [main.experience]
name = "User Experience" name = "User Experience"
@ -122,7 +113,6 @@ services = ["matrix-__APP__"]
ask = "Element instance your HomeServer should redirect to." ask = "Element instance your HomeServer should redirect to."
type = "url" type = "url"
help = "URL to the web client which / will redirect to." help = "URL to the web client which / will redirect to."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[main.experience.enable_group_creation] [main.experience.enable_group_creation]
ask = "Allow non-server-admin Users to create Spaces?" ask = "Allow non-server-admin Users to create Spaces?"
@ -130,7 +120,6 @@ services = ["matrix-__APP__"]
yes = "true" yes = "true"
no = "false" no = "false"
help = "Disabled by default: only server admins can create Spaces" help = "Disabled by default: only server admins can create Spaces"
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[main.experience.enable_notifs] [main.experience.enable_notifs]
ask = "Enable sending emails for messages the user missed?" ask = "Enable sending emails for messages the user missed?"
@ -138,18 +127,16 @@ services = ["matrix-__APP__"]
yes = "true" yes = "true"
no = "false" no = "false"
help = "Defaults to 'false'." help = "Defaults to 'false'."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[main.experience.client_base_url] [main.experience.client_base_url]
ask = "URL for client links within the email notifications." ask = "URL for client links within the email notifications."
type = "url" type = "url"
help = "Used to be called 'riot_base_url', still supported" help = "Used to be called 'riot_base_url', still supported"
bind = ":/etc/matrix-__APP__/homeserver.yaml"
visible = "enable_notifs" visible = "enable_notifs"
[resources] [resources]
name = "Resource Usage" name = "Resource Usage"
services = ["matrix-__APP__", "nginx"] services = ["matrix-__APP__"]
[resources.media] [resources.media]
name = "Manage Media growth and clean-up" name = "Manage Media growth and clean-up"
@ -158,7 +145,6 @@ services = ["matrix-__APP__", "nginx"]
ask = "Largest allowed media upload size in bytes." ask = "Largest allowed media upload size in bytes."
type = "string" type = "string"
help = "Defaults to: '10M' . Format : <value><[GMK]?>" help = "Defaults to: '10M' . Format : <value><[GMK]?>"
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[advanced] [advanced]
name = "Advanced Settings" name = "Advanced Settings"
@ -176,20 +162,12 @@ services = ["matrix-__APP__"]
[advanced.others] [advanced.others]
name = "Others" name = "Others"
[advanced.others.backup_before_upgrade] [advanced.others.report_stats]
ask = "Backup before upgrade?"
type = "boolean"
yes = "true"
no = "false"
help = "!! If disabled, do a manual backup before upgrade !! Disable if your Synapse instance is huge and you prefer to disable the backup that is normally automatically done before each upgrade."
[advanced.others.server_statistics]
ask = "Server statistics" ask = "Server statistics"
type = "boolean" type = "boolean"
yes = "true" yes = "true"
no = "false" no = "false"
help = "Enable to send anonymous statistics to Synapse Developers to improve performance." help = "Enable to send anonymous statistics to Synapse Developers to improve performance."
bind = "report_stats:/etc/matrix-__APP__/homeserver.yaml"
[advanced.guests] [advanced.guests]
name = "Experience for Guests / Anonymous" name = "Experience for Guests / Anonymous"
@ -198,7 +176,6 @@ services = ["matrix-__APP__"]
ask = "Web client location to direct users to during an invite." ask = "Web client location to direct users to during an invite."
type = "url" type = "url"
help = "This is passed to the identity server as the org.matrix.web_client_location key. Defaults to unset, giving no guidance to the identity server." help = "This is passed to the identity server as the org.matrix.web_client_location key. Defaults to unset, giving no guidance to the identity server."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[advanced.guests.allow_guest_access] [advanced.guests.allow_guest_access]
ask = "Allow Users to Register as Guests?" ask = "Allow Users to Register as Guests?"
@ -206,7 +183,6 @@ services = ["matrix-__APP__"]
yes = "true" yes = "true"
no = "false" no = "false"
help = "Guests can participate on this server in rooms with guest access enabled, without a password/email/etc." help = "Guests can participate on this server in rooms with guest access enabled, without a password/email/etc."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[advanced.guests.auto_join_rooms_for_guests] [advanced.guests.auto_join_rooms_for_guests]
ask = "Enable Auto Join Room for Guests?" ask = "Enable Auto Join Room for Guests?"
@ -214,7 +190,6 @@ services = ["matrix-__APP__"]
yes = "true" yes = "true"
no = "false" no = "false"
help = "Defaults to 'true'." help = "Defaults to 'true'."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
visible = "allow_guest_access" visible = "allow_guest_access"
[advanced.privacy] [advanced.privacy]
@ -226,13 +201,11 @@ services = ["matrix-__APP__"]
yes = "true" yes = "true"
no = "false" no = "false"
help = "Enable 3PIDs lookup requests to identity servers from this server. See Settings->General->Discovery in Element." help = "Enable 3PIDs lookup requests to identity servers from this server. See Settings->General->Discovery in Element."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[advanced.privacy.default_identity_server] [advanced.privacy.default_identity_server]
ask = "Identity server suggested to clients?" ask = "Identity server suggested to clients?"
type = "url" type = "url"
help = "Identity server allows to discover, be discovered and invite people you know with phone number or email. If not set, users will probably chose centralized vector.im. See Settings->General->Discovery in Element." help = "Identity server allows to discover, be discovered and invite people you know with phone number or email. If not set, users will probably chose centralized vector.im. See Settings->General->Discovery in Element."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[advanced.privacy.allow_public_rooms_without_auth] [advanced.privacy.allow_public_rooms_without_auth]
ask = "Access Public Rooms Directory without authentification?" ask = "Access Public Rooms Directory without authentification?"
@ -240,7 +213,6 @@ services = ["matrix-__APP__"]
yes = "true" yes = "true"
no = "false" no = "false"
help = "Disabled by default. If enabled, anyone can query the Public Rooms Directory (access through the client API). This only makes sense if you want everyone to be able to scroll your public room to see what's interesting on your Homeserver" help = "Disabled by default. If enabled, anyone can query the Public Rooms Directory (access through the client API). This only makes sense if you want everyone to be able to scroll your public room to see what's interesting on your Homeserver"
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[advanced.registration] [advanced.registration]
name = "Account Registration" name = "Account Registration"
@ -249,7 +221,6 @@ services = ["matrix-__APP__"]
ask = "Shared Secret for Registration." ask = "Shared Secret for Registration."
type = "string" type = "string"
help = "Allows registration of standard or admin accounts, even if Registration disabled." help = "Allows registration of standard or admin accounts, even if Registration disabled."
bind = ":/etc/matrix-__APP__/homeserver.yaml"
[advanced.registration.turn_allow_guests] [advanced.registration.turn_allow_guests]
ask = "Should guests be allowed to use the TURN server?" ask = "Should guests be allowed to use the TURN server?"
@ -257,4 +228,3 @@ services = ["matrix-__APP__"]
yes = "true" yes = "true"
no = "false" no = "false"
help = "This defaults to True, otherwise VoIP will be unreliable for guests. However, it does introduce a slight security risk as it allows users to connect to arbitrary endpoints without having first signed up for a valid account (e.g. by passing a CAPTCHA)." help = "This defaults to True, otherwise VoIP will be unreliable for guests. However, it does introduce a slight security risk as it allows users to connect to arbitrary endpoints without having first signed up for a valid account (e.g. by passing a CAPTCHA)."
bind = ":/etc/matrix-__APP__/homeserver.yaml"

View file

@ -26,7 +26,7 @@ for example
``` ```
_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com. _matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com.
``` ```
You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port` You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls`
For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md
@ -40,8 +40,8 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu
For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands: For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
``` ```
yunohost app setting synapse turnserver_tls_port yunohost app setting synapse port_turnserver_tls
yunohost app setting synapse turnserver_alt_tls_port yunohost app setting synapse port_turnserver_alt_tls
``` ```
The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193. The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
@ -136,12 +136,6 @@ Then, to log in the API with your credentials, you need to set your user as admi
### Upgrade ### Upgrade
By default a backup is made before the upgrade. If for some reason you want to upgrade without backup:
- Call the command with the `-b` flag: `yunohost app upgrade synapse -b`
- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line:
`yunohost app setting synapse backup_before_upgrade -v 0`
After this settings will be applied for **all** next upgrade. After this settings will be applied for **all** next upgrade.
From command line: From command line:
@ -175,7 +169,7 @@ Use the `--purge` flag with the command, or remove it manually to purge app user
To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command:
``` ```
yunohost app setting synapse__<instancenumber> synapse_tls_port yunohost app setting synapse__<instancenumber> port_synapse_tls
``` ```
Before installing a second instance of the app it's really recommended to update all existing instances. Before installing a second instance of the app it's really recommended to update all existing instances.

15
doc/POST_INSTALL.md Normal file
View file

@ -0,0 +1,15 @@
If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
If not, you may need to put the following line in the dns configuration:
_matrix._tcp.$domain. 3600 IN SRV 10 0 $port_synapse_tls $domain.
For more details, see : https://github.com/matrix-org/synapse#setting-up-federation
You also need to open the TCP port $port_synapse_tls on your ISP box if it's not automatically done.
Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh
You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en

View file

@ -54,21 +54,29 @@ ram.runtime = "200M"
example = "domain.org" example = "domain.org"
default = "jitsi.riot.im" default = "jitsi.riot.im"
[install.init_main_permission]
help.en = "Define the users allowed to access to synapse. Setting this to 'visitors' don't make sens in this case."
type = "group"
example = "all_users"
default = "all_users"
[resources] [resources]
[resources.sources.prebuilt_bookworm] [resources.sources.prebuilt_bookworm]
armv7.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bookworm-bin1_armv7l.tar.gz" prefetch = false
armv7.sha256 = "1a1d9248b139f67d23a89a20745d14d88c5b8627f76872d7f94f66952b5f1253" armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bookworm-bin1_armv7l.tar.gz"
armhf.sha256 = "1a1d9248b139f67d23a89a20745d14d88c5b8627f76872d7f94f66952b5f1253"
[resources.sources.prebuilt_bullseye] [resources.sources.prebuilt_bullseye]
armv7.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bullseye-bin1_armv7l.tar.gz" prefetch = false
armv7.sha256 = "97e9942bea9bcecc2a75228255a1824298300302559a9332e50816fa54193738" armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bullseye-bin1_armv7l.tar.gz"
armhf.sha256 = "97e9942bea9bcecc2a75228255a1824298300302559a9332e50816fa54193738"
[resources.system_user] [resources.system_user]
allow_email = true allow_email = true
home = "/opt/yunohost/matrix-__APP__" home = "/opt/yunohost/matrix-__APP__"
[resources.install_dir] [resources.install_dir]
dir = "/opt/yunohost/matrix-__APP__" dir = "/var/www/__APP__"
owner = "__APP__:rwX" owner = "__APP__:rwX"
group = "__APP__:rX" group = "__APP__:rX"
@ -76,7 +84,8 @@ ram.runtime = "200M"
dir = "/home/yunohost.app/__APP__" dir = "/home/yunohost.app/__APP__"
[resources.permissions] [resources.permissions]
main.url = "__DOMAIN__/_matrix/cas_server.php/login" main.url = "/"
main.additional_url = "__DOMAIN__/_matrix/cas_server.php/login"
main.label = "Server SSO" main.label = "Server SSO"
main.auth_header = true main.auth_header = true
main.show_tile=false main.show_tile=false
@ -84,7 +93,7 @@ ram.runtime = "200M"
server_api.url = "__DOMAIN__/_matrix" server_api.url = "__DOMAIN__/_matrix"
server_api.label = "Server access for client apps" server_api.label = "Server access for client apps"
admin_api.allowed = "visitors" server_api.allowed = "visitors"
server_api.auth_header = false server_api.auth_header = false
server_api.show_tile = false server_api.show_tile = false
server_api.protected = true server_api.protected = true
@ -98,13 +107,16 @@ ram.runtime = "200M"
[resources.ports] [resources.ports]
synapse_tls.default = 8448 synapse_tls.default = 8448
main.default = 8008 synapse_tls.exposed = "TCP"
synapse.default = 8008
turnserver_tls.default = 5349 turnserver_tls.default = 5349
turnserver_tls.exposed = "Both"
turnserver_alt_tls.default = 5350 turnserver_alt_tls.default = 5350
turnserver_alt_tls.exposed = "Both"
cli.default = 5766 cli.default = 5766
[resources.apt] [resources.apt]
packages = ["coturn", "acl", packages = ["coturn", "acl", "postgresql", "php-fpm",
"python3-dev", "python3-venv", "python3-pip", "python3-setuptools", "python3-lxml", "python3-dev", "python3-venv", "python3-pip", "python3-setuptools", "python3-lxml",
"build-essential", "libffi-dev", "libssl-dev", "libxml2-dev", "libxslt1-dev", "zlib1g-dev", "libjpeg-dev", "libpq-dev"] "build-essential", "libffi-dev", "libssl-dev", "libxml2-dev", "libxslt1-dev", "zlib1g-dev", "libjpeg-dev", "libpq-dev"]

View file

@ -1,65 +1,169 @@
dependances="coturn build-essential python3-dev libffi-dev python3-pip python3-setuptools sqlite3 libssl-dev python3-venv libxml2-dev libxslt1-dev python3-lxml zlib1g-dev libjpeg-dev libpq-dev postgresql acl"
python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
#REMOVEME? app=$YNH_APP_INSTANCE_NAME main_domain=$(yunohost domain list --output-as json | jq -r .main)
code_dir="/opt/yunohost/matrix-$app"
base_api_url="/_matrix"
install_sources() { install_sources() {
# Install/upgrade synapse in virtualenv # Install/upgrade synapse in virtualenv
# Clean venv is it was on python2.7 or python3 with old version in case major upgrade of debian # Clean venv is it was on python2.7 or python3 with old version in case major upgrade of debian
if [ ! -e $install_dir/bin/python3 ] || [ ! -e $install_dir/lib/python$python_version ]; then if [ ! -e $code_dir/bin/python3 ] || [ ! -e $code_dir/lib/python$python_version ]; then
#REMOVEME? ynh_secure_remove --file=$install_dir/bin ynh_secure_remove --file=$code_dir/bin
#REMOVEME? ynh_secure_remove --file=$install_dir/lib ynh_secure_remove --file=$code_dir/lib
#REMOVEME? ynh_secure_remove --file=$install_dir/lib64 ynh_secure_remove --file=$code_dir/lib64
#REMOVEME? ynh_secure_remove --file=$install_dir/include ynh_secure_remove --file=$code_dir/include
#REMOVEME? ynh_secure_remove --file=$install_dir/share ynh_secure_remove --file=$code_dir/share
#REMOVEME? ynh_secure_remove --file=$install_dir/pyvenv.cfg ynh_secure_remove --file=$code_dir/pyvenv.cfg
fi fi
mkdir -p $install_dir mkdir -p $code_dir
chown $synapse_user:root -R $install_dir chown $YNH_APP_ID:root -R $code_dir
if [ -n "$(uname -m | grep arm)" ] if [ -n "$(uname -m | grep arm)" ]
then then
# Clean old file, sometimes it could make some big issues if we don't do this!! # Clean old file, sometimes it could make some big issues if we don't do this!!
#REMOVEME? ynh_secure_remove --file=$install_dir/bin ynh_secure_remove --file=$code_dir/bin
#REMOVEME? ynh_secure_remove --file=$install_dir/lib ynh_secure_remove --file=$code_dir/lib
#REMOVEME? ynh_secure_remove --file=$install_dir/include ynh_secure_remove --file=$code_dir/include
#REMOVEME? ynh_secure_remove --file=$install_dir/share ynh_secure_remove --file=$code_dir/share
ynh_setup_source --dest_dir=$install_dir/ --source_id="armv7_$(lsb_release --codename --short)" ynh_setup_source --dest_dir=$code_dir/ --source_id="armv7_$(lsb_release --codename --short)"
# Fix multi-instance support # Fix multi-instance support
for f in $(ls $install_dir/bin); do for f in $(ls $code_dir/bin); do
if ! [[ $f =~ "__" ]]; then if ! [[ $f =~ "__" ]]; then
ynh_replace_special_string --match_string='#!/opt/yunohost/matrix-synapse' --replace_string='#!'$install_dir --target_file=$install_dir/bin/$f ynh_replace_special_string --match_string='#!/opt/yunohost/matrix-synapse' --replace_string='#!'$code_dir --target_file=$code_dir/bin/$f
fi fi
done done
else else
# Install virtualenv if it don't exist # Install virtualenv if it don't exist
#REMOVEME? test -e $install_dir/bin/python3 || python3 -m venv $install_dir test -e $code_dir/bin/python3 || python3 -m venv $code_dir
# Install synapse in virtualenv # Install synapse in virtualenv
# We set all necessary environement variable to create a python virtualenvironnement. # We set all necessary environement variable to create a python virtualenvironnement.
u_arg='u' u_arg='u'
set +$u_arg; set +$u_arg;
source $install_dir/bin/activate source $code_dir/bin/activate
set -$u_arg; set -$u_arg;
pip3 install --upgrade setuptools wheel pip pip3 install --upgrade setuptools wheel pip
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2 pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
pip3 install --upgrade -r $YNH_APP_BASEDIR/conf/requirement_$(lsb_release --codename --short).txt pip3 install --upgrade -r $YNH_APP_BASEDIR/conf/requirement_$(lsb_release --codename --short).txt
# This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does # This function was defined when we called "source $code_dir/bin/activate". With this function we undo what "$code_dir/bin/activate" does
set +$u_arg; set +$u_arg;
deactivate deactivate
set -$u_arg; set -$u_arg;
fi fi
} }
get_domain_list() { configure_synapse() {
yunohost --output-as plain domain list | grep -E "^#" -v | sort | uniq | while read domain; do local domain_whitelist_client=$(yunohost --output-as plain domain list \
echo -n " - https://$domain\n" | grep -E "^#" -v \
done | sort | uniq \
| sed -r 's|^(.*)$| - \1|' \
| sed -z 's|\n|\\n|g')
local macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
local auto_join_rooms_sed_param=""
if [ -n $auto_join_rooms ]; then
auto_join_rooms_sed_param='auto_join_rooms:\n - "'$auto_join_rooms'"'
fi
local registration_require_3pid_sed_param=""
case ${registrations_require_3pid} in
'email')
registration_require_3pid_sed_param="registrations_require_3pid:\n - email"
;;
'msisdn')
registration_require_3pid_sed_param="registrations_require_3pid:\n - msisdn"
;;
'email&msisdn')
registration_require_3pid_sed_param="registrations_require_3pid:\n - email\n - msisdn"
;;
esac
local allowd_local_3pids_sed_param=""
if [ -n "$allowed_local_3pids_email" ] || [ -n "$allowed_local_3pids_msisdn" ]; then
allowd_local_3pids_sed_param="allowed_local_3pids:"
if [ -n "$allowed_local_3pids_email" ]; then
allowd_local_3pids_sed_param+="\n - medium: email\n pattern: '$allowed_local_3pids_email'"
fi
if [ -n "$allowed_local_3pids_msisdn" ]; then
allowd_local_3pids_sed_param+="\n - medium: msisdn\n pattern: '$allowed_local_3pids_msisdn'"
fi
fi
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
sed -i "s|_DOMAIN_WHITELIST_CLIENT_|$domain_whitelist_client|g" /etc/matrix-$app/homeserver.yaml
sed -i "s|_AUTO_JOIN_ROOMS_SED_PARAM_|$auto_join_rooms_sed_param|g" /etc/matrix-$app/homeserver.yaml
sed -i "s|_REGISTRATION_REQUIRE_3PID_SED_PARAM_|$registration_require_3pid_sed_param|g" /etc/matrix-$app/homeserver.yaml
sed -i "s|_ALLOWD_LOCAL_3PIDS_SED_PARAM_|$allowd_local_3pids_sed_param|g" /etc/matrix-$app/homeserver.yaml
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
}
configure_coturn() {
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
local public_ip4="$(curl -s ip.yunohost.org)" || true
local public_ip6="$(curl -s ipv6.yunohost.org)" || true
local turn_external_ip=""
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
turn_external_ip+="external-ip=$public_ip4\\n"
fi
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
turn_external_ip+="external-ip=$public_ip6\\n"
fi
ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
sed -i "s|_TURN_EXTERNAL_IP_|$turn_external_ip|g" /etc/matrix-$app/coturn.conf
}
configure_nginx() {
local e2e_enabled_by_default_client_config
# Create .well-known redirection for access by federation
if yunohost --output-as plain domain list | grep -q "^$server_name$"
then
local e2e_enabled_by_default_client_config
if [ $e2e_enabled_by_default == "off" ]; then
e2e_enabled_by_default_client_config=false
else
e2e_enabled_by_default_client_config=true
fi
ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
fi
# Create a dedicated NGINX config
ynh_add_nginx_config
}
set_permissions() {
chown $YNH_APP_ID:$YNH_APP_ID -R $code_dir
chmod o= -R $code_dir
chmod 770 $code_dir/Coturn_config_rotate.sh
chmod 700 $code_dir/update_synapse_for_appservice.sh
find $data_dir \( \! -perm -o= \
-o \! -user $YNH_APP_ID \
-o \! -group $YNH_APP_ID \) \
-exec chown $YNH_APP_ID:$YNH_APP_ID {} \; \
-exec chmod o= {} \;
chown $YNH_APP_ID:$YNH_APP_ID -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
setfacl -R -m user:turnserver:rX /etc/matrix-$app
chmod 600 /etc/matrix-$app/$server_name.signing.key
chown $YNH_APP_ID:root -R /var/log/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
} }

View file

@ -14,37 +14,10 @@ source /usr/share/yunohost/helpers
# MANAGE SCRIPT FAILURE # MANAGE SCRIPT FAILURE
#================================================= #=================================================
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
#REMOVEME? ynh_print_info --message="Loading installation settings..."
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain)
#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name)
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
#REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
if [[ ! "$(systemctl status matrix-$app.service)" =~ "Active: inactive (dead)" ]]; then if [[ ! "$(systemctl status matrix-$app.service)" =~ "Active: inactive (dead)" ]]; then
ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop $app service with this command before to run the backup 'systemctl stop matrix-$app.service'" ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop $app service with this command before to run the backup 'systemctl stop matrix-$app.service'"
fi fi
#=================================================
# SET CONSTANTS
#=================================================
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
final_www_path="/var/www/$app"
data_path="/home/yunohost.app/matrix-$app"
#================================================= #=================================================
# DECLARE DATA AND CONF FILES TO BACKUP # DECLARE DATA AND CONF FILES TO BACKUP
#================================================= #=================================================
@ -56,8 +29,8 @@ ynh_print_info --message="Declaring files to be backed up..."
# BACKUP THE APP MAIN DIR # BACKUP THE APP MAIN DIR
#================================================= #=================================================
ynh_backup --src_path="$code_dir"
ynh_backup --src_path="$install_dir" ynh_backup --src_path="$install_dir"
ynh_backup --src_path="$final_www_path"
#================================================= #=================================================
# BACKUP THE NGINX CONFIGURATION # BACKUP THE NGINX CONFIGURATION

View file

@ -5,61 +5,20 @@
#================================================= #=================================================
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
source /usr/share/yunohost/helpers
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
# Import common cmd
source ./experimental_helper.sh source ./experimental_helper.sh
source ./_common.sh source ./_common.sh
source /usr/share/yunohost/helpers
#REMOVEME? ynh_script_progression --message="Loading installation settings..." path=$new_path
domain=$new_domain
# RETRIEVE ARGUMENTS
#REMOVEME? old_domain=$YNH_APP_OLD_DOMAIN
domain=$YNH_APP_NEW_DOMAIN
path=$(ynh_normalize_url_path --path $YNH_APP_NEW_PATH)
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name)
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
#REMOVEME? synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
#REMOVEME? jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration)
#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=synapse_port)
#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
#REMOVEME? report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
#REMOVEME? allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
#REMOVEME? e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
#REMOVEME? registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
#REMOVEME? form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
#REMOVEME? macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
main_domain=$(yunohost domain list --output-as json | jq -r .main)
synapse_user="matrix-$app"
synapse_user_app="$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
domain_whitelist_client_=$(get_domain_list)
domain_whitelist_client=${domain_whitelist_client_%"\n"}
# Check if the new path stay /_matrix if not exit # Check if the new path stay /_matrix if not exit
if [[ $path != "/_matrix" ]] if [[ $path != "/_matrix" ]]
then then
ynh_die --message "You can't use an other path than '/_matrix'. You can only change the domain." ynh_die --message "You can't use an other path than '/_matrix'. You can only change the domain."
fi fi
#REMOVEME? # We stop the service before to set ynh_clean_setup # We stop the service
ynh_systemd_action --service_name=matrix-$app.service --action=stop ynh_systemd_action --service_name=matrix-$app.service --action=stop
#================================================= #=================================================
@ -71,22 +30,7 @@ ynh_systemd_action --service_name=matrix-$app.service --action=stop
ynh_script_progression --message="Updating NGINX configuration..." ynh_script_progression --message="Updating NGINX configuration..."
ynh_change_url_nginx_config ynh_change_url_nginx_config
configure_nginx
# MODIFY URL IN NGINX CONF
#REMOVEME? nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
#REMOVEME? # Change the domain for nginx
# Delete file checksum for the old conf file location
#REMOVEME? ynh_delete_file_checksum --file "$nginx_conf_path"
#REMOVEME? mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf
# Store file checksum for the new config file location
#REMOVEME? ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf"
# Create .well-known redirection for access by federation
if yunohost --output-as plain domain list | grep -q "^$server_name$"
then
#REMOVEME? ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
fi
#================================================= #=================================================
# UPDATE SYNAPSE CONFIG # UPDATE SYNAPSE CONFIG
@ -94,38 +38,14 @@ fi
ynh_script_progression --message="Updating Synapse config..." --weight=2 ynh_script_progression --message="Updating Synapse config..." --weight=2
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) configure_synapse
# For any update do it in all files
if [ -z $macaroon_secret_key ]; then
# Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice.
# For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
# The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
# So for the old install we just leave this as it is. And for the new install we use a real macaroon.
macaroon_secret_key_param='# macaroon_secret_key: ""'
else
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
fi
if [ $is_free_registration -eq 0 ]
then
allowed_access=False
sso_enabled=True
else
allowed_access=True
sso_enabled=False
fi
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
#================================================= #=================================================
# SECURE FILES AND DIRECTORIES # SECURE FILES AND DIRECTORIES
#================================================= #=================================================
# Only setting permissions for the two config files updated above ynh_script_progression --message="Protecting directories..." --weight=3
chown $synapse_user:root -R /etc/matrix-$app set_permissions
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
#================================================= #=================================================
# RELOAD SERVICES # RELOAD SERVICES
@ -133,6 +53,6 @@ chmod u=rwX,g=rX,o= -R /etc/matrix-$app
ynh_script_progression --message="Restarting Synapse services..." --weight=5 ynh_script_progression --message="Restarting Synapse services..." --weight=5
ynh_systemd_action --service_name=coturn-$app.service --action=restart ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
ynh_script_progression --message="Change of URL completed for $app" --last ynh_script_progression --message="Change of URL completed for $app" --last

View file

@ -6,161 +6,14 @@
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
source ./_common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
# Stop script if errors ynh_app_config_apply() {
ynh_abort_if_errors _ynh_app_config_apply
final_path=$(ynh_app_setting_get --app=$app --key=final_path) configure_nginx
configure_synapse
get__max_upload_size() { set_permissions
max_upload_size=$(ynh_app_setting_get --app $app --key max_upload_size)
echo "${max_upload_size}"
}
set__max_upload_size() {
ynh_write_var_in_file --file=/etc/matrix-$app/homeserver.yaml --key=max_upload_size --value="${max_upload_size}"
sed -i -r "s|client_max_body_size\s[[:digit:]]*[GMK]?;|client_max_body_size ${max_upload_size};|g" "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_add_nginx_conf
}
get__registrations_require_3pid() {
registrations_require_3pid=$(ynh_app_setting_get --app $app --key registrations_require_3pid)
echo "${registrations_require_3pid}"
}
# set__registrations_require_3pid() this function is setting datas for registrations_require_3pid field and allowed_local_3pids_(email/msisdn)
# it consist on comment or not "registrations_require_3pid:", " - email" and/or " - msisdn"
# then depending on the "registrations_require_3pid" value it comment or not "allowed_local_3pids:" lines
# and generate all it sub configuration :
#
# allowed_local_3pids:
# - medium: email
# pattern: *
# ...
# - medium: msisdn
# pattern: *
#
# sed -z and \n as new line carracter do the trick on this kind of multline replacement.
set__registrations_require_3pid() {
# search pattern to replace (it correspond to the complete section)
allowedLocal3pids="s;#?([^\S\n]*allowed_local_3pids:)\n(#?([^\S\n]*-[^\S\n]*medium:[^\S\n]*(email|msisdn)\n)#?([^\S\n]*pattern:[^\S\n]*[^\n]*\n))*;"
case ${registrations_require_3pid} in
'email')
# registrations_require_3pid: part
sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|registrations_require_3pid:\n - email\n# - msisdn|" "/etc/matrix-$app/homeserver.yaml"
# allowed_local_3pids: part
allowedLocal3pids=${allowedLocal3pids}"\1"
readarray -td, arr3pidemail < <(echo ${allowed_local_3pids_email});
for pidemail in "${arr3pidemail[@]}"; do
# add it to regex substitution part
allowedLocal3pids=${allowedLocal3pids}"\n - medium: email";
allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidemail})'";
done;
;;
'msisdn')
# registrations_require_3pid: part
sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|registrations_require_3pid:\n# - email\n - msisdn|" "/etc/matrix-$app/homeserver.yaml"
# allowed_local_3pids: part
allowedLocal3pids=${allowedLocal3pids}"\1"
readarray -td, arr3pidmsisdn < <(echo ${allowed_local_3pids_msisdn});
for pidmsisdn in "${arr3pidmsisdn[@]}"; do
# add it to regex substitution part
allowedLocal3pids=${allowedLocal3pids}"\n - medium: msisdn";
allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidmsisdn})'";
done;
;;
'email&msisdn')
# registrations_require_3pid: part
sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|registrations_require_3pid:\n - email\n - msisdn|" "/etc/matrix-$app/homeserver.yaml"
# allowed_local_3pids: part
allowedLocal3pids=${allowedLocal3pids}"\1"
readarray -td, arr3pidemail < <(echo ${allowed_local_3pids_email});
for pidemail in "${arr3pidemail[@]}"; do
# add it to regex substitution part
allowedLocal3pids=${allowedLocal3pids}"\n - medium: email";
allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidemail})'";
done;
readarray -td, arr3pidmsisdn < <(echo ${allowed_local_3pids_msisdn});
for pidmsisdn in "${arr3pidmsisdn[@]}"; do
# add it to regex substitution part
allowedLocal3pids=${allowedLocal3pids}"\n - medium: msisdn";
allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidmsisdn})'";
done;
;;
*)
sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|#registrations_require_3pid:\n# - email\n# - msisdn|" "/etc/matrix-$app/homeserver.yaml"
# empty fields and comment registration
allowedLocal3pids=${allowedLocal3pids}"#\1"
;;
esac
# finalize regex then apply sed command on the homeserver conf file
allowedLocal3pids="${allowedLocal3pids}\n;";
sed -i -z -r "${allowedLocal3pids}" "/etc/matrix-$app/homeserver.yaml"
ynh_app_setting_set --app=$app --key=registrations_require_3pid --value="${registrations_require_3pid}"
}
get__allowed_local_3pids_email() {
allowed_local_3pids_email=$(ynh_app_setting_get --app $app --key allowed_local_3pids_email)
echo "${allowed_local_3pids_email}"
}
set__allowed_local_3pids_email() {
set__registrations_require_3pid;
ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value="${allowed_local_3pids_email}"
}
get__allowed_local_3pids_msisdn() {
allowed_local_3pids_msisdn=$(ynh_app_setting_get --app $app --key allowed_local_3pids_msisdn)
echo "${allowed_local_3pids_msisdn}"
}
set__allowed_local_3pids_msisdn() {
set__registrations_require_3pid;
ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value="${allowed_local_3pids_msisdn}"
}
get__auto_join_rooms() {
auto_join_rooms=$(ynh_app_setting_get --app $app --key auto_join_rooms)
auto_join_rooms=$(echo ${auto_join_rooms} | sed "s~(\\\\)*\#~\\\\\#~g")
echo "${auto_join_rooms}"
}
set__auto_join_rooms() {
if [ -z ${auto_join_rooms} ] ; then
# remove all values comment header and example value
sed -i -z -r "s|#?([^\S\n]*auto_join_rooms:\n)#?([^\S\n]*-[^\n]*\n)*|#\1# - \"#example:example.com\"\n|" "/etc/matrix-$app/homeserver.yaml"
else
readarray -td, arrroom < <(echo ${auto_join_rooms});
# print header then all space separated values
autoJoinRooms="s|#?([^\S\n]*auto_join_rooms:)\n(#?[^\S\n]*-[^\n]*\n)*|\1";
for room in "${arrroom[@]}"; do
autoJoinRooms="${autoJoinRooms}\n - '$(echo ${room})'";
done;
autoJoinRooms="${autoJoinRooms}\n|";
sed -i -z -r "${autoJoinRooms}" "/etc/matrix-$app/homeserver.yaml"
fi
ynh_app_setting_set --app=$app --key=auto_join_rooms --value="${auto_join_rooms}"
} }
#================================================= #=================================================

View file

@ -1,7 +1,5 @@
#!/bin/bash #!/bin/bash
#=================================================
# GENERIC START
#================================================= #=================================================
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
@ -10,83 +8,42 @@ source _common.sh
source experimental_helper.sh source experimental_helper.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
#REMOVEME? ynh_clean_setup () {
# Clean installation remainings that are not handled by the remove script.
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
#=================================================
# SET CONSTANTS
#=================================================
synapse_user="matrix-$app"
synapse_user_app="$app"
synapse_user_app_pwd="$(ynh_string_random --length=30)"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
report_stats="false"
e2e_enabled_by_default="off"
default_domain_value="Same than the domain"
domain_whitelist_client_=$(get_domain_list)
domain_whitelist_client=${domain_whitelist_client_%"\n"}
#================================================= #=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST # RETRIEVE ARGUMENTS FROM THE MANIFEST
#================================================= #=================================================
#REMOVEME? domain=$YNH_APP_ARG_DOMAIN if [ "$server_name" == "Same than the domain" ]; then
#REMOVEME? server_name=$YNH_APP_ARG_SERVER_NAME
#REMOVEME? is_free_registration=$YNH_APP_ARG_IS_FREE_REGISTRATION
#REMOVEME? jitsi_server=$YNH_APP_ARG_JITSI_SERVER
path="/_matrix"
#REMOVEME? install_dir="/opt/yunohost/matrix-$app"
final_www_path="/var/www/$app"
data_path="/home/yunohost.app/matrix-$app"
main_domain=$(yunohost domain list --output-as json | jq -r .main)
if [[ "$server_name" == "$default_domain_value" ]]; then
server_name=$domain server_name=$domain
fi
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
#REMOVEME? ynh_script_progression --message="Validating installation parameters..." --weight=2
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain."
# Check Final Path availability
#REMOVEME? test ! -e "$install_dir" || ynh_die --message="This path already contains a folder"
if [ -e "$data_path" ]; then
old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')"
ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path"
mv "$data_path" "$old_data_dir_path"
fi
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
#REMOVEME? ynh_script_progression --message="Storing installation settings..." --weight=1
#REMOVEME? ynh_app_setting_set --app=$app --key=domain --value=$domain
#REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path
ynh_app_setting_set --app=$app --key=server_name --value=$server_name ynh_app_setting_set --app=$app --key=server_name --value=$server_name
ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server fi
#REMOVEME? ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
#REMOVEME? ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
if [ "$is_free_registration" -eq "0" ] #=================================================
## SET STANDARD SETTINGS FROM DEFAULT CONFIG
#=================================================
ynh_script_progression --message="Storing installation settings..." --weight=1
report_stats="false"
e2e_enabled_by_default="off"
allow_public_rooms_without_auth="false"
allow_public_rooms_over_federation="false"
max_upload_size="10M"
disable_msisdn_registration="true"
registrations_require_3pid="none"
allowed_local_3pids_email=""
allowed_local_3pids_msisdn=""
allow_guest_access="false"
account_threepid_delegates_msisdn=""
default_identity_server="https://matrix.org"
auto_join_rooms=""
autocreate_auto_join_rooms="false"
auto_join_rooms_for_guests="true"
enable_notifs="true"
notif_for_new_users="true"
enable_group_creation="true"
push_include_content="true"
if [ "$is_free_registration" -eq 0 ]
then then
enable_registration="false" enable_registration="false"
turn_allow_guests="false" turn_allow_guests="false"
@ -101,52 +58,19 @@ else
enable_3pid_lookup="true" enable_3pid_lookup="true"
fi fi
ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled
#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
#=================================================
## SET STANDARD SETTINGS FROM DEFAULT CONFIG
#=================================================
element_ynh_url="https://matrix.to/" element_ynh_url="https://matrix.to/"
# Get app name of first Element Instance (can be changed later in Config Panel) # Get app name of first Element Instance (can be changed later in Config Panel)
element_instance="element" element_instance="element"
if yunohost --output-as plain app list | grep -q "^$element_instance$"; then if yunohost --output-as plain app list | grep -q "^$element_instance$"; then
#REMOVEME? element_domain=$(ynh_app_setting_get --app $element_instance --key domain) element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
#REMOVEME? element_path=$(ynh_app_setting_get --app $element_instance --key path) element_path=$(ynh_app_setting_get --app $element_instance --key path)
element_ynh_url="https://""$element_domain""$element_path" element_ynh_url="https://""$element_domain""$element_path"
fi fi
web_client_location=$element_ynh_url web_client_location=$element_ynh_url
client_base_url=$element_ynh_url client_base_url=$element_ynh_url
invite_client_location=$element_ynh_url invite_client_location=$element_ynh_url
backup_before_upgrade="true" ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
server_statistics="false"
allow_public_rooms_without_auth="false"
allow_public_rooms_over_federation="false"
max_upload_size="10M"
disable_msisdn_registration="true"
registrations_require_3pid="none"
# here we need sed magic to transform $server_name
allowed_local_3pids_email=""
allowed_local_3pids_msisdn=""
allow_guest_access="false"
account_threepid_delegates_msisdn=""
default_identity_server="https://matrix.org"
auto_join_rooms="#auto_join_room:""$server_name"
autocreate_auto_join_rooms="false"
auto_join_rooms_for_guests="true"
password_enabled="true"
enable_notifs="true"
notif_for_new_users="true"
enable_group_creation="true"
push_include_content="true"
ynh_app_setting_set --app=$app --key=backup_before_upgrade --value=$backup_before_upgrade
ynh_app_setting_set --app=$app --key=server_statistics --value=$server_statistics
ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location
ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url
ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
@ -163,39 +87,19 @@ ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_id
ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms
ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms
ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests
#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs
ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users
ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation
ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled
ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Configuring firewall..." --weight=19
# Find a free port
#REMOVEME? synapse_tls_port=$(ynh_find_port --port=8448)
#REMOVEME? port=$(ynh_find_port --port=8008)
#REMOVEME? turnserver_tls_port=$(ynh_find_port --port=5349)
#REMOVEME? turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
#REMOVEME? cli_port=$(ynh_find_port --port=5766)
# Open this port
ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
# Store opened ports
#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_port --value=$port
#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_tls_port --value=$synapse_tls_port
#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port
#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
#REMOVEME? ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
#================================================= #=================================================
# CREATE A DH FILE # CREATE A DH FILE
#================================================= #=================================================
@ -212,45 +116,18 @@ then
chmod 640 /etc/ssl/private/dh2048.pem chmod 640 /etc/ssl/private/dh2048.pem
fi fi
#=================================================
# INSTALL DEPENDENCIES
#=================================================
#REMOVEME? ynh_script_progression --message="Installing dependencies..." --weight=80
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
#================================================= #=================================================
#REMOVEME? ynh_script_progression --message="Configuring system user..." --weight=3 ynh_script_progression --message="Creating $app user..." --weight=1
#REMOVEME? ynh_system_user_create --username=$synapse_user --home_dir=$install_dir synapse_user_app_pwd="$(ynh_string_random --length=30)"
# The format to create an user account varies depending on the version of YunoHost currently installed. ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost) # yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then
yunohost user create $synapse_user_app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd" adduser $YNH_APP_ID ssl-cert
else
yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd"
fi
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert adduser turnserver ssl-cert
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
#REMOVEME? ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4
synapse_db_pwd=$(ynh_string_random --length=30)
#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd
# Create postgresql database
#REMOVEME? ynh_psql_test_if_first_run
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
--sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
@ -260,7 +137,6 @@ ynh_script_progression --message="Setting up source files..." --weight=50
# WARNING : theses command are used in INSTALL, UPGRADE # WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files # For any update do it in all files
mkdir -p $data_path
mkdir -p /var/log/matrix-$app mkdir -p /var/log/matrix-$app
mkdir -p /etc/matrix-$app/conf.d mkdir -p /etc/matrix-$app/conf.d
mkdir -p /etc/matrix-$app/app-service mkdir -p /etc/matrix-$app/app-service
@ -275,10 +151,9 @@ install_sources
# WARNING : theses command are used in INSTALL, UPGRADE # WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files # For any update do it in all files
mkdir -p $final_www_path cp ../sources/cas_server.php $install_dir/
cp ../sources/cas_server.php $final_www_path/ chmod u=rwX,g=rX,o= -R $install_dir
chmod u=rwX,g=rX,o= -R $final_www_path chown $YNH_APP_ID:$YNH_APP_ID -R $install_dir
chown $synapse_user:root -R $final_www_path
#================================================= #=================================================
# CREATE SYNAPSE CONFIG # CREATE SYNAPSE CONFIG
@ -287,17 +162,18 @@ chown $synapse_user:root -R $final_www_path
ynh_script_progression --message="Creating Synapse config..." --weight=3 ynh_script_progression --message="Creating Synapse config..." --weight=3
# Go in virtualenvironnement # Go in virtualenvironnement
set +u; u_arg='u'
source $install_dir/bin/activate set +$u_arg;
set -u; source $code_dir/bin/activate
set -$u_arg;
# Generate config # Generate config
python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --server-name $server_name --report-stats=no -c homeserver.yml python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --server-name $server_name --report-stats=no -c homeserver.yml
# This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does # This function was defined when we called "source $code_dir/bin/activate". With this function we undo what "$code_dir/bin/activate" does
set +u; set +$u_arg;
deactivate deactivate
set -u; set -$u_arg;
# Get random values from config # Get random values from config
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2) registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
@ -331,14 +207,7 @@ ynh_script_progression --message="Configuring application..."
ynh_add_fpm_config --usage=low --footprint=low ynh_add_fpm_config --usage=low --footprint=low
# Create .well-known redirection for access by federation configure_nginx
if yunohost --output-as plain domain list | grep -q "^$server_name$"
then
ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
fi
# Create a dedicated nginx config
ynh_add_nginx_config app
#================================================= #=================================================
# SET SYNAPSE CONFIG # SET SYNAPSE CONFIG
@ -349,41 +218,14 @@ ynh_script_progression --message="Configuring Synapse..." --weight=2
turnserver_pwd=$(ynh_string_random --length=30) turnserver_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
# Configure Synapse configure_synapse
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times)
# For any update do it in all files
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
#================================================= #=================================================
# SET COTURN CONFIG # SET COTURN CONFIG
#================================================= #=================================================
ynh_script_progression --message="Configuring Coturn..." --weight=1 ynh_script_progression --message="Configuring Coturn..." --weight=1
# WARNING : theses command are used in INSTALL, UPGRADE configure_coturn
# For any update do it in all files
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl -s ip.yunohost.org)" || true
public_ip6="$(curl -s ipv6.yunohost.org)" || true
turn_external_ip=""
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
turn_external_ip+="external-ip="$public_ip4%"\n"
fi
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
turn_external_ip+="external-ip="$public_ip6%"\n"
fi
ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
#================================================= #=================================================
# SETUP LOGROTATE # SETUP LOGROTATE
@ -399,8 +241,8 @@ ynh_use_logrotate --logfile "/var/log/matrix-$app"
# WARNING : theses command are used in INSTALL, UPGRADE # WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files # For any update do it in all files
ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$install_dir/Coturn_config_rotate.sh" ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$code_dir/Coturn_config_rotate.sh"
ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$install_dir/update_synapse_for_appservice.sh" ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$code_dir/update_synapse_for_appservice.sh"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
@ -411,7 +253,7 @@ ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destin
ynh_script_progression --message="Configuring permissions..." --weight=1 ynh_script_progression --message="Configuring permissions..." --weight=1
if yunohost --output-as plain domain list | grep -q "^$server_name$"; then if yunohost --output-as plain domain list | grep -q "^$server_name$"; then
ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ ynh_""permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \
--label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \
--auth_header=false --protected=true --auth_header=false --protected=true
fi fi
@ -429,25 +271,15 @@ ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update
# SECURE FILES AND DIRECTORIES # SECURE FILES AND DIRECTORIES
#================================================= #=================================================
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE ynh_script_progression --message="Protecting directories..." --weight=3
# For any update do it in all files set_permissions
chown $synapse_user:root -R $install_dir
chmod 770 $install_dir/Coturn_config_rotate.sh
chmod 700 $install_dir/update_synapse_for_appservice.sh
chown $synapse_user:root -R $data_path
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/$server_name.signing.key
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#================================================= #=================================================
# ADVERTISE SERVICE IN ADMIN PANEL # ADVERTISE SERVICE IN ADMIN PANEL
#================================================= #=================================================
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls
#================================================= #=================================================
# RELOAD SERVICES # RELOAD SERVICES
@ -455,43 +287,15 @@ yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
ynh_script_progression --message="Restarting Synapse services..." --weight=11 ynh_script_progression --message="Restarting Synapse services..." --weight=11
ynh_systemd_action --service_name=coturn-$app.service --action=restart ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
#================================================= #=================================================
# SETUP FAIL2BAN # SETUP FAIL2BAN
#================================================= #=================================================
ynh_script_progression --message="Configuring Fail2Ban..." --weight=10 ynh_script_progression --message="Configuring Fail2Ban..." --weight=10
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
ynh_add_fail2ban_config --use_template ynh_add_fail2ban_config --use_template
#=================================================
# SEND A README FOR THE ADMIN
#=================================================
# WARNING : theses command are used in INSTALL, RESTORE
# For any update do it in all files
echo "If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
If not, you may need to put the following line in the dns configuration:
_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain.
For more details, see : https://github.com/matrix-org/synapse#setting-up-federation
You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done.
Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh
You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en" > mail_to_send
ynh_send_readme_to_admin --app_message="mail_to_send" --type="install"
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================

View file

@ -10,32 +10,6 @@ source _common.sh
source experimental_helper.sh source experimental_helper.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=3
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain)
#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name)
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
#=================================================
# SET CONSTANTS
#=================================================
synapse_user="matrix-$app"
synapse_user_app="$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
final_www_path="/var/www/$app"
#================================================= #=================================================
# STANDARD REMOVE # STANDARD REMOVE
#================================================= #=================================================
@ -61,29 +35,12 @@ ynh_script_progression --message="Stopping and removing the systemd service" --w
ynh_remove_systemd_config --service=matrix-$app ynh_remove_systemd_config --service=matrix-$app
ynh_remove_systemd_config --service=coturn-$app ynh_remove_systemd_config --service=coturn-$app
#=================================================
# REMOVE THE POSTGRESQL DATABASE
#=================================================
#REMOVEME? ynh_script_progression --message="Removing the PostgreSQL database" --weight=2
# Remove a database if it exists, along with the associated user
#REMOVEME? ynh_psql_remove_db --db_user=$synapse_db_name --db_name=$synapse_db_user
#=================================================
# REMOVE DEPENDENCIES
#=================================================
#REMOVEME? ynh_script_progression --message="Removing dependencies" --weight=15
# Remove metapackage and its dependencies
#REMOVEME? ynh_remove_app_dependencies
#================================================= #=================================================
# REMOVE APP MAIN DIR # REMOVE APP MAIN DIR
#================================================= #=================================================
#REMOVEME? ynh_script_progression --message="Removing app main directory" --weight=2 ynh_script_progression --message="Removing app main directory" --weight=2
#REMOVEME? ynh_secure_remove --file=$install_dir ynh_secure_remove --file=$code_dir
ynh_secure_remove --file=$final_www_path
ynh_secure_remove --file=/var/log/matrix-$app ynh_secure_remove --file=/var/log/matrix-$app
ynh_secure_remove --file=/etc/matrix-$app ynh_secure_remove --file=/etc/matrix-$app
ynh_secure_remove --file=/etc/default/matrix-$app ynh_secure_remove --file=/etc/default/matrix-$app
@ -109,23 +66,6 @@ ynh_script_progression --message="Removing logrotate configuration" --weight=1
# Remove the app-specific logrotate config # Remove the app-specific logrotate config
ynh_remove_logrotate ynh_remove_logrotate
#=================================================
# CLOSE A PORT
#=================================================
closeport() {
local port=$1
if yunohost firewall list | grep -q "\- $port$"
then
ynh_script_progression --message="Closing port $port"
ynh_exec_warn_less yunohost firewall disallow Both $port
fi
}
closeport $synapse_tls_port
closeport $turnserver_tls_port
closeport $turnserver_alt_tls_port
#================================================= #=================================================
# REMOVE FAIL2BAN CONFIGURATION # REMOVE FAIL2BAN CONFIGURATION
#================================================= #=================================================
@ -139,11 +79,10 @@ ynh_remove_fail2ban_config
#================================================= #=================================================
# REMOVE DEDICATED USER # REMOVE DEDICATED USER
#================================================= #=================================================
#REMOVEME? ynh_script_progression --message="Removing the dedicated system user" --weight=1 ynh_script_progression --message="Removing the dedicated system user" --weight=1
# Delete a system user # Delete a system user
#REMOVEME? ynh_system_user_delete --username=$synapse_user yunohost user delete $YNH_APP_ID
yunohost user delete $synapse_user_app
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT

View file

@ -1,39 +0,0 @@
import json
import sys
with open("/etc/ssowat/" + "conf.json.persistent", "r", encoding='utf-8') as jsonFile:
data = json.load(jsonFile)
for domain in ("", sys.argv[1], sys.argv[2]):
for path in ("/_matrix", "/.well-known/matrix/", "/_matrix/cas_server.php/login"):
url = domain + path
try:
uri_list = data["skipped_urls"]
while url in uri_list:
uri_list.remove(url)
except:
pass
try:
uri_list = data["protected_urls"]
while url in uri_list:
uri_list.remove(url)
except:
pass
try:
uri_list = data["permissions"]["custom_protected"]["uris"]
while url in uri_list:
uri_list.remove(url)
except:
pass
try:
uri_list = data["permissions"]["custom_skipped"]["uris"]
while url in uri_list:
uri_list.remove(url)
except:
pass
with open("/etc/ssowat/" + "conf.json.persistent", "w", encoding='utf-8') as jsonFile:
jsonFile.write(json.dumps(data, indent=4, sort_keys=True))

View file

@ -11,83 +11,19 @@ source ../settings/scripts/_common.sh
source ../settings/scripts/experimental_helper.sh source ../settings/scripts/experimental_helper.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
#REMOVEME? ynh_clean_setup () {
# Clean installation remainings that are not handled by the remove script.
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
#================================================= #=================================================
# LOAD SETTINGS # LOAD SETTINGS
#================================================= #=================================================
ynh_script_progression --message="Loading settings..." ynh_script_progression --message="Loading settings..."
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain)
#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name)
#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path)
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
#REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
main_domain=$(yunohost domain list --output-as json | jq -r .main)
#=================================================
# SET ALL CONSTANT
#=================================================
synapse_user="matrix-$app"
synapse_user_app="$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
final_www_path="/var/www/$app"
data_path="/home/yunohost.app/matrix-$app"
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
#REMOVEME? ynh_script_progression --message="Validating restoration parameters..." --weight=2
#REMOVEME? test ! -d $install_dir \
|| ynh_die --message="There is already a directory: $install_dir "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
#REMOVEME? ynh_script_progression --message="Reinstalling dependencies..." --weight=70
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances
#================================================= #=================================================
# RECREATE THE DEDICATED USER # RECREATE THE DEDICATED USER
#================================================= #=================================================
#REMOVEME? ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
# Create the dedicated user (if not existing) # Create the dedicated user (if not existing)
#REMOVEME? ynh_system_user_create --username=$synapse_user --home_dir=$install_dir yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
# The format to create an user account varies depending on the version of YunoHost currently installed. adduser $YNH_APP_ID ssl-cert
ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost)
if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then
yunohost user create $synapse_user_app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
else
yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd"
fi
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert adduser turnserver ssl-cert
#================================================= #=================================================
@ -113,17 +49,8 @@ ynh_systemd_action --action=restart --service_name=fail2ban
#================================================= #=================================================
# RESTORE THE POSTGRESQL DATABASE # RESTORE THE POSTGRESQL DATABASE
#================================================= #=================================================
#REMOVEME? ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13 ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13
#REMOVEME? ynh_psql_test_if_first_run
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
--sql="CREATE DATABASE $synapse_db_name
ENCODING 'UTF8'
LC_COLLATE='C'
LC_CTYPE='C'
template=template0
OWNER $synapse_db_user;"
ynh_psql_execute_file_as_root --file="${YNH_CWD}/dump.sql" --database="$synapse_db_name" ynh_psql_execute_file_as_root --file="${YNH_CWD}/dump.sql" --database="$synapse_db_name"
#================================================= #=================================================
@ -139,8 +66,8 @@ systemctl enable coturn-$app.service --quiet
# ADVERTISE SERVICE IN ADMIN PANEL # ADVERTISE SERVICE IN ADMIN PANEL
#================================================= #=================================================
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls
#================================================= #=================================================
# CREATE A DH FILE # CREATE A DH FILE
@ -163,43 +90,7 @@ fi
#================================================= #=================================================
ynh_script_progression --message="Reconfiguring Coturn..." --weight=23 ynh_script_progression --message="Reconfiguring Coturn..." --weight=23
# To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config configure_coturn
# Retrieve specific settings
#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
# WARNING : these commands are used in INSTALL, UPGRADE
# For any update do it in all files
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl -s ip.yunohost.org)" || true
public_ip6="$(curl -s ipv6.yunohost.org)" || true
turn_external_ip=""
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
turn_external_ip+="external-ip="$public_ip4%"\n"
fi
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
turn_external_ip+="external-ip="$public_ip6%"\n"
fi
ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
#=================================================
# OPEN THE PORT
#=================================================
# Ouvre le port dans le firewall
ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
#================================================= #=================================================
# SETUP LOGROTATE # SETUP LOGROTATE
@ -214,21 +105,8 @@ ynh_use_logrotate --logfile /var/log/matrix-$app
# SECURE FILES AND DIRECTORIES # SECURE FILES AND DIRECTORIES
#================================================= #=================================================
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE (3 times) ynh_script_progression --message="Protecting directories..." --weight=3
# For any update do it in all files set_permissions
ynh_script_progression --message="Configuring file permission..."
chown $synapse_user:root -R $install_dir
chmod 770 $install_dir/Coturn_config_rotate.sh
chmod 700 $install_dir/update_synapse_for_appservice.sh
chown $synapse_user:root -R $data_path
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/$server_name.signing.key
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
chmod u=rwX,g=rX,o= -R $final_www_path
chown $synapse_user:root -R $final_www_path
#================================================= #=================================================
# RELOAD NGINX, SYNAPSE AND COTURN # RELOAD NGINX, SYNAPSE AND COTURN
@ -236,26 +114,7 @@ chown $synapse_user:root -R $final_www_path
ynh_script_progression --message="Restarting Synapse services..." --weight=7 ynh_script_progression --message="Restarting Synapse services..." --weight=7
ynh_systemd_action --service_name=coturn-$app.service --action=restart ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
#=================================================
# SEND A README FOR THE ADMIN
#=================================================
# WARNING : theses command are used in INSTALL, RESTORE
# For any update do it in all files
echo "To federate this app you need to add this line in your DNS configuration:
_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain.
You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done.
Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" > mail_to_send
ynh_send_readme_to_admin --app_message="mail_to_send" --type="restore"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION

View file

@ -10,85 +10,11 @@ source _common.sh
source experimental_helper.sh source experimental_helper.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=3
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain)
#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name)
#REMOVEME? jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path)
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
#REMOVEME? synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration)
#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=synapse_port)
#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
#REMOVEME? report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
#REMOVEME? e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
#REMOVEME? registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
#REMOVEME? form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
#REMOVEME? macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
domain_whitelist_client_=$(get_domain_list)
domain_whitelist_client=${domain_whitelist_client_%"\n"}
main_domain=$(yunohost domain list --output-as json | jq -r .main)
#================================================= #=================================================
# SET ALL CONSTANT # SET ALL CONSTANT
#================================================= #=================================================
synapse_user="matrix-$app"
synapse_user_app="$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
upgrade_type=$(ynh_check_app_version_changed) upgrade_type=$(ynh_check_app_version_changed)
final_www_path="/var/www/$app"
data_path="/home/yunohost.app/matrix-$app"
#=================================================
# GET CONFIG PANEL SETTINGS
#=================================================
#REMOVEME? server_statistics=$(ynh_app_setting_get --app=$app --key=server_statistics)
#REMOVEME? web_client_location=$(ynh_app_setting_get --app=$app --key=web_client_location)
#REMOVEME? client_base_url=$(ynh_app_setting_get --app=$app --key=client_base_url)
#REMOVEME? invite_client_location=$(ynh_app_setting_get --app=$app --key=invite_client_location)
#REMOVEME? allow_public_rooms_without_auth=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_without_auth)
#REMOVEME? allow_public_rooms_over_federation=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_over_federation)
#REMOVEME? max_upload_size=$(ynh_app_setting_get --app=$app --key=max_upload_size)
#REMOVEME? disable_msisdn_registration=$(ynh_app_setting_get --app=$app --key=disable_msisdn_registration)
#REMOVEME? registrations_require_3pid=$(ynh_app_setting_get --app=$app --key=registrations_require_3pid)
#REMOVEME? allowed_local_3pids_email=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_email)
#REMOVEME? allowed_local_3pids_msisdn=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_msisdn)
#REMOVEME? account_threepid_delegates_msisdn=$(ynh_app_setting_get --app=$app --key=account_threepid_delegates_msisdn)
#REMOVEME? allow_guest_access=$(ynh_app_setting_get --app=$app --key=allow_guest_access)
#REMOVEME? default_identity_server=$(ynh_app_setting_get --app=$app --key=default_identity_server)
#REMOVEME? auto_join_rooms=$(ynh_app_setting_get --app=$app --key=auto_join_rooms)
#REMOVEME? autocreate_auto_join_rooms=$(ynh_app_setting_get --app=$app --key=autocreate_auto_join_rooms)
#REMOVEME? auto_join_rooms_for_guests=$(ynh_app_setting_get --app=$app --key=auto_join_rooms_for_guests)
#REMOVEME? enable_notifs=$(ynh_app_setting_get --app=$app --key=enable_notifs)
#REMOVEME? notif_for_new_users=$(ynh_app_setting_get --app=$app --key=notif_for_new_users)
#REMOVEME? enable_group_creation=$(ynh_app_setting_get --app=$app --key=enable_group_creation)
#REMOVEME? enable_registration=$(ynh_app_setting_get --app=$app --key=enable_registration)
#REMOVEME? turn_allow_guests=$(ynh_app_setting_get --app=$app --key=turn_allow_guests)
#REMOVEME? sso_enabled=$(ynh_app_setting_get --app=$app --key=sso_enabled)
#REMOVEME? password_enabled=$(ynh_app_setting_get --app=$app --key=password_enabled)
#REMOVEME? enable_3pid_lookup=$(ynh_app_setting_get --app=$app --key=enable_3pid_lookup)
#REMOVEME? push_include_content=$(ynh_app_setting_get --app=$app --key=push_include_content)
#================================================= #=================================================
# ENSURE DOWNWARD COMPATIBILITY # ENSURE DOWNWARD COMPATIBILITY
@ -101,39 +27,6 @@ then
ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version." ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version."
fi fi
#=================================================
# MIGRATION 7 : Working config panel v1
#=================================================
#REMOVEME? backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=backup_before_upgrade)
if [ -z $backup_before_upgrade ] ; then
backup_before_upgrade="true"
#REMOVEME? disable_backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade)
if [ "0$disable_backup_before_upgrade" -ne 0 ]; then
backup_before_upgrade="false"
fi
ynh_app_setting_set --app=$app --key=backup_before_upgrade --value=$backup_before_upgrade
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
#REMOVEME? # We stop the service before to set ynh_clean_setup
ynh_systemd_action --service_name=matrix-$app.service --action=stop
# Backup the current version of the app
if $backup_before_upgrade ; then
#REMOVEME? ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30
#REMOVEME? ynh_backup_before_upgrade
#REMOVEME? ynh_clean_setup () {
# Clean installation remainings that are not handled by the remove script.
ynh_clean_check_starting
#REMOVEME? ynh_restore_upgradebackup
}
else
#REMOVEME? ynh_script_progression --message="NOT Backing up the app before upgrading..." --weight=1
fi
#================================================= #=================================================
# STANDARD UPGRADE STEPS # STANDARD UPGRADE STEPS
#================================================= #=================================================
@ -142,10 +35,10 @@ fi
# Migrate from settings 'special_domain' to 'domain' and 'special_path' to 'path' # Migrate from settings 'special_domain' to 'domain' and 'special_path' to 'path'
if [ -z $domain ]; then if [ -z $domain ]; then
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=special_domain) domain=$(ynh_app_setting_get --app=$app --key=special_domain)
#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=special_path) path=$(ynh_app_setting_get --app=$app --key=special_path)
#REMOVEME? ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=domain --value=$domain
#REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path ynh_app_setting_set --app=$app --key=path --value=$path
ynh_app_setting_delete --app=$app --key=special_domain ynh_app_setting_delete --app=$app --key=special_domain
ynh_app_setting_delete --app=$app --key=special_path ynh_app_setting_delete --app=$app --key=special_path
ynh_app_setting_set --app=$app --key=no_sso --value true ynh_app_setting_set --app=$app --key=no_sso --value true
@ -154,7 +47,7 @@ fi
# Define $server_name if not already defined # Define $server_name if not already defined
if [ -z $server_name ]; then if [ -z $server_name ]; then
server_name=$domain server_name=$domain
#REMOVEME? ynh_app_setting_set --app=$app --key=server_name --value=$domain ynh_app_setting_set --app=$app --key=server_name --value=$domain
fi fi
# Define $jitsi_server if not already defined # Define $jitsi_server if not already defined
@ -181,67 +74,21 @@ fi
if [ -z $report_stats ]; then if [ -z $report_stats ]; then
report_stats="false" report_stats="false"
#REMOVEME? ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
fi fi
if [ -z $is_free_registration ]; then
#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public)
fi
if [ -z $synapse_user_app_pwd ]; then
synapse_user_app_pwd="$(ynh_string_random --length=30)"
ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
# The format to create an user account varies depending on the version of YunoHost currently installed.
ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost)
if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then
yunohost user create $synapse_user_app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
else
yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd"
fi
fi
#=================================================
# MIGRATION 6 : Migrate data directory
#=================================================
if [ -e "/var/lib/matrix-$app" ]; then
ynh_script_progression --message="Moving data directory to $data_path..." --weight=1
if [ -e "$data_path" ]; then
old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')"
ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path"
mv "$data_path" "$old_data_dir_path"
fi
mv "/var/lib/matrix-$app" "$data_path"
fi
if ! grep -q "$install_dir" /etc/passwd; then
# matrix-synapse:x:994:994::/var/lib/matrix-synapse:/usr/sbin/nologin
sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$install_dir\:/usr/sbin/nologin@g" /etc/passwd
fi
#=================================================
# MIGRATION 7 : Working config panel v1
#=================================================
#REMOVEME? allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
if [ -z $allow_public_rooms ]; then
allow_public_rooms="false"
fi
# SET STANDARD SETTINGS FROM DEFAULT CONFIG
# Get app name of first Element Instance # Get app name of first Element Instance
element_ynh_url="https://matrix.to/" element_ynh_url="https://matrix.to/"
element_domain=""
element_path=""
web_client_location=$element_ynh_url web_client_location=$element_ynh_url
client_base_url=$element_ynh_url client_base_url=$element_ynh_url
invite_client_location=$element_ynh_url invite_client_location=$element_ynh_url
element_instance="element"
if [ -z "$web_client_location" ] if [ -z "$web_client_location" ]
then then
element_instance="element"
if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then
#REMOVEME? element_domain=$(ynh_app_setting_get --app $element_instance --key domain) element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
#REMOVEME? element_path=$(ynh_app_setting_get --app $element_instance --key path) element_path=$(ynh_app_setting_get --app $element_instance --key path)
element_ynh_url="https://""$element_domain""$element_path" element_ynh_url="https://""$element_domain""$element_path"
fi fi
web_client_location=$element_ynh_url web_client_location=$element_ynh_url
@ -252,19 +99,14 @@ then
ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
fi fi
if [ -z "$server_statistics" ]
then
server_statistics="false"
ynh_app_setting_set --app=$app --key=server_statistics --value=$server_statistics
fi
if [ -z "$allow_public_rooms_without_auth" ] if [ -z "$allow_public_rooms_without_auth" ]
then then
allow_public_rooms_without_auth=$allow_public_rooms allow_public_rooms_without_auth=${allow_public_rooms:-false}
ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth
fi fi
if [ -z "$allow_public_rooms_over_federation" ] if [ -z "$allow_public_rooms_over_federation" ]
then then
allow_public_rooms_over_federation=$allow_public_rooms allow_public_rooms_over_federation=${allow_public_rooms:-false}
ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation
fi fi
if [ -z "$max_upload_size" ] if [ -z "$max_upload_size" ]
@ -340,6 +182,10 @@ fi
if [ -z "$enable_registration" ] if [ -z "$enable_registration" ]
then then
if [ -z $is_free_registration ]; then
is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public)
fi
if [ "$is_free_registration" -eq "0" ] if [ "$is_free_registration" -eq "0" ]
then then
enable_registration="false" enable_registration="false"
@ -357,7 +203,7 @@ then
ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled
#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
fi fi
@ -367,116 +213,32 @@ then
ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
fi fi
#================================================= if [ -z $synapse_user_app_pwd ]; then
# INSTALL DEPENDENCIES synapse_user_app_pwd="$(ynh_string_random --length=30)"
#================================================= ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
#REMOVEME? ynh_script_progression --message="Upgrading dependencies..." --weight=6 # The format to create an user account varies depending on the version of YunoHost currently installed.
yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ] || [ ! -e $install_dir/bin/python3 ] || [ ! -e $install_dir/lib/python$python_version ]
then
ynh_script_progression --message="Upgrading source files..." --weight=6
install_sources
fi fi
#================================================= # We stop the service
# CREATE SMALL CAS SERVER ynh_systemd_action --service_name=matrix-$app.service --action=stop
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
mkdir -p $final_www_path
cp ../sources/cas_server.php $final_www_path/
chmod u=rwX,g=rX,o= -R $final_www_path
chown $synapse_user:root -R $final_www_path
#================================================= #=================================================
# MIGRATION 1 : GENERATE SYNAPSE SECRET # MIGRATION 6 : Migrate data directory
#================================================= #=================================================
if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ] if [ -e "/var/lib/matrix-$app" ]; then
then ynh_script_progression --message="Moving data directory to $data_path..." --weight=1
ynh_script_progression --message="Generating synapse secret..." --weight=1 if [ -e "$data_path" ]; then
old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')"
# Go in virtualenvironnement ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path"
set +u mv "$data_path" "$old_data_dir_path"
source $install_dir/bin/activate
set -u
# Generate config and keys
python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml
# This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does
set +u;
deactivate
set -u;
# Get random values from config
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
# store in yunohost settings
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
fi fi
mv "/var/lib/matrix-$app" "$data_path"
#=================================================
# UPDATE SYNAPSE CONFIG
#=================================================
ynh_script_progression --message="Updating synapse config..." --weight=2
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times)
# For any update do it in all files
if [ -z $macaroon_secret_key ]; then
# Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice.
# For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
# The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
# So for the old install we just leave this as it is. And for the new install we use a real macaroon.
macaroon_secret_key_param='# macaroon_secret_key: ""'
else
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
fi fi
if ! grep -q "$code_dir" /etc/passwd; then
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml" # matrix-synapse:x:994:994::/var/lib/matrix-synapse:/usr/sbin/nologin
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$code_dir\:/usr/sbin/nologin@g" /etc/passwd
#=================================================
# MIGRATION 2 : MULTINSTANCE SUPPORT
#=================================================
if [ ! -e /etc/matrix-$app/coturn.conf ]
then
ynh_script_progression --message="Creating an independant service for coturn..." --weight=1
#=================================================
# CREATE AN INDEPENDANT SERVICE FOR COTURN
#=================================================
# Disable default config for turnserver and create a new service
systemctl stop coturn.service
# Set a port for each service in turnserver
#REMOVEME? turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
#REMOVEME? cli_port=$(ynh_find_port --port=5766)
#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
#REMOVEME? ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
#=================================================
# MAKE A CLEAN LOGROTATE CONFIG
#=================================================
ynh_use_logrotate --logfile /var/log/matrix-$app --nonappend
fi fi
#================================================= #=================================================
@ -488,7 +250,7 @@ if [ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]
then then
ynh_script_progression --message="Use standard access for certificate..." --weight=1 ynh_script_progression --message="Use standard access for certificate..." --weight=1
adduser $synapse_user ssl-cert adduser $YNH_APP_ID ssl-cert
adduser turnserver ssl-cert adduser turnserver ssl-cert
fi fi
@ -509,8 +271,99 @@ then
chmod 640 /etc/ssl/private/dh2048.pem chmod 640 /etc/ssl/private/dh2048.pem
fi fi
#=================================================
# MIGRATION 2 : MULTINSTANCE SUPPORT
#=================================================
if [ ! -e /etc/matrix-$app/coturn.conf ]
then
ynh_script_progression --message="Creating an independant service for coturn..." --weight=1
#=================================================
# CREATE AN INDEPENDANT SERVICE FOR COTURN
#=================================================
# Disable default config for turnserver and create a new service
systemctl stop coturn.service
#=================================================
# MAKE A CLEAN LOGROTATE CONFIG
#=================================================
ynh_use_logrotate --logfile /var/log/matrix-$app --nonappend
fi
######################################### WARNING ################################
# TODO manage of migration of data path
# TODO manage of migration of db name
# TODO delete legacy user matrix-synapse
# TODO maybe need to close port to leave managed port to manage this
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ] || [ ! -e $code_dir/bin/python3 ] || [ ! -e $code_dir/lib/python$python_version ]
then
ynh_script_progression --message="Upgrading source files..." --weight=6
install_sources
fi
#=================================================
# MIGRATION 1 : GENERATE SYNAPSE SECRET
#=================================================
if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ]
then
ynh_script_progression --message="Generating synapse secret..." --weight=1
# Go in virtualenvironnement
u_arg='u'
set +$u_arg;
source $code_dir/bin/activate
set -$u_arg;
# Generate config and keys
python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml
# This function was defined when we called "source $code_dir/bin/activate". With this function we undo what "$code_dir/bin/activate" does
set +$u_arg;
deactivate
set -$u_arg;
# Get random values from config
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
# store in yunohost settings
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
fi
#================================================= #=================================================
# STANDARD UPGRADE STEPS # STANDARD UPGRADE STEPS
#=================================================
#=================================================
# UPDATE SYNAPSE CONFIG
#=================================================
ynh_script_progression --message="Updating synapse config..." --weight=2
configure_synapse
#=================================================
# CREATE SMALL CAS SERVER
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
mkdir -p $install_dir
cp ../sources/cas_server.php $install_dir/
chmod u=rwX,g=rX,o= -R $install_dir
chown $YNH_APP_ID:root -R $install_dir
#================================================= #=================================================
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
@ -521,14 +374,7 @@ ynh_script_progression --message="Configuring application..."
ynh_add_fpm_config --usage=low --footprint=low ynh_add_fpm_config --usage=low --footprint=low
# Create .well-known redirection for access by federation configure_nginx
if yunohost --output-as plain domain list | grep -q "^$server_name$"
then
ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
fi
# Create a dedicated NGINX config
ynh_add_nginx_config app
#================================================= #=================================================
# SPECIFIC UPGRADE # SPECIFIC UPGRADE
@ -537,26 +383,7 @@ ynh_add_nginx_config app
#================================================= #=================================================
ynh_script_progression --message="Updating Coturn config..." --weight=1 ynh_script_progression --message="Updating Coturn config..." --weight=1
# WARNING : theses command are used in INSTALL, UPGRADE configure_coturn
# For any update do it in all files
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl -s ip.yunohost.org)" || true
public_ip6="$(curl -s ipv6.yunohost.org)" || true
turn_external_ip=""
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
turn_external_ip+="external-ip="$public_ip4%"\n"
fi
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
turn_external_ip+="external-ip="$public_ip6%"\n"
fi
ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
#================================================= #=================================================
# ADD SCRIPT FOR COTURN CRON AND APP SERVICE # ADD SCRIPT FOR COTURN CRON AND APP SERVICE
@ -565,8 +392,8 @@ ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/cotu
# WARNING : theses command are used in INSTALL, UPGRADE # WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files # For any update do it in all files
ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$install_dir/Coturn_config_rotate.sh" ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$code_dir/Coturn_config_rotate.sh"
ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$install_dir/update_synapse_for_appservice.sh" ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$code_dir/update_synapse_for_appservice.sh"
# Ensure app-service folder has exists and the config file exit (Migration) # Ensure app-service folder has exists and the config file exit (Migration)
mkdir -p /etc/matrix-$app/app-service mkdir -p /etc/matrix-$app/app-service
@ -583,8 +410,8 @@ fi
# ADVERTISE SERVICE IN ADMIN PANEL # ADVERTISE SERVICE IN ADMIN PANEL
#================================================= #=================================================
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls
#================================================= #=================================================
# UPDATE SYSTEMD # UPDATE SYSTEMD
@ -603,9 +430,6 @@ ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service
#================================================= #=================================================
ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=8 ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=8
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
ynh_add_fail2ban_config --use_template ynh_add_fail2ban_config --use_template
#================================================= #=================================================
@ -613,58 +437,28 @@ ynh_add_fail2ban_config --use_template
#================================================= #=================================================
# SETUP PERMISSIONS # SETUP PERMISSIONS
#================================================= #=================================================
#REMOVEME? ynh_script_progression --message="Configuring permissions..." --weight=1
#REMOVEME? ynh_legacy_permissions_delete_all
ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true ynh_script_progression --message="Configuring permissions..." --weight=1
#REMOVEME? ynh_permission_update --permission=main --show_tile=false --protected=true
#REMOVEME? if ! ynh_permission_exists --permission=server_api; then if yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then
#REMOVEME? ynh_permission_create --permission=server_api --url=$domain/_matrix \ if ! ynh_""permission_exists --permission=server_client_infos; then
--label="Server access for client apps." --show_tile=false --allowed=visitors \ ynh_""permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \
--auth_header=false --protected=true
python3 remove_sso_conf_persistent.py $domain $server_name \
|| ynh_print_warn --message="Your file /etc/ssowat/""conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually."
else
ynh_permission_url --permission=server_api --url=$domain/_matrix --remove_url=$server_name/.well-known/matrix \
--auth_header=false
#REMOVEME? ynh_permission_update --permission=server_api --label="Server access for client apps." --show_tile=false \
--protected=true
fi
#REMOVEME? if yunohost --output-as plain domain list | grep -q "^$server_name"'$' && ! ynh_permission_exists --permission=server_client_infos; then
#REMOVEME? ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \
--label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \
--auth_header=false --protected=true --auth_header=false --protected=true
elif yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then else yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then
ynh_permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \ ynh_""permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \
--auth_header=false --auth_header=false
#REMOVEME? ynh_permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \ ynh_""permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \
--protected=true --protected=true
fi fi
#REMOVEME? if ! ynh_permission_exists --permission=admin_api; then
#REMOVEME? ynh_permission_create --permission=admin_api --url=$domain/_synapse \
--label="Server administration API." --show_tile=false \
--auth_header=false --allowed=visitors
fi fi
#================================================= #=================================================
# SECURE FILES AND DIRECTORIES # SECURE FILES AND DIRECTORIES
#================================================= #=================================================
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE ynh_script_progression --message="Protecting directories..." --weight=3
# For any update do it in all files set_permissions
chown $synapse_user:root -R $install_dir
chmod 770 $install_dir/Coturn_config_rotate.sh
chmod 700 $install_dir/update_synapse_for_appservice.sh
chown $synapse_user:root -R $data_path
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/$server_name.signing.key
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#================================================= #=================================================
# UPDATE HOOKS # UPDATE HOOKS
@ -675,19 +469,13 @@ setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
ynh_replace_string __APP__ $app ../hooks/post_cert_update ynh_replace_string __APP__ $app ../hooks/post_cert_update
ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update
#=================================================
# UPDATE VERSION SETTINGS
#=================================================
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
#================================================= #=================================================
# RELOAD SERVICES # RELOAD SERVICES
#================================================= #=================================================
ynh_script_progression --message="Restarting Synapse services..." --weight=5 ynh_script_progression --message="Restarting Synapse services..." --weight=5
ynh_systemd_action --service_name=coturn-$app.service --action=restart ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300 ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
#================================================= #=================================================
# END OF SCRIPT # END OF SCRIPT