mirror of
https://github.com/YunoHost-Apps/synapse_ynh.git
synced 2024-09-03 20:26:38 +02:00
Full rework of all scripts
- Adapt all script with packaging v2 - Rework cleanly control pannel and remove all replace in file as it's breaken after each update - Cleanup
This commit is contained in:
parent
1be257483e
commit
b435f316a2
19 changed files with 505 additions and 1327 deletions
14
README.md
14
README.md
|
@ -52,7 +52,7 @@ for example
|
||||||
```
|
```
|
||||||
_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com.
|
_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com.
|
||||||
```
|
```
|
||||||
You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port`
|
You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls`
|
||||||
|
|
||||||
For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md
|
For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md
|
||||||
|
|
||||||
|
@ -66,8 +66,8 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu
|
||||||
|
|
||||||
For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
|
For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
|
||||||
```
|
```
|
||||||
yunohost app setting synapse turnserver_tls_port
|
yunohost app setting synapse port_turnserver_tls
|
||||||
yunohost app setting synapse turnserver_alt_tls_port
|
yunohost app setting synapse port_turnserver_alt_tls
|
||||||
|
|
||||||
```
|
```
|
||||||
The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
|
The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
|
||||||
|
@ -162,12 +162,6 @@ Then, to log in the API with your credentials, you need to set your user as admi
|
||||||
|
|
||||||
### Upgrade
|
### Upgrade
|
||||||
|
|
||||||
By default a backup is made before the upgrade. If for some reason you want to upgrade without backup:
|
|
||||||
- Call the command with the `-b` flag: `yunohost app upgrade synapse -b`
|
|
||||||
- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line:
|
|
||||||
|
|
||||||
`yunohost app setting synapse backup_before_upgrade -v 0`
|
|
||||||
|
|
||||||
After this settings will be applied for **all** next upgrade.
|
After this settings will be applied for **all** next upgrade.
|
||||||
|
|
||||||
From command line:
|
From command line:
|
||||||
|
@ -201,7 +195,7 @@ Use the `--purge` flag with the command, or remove it manually to purge app user
|
||||||
|
|
||||||
To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command:
|
To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command:
|
||||||
```
|
```
|
||||||
yunohost app setting synapse__<instancenumber> synapse_tls_port
|
yunohost app setting synapse__<instancenumber> port_synapse_tls
|
||||||
```
|
```
|
||||||
|
|
||||||
Before installing a second instance of the app it's really recommended to update all existing instances.
|
Before installing a second instance of the app it's really recommended to update all existing instances.
|
||||||
|
|
14
README_fr.md
14
README_fr.md
|
@ -52,7 +52,7 @@ for example
|
||||||
```
|
```
|
||||||
_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com.
|
_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com.
|
||||||
```
|
```
|
||||||
You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port`
|
You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls`
|
||||||
|
|
||||||
For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md
|
For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md
|
||||||
|
|
||||||
|
@ -66,8 +66,8 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu
|
||||||
|
|
||||||
For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
|
For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
|
||||||
```
|
```
|
||||||
yunohost app setting synapse turnserver_tls_port
|
yunohost app setting synapse port_turnserver_tls
|
||||||
yunohost app setting synapse turnserver_alt_tls_port
|
yunohost app setting synapse port_turnserver_alt_tls
|
||||||
|
|
||||||
```
|
```
|
||||||
The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
|
The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
|
||||||
|
@ -162,12 +162,6 @@ Then, to log in the API with your credentials, you need to set your user as admi
|
||||||
|
|
||||||
### Upgrade
|
### Upgrade
|
||||||
|
|
||||||
By default a backup is made before the upgrade. If for some reason you want to upgrade without backup:
|
|
||||||
- Call the command with the `-b` flag: `yunohost app upgrade synapse -b`
|
|
||||||
- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line:
|
|
||||||
|
|
||||||
`yunohost app setting synapse backup_before_upgrade -v 0`
|
|
||||||
|
|
||||||
After this settings will be applied for **all** next upgrade.
|
After this settings will be applied for **all** next upgrade.
|
||||||
|
|
||||||
From command line:
|
From command line:
|
||||||
|
@ -201,7 +195,7 @@ Use the `--purge` flag with the command, or remove it manually to purge app user
|
||||||
|
|
||||||
To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command:
|
To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command:
|
||||||
```
|
```
|
||||||
yunohost app setting synapse__<instancenumber> synapse_tls_port
|
yunohost app setting synapse__<instancenumber> port_synapse_tls
|
||||||
```
|
```
|
||||||
|
|
||||||
Before installing a second instance of the app it's really recommended to update all existing instances.
|
Before installing a second instance of the app it's really recommended to update all existing instances.
|
||||||
|
|
|
@ -285,7 +285,7 @@ listeners:
|
||||||
# will also need to give Synapse a TLS key and certificate: see the TLS section
|
# will also need to give Synapse a TLS key and certificate: see the TLS section
|
||||||
# below.)
|
# below.)
|
||||||
#
|
#
|
||||||
- port: __SYNAPSE_TLS_PORT__
|
- port: __PORT_SYNAPSE_TLS__
|
||||||
type: http
|
type: http
|
||||||
tls: true
|
tls: true
|
||||||
resources:
|
resources:
|
||||||
|
@ -297,7 +297,7 @@ listeners:
|
||||||
# If you plan to use a reverse proxy, please see
|
# If you plan to use a reverse proxy, please see
|
||||||
# https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
|
# https://matrix-org.github.io/synapse/latest/reverse_proxy.html.
|
||||||
#
|
#
|
||||||
- port: __PORT__
|
- port: __PORT_SYNAPSE__
|
||||||
tls: false
|
tls: false
|
||||||
type: http
|
type: http
|
||||||
x_forwarded: true
|
x_forwarded: true
|
||||||
|
@ -801,9 +801,9 @@ database:
|
||||||
name: psycopg2
|
name: psycopg2
|
||||||
#txn_limit: 10000
|
#txn_limit: 10000
|
||||||
args:
|
args:
|
||||||
user: __SYNAPSE_DB_USER__
|
user: __DB_USER__
|
||||||
password: __SYNAPSE_DB_PWD__
|
password: __DB_PWD__
|
||||||
database: __SYNAPSE_DB_NAME__
|
database: __DB_NAME__
|
||||||
host: localhost
|
host: localhost
|
||||||
port: 5432
|
port: 5432
|
||||||
cp_min: 5
|
cp_min: 5
|
||||||
|
@ -1178,7 +1178,7 @@ oembed:
|
||||||
|
|
||||||
# The public URIs of the TURN server to give to clients
|
# The public URIs of the TURN server to give to clients
|
||||||
#
|
#
|
||||||
turn_uris: [ "turn:__DOMAIN__:__TURNSERVER_TLS_PORT__?transport=udp", "turn:__DOMAIN__:__TURNSERVER_TLS_PORT__?transport=tcp" ]
|
turn_uris: [ "turn:__DOMAIN__:__PORT_TURNSERVER_TLS__?transport=udp", "turn:__DOMAIN__:__PORT_TURNSERVER_TLS__?transport=tcp" ]
|
||||||
|
|
||||||
# The shared secret used to compute passwords for the TURN server
|
# The shared secret used to compute passwords for the TURN server
|
||||||
#
|
#
|
||||||
|
@ -1271,9 +1271,7 @@ enable_registration: __ENABLE_REGISTRATION__
|
||||||
|
|
||||||
# The user must provide all of the below types of 3PID when registering.
|
# The user must provide all of the below types of 3PID when registering.
|
||||||
#
|
#
|
||||||
registrations_require_3pid:
|
_REGISTRATION_REQUIRE_3PID_SED_PARAM_
|
||||||
- email
|
|
||||||
# - msisdn
|
|
||||||
|
|
||||||
# Explicitly disable asking for MSISDNs from the registration
|
# Explicitly disable asking for MSISDNs from the registration
|
||||||
# flow (overrides registrations_require_3pid if MSISDNs are set as required)
|
# flow (overrides registrations_require_3pid if MSISDNs are set as required)
|
||||||
|
@ -1283,6 +1281,7 @@ disable_msisdn_registration: __DISABLE_MSISDN_REGISTRATION__
|
||||||
# Mandate that users are only allowed to associate certain formats of
|
# Mandate that users are only allowed to associate certain formats of
|
||||||
# 3PIDs with accounts on this server.
|
# 3PIDs with accounts on this server.
|
||||||
#
|
#
|
||||||
|
_ALLOWD_LOCAL_3PIDS_SED_PARAM_
|
||||||
#allowed_local_3pids:
|
#allowed_local_3pids:
|
||||||
# - medium: email
|
# - medium: email
|
||||||
# pattern: '^[^@]+@vector\.im$'
|
# pattern: '^[^@]+@vector\.im$'
|
||||||
|
@ -1395,8 +1394,7 @@ account_threepid_delegates:
|
||||||
# If the room already exists, make certain it is a publicly joinable
|
# If the room already exists, make certain it is a publicly joinable
|
||||||
# room. The join rule of the room must be set to 'public'.
|
# room. The join rule of the room must be set to 'public'.
|
||||||
#
|
#
|
||||||
auto_join_rooms:
|
_AUTO_JOIN_ROOMS_SED_PARAM_
|
||||||
- "#example:example.com"
|
|
||||||
|
|
||||||
# Where auto_join_rooms are specified, setting this flag ensures that the
|
# Where auto_join_rooms are specified, setting this flag ensures that the
|
||||||
# the rooms exist by creating them when the first user on the
|
# the rooms exist by creating them when the first user on the
|
||||||
|
@ -2089,7 +2087,7 @@ sso:
|
||||||
# By default, this list contains only the login fallback page.
|
# By default, this list contains only the login fallback page.
|
||||||
#
|
#
|
||||||
client_whitelist:
|
client_whitelist:
|
||||||
__DOMAIN_WHITELIST_CLIENT__
|
_DOMAIN_WHITELIST_CLIENT_
|
||||||
|
|
||||||
# Uncomment to keep a user's profile fields in sync with information from
|
# Uncomment to keep a user's profile fields in sync with information from
|
||||||
# the identity provider. Currently only syncing the displayname is
|
# the identity provider. Currently only syncing the displayname is
|
||||||
|
@ -2247,8 +2245,8 @@ password_providers:
|
||||||
uid: "uid"
|
uid: "uid"
|
||||||
mail: "mail"
|
mail: "mail"
|
||||||
name: "givenName"
|
name: "givenName"
|
||||||
bind_dn: "uid=__SYNAPSE_USER_APP__,ou=users,dc=yunohost,dc=org"
|
# bind_dn: "uid=_SYNAPSE_USER_APP_,ou=users,dc=yunohost,dc=org"
|
||||||
bind_password: __SYNAPSE_USER_APP_PWD__
|
# bind_password: _SYNAPSE_USER_APP_PWD_
|
||||||
filter: "(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))"
|
filter: "(&(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))"
|
||||||
|
|
||||||
|
|
||||||
|
@ -2270,8 +2268,8 @@ email:
|
||||||
# Username/password for authentication to the SMTP server. By default, no
|
# Username/password for authentication to the SMTP server. By default, no
|
||||||
# authentication is attempted.
|
# authentication is attempted.
|
||||||
#
|
#
|
||||||
smtp_user: __SYNAPSE_USER_APP__
|
# smtp_user: _SYNAPSE_USER_APP_
|
||||||
smtp_pass: __SYNAPSE_USER_APP_PWD__
|
# smtp_pass: _SYNAPSE_USER_APP_PWD_
|
||||||
|
|
||||||
# Uncomment the following to require TLS transport security for SMTP.
|
# Uncomment the following to require TLS transport security for SMTP.
|
||||||
# By default, Synapse will connect over plain text, and will then switch to
|
# By default, Synapse will connect over plain text, and will then switch to
|
||||||
|
@ -2298,7 +2296,7 @@ email:
|
||||||
# Note that the placeholder must be written '%(app)s', including the
|
# Note that the placeholder must be written '%(app)s', including the
|
||||||
# trailing 's'.
|
# trailing 's'.
|
||||||
#
|
#
|
||||||
notif_from: "Your Friendly %(app)s Home Server <__SYNAPSE_USER_APP__@__DOMAIN__>"
|
notif_from: "Your Friendly %(app)s Home Server <__APP__@__DOMAIN__>"
|
||||||
|
|
||||||
# app_name defines the default value for '%(app)s' in notif_from and email
|
# app_name defines the default value for '%(app)s' in notif_from and email
|
||||||
# subjects. It defaults to 'Matrix'.
|
# subjects. It defaults to 'Matrix'.
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
location __PATH__/ {
|
location __PATH__/ {
|
||||||
proxy_pass http://localhost:__PORT__;
|
proxy_pass http://localhost:__PORT_SYNAPSE__;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
|
||||||
client_max_body_size 100M;
|
client_max_body_size __MAX_UPLOAD_SIZE__;
|
||||||
|
|
||||||
# Use the specific path for the php file. It's more secure than global php path
|
# Use the specific path for the php file. It's more secure than global php path
|
||||||
location __PATH__/cas_server.php {
|
location __PATH__/cas_server.php {
|
||||||
|
@ -20,7 +20,7 @@ location __PATH__/ {
|
||||||
|
|
||||||
|
|
||||||
location /_synapse/ {
|
location /_synapse/ {
|
||||||
proxy_pass http://localhost:__PORT__;
|
proxy_pass http://localhost:__PORT_SYNAPSE__;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
location /.well-known/matrix/server {
|
location /.well-known/matrix/server {
|
||||||
return 200 '{"m.server": "__DOMAIN__:__SYNAPSE_TLS_PORT__"}';
|
return 200 '{"m.server": "__DOMAIN__:__PORT_SYNAPSE_TLS__"}';
|
||||||
add_header Content-Type application/json;
|
add_header Content-Type application/json;
|
||||||
add_header Access-Control-Allow-Origin '*';
|
add_header Access-Control-Allow-Origin '*';
|
||||||
}
|
}
|
||||||
|
@ -8,7 +8,7 @@ location /.well-known/matrix/client {
|
||||||
return 200 '{
|
return 200 '{
|
||||||
"m.homeserver": { "base_url": "https://__DOMAIN__" },
|
"m.homeserver": { "base_url": "https://__DOMAIN__" },
|
||||||
"im.vector.riot.jitsi": {"preferredDomain": "__JITSI_SERVER__"},
|
"im.vector.riot.jitsi": {"preferredDomain": "__JITSI_SERVER__"},
|
||||||
"im.vector.riot.e2ee": {"default": __E2E_ENABLED_BY_DEFAULT__ }
|
"im.vector.riot.e2ee": {"default": __E2E_ENABLED_BY_DEFAULT_CLIENT_CONFIG__ }
|
||||||
}';
|
}';
|
||||||
add_header Content-Type application/json;
|
add_header Content-Type application/json;
|
||||||
add_header Access-Control-Allow-Origin '*';
|
add_header Access-Control-Allow-Origin '*';
|
||||||
|
|
|
@ -3,11 +3,11 @@ use-auth-secret
|
||||||
static-auth-secret=__TURNSERVER_PWD__
|
static-auth-secret=__TURNSERVER_PWD__
|
||||||
realm=__DOMAIN__
|
realm=__DOMAIN__
|
||||||
|
|
||||||
tls-listening-port=__TURNSERVER_TLS_PORT__
|
tls-listening-port=__PORT_TURNSERVER_TLS__
|
||||||
alt-tls-listening-port=__TURNSERVER_ALT_TLS_PORT__
|
alt-tls-listening-port=__PORT_TURNSERVER_ALT_TLS__
|
||||||
min-port=49153
|
min-port=49153
|
||||||
max-port=49193
|
max-port=49193
|
||||||
cli-port=__CLI_PORT__
|
cli-port=__PORT_CLI__
|
||||||
|
|
||||||
cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
|
cert=/etc/yunohost/certs/__DOMAIN__/crt.pem
|
||||||
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
|
pkey=/etc/yunohost/certs/__DOMAIN__/key.pem
|
||||||
|
@ -26,4 +26,4 @@ log-file=/var/log/matrix-__APP__/turnserver.log
|
||||||
pidfile=/run/coturn-__APP__/turnserver.pid
|
pidfile=/run/coturn-__APP__/turnserver.pid
|
||||||
simple-log
|
simple-log
|
||||||
|
|
||||||
__TURN_EXTERNAL_IP__
|
_TURN_EXTERNAL_IP_
|
||||||
|
|
|
@ -13,7 +13,6 @@ services = ["matrix-__APP__"]
|
||||||
yes = "true"
|
yes = "true"
|
||||||
no = "false"
|
no = "false"
|
||||||
help = "Defaults to 'false'. If 'true', it is highly recommended to use either captcha, email, or token-based verification to avoid SPAM."
|
help = "Defaults to 'false'. If 'true', it is highly recommended to use either captcha, email, or token-based verification to avoid SPAM."
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[main.welcome.password_enabled]
|
[main.welcome.password_enabled]
|
||||||
ask = "Enable Password Login?"
|
ask = "Enable Password Login?"
|
||||||
|
@ -21,7 +20,6 @@ services = ["matrix-__APP__"]
|
||||||
yes = "true"
|
yes = "true"
|
||||||
no = "false"
|
no = "false"
|
||||||
help = "If disabled, Login with Non-YunoHost Users impossible. But it simplies Login process if your Matrix server only has YunoHost SSO Users."
|
help = "If disabled, Login with Non-YunoHost Users impossible. But it simplies Login process if your Matrix server only has YunoHost SSO Users."
|
||||||
bind = "password_config>enabled:/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
visible = "! enable_registration"
|
visible = "! enable_registration"
|
||||||
|
|
||||||
[main.welcome.registrations_require_3pid]
|
[main.welcome.registrations_require_3pid]
|
||||||
|
@ -49,20 +47,18 @@ services = ["matrix-__APP__"]
|
||||||
yes = "true"
|
yes = "true"
|
||||||
no = "false"
|
no = "false"
|
||||||
help = "Overrides 3PID settings if MSISDNs are set as required."
|
help = "Overrides 3PID settings if MSISDNs are set as required."
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
visible = "enable_registration"
|
visible = "enable_registration"
|
||||||
|
|
||||||
[main.welcome.account_threepid_delegates_msisdn]
|
[main.welcome.account_threepid_delegates_msisdn]
|
||||||
ask = "Specify a third party server to send confirmation code by SMS."
|
ask = "Specify a third party server to send confirmation code by SMS."
|
||||||
type = "string"
|
type = "string"
|
||||||
help = "That should be an URL with port or API."
|
help = "That should be an URL with port or API."
|
||||||
bind = "account_threepid_delegates>msisdn:/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
visible = 'enable_registration && (registrations_require_3pid == "email&msisdn" || registrations_require_3pid == "msisdn")'
|
visible = 'enable_registration && (registrations_require_3pid == "email&msisdn" || registrations_require_3pid == "msisdn")'
|
||||||
|
|
||||||
[main.welcome.auto_join_rooms]
|
[main.welcome.auto_join_rooms]
|
||||||
ask = "Auto Join new Users in following Rooms:"
|
ask = "Auto Join new Users in following Rooms:"
|
||||||
type = "tags"
|
type = "tags"
|
||||||
help = "( e.g. \\\\#example:example.com ) Note that \\\\# will write # in homeserver.yaml. Users who register on this homeserver will automatically be joined to these rooms. If the room already exists, the join rule must be set to 'public'. See also next setting."
|
help = "( e.g. #example:example.com ) Users who register on this homeserver will automatically be joined to these rooms. If the room already exists, the join rule must be set to 'public'. See also next setting."
|
||||||
|
|
||||||
[main.welcome.autocreate_auto_join_rooms]
|
[main.welcome.autocreate_auto_join_rooms]
|
||||||
ask = "Auto-Create room for Auto Join if not existing?"
|
ask = "Auto-Create room for Auto Join if not existing?"
|
||||||
|
@ -70,7 +66,6 @@ services = ["matrix-__APP__"]
|
||||||
yes = "true"
|
yes = "true"
|
||||||
no = "false"
|
no = "false"
|
||||||
help = "Setting to false means that if the rooms are not manually created, users cannot be auto-joined. Auto-created rooms will be public and federated by default, this can be customised in CLI with the settings auto_join_*."
|
help = "Setting to false means that if the rooms are not manually created, users cannot be auto-joined. Auto-created rooms will be public and federated by default, this can be customised in CLI with the settings auto_join_*."
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[main.welcome.notif_for_new_users]
|
[main.welcome.notif_for_new_users]
|
||||||
ask = "Enable email notifications for new users?"
|
ask = "Enable email notifications for new users?"
|
||||||
|
@ -78,7 +73,6 @@ services = ["matrix-__APP__"]
|
||||||
yes = "true"
|
yes = "true"
|
||||||
no = "false"
|
no = "false"
|
||||||
help = "Defaults to 'true'."
|
help = "Defaults to 'true'."
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
visible = "enable_notifs"
|
visible = "enable_notifs"
|
||||||
|
|
||||||
[main.privacy]
|
[main.privacy]
|
||||||
|
@ -97,7 +91,6 @@ services = ["matrix-__APP__"]
|
||||||
type = "select"
|
type = "select"
|
||||||
choices = ["all", "invite", "off"]
|
choices = ["all", "invite", "off"]
|
||||||
help = "Note that encryption can always be turned on manually, even after creation."
|
help = "Note that encryption can always be turned on manually, even after creation."
|
||||||
bind = "encryption_enabled_by_default_for_room_type:/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[main.privacy.allow_public_rooms_over_federation]
|
[main.privacy.allow_public_rooms_over_federation]
|
||||||
ask = "Access Public Rooms Directory over Federation?"
|
ask = "Access Public Rooms Directory over Federation?"
|
||||||
|
@ -105,7 +98,6 @@ services = ["matrix-__APP__"]
|
||||||
yes = "true"
|
yes = "true"
|
||||||
no = "false"
|
no = "false"
|
||||||
help = "Disabled by default. If disabled, users on other homeserver will not be able to look for a public room on your homeserver. They will have to type the ID of the room to join."
|
help = "Disabled by default. If disabled, users on other homeserver will not be able to look for a public room on your homeserver. They will have to type the ID of the room to join."
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[main.privacy.push_include_content]
|
[main.privacy.push_include_content]
|
||||||
ask = "Disable content sharing inside push notification."
|
ask = "Disable content sharing inside push notification."
|
||||||
|
@ -113,7 +105,6 @@ services = ["matrix-__APP__"]
|
||||||
yes = "true"
|
yes = "true"
|
||||||
no = "false"
|
no = "false"
|
||||||
help = "Send content message and sender information in push notification. Set to false increase privacy when GAFAM notification service is used (ie: when element client is downloaded thrue Gplay store)."
|
help = "Send content message and sender information in push notification. Set to false increase privacy when GAFAM notification service is used (ie: when element client is downloaded thrue Gplay store)."
|
||||||
bind = "push>include_content:/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[main.experience]
|
[main.experience]
|
||||||
name = "User Experience"
|
name = "User Experience"
|
||||||
|
@ -122,7 +113,6 @@ services = ["matrix-__APP__"]
|
||||||
ask = "Element instance your HomeServer should redirect to."
|
ask = "Element instance your HomeServer should redirect to."
|
||||||
type = "url"
|
type = "url"
|
||||||
help = "URL to the web client which / will redirect to."
|
help = "URL to the web client which / will redirect to."
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[main.experience.enable_group_creation]
|
[main.experience.enable_group_creation]
|
||||||
ask = "Allow non-server-admin Users to create Spaces?"
|
ask = "Allow non-server-admin Users to create Spaces?"
|
||||||
|
@ -130,7 +120,6 @@ services = ["matrix-__APP__"]
|
||||||
yes = "true"
|
yes = "true"
|
||||||
no = "false"
|
no = "false"
|
||||||
help = "Disabled by default: only server admins can create Spaces"
|
help = "Disabled by default: only server admins can create Spaces"
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[main.experience.enable_notifs]
|
[main.experience.enable_notifs]
|
||||||
ask = "Enable sending emails for messages the user missed?"
|
ask = "Enable sending emails for messages the user missed?"
|
||||||
|
@ -138,18 +127,16 @@ services = ["matrix-__APP__"]
|
||||||
yes = "true"
|
yes = "true"
|
||||||
no = "false"
|
no = "false"
|
||||||
help = "Defaults to 'false'."
|
help = "Defaults to 'false'."
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[main.experience.client_base_url]
|
[main.experience.client_base_url]
|
||||||
ask = "URL for client links within the email notifications."
|
ask = "URL for client links within the email notifications."
|
||||||
type = "url"
|
type = "url"
|
||||||
help = "Used to be called 'riot_base_url', still supported"
|
help = "Used to be called 'riot_base_url', still supported"
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
visible = "enable_notifs"
|
visible = "enable_notifs"
|
||||||
|
|
||||||
[resources]
|
[resources]
|
||||||
name = "Resource Usage"
|
name = "Resource Usage"
|
||||||
services = ["matrix-__APP__", "nginx"]
|
services = ["matrix-__APP__"]
|
||||||
|
|
||||||
[resources.media]
|
[resources.media]
|
||||||
name = "Manage Media growth and clean-up"
|
name = "Manage Media growth and clean-up"
|
||||||
|
@ -158,7 +145,6 @@ services = ["matrix-__APP__", "nginx"]
|
||||||
ask = "Largest allowed media upload size in bytes."
|
ask = "Largest allowed media upload size in bytes."
|
||||||
type = "string"
|
type = "string"
|
||||||
help = "Defaults to: '10M' . Format : <value><[GMK]?>"
|
help = "Defaults to: '10M' . Format : <value><[GMK]?>"
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[advanced]
|
[advanced]
|
||||||
name = "Advanced Settings"
|
name = "Advanced Settings"
|
||||||
|
@ -176,20 +162,12 @@ services = ["matrix-__APP__"]
|
||||||
[advanced.others]
|
[advanced.others]
|
||||||
name = "Others"
|
name = "Others"
|
||||||
|
|
||||||
[advanced.others.backup_before_upgrade]
|
[advanced.others.report_stats]
|
||||||
ask = "Backup before upgrade?"
|
|
||||||
type = "boolean"
|
|
||||||
yes = "true"
|
|
||||||
no = "false"
|
|
||||||
help = "!! If disabled, do a manual backup before upgrade !! Disable if your Synapse instance is huge and you prefer to disable the backup that is normally automatically done before each upgrade."
|
|
||||||
|
|
||||||
[advanced.others.server_statistics]
|
|
||||||
ask = "Server statistics"
|
ask = "Server statistics"
|
||||||
type = "boolean"
|
type = "boolean"
|
||||||
yes = "true"
|
yes = "true"
|
||||||
no = "false"
|
no = "false"
|
||||||
help = "Enable to send anonymous statistics to Synapse Developers to improve performance."
|
help = "Enable to send anonymous statistics to Synapse Developers to improve performance."
|
||||||
bind = "report_stats:/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[advanced.guests]
|
[advanced.guests]
|
||||||
name = "Experience for Guests / Anonymous"
|
name = "Experience for Guests / Anonymous"
|
||||||
|
@ -198,7 +176,6 @@ services = ["matrix-__APP__"]
|
||||||
ask = "Web client location to direct users to during an invite."
|
ask = "Web client location to direct users to during an invite."
|
||||||
type = "url"
|
type = "url"
|
||||||
help = "This is passed to the identity server as the org.matrix.web_client_location key. Defaults to unset, giving no guidance to the identity server."
|
help = "This is passed to the identity server as the org.matrix.web_client_location key. Defaults to unset, giving no guidance to the identity server."
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[advanced.guests.allow_guest_access]
|
[advanced.guests.allow_guest_access]
|
||||||
ask = "Allow Users to Register as Guests?"
|
ask = "Allow Users to Register as Guests?"
|
||||||
|
@ -206,7 +183,6 @@ services = ["matrix-__APP__"]
|
||||||
yes = "true"
|
yes = "true"
|
||||||
no = "false"
|
no = "false"
|
||||||
help = "Guests can participate on this server in rooms with guest access enabled, without a password/email/etc."
|
help = "Guests can participate on this server in rooms with guest access enabled, without a password/email/etc."
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[advanced.guests.auto_join_rooms_for_guests]
|
[advanced.guests.auto_join_rooms_for_guests]
|
||||||
ask = "Enable Auto Join Room for Guests?"
|
ask = "Enable Auto Join Room for Guests?"
|
||||||
|
@ -214,7 +190,6 @@ services = ["matrix-__APP__"]
|
||||||
yes = "true"
|
yes = "true"
|
||||||
no = "false"
|
no = "false"
|
||||||
help = "Defaults to 'true'."
|
help = "Defaults to 'true'."
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
visible = "allow_guest_access"
|
visible = "allow_guest_access"
|
||||||
|
|
||||||
[advanced.privacy]
|
[advanced.privacy]
|
||||||
|
@ -226,13 +201,11 @@ services = ["matrix-__APP__"]
|
||||||
yes = "true"
|
yes = "true"
|
||||||
no = "false"
|
no = "false"
|
||||||
help = "Enable 3PIDs lookup requests to identity servers from this server. See Settings->General->Discovery in Element."
|
help = "Enable 3PIDs lookup requests to identity servers from this server. See Settings->General->Discovery in Element."
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[advanced.privacy.default_identity_server]
|
[advanced.privacy.default_identity_server]
|
||||||
ask = "Identity server suggested to clients?"
|
ask = "Identity server suggested to clients?"
|
||||||
type = "url"
|
type = "url"
|
||||||
help = "Identity server allows to discover, be discovered and invite people you know with phone number or email. If not set, users will probably chose centralized vector.im. See Settings->General->Discovery in Element."
|
help = "Identity server allows to discover, be discovered and invite people you know with phone number or email. If not set, users will probably chose centralized vector.im. See Settings->General->Discovery in Element."
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[advanced.privacy.allow_public_rooms_without_auth]
|
[advanced.privacy.allow_public_rooms_without_auth]
|
||||||
ask = "Access Public Rooms Directory without authentification?"
|
ask = "Access Public Rooms Directory without authentification?"
|
||||||
|
@ -240,7 +213,6 @@ services = ["matrix-__APP__"]
|
||||||
yes = "true"
|
yes = "true"
|
||||||
no = "false"
|
no = "false"
|
||||||
help = "Disabled by default. If enabled, anyone can query the Public Rooms Directory (access through the client API). This only makes sense if you want everyone to be able to scroll your public room to see what's interesting on your Homeserver"
|
help = "Disabled by default. If enabled, anyone can query the Public Rooms Directory (access through the client API). This only makes sense if you want everyone to be able to scroll your public room to see what's interesting on your Homeserver"
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[advanced.registration]
|
[advanced.registration]
|
||||||
name = "Account Registration"
|
name = "Account Registration"
|
||||||
|
@ -249,7 +221,6 @@ services = ["matrix-__APP__"]
|
||||||
ask = "Shared Secret for Registration."
|
ask = "Shared Secret for Registration."
|
||||||
type = "string"
|
type = "string"
|
||||||
help = "Allows registration of standard or admin accounts, even if Registration disabled."
|
help = "Allows registration of standard or admin accounts, even if Registration disabled."
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
||||||
[advanced.registration.turn_allow_guests]
|
[advanced.registration.turn_allow_guests]
|
||||||
ask = "Should guests be allowed to use the TURN server?"
|
ask = "Should guests be allowed to use the TURN server?"
|
||||||
|
@ -257,4 +228,3 @@ services = ["matrix-__APP__"]
|
||||||
yes = "true"
|
yes = "true"
|
||||||
no = "false"
|
no = "false"
|
||||||
help = "This defaults to True, otherwise VoIP will be unreliable for guests. However, it does introduce a slight security risk as it allows users to connect to arbitrary endpoints without having first signed up for a valid account (e.g. by passing a CAPTCHA)."
|
help = "This defaults to True, otherwise VoIP will be unreliable for guests. However, it does introduce a slight security risk as it allows users to connect to arbitrary endpoints without having first signed up for a valid account (e.g. by passing a CAPTCHA)."
|
||||||
bind = ":/etc/matrix-__APP__/homeserver.yaml"
|
|
||||||
|
|
|
@ -26,7 +26,7 @@ for example
|
||||||
```
|
```
|
||||||
_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com.
|
_matrix._tcp.example.com. 3600 IN SRV 10 0 SYNAPSE_PORT synapse.example.com.
|
||||||
```
|
```
|
||||||
You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME synapse_tls_port`
|
You need to replace SYNAPSE_PORT by the real port. This port can be obtained by the command: `yunohost app setting SYNAPSE_INSTANCE_NAME port_synapse_tls`
|
||||||
|
|
||||||
For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md
|
For more details, see : https://github.com/matrix-org/synapse/blob/master/docs/federate.md
|
||||||
|
|
||||||
|
@ -40,8 +40,8 @@ https://federationtester.matrix.org/ can be used to easily debug federation issu
|
||||||
|
|
||||||
For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
|
For Voip and video conferencing a turnserver is also installed (and configured). The turnserver listens on two UDP and TCP ports. You can get them with these commands:
|
||||||
```
|
```
|
||||||
yunohost app setting synapse turnserver_tls_port
|
yunohost app setting synapse port_turnserver_tls
|
||||||
yunohost app setting synapse turnserver_alt_tls_port
|
yunohost app setting synapse port_turnserver_alt_tls
|
||||||
|
|
||||||
```
|
```
|
||||||
The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
|
The turnserver will also choose a port dynamically when a new call starts. The range is between 49153 - 49193.
|
||||||
|
@ -136,12 +136,6 @@ Then, to log in the API with your credentials, you need to set your user as admi
|
||||||
|
|
||||||
### Upgrade
|
### Upgrade
|
||||||
|
|
||||||
By default a backup is made before the upgrade. If for some reason you want to upgrade without backup:
|
|
||||||
- Call the command with the `-b` flag: `yunohost app upgrade synapse -b`
|
|
||||||
- Disable the setting `Backup before upgrade` in the Config Panel. Or with command line:
|
|
||||||
|
|
||||||
`yunohost app setting synapse backup_before_upgrade -v 0`
|
|
||||||
|
|
||||||
After this settings will be applied for **all** next upgrade.
|
After this settings will be applied for **all** next upgrade.
|
||||||
|
|
||||||
From command line:
|
From command line:
|
||||||
|
@ -175,7 +169,7 @@ Use the `--purge` flag with the command, or remove it manually to purge app user
|
||||||
|
|
||||||
To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command:
|
To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command:
|
||||||
```
|
```
|
||||||
yunohost app setting synapse__<instancenumber> synapse_tls_port
|
yunohost app setting synapse__<instancenumber> port_synapse_tls
|
||||||
```
|
```
|
||||||
|
|
||||||
Before installing a second instance of the app it's really recommended to update all existing instances.
|
Before installing a second instance of the app it's really recommended to update all existing instances.
|
||||||
|
|
15
doc/POST_INSTALL.md
Normal file
15
doc/POST_INSTALL.md
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
|
||||||
|
|
||||||
|
If not, you may need to put the following line in the dns configuration:
|
||||||
|
|
||||||
|
_matrix._tcp.$domain. 3600 IN SRV 10 0 $port_synapse_tls $domain.
|
||||||
|
|
||||||
|
For more details, see : https://github.com/matrix-org/synapse#setting-up-federation
|
||||||
|
|
||||||
|
You also need to open the TCP port $port_synapse_tls on your ISP box if it's not automatically done.
|
||||||
|
|
||||||
|
Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
|
||||||
|
|
||||||
|
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh
|
||||||
|
|
||||||
|
You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en
|
|
@ -54,21 +54,29 @@ ram.runtime = "200M"
|
||||||
example = "domain.org"
|
example = "domain.org"
|
||||||
default = "jitsi.riot.im"
|
default = "jitsi.riot.im"
|
||||||
|
|
||||||
|
[install.init_main_permission]
|
||||||
|
help.en = "Define the users allowed to access to synapse. Setting this to 'visitors' don't make sens in this case."
|
||||||
|
type = "group"
|
||||||
|
example = "all_users"
|
||||||
|
default = "all_users"
|
||||||
|
|
||||||
[resources]
|
[resources]
|
||||||
[resources.sources.prebuilt_bookworm]
|
[resources.sources.prebuilt_bookworm]
|
||||||
armv7.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bookworm-bin1_armv7l.tar.gz"
|
prefetch = false
|
||||||
armv7.sha256 = "1a1d9248b139f67d23a89a20745d14d88c5b8627f76872d7f94f66952b5f1253"
|
armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bookworm-bin1_armv7l.tar.gz"
|
||||||
|
armhf.sha256 = "1a1d9248b139f67d23a89a20745d14d88c5b8627f76872d7f94f66952b5f1253"
|
||||||
|
|
||||||
[resources.sources.prebuilt_bullseye]
|
[resources.sources.prebuilt_bullseye]
|
||||||
armv7.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bullseye-bin1_armv7l.tar.gz"
|
prefetch = false
|
||||||
armv7.sha256 = "97e9942bea9bcecc2a75228255a1824298300302559a9332e50816fa54193738"
|
armhf.url = "https://github.com/YunoHost-Apps/synapse_python_build/releases/download/v1.95.0/matrix-synapse_1.95.0-bullseye-bin1_armv7l.tar.gz"
|
||||||
|
armhf.sha256 = "97e9942bea9bcecc2a75228255a1824298300302559a9332e50816fa54193738"
|
||||||
|
|
||||||
[resources.system_user]
|
[resources.system_user]
|
||||||
allow_email = true
|
allow_email = true
|
||||||
home = "/opt/yunohost/matrix-__APP__"
|
home = "/opt/yunohost/matrix-__APP__"
|
||||||
|
|
||||||
[resources.install_dir]
|
[resources.install_dir]
|
||||||
dir = "/opt/yunohost/matrix-__APP__"
|
dir = "/var/www/__APP__"
|
||||||
owner = "__APP__:rwX"
|
owner = "__APP__:rwX"
|
||||||
group = "__APP__:rX"
|
group = "__APP__:rX"
|
||||||
|
|
||||||
|
@ -76,7 +84,8 @@ ram.runtime = "200M"
|
||||||
dir = "/home/yunohost.app/__APP__"
|
dir = "/home/yunohost.app/__APP__"
|
||||||
|
|
||||||
[resources.permissions]
|
[resources.permissions]
|
||||||
main.url = "__DOMAIN__/_matrix/cas_server.php/login"
|
main.url = "/"
|
||||||
|
main.additional_url = "__DOMAIN__/_matrix/cas_server.php/login"
|
||||||
main.label = "Server SSO"
|
main.label = "Server SSO"
|
||||||
main.auth_header = true
|
main.auth_header = true
|
||||||
main.show_tile=false
|
main.show_tile=false
|
||||||
|
@ -84,7 +93,7 @@ ram.runtime = "200M"
|
||||||
|
|
||||||
server_api.url = "__DOMAIN__/_matrix"
|
server_api.url = "__DOMAIN__/_matrix"
|
||||||
server_api.label = "Server access for client apps"
|
server_api.label = "Server access for client apps"
|
||||||
admin_api.allowed = "visitors"
|
server_api.allowed = "visitors"
|
||||||
server_api.auth_header = false
|
server_api.auth_header = false
|
||||||
server_api.show_tile = false
|
server_api.show_tile = false
|
||||||
server_api.protected = true
|
server_api.protected = true
|
||||||
|
@ -98,13 +107,16 @@ ram.runtime = "200M"
|
||||||
|
|
||||||
[resources.ports]
|
[resources.ports]
|
||||||
synapse_tls.default = 8448
|
synapse_tls.default = 8448
|
||||||
main.default = 8008
|
synapse_tls.exposed = "TCP"
|
||||||
|
synapse.default = 8008
|
||||||
turnserver_tls.default = 5349
|
turnserver_tls.default = 5349
|
||||||
|
turnserver_tls.exposed = "Both"
|
||||||
turnserver_alt_tls.default = 5350
|
turnserver_alt_tls.default = 5350
|
||||||
|
turnserver_alt_tls.exposed = "Both"
|
||||||
cli.default = 5766
|
cli.default = 5766
|
||||||
|
|
||||||
[resources.apt]
|
[resources.apt]
|
||||||
packages = ["coturn", "acl",
|
packages = ["coturn", "acl", "postgresql", "php-fpm",
|
||||||
"python3-dev", "python3-venv", "python3-pip", "python3-setuptools", "python3-lxml",
|
"python3-dev", "python3-venv", "python3-pip", "python3-setuptools", "python3-lxml",
|
||||||
"build-essential", "libffi-dev", "libssl-dev", "libxml2-dev", "libxslt1-dev", "zlib1g-dev", "libjpeg-dev", "libpq-dev"]
|
"build-essential", "libffi-dev", "libssl-dev", "libxml2-dev", "libxslt1-dev", "zlib1g-dev", "libjpeg-dev", "libpq-dev"]
|
||||||
|
|
||||||
|
|
|
@ -1,65 +1,169 @@
|
||||||
dependances="coturn build-essential python3-dev libffi-dev python3-pip python3-setuptools sqlite3 libssl-dev python3-venv libxml2-dev libxslt1-dev python3-lxml zlib1g-dev libjpeg-dev libpq-dev postgresql acl"
|
|
||||||
python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
|
|
||||||
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
|
main_domain=$(yunohost domain list --output-as json | jq -r .main)
|
||||||
|
code_dir="/opt/yunohost/matrix-$app"
|
||||||
|
base_api_url="/_matrix"
|
||||||
|
|
||||||
install_sources() {
|
install_sources() {
|
||||||
# Install/upgrade synapse in virtualenv
|
# Install/upgrade synapse in virtualenv
|
||||||
|
|
||||||
# Clean venv is it was on python2.7 or python3 with old version in case major upgrade of debian
|
# Clean venv is it was on python2.7 or python3 with old version in case major upgrade of debian
|
||||||
if [ ! -e $install_dir/bin/python3 ] || [ ! -e $install_dir/lib/python$python_version ]; then
|
if [ ! -e $code_dir/bin/python3 ] || [ ! -e $code_dir/lib/python$python_version ]; then
|
||||||
#REMOVEME? ynh_secure_remove --file=$install_dir/bin
|
ynh_secure_remove --file=$code_dir/bin
|
||||||
#REMOVEME? ynh_secure_remove --file=$install_dir/lib
|
ynh_secure_remove --file=$code_dir/lib
|
||||||
#REMOVEME? ynh_secure_remove --file=$install_dir/lib64
|
ynh_secure_remove --file=$code_dir/lib64
|
||||||
#REMOVEME? ynh_secure_remove --file=$install_dir/include
|
ynh_secure_remove --file=$code_dir/include
|
||||||
#REMOVEME? ynh_secure_remove --file=$install_dir/share
|
ynh_secure_remove --file=$code_dir/share
|
||||||
#REMOVEME? ynh_secure_remove --file=$install_dir/pyvenv.cfg
|
ynh_secure_remove --file=$code_dir/pyvenv.cfg
|
||||||
fi
|
fi
|
||||||
|
|
||||||
mkdir -p $install_dir
|
mkdir -p $code_dir
|
||||||
chown $synapse_user:root -R $install_dir
|
chown $YNH_APP_ID:root -R $code_dir
|
||||||
|
|
||||||
if [ -n "$(uname -m | grep arm)" ]
|
if [ -n "$(uname -m | grep arm)" ]
|
||||||
then
|
then
|
||||||
# Clean old file, sometimes it could make some big issues if we don't do this!!
|
# Clean old file, sometimes it could make some big issues if we don't do this!!
|
||||||
#REMOVEME? ynh_secure_remove --file=$install_dir/bin
|
ynh_secure_remove --file=$code_dir/bin
|
||||||
#REMOVEME? ynh_secure_remove --file=$install_dir/lib
|
ynh_secure_remove --file=$code_dir/lib
|
||||||
#REMOVEME? ynh_secure_remove --file=$install_dir/include
|
ynh_secure_remove --file=$code_dir/include
|
||||||
#REMOVEME? ynh_secure_remove --file=$install_dir/share
|
ynh_secure_remove --file=$code_dir/share
|
||||||
|
|
||||||
ynh_setup_source --dest_dir=$install_dir/ --source_id="armv7_$(lsb_release --codename --short)"
|
ynh_setup_source --dest_dir=$code_dir/ --source_id="armv7_$(lsb_release --codename --short)"
|
||||||
|
|
||||||
# Fix multi-instance support
|
# Fix multi-instance support
|
||||||
for f in $(ls $install_dir/bin); do
|
for f in $(ls $code_dir/bin); do
|
||||||
if ! [[ $f =~ "__" ]]; then
|
if ! [[ $f =~ "__" ]]; then
|
||||||
ynh_replace_special_string --match_string='#!/opt/yunohost/matrix-synapse' --replace_string='#!'$install_dir --target_file=$install_dir/bin/$f
|
ynh_replace_special_string --match_string='#!/opt/yunohost/matrix-synapse' --replace_string='#!'$code_dir --target_file=$code_dir/bin/$f
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
|
|
||||||
# Install virtualenv if it don't exist
|
# Install virtualenv if it don't exist
|
||||||
#REMOVEME? test -e $install_dir/bin/python3 || python3 -m venv $install_dir
|
test -e $code_dir/bin/python3 || python3 -m venv $code_dir
|
||||||
|
|
||||||
# Install synapse in virtualenv
|
# Install synapse in virtualenv
|
||||||
|
|
||||||
# We set all necessary environement variable to create a python virtualenvironnement.
|
# We set all necessary environement variable to create a python virtualenvironnement.
|
||||||
u_arg='u'
|
u_arg='u'
|
||||||
set +$u_arg;
|
set +$u_arg;
|
||||||
source $install_dir/bin/activate
|
source $code_dir/bin/activate
|
||||||
set -$u_arg;
|
set -$u_arg;
|
||||||
|
|
||||||
pip3 install --upgrade setuptools wheel pip
|
pip3 install --upgrade setuptools wheel pip
|
||||||
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
|
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
|
||||||
pip3 install --upgrade -r $YNH_APP_BASEDIR/conf/requirement_$(lsb_release --codename --short).txt
|
pip3 install --upgrade -r $YNH_APP_BASEDIR/conf/requirement_$(lsb_release --codename --short).txt
|
||||||
|
|
||||||
# This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does
|
# This function was defined when we called "source $code_dir/bin/activate". With this function we undo what "$code_dir/bin/activate" does
|
||||||
set +$u_arg;
|
set +$u_arg;
|
||||||
deactivate
|
deactivate
|
||||||
set -$u_arg;
|
set -$u_arg;
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
get_domain_list() {
|
configure_synapse() {
|
||||||
yunohost --output-as plain domain list | grep -E "^#" -v | sort | uniq | while read domain; do
|
local domain_whitelist_client=$(yunohost --output-as plain domain list \
|
||||||
echo -n " - https://$domain\n"
|
| grep -E "^#" -v \
|
||||||
done
|
| sort | uniq \
|
||||||
|
| sed -r 's|^(.*)$| - \1|' \
|
||||||
|
| sed -z 's|\n|\\n|g')
|
||||||
|
local macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
|
||||||
|
local auto_join_rooms_sed_param=""
|
||||||
|
if [ -n $auto_join_rooms ]; then
|
||||||
|
auto_join_rooms_sed_param='auto_join_rooms:\n - "'$auto_join_rooms'"'
|
||||||
|
fi
|
||||||
|
local registration_require_3pid_sed_param=""
|
||||||
|
case ${registrations_require_3pid} in
|
||||||
|
'email')
|
||||||
|
registration_require_3pid_sed_param="registrations_require_3pid:\n - email"
|
||||||
|
;;
|
||||||
|
'msisdn')
|
||||||
|
registration_require_3pid_sed_param="registrations_require_3pid:\n - msisdn"
|
||||||
|
;;
|
||||||
|
'email&msisdn')
|
||||||
|
registration_require_3pid_sed_param="registrations_require_3pid:\n - email\n - msisdn"
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
local allowd_local_3pids_sed_param=""
|
||||||
|
if [ -n "$allowed_local_3pids_email" ] || [ -n "$allowed_local_3pids_msisdn" ]; then
|
||||||
|
allowd_local_3pids_sed_param="allowed_local_3pids:"
|
||||||
|
|
||||||
|
if [ -n "$allowed_local_3pids_email" ]; then
|
||||||
|
allowd_local_3pids_sed_param+="\n - medium: email\n pattern: '$allowed_local_3pids_email'"
|
||||||
|
fi
|
||||||
|
if [ -n "$allowed_local_3pids_msisdn" ]; then
|
||||||
|
allowd_local_3pids_sed_param+="\n - medium: msisdn\n pattern: '$allowed_local_3pids_msisdn'"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
|
||||||
|
sed -i "s|_DOMAIN_WHITELIST_CLIENT_|$domain_whitelist_client|g" /etc/matrix-$app/homeserver.yaml
|
||||||
|
sed -i "s|_AUTO_JOIN_ROOMS_SED_PARAM_|$auto_join_rooms_sed_param|g" /etc/matrix-$app/homeserver.yaml
|
||||||
|
sed -i "s|_REGISTRATION_REQUIRE_3PID_SED_PARAM_|$registration_require_3pid_sed_param|g" /etc/matrix-$app/homeserver.yaml
|
||||||
|
sed -i "s|_ALLOWD_LOCAL_3PIDS_SED_PARAM_|$allowd_local_3pids_sed_param|g" /etc/matrix-$app/homeserver.yaml
|
||||||
|
|
||||||
|
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
|
||||||
|
}
|
||||||
|
|
||||||
|
configure_coturn() {
|
||||||
|
# Get public IP and set as external IP for coturn
|
||||||
|
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
|
||||||
|
local public_ip4="$(curl -s ip.yunohost.org)" || true
|
||||||
|
local public_ip6="$(curl -s ipv6.yunohost.org)" || true
|
||||||
|
|
||||||
|
local turn_external_ip=""
|
||||||
|
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
|
||||||
|
then
|
||||||
|
turn_external_ip+="external-ip=$public_ip4\\n"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
|
||||||
|
then
|
||||||
|
turn_external_ip+="external-ip=$public_ip6\\n"
|
||||||
|
fi
|
||||||
|
|
||||||
|
ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
|
||||||
|
sed -i "s|_TURN_EXTERNAL_IP_|$turn_external_ip|g" /etc/matrix-$app/coturn.conf
|
||||||
|
}
|
||||||
|
|
||||||
|
configure_nginx() {
|
||||||
|
local e2e_enabled_by_default_client_config
|
||||||
|
|
||||||
|
# Create .well-known redirection for access by federation
|
||||||
|
if yunohost --output-as plain domain list | grep -q "^$server_name$"
|
||||||
|
then
|
||||||
|
local e2e_enabled_by_default_client_config
|
||||||
|
if [ $e2e_enabled_by_default == "off" ]; then
|
||||||
|
e2e_enabled_by_default_client_config=false
|
||||||
|
else
|
||||||
|
e2e_enabled_by_default_client_config=true
|
||||||
|
fi
|
||||||
|
ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Create a dedicated NGINX config
|
||||||
|
ynh_add_nginx_config
|
||||||
|
}
|
||||||
|
|
||||||
|
set_permissions() {
|
||||||
|
chown $YNH_APP_ID:$YNH_APP_ID -R $code_dir
|
||||||
|
chmod o= -R $code_dir
|
||||||
|
|
||||||
|
chmod 770 $code_dir/Coturn_config_rotate.sh
|
||||||
|
chmod 700 $code_dir/update_synapse_for_appservice.sh
|
||||||
|
|
||||||
|
find $data_dir \( \! -perm -o= \
|
||||||
|
-o \! -user $YNH_APP_ID \
|
||||||
|
-o \! -group $YNH_APP_ID \) \
|
||||||
|
-exec chown $YNH_APP_ID:$YNH_APP_ID {} \; \
|
||||||
|
-exec chmod o= {} \;
|
||||||
|
|
||||||
|
chown $YNH_APP_ID:$YNH_APP_ID -R /etc/matrix-$app
|
||||||
|
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
|
||||||
|
setfacl -R -m user:turnserver:rX /etc/matrix-$app
|
||||||
|
|
||||||
|
chmod 600 /etc/matrix-$app/$server_name.signing.key
|
||||||
|
|
||||||
|
chown $YNH_APP_ID:root -R /var/log/matrix-$app
|
||||||
|
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,37 +14,10 @@ source /usr/share/yunohost/helpers
|
||||||
# MANAGE SCRIPT FAILURE
|
# MANAGE SCRIPT FAILURE
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# Exit if an error occurs during the execution of the script
|
|
||||||
#REMOVEME? ynh_abort_if_errors
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# LOAD SETTINGS
|
|
||||||
#=================================================
|
|
||||||
#REMOVEME? ynh_print_info --message="Loading installation settings..."
|
|
||||||
|
|
||||||
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
|
|
||||||
|
|
||||||
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|
||||||
#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name)
|
|
||||||
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
|
|
||||||
#REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
|
|
||||||
|
|
||||||
if [[ ! "$(systemctl status matrix-$app.service)" =~ "Active: inactive (dead)" ]]; then
|
if [[ ! "$(systemctl status matrix-$app.service)" =~ "Active: inactive (dead)" ]]; then
|
||||||
ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop $app service with this command before to run the backup 'systemctl stop matrix-$app.service'"
|
ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop $app service with this command before to run the backup 'systemctl stop matrix-$app.service'"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SET CONSTANTS
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
synapse_user="matrix-$app"
|
|
||||||
synapse_db_name="matrix_$app"
|
|
||||||
synapse_db_user="matrix_$app"
|
|
||||||
synapse_db_name="matrix_$app"
|
|
||||||
upstream_version=$(ynh_app_upstream_version)
|
|
||||||
final_www_path="/var/www/$app"
|
|
||||||
data_path="/home/yunohost.app/matrix-$app"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# DECLARE DATA AND CONF FILES TO BACKUP
|
# DECLARE DATA AND CONF FILES TO BACKUP
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -56,8 +29,8 @@ ynh_print_info --message="Declaring files to be backed up..."
|
||||||
# BACKUP THE APP MAIN DIR
|
# BACKUP THE APP MAIN DIR
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
|
ynh_backup --src_path="$code_dir"
|
||||||
ynh_backup --src_path="$install_dir"
|
ynh_backup --src_path="$install_dir"
|
||||||
ynh_backup --src_path="$final_www_path"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# BACKUP THE NGINX CONFIGURATION
|
# BACKUP THE NGINX CONFIGURATION
|
||||||
|
|
|
@ -5,61 +5,20 @@
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# IMPORT GENERIC HELPERS
|
# IMPORT GENERIC HELPERS
|
||||||
source /usr/share/yunohost/helpers
|
|
||||||
|
|
||||||
# Exit if an error occurs during the execution of the script
|
|
||||||
#REMOVEME? ynh_abort_if_errors
|
|
||||||
|
|
||||||
# Import common cmd
|
|
||||||
source ./experimental_helper.sh
|
source ./experimental_helper.sh
|
||||||
source ./_common.sh
|
source ./_common.sh
|
||||||
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
#REMOVEME? ynh_script_progression --message="Loading installation settings..."
|
path=$new_path
|
||||||
|
domain=$new_domain
|
||||||
# RETRIEVE ARGUMENTS
|
|
||||||
#REMOVEME? old_domain=$YNH_APP_OLD_DOMAIN
|
|
||||||
domain=$YNH_APP_NEW_DOMAIN
|
|
||||||
path=$(ynh_normalize_url_path --path $YNH_APP_NEW_PATH)
|
|
||||||
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
|
|
||||||
|
|
||||||
#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name)
|
|
||||||
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
|
|
||||||
#REMOVEME? synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
|
|
||||||
#REMOVEME? jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
|
|
||||||
#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration)
|
|
||||||
#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=synapse_port)
|
|
||||||
#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
|
|
||||||
#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
|
||||||
#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
|
||||||
#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
|
|
||||||
#REMOVEME? report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
|
|
||||||
#REMOVEME? allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
|
|
||||||
#REMOVEME? e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
|
|
||||||
#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
|
|
||||||
#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
|
||||||
#REMOVEME? registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
|
|
||||||
#REMOVEME? form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
|
|
||||||
#REMOVEME? macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
|
|
||||||
#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
|
|
||||||
main_domain=$(yunohost domain list --output-as json | jq -r .main)
|
|
||||||
|
|
||||||
synapse_user="matrix-$app"
|
|
||||||
synapse_user_app="$app"
|
|
||||||
synapse_db_name="matrix_$app"
|
|
||||||
synapse_db_user="matrix_$app"
|
|
||||||
synapse_db_name="matrix_$app"
|
|
||||||
upstream_version=$(ynh_app_upstream_version)
|
|
||||||
domain_whitelist_client_=$(get_domain_list)
|
|
||||||
domain_whitelist_client=${domain_whitelist_client_%"\n"}
|
|
||||||
|
|
||||||
# Check if the new path stay /_matrix if not exit
|
# Check if the new path stay /_matrix if not exit
|
||||||
|
|
||||||
if [[ $path != "/_matrix" ]]
|
if [[ $path != "/_matrix" ]]
|
||||||
then
|
then
|
||||||
ynh_die --message "You can't use an other path than '/_matrix'. You can only change the domain."
|
ynh_die --message "You can't use an other path than '/_matrix'. You can only change the domain."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#REMOVEME? # We stop the service before to set ynh_clean_setup
|
# We stop the service
|
||||||
ynh_systemd_action --service_name=matrix-$app.service --action=stop
|
ynh_systemd_action --service_name=matrix-$app.service --action=stop
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -71,22 +30,7 @@ ynh_systemd_action --service_name=matrix-$app.service --action=stop
|
||||||
ynh_script_progression --message="Updating NGINX configuration..."
|
ynh_script_progression --message="Updating NGINX configuration..."
|
||||||
|
|
||||||
ynh_change_url_nginx_config
|
ynh_change_url_nginx_config
|
||||||
|
configure_nginx
|
||||||
# MODIFY URL IN NGINX CONF
|
|
||||||
#REMOVEME? nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
|
|
||||||
|
|
||||||
#REMOVEME? # Change the domain for nginx
|
|
||||||
# Delete file checksum for the old conf file location
|
|
||||||
#REMOVEME? ynh_delete_file_checksum --file "$nginx_conf_path"
|
|
||||||
#REMOVEME? mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf
|
|
||||||
# Store file checksum for the new config file location
|
|
||||||
#REMOVEME? ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf"
|
|
||||||
|
|
||||||
# Create .well-known redirection for access by federation
|
|
||||||
if yunohost --output-as plain domain list | grep -q "^$server_name$"
|
|
||||||
then
|
|
||||||
#REMOVEME? ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
|
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# UPDATE SYNAPSE CONFIG
|
# UPDATE SYNAPSE CONFIG
|
||||||
|
@ -94,38 +38,14 @@ fi
|
||||||
|
|
||||||
ynh_script_progression --message="Updating Synapse config..." --weight=2
|
ynh_script_progression --message="Updating Synapse config..." --weight=2
|
||||||
|
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times)
|
configure_synapse
|
||||||
# For any update do it in all files
|
|
||||||
|
|
||||||
if [ -z $macaroon_secret_key ]; then
|
|
||||||
# Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice.
|
|
||||||
# For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
|
|
||||||
# The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
|
|
||||||
# So for the old install we just leave this as it is. And for the new install we use a real macaroon.
|
|
||||||
macaroon_secret_key_param='# macaroon_secret_key: ""'
|
|
||||||
else
|
|
||||||
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ $is_free_registration -eq 0 ]
|
|
||||||
then
|
|
||||||
allowed_access=False
|
|
||||||
sso_enabled=True
|
|
||||||
else
|
|
||||||
allowed_access=True
|
|
||||||
sso_enabled=False
|
|
||||||
fi
|
|
||||||
|
|
||||||
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
|
|
||||||
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SECURE FILES AND DIRECTORIES
|
# SECURE FILES AND DIRECTORIES
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# Only setting permissions for the two config files updated above
|
ynh_script_progression --message="Protecting directories..." --weight=3
|
||||||
chown $synapse_user:root -R /etc/matrix-$app
|
set_permissions
|
||||||
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RELOAD SERVICES
|
# RELOAD SERVICES
|
||||||
|
@ -133,6 +53,6 @@ chmod u=rwX,g=rX,o= -R /etc/matrix-$app
|
||||||
ynh_script_progression --message="Restarting Synapse services..." --weight=5
|
ynh_script_progression --message="Restarting Synapse services..." --weight=5
|
||||||
|
|
||||||
ynh_systemd_action --service_name=coturn-$app.service --action=restart
|
ynh_systemd_action --service_name=coturn-$app.service --action=restart
|
||||||
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
|
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
|
||||||
|
|
||||||
ynh_script_progression --message="Change of URL completed for $app" --last
|
ynh_script_progression --message="Change of URL completed for $app" --last
|
||||||
|
|
159
scripts/config
159
scripts/config
|
@ -6,161 +6,14 @@
|
||||||
# IMPORT GENERIC HELPERS
|
# IMPORT GENERIC HELPERS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
|
source ./_common.sh
|
||||||
source /usr/share/yunohost/helpers
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
# Stop script if errors
|
ynh_app_config_apply() {
|
||||||
ynh_abort_if_errors
|
_ynh_app_config_apply
|
||||||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
configure_nginx
|
||||||
|
configure_synapse
|
||||||
get__max_upload_size() {
|
set_permissions
|
||||||
max_upload_size=$(ynh_app_setting_get --app $app --key max_upload_size)
|
|
||||||
echo "${max_upload_size}"
|
|
||||||
}
|
|
||||||
|
|
||||||
set__max_upload_size() {
|
|
||||||
ynh_write_var_in_file --file=/etc/matrix-$app/homeserver.yaml --key=max_upload_size --value="${max_upload_size}"
|
|
||||||
sed -i -r "s|client_max_body_size\s[[:digit:]]*[GMK]?;|client_max_body_size ${max_upload_size};|g" "/etc/nginx/conf.d/$domain.d/$app.conf"
|
|
||||||
ynh_add_nginx_conf
|
|
||||||
}
|
|
||||||
|
|
||||||
get__registrations_require_3pid() {
|
|
||||||
registrations_require_3pid=$(ynh_app_setting_get --app $app --key registrations_require_3pid)
|
|
||||||
echo "${registrations_require_3pid}"
|
|
||||||
}
|
|
||||||
|
|
||||||
# set__registrations_require_3pid() this function is setting datas for registrations_require_3pid field and allowed_local_3pids_(email/msisdn)
|
|
||||||
# it consist on comment or not "registrations_require_3pid:", " - email" and/or " - msisdn"
|
|
||||||
# then depending on the "registrations_require_3pid" value it comment or not "allowed_local_3pids:" lines
|
|
||||||
# and generate all it sub configuration :
|
|
||||||
#
|
|
||||||
# allowed_local_3pids:
|
|
||||||
# - medium: email
|
|
||||||
# pattern: *
|
|
||||||
# ...
|
|
||||||
# - medium: msisdn
|
|
||||||
# pattern: *
|
|
||||||
#
|
|
||||||
# sed -z and \n as new line carracter do the trick on this kind of multline replacement.
|
|
||||||
|
|
||||||
set__registrations_require_3pid() {
|
|
||||||
|
|
||||||
# search pattern to replace (it correspond to the complete section)
|
|
||||||
allowedLocal3pids="s;#?([^\S\n]*allowed_local_3pids:)\n(#?([^\S\n]*-[^\S\n]*medium:[^\S\n]*(email|msisdn)\n)#?([^\S\n]*pattern:[^\S\n]*[^\n]*\n))*;"
|
|
||||||
|
|
||||||
case ${registrations_require_3pid} in
|
|
||||||
'email')
|
|
||||||
# registrations_require_3pid: part
|
|
||||||
sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|registrations_require_3pid:\n - email\n# - msisdn|" "/etc/matrix-$app/homeserver.yaml"
|
|
||||||
|
|
||||||
# allowed_local_3pids: part
|
|
||||||
allowedLocal3pids=${allowedLocal3pids}"\1"
|
|
||||||
|
|
||||||
readarray -td, arr3pidemail < <(echo ${allowed_local_3pids_email});
|
|
||||||
for pidemail in "${arr3pidemail[@]}"; do
|
|
||||||
# add it to regex substitution part
|
|
||||||
allowedLocal3pids=${allowedLocal3pids}"\n - medium: email";
|
|
||||||
allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidemail})'";
|
|
||||||
done;
|
|
||||||
;;
|
|
||||||
|
|
||||||
'msisdn')
|
|
||||||
# registrations_require_3pid: part
|
|
||||||
sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|registrations_require_3pid:\n# - email\n - msisdn|" "/etc/matrix-$app/homeserver.yaml"
|
|
||||||
|
|
||||||
# allowed_local_3pids: part
|
|
||||||
allowedLocal3pids=${allowedLocal3pids}"\1"
|
|
||||||
|
|
||||||
readarray -td, arr3pidmsisdn < <(echo ${allowed_local_3pids_msisdn});
|
|
||||||
for pidmsisdn in "${arr3pidmsisdn[@]}"; do
|
|
||||||
# add it to regex substitution part
|
|
||||||
allowedLocal3pids=${allowedLocal3pids}"\n - medium: msisdn";
|
|
||||||
allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidmsisdn})'";
|
|
||||||
done;
|
|
||||||
;;
|
|
||||||
|
|
||||||
'email&msisdn')
|
|
||||||
# registrations_require_3pid: part
|
|
||||||
sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|registrations_require_3pid:\n - email\n - msisdn|" "/etc/matrix-$app/homeserver.yaml"
|
|
||||||
|
|
||||||
# allowed_local_3pids: part
|
|
||||||
allowedLocal3pids=${allowedLocal3pids}"\1"
|
|
||||||
|
|
||||||
readarray -td, arr3pidemail < <(echo ${allowed_local_3pids_email});
|
|
||||||
for pidemail in "${arr3pidemail[@]}"; do
|
|
||||||
# add it to regex substitution part
|
|
||||||
allowedLocal3pids=${allowedLocal3pids}"\n - medium: email";
|
|
||||||
allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidemail})'";
|
|
||||||
done;
|
|
||||||
|
|
||||||
readarray -td, arr3pidmsisdn < <(echo ${allowed_local_3pids_msisdn});
|
|
||||||
for pidmsisdn in "${arr3pidmsisdn[@]}"; do
|
|
||||||
# add it to regex substitution part
|
|
||||||
allowedLocal3pids=${allowedLocal3pids}"\n - medium: msisdn";
|
|
||||||
allowedLocal3pids=${allowedLocal3pids}"\n$(echo ' ')pattern: '$(echo ${pidmsisdn})'";
|
|
||||||
done;
|
|
||||||
;;
|
|
||||||
|
|
||||||
*)
|
|
||||||
sed -i -z -r "s|#?[^\S\n]*registrations_require_3pid:\n#?[^\S\n]*-[^\S\n]*email\n#?[^\S\n]*-[^\S\n]*msisdn|#registrations_require_3pid:\n# - email\n# - msisdn|" "/etc/matrix-$app/homeserver.yaml"
|
|
||||||
|
|
||||||
# empty fields and comment registration
|
|
||||||
allowedLocal3pids=${allowedLocal3pids}"#\1"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
# finalize regex then apply sed command on the homeserver conf file
|
|
||||||
allowedLocal3pids="${allowedLocal3pids}\n;";
|
|
||||||
sed -i -z -r "${allowedLocal3pids}" "/etc/matrix-$app/homeserver.yaml"
|
|
||||||
|
|
||||||
|
|
||||||
ynh_app_setting_set --app=$app --key=registrations_require_3pid --value="${registrations_require_3pid}"
|
|
||||||
}
|
|
||||||
|
|
||||||
get__allowed_local_3pids_email() {
|
|
||||||
allowed_local_3pids_email=$(ynh_app_setting_get --app $app --key allowed_local_3pids_email)
|
|
||||||
echo "${allowed_local_3pids_email}"
|
|
||||||
}
|
|
||||||
|
|
||||||
set__allowed_local_3pids_email() {
|
|
||||||
set__registrations_require_3pid;
|
|
||||||
ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value="${allowed_local_3pids_email}"
|
|
||||||
}
|
|
||||||
|
|
||||||
get__allowed_local_3pids_msisdn() {
|
|
||||||
allowed_local_3pids_msisdn=$(ynh_app_setting_get --app $app --key allowed_local_3pids_msisdn)
|
|
||||||
echo "${allowed_local_3pids_msisdn}"
|
|
||||||
}
|
|
||||||
|
|
||||||
set__allowed_local_3pids_msisdn() {
|
|
||||||
set__registrations_require_3pid;
|
|
||||||
ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value="${allowed_local_3pids_msisdn}"
|
|
||||||
}
|
|
||||||
|
|
||||||
get__auto_join_rooms() {
|
|
||||||
auto_join_rooms=$(ynh_app_setting_get --app $app --key auto_join_rooms)
|
|
||||||
auto_join_rooms=$(echo ${auto_join_rooms} | sed "s~(\\\\)*\#~\\\\\#~g")
|
|
||||||
echo "${auto_join_rooms}"
|
|
||||||
}
|
|
||||||
|
|
||||||
set__auto_join_rooms() {
|
|
||||||
|
|
||||||
if [ -z ${auto_join_rooms} ] ; then
|
|
||||||
# remove all values comment header and example value
|
|
||||||
sed -i -z -r "s|#?([^\S\n]*auto_join_rooms:\n)#?([^\S\n]*-[^\n]*\n)*|#\1# - \"#example:example.com\"\n|" "/etc/matrix-$app/homeserver.yaml"
|
|
||||||
else
|
|
||||||
|
|
||||||
readarray -td, arrroom < <(echo ${auto_join_rooms});
|
|
||||||
|
|
||||||
# print header then all space separated values
|
|
||||||
autoJoinRooms="s|#?([^\S\n]*auto_join_rooms:)\n(#?[^\S\n]*-[^\n]*\n)*|\1";
|
|
||||||
for room in "${arrroom[@]}"; do
|
|
||||||
autoJoinRooms="${autoJoinRooms}\n - '$(echo ${room})'";
|
|
||||||
done;
|
|
||||||
autoJoinRooms="${autoJoinRooms}\n|";
|
|
||||||
sed -i -z -r "${autoJoinRooms}" "/etc/matrix-$app/homeserver.yaml"
|
|
||||||
fi
|
|
||||||
|
|
||||||
ynh_app_setting_set --app=$app --key=auto_join_rooms --value="${auto_join_rooms}"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
326
scripts/install
326
scripts/install
|
@ -1,7 +1,5 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# GENERIC START
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# IMPORT GENERIC HELPERS
|
# IMPORT GENERIC HELPERS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -10,83 +8,42 @@ source _common.sh
|
||||||
source experimental_helper.sh
|
source experimental_helper.sh
|
||||||
source /usr/share/yunohost/helpers
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# MANAGE SCRIPT FAILURE
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
#REMOVEME? ynh_clean_setup () {
|
|
||||||
# Clean installation remainings that are not handled by the remove script.
|
|
||||||
ynh_clean_check_starting
|
|
||||||
}
|
|
||||||
# Exit if an error occurs during the execution of the script
|
|
||||||
#REMOVEME? ynh_abort_if_errors
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SET CONSTANTS
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
synapse_user="matrix-$app"
|
|
||||||
synapse_user_app="$app"
|
|
||||||
synapse_user_app_pwd="$(ynh_string_random --length=30)"
|
|
||||||
synapse_db_name="matrix_$app"
|
|
||||||
synapse_db_user="matrix_$app"
|
|
||||||
synapse_db_name="matrix_$app"
|
|
||||||
upstream_version=$(ynh_app_upstream_version)
|
|
||||||
report_stats="false"
|
|
||||||
e2e_enabled_by_default="off"
|
|
||||||
default_domain_value="Same than the domain"
|
|
||||||
domain_whitelist_client_=$(get_domain_list)
|
|
||||||
domain_whitelist_client=${domain_whitelist_client_%"\n"}
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
#REMOVEME? domain=$YNH_APP_ARG_DOMAIN
|
if [ "$server_name" == "Same than the domain" ]; then
|
||||||
#REMOVEME? server_name=$YNH_APP_ARG_SERVER_NAME
|
|
||||||
#REMOVEME? is_free_registration=$YNH_APP_ARG_IS_FREE_REGISTRATION
|
|
||||||
#REMOVEME? jitsi_server=$YNH_APP_ARG_JITSI_SERVER
|
|
||||||
path="/_matrix"
|
|
||||||
#REMOVEME? install_dir="/opt/yunohost/matrix-$app"
|
|
||||||
final_www_path="/var/www/$app"
|
|
||||||
data_path="/home/yunohost.app/matrix-$app"
|
|
||||||
main_domain=$(yunohost domain list --output-as json | jq -r .main)
|
|
||||||
|
|
||||||
if [[ "$server_name" == "$default_domain_value" ]]; then
|
|
||||||
server_name=$domain
|
server_name=$domain
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
|
||||||
#=================================================
|
|
||||||
#REMOVEME? ynh_script_progression --message="Validating installation parameters..." --weight=2
|
|
||||||
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain."
|
|
||||||
|
|
||||||
# Check Final Path availability
|
|
||||||
#REMOVEME? test ! -e "$install_dir" || ynh_die --message="This path already contains a folder"
|
|
||||||
|
|
||||||
if [ -e "$data_path" ]; then
|
|
||||||
old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')"
|
|
||||||
ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path"
|
|
||||||
mv "$data_path" "$old_data_dir_path"
|
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# STORE SETTINGS FROM MANIFEST
|
|
||||||
#=================================================
|
|
||||||
#REMOVEME? ynh_script_progression --message="Storing installation settings..." --weight=1
|
|
||||||
|
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=domain --value=$domain
|
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path
|
|
||||||
ynh_app_setting_set --app=$app --key=server_name --value=$server_name
|
ynh_app_setting_set --app=$app --key=server_name --value=$server_name
|
||||||
ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server
|
fi
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir
|
|
||||||
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
|
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
|
|
||||||
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
|
|
||||||
ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
|
|
||||||
|
|
||||||
if [ "$is_free_registration" -eq "0" ]
|
#=================================================
|
||||||
|
## SET STANDARD SETTINGS FROM DEFAULT CONFIG
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_script_progression --message="Storing installation settings..." --weight=1
|
||||||
|
|
||||||
|
report_stats="false"
|
||||||
|
e2e_enabled_by_default="off"
|
||||||
|
allow_public_rooms_without_auth="false"
|
||||||
|
allow_public_rooms_over_federation="false"
|
||||||
|
max_upload_size="10M"
|
||||||
|
disable_msisdn_registration="true"
|
||||||
|
registrations_require_3pid="none"
|
||||||
|
allowed_local_3pids_email=""
|
||||||
|
allowed_local_3pids_msisdn=""
|
||||||
|
allow_guest_access="false"
|
||||||
|
account_threepid_delegates_msisdn=""
|
||||||
|
default_identity_server="https://matrix.org"
|
||||||
|
auto_join_rooms=""
|
||||||
|
autocreate_auto_join_rooms="false"
|
||||||
|
auto_join_rooms_for_guests="true"
|
||||||
|
enable_notifs="true"
|
||||||
|
notif_for_new_users="true"
|
||||||
|
enable_group_creation="true"
|
||||||
|
push_include_content="true"
|
||||||
|
|
||||||
|
if [ "$is_free_registration" -eq 0 ]
|
||||||
then
|
then
|
||||||
enable_registration="false"
|
enable_registration="false"
|
||||||
turn_allow_guests="false"
|
turn_allow_guests="false"
|
||||||
|
@ -101,52 +58,19 @@ else
|
||||||
enable_3pid_lookup="true"
|
enable_3pid_lookup="true"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
|
|
||||||
ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
|
|
||||||
ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled
|
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
|
|
||||||
ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
## SET STANDARD SETTINGS FROM DEFAULT CONFIG
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
element_ynh_url="https://matrix.to/"
|
element_ynh_url="https://matrix.to/"
|
||||||
# Get app name of first Element Instance (can be changed later in Config Panel)
|
# Get app name of first Element Instance (can be changed later in Config Panel)
|
||||||
element_instance="element"
|
element_instance="element"
|
||||||
if yunohost --output-as plain app list | grep -q "^$element_instance$"; then
|
if yunohost --output-as plain app list | grep -q "^$element_instance$"; then
|
||||||
#REMOVEME? element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
|
element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
|
||||||
#REMOVEME? element_path=$(ynh_app_setting_get --app $element_instance --key path)
|
element_path=$(ynh_app_setting_get --app $element_instance --key path)
|
||||||
element_ynh_url="https://""$element_domain""$element_path"
|
element_ynh_url="https://""$element_domain""$element_path"
|
||||||
fi
|
fi
|
||||||
web_client_location=$element_ynh_url
|
web_client_location=$element_ynh_url
|
||||||
client_base_url=$element_ynh_url
|
client_base_url=$element_ynh_url
|
||||||
invite_client_location=$element_ynh_url
|
invite_client_location=$element_ynh_url
|
||||||
|
|
||||||
backup_before_upgrade="true"
|
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
|
||||||
server_statistics="false"
|
|
||||||
allow_public_rooms_without_auth="false"
|
|
||||||
allow_public_rooms_over_federation="false"
|
|
||||||
max_upload_size="10M"
|
|
||||||
disable_msisdn_registration="true"
|
|
||||||
registrations_require_3pid="none"
|
|
||||||
# here we need sed magic to transform $server_name
|
|
||||||
allowed_local_3pids_email=""
|
|
||||||
allowed_local_3pids_msisdn=""
|
|
||||||
allow_guest_access="false"
|
|
||||||
account_threepid_delegates_msisdn=""
|
|
||||||
default_identity_server="https://matrix.org"
|
|
||||||
auto_join_rooms="#auto_join_room:""$server_name"
|
|
||||||
autocreate_auto_join_rooms="false"
|
|
||||||
auto_join_rooms_for_guests="true"
|
|
||||||
password_enabled="true"
|
|
||||||
enable_notifs="true"
|
|
||||||
notif_for_new_users="true"
|
|
||||||
enable_group_creation="true"
|
|
||||||
push_include_content="true"
|
|
||||||
|
|
||||||
ynh_app_setting_set --app=$app --key=backup_before_upgrade --value=$backup_before_upgrade
|
|
||||||
ynh_app_setting_set --app=$app --key=server_statistics --value=$server_statistics
|
|
||||||
ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location
|
ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location
|
||||||
ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url
|
ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url
|
||||||
ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
|
ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
|
||||||
|
@ -163,39 +87,19 @@ ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_id
|
||||||
ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms
|
ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms
|
||||||
ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms
|
ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms
|
||||||
ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests
|
ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
|
ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
|
||||||
ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs
|
ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs
|
||||||
ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users
|
ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users
|
||||||
ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation
|
ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation
|
||||||
ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
|
ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
|
||||||
|
ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
|
||||||
|
ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
|
||||||
|
ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled
|
||||||
|
ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
|
||||||
|
ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD MODIFICATIONS
|
# STANDARD MODIFICATIONS
|
||||||
#=================================================
|
|
||||||
# FIND AND OPEN A PORT
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Configuring firewall..." --weight=19
|
|
||||||
|
|
||||||
# Find a free port
|
|
||||||
#REMOVEME? synapse_tls_port=$(ynh_find_port --port=8448)
|
|
||||||
#REMOVEME? port=$(ynh_find_port --port=8008)
|
|
||||||
#REMOVEME? turnserver_tls_port=$(ynh_find_port --port=5349)
|
|
||||||
#REMOVEME? turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
|
|
||||||
#REMOVEME? cli_port=$(ynh_find_port --port=5766)
|
|
||||||
|
|
||||||
# Open this port
|
|
||||||
ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port
|
|
||||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
|
|
||||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
|
|
||||||
|
|
||||||
# Store opened ports
|
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_port --value=$port
|
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_tls_port --value=$synapse_tls_port
|
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port
|
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
|
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CREATE A DH FILE
|
# CREATE A DH FILE
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -212,45 +116,18 @@ then
|
||||||
chmod 640 /etc/ssl/private/dh2048.pem
|
chmod 640 /etc/ssl/private/dh2048.pem
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# INSTALL DEPENDENCIES
|
|
||||||
#=================================================
|
|
||||||
#REMOVEME? ynh_script_progression --message="Installing dependencies..." --weight=80
|
|
||||||
|
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
|
||||||
# For any update do it in all files
|
|
||||||
#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CREATE DEDICATED USER
|
# CREATE DEDICATED USER
|
||||||
#=================================================
|
#=================================================
|
||||||
#REMOVEME? ynh_script_progression --message="Configuring system user..." --weight=3
|
ynh_script_progression --message="Creating $app user..." --weight=1
|
||||||
|
|
||||||
#REMOVEME? ynh_system_user_create --username=$synapse_user --home_dir=$install_dir
|
synapse_user_app_pwd="$(ynh_string_random --length=30)"
|
||||||
# The format to create an user account varies depending on the version of YunoHost currently installed.
|
ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
|
||||||
ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost)
|
# yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
|
||||||
if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then
|
|
||||||
yunohost user create $synapse_user_app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
|
adduser $YNH_APP_ID ssl-cert
|
||||||
else
|
|
||||||
yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd"
|
|
||||||
fi
|
|
||||||
adduser $synapse_user ssl-cert
|
|
||||||
adduser turnserver ssl-cert
|
adduser turnserver ssl-cert
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CREATE A POSTGRESQL DATABASE
|
|
||||||
#=================================================
|
|
||||||
#REMOVEME? ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4
|
|
||||||
|
|
||||||
synapse_db_pwd=$(ynh_string_random --length=30)
|
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd
|
|
||||||
|
|
||||||
# Create postgresql database
|
|
||||||
#REMOVEME? ynh_psql_test_if_first_run
|
|
||||||
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
|
|
||||||
ynh_psql_execute_as_root \
|
|
||||||
--sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -260,7 +137,6 @@ ynh_script_progression --message="Setting up source files..." --weight=50
|
||||||
|
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
# WARNING : theses command are used in INSTALL, UPGRADE
|
||||||
# For any update do it in all files
|
# For any update do it in all files
|
||||||
mkdir -p $data_path
|
|
||||||
mkdir -p /var/log/matrix-$app
|
mkdir -p /var/log/matrix-$app
|
||||||
mkdir -p /etc/matrix-$app/conf.d
|
mkdir -p /etc/matrix-$app/conf.d
|
||||||
mkdir -p /etc/matrix-$app/app-service
|
mkdir -p /etc/matrix-$app/app-service
|
||||||
|
@ -275,10 +151,9 @@ install_sources
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
# WARNING : theses command are used in INSTALL, UPGRADE
|
||||||
# For any update do it in all files
|
# For any update do it in all files
|
||||||
|
|
||||||
mkdir -p $final_www_path
|
cp ../sources/cas_server.php $install_dir/
|
||||||
cp ../sources/cas_server.php $final_www_path/
|
chmod u=rwX,g=rX,o= -R $install_dir
|
||||||
chmod u=rwX,g=rX,o= -R $final_www_path
|
chown $YNH_APP_ID:$YNH_APP_ID -R $install_dir
|
||||||
chown $synapse_user:root -R $final_www_path
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CREATE SYNAPSE CONFIG
|
# CREATE SYNAPSE CONFIG
|
||||||
|
@ -287,17 +162,18 @@ chown $synapse_user:root -R $final_www_path
|
||||||
ynh_script_progression --message="Creating Synapse config..." --weight=3
|
ynh_script_progression --message="Creating Synapse config..." --weight=3
|
||||||
|
|
||||||
# Go in virtualenvironnement
|
# Go in virtualenvironnement
|
||||||
set +u;
|
u_arg='u'
|
||||||
source $install_dir/bin/activate
|
set +$u_arg;
|
||||||
set -u;
|
source $code_dir/bin/activate
|
||||||
|
set -$u_arg;
|
||||||
|
|
||||||
# Generate config
|
# Generate config
|
||||||
python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --server-name $server_name --report-stats=no -c homeserver.yml
|
python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --server-name $server_name --report-stats=no -c homeserver.yml
|
||||||
|
|
||||||
# This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does
|
# This function was defined when we called "source $code_dir/bin/activate". With this function we undo what "$code_dir/bin/activate" does
|
||||||
set +u;
|
set +$u_arg;
|
||||||
deactivate
|
deactivate
|
||||||
set -u;
|
set -$u_arg;
|
||||||
|
|
||||||
# Get random values from config
|
# Get random values from config
|
||||||
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
|
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
|
||||||
|
@ -331,14 +207,7 @@ ynh_script_progression --message="Configuring application..."
|
||||||
|
|
||||||
ynh_add_fpm_config --usage=low --footprint=low
|
ynh_add_fpm_config --usage=low --footprint=low
|
||||||
|
|
||||||
# Create .well-known redirection for access by federation
|
configure_nginx
|
||||||
if yunohost --output-as plain domain list | grep -q "^$server_name$"
|
|
||||||
then
|
|
||||||
ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Create a dedicated nginx config
|
|
||||||
ynh_add_nginx_config app
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SET SYNAPSE CONFIG
|
# SET SYNAPSE CONFIG
|
||||||
|
@ -349,41 +218,14 @@ ynh_script_progression --message="Configuring Synapse..." --weight=2
|
||||||
turnserver_pwd=$(ynh_string_random --length=30)
|
turnserver_pwd=$(ynh_string_random --length=30)
|
||||||
ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
|
ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
|
||||||
|
|
||||||
# Configure Synapse
|
configure_synapse
|
||||||
|
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times)
|
|
||||||
# For any update do it in all files
|
|
||||||
|
|
||||||
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
|
|
||||||
|
|
||||||
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
|
|
||||||
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SET COTURN CONFIG
|
# SET COTURN CONFIG
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Configuring Coturn..." --weight=1
|
ynh_script_progression --message="Configuring Coturn..." --weight=1
|
||||||
|
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
configure_coturn
|
||||||
# For any update do it in all files
|
|
||||||
|
|
||||||
# Get public IP and set as external IP for coturn
|
|
||||||
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
|
|
||||||
public_ip4="$(curl -s ip.yunohost.org)" || true
|
|
||||||
public_ip6="$(curl -s ipv6.yunohost.org)" || true
|
|
||||||
|
|
||||||
turn_external_ip=""
|
|
||||||
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
|
|
||||||
then
|
|
||||||
turn_external_ip+="external-ip="$public_ip4%"\n"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
|
|
||||||
then
|
|
||||||
turn_external_ip+="external-ip="$public_ip6%"\n"
|
|
||||||
fi
|
|
||||||
|
|
||||||
ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP LOGROTATE
|
# SETUP LOGROTATE
|
||||||
|
@ -399,8 +241,8 @@ ynh_use_logrotate --logfile "/var/log/matrix-$app"
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
# WARNING : theses command are used in INSTALL, UPGRADE
|
||||||
# For any update do it in all files
|
# For any update do it in all files
|
||||||
|
|
||||||
ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$install_dir/Coturn_config_rotate.sh"
|
ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$code_dir/Coturn_config_rotate.sh"
|
||||||
ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$install_dir/update_synapse_for_appservice.sh"
|
ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$code_dir/update_synapse_for_appservice.sh"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# GENERIC FINALIZATION
|
# GENERIC FINALIZATION
|
||||||
|
@ -411,7 +253,7 @@ ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destin
|
||||||
ynh_script_progression --message="Configuring permissions..." --weight=1
|
ynh_script_progression --message="Configuring permissions..." --weight=1
|
||||||
|
|
||||||
if yunohost --output-as plain domain list | grep -q "^$server_name$"; then
|
if yunohost --output-as plain domain list | grep -q "^$server_name$"; then
|
||||||
ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \
|
ynh_""permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \
|
||||||
--label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \
|
--label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \
|
||||||
--auth_header=false --protected=true
|
--auth_header=false --protected=true
|
||||||
fi
|
fi
|
||||||
|
@ -429,25 +271,15 @@ ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update
|
||||||
# SECURE FILES AND DIRECTORIES
|
# SECURE FILES AND DIRECTORIES
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
ynh_script_progression --message="Protecting directories..." --weight=3
|
||||||
# For any update do it in all files
|
set_permissions
|
||||||
chown $synapse_user:root -R $install_dir
|
|
||||||
chmod 770 $install_dir/Coturn_config_rotate.sh
|
|
||||||
chmod 700 $install_dir/update_synapse_for_appservice.sh
|
|
||||||
chown $synapse_user:root -R $data_path
|
|
||||||
chown $synapse_user:root -R /var/log/matrix-$app
|
|
||||||
chown $synapse_user:root -R /etc/matrix-$app
|
|
||||||
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
|
|
||||||
chmod 600 /etc/matrix-$app/$server_name.signing.key
|
|
||||||
setfacl -R -m user:turnserver:rX /etc/matrix-$app
|
|
||||||
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# ADVERTISE SERVICE IN ADMIN PANEL
|
# ADVERTISE SERVICE IN ADMIN PANEL
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port
|
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls
|
||||||
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
|
yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RELOAD SERVICES
|
# RELOAD SERVICES
|
||||||
|
@ -455,43 +287,15 @@ yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
|
||||||
ynh_script_progression --message="Restarting Synapse services..." --weight=11
|
ynh_script_progression --message="Restarting Synapse services..." --weight=11
|
||||||
|
|
||||||
ynh_systemd_action --service_name=coturn-$app.service --action=restart
|
ynh_systemd_action --service_name=coturn-$app.service --action=restart
|
||||||
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
|
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP FAIL2BAN
|
# SETUP FAIL2BAN
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Configuring Fail2Ban..." --weight=10
|
ynh_script_progression --message="Configuring Fail2Ban..." --weight=10
|
||||||
|
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
|
||||||
# For any update do it in all files
|
|
||||||
|
|
||||||
ynh_add_fail2ban_config --use_template
|
ynh_add_fail2ban_config --use_template
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SEND A README FOR THE ADMIN
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# WARNING : theses command are used in INSTALL, RESTORE
|
|
||||||
# For any update do it in all files
|
|
||||||
|
|
||||||
echo "If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
|
|
||||||
|
|
||||||
If not, you may need to put the following line in the dns configuration:
|
|
||||||
|
|
||||||
_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain.
|
|
||||||
|
|
||||||
For more details, see : https://github.com/matrix-org/synapse#setting-up-federation
|
|
||||||
|
|
||||||
You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done.
|
|
||||||
|
|
||||||
Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
|
|
||||||
|
|
||||||
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh
|
|
||||||
|
|
||||||
You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en" > mail_to_send
|
|
||||||
|
|
||||||
ynh_send_readme_to_admin --app_message="mail_to_send" --type="install"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# END OF SCRIPT
|
# END OF SCRIPT
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
|
@ -10,32 +10,6 @@ source _common.sh
|
||||||
source experimental_helper.sh
|
source experimental_helper.sh
|
||||||
source /usr/share/yunohost/helpers
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# LOAD SETTINGS
|
|
||||||
#=================================================
|
|
||||||
#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=3
|
|
||||||
|
|
||||||
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
|
|
||||||
|
|
||||||
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|
||||||
#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name)
|
|
||||||
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
|
|
||||||
#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
|
|
||||||
#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
|
||||||
#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SET CONSTANTS
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
synapse_user="matrix-$app"
|
|
||||||
synapse_user_app="$app"
|
|
||||||
synapse_db_name="matrix_$app"
|
|
||||||
synapse_db_user="matrix_$app"
|
|
||||||
synapse_db_name="matrix_$app"
|
|
||||||
upstream_version=$(ynh_app_upstream_version)
|
|
||||||
final_www_path="/var/www/$app"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD REMOVE
|
# STANDARD REMOVE
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -61,29 +35,12 @@ ynh_script_progression --message="Stopping and removing the systemd service" --w
|
||||||
ynh_remove_systemd_config --service=matrix-$app
|
ynh_remove_systemd_config --service=matrix-$app
|
||||||
ynh_remove_systemd_config --service=coturn-$app
|
ynh_remove_systemd_config --service=coturn-$app
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REMOVE THE POSTGRESQL DATABASE
|
|
||||||
#=================================================
|
|
||||||
#REMOVEME? ynh_script_progression --message="Removing the PostgreSQL database" --weight=2
|
|
||||||
|
|
||||||
# Remove a database if it exists, along with the associated user
|
|
||||||
#REMOVEME? ynh_psql_remove_db --db_user=$synapse_db_name --db_name=$synapse_db_user
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# REMOVE DEPENDENCIES
|
|
||||||
#=================================================
|
|
||||||
#REMOVEME? ynh_script_progression --message="Removing dependencies" --weight=15
|
|
||||||
|
|
||||||
# Remove metapackage and its dependencies
|
|
||||||
#REMOVEME? ynh_remove_app_dependencies
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# REMOVE APP MAIN DIR
|
# REMOVE APP MAIN DIR
|
||||||
#=================================================
|
#=================================================
|
||||||
#REMOVEME? ynh_script_progression --message="Removing app main directory" --weight=2
|
ynh_script_progression --message="Removing app main directory" --weight=2
|
||||||
|
|
||||||
#REMOVEME? ynh_secure_remove --file=$install_dir
|
ynh_secure_remove --file=$code_dir
|
||||||
ynh_secure_remove --file=$final_www_path
|
|
||||||
ynh_secure_remove --file=/var/log/matrix-$app
|
ynh_secure_remove --file=/var/log/matrix-$app
|
||||||
ynh_secure_remove --file=/etc/matrix-$app
|
ynh_secure_remove --file=/etc/matrix-$app
|
||||||
ynh_secure_remove --file=/etc/default/matrix-$app
|
ynh_secure_remove --file=/etc/default/matrix-$app
|
||||||
|
@ -109,23 +66,6 @@ ynh_script_progression --message="Removing logrotate configuration" --weight=1
|
||||||
# Remove the app-specific logrotate config
|
# Remove the app-specific logrotate config
|
||||||
ynh_remove_logrotate
|
ynh_remove_logrotate
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CLOSE A PORT
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
closeport() {
|
|
||||||
local port=$1
|
|
||||||
if yunohost firewall list | grep -q "\- $port$"
|
|
||||||
then
|
|
||||||
ynh_script_progression --message="Closing port $port"
|
|
||||||
ynh_exec_warn_less yunohost firewall disallow Both $port
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
closeport $synapse_tls_port
|
|
||||||
closeport $turnserver_tls_port
|
|
||||||
closeport $turnserver_alt_tls_port
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# REMOVE FAIL2BAN CONFIGURATION
|
# REMOVE FAIL2BAN CONFIGURATION
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -139,11 +79,10 @@ ynh_remove_fail2ban_config
|
||||||
#=================================================
|
#=================================================
|
||||||
# REMOVE DEDICATED USER
|
# REMOVE DEDICATED USER
|
||||||
#=================================================
|
#=================================================
|
||||||
#REMOVEME? ynh_script_progression --message="Removing the dedicated system user" --weight=1
|
ynh_script_progression --message="Removing the dedicated system user" --weight=1
|
||||||
|
|
||||||
# Delete a system user
|
# Delete a system user
|
||||||
#REMOVEME? ynh_system_user_delete --username=$synapse_user
|
yunohost user delete $YNH_APP_ID
|
||||||
yunohost user delete $synapse_user_app
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# END OF SCRIPT
|
# END OF SCRIPT
|
||||||
|
|
|
@ -1,39 +0,0 @@
|
||||||
import json
|
|
||||||
import sys
|
|
||||||
|
|
||||||
with open("/etc/ssowat/" + "conf.json.persistent", "r", encoding='utf-8') as jsonFile:
|
|
||||||
data = json.load(jsonFile)
|
|
||||||
|
|
||||||
for domain in ("", sys.argv[1], sys.argv[2]):
|
|
||||||
for path in ("/_matrix", "/.well-known/matrix/", "/_matrix/cas_server.php/login"):
|
|
||||||
url = domain + path
|
|
||||||
try:
|
|
||||||
uri_list = data["skipped_urls"]
|
|
||||||
while url in uri_list:
|
|
||||||
uri_list.remove(url)
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
|
|
||||||
try:
|
|
||||||
uri_list = data["protected_urls"]
|
|
||||||
while url in uri_list:
|
|
||||||
uri_list.remove(url)
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
|
|
||||||
try:
|
|
||||||
uri_list = data["permissions"]["custom_protected"]["uris"]
|
|
||||||
while url in uri_list:
|
|
||||||
uri_list.remove(url)
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
|
|
||||||
try:
|
|
||||||
uri_list = data["permissions"]["custom_skipped"]["uris"]
|
|
||||||
while url in uri_list:
|
|
||||||
uri_list.remove(url)
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
|
|
||||||
with open("/etc/ssowat/" + "conf.json.persistent", "w", encoding='utf-8') as jsonFile:
|
|
||||||
jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
|
|
161
scripts/restore
161
scripts/restore
|
@ -11,83 +11,19 @@ source ../settings/scripts/_common.sh
|
||||||
source ../settings/scripts/experimental_helper.sh
|
source ../settings/scripts/experimental_helper.sh
|
||||||
source /usr/share/yunohost/helpers
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# MANAGE SCRIPT FAILURE
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
#REMOVEME? ynh_clean_setup () {
|
|
||||||
# Clean installation remainings that are not handled by the remove script.
|
|
||||||
ynh_clean_check_starting
|
|
||||||
}
|
|
||||||
# Exit if an error occurs during the execution of the script
|
|
||||||
#REMOVEME? ynh_abort_if_errors
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# LOAD SETTINGS
|
# LOAD SETTINGS
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Loading settings..."
|
ynh_script_progression --message="Loading settings..."
|
||||||
|
|
||||||
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
|
|
||||||
|
|
||||||
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|
||||||
#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name)
|
|
||||||
#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path)
|
|
||||||
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
|
|
||||||
#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
|
|
||||||
#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
|
||||||
#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
|
||||||
#REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
|
|
||||||
#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
|
|
||||||
#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
|
|
||||||
main_domain=$(yunohost domain list --output-as json | jq -r .main)
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SET ALL CONSTANT
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
synapse_user="matrix-$app"
|
|
||||||
synapse_user_app="$app"
|
|
||||||
synapse_db_name="matrix_$app"
|
|
||||||
synapse_db_user="matrix_$app"
|
|
||||||
synapse_db_name="matrix_$app"
|
|
||||||
upstream_version=$(ynh_app_upstream_version)
|
|
||||||
final_www_path="/var/www/$app"
|
|
||||||
data_path="/home/yunohost.app/matrix-$app"
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CHECK IF THE APP CAN BE RESTORED
|
|
||||||
#=================================================
|
|
||||||
#REMOVEME? ynh_script_progression --message="Validating restoration parameters..." --weight=2
|
|
||||||
|
|
||||||
#REMOVEME? test ! -d $install_dir \
|
|
||||||
|| ynh_die --message="There is already a directory: $install_dir "
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# STANDARD RESTORATION STEPS
|
|
||||||
#=================================================
|
|
||||||
# REINSTALL DEPENDENCIES
|
|
||||||
#=================================================
|
|
||||||
#REMOVEME? ynh_script_progression --message="Reinstalling dependencies..." --weight=70
|
|
||||||
|
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
|
||||||
# For any update do it in all files
|
|
||||||
#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RECREATE THE DEDICATED USER
|
# RECREATE THE DEDICATED USER
|
||||||
#=================================================
|
#=================================================
|
||||||
#REMOVEME? ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
|
ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
|
||||||
|
|
||||||
# Create the dedicated user (if not existing)
|
# Create the dedicated user (if not existing)
|
||||||
#REMOVEME? ynh_system_user_create --username=$synapse_user --home_dir=$install_dir
|
yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
|
||||||
# The format to create an user account varies depending on the version of YunoHost currently installed.
|
adduser $YNH_APP_ID ssl-cert
|
||||||
ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost)
|
|
||||||
if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then
|
|
||||||
yunohost user create $synapse_user_app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
|
|
||||||
else
|
|
||||||
yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd"
|
|
||||||
fi
|
|
||||||
adduser $synapse_user ssl-cert
|
|
||||||
adduser turnserver ssl-cert
|
adduser turnserver ssl-cert
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -113,17 +49,8 @@ ynh_systemd_action --action=restart --service_name=fail2ban
|
||||||
#=================================================
|
#=================================================
|
||||||
# RESTORE THE POSTGRESQL DATABASE
|
# RESTORE THE POSTGRESQL DATABASE
|
||||||
#=================================================
|
#=================================================
|
||||||
#REMOVEME? ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13
|
ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=13
|
||||||
|
|
||||||
#REMOVEME? ynh_psql_test_if_first_run
|
|
||||||
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
|
|
||||||
ynh_psql_execute_as_root \
|
|
||||||
--sql="CREATE DATABASE $synapse_db_name
|
|
||||||
ENCODING 'UTF8'
|
|
||||||
LC_COLLATE='C'
|
|
||||||
LC_CTYPE='C'
|
|
||||||
template=template0
|
|
||||||
OWNER $synapse_db_user;"
|
|
||||||
ynh_psql_execute_file_as_root --file="${YNH_CWD}/dump.sql" --database="$synapse_db_name"
|
ynh_psql_execute_file_as_root --file="${YNH_CWD}/dump.sql" --database="$synapse_db_name"
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -139,8 +66,8 @@ systemctl enable coturn-$app.service --quiet
|
||||||
# ADVERTISE SERVICE IN ADMIN PANEL
|
# ADVERTISE SERVICE IN ADMIN PANEL
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port
|
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls
|
||||||
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
|
yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# CREATE A DH FILE
|
# CREATE A DH FILE
|
||||||
|
@ -163,43 +90,7 @@ fi
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Reconfiguring Coturn..." --weight=23
|
ynh_script_progression --message="Reconfiguring Coturn..." --weight=23
|
||||||
|
|
||||||
# To be sure that at the restoration the IP address in coturn config is the same as the real address we remake the coturn config
|
configure_coturn
|
||||||
|
|
||||||
# Retrieve specific settings
|
|
||||||
#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
|
||||||
#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
|
||||||
#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
|
|
||||||
#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
|
||||||
|
|
||||||
# WARNING : these commands are used in INSTALL, UPGRADE
|
|
||||||
# For any update do it in all files
|
|
||||||
|
|
||||||
# Get public IP and set as external IP for coturn
|
|
||||||
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
|
|
||||||
public_ip4="$(curl -s ip.yunohost.org)" || true
|
|
||||||
public_ip6="$(curl -s ipv6.yunohost.org)" || true
|
|
||||||
|
|
||||||
turn_external_ip=""
|
|
||||||
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
|
|
||||||
then
|
|
||||||
turn_external_ip+="external-ip="$public_ip4%"\n"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
|
|
||||||
then
|
|
||||||
turn_external_ip+="external-ip="$public_ip6%"\n"
|
|
||||||
fi
|
|
||||||
|
|
||||||
ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# OPEN THE PORT
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Ouvre le port dans le firewall
|
|
||||||
ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port
|
|
||||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
|
|
||||||
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP LOGROTATE
|
# SETUP LOGROTATE
|
||||||
|
@ -214,21 +105,8 @@ ynh_use_logrotate --logfile /var/log/matrix-$app
|
||||||
# SECURE FILES AND DIRECTORIES
|
# SECURE FILES AND DIRECTORIES
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE (3 times)
|
ynh_script_progression --message="Protecting directories..." --weight=3
|
||||||
# For any update do it in all files
|
set_permissions
|
||||||
ynh_script_progression --message="Configuring file permission..."
|
|
||||||
chown $synapse_user:root -R $install_dir
|
|
||||||
chmod 770 $install_dir/Coturn_config_rotate.sh
|
|
||||||
chmod 700 $install_dir/update_synapse_for_appservice.sh
|
|
||||||
chown $synapse_user:root -R $data_path
|
|
||||||
chown $synapse_user:root -R /var/log/matrix-$app
|
|
||||||
chown $synapse_user:root -R /etc/matrix-$app
|
|
||||||
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
|
|
||||||
chmod 600 /etc/matrix-$app/$server_name.signing.key
|
|
||||||
setfacl -R -m user:turnserver:rX /etc/matrix-$app
|
|
||||||
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
|
|
||||||
chmod u=rwX,g=rX,o= -R $final_www_path
|
|
||||||
chown $synapse_user:root -R $final_www_path
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RELOAD NGINX, SYNAPSE AND COTURN
|
# RELOAD NGINX, SYNAPSE AND COTURN
|
||||||
|
@ -236,26 +114,7 @@ chown $synapse_user:root -R $final_www_path
|
||||||
ynh_script_progression --message="Restarting Synapse services..." --weight=7
|
ynh_script_progression --message="Restarting Synapse services..." --weight=7
|
||||||
|
|
||||||
ynh_systemd_action --service_name=coturn-$app.service --action=restart
|
ynh_systemd_action --service_name=coturn-$app.service --action=restart
|
||||||
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
|
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# SEND A README FOR THE ADMIN
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# WARNING : theses command are used in INSTALL, RESTORE
|
|
||||||
# For any update do it in all files
|
|
||||||
|
|
||||||
echo "To federate this app you need to add this line in your DNS configuration:
|
|
||||||
|
|
||||||
_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain.
|
|
||||||
|
|
||||||
You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done.
|
|
||||||
|
|
||||||
Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
|
|
||||||
|
|
||||||
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" > mail_to_send
|
|
||||||
|
|
||||||
ynh_send_readme_to_admin --app_message="mail_to_send" --type="restore"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# GENERIC FINALIZATION
|
# GENERIC FINALIZATION
|
||||||
|
|
498
scripts/upgrade
498
scripts/upgrade
|
@ -10,85 +10,11 @@ source _common.sh
|
||||||
source experimental_helper.sh
|
source experimental_helper.sh
|
||||||
source /usr/share/yunohost/helpers
|
source /usr/share/yunohost/helpers
|
||||||
|
|
||||||
# Exit if an error occurs during the execution of the script
|
|
||||||
#REMOVEME? ynh_abort_if_errors
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# LOAD SETTINGS
|
|
||||||
#=================================================
|
|
||||||
#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=3
|
|
||||||
|
|
||||||
#REMOVEME? app=$YNH_APP_INSTANCE_NAME
|
|
||||||
|
|
||||||
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|
||||||
#REMOVEME? server_name=$(ynh_app_setting_get --app=$app --key=server_name)
|
|
||||||
#REMOVEME? jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
|
|
||||||
#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path)
|
|
||||||
#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
|
|
||||||
#REMOVEME? synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
|
|
||||||
#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_free_registration)
|
|
||||||
#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=synapse_port)
|
|
||||||
#REMOVEME? synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
|
|
||||||
#REMOVEME? turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
|
||||||
#REMOVEME? turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
|
||||||
#REMOVEME? cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
|
|
||||||
#REMOVEME? report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
|
|
||||||
#REMOVEME? e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
|
|
||||||
#REMOVEME? synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
|
|
||||||
#REMOVEME? turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
|
||||||
#REMOVEME? registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
|
|
||||||
#REMOVEME? form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
|
|
||||||
#REMOVEME? macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
|
|
||||||
#REMOVEME? synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
|
|
||||||
domain_whitelist_client_=$(get_domain_list)
|
|
||||||
domain_whitelist_client=${domain_whitelist_client_%"\n"}
|
|
||||||
main_domain=$(yunohost domain list --output-as json | jq -r .main)
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SET ALL CONSTANT
|
# SET ALL CONSTANT
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
synapse_user="matrix-$app"
|
|
||||||
synapse_user_app="$app"
|
|
||||||
synapse_db_name="matrix_$app"
|
|
||||||
synapse_db_user="matrix_$app"
|
|
||||||
synapse_db_name="matrix_$app"
|
|
||||||
upstream_version=$(ynh_app_upstream_version)
|
|
||||||
upgrade_type=$(ynh_check_app_version_changed)
|
upgrade_type=$(ynh_check_app_version_changed)
|
||||||
final_www_path="/var/www/$app"
|
|
||||||
data_path="/home/yunohost.app/matrix-$app"
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# GET CONFIG PANEL SETTINGS
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
#REMOVEME? server_statistics=$(ynh_app_setting_get --app=$app --key=server_statistics)
|
|
||||||
#REMOVEME? web_client_location=$(ynh_app_setting_get --app=$app --key=web_client_location)
|
|
||||||
#REMOVEME? client_base_url=$(ynh_app_setting_get --app=$app --key=client_base_url)
|
|
||||||
#REMOVEME? invite_client_location=$(ynh_app_setting_get --app=$app --key=invite_client_location)
|
|
||||||
#REMOVEME? allow_public_rooms_without_auth=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_without_auth)
|
|
||||||
#REMOVEME? allow_public_rooms_over_federation=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_over_federation)
|
|
||||||
#REMOVEME? max_upload_size=$(ynh_app_setting_get --app=$app --key=max_upload_size)
|
|
||||||
#REMOVEME? disable_msisdn_registration=$(ynh_app_setting_get --app=$app --key=disable_msisdn_registration)
|
|
||||||
#REMOVEME? registrations_require_3pid=$(ynh_app_setting_get --app=$app --key=registrations_require_3pid)
|
|
||||||
#REMOVEME? allowed_local_3pids_email=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_email)
|
|
||||||
#REMOVEME? allowed_local_3pids_msisdn=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids_msisdn)
|
|
||||||
#REMOVEME? account_threepid_delegates_msisdn=$(ynh_app_setting_get --app=$app --key=account_threepid_delegates_msisdn)
|
|
||||||
#REMOVEME? allow_guest_access=$(ynh_app_setting_get --app=$app --key=allow_guest_access)
|
|
||||||
#REMOVEME? default_identity_server=$(ynh_app_setting_get --app=$app --key=default_identity_server)
|
|
||||||
#REMOVEME? auto_join_rooms=$(ynh_app_setting_get --app=$app --key=auto_join_rooms)
|
|
||||||
#REMOVEME? autocreate_auto_join_rooms=$(ynh_app_setting_get --app=$app --key=autocreate_auto_join_rooms)
|
|
||||||
#REMOVEME? auto_join_rooms_for_guests=$(ynh_app_setting_get --app=$app --key=auto_join_rooms_for_guests)
|
|
||||||
#REMOVEME? enable_notifs=$(ynh_app_setting_get --app=$app --key=enable_notifs)
|
|
||||||
#REMOVEME? notif_for_new_users=$(ynh_app_setting_get --app=$app --key=notif_for_new_users)
|
|
||||||
#REMOVEME? enable_group_creation=$(ynh_app_setting_get --app=$app --key=enable_group_creation)
|
|
||||||
|
|
||||||
#REMOVEME? enable_registration=$(ynh_app_setting_get --app=$app --key=enable_registration)
|
|
||||||
#REMOVEME? turn_allow_guests=$(ynh_app_setting_get --app=$app --key=turn_allow_guests)
|
|
||||||
#REMOVEME? sso_enabled=$(ynh_app_setting_get --app=$app --key=sso_enabled)
|
|
||||||
#REMOVEME? password_enabled=$(ynh_app_setting_get --app=$app --key=password_enabled)
|
|
||||||
#REMOVEME? enable_3pid_lookup=$(ynh_app_setting_get --app=$app --key=enable_3pid_lookup)
|
|
||||||
#REMOVEME? push_include_content=$(ynh_app_setting_get --app=$app --key=push_include_content)
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# ENSURE DOWNWARD COMPATIBILITY
|
# ENSURE DOWNWARD COMPATIBILITY
|
||||||
|
@ -101,39 +27,6 @@ then
|
||||||
ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version."
|
ynh_die --message="Update from this synapse version is not available. You need to remove this package and reinstall the new package version."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# MIGRATION 7 : Working config panel v1
|
|
||||||
#=================================================
|
|
||||||
#REMOVEME? backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=backup_before_upgrade)
|
|
||||||
if [ -z $backup_before_upgrade ] ; then
|
|
||||||
backup_before_upgrade="true"
|
|
||||||
#REMOVEME? disable_backup_before_upgrade=$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade)
|
|
||||||
if [ "0$disable_backup_before_upgrade" -ne 0 ]; then
|
|
||||||
backup_before_upgrade="false"
|
|
||||||
fi
|
|
||||||
ynh_app_setting_set --app=$app --key=backup_before_upgrade --value=$backup_before_upgrade
|
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
#REMOVEME? # We stop the service before to set ynh_clean_setup
|
|
||||||
ynh_systemd_action --service_name=matrix-$app.service --action=stop
|
|
||||||
|
|
||||||
# Backup the current version of the app
|
|
||||||
if $backup_before_upgrade ; then
|
|
||||||
#REMOVEME? ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30
|
|
||||||
#REMOVEME? ynh_backup_before_upgrade
|
|
||||||
#REMOVEME? ynh_clean_setup () {
|
|
||||||
# Clean installation remainings that are not handled by the remove script.
|
|
||||||
ynh_clean_check_starting
|
|
||||||
#REMOVEME? ynh_restore_upgradebackup
|
|
||||||
}
|
|
||||||
else
|
|
||||||
#REMOVEME? ynh_script_progression --message="NOT Backing up the app before upgrading..." --weight=1
|
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD UPGRADE STEPS
|
# STANDARD UPGRADE STEPS
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -142,10 +35,10 @@ fi
|
||||||
|
|
||||||
# Migrate from settings 'special_domain' to 'domain' and 'special_path' to 'path'
|
# Migrate from settings 'special_domain' to 'domain' and 'special_path' to 'path'
|
||||||
if [ -z $domain ]; then
|
if [ -z $domain ]; then
|
||||||
#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=special_domain)
|
domain=$(ynh_app_setting_get --app=$app --key=special_domain)
|
||||||
#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=special_path)
|
path=$(ynh_app_setting_get --app=$app --key=special_path)
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=domain --value=$domain
|
ynh_app_setting_set --app=$app --key=domain --value=$domain
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path
|
ynh_app_setting_set --app=$app --key=path --value=$path
|
||||||
ynh_app_setting_delete --app=$app --key=special_domain
|
ynh_app_setting_delete --app=$app --key=special_domain
|
||||||
ynh_app_setting_delete --app=$app --key=special_path
|
ynh_app_setting_delete --app=$app --key=special_path
|
||||||
ynh_app_setting_set --app=$app --key=no_sso --value true
|
ynh_app_setting_set --app=$app --key=no_sso --value true
|
||||||
|
@ -154,7 +47,7 @@ fi
|
||||||
# Define $server_name if not already defined
|
# Define $server_name if not already defined
|
||||||
if [ -z $server_name ]; then
|
if [ -z $server_name ]; then
|
||||||
server_name=$domain
|
server_name=$domain
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=server_name --value=$domain
|
ynh_app_setting_set --app=$app --key=server_name --value=$domain
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Define $jitsi_server if not already defined
|
# Define $jitsi_server if not already defined
|
||||||
|
@ -181,67 +74,21 @@ fi
|
||||||
|
|
||||||
if [ -z $report_stats ]; then
|
if [ -z $report_stats ]; then
|
||||||
report_stats="false"
|
report_stats="false"
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
|
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z $is_free_registration ]; then
|
|
||||||
#REMOVEME? is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public)
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z $synapse_user_app_pwd ]; then
|
|
||||||
synapse_user_app_pwd="$(ynh_string_random --length=30)"
|
|
||||||
ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
|
|
||||||
# The format to create an user account varies depending on the version of YunoHost currently installed.
|
|
||||||
ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost)
|
|
||||||
if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then
|
|
||||||
yunohost user create $synapse_user_app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
|
|
||||||
else
|
|
||||||
yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# MIGRATION 6 : Migrate data directory
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
if [ -e "/var/lib/matrix-$app" ]; then
|
|
||||||
ynh_script_progression --message="Moving data directory to $data_path..." --weight=1
|
|
||||||
if [ -e "$data_path" ]; then
|
|
||||||
old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')"
|
|
||||||
ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path"
|
|
||||||
mv "$data_path" "$old_data_dir_path"
|
|
||||||
fi
|
|
||||||
mv "/var/lib/matrix-$app" "$data_path"
|
|
||||||
fi
|
|
||||||
if ! grep -q "$install_dir" /etc/passwd; then
|
|
||||||
# matrix-synapse:x:994:994::/var/lib/matrix-synapse:/usr/sbin/nologin
|
|
||||||
sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$install_dir\:/usr/sbin/nologin@g" /etc/passwd
|
|
||||||
fi
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# MIGRATION 7 : Working config panel v1
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
#REMOVEME? allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
|
|
||||||
if [ -z $allow_public_rooms ]; then
|
|
||||||
allow_public_rooms="false"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# SET STANDARD SETTINGS FROM DEFAULT CONFIG
|
|
||||||
|
|
||||||
# Get app name of first Element Instance
|
# Get app name of first Element Instance
|
||||||
element_ynh_url="https://matrix.to/"
|
element_ynh_url="https://matrix.to/"
|
||||||
element_domain=""
|
|
||||||
element_path=""
|
|
||||||
web_client_location=$element_ynh_url
|
web_client_location=$element_ynh_url
|
||||||
client_base_url=$element_ynh_url
|
client_base_url=$element_ynh_url
|
||||||
invite_client_location=$element_ynh_url
|
invite_client_location=$element_ynh_url
|
||||||
element_instance="element"
|
|
||||||
if [ -z "$web_client_location" ]
|
if [ -z "$web_client_location" ]
|
||||||
then
|
then
|
||||||
|
element_instance="element"
|
||||||
if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then
|
if yunohost --output-as plain app list | grep -q "^$element_instance"'$'; then
|
||||||
#REMOVEME? element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
|
element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
|
||||||
#REMOVEME? element_path=$(ynh_app_setting_get --app $element_instance --key path)
|
element_path=$(ynh_app_setting_get --app $element_instance --key path)
|
||||||
element_ynh_url="https://""$element_domain""$element_path"
|
element_ynh_url="https://""$element_domain""$element_path"
|
||||||
fi
|
fi
|
||||||
web_client_location=$element_ynh_url
|
web_client_location=$element_ynh_url
|
||||||
|
@ -252,19 +99,14 @@ then
|
||||||
ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
|
ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ -z "$server_statistics" ]
|
|
||||||
then
|
|
||||||
server_statistics="false"
|
|
||||||
ynh_app_setting_set --app=$app --key=server_statistics --value=$server_statistics
|
|
||||||
fi
|
|
||||||
if [ -z "$allow_public_rooms_without_auth" ]
|
if [ -z "$allow_public_rooms_without_auth" ]
|
||||||
then
|
then
|
||||||
allow_public_rooms_without_auth=$allow_public_rooms
|
allow_public_rooms_without_auth=${allow_public_rooms:-false}
|
||||||
ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth
|
ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth
|
||||||
fi
|
fi
|
||||||
if [ -z "$allow_public_rooms_over_federation" ]
|
if [ -z "$allow_public_rooms_over_federation" ]
|
||||||
then
|
then
|
||||||
allow_public_rooms_over_federation=$allow_public_rooms
|
allow_public_rooms_over_federation=${allow_public_rooms:-false}
|
||||||
ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation
|
ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation
|
||||||
fi
|
fi
|
||||||
if [ -z "$max_upload_size" ]
|
if [ -z "$max_upload_size" ]
|
||||||
|
@ -340,6 +182,10 @@ fi
|
||||||
|
|
||||||
if [ -z "$enable_registration" ]
|
if [ -z "$enable_registration" ]
|
||||||
then
|
then
|
||||||
|
if [ -z $is_free_registration ]; then
|
||||||
|
is_free_registration=$(ynh_app_setting_get --app=$app --key=is_""public)
|
||||||
|
fi
|
||||||
|
|
||||||
if [ "$is_free_registration" -eq "0" ]
|
if [ "$is_free_registration" -eq "0" ]
|
||||||
then
|
then
|
||||||
enable_registration="false"
|
enable_registration="false"
|
||||||
|
@ -357,7 +203,7 @@ then
|
||||||
ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
|
ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
|
||||||
ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
|
ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
|
||||||
ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled
|
ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
|
ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
|
||||||
ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
|
ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -367,116 +213,32 @@ then
|
||||||
ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
|
ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
if [ -z $synapse_user_app_pwd ]; then
|
||||||
# INSTALL DEPENDENCIES
|
synapse_user_app_pwd="$(ynh_string_random --length=30)"
|
||||||
#=================================================
|
ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
|
||||||
#REMOVEME? ynh_script_progression --message="Upgrading dependencies..." --weight=6
|
# The format to create an user account varies depending on the version of YunoHost currently installed.
|
||||||
|
yunohost user create $YNH_APP_ID -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
|
||||||
# For any update do it in all files
|
|
||||||
#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
if [ "$upgrade_type" == "UPGRADE_APP" ] || [ ! -e $install_dir/bin/python3 ] || [ ! -e $install_dir/lib/python$python_version ]
|
|
||||||
then
|
|
||||||
ynh_script_progression --message="Upgrading source files..." --weight=6
|
|
||||||
install_sources
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
# We stop the service
|
||||||
# CREATE SMALL CAS SERVER
|
ynh_systemd_action --service_name=matrix-$app.service --action=stop
|
||||||
#=================================================
|
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
|
||||||
# For any update do it in all files
|
|
||||||
|
|
||||||
mkdir -p $final_www_path
|
|
||||||
cp ../sources/cas_server.php $final_www_path/
|
|
||||||
chmod u=rwX,g=rX,o= -R $final_www_path
|
|
||||||
chown $synapse_user:root -R $final_www_path
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# MIGRATION 1 : GENERATE SYNAPSE SECRET
|
# MIGRATION 6 : Migrate data directory
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ]
|
if [ -e "/var/lib/matrix-$app" ]; then
|
||||||
then
|
ynh_script_progression --message="Moving data directory to $data_path..." --weight=1
|
||||||
ynh_script_progression --message="Generating synapse secret..." --weight=1
|
if [ -e "$data_path" ]; then
|
||||||
|
old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')"
|
||||||
# Go in virtualenvironnement
|
ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path"
|
||||||
set +u
|
mv "$data_path" "$old_data_dir_path"
|
||||||
source $install_dir/bin/activate
|
|
||||||
set -u
|
|
||||||
|
|
||||||
# Generate config and keys
|
|
||||||
python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml
|
|
||||||
|
|
||||||
# This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does
|
|
||||||
set +u;
|
|
||||||
deactivate
|
|
||||||
set -u;
|
|
||||||
|
|
||||||
# Get random values from config
|
|
||||||
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
|
|
||||||
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
|
|
||||||
|
|
||||||
# store in yunohost settings
|
|
||||||
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
|
|
||||||
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
|
|
||||||
fi
|
fi
|
||||||
|
mv "/var/lib/matrix-$app" "$data_path"
|
||||||
#=================================================
|
|
||||||
# UPDATE SYNAPSE CONFIG
|
|
||||||
#=================================================
|
|
||||||
ynh_script_progression --message="Updating synapse config..." --weight=2
|
|
||||||
|
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times)
|
|
||||||
# For any update do it in all files
|
|
||||||
|
|
||||||
if [ -z $macaroon_secret_key ]; then
|
|
||||||
# Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice.
|
|
||||||
# For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
|
|
||||||
# The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
|
|
||||||
# So for the old install we just leave this as it is. And for the new install we use a real macaroon.
|
|
||||||
macaroon_secret_key_param='# macaroon_secret_key: ""'
|
|
||||||
else
|
|
||||||
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
|
|
||||||
fi
|
fi
|
||||||
|
if ! grep -q "$code_dir" /etc/passwd; then
|
||||||
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
|
# matrix-synapse:x:994:994::/var/lib/matrix-synapse:/usr/sbin/nologin
|
||||||
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
|
sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$code_dir\:/usr/sbin/nologin@g" /etc/passwd
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# MIGRATION 2 : MULTINSTANCE SUPPORT
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
if [ ! -e /etc/matrix-$app/coturn.conf ]
|
|
||||||
then
|
|
||||||
ynh_script_progression --message="Creating an independant service for coturn..." --weight=1
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# CREATE AN INDEPENDANT SERVICE FOR COTURN
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
# Disable default config for turnserver and create a new service
|
|
||||||
systemctl stop coturn.service
|
|
||||||
|
|
||||||
# Set a port for each service in turnserver
|
|
||||||
#REMOVEME? turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
|
|
||||||
#REMOVEME? cli_port=$(ynh_find_port --port=5766)
|
|
||||||
|
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
|
|
||||||
#REMOVEME? ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
|
|
||||||
|
|
||||||
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
|
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# MAKE A CLEAN LOGROTATE CONFIG
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
ynh_use_logrotate --logfile /var/log/matrix-$app --nonappend
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -488,7 +250,7 @@ if [ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]
|
||||||
then
|
then
|
||||||
ynh_script_progression --message="Use standard access for certificate..." --weight=1
|
ynh_script_progression --message="Use standard access for certificate..." --weight=1
|
||||||
|
|
||||||
adduser $synapse_user ssl-cert
|
adduser $YNH_APP_ID ssl-cert
|
||||||
adduser turnserver ssl-cert
|
adduser turnserver ssl-cert
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -509,8 +271,99 @@ then
|
||||||
chmod 640 /etc/ssl/private/dh2048.pem
|
chmod 640 /etc/ssl/private/dh2048.pem
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# MIGRATION 2 : MULTINSTANCE SUPPORT
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
if [ ! -e /etc/matrix-$app/coturn.conf ]
|
||||||
|
then
|
||||||
|
ynh_script_progression --message="Creating an independant service for coturn..." --weight=1
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# CREATE AN INDEPENDANT SERVICE FOR COTURN
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
# Disable default config for turnserver and create a new service
|
||||||
|
systemctl stop coturn.service
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# MAKE A CLEAN LOGROTATE CONFIG
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
ynh_use_logrotate --logfile /var/log/matrix-$app --nonappend
|
||||||
|
fi
|
||||||
|
|
||||||
|
######################################### WARNING ################################
|
||||||
|
|
||||||
|
# TODO manage of migration of data path
|
||||||
|
# TODO manage of migration of db name
|
||||||
|
# TODO delete legacy user matrix-synapse
|
||||||
|
# TODO maybe need to close port to leave managed port to manage this
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
if [ "$upgrade_type" == "UPGRADE_APP" ] || [ ! -e $code_dir/bin/python3 ] || [ ! -e $code_dir/lib/python$python_version ]
|
||||||
|
then
|
||||||
|
ynh_script_progression --message="Upgrading source files..." --weight=6
|
||||||
|
install_sources
|
||||||
|
fi
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# MIGRATION 1 : GENERATE SYNAPSE SECRET
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
if [ -z "$registration_shared_secret" ] || [ "$form_secret" == "form_secret: " ]
|
||||||
|
then
|
||||||
|
ynh_script_progression --message="Generating synapse secret..." --weight=1
|
||||||
|
|
||||||
|
# Go in virtualenvironnement
|
||||||
|
u_arg='u'
|
||||||
|
set +$u_arg;
|
||||||
|
source $code_dir/bin/activate
|
||||||
|
set -$u_arg;
|
||||||
|
|
||||||
|
# Generate config and keys
|
||||||
|
python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml
|
||||||
|
|
||||||
|
# This function was defined when we called "source $code_dir/bin/activate". With this function we undo what "$code_dir/bin/activate" does
|
||||||
|
set +$u_arg;
|
||||||
|
deactivate
|
||||||
|
set -$u_arg;
|
||||||
|
|
||||||
|
# Get random values from config
|
||||||
|
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
|
||||||
|
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
|
||||||
|
|
||||||
|
# store in yunohost settings
|
||||||
|
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
|
||||||
|
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
|
||||||
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# STANDARD UPGRADE STEPS
|
# STANDARD UPGRADE STEPS
|
||||||
|
#=================================================
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# UPDATE SYNAPSE CONFIG
|
||||||
|
#=================================================
|
||||||
|
ynh_script_progression --message="Updating synapse config..." --weight=2
|
||||||
|
|
||||||
|
configure_synapse
|
||||||
|
|
||||||
|
#=================================================
|
||||||
|
# CREATE SMALL CAS SERVER
|
||||||
|
#=================================================
|
||||||
|
# WARNING : theses command are used in INSTALL, UPGRADE
|
||||||
|
# For any update do it in all files
|
||||||
|
|
||||||
|
mkdir -p $install_dir
|
||||||
|
cp ../sources/cas_server.php $install_dir/
|
||||||
|
chmod u=rwX,g=rX,o= -R $install_dir
|
||||||
|
chown $YNH_APP_ID:root -R $install_dir
|
||||||
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# NGINX CONFIGURATION
|
# NGINX CONFIGURATION
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -521,14 +374,7 @@ ynh_script_progression --message="Configuring application..."
|
||||||
|
|
||||||
ynh_add_fpm_config --usage=low --footprint=low
|
ynh_add_fpm_config --usage=low --footprint=low
|
||||||
|
|
||||||
# Create .well-known redirection for access by federation
|
configure_nginx
|
||||||
if yunohost --output-as plain domain list | grep -q "^$server_name$"
|
|
||||||
then
|
|
||||||
ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Create a dedicated NGINX config
|
|
||||||
ynh_add_nginx_config app
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SPECIFIC UPGRADE
|
# SPECIFIC UPGRADE
|
||||||
|
@ -537,26 +383,7 @@ ynh_add_nginx_config app
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Updating Coturn config..." --weight=1
|
ynh_script_progression --message="Updating Coturn config..." --weight=1
|
||||||
|
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
configure_coturn
|
||||||
# For any update do it in all files
|
|
||||||
|
|
||||||
# Get public IP and set as external IP for coturn
|
|
||||||
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
|
|
||||||
public_ip4="$(curl -s ip.yunohost.org)" || true
|
|
||||||
public_ip6="$(curl -s ipv6.yunohost.org)" || true
|
|
||||||
|
|
||||||
turn_external_ip=""
|
|
||||||
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
|
|
||||||
then
|
|
||||||
turn_external_ip+="external-ip="$public_ip4%"\n"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
|
|
||||||
then
|
|
||||||
turn_external_ip+="external-ip="$public_ip6%"\n"
|
|
||||||
fi
|
|
||||||
|
|
||||||
ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# ADD SCRIPT FOR COTURN CRON AND APP SERVICE
|
# ADD SCRIPT FOR COTURN CRON AND APP SERVICE
|
||||||
|
@ -565,8 +392,8 @@ ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/cotu
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
# WARNING : theses command are used in INSTALL, UPGRADE
|
||||||
# For any update do it in all files
|
# For any update do it in all files
|
||||||
|
|
||||||
ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$install_dir/Coturn_config_rotate.sh"
|
ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$code_dir/Coturn_config_rotate.sh"
|
||||||
ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$install_dir/update_synapse_for_appservice.sh"
|
ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$code_dir/update_synapse_for_appservice.sh"
|
||||||
|
|
||||||
# Ensure app-service folder has exists and the config file exit (Migration)
|
# Ensure app-service folder has exists and the config file exit (Migration)
|
||||||
mkdir -p /etc/matrix-$app/app-service
|
mkdir -p /etc/matrix-$app/app-service
|
||||||
|
@ -583,8 +410,8 @@ fi
|
||||||
# ADVERTISE SERVICE IN ADMIN PANEL
|
# ADVERTISE SERVICE IN ADMIN PANEL
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port
|
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $port_synapse_tls
|
||||||
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
|
yunohost service add coturn-$app --needs_exposed_ports $port_turnserver_tls
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# UPDATE SYSTEMD
|
# UPDATE SYSTEMD
|
||||||
|
@ -603,9 +430,6 @@ ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=8
|
ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=8
|
||||||
|
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE
|
|
||||||
# For any update do it in all files
|
|
||||||
|
|
||||||
ynh_add_fail2ban_config --use_template
|
ynh_add_fail2ban_config --use_template
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
|
@ -613,58 +437,28 @@ ynh_add_fail2ban_config --use_template
|
||||||
#=================================================
|
#=================================================
|
||||||
# SETUP PERMISSIONS
|
# SETUP PERMISSIONS
|
||||||
#=================================================
|
#=================================================
|
||||||
#REMOVEME? ynh_script_progression --message="Configuring permissions..." --weight=1
|
|
||||||
#REMOVEME? ynh_legacy_permissions_delete_all
|
|
||||||
|
|
||||||
ynh_permission_url --permission=main --url=$domain/_matrix/cas_server.php/login --auth_header=true
|
ynh_script_progression --message="Configuring permissions..." --weight=1
|
||||||
#REMOVEME? ynh_permission_update --permission=main --show_tile=false --protected=true
|
|
||||||
|
|
||||||
#REMOVEME? if ! ynh_permission_exists --permission=server_api; then
|
if yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then
|
||||||
#REMOVEME? ynh_permission_create --permission=server_api --url=$domain/_matrix \
|
if ! ynh_""permission_exists --permission=server_client_infos; then
|
||||||
--label="Server access for client apps." --show_tile=false --allowed=visitors \
|
ynh_""permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \
|
||||||
--auth_header=false --protected=true
|
|
||||||
python3 remove_sso_conf_persistent.py $domain $server_name \
|
|
||||||
|| ynh_print_warn --message="Your file /etc/ssowat/""conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually."
|
|
||||||
else
|
|
||||||
ynh_permission_url --permission=server_api --url=$domain/_matrix --remove_url=$server_name/.well-known/matrix \
|
|
||||||
--auth_header=false
|
|
||||||
#REMOVEME? ynh_permission_update --permission=server_api --label="Server access for client apps." --show_tile=false \
|
|
||||||
--protected=true
|
|
||||||
fi
|
|
||||||
|
|
||||||
#REMOVEME? if yunohost --output-as plain domain list | grep -q "^$server_name"'$' && ! ynh_permission_exists --permission=server_client_infos; then
|
|
||||||
#REMOVEME? ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \
|
|
||||||
--label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \
|
--label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \
|
||||||
--auth_header=false --protected=true
|
--auth_header=false --protected=true
|
||||||
elif yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then
|
else yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then
|
||||||
ynh_permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \
|
ynh_""permission_url --permission=server_client_infos --url=$server_name/.well-known/matrix \
|
||||||
--auth_header=false
|
--auth_header=false
|
||||||
#REMOVEME? ynh_permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \
|
ynh_""permission_update --permission=server_client_infos --label="Server info for clients. (well-known)" --show_tile=false \
|
||||||
--protected=true
|
--protected=true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#REMOVEME? if ! ynh_permission_exists --permission=admin_api; then
|
|
||||||
#REMOVEME? ynh_permission_create --permission=admin_api --url=$domain/_synapse \
|
|
||||||
--label="Server administration API." --show_tile=false \
|
|
||||||
--auth_header=false --allowed=visitors
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# SECURE FILES AND DIRECTORIES
|
# SECURE FILES AND DIRECTORIES
|
||||||
#=================================================
|
#=================================================
|
||||||
|
|
||||||
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
ynh_script_progression --message="Protecting directories..." --weight=3
|
||||||
# For any update do it in all files
|
set_permissions
|
||||||
chown $synapse_user:root -R $install_dir
|
|
||||||
chmod 770 $install_dir/Coturn_config_rotate.sh
|
|
||||||
chmod 700 $install_dir/update_synapse_for_appservice.sh
|
|
||||||
chown $synapse_user:root -R $data_path
|
|
||||||
chown $synapse_user:root -R /var/log/matrix-$app
|
|
||||||
chown $synapse_user:root -R /etc/matrix-$app
|
|
||||||
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
|
|
||||||
chmod 600 /etc/matrix-$app/$server_name.signing.key
|
|
||||||
setfacl -R -m user:turnserver:rX /etc/matrix-$app
|
|
||||||
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# UPDATE HOOKS
|
# UPDATE HOOKS
|
||||||
|
@ -675,19 +469,13 @@ setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
|
||||||
ynh_replace_string __APP__ $app ../hooks/post_cert_update
|
ynh_replace_string __APP__ $app ../hooks/post_cert_update
|
||||||
ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update
|
ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update
|
||||||
|
|
||||||
#=================================================
|
|
||||||
# UPDATE VERSION SETTINGS
|
|
||||||
#=================================================
|
|
||||||
|
|
||||||
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
|
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# RELOAD SERVICES
|
# RELOAD SERVICES
|
||||||
#=================================================
|
#=================================================
|
||||||
ynh_script_progression --message="Restarting Synapse services..." --weight=5
|
ynh_script_progression --message="Restarting Synapse services..." --weight=5
|
||||||
|
|
||||||
ynh_systemd_action --service_name=coturn-$app.service --action=restart
|
ynh_systemd_action --service_name=coturn-$app.service --action=restart
|
||||||
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
|
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $port_synapse_tls" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
|
||||||
|
|
||||||
#=================================================
|
#=================================================
|
||||||
# END OF SCRIPT
|
# END OF SCRIPT
|
||||||
|
|
Loading…
Reference in a new issue