diff --git a/conf/homeserver.yaml b/conf/homeserver.yaml index f68cc24..39fd1b7 100644 --- a/conf/homeserver.yaml +++ b/conf/homeserver.yaml @@ -50,7 +50,7 @@ pid_file: /run/matrix-__APP__/homeserver.pid # The absolute URL to the web client which / will redirect to. # -#web_client_location: https://riot.example.com/ +web_client_location: __ELEMENT_YNH_URL__ # The public-facing base URL that clients use to access this Homeserver (not # including _matrix/...). This is the same URL a user might enter into the @@ -122,12 +122,12 @@ presence: # public rooms directory through the client API, meaning that anyone can # query the room directory. Defaults to 'false'. # -allow_public_rooms_without_auth: __ALLOW_PUBLIC_ROOMS__ +allow_public_rooms_without_auth: __ALLOW_PUBLIC_ROOMS_WITHOUT_AUTH__ # If set to 'true', allows any other homeserver to fetch the server's public # rooms directory via federation. Defaults to 'false'. # -allow_public_rooms_over_federation: __ALLOW_PUBLIC_ROOMS__ +allow_public_rooms_over_federation: __ALLOW_PUBLIC_ROOMS_OVER_FEDERATION__ # The default room version for newly created rooms. # @@ -1278,12 +1278,12 @@ registrations_require_3pid: # Explicitly disable asking for MSISDNs from the registration # flow (overrides registrations_require_3pid if MSISDNs are set as required) # -#disable_msisdn_registration: true +disable_msisdn_registration: __DISABLE_MSISDN_REGISTRATION__ # Mandate that users are only allowed to associate certain formats of # 3PIDs with accounts on this server. # -#allowed_local_3pids: +allowed_local_3pids: # - medium: email # pattern: '^[^@]+@matrix\.org$' # - medium: email @@ -1327,7 +1327,7 @@ registration_shared_secret: "__REGISTRATION_SHARED_SECRET__" # participate in rooms hosted on this server which have been made # accessible to anonymous users. # -#allow_guest_access: false +allow_guest_access: __ALLOW_GUEST_ACCESS__ # The identity server which we suggest that clients should use when users log # in on this server. @@ -1335,7 +1335,7 @@ registration_shared_secret: "__REGISTRATION_SHARED_SECRET__" # (By default, no suggestion is made, so it is left up to the client. # This setting is ignored unless public_baseurl is also explicitly set.) # -#default_identity_server: https://matrix.org +default_identity_server: __DEFAULT_IDENTITY_SERVER__ # Handle threepid (email/phone etc) registration and password resets through a set of # *trusted* identity servers. Note that this allows the configured identity server to @@ -1394,7 +1394,7 @@ account_threepid_delegates: # If the room already exists, make certain it is a publicly joinable # room. The join rule of the room must be set to 'public'. # -#auto_join_rooms: +auto_join_rooms: # - "#example:example.com" # Where auto_join_rooms are specified, setting this flag ensures that the @@ -1462,7 +1462,7 @@ account_threepid_delegates: # # Defaults to true. # -#auto_join_rooms_for_guests: false +auto_join_rooms_for_guests: __AUTO_JOIN_ROOMS_FOR_GUESTS__ # Whether to inhibit errors raised when registering a new account if the user ID # already exists. If turned on, that requests to /register/available will always @@ -2167,7 +2167,7 @@ __DOMAIN_WHITELIST_CLIENT__ password_config: # Uncomment to disable password login # - #enabled: false + enabled: __PASSWORD_ENABLED__ # Uncomment to disable authentication against the local password # database. This is ignored if `enabled` is false, and is only useful @@ -2307,12 +2307,12 @@ email: # Uncomment the following to enable sending emails for messages that the user # has missed. Disabled by default. # - enable_notifs: true + enable_notifs: __ENABLE_NOTIFS__ # Uncomment the following to disable automatic subscription to email # notifications for new users. Enabled by default. # - #notif_for_new_users: false + notif_for_new_users: __NOTIF_FOR_NEW_USERS__ # Custom URL for client links within the email notifications. By default # links will be based on "https://matrix.to". @@ -2320,7 +2320,7 @@ email: # (This setting used to be called riot_base_url; the old name is still # supported for backwards-compatibility but is now deprecated.) # - #client_base_url: "http://localhost/riot" + client_base_url: __ELEMENT_YNH_URL__ # Configure the time that a validation email will expire after sending. # Defaults to 1h. @@ -2331,7 +2331,7 @@ email: # to the identity server as the org.matrix.web_client_location key. Defaults # to unset, giving no guidance to the identity server. # - #invite_client_location: https://app.element.io + invite_client_location: __ELEMENT_YNH_URL__ # Subjects to use when sending emails from Synapse. # @@ -2450,12 +2450,12 @@ push: # Note that this option will only affect rooms created after it is set. It # will also not affect rooms created by other servers. # -#encryption_enabled_by_default_for_room_type: invite +encryption_enabled_by_default_for_room_type: __E2E_ENABLED_BY_DEFAULT__ # Uncomment to allow non-server-admin users to create groups on this server # -enable_group_creation: true +enable_group_creation: __ENABLE_GROUP_CREATION__ # If enabled, non server admins can only create groups with local parts # starting with this prefix diff --git a/config_panel.toml b/config_panel.toml new file mode 100644 index 0000000..a811b6c --- /dev/null +++ b/config_panel.toml @@ -0,0 +1,185 @@ +version = "1.0" + +[homeserver] +name = "Synapse Homeserver" +services = ["__APP__"] + + [homeserver.config] + name = "Configuration Options" + + [homeserver.config.server_statistics] + ask = "Server statistics" + type = "boolean" + yes = true + no = false + help = "Set to 'true' to send anonymous statistics to Synapse to improve performance." + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [homeserver.registration] + name = "Homeserver Registration" + + [homeserver.registration.turn_allow_guests] + ask = "Should guests be allowed to use the TURN server?" + type = "boolean" + yes = true + no = false + help = "This defaults to True, otherwise VoIP will be unreliable for guests. However, it does introduce a slight security risk as it allows users to connect to arbitrary endpoints without having first signed up for a valid account (e.g. by passing a CAPTCHA)." + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [homeserver.registration.enable_registration] + ask = "Enable Registration for new users." + type = "boolean" + yes = true + no = false + help = "Defaults to 'false'. If 'true', it is highly recommended to use either captcha, email, or token-based verification to avoid SPAM." + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [homeserver.registration.registrations_require_3pid] + ask = "Register only with all below types of 3PID." + type = "string" + help = "Defaults to: '- email'. Phone number: '- msisdn'" + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [homeserver.registration.disable_msisdn_registration] + ask = "Disable asking Phone Number in Registration flow." + type = "boolean" + yes = true + no = false + help = "Overrides above setting if MSISDNs are set as required." + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [homeserver.registration.allowed_local_3pids] + ask = "Register only with given formats of 3PIDs." + type = "string" + help = ''' + allowed_local_3pids: + - medium: email - medium: email + pattern: '^[^@]+@matrix\.org$' + - medium: msisdn + pattern: '\+33' + ''' + + [homeserver.registration.registration_shared_secret] + ask = "Shared Secret for Registration." + type = "string" + help = "Allows registration of standard or admin accounts, even if Registration disabled." + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [homeserver.registration.allow_guest_access] + ask = "Allow Users to Register as Guests?" + type = "boolean" + yes = true + no = false + help = "Guests can participate on this server in rooms with guest access enabled, without a password/email/etc." + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [homeserver.privacy] + name = "Data Privacy" + + [homeserver.privacy.default_identity_server] + ask = "Identity server suggested to clients." + type = "string" + help = "By default, no suggestion is made, so it is left up to the client." + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [homeserver.privacy.allow_public_rooms_without_auth] + ask = "Public rooms directory" + type = "boolean" + yes = true + no = false + help = "If set to 'false', requires authentication to access the server's public rooms directory through the client API and forbids any other homeserver to fetch the server's public rooms directory via federation." + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [homeserver.privacy.allow_public_rooms_over_federation] + ask = "Public rooms directory" + type = "boolean" + yes = true + no = false + help = "If set to 'false', requires authentication to access the server's public rooms directory through the client API and forbids any other homeserver to fetch the server's public rooms directory via federation." + bind = ":/etc/matrix-__APP__/homeserver.yaml" + +[client] +name = "Matrix Client" +services = ["__APP__"] + + [client.welcome] + name = "Welcome User Experience" + + [client.welcome.auto_join_rooms] + ask = "Auto Join new Users in following Rooms." + type = "string" + default = '#example:example.com' + help = "Room should be public. If not existing, will be created as public and federated by default. Can be customised with the settings autocreate_auto_join_rooms." + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [client.welcome.auto_join_rooms_for_guests] + ask = "Enable Auto Join Room for Guests?" + type = "boolean" + yes = true + no = false + help = "Defaults to 'true'." + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [client.welcome.password_enabled] + ask = "Enable Password Login?" + type = "boolean" + yes = true + no = false + help = "Defaults to 'true'." + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [client.welcome.enable_notifs] + ask = "Enable sending emails for messages the user missed?" + type = "boolean" + yes = true + no = false + help = "Defaults to 'false'." + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [client.welcome.notif_for_new_users] + ask = "Enable email notifications for new users?" + type = "boolean" + yes = true + no = false + help = "Defaults to 'true'." + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [client.experience] + name = "User Experience" + + [client.experience.element_ynh_url] + ask = "URL of the Default Element Instance." + type = "string" + default = '#example:example.com' + help = "URL for web client links within the email notifications (client_base_url) AND to direct users to during an invite (invite_client_location) AND to which / will redirect to (web_client_location)" + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [client.experience.enable_group_creation] + ask = "Allow non-server-admin Users to create Spaces?" + type = "boolean" + yes = true + no = false + help = "Defaults to 'false'." + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [client.experience.e2e_enabled_by_default] + ask = "End-to-End Encryption by default for locally-created Rooms" + type = "select" + choices = ["all", "invite", "off"] + help = ''' + * "all": any locally-created room + * "invite": any room created with the "private_chat" or "trusted_private_chat" room creation presets + * "off": this option will take no effect + ''' + bind = ":/etc/matrix-__APP__/homeserver.yaml" + + [client.package_config] + name = "Package configuration" + + [client.package_config.backup_before_upgrade] + ask = "Backup before upgrade" + type = "boolean" + yes = true + no = false + help = "Set to 'true' to back up before each upgrade." + bind = ":/etc/matrix-__APP__/homeserver.yaml" diff --git a/config_panel.toml.example b/config_panel.toml.example deleted file mode 100644 index d2da7f9..0000000 --- a/config_panel.toml.example +++ /dev/null @@ -1,54 +0,0 @@ -version = "1.0" - -[main] -name = "Synapse configuration" - - [main.config] - name = "Configuration Options" - - [main.config.server_statistics] - ask = "Server statistics" - type = "boolean" - yes = true - no = false - help = "Set to 'true' to send anonymous statistics to Synapse to improve performance." - - [main.config.is_free_registration] - ask = "Free registration" - type = "boolean" - yes = true - no = false - help = "A public server means that anybody will be able to register on this server." - - [main.config.allow_public_rooms] - ask = "Public rooms directory" - type = "boolean" - yes = true - no = false - help = "If set to 'false', requires authentication to access the server's public rooms directory through the client API and forbids any other homeserver to fetch the server's public rooms directory via federation." - - [main.client_config] - name = "Matrix client configuration" - - [main.client_config.jitsi_server] - ask = "Jitsi server address" - type = "string" - default = 'jitsi.riot.im' - help = "Jitsi server address for the conference. Note that this is only for conferences in rooms with more than 2 people. With 2 people, the stun/turn server is used." - - [main.client_config.e2e_enabled_by_default] - ask = "End to end encryption by default for direct messages" - type = "boolean" - yes = true - no = false - help = "By default, Element will create encrypted DM rooms if the user you are chatting with has keys uploaded on their account. For private room creation, Element will default to encryption on but give you can disable this settings here." - - [main.package_config] - name = "Package configuration" - - [main.package_config.backup_before_upgrade] - ask = "Backup before upgrade" - type = "boolean" - yes = true - no = false - help = "Set to 'true' to back up before each upgrade." diff --git a/scripts/install b/scripts/install index f620003..1c907b0 100644 --- a/scripts/install +++ b/scripts/install @@ -33,7 +33,6 @@ synapse_db_user="matrix_$app" synapse_db_name="matrix_$app" upstream_version=$(ynh_app_upstream_version) report_stats="false" -allow_public_rooms="false" e2e_enabled_by_default="true" default_domain_value="Same than the domain" domain_whitelist_client=$(get_domain_list) @@ -45,7 +44,6 @@ domain_whitelist_client=$(get_domain_list) domain=$YNH_APP_ARG_DOMAIN server_name=$YNH_APP_ARG_SERVER_NAME is_free_registration=$YNH_APP_ARG_IS_FREE_REGISTRATION -jitsi_server=$YNH_APP_ARG_JITSI_SERVER path_url="/_matrix" final_path="/opt/yunohost/matrix-$app" final_www_path="/var/www/$app" @@ -56,6 +54,11 @@ if [[ "$server_name" == "$default_domain_value" ]]; then server_name=$domain fi +# Get app name of first Element Instance (can be changed later in Config Panel) +element_instance="element" +element_domain=$(ynh_app_setting_get --app $element_instance --key domain) +element_path=$(ynh_app_setting_get --app $element_instance --key path) + #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= @@ -80,7 +83,6 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=no_sso --value true ynh_app_setting_set --app=$app --key=server_name --value=$server_name -ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server ynh_app_setting_set --app=$app --key=final_path --value=$final_path ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version ynh_app_setting_set --app=$app --key=is_free_registration --value=$is_free_registration @@ -89,6 +91,38 @@ ynh_app_setting_set --app=$app --key=allow_public_rooms --value=$allow_public_ro ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd +#================================================= +## SET STANDARD SETTINGS FROM DEFAULT CONFIG +#================================================= + +element_ynh_url=element_domain+element_path +allow_public_rooms_without_auth="false" +allow_public_rooms_over_federation="false" +disable_msisdn_registration="true" +allowed_local_3pids="" +allow_guest_access="false" +default_identity_server="https://matrix.org" +auto_join_rooms="" +auto_join_rooms_for_guests="true" +password_enabled="true" +enable_notifs="true" +notif_for_new_users="true" +enable_group_creation="true" + +ynh_app_setting_set --app=$app --key=element_ynh_url --value=$element_ynh_url +ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth +ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation +ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration +ynh_app_setting_set --app=$app --key=allowed_local_3pids --value=$allowed_local_3pids +ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access +ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server +ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms +ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests +ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled +ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs +ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users +ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation + #================================================= # STANDARD MODIFICATIONS #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index e108011..2cabc86 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -33,7 +33,6 @@ turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port) turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port) cli_port=$(ynh_app_setting_get --app=$app --key=cli_port) report_stats=$(ynh_app_setting_get --app=$app --key=report_stats) -allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd) turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd) @@ -58,6 +57,23 @@ upgrade_type=$(ynh_check_app_version_changed) final_www_path="/var/www/$app" data_path="/home/yunohost.app/matrix-$app" +#================================================= +# GET CONFIG PANEL SETTINGS +#================================================= +element_ynh_url=$(ynh_app_setting_get --app=$app --key=element_ynh_url) +allow_public_rooms_without_auth=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_without_auth) +allow_public_rooms_over_federation=$(ynh_app_setting_get --app=$app --key=allow_public_rooms_over_federation) +disable_msisdn_registration=$(ynh_app_setting_get --app=$app --key=disable_msisdn_registration) +allowed_local_3pids=$(ynh_app_setting_get --app=$app --key=allowed_local_3pids) +allow_guest_access=$(ynh_app_setting_get --app=$app --key=allow_guest_access) +default_identity_server=$(ynh_app_setting_get --app=$app --key=default_identity_server) +auto_join_rooms=$(ynh_app_setting_get --app=$app --key=auto_join_rooms) +auto_join_rooms_for_guests=$(ynh_app_setting_get --app=$app --key=auto_join_rooms_for_guests) +password_enabled=$(ynh_app_setting_get --app=$app --key=password_enabled) +enable_notifs=$(ynh_app_setting_get --app=$app --key=enable_notifs) +notif_for_new_users=$(ynh_app_setting_get --app=$app --key=notif_for_new_users) +enable_group_creation=$(ynh_app_setting_get --app=$app --key=enable_group_creation) + #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -162,6 +178,83 @@ if ! grep -q "$final_path" /etc/passwd; then sed --in-place -r "s@matrix-$app\:x\:([[:digit:]]+\:[[:digit:]]+)\:\:/.*/matrix-$app\:/usr/sbin/nologin@matrix-$app\:x\:\1\:\:$final_path\:/usr/sbin/nologin@g" /etc/passwd fi +# MIGRATION 7 : Working config panel v1 +#================================================= + +allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) +# Get app name of first Element Instance +element_instance="element" +element_domain=$(ynh_app_setting_get --app $element_instance --key domain) +element_path=$(ynh_app_setting_get --app $element_instance --key path) + +# SET STANDARD SETTINGS FROM DEFAULT CONFIG + +if [ -z "$element_ynh_url" ] +then + element_ynh_url=element_domain+element_path + ynh_app_setting_set --app=$app --key=element_ynh_url --value=$element_ynh_url +fi +if [ -z "$allow_public_rooms_without_auth" ] +then + allow_public_rooms_without_auth=allow_public_rooms + ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth +fi +if [ -z "$allow_public_rooms_over_federation" ] +then + allow_public_rooms_over_federation=allow_public_rooms + ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation +fi +if [ -z "$disable_msisdn_registration" ] +then + disable_msisdn_registration="true" + ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration +fi +if [ -z "$allowed_local_3pids" ] +then + allowed_local_3pids="" + ynh_app_setting_set --app=$app --key=allowed_local_3pids --value=$allowed_local_3pids +fi +if [ -z "$allow_guest_access" ] +then + allow_guest_access="false" + ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access +fi +if [ -z "$default_identity_server" ] +then + default_identity_server="https://matrix.org" + ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server +fi +if [ -z "$auto_join_rooms" ] +then + auto_join_rooms="" + ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms +fi +if [ -z "$auto_join_rooms_for_guests" ] +then + auto_join_rooms_for_guests="true" + ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests +fi +if [ -z "$password_enabled" ] +then + password_enabled="true" + ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled +fi +if [ -z "$enable_notifs" ] +then + enable_notifs="true" + ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs +fi +if [ -z "$notif_for_new_users" ] +then + notif_for_new_users="true" + ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users +fi +if [ -z "$enable_group_creation" ] +then + enable_group_creation="true" + ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation +fi + #================================================= # INSTALL DEPENDENCIES #=================================================