YunoHost-Apps/synapse_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00
Code Issues Activity Actions

Update script for official audit

Browse source
This commit is contained in:
Josué Tille 2018-01-30 23:44:49 +01:00
parent 59cc577bd8
commit e145ef1e42
7 changed files with 782 additions and 276 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
manifest.json
View file

@ -3,7 +3,7 @@
"id": "synapse",
"packaging_format": 1,
"requirements": {
"yunohost": ">= 2.7.7"
"yunohost": ">= 2.7.9"
},
"description": {
"en": "Instant messaging server who use matrix",

99
scripts/_common.sh
View file

@ -1,102 +1,3 @@
#!/bin/bash
# Retrieve arguments
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
install_dependances() {
ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libxml2-dev libxslt1-dev python-lxml libjpeg-dev libpq-dev postgresql acl
pip install --upgrade pip
pip install --upgrade virtualenv
}
setup_dir() {
# Create empty dir for synapse
mkdir -p /var/lib/matrix-$app
mkdir -p /var/log/matrix-$app
mkdir -p /etc/matrix-$app/conf.d
mkdir -p $final_path
}
set_permission() {
# Set permission
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/dh.pem
setfacl -R -m user:turnserver:rx /etc/matrix-$app
setfacl -R -m user:turnserver:rwx /var/log/matrix-$app
}
install_source() {
if [ -n "$(uname -m | grep arm)" ]
then
ynh_setup_source $final_path/ "armv7"
else
# Install virtualenv if it don't exist
test -e $final_path/bin || virtualenv -p python2.7 $final_path
# Install synapse in virtualenv
PS1=""
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
source $final_path/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
pip install --upgrade cffi ndg-httpsclient psycopg2 lxml
pip install --upgrade https://github.com/matrix-org/synapse/archive/v$upstream_version.tar.gz
# Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29
test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\
pip uninstall -y msgpack-python msgpack; \
pip install msgpack-python)
deactivate
fi
}
config_synapse() {
ynh_backup_if_checksum_is_different /etc/matrix-$app/homeserver.yaml
ynh_backup_if_checksum_is_different /etc/matrix-$app/log.yaml
cp ../conf/homeserver.yaml /etc/matrix-$app/homeserver.yaml
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string __APP__ $app /etc/matrix-$app/homeserver.yaml
ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-$app/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-$app/homeserver.yaml
ynh_replace_string __PORT__ $port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/homeserver.yaml
ynh_replace_string __APP__ $app /etc/matrix-$app/log.yaml
if [ "$is_public" = "0" ]
then
ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-$app/homeserver.yaml
else
ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-$app/homeserver.yaml
fi
ynh_store_file_checksum /etc/matrix-$app/homeserver.yaml
ynh_store_file_checksum /etc/matrix-$app/log.yaml
}
config_coturn() {
ynh_backup_if_checksum_is_different /etc/matrix-$app/coturn.conf
cp ../conf/turnserver.conf /etc/matrix-$app/coturn.conf
ynh_replace_string __APP__ $app /etc/matrix-$app/coturn.conf
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/coturn.conf
ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/coturn.conf
ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/coturn.conf
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port /etc/matrix-$app/coturn.conf
ynh_replace_string __CLI_PORT__ $cli_port /etc/matrix-$app/coturn.conf
ynh_store_file_checksum /etc/matrix-$app/coturn.conf
}

76
scripts/backup
View file

@ -1,6 +1,11 @@
#!/bin/bash
# Source YunoHost helpers
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
# Stop script if errors
@ -11,34 +16,73 @@ source ../settings/scripts/psql.sh
source ../settings/scripts/experimental_helper.sh
source ../settings/scripts/_common.sh
# Retrieve arguments
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
domain=$(ynh_app_setting_get $app special_domain)
final_path="/opt/yunohost/matrix-$app"
# Copy Nginx config
#=================================================
# STANDARD BACKUP STEPS
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf"
# Backup synapse config
#=================================================
# BACKUP SYNAPSE CONFIG
#=================================================
ynh_backup "/etc/matrix-$app" "synapse_config"
# Backup coturn server
#=================================================
# BACKUP COTURN CONFIG
#=================================================
ynh_backup "/etc/turnserver.conf" "coturn_config"
ynh_backup "/etc/default/coturn" "coturn_config_default"
# Backup synapse database
ynh_backup "/var/lib/matrix-$app" "data" 1
#=================================================
# BACKUP SYSTEMD
#=================================================
# Backup Postgresql database
sudo su -c "pg_dump $synapse_db_name" postgres > ${YNH_CWD}/dump.sql
# Copy the logs
ynh_backup "/var/log/matrix-$app" "log"
# Backup systemd service
ynh_backup "/etc/default/matrix-$app"
ynh_backup "/etc/systemd/system/matrix-$app.service"
ynh_backup "/etc/default/coturn-$app"
ynh_backup "/etc/systemd/system/coturn-$app.service"
# Backup synapse binary
ynh_backup "$final_path" "bin"
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup "$final_path" "bin"
#=================================================
# BACKUP SYNAPSE DATA
#=================================================
ynh_backup "/var/lib/matrix-$app" "data" 1
#=================================================
# BACKUP THE POSTGRESQL DATABASE
#=================================================
sudo su -c "pg_dump $synapse_db_name" postgres > ${YNH_CWD}/dump.sql
#=================================================
# BACKUP SYNAPSE LOG
#=================================================
ynh_backup "/var/log/matrix-$app" "log"

242
scripts/install
View file

@ -1,85 +1,170 @@
#!/bin/bash
# Source YunoHost helpers
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
# Stop script if errors
ynh_abort_if_errors
# Import common cmd
# Import common fonctions
source ./psql.sh
source ./experimental_helper.sh
source ./_common.sh
# Retrieve arguments
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
is_public=$YNH_APP_ARG_IS_PUBLIC
path_url="/_matrix"
final_path="/opt/yunohost/matrix-$app"
# Check domain/path availability
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_webpath_available $domain $path_url || ynh_die "$domain is not available as domain, please use an other domain."
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die "$domain is not available as domain, please use an other domain."
# Check Final Path availability
test ! -e "$final_path" || ynh_die "This path already contains a folder"
# Ouvre le port dans le firewall
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path_url
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_set $app synapse_version $upstream_version
ynh_app_setting_set $app is_public $is_public
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
# Find a free port
synapse_tls_port=$(ynh_find_port 8448)
port=$(ynh_find_port 8008)
turnserver_tls_port=$(ynh_find_port 5349)
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766)
# Open this port
yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1
# Find password for turnserver and database
turnserver_pwd=$(ynh_string_random 30)
synapse_db_pwd=$(ynh_string_random 30)
# Enregistre les infos dans la config YunoHost
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path_url
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_set $app synapse_version $upstream_version
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
ynh_app_setting_set $app is_public $is_public
# Store opened ports
ynh_app_setting_set $app synapse_port $port
ynh_app_setting_set $app synapse_tls_port $synapse_tls_port
ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
ynh_app_setting_set $app turnserver_pwd $turnserver_pwd
ynh_app_setting_set $app cli_port $cli_port
#=================================================
# CREATE A DH FILE
#=================================================
# Make dh cert for synapse if it not exist
test ! -e /etc/matrix-$app/dh.pem && \
mkdir -p /etc/matrix-$app && \
openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null
# Install all dependances
install_dependances
#=================================================
# INSTALL DEPENDENCIES
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libxml2-dev libxslt1-dev python-lxml libjpeg-dev libpq-dev postgresql acl
pip install --upgrade pip
pip install --upgrade virtualenv
#=================================================
# CREATE DEDICATED USER
#=================================================
# Create user
ynh_system_user_create $synapse_user /var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
synapse_db_pwd=$(ynh_string_random 30)
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
# Create postgresql database
ynh_psql_test_if_first_run
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
# Create directory and Install synapse in virtualenv
setup_dir
install_source
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Open access to server without a button the home
cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py
# Create empty dir for synapse
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
mkdir -p /var/lib/matrix-$app
mkdir -p /var/log/matrix-$app
mkdir -p /etc/matrix-$app/conf.d
mkdir -p $final_path
# Install synapse in virtualenv
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times)
# For any update do it in all files
if [ -n "$(uname -m | grep arm)" ]
then
ynh_setup_source $final_path/ "armv7"
else
# Install virtualenv if it don't exist
test -e $final_path/bin || virtualenv -p python2.7 $final_path
# Install synapse in virtualenv
PS1=""
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
source $final_path/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
pip install --upgrade cffi ndg-httpsclient psycopg2 lxml
pip install --upgrade https://github.com/matrix-org/synapse/archive/v$upstream_version.tar.gz
# Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29
test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\
pip uninstall -y msgpack-python msgpack; \
pip install msgpack-python)
deactivate
fi
#=================================================
# SETUP SYSTEMD
#=================================================
# Create systemd service for synapse and turnserver
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
@ -88,24 +173,109 @@ ynh_add_systemd_config matrix-$app matrix-synapse.service
cp ../conf/default_coturn /etc/default/coturn-$app
ynh_add_systemd_config coturn-$app coturn-synapse.service
# Config nginx
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_add_nginx_config
#=================================================
# SET SYNAPSE CONFIG
#=================================================
# Find password for turnserver and database
turnserver_pwd=$(ynh_string_random 30)
ynh_app_setting_set $app turnserver_pwd $turnserver_pwd
# Configure Synapse
config_synapse
# Configure Coturn
config_coturn
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times)
# For any update do it in all files
ynh_backup_if_checksum_is_different /etc/matrix-$app/homeserver.yaml
ynh_backup_if_checksum_is_different /etc/matrix-$app/log.yaml
cp ../conf/homeserver.yaml /etc/matrix-$app/homeserver.yaml
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string __APP__ $app /etc/matrix-$app/homeserver.yaml
ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-$app/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-$app/homeserver.yaml
ynh_replace_string __PORT__ $port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/homeserver.yaml
ynh_replace_string __APP__ $app /etc/matrix-$app/log.yaml
if [ "$is_public" = "0" ]
then
ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-$app/homeserver.yaml
else
ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-$app/homeserver.yaml
fi
ynh_store_file_checksum /etc/matrix-$app/homeserver.yaml
ynh_store_file_checksum /etc/matrix-$app/log.yaml
#=================================================
# SET COTURN CONFIG
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
ynh_backup_if_checksum_is_different /etc/matrix-$app/coturn.conf
cp ../conf/turnserver.conf /etc/matrix-$app/coturn.conf
ynh_replace_string __APP__ $app /etc/matrix-$app/coturn.conf
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/coturn.conf
ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/coturn.conf
ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/coturn.conf
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port /etc/matrix-$app/coturn.conf
ynh_replace_string __CLI_PORT__ $cli_port /etc/matrix-$app/coturn.conf
ynh_store_file_checksum /etc/matrix-$app/coturn.conf
#=================================================
# SETUP LOGROTATE
#=================================================
# Configuration de logrotate
ynh_use_logrotate /var/log/matrix-$app
# Set Permission for all directory
set_permission
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP SSOWAT
#=================================================
# Open access to server without a button the home
cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times), RESTORE
# For any update do it in all files
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/dh.pem
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
# register yunohost service
yunohost service add matrix-$app
# Reload service
#=================================================
# RELOAD SERVICES
#=================================================
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on port 8448" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"

80
scripts/remove
View file

@ -1,9 +1,14 @@
#!/bin/bash
# Source YunoHost helpers
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
# Stop script if errors
# Don't execute the command witch don't have all variable set
set -u
# Import common cmd
@ -11,17 +16,39 @@ source ./psql.sh
source ./experimental_helper.sh
source ./_common.sh
# Retrieve app settings
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
domain=$(ynh_app_setting_get $app special_domain)
final_path=$(ynh_app_setting_get $app final_path)
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
systemctl stop matrix-$YNH_APP_INSTANCE_NAME.service || true
systemctl stop coturn-$app.service || true
#=================================================
# STANDARD REMOVE
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
ynh_remove_systemd_config matrix-$YNH_APP_INSTANCE_NAME
ynh_remove_systemd_config coturn-$YNH_APP_INSTANCE_NAME
#=================================================
# CLOSE A PORT
#=================================================
# Close firewall ports
closeport() {
if yunohost firewall list | grep -q "\- $port$"
then
@ -37,13 +64,23 @@ closeport
port=$turnserver_alt_tls_port
closeport
#=================================================
# SETUP SSOWAT
#=================================================
# Remove the skipped url
python $final_path/remove_sso_conf.py
# Remove depandance
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_remove_app_dependencies || true
# Clean all directory
#=================================================
# REMOVE APP DIR
#=================================================
ynh_secure_remove $final_path
ynh_secure_remove /var/lib/matrix-$YNH_APP_INSTANCE_NAME
ynh_secure_remove /var/log/matrix-$YNH_APP_INSTANCE_NAME
@ -51,21 +88,32 @@ ynh_secure_remove /etc/matrix-$YNH_APP_INSTANCE_NAME
ynh_secure_remove /etc/default/matrix-$YNH_APP_INSTANCE_NAME
ynh_secure_remove /etc/default/coturn-$YNH_APP_INSTANCE_NAME
# Remove nginx config
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_remove_nginx_config
# Remove systemd service
ynh_remove_systemd_config matrix-$YNH_APP_INSTANCE_NAME
ynh_remove_systemd_config coturn-$YNH_APP_INSTANCE_NAME
#=================================================
# REMOVE THE POSTGRESQL DATABASE
#=================================================
# Remove database and user
ynh_psql_remove_db $synapse_db_name $synapse_db_user
# Remove user
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_system_user_delete matrix-$YNH_APP_INSTANCE_NAME
# Remove logrotate
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_remove_logrotate
# Remove Monitoring
#=================================================
# REMOVE SERVICE FROM ADMIN PANEL
#=================================================
yunohost service remove matrix-$YNH_APP_INSTANCE_NAME

116
scripts/restore
View file

@ -1,6 +1,11 @@
#!/bin/bash
# Source YunoHost helpers
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
# Stop script if errors
@ -11,7 +16,20 @@ source ../settings/scripts/psql.sh
source ../settings/scripts/experimental_helper.sh
source ../settings/scripts/_common.sh
# Retrieve arguments
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
domain=$(ynh_app_setting_get $app special_domain)
path_url=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
@ -23,29 +41,61 @@ turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
# Check domain/path availability
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_webpath_available $domain $path_url || ynh_die "$domain/$path_url is not available, please use an other domain."
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RESTORE ALL FILES
#=================================================
# Restore all config and data
ynh_restore
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libxml2-dev libxslt1-dev python-lxml libjpeg-dev libpq-dev postgresql acl
pip install --upgrade pip
pip install --upgrade virtualenv
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_system_user_create $synapse_user /var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
#=================================================
# SPECIFIC RESTORATION
#=================================================
# OPEN THE PORT
#=================================================
# Ouvre le port dans le firewall
yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1
# Install all dependances
install_dependances
# Create user
ynh_system_user_create $synapse_user /var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
# Restore all config and data
ynh_restore
#=================================================
# SETUP SSOWAT
#=================================================
# Open access to server without a button the home
python $final_path/add_sso_conf.py
# Restore postgresql database
#=================================================
# RESTORE THE POSTGRESQL DATABASE
#=================================================
ynh_psql_test_if_first_run
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
@ -57,20 +107,46 @@ ynh_psql_execute_as_root \
OWNER $synapse_db_user;"
su -c "psql $synapse_db_name" postgres < ${YNH_CWD}/dump.sql
# Enable systemd service
#=================================================
# RESTORE SYSTEMD
#=================================================
systemctl daemon-reload
systemctl enable matrix-$app.service
# Configuration de logrotate
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_use_logrotate /var/log/matrix-$app
# Set the permission
set_permission
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/dh.pem
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
# register yunohost service
yunohost service add matrix-$app
# Restart service
#=================================================
# RELOAD NGINX, SYNAPSE AND COTURN
#=================================================
systemctl reload nginx.service
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on port 8448" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"

443
scripts/upgrade
View file

@ -1,6 +1,11 @@
#!/bin/bash
# Source YunoHost helpers
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source /usr/share/yunohost/helpers
# Stop script if errors
@ -11,7 +16,20 @@ source ./psql.sh
source ./experimental_helper.sh
source ./_common.sh
# Retrieve arguments
#=================================================
# SET ALL CONSTANT
#=================================================
app=$YNH_APP_INSTANCE_NAME
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
#=================================================
# LOAD SETTINGS
#=================================================
domain=$(ynh_app_setting_get $app special_domain)
path_url=$(ynh_app_setting_get $app special_path)
final_path=$(ynh_app_setting_get $app final_path)
@ -25,14 +43,21 @@ turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
cli_port=$(ynh_app_setting_get $app cli_port)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
# To be sure that the migration is sucessfull we check that the old synapse version is compatible with the synapse_port_db script.
if [[ -z $synapse_old_version ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.25") != 1 ]] && [[ $(dpkg -l | grep -c -E "ii.*matrix-synapse.*0.26") != 1 ]]
then
ynh_die "Update from this synapse version is not available now. You need to wait for the next update."
fi
systemctl stop matrix-$app.service
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
# Backup the current version of the app
if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]]
then
ynh_backup_before_upgrade
@ -41,125 +66,268 @@ then
}
fi
# We stop the service before to enable TRAP because if this command fail the restoration might be not possible.
systemctl stop matrix-$app.service
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# UPGRADE FROM DIFFERENTS PACKAGE EVOLUTION
#=================================================
# MIGRATION 1 : UPGRADE FROM OLD PACKAGE VERSION
# DEBIAN PACKAGE-> PYTHON VIRTUALENVIRONNEMENT
# SQLITE -> POSTGRESQL
#=================================================
# Actually this package use pythonvirtualenvironnement. The old package used the debian package. So if the app is not already migrated from the old package version we need to migrade the app from the debian package to a python virtualenvironnement. In the same time the package migrated from sqlite to postgresql for the database. So we do these both things in the same time.
if [[ -z $synapse_old_version ]]
then
## We move from debian package to new package with python virtualenv
# Change settings
path_url="/_matrix"
domain=$(ynh_app_setting_get $app domain)
final_path="/opt/yunohost/matrix-synapse"
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path_url
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_delete $app domain
ynh_app_setting_delete $app path
ynh_app_setting_delete $app skipped_uris
#=================================================
# UPDATE SETTINGS
#=================================================
# Remove old package and add new package as dependance
ynh_secure_remove /etc/apt/sources.list.d/matrix.list
ynh_package_autoremove --purge matrix-synapse python-matrix-synapse-ldap3 || true
path_url="/_matrix"
domain=$(ynh_app_setting_get $app domain)
final_path="/opt/yunohost/matrix-synapse"
ynh_app_setting_set $app special_domain $domain
ynh_app_setting_set $app special_path $path_url
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_delete $app domain
ynh_app_setting_delete $app path
ynh_app_setting_delete $app skipped_uris
# If we don't remove these line in dpkg config, dpkg fail on every new package install
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/lib/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/log/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /etc/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
#=================================================
# REMOVE OLD DEPENDDANCE
#=================================================
# add new package as dependance and install dependance
install_dependances
ynh_secure_remove /etc/apt/sources.list.d/matrix.list
ynh_package_autoremove --purge matrix-synapse python-matrix-synapse-ldap3 || true
# Create directory Install synapse in virtualenv
setup_dir || true # If the dir aready exist the command could fail
install_source
# If we don't remove these line in dpkg config, dpkg fail on every new package install
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/lib/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /var/log/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
sudo sed --in-place ':a;N;$!ba;s@matrix-synapse nogroup 755 /etc/matrix-synapse\n@@g' /var/lib/dpkg/statoverride
#=================================================
# INSTALL NEW DEPENDENCIES
#=================================================
# add new package as dependance and install dependance
# WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libxml2-dev libxslt1-dev python-lxml libjpeg-dev libpq-dev postgresql acl
pip install --upgrade pip
pip install --upgrade virtualenv
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Create empty dir for synapse
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
mkdir -p /var/lib/matrix-$app || true # If the dir aready exist the command could fail
mkdir -p /var/log/matrix-$app || true # If the dir aready exist the command could fail
mkdir -p /etc/matrix-$app/conf.d || true # If the dir aready exist the command could fail
mkdir -p $final_path || true # If the dir aready exist the command could fail
# Install synapse in virtualenv
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times)
# For any update do it in all files
if [ -n "$(uname -m | grep arm)" ]
then
ynh_setup_source $final_path/ "armv7"
else
# Install virtualenv if it don't exist
test -e $final_path/bin || virtualenv -p python2.7 $final_path
# Install synapse in virtualenv
PS1=""
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
source $final_path/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
pip install --upgrade cffi ndg-httpsclient psycopg2 lxml
pip install --upgrade https://github.com/matrix-org/synapse/archive/v$upstream_version.tar.gz
# Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29
test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\
pip uninstall -y msgpack-python msgpack; \
pip install msgpack-python)
deactivate
fi
# Move the dh file to the new directory
cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-synapse/dh.pem
set_permission
# Open access to server without a button the home
cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py || echo "Error while sso config, please add '/_matrix' in /etc/ssowat/conf.json.persistent"
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# Create user
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times), RESTORE
# For any update do it in all files
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/dh.pem
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#=================================================
# UPDATE SSOWAT CONF
#=================================================
cp ../conf/add_sso_conf.py $final_path
cp ../conf/remove_sso_conf.py $final_path
python $final_path/add_sso_conf.py || echo "Error while sso config, please add '/_matrix' in /etc/ssowat/conf.json.persistent"
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_system_user_create $synapse_user /var/lib/matrix-synapse
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
# Create systemd service
ynh_secure_remove /etc/init.d/matrix-synapse
ynh_secure_remove /lib/systemd/system/matrix-synapse.service
ynh_secure_remove /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
systemctl disable matrix-synapse.service
#=================================================
# SETUP SYSTEMD
#=================================================
cp ../conf/default_matrix-synapse /etc/default/matrix-synapse
cp ../conf/matrix-synapse.service /etc/systemd/system/matrix-synapse.service
ynh_replace_string __APP__ $app /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
systemctl enable matrix-synapse.service
ynh_secure_remove /etc/init.d/matrix-synapse
ynh_secure_remove /lib/systemd/system/matrix-synapse.service
ynh_secure_remove /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
systemctl disable matrix-synapse.service
# Configuration de logrotate
ynh_use_logrotate /var/log/matrix-synapse
cp ../conf/default_matrix-synapse /etc/default/matrix-synapse
cp ../conf/matrix-synapse.service /etc/systemd/system/matrix-synapse.service
ynh_replace_string __APP__ $app /etc/systemd/system/matrix-synapse.service
systemctl daemon-reload
systemctl enable matrix-synapse.service
# register yunohost service
yunohost service add matrix-synapse
#=================================================
# SETUP LOGROTATE
#=================================================
## Move to postgresql from sqlite
ynh_use_logrotate /var/log/matrix-synapse
# We create the new settings
synapse_db_pwd=$(ynh_string_random 30)
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
# Create postgresql database
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
yunohost service add matrix-synapse
# Create config file for synapse with postgresql
config_synapse
# We get the last version of the synapse_port_db script because an old version could be buggy.
cp ../sources/synapse_port_db /opt/yunohost/matrix-synapse/bin/synapse_port_db
# Migrate database (in virtualenv)
source $final_path/bin/activate
/opt/yunohost/matrix-synapse/bin/synapse_port_db --sqlite-database /var/lib/matrix-synapse/homeserver.db \
--postgres-config /etc/matrix-synapse/homeserver.yaml
deactivate
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
synapse_db_pwd=$(ynh_string_random 30)
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
# Create postgresql database
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
#=================================================
# UPDATE SYNAPSE CONFIG FOR POSTGRESQL
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times)
# For any update do it in all files
ynh_backup_if_checksum_is_different /etc/matrix-$app/homeserver.yaml
ynh_backup_if_checksum_is_different /etc/matrix-$app/log.yaml
cp ../conf/homeserver.yaml /etc/matrix-$app/homeserver.yaml
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string __APP__ $app /etc/matrix-$app/homeserver.yaml
ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-$app/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-$app/homeserver.yaml
ynh_replace_string __PORT__ $port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/homeserver.yaml
ynh_replace_string __APP__ $app /etc/matrix-$app/log.yaml
if [ "$is_public" = "0" ]
then
ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-$app/homeserver.yaml
else
ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-$app/homeserver.yaml
fi
ynh_store_file_checksum /etc/matrix-$app/homeserver.yaml
ynh_store_file_checksum /etc/matrix-$app/log.yaml
#=================================================
# MIGRATE DATABASE
#=================================================
# We get the last version of the synapse_port_db script because an old version could be buggy.
cp ../sources/synapse_port_db /opt/yunohost/matrix-synapse/bin/synapse_port_db
# Migrate database (in virtualenv)
source $final_path/bin/activate
/opt/yunohost/matrix-synapse/bin/synapse_port_db --sqlite-database /var/lib/matrix-synapse/homeserver.db \
--postgres-config /etc/matrix-synapse/homeserver.yaml
deactivate
fi
# Disable default config for turnserver and create a new service
#=================================================
# MIGRATION 2 : MULTINSTANCE SUPPORT
#=================================================
if [[ ! -e /etc/matrix-$app/coturn.conf ]]
then
#=================================================
# CREATE AN INDEPENDANT SERVICE FOR COTURN
#=================================================
# Disable default config for turnserver and create a new service
systemctl stop coturn.service
# Set by default the system config for coturn
echo "" > /etc/turnserver.conf
ynh_replace_string "TURNSERVER_ENABLED=1" "TURNSERVER_ENABLED=0" /etc/default/coturn
# Set a port for each service in turnserver
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
cli_port=$(ynh_find_port 5766)
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
ynh_app_setting_set $app cli_port $cli_port
yunohost firewall allow --no-upnp Both $turnserver_alt_tls_port > /dev/null 2>&1
# Configure systemd
cp ../conf/default_coturn /etc/default/coturn-$app
cp ../conf/coturn-synapse.service /etc/systemd/system/coturn-$app.service
ynh_replace_string __APP__ $app /etc/systemd/system/coturn-$app.service
ynh_add_systemd_config coturn-$app coturn-synapse.service
#=================================================
# MAKE A CLEAN LOGROTATE CONFIG
#=================================================
systemctl daemon-reload
systemctl enable coturn-$app.service
# Clean logrotate file for all old instances
ynh_remove_logrotate
ynh_use_logrotate /var/log/matrix-$app
fi
#=================================================
# MIGRATION 3 : USE STANDARD ACCESS FOR CERTIFCATE
# AND USE INDEPENDANT DH FILE
#=================================================
# Fix issue about certificates access
if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]]
then
@ -170,24 +338,123 @@ fi
# If we don't have the dh file in synapse config dir we copy it
test -e /etc/matrix-$app/dh.pem || cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem
# Upgrade manually Synapse
install_source
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Install synapse in virtualenv
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times)
# For any update do it in all files
if [ -n "$(uname -m | grep arm)" ]
then
ynh_setup_source $final_path/ "armv7"
else
# Install virtualenv if it don't exist
test -e $final_path/bin || virtualenv -p python2.7 $final_path
# Install synapse in virtualenv
PS1=""
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
source $final_path/bin/activate
pip install --upgrade pip
pip install --upgrade setuptools
pip install --upgrade cffi ndg-httpsclient psycopg2 lxml
pip install --upgrade https://github.com/matrix-org/synapse/archive/v$upstream_version.tar.gz
# Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29
test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\
pip uninstall -y msgpack-python msgpack; \
pip install msgpack-python)
deactivate
fi
#=================================================
# NGINX CONFIGURATION
#=================================================
# Update nginx config
ynh_add_nginx_config
# Configure Synapse
config_synapse
#=================================================
# UPDATE SYNAPSE CONFIG
#=================================================
# Configure Coturn
config_coturn
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times)
# For any update do it in all files
ynh_backup_if_checksum_is_different /etc/matrix-$app/homeserver.yaml
ynh_backup_if_checksum_is_different /etc/matrix-$app/log.yaml
cp ../conf/homeserver.yaml /etc/matrix-$app/homeserver.yaml
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
# Set Permission for all directory
set_permission
ynh_replace_string __APP__ $app /etc/matrix-$app/homeserver.yaml
ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user /etc/matrix-$app/homeserver.yaml
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd /etc/matrix-$app/homeserver.yaml
ynh_replace_string __PORT__ $port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TLS_PORT__ $synapse_tls_port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/homeserver.yaml
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/homeserver.yaml
ynh_replace_string __APP__ $app /etc/matrix-$app/log.yaml
if [ "$is_public" = "0" ]
then
ynh_replace_string __ALLOWED_ACCESS__ False /etc/matrix-$app/homeserver.yaml
else
ynh_replace_string __ALLOWED_ACCESS__ True /etc/matrix-$app/homeserver.yaml
fi
ynh_store_file_checksum /etc/matrix-$app/homeserver.yaml
ynh_store_file_checksum /etc/matrix-$app/log.yaml
#=================================================
# UPDATE COTURN CONFIG
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
ynh_backup_if_checksum_is_different /etc/matrix-$app/coturn.conf
cp ../conf/turnserver.conf /etc/matrix-$app/coturn.conf
ynh_replace_string __APP__ $app /etc/matrix-$app/coturn.conf
ynh_replace_string __TURNPWD__ $turnserver_pwd /etc/matrix-$app/coturn.conf
ynh_replace_string __DOMAIN__ $domain /etc/matrix-$app/coturn.conf
ynh_replace_string __TLS_PORT__ $turnserver_tls_port /etc/matrix-$app/coturn.conf
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port /etc/matrix-$app/coturn.conf
ynh_replace_string __CLI_PORT__ $cli_port /etc/matrix-$app/coturn.conf
ynh_store_file_checksum /etc/matrix-$app/coturn.conf
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times), RESTORE
# For any update do it in all files
chown $synapse_user:root -R $final_path
chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/dh.pem
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#=================================================
# UPDATE VERSION SETTINGS
#=================================================
# Set new settings
ynh_app_setting_set $app synapse_version $upstream_version
# Restart service
#=================================================
# RELOAD SERVICES
#=================================================
systemctl restart coturn-$app.service
ynh_check_starting "Synapse now listening on port 8448" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"