#!/bin/bash # Import common cmd source ./_common.sh # Init script init_script # Retrieve arguments domain=$YNH_APP_ARG_DOMAIN path="/_matrix" is_public=$YNH_APP_ARG_IS_PUBLIC CHECK_PATH # Vérifie et corrige la syntaxe du path. CHECK_DOMAINPATH # Vérifie la disponibilité du path et du domaine. CHECK_FINALPATH # Vérifie que le dossier de destination n'est pas déjà utilisé. # Ouvre le port dans le firewall NO_LOG FIND_PORT 8448 # Cherche un port libre. synapse_tls_port=$port NO_LOG FIND_PORT 8008 # Cherche un port libre. synapse_port=$port NO_LOG FIND_PORT 3478 # Cherche un port libre. turnserver_port=$port NO_LOG FIND_PORT 5349 # Cherche un port libre. turnserver_tls_port=$port sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1 sudo yunohost firewall allow --no-upnp Both $turnserver_port > /dev/null 2>&1 sudo yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1 # Make dh cert for synapse if it not exist test ! -e /etc/yunohost/certs/$domain/dh.pem && sudo openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null # Find password for turnserver turnserver_pwd=$(ynh_string_random 30) # Enregistre les infos dans la config YunoHost ynh_app_setting_set $app domain $domain ynh_app_setting_set $app path $path ynh_app_setting_set $app is_public $is_public ynh_app_setting_set $app synapse_port $synapse_port ynh_app_setting_set $app synapse_tls_port $synapse_tls_port ynh_app_setting_set $app turnserver_port $turnserver_port ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port ynh_app_setting_set $app turnserver_pwd $turnserver_pwd # Et copie le fichier de config nginx sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf # Modifie les variables dans le fichier de configuration nginx sudo sed -i "s@__PATH__@$path@g" /etc/nginx/conf.d/$domain.d/$app.conf sudo sed -i "s@__PORT__@$synapse_port@g" /etc/nginx/conf.d/$domain.d/$app.conf # Get Matrix key repos wget -q -O '/tmp/matrix-repo-key.asc' "https://matrix.org/packages/debian/repo-key.asc" sudo apt-key add "/tmp/matrix-repo-key.asc" echo "matrix-synapse matrix-synapse/server-name select $domain" | sudo debconf-set-selections # Configure dpkg for no questions echo "matrix-synapse matrix-synapse/report-stats select false" | sudo debconf-set-selections # Configure dpkg for no questions # Enable debian-backports repos enable_backport_repos # Install coturn (the turn server) ynh_package_install coturn # Enable Synapse repos if [[ -n "$(uname -m | grep arm)" ]] then # Use special conf for arm arch because some binary are not available in jessie backport or in matrix repos install_arm_package_dep ynh_package_install -t $debian_version-backports -f echo "deb [arch=i386] http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list" ynh_package_update else echo "deb http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list" ynh_package_update fi # Install synapse package # We neet to install python-cryptography to Solve a python error about dependance (from cryptography.hazmat.primitives.asymmetric.utils) ynh_package_install -t $debian_version-backports matrix-synapse python-matrix-synapse-ldap3 python-cryptography # Configure Synapse sudo cp ../conf/homeserver.yaml /etc/matrix-synapse/homeserver.yaml sudo sed -i "s@__DOMAIN__@$domain@g" /etc/matrix-synapse/homeserver.yaml sudo sed -i "s@__PORT__@$synapse_port@g" /etc/matrix-synapse/homeserver.yaml sudo sed -i "s@__TLS_PORT__@$synapse_tls_port@g" /etc/matrix-synapse/homeserver.yaml sudo sed -i "s@__TURNSERVER_TLS_PORT__@$turnserver_tls_port@g" /etc/matrix-synapse/homeserver.yaml sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/matrix-synapse/homeserver.yaml if [ "$is_public" = "0" ] then sudo sed -i "s@__ALLOWED_ACCESS__@False@g" /etc/matrix-synapse/homeserver.yaml else sudo sed -i "s@__ALLOWED_ACCESS__@True@g" /etc/matrix-synapse/homeserver.yaml fi # Configure Coturn sudo cp ../conf/turnserver.conf /etc/turnserver.conf sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/turnserver.conf sudo sed -i "s@__DOMAIN__@$domain@g" /etc/turnserver.conf sudo sed -i "s@__PORT__@$turnserver_port@g" /etc/turnserver.conf sudo sed -i "s@__TLS_PORT__@$turnserver_tls_port@g" /etc/turnserver.conf # Configure access for certificates sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/crt.pem sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/key.pem sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/dh.pem sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/crt.pem sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/key.pem sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/dh.pem # Configuration de logrotate sed -i "s@__APP__@$app@g" ../conf/logrotate sudo cp ../conf/logrotate /etc/logrotate.d/$app ynh_app_setting_set $app skipped_uris "/" # Régénère la configuration de SSOwat sudo yunohost app ssowatconf # Recharge la configuration Nginx sudo service nginx reload sudo service matrix-synapse restart sudo service coturn restart