#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source /usr/share/yunohost/helpers # Stop script if errors ynh_abort_if_errors # Import common fonctions source ./psql.sh source ./experimental_helper.sh source ./_common.sh #================================================= # SET ALL CONSTANT #================================================= app=$YNH_APP_INSTANCE_NAME synapse_user="matrix-$app" synapse_db_name="matrix_$app" synapse_db_user="matrix_$app" upstream_version=$(ynh_app_upstream_version) #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= domain=$YNH_APP_ARG_DOMAIN is_public=$YNH_APP_ARG_IS_PUBLIC path_url="/_matrix" final_path="/opt/yunohost/matrix-$app" #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_webpath_available $domain $path_url || ynh_die "$domain is not available as domain, please use an other domain." test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die "$domain is not available as domain, please use an other domain." # Check Final Path availability test ! -e "$final_path" || ynh_die "This path already contains a folder" #================================================= # STORE SETTINGS FROM MANIFEST #================================================= # For the domain and the path we can't use the standard keys "domain" and "path" with the standard function ynh_webpath_register because it create automatically a button on the user pannel. # The idea is to create a custom key (specia_domain and special_path instead of domain and key). # By this the ssowatconf fonction don't create a button on the pannel. # This hack solve the issue : https://github.com/YunoHost-Apps/synapse_ynh/issues/14 ynh_app_setting_set $app special_domain $domain ynh_app_setting_set $app special_path $path_url ynh_app_setting_set $app final_path $final_path ynh_app_setting_set $app synapse_version $upstream_version ynh_app_setting_set $app is_public $is_public #================================================= # STANDARD MODIFICATIONS #================================================= # FIND AND OPEN A PORT #================================================= # Find a free port synapse_tls_port=$(ynh_find_port 8448) port=$(ynh_find_port 8008) turnserver_tls_port=$(ynh_find_port 5349) turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1))) cli_port=$(ynh_find_port 5766) # Open this port yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1 yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1 # Open the range 49152-49192 only if it as not been open by an other instance if ! yunohost firewall list | grep -q "\- 49152:49192$" then yunohost firewall allow Both 49152:49192 > /dev/null 2>&1 fi # Store opened ports ynh_app_setting_set $app synapse_port $port ynh_app_setting_set $app synapse_tls_port $synapse_tls_port ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port ynh_app_setting_set $app cli_port $cli_port #================================================= # CREATE A DH FILE #================================================= # Make dh cert for synapse if it not exist test ! -e /etc/matrix-$app/dh.pem && \ mkdir -p /etc/matrix-$app && \ openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null #================================================= # INSTALL DEPENDENCIES #================================================= # WARRNING : theses command are used in INSTALL, UPGRADE, RESTORE # For any update do it in all files ynh_install_app_dependencies coturn build-essential python2.7-dev libffi-dev python-pip python-setuptools sqlite3 libssl-dev python-virtualenv libxml2-dev libxslt1-dev python-lxml libjpeg-dev libpq-dev postgresql acl pip install --upgrade virtualenv #================================================= # CREATE DEDICATED USER #================================================= ynh_system_user_create $synapse_user /var/lib/matrix-$app adduser $synapse_user ssl-cert adduser turnserver ssl-cert #================================================= # CREATE A POSTGRESQL DATABASE #================================================= synapse_db_pwd=$(ynh_string_random 30) ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd # Create postgresql database ynh_psql_test_if_first_run ynh_psql_create_user $synapse_db_user $synapse_db_pwd ynh_psql_execute_as_root \ "CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= # Create empty dir for synapse # WARRNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files mkdir -p /var/lib/matrix-$app mkdir -p /var/log/matrix-$app mkdir -p /etc/matrix-$app/conf.d mkdir -p $final_path # Install synapse in virtualenv # WARRNING : theses command are used in INSTALL, UPGRADE (2 times) # For any update do it in all files if [ -n "$(uname -m | grep arm)" ] then ynh_setup_source $final_path/ "armv7_$(lsb_release --codename --short)" else # Install virtualenv if it don't exist test -e $final_path/bin || virtualenv -p python2.7 $final_path # Install synapse in virtualenv PS1="" cp ../conf/virtualenv_activate $final_path/bin/activate ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate # We set all necessary environement variable to create a python virtualenvironnement. source $final_path/bin/activate pip install --upgrade pip pip install --upgrade setuptools pip install --upgrade cffi ndg-httpsclient psycopg2 lxml # Download and check the checksum for the synapse source src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-) src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-) wget -nv -O synapse_source.tar.gz "$src_url" echo "${src_sum} synapse_source.tar.gz" | sha256sum -c --status \ || ynh_die "Corrupt source" pip install --upgrade synapse_source.tar.gz # Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29 test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\ pip uninstall -y msgpack-python msgpack; \ pip install msgpack-python) # This fonction was defined while we call "source $final_path/bin/activate". By this fonction de undo what does "$final_path/bin/activate" deactivate fi #================================================= # SETUP SYSTEMD #================================================= # Create systemd service for synapse and turnserver cp ../conf/default_matrix-synapse /etc/default/matrix-$app ynh_add_systemd_config matrix-$app matrix-synapse.service cp ../conf/default_coturn /etc/default/coturn-$app ynh_add_systemd_config coturn-$app coturn-synapse.service #================================================= # NGINX CONFIGURATION #================================================= ynh_add_nginx_config #================================================= # SET SYNAPSE CONFIG #================================================= # Find password for turnserver and database turnserver_pwd=$(ynh_string_random 30) ynh_app_setting_set $app turnserver_pwd $turnserver_pwd # Configure Synapse # WARRNING : theses command are used in INSTALL, UPGRADE (2 times) # For any update do it in all files homeserver_config_path="/etc/matrix-$app/homeserver.yaml" cp ../conf/homeserver.yaml "$homeserver_config_path" cp ../conf/log.yaml /etc/matrix-$app/log.yaml ynh_replace_string __APP__ $app "$homeserver_config_path" ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path" ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path" ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path" ynh_replace_string __PORT__ $port "$homeserver_config_path" ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path" ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path" ynh_replace_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path" ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml" if [ "$is_public" = "0" ] then ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path" else ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path" fi ynh_store_file_checksum "$homeserver_config_path" ynh_store_file_checksum "/etc/matrix-$app/log.yaml" #================================================= # SET COTURN CONFIG #================================================= # WARRNING : theses command are used in INSTALL, UPGRADE # For any update do it in all files coturn_config_path="/etc/matrix-$app/coturn.conf" cp ../conf/turnserver.conf "$coturn_config_path" ynh_replace_string __APP__ $app "$coturn_config_path" ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path" ynh_replace_string __DOMAIN__ $domain "$coturn_config_path" ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path" ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path" ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path" # Get public IP and set as external IP for coturn # note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6 public_ip4="$(curl ip.yunohost.org)" || true public_ip6="$(curl ipv6.yunohost.org)" || true if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4" then ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path" else ynh_replace_string '__IPV4__,' "" "$coturn_config_path" fi if [[ -n "$public_ip6" ]] && ynh_valide_ip6 "$public_ip6" then ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path" else ynh_replace_string ',__IPV6__' "" "$coturn_config_path" fi ynh_store_file_checksum "$coturn_config_path" #================================================= # SETUP LOGROTATE #================================================= ynh_use_logrotate /var/log/matrix-$app #================================================= # GENERIC FINALIZATION #================================================= # SETUP SSOWAT #================================================= # Open access to server without a button the home # The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls". cp ../conf/add_sso_conf.py $final_path cp ../conf/remove_sso_conf.py $final_path python3 $final_path/add_sso_conf.py || ynh_die "Your file /etc/ssowat/conf.json.persistent don't respect the json synaxe. Please fix the synaxe to install this app. For more information see here : https://github.com/YunoHost-Apps/synapse_ynh/issues/32" #================================================= # SECURE FILES AND DIRECTORIES #================================================= # WARRNING : theses command are used in INSTALL, UPGRADE (2 times), RESTORE # For any update do it in all files chown $synapse_user:root -R $final_path chown $synapse_user:root -R /var/lib/matrix-$app chown $synapse_user:root -R /var/log/matrix-$app chown $synapse_user:root -R /etc/matrix-$app chmod u=rwX,g=rX,o= -R /etc/matrix-$app chmod 600 /etc/matrix-$app/dh.pem setfacl -R -m user:turnserver:rX /etc/matrix-$app setfacl -R -m user:turnserver:rwX /var/log/matrix-$app #================================================= # ADVERTISE SERVICE IN ADMIN PANEL #================================================= yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log" yunohost service add coturn-$app #================================================= # RELOAD SERVICES #================================================= systemctl restart coturn-$app.service ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app" #================================================= # SEND A README FOR THE ADMIN #================================================= message="To federate this app you need to add this line in your DNS configuration: _matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain. You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done. Your synapse server also implements a turnserver (for VoIP), to have this fully functional open the TCP and UDP port $turnserver_tls_port, $turnserver_alt_tls_port and the range 49152 - 49192 (if it's not automatically done). If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh" ynh_send_readme_to_admin "$message"