#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source /usr/share/yunohost/helpers # Stop script if errors ynh_abort_if_errors # Import common fonctions source ./experimental_helper.sh source ./_common.sh #================================================= # RETRIEVE ARGUMENTS #================================================= app=$YNH_APP_INSTANCE_NAME report_stats=$(ynh_app_setting_get --app $app --key report_stats) allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms) disable_backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_backup_before_upgrade) is_public=$(ynh_app_setting_get --app $app --key is_public) jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server) e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default) #================================================= # SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND #================================================= show_config() { # here you are supposed to read some config file/database/other then print the values # ynh_return "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value" ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS=$report_stats" ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS=$allow_public_rooms" ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER=$jitsi_server" ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC=${is_public}" ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT=${e2e_enabled_by_default}" if [[ ${disable_backup_before_upgrade:-0} -eq 1 ]] then ynh_return "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=0" else ynh_return "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=1" fi } #================================================= # MODIFY THE CONFIGURATION #================================================= apply_config() { report_stats=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS:-$report_stats} allow_public_rooms=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS:-$allow_public_rooms} do_backup_before_upgrade=${YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE:-} is_public=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_PUBLIC:-$is_public} jitsi_server=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER:-$jitsi_server} e2e_enabled_by_default=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT:-$e2e_enabled_by_default} if [ $report_stats == 1 ]; then report_stats=true fi if [ $report_stats == 0 ]; then report_stats=false fi if [ $allow_public_rooms == 1 ]; then allow_public_rooms=true fi if [ $allow_public_rooms == 0 ]; then allow_public_rooms=false fi if [ $e2e_enabled_by_default == 1 ]; then e2e_enabled_by_default=true fi if [ $e2e_enabled_by_default == 0 ]; then e2e_enabled_by_default=false fi ynh_app_setting_set --app $app --key report_stats --value $report_stats ynh_app_setting_set --app $app --key allow_public_rooms --value $allow_public_rooms ynh_app_setting_set --app $app --key is_public --value $is_public ynh_app_setting_set --app $app --key jitsi_server --value $jitsi_server ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default if [[ -n $do_backup_before_upgrade ]]; then if [ $do_backup_before_upgrade -eq 1 ]; then ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 0 else ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 1 fi fi domain=$(ynh_app_setting_get --app $app --key domain) server_name=$(ynh_app_setting_get --app $app --key server_name) synapse_db_pwd=$(ynh_app_setting_get --app $app --key synapse_db_pwd) is_public=$(ynh_app_setting_get --app $app --key is_public) port=$(ynh_app_setting_get --app $app --key synapse_port) synapse_tls_port=$(ynh_app_setting_get --app $app --key synapse_tls_port) turnserver_tls_port=$(ynh_app_setting_get --app $app --key turnserver_tls_port) turnserver_pwd=$(ynh_app_setting_get --app $app --key turnserver_pwd) registration_shared_secret=$(ynh_app_setting_get --app $app --key registration_shared_secret) form_secret=$(ynh_app_setting_get --app $app --key form_secret) macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key) synapse_user="matrix-$app" synapse_db_name="matrix_$app" synapse_db_user="matrix_$app" # Configure Synapse # WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times) # For any update do it in all files if [ -z $macaroon_secret_key ]; then # Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice. # For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/ # The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !! # So for the old install we just leave this as it is. And for the new install we use a real macaroon. macaroon_secret_key_param='# macaroon_secret_key: ""' else macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"' fi if [ $is_public -eq 0 ] then allowed_access=False sso_enabled=True else allowed_access=True sso_enabled=False fi ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml" ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" # Create .well-known redirection for access by federation if yunohost --output-as plain domain list | grep -q "^$server_name$" then ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf" fi ynh_store_file_checksum --file "$homeserver_config_path" setfacl -R -m user:turnserver:rX /etc/matrix-$app systemctl restart matrix-$app systemctl reload nginx } #================================================= # GENERIC FINALIZATION #================================================= # SELECT THE ACTION FOLLOWING THE GIVEN ARGUMENT #================================================= case $1 in show) show_config;; apply) apply_config;; esac