mirror of
https://github.com/YunoHost-Apps/synapse_ynh.git
synced 2024-09-03 20:26:38 +02:00
387 lines
15 KiB
Bash
387 lines
15 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source /usr/share/yunohost/helpers
|
|
|
|
# Stop script if errors
|
|
ynh_abort_if_errors
|
|
|
|
# Import common fonctions
|
|
source ./psql.sh
|
|
source ./experimental_helper.sh
|
|
source ./_common.sh
|
|
|
|
#=================================================
|
|
# SET ALL CONSTANT
|
|
#=================================================
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
synapse_user="matrix-$app"
|
|
synapse_db_name="matrix_$app"
|
|
synapse_db_user="matrix_$app"
|
|
upstream_version=$(ynh_app_upstream_version)
|
|
report_stats="False"
|
|
default_domain_value="Same than the domain"
|
|
|
|
#=================================================
|
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
|
#=================================================
|
|
|
|
domain=$YNH_APP_ARG_DOMAIN
|
|
server_name=$YNH_APP_ARG_SERVER_NAME
|
|
if [[ "$server_name" == "$default_domain_value" ]]; then
|
|
server_name=$domain
|
|
fi
|
|
is_public=$YNH_APP_ARG_IS_PUBLIC
|
|
path_url="/_matrix"
|
|
final_path="/opt/yunohost/matrix-$app"
|
|
|
|
#=================================================
|
|
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
|
#=================================================
|
|
|
|
ynh_webpath_available $domain $path_url || ynh_die "$domain is not available as domain, please use an other domain."
|
|
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die "$domain is not available as domain, please use an other domain."
|
|
|
|
# Check Final Path availability
|
|
test ! -e "$final_path" || ynh_die "This path already contains a folder"
|
|
|
|
#=================================================
|
|
# STORE SETTINGS FROM MANIFEST
|
|
#=================================================
|
|
|
|
# For the domain and the path we can't use the standard keys "domain" and "path" with the standard function ynh_webpath_register because it create automatically a button on the user pannel.
|
|
# The idea is to create a custom key (specia_domain and special_path instead of domain and key).
|
|
# By this the ssowatconf fonction don't create a button on the pannel.
|
|
# This hack solve the issue : https://github.com/YunoHost-Apps/synapse_ynh/issues/14
|
|
ynh_app_setting_set $app special_domain $domain
|
|
ynh_app_setting_set $app special_path $path_url
|
|
ynh_app_setting_set $app server_name $server_name
|
|
ynh_app_setting_set $app final_path $final_path
|
|
ynh_app_setting_set $app synapse_version $upstream_version
|
|
ynh_app_setting_set $app is_public $is_public
|
|
ynh_app_setting_set $app report_stats $report_stats
|
|
|
|
#=================================================
|
|
# STANDARD MODIFICATIONS
|
|
#=================================================
|
|
# FIND AND OPEN A PORT
|
|
#=================================================
|
|
|
|
# Find a free port
|
|
synapse_tls_port=$(ynh_find_port 8448)
|
|
port=$(ynh_find_port 8008)
|
|
turnserver_tls_port=$(ynh_find_port 5349)
|
|
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
|
|
cli_port=$(ynh_find_port 5766)
|
|
|
|
# Open this port
|
|
yunohost firewall allow TCP $synapse_tls_port > /dev/null 2>&1
|
|
yunohost firewall allow Both $turnserver_tls_port > /dev/null 2>&1
|
|
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
|
|
|
|
# Store opened ports
|
|
ynh_app_setting_set $app synapse_port $port
|
|
ynh_app_setting_set $app synapse_tls_port $synapse_tls_port
|
|
ynh_app_setting_set $app turnserver_tls_port $turnserver_tls_port
|
|
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
|
|
ynh_app_setting_set $app cli_port $cli_port
|
|
|
|
#=================================================
|
|
# CREATE A DH FILE
|
|
#=================================================
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
|
# For any update do it in all files
|
|
|
|
# Make dh cert for synapse if doesn't exist
|
|
if [[ ! -e /etc/ssl/private/dh2048.pem ]]
|
|
then
|
|
openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam 2> /dev/null
|
|
chown root:ssl-cert /etc/ssl/private/dh2048.pem
|
|
chmod 640 /etc/ssl/private/dh2048.pem
|
|
fi
|
|
|
|
#=================================================
|
|
# INSTALL DEPENDENCIES
|
|
#=================================================
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
|
# For any update do it in all files
|
|
ynh_install_app_dependencies $dependances
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
|
|
ynh_system_user_create $synapse_user /var/lib/matrix-$app
|
|
adduser $synapse_user ssl-cert
|
|
adduser turnserver ssl-cert
|
|
|
|
#=================================================
|
|
# CREATE A POSTGRESQL DATABASE
|
|
#=================================================
|
|
|
|
synapse_db_pwd=$(ynh_string_random 30)
|
|
ynh_app_setting_set $app synapse_db_pwd $synapse_db_pwd
|
|
|
|
# Create postgresql database
|
|
ynh_psql_test_if_first_run
|
|
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
|
|
ynh_psql_execute_as_root \
|
|
"CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
|
|
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
|
|
# Create empty dir for synapse
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE
|
|
# For any update do it in all files
|
|
mkdir -p /var/lib/matrix-$app
|
|
mkdir -p /var/log/matrix-$app
|
|
mkdir -p /etc/matrix-$app/conf.d
|
|
mkdir -p $final_path
|
|
|
|
# Install synapse in virtualenv
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE (2 times)
|
|
# For any update do it in all files
|
|
if [ -n "$(uname -m | grep arm)" ]
|
|
then
|
|
ynh_setup_source $final_path/ "armv7_$(lsb_release --codename --short)"
|
|
else
|
|
# Install virtualenv if it don't exist
|
|
test -e $final_path/bin/python3 || python3 -m venv $final_path
|
|
|
|
# Install synapse in virtualenv
|
|
cp ../conf/virtualenv_activate $final_path/bin/activate
|
|
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
|
|
|
|
# We set all necessary environement variable to create a python virtualenvironnement.
|
|
source $final_path/bin/activate
|
|
pip3 install --upgrade pip
|
|
pip3 install --upgrade setuptools wheel
|
|
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
|
|
pip3 install --upgrade matrix-synapse==$upstream_version matrix-synapse-ldap3
|
|
|
|
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does
|
|
deactivate
|
|
fi
|
|
|
|
#=================================================
|
|
# CREATE SYNAPSE CONFIG
|
|
#=================================================
|
|
|
|
# Go in virtualenvironnement
|
|
PS1=${PS1:-}
|
|
source $final_path/bin/activate
|
|
|
|
# Generate config
|
|
python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml
|
|
|
|
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does
|
|
deactivate
|
|
|
|
# Get random values from config
|
|
registration_shared_secret=$(egrep "^registration_shared_secret" homeserver.yml | cut -d'"' -f2)
|
|
form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f2)
|
|
|
|
# store in yunohost settings
|
|
ynh_app_setting_set $app registration_shared_secret "$registration_shared_secret"
|
|
ynh_app_setting_set $app form_secret "$form_secret"
|
|
|
|
#=================================================
|
|
# SETUP SYSTEMD
|
|
#=================================================
|
|
|
|
# Create systemd service for synapse and turnserver
|
|
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
|
|
ynh_add_systemd_config matrix-$app matrix-synapse.service
|
|
|
|
cp ../conf/default_coturn /etc/default/coturn-$app
|
|
ynh_add_systemd_config coturn-$app coturn-synapse.service
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
|
|
ynh_add_nginx_config
|
|
|
|
#=================================================
|
|
# SET SYNAPSE CONFIG
|
|
#=================================================
|
|
|
|
# Find password for turnserver and database
|
|
turnserver_pwd=$(ynh_string_random 30)
|
|
ynh_app_setting_set $app turnserver_pwd $turnserver_pwd
|
|
|
|
# Configure Synapse
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG (3 times)
|
|
# For any update do it in all files
|
|
|
|
homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
|
|
|
|
cp ../conf/homeserver.yaml "$homeserver_config_path"
|
|
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
|
|
|
|
ynh_replace_string __APP__ $app "$homeserver_config_path"
|
|
ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path"
|
|
ynh_replace_string __SERVER_NAME__ $server_name "$homeserver_config_path"
|
|
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path"
|
|
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path"
|
|
ynh_replace_string __PORT__ $port "$homeserver_config_path"
|
|
ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path"
|
|
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path"
|
|
ynh_replace_special_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path"
|
|
ynh_replace_special_string __REGISTRATION_SECRET__ "$registration_shared_secret" "$homeserver_config_path"
|
|
ynh_replace_string __FORM_SECRET__ "$form_secret" "$homeserver_config_path"
|
|
ynh_replace_string __REPORT_STATS__ "$report_stats" "$homeserver_config_path"
|
|
|
|
ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml"
|
|
|
|
if [ "$is_public" = "0" ]
|
|
then
|
|
ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path"
|
|
else
|
|
ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path"
|
|
fi
|
|
|
|
ynh_store_file_checksum "$homeserver_config_path"
|
|
ynh_store_file_checksum "/etc/matrix-$app/log.yaml"
|
|
|
|
#=================================================
|
|
# SET COTURN CONFIG
|
|
#=================================================
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE
|
|
# For any update do it in all files
|
|
|
|
coturn_config_path="/etc/matrix-$app/coturn.conf"
|
|
|
|
cp ../conf/turnserver.conf "$coturn_config_path"
|
|
|
|
ynh_replace_string __APP__ $app "$coturn_config_path"
|
|
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path"
|
|
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path"
|
|
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
|
|
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
|
|
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
|
|
|
|
# Get public IP and set as external IP for coturn
|
|
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
|
|
public_ip4="$(curl ip.yunohost.org)" || true
|
|
public_ip6="$(curl ipv6.yunohost.org)" || true
|
|
|
|
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
|
|
then
|
|
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
|
|
else
|
|
ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
|
|
fi
|
|
|
|
if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6"
|
|
then
|
|
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
|
|
else
|
|
ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
|
|
fi
|
|
|
|
ynh_store_file_checksum "$coturn_config_path"
|
|
|
|
#=================================================
|
|
# SETUP LOGROTATE
|
|
#=================================================
|
|
|
|
ynh_use_logrotate /var/log/matrix-$app
|
|
|
|
#=================================================
|
|
# ADD SCRIPT FOR COTURN CRON
|
|
#=================================================
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE
|
|
# For any update do it in all files
|
|
|
|
cp ../sources/Coturn_config_rotate.sh $final_path/
|
|
ynh_replace_string __APP__ $app "$final_path/Coturn_config_rotate.sh"
|
|
|
|
#=================================================
|
|
# GENERIC FINALIZATION
|
|
#=================================================
|
|
# SETUP SSOWAT
|
|
#=================================================
|
|
|
|
# Open access to server without a button the home
|
|
# The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls".
|
|
python3 ../conf/add_sso_conf.py || ynh_die "Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app. For more information see here: https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
|
|
|
|
#=================================================
|
|
# SECURE FILES AND DIRECTORIES
|
|
#=================================================
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
|
# For any update do it in all files
|
|
chown $synapse_user:root -R $final_path
|
|
chmod 770 $final_path/Coturn_config_rotate.sh
|
|
chown $synapse_user:root -R /var/lib/matrix-$app
|
|
chown $synapse_user:root -R /var/log/matrix-$app
|
|
chown $synapse_user:root -R /etc/matrix-$app
|
|
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
|
|
chmod 600 /etc/matrix-$app/$server_name.signing.key
|
|
setfacl -R -m user:turnserver:rX /etc/matrix-$app
|
|
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
|
|
|
|
#=================================================
|
|
# ADVERTISE SERVICE IN ADMIN PANEL
|
|
#=================================================
|
|
|
|
yunohost service add matrix-$app -l "/var/log/matrix-$app/homeserver.log"
|
|
yunohost service add coturn-$app
|
|
|
|
#=================================================
|
|
# RELOAD SERVICES
|
|
#=================================================
|
|
|
|
systemctl restart coturn-$app.service
|
|
ynh_check_starting "Synapse now listening on TCP port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"
|
|
|
|
#=================================================
|
|
# SETUP FAIL2BAN
|
|
#=================================================
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE
|
|
# For any update do it in all files
|
|
|
|
ynh_add_fail2ban_config -t
|
|
|
|
#=================================================
|
|
# SEND A README FOR THE ADMIN
|
|
#=================================================
|
|
|
|
# WARNING : theses command are used in INSTALL, RESTORE
|
|
# For any update do it in all files
|
|
|
|
message="If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
|
|
|
|
If not, you may need to put the following line in the dns configuration:
|
|
|
|
_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain.
|
|
|
|
For more details, see : https://github.com/matrix-org/synapse#setting-up-federation
|
|
|
|
You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done.
|
|
|
|
Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
|
|
|
|
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh
|
|
|
|
You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en"
|
|
|
|
ynh_send_readme_to_admin "$message"
|