YunoHost-Apps/synapse_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00
Code Issues Activity Actions
synapse_ynh/scripts/install
Josué Tille 1be257483e
Update manifest
2023-10-31 22:55:16 +01:00

499 lines
21 KiB
Bash
Raw Blame History

#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source experimental_helper.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
#REMOVEME? ynh_clean_setup () {
# Clean installation remainings that are not handled by the remove script.
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
#REMOVEME? ynh_abort_if_errors
#=================================================
# SET CONSTANTS
#=================================================
synapse_user="matrix-$app"
synapse_user_app="$app"
synapse_user_app_pwd="$(ynh_string_random --length=30)"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
synapse_db_name="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
report_stats="false"
e2e_enabled_by_default="off"
default_domain_value="Same than the domain"
domain_whitelist_client_=$(get_domain_list)
domain_whitelist_client=${domain_whitelist_client_%"\n"}
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
#REMOVEME? domain=$YNH_APP_ARG_DOMAIN
#REMOVEME? server_name=$YNH_APP_ARG_SERVER_NAME
#REMOVEME? is_free_registration=$YNH_APP_ARG_IS_FREE_REGISTRATION
#REMOVEME? jitsi_server=$YNH_APP_ARG_JITSI_SERVER
path="/_matrix"
#REMOVEME? install_dir="/opt/yunohost/matrix-$app"
final_www_path="/var/www/$app"
data_path="/home/yunohost.app/matrix-$app"
main_domain=$(yunohost domain list --output-as json | jq -r .main)
if [[ "$server_name" == "$default_domain_value" ]]; then
server_name=$domain
fi
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
#REMOVEME? ynh_script_progression --message="Validating installation parameters..." --weight=2
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain."
# Check Final Path availability
#REMOVEME? test ! -e "$install_dir" || ynh_die --message="This path already contains a folder"
if [ -e "$data_path" ]; then
old_data_dir_path="$data_path$(date '+%Y%m%d.%H%M%S')"
ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path"
mv "$data_path" "$old_data_dir_path"
fi
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
#REMOVEME? ynh_script_progression --message="Storing installation settings..." --weight=1
#REMOVEME? ynh_app_setting_set --app=$app --key=domain --value=$domain
#REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path
ynh_app_setting_set --app=$app --key=server_name --value=$server_name
ynh_app_setting_set --app=$app --key=jitsi_server --value=$jitsi_server
#REMOVEME? ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
#REMOVEME? ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
ynh_app_setting_set --app=$app --key=synapse_user_app_pwd --value=$synapse_user_app_pwd
if [ "$is_free_registration" -eq "0" ]
then
enable_registration="false"
turn_allow_guests="false"
sso_enabled="true"
password_enabled="false"
enable_3pid_lookup="false"
else
enable_registration="true"
turn_allow_guests="true"
sso_enabled="false"
password_enabled="true"
enable_3pid_lookup="true"
fi
ynh_app_setting_set --app=$app --key=enable_registration --value=$enable_registration
ynh_app_setting_set --app=$app --key=turn_allow_guests --value=$turn_allow_guests
ynh_app_setting_set --app=$app --key=sso_enabled --value=$sso_enabled
#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
ynh_app_setting_set --app=$app --key=enable_3pid_lookup --value=$enable_3pid_lookup
#=================================================
## SET STANDARD SETTINGS FROM DEFAULT CONFIG
#=================================================
element_ynh_url="https://matrix.to/"
# Get app name of first Element Instance (can be changed later in Config Panel)
element_instance="element"
if yunohost --output-as plain app list | grep -q "^$element_instance$"; then
#REMOVEME? element_domain=$(ynh_app_setting_get --app $element_instance --key domain)
#REMOVEME? element_path=$(ynh_app_setting_get --app $element_instance --key path)
element_ynh_url="https://""$element_domain""$element_path"
fi
web_client_location=$element_ynh_url
client_base_url=$element_ynh_url
invite_client_location=$element_ynh_url
backup_before_upgrade="true"
server_statistics="false"
allow_public_rooms_without_auth="false"
allow_public_rooms_over_federation="false"
max_upload_size="10M"
disable_msisdn_registration="true"
registrations_require_3pid="none"
# here we need sed magic to transform $server_name
allowed_local_3pids_email=""
allowed_local_3pids_msisdn=""
allow_guest_access="false"
account_threepid_delegates_msisdn=""
default_identity_server="https://matrix.org"
auto_join_rooms="#auto_join_room:""$server_name"
autocreate_auto_join_rooms="false"
auto_join_rooms_for_guests="true"
password_enabled="true"
enable_notifs="true"
notif_for_new_users="true"
enable_group_creation="true"
push_include_content="true"
ynh_app_setting_set --app=$app --key=backup_before_upgrade --value=$backup_before_upgrade
ynh_app_setting_set --app=$app --key=server_statistics --value=$server_statistics
ynh_app_setting_set --app=$app --key=web_client_location --value=$web_client_location
ynh_app_setting_set --app=$app --key=client_base_url --value=$client_base_url
ynh_app_setting_set --app=$app --key=invite_client_location --value=$invite_client_location
ynh_app_setting_set --app=$app --key=allow_public_rooms_without_auth --value=$allow_public_rooms_without_auth
ynh_app_setting_set --app=$app --key=allow_public_rooms_over_federation --value=$allow_public_rooms_over_federation
ynh_app_setting_set --app=$app --key=max_upload_size --value=$max_upload_size
ynh_app_setting_set --app=$app --key=disable_msisdn_registration --value=$disable_msisdn_registration
ynh_app_setting_set --app=$app --key=registrations_require_3pid --value=$registrations_require_3pid
ynh_app_setting_set --app=$app --key=allowed_local_3pids_email --value=$allowed_local_3pids_email
ynh_app_setting_set --app=$app --key=allowed_local_3pids_msisdn --value=$allowed_local_3pids_msisdn
ynh_app_setting_set --app=$app --key=account_threepid_delegates_msisdn --value=$account_threepid_delegates_msisdn
ynh_app_setting_set --app=$app --key=allow_guest_access --value=$allow_guest_access
ynh_app_setting_set --app=$app --key=default_identity_server --value=$default_identity_server
ynh_app_setting_set --app=$app --key=auto_join_rooms --value=$auto_join_rooms
ynh_app_setting_set --app=$app --key=autocreate_auto_join_rooms --value=$autocreate_auto_join_rooms
ynh_app_setting_set --app=$app --key=auto_join_rooms_for_guests --value=$auto_join_rooms_for_guests
#REMOVEME? ynh_app_setting_set --app=$app --key=password_enabled --value=$password_enabled
ynh_app_setting_set --app=$app --key=enable_notifs --value=$enable_notifs
ynh_app_setting_set --app=$app --key=notif_for_new_users --value=$notif_for_new_users
ynh_app_setting_set --app=$app --key=enable_group_creation --value=$enable_group_creation
ynh_app_setting_set --app=$app --key=push_include_content --value=$push_include_content
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Configuring firewall..." --weight=19
# Find a free port
#REMOVEME? synapse_tls_port=$(ynh_find_port --port=8448)
#REMOVEME? port=$(ynh_find_port --port=8008)
#REMOVEME? turnserver_tls_port=$(ynh_find_port --port=5349)
#REMOVEME? turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
#REMOVEME? cli_port=$(ynh_find_port --port=5766)
# Open this port
ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
# Store opened ports
#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_port --value=$port
#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_tls_port --value=$synapse_tls_port
#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port
#REMOVEME? ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
#REMOVEME? ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
#=================================================
# CREATE A DH FILE
#=================================================
ynh_script_progression --message="Creating a dh file..." --weight=3
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
# Make dh cert for synapse if it doesn't exist
if [ ! -e /etc/ssl/private/dh2048.pem ]
then
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
chown root:ssl-cert /etc/ssl/private/dh2048.pem
chmod 640 /etc/ssl/private/dh2048.pem
fi
#=================================================
# INSTALL DEPENDENCIES
#=================================================
#REMOVEME? ynh_script_progression --message="Installing dependencies..." --weight=80
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
#REMOVEME? ynh_exec_warn_less ynh_install_app_dependencies $dependances
#=================================================
# CREATE DEDICATED USER
#=================================================
#REMOVEME? ynh_script_progression --message="Configuring system user..." --weight=3
#REMOVEME? ynh_system_user_create --username=$synapse_user --home_dir=$install_dir
# The format to create an user account varies depending on the version of YunoHost currently installed.
ynh_current_version=$(dpkg-query --showformat='${Version}' --show yunohost)
if $(dpkg --compare-versions "$ynh_current_version" ge "11.1"); then
yunohost user create $synapse_user_app -F "Synapse Application" -d $domain -p "$synapse_user_app_pwd"
else
yunohost user create $synapse_user_app -f Synapse -l Application -d $domain -p "$synapse_user_app_pwd"
fi
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
#REMOVEME? ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4
synapse_db_pwd=$(ynh_string_random --length=30)
#REMOVEME? ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd
# Create postgresql database
#REMOVEME? ynh_psql_test_if_first_run
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_psql_execute_as_root \
--sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=50
# Create empty dir for synapse
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
mkdir -p $data_path
mkdir -p /var/log/matrix-$app
mkdir -p /etc/matrix-$app/conf.d
mkdir -p /etc/matrix-$app/app-service
touch /etc/matrix-$app/conf.d/app_service.yaml
# Install synapse in virtualenv
install_sources
#=================================================
# CREATE SMALL CAS SERVER
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
mkdir -p $final_www_path
cp ../sources/cas_server.php $final_www_path/
chmod u=rwX,g=rX,o= -R $final_www_path
chown $synapse_user:root -R $final_www_path
#=================================================
# CREATE SYNAPSE CONFIG
#=================================================
ynh_script_progression --message="Creating Synapse config..." --weight=3
# Go in virtualenvironnement
set +u;
source $install_dir/bin/activate
set -u;
# Generate config
python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --server-name $server_name --report-stats=no -c homeserver.yml
# This function was defined when we called "source $install_dir/bin/activate". With this function we undo what "$install_dir/bin/activate" does
set +u;
deactivate
set -u;
# Get random values from config
registration_shared_secret=$(egrep "^registration_shared_secret:" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret:" homeserver.yml | cut -d'"' -f2)
macaroon_secret_key=$(egrep "^macaroon_secret_key:" homeserver.yml | cut -d'"' -f2)
# store in yunohost settings
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
ynh_app_setting_set --app=$app --key=macaroon_secret_key --value="$macaroon_secret_key"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Configuring a systemd service..." --weight=2
# Create systemd service for synapse and turnserver
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
ynh_add_systemd_config --service=matrix-$app --template=matrix-synapse.service
cp ../conf/default_coturn /etc/default/coturn-$app
ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=2
# Create a dedicated php-fpm config
ynh_script_progression --message="Configuring application..."
ynh_add_fpm_config --usage=low --footprint=low
# Create .well-known redirection for access by federation
if yunohost --output-as plain domain list | grep -q "^$server_name$"
then
ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
fi
# Create a dedicated nginx config
ynh_add_nginx_config app
#=================================================
# SET SYNAPSE CONFIG
#=================================================
ynh_script_progression --message="Configuring Synapse..." --weight=2
# Find password for turnserver and database
turnserver_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
# Configure Synapse
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times)
# For any update do it in all files
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
#=================================================
# SET COTURN CONFIG
#=================================================
ynh_script_progression --message="Configuring Coturn..." --weight=1
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl -s ip.yunohost.org)" || true
public_ip6="$(curl -s ipv6.yunohost.org)" || true
turn_external_ip=""
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
turn_external_ip+="external-ip="$public_ip4%"\n"
fi
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
turn_external_ip+="external-ip="$public_ip6%"\n"
fi
ynh_add_config --template="turnserver.conf" --destination="/etc/matrix-$app/coturn.conf"
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=2
ynh_use_logrotate --logfile "/var/log/matrix-$app"
#=================================================
# ADD SCRIPT FOR COTURN CRON AND APP SERVICE
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
ynh_add_config --template="../sources/Coturn_config_rotate.sh" --destination="$install_dir/Coturn_config_rotate.sh"
ynh_add_config --template="../sources/update_synapse_for_appservice.sh" --destination="$install_dir/update_synapse_for_appservice.sh"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP PERMISSIONS
#=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1
if yunohost --output-as plain domain list | grep -q "^$server_name$"; then
ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \
--label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \
--auth_header=false --protected=true
fi
#=================================================
# UPDATE HOOKS
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
ynh_replace_string __APP__ $app ../hooks/post_cert_update
ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
chown $synapse_user:root -R $install_dir
chmod 770 $install_dir/Coturn_config_rotate.sh
chmod 700 $install_dir/update_synapse_for_appservice.sh
chown $synapse_user:root -R $data_path
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/$server_name.signing.key
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log" --needs_exposed_ports $synapse_tls_port
yunohost service add coturn-$app --needs_exposed_ports $turnserver_tls_port
#=================================================
# RELOAD SERVICES
#=================================================
ynh_script_progression --message="Restarting Synapse services..." --weight=11
ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring Fail2Ban..." --weight=10
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
ynh_add_fail2ban_config --use_template
#=================================================
# SEND A README FOR THE ADMIN
#=================================================
# WARNING : theses command are used in INSTALL, RESTORE
# For any update do it in all files
echo "If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
If not, you may need to put the following line in the dns configuration:
_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain.
For more details, see : https://github.com/matrix-org/synapse#setting-up-federation
You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done.
Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh
You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en" > mail_to_send
ynh_send_readme_to_admin --app_message="mail_to_send" --type="install"
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --last
Reference in a new issue View git blame Copy permalink