mirror of
https://github.com/YunoHost-Apps/synapse_ynh.git
synced 2024-09-03 20:26:38 +02:00
299 lines
11 KiB
Bash
299 lines
11 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source /usr/share/yunohost/helpers
|
|
|
|
# Stop script if errors
|
|
ynh_abort_if_errors
|
|
|
|
# Import common cmd
|
|
source ./psql.sh
|
|
source ./experimental_helper.sh
|
|
source ./_common.sh
|
|
|
|
#=================================================
|
|
# SET ALL CONSTANT
|
|
#=================================================
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
synapse_user="matrix-$app"
|
|
synapse_db_name="matrix_$app"
|
|
synapse_db_user="matrix_$app"
|
|
upstream_version=$(ynh_app_upstream_version)
|
|
|
|
#=================================================
|
|
# LOAD SETTINGS
|
|
#=================================================
|
|
|
|
domain=$(ynh_app_setting_get $app special_domain)
|
|
path_url=$(ynh_app_setting_get $app special_path)
|
|
final_path=$(ynh_app_setting_get $app final_path)
|
|
synapse_old_version=$(ynh_app_setting_get $app synapse_version)
|
|
synapse_db_pwd=$(ynh_app_setting_get $app synapse_db_pwd)
|
|
is_public=$(ynh_app_setting_get $app is_public)
|
|
port=$(ynh_app_setting_get $app synapse_port)
|
|
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
|
|
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
|
|
turnserver_alt_tls_port=$(ynh_app_setting_get $app turnserver_alt_tls_port)
|
|
turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
|
|
cli_port=$(ynh_app_setting_get $app cli_port)
|
|
|
|
#=================================================
|
|
# ENSURE DOWNWARD COMPATIBILITY
|
|
#=================================================
|
|
|
|
# Following the discussion here https://github.com/YunoHost-Apps/synapse_ynh/pull/51 we decided to remove definitely the support of the old package migration.
|
|
if [[ -z $synapse_old_version ]]
|
|
then
|
|
ynh_die "Update from this synapse version is not available. You need to remove this package and reinstall the new package version."
|
|
fi
|
|
|
|
#=================================================
|
|
# BACKUP BEFORE UPGRADE
|
|
#=================================================
|
|
|
|
# We stop the service before to set ynh_clean_setup
|
|
systemctl stop matrix-$app.service
|
|
|
|
# Backup the current version of the app
|
|
if [[ $(ynh_app_setting_get $app disable_backup_before_upgrade) != '1' ]]
|
|
then
|
|
ynh_backup_before_upgrade
|
|
ynh_clean_setup () {
|
|
ynh_restore_upgradebackup
|
|
}
|
|
fi
|
|
|
|
#=================================================
|
|
# STANDARD UPGRADE STEPS
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
|
|
# Install/upgrade synapse in virtualenv
|
|
|
|
# WARNING : these commands are used in INSTALL, UPGRADE
|
|
# For any update do it in all files
|
|
|
|
if [ -n "$(uname -m | grep arm)" ]
|
|
then
|
|
ynh_setup_source $final_path/ "armv7_$(lsb_release --codename --short)"
|
|
else
|
|
# Install virtualenv if it don't exist
|
|
test -e $final_path/bin || virtualenv -p python2.7 $final_path
|
|
|
|
# Install synapse in virtualenv
|
|
PS1=""
|
|
cp ../conf/virtualenv_activate $final_path/bin/activate
|
|
ynh_replace_string __FINAL_PATH__ $final_path $final_path/bin/activate
|
|
|
|
# We set all necessary environement variable to create a python virtualenvironnement.
|
|
source $final_path/bin/activate
|
|
pip install --upgrade setuptools
|
|
pip install --upgrade cffi ndg-httpsclient psycopg2 lxml
|
|
|
|
# Download and check the checksum for the synapse source
|
|
src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
|
|
src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/python_source.src" | cut -d= -f2-)
|
|
|
|
wget -nv -O synapse_source.tar.gz "$src_url"
|
|
echo "${src_sum} synapse_source.tar.gz" | sha256sum -c --status \
|
|
|| ynh_die "Corrupt source"
|
|
pip install --upgrade synapse_source.tar.gz
|
|
|
|
# Fix issue with msgpack see https://github.com/YunoHost-Apps/synapse_ynh/issues/29
|
|
test -e $final_path/lib/python2.7/site-packages/msgpack/__init__.py || (\
|
|
pip uninstall -y msgpack-python msgpack; \
|
|
pip install msgpack-python)
|
|
|
|
# This fonction was defined while we call "source $final_path/bin/activate". By this fonction de undo what does "$final_path/bin/activate"
|
|
deactivate
|
|
fi
|
|
|
|
#=================================================
|
|
# UPDATE SYNAPSE CONFIG
|
|
#=================================================
|
|
|
|
# WARRNING : theses command are used in INSTALL, UPGRADE
|
|
# For any update do it in all files
|
|
|
|
homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
|
|
|
|
cp ../conf/homeserver.yaml "$homeserver_config_path"
|
|
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
|
|
|
|
ynh_replace_string __APP__ $app "$homeserver_config_path"
|
|
ynh_replace_string __DOMAIN__ $domain "$homeserver_config_path"
|
|
ynh_replace_string __SYNAPSE_DB_USER__ $synapse_db_user "$homeserver_config_path"
|
|
ynh_replace_string __SYNAPSE_DB_PWD__ $synapse_db_pwd "$homeserver_config_path"
|
|
ynh_replace_string __PORT__ $port "$homeserver_config_path"
|
|
ynh_replace_string __TLS_PORT__ $synapse_tls_port "$homeserver_config_path"
|
|
ynh_replace_string __TURNSERVER_TLS_PORT__ $turnserver_tls_port "$homeserver_config_path"
|
|
ynh_replace_string __TURNPWD__ $turnserver_pwd "$homeserver_config_path"
|
|
|
|
ynh_replace_string __APP__ $app "/etc/matrix-$app/log.yaml"
|
|
|
|
if [ "$is_public" = "0" ]
|
|
then
|
|
ynh_replace_string __ALLOWED_ACCESS__ False "$homeserver_config_path"
|
|
else
|
|
ynh_replace_string __ALLOWED_ACCESS__ True "$homeserver_config_path"
|
|
fi
|
|
|
|
ynh_store_file_checksum "$homeserver_config_path"
|
|
ynh_store_file_checksum "/etc/matrix-$app/log.yaml"
|
|
|
|
#=================================================
|
|
# MIGRATION 1 : MULTINSTANCE SUPPORT
|
|
#=================================================
|
|
|
|
if [[ ! -e /etc/matrix-$app/coturn.conf ]]
|
|
then
|
|
|
|
#=================================================
|
|
# CREATE AN INDEPENDANT SERVICE FOR COTURN
|
|
#=================================================
|
|
|
|
# Disable default config for turnserver and create a new service
|
|
systemctl stop coturn.service
|
|
|
|
# Set by default the system config for coturn
|
|
echo "" > /etc/turnserver.conf
|
|
ynh_replace_string "TURNSERVER_ENABLED=1" "TURNSERVER_ENABLED=0" /etc/default/coturn
|
|
|
|
# Set a port for each service in turnserver
|
|
turnserver_alt_tls_port=$(ynh_find_port $((turnserver_tls_port+1)))
|
|
cli_port=$(ynh_find_port 5766)
|
|
|
|
ynh_app_setting_set $app turnserver_alt_tls_port $turnserver_alt_tls_port
|
|
ynh_app_setting_set $app cli_port $cli_port
|
|
|
|
yunohost firewall allow Both $turnserver_alt_tls_port > /dev/null 2>&1
|
|
|
|
#=================================================
|
|
# MAKE A CLEAN LOGROTATE CONFIG
|
|
#=================================================
|
|
|
|
ynh_use_logrotate /var/log/matrix-$app --non-append
|
|
fi
|
|
|
|
#=================================================
|
|
# MIGRATION 2 : USE STANDARD ACCESS FOR CERTIFCATE
|
|
# AND USE INDEPENDANT DH FILE
|
|
#=================================================
|
|
|
|
# Fix issue about certificates access
|
|
if [[ ! $(grep "ssl-cert:x:[0-9]*:.*matrix-$app" /etc/group) ]]
|
|
then
|
|
adduser $synapse_user ssl-cert
|
|
adduser turnserver ssl-cert
|
|
fi
|
|
|
|
# In the old synapse instance we stored the dh.pem in /etc/yunohost/certs/DOMAIN.TLD/ but it was problematics with lets'encrypt witch made a link to the key. While the letsencrypt key was changed the dh.pem file was lost. So we decided to move to /etc/matrix-synapse/ witch is a directory witch is not managed by any other component.
|
|
# Here we check if the dh.pem file is already moved. If not we try to copy the file from the old place. If the file in the old place was already removed (by letsencrypt) we create a new one.
|
|
test -e /etc/matrix-$app/dh.pem || \
|
|
cp /etc/yunohost/certs/$domain/dh.pem /etc/matrix-$app/dh.pem || \
|
|
openssl dhparam -out /etc/matrix-$app/dh.pem 2048 > /dev/null
|
|
|
|
#=================================================
|
|
# STANDARD UPGRADE STEPS
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
|
|
ynh_add_nginx_config
|
|
|
|
#=================================================
|
|
# UPDATE COTURN CONFIG
|
|
#=================================================
|
|
|
|
# WARRNING : theses command are used in INSTALL, UPGRADE
|
|
# For any update do it in all files
|
|
|
|
coturn_config_path="/etc/matrix-$app/coturn.conf"
|
|
|
|
cp ../conf/turnserver.conf "$coturn_config_path"
|
|
|
|
ynh_replace_string __APP__ $app "$coturn_config_path"
|
|
ynh_replace_string __TURNPWD__ $turnserver_pwd "$coturn_config_path"
|
|
ynh_replace_string __DOMAIN__ $domain "$coturn_config_path"
|
|
ynh_replace_string __TLS_PORT__ $turnserver_tls_port "$coturn_config_path"
|
|
ynh_replace_string __TLS_ALT_PORT__ $turnserver_alt_tls_port "$coturn_config_path"
|
|
ynh_replace_string __CLI_PORT__ $cli_port "$coturn_config_path"
|
|
|
|
# Get public IP and set as external IP for coturn
|
|
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
|
|
public_ip4="$(curl ip.yunohost.org)" || true
|
|
public_ip6="$(curl ipv6.yunohost.org)" || true
|
|
|
|
if [[ -n "$public_ip4" ]] && ynh_validate_ip4 "$public_ip4"
|
|
then
|
|
ynh_replace_string '__IPV4__' "$public_ip4" "$coturn_config_path"
|
|
else
|
|
ynh_replace_string '__IPV4__,' "" "$coturn_config_path"
|
|
fi
|
|
|
|
if [[ -n "$public_ip6" ]] && ynh_validate_ip6 "$public_ip6"
|
|
then
|
|
ynh_replace_string '__IPV6__' "$public_ip6" "$coturn_config_path"
|
|
else
|
|
ynh_replace_string ',__IPV6__' "" "$coturn_config_path"
|
|
fi
|
|
|
|
ynh_store_file_checksum "$coturn_config_path"
|
|
|
|
#=================================================
|
|
# ADD SCRIPT FOR COTURN CRON
|
|
#=================================================
|
|
|
|
# WARRNING : theses command are used in INSTALL, UPGRADE
|
|
# For any update do it in all files
|
|
|
|
cp ../sources/Coturn_config_rotate.sh $final_path/
|
|
ynh_replace_string __APP__ $app "$final_path/Coturn_config_rotate.sh"
|
|
|
|
#=================================================
|
|
# UPDATE SYSTEMD
|
|
#=================================================
|
|
|
|
# Create systemd service for synapse and turnserver
|
|
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
|
|
ynh_add_systemd_config matrix-$app matrix-synapse.service
|
|
|
|
cp ../conf/default_coturn /etc/default/coturn-$app
|
|
ynh_add_systemd_config coturn-$app coturn-synapse.service
|
|
|
|
#=================================================
|
|
# GENERIC FINALIZATION
|
|
#=================================================
|
|
# SECURE FILES AND DIRECTORIES
|
|
#=================================================
|
|
|
|
# WARRNING : theses command are used in INSTALL, UPGRADE (2 times), RESTORE
|
|
# For any update do it in all files
|
|
chown $synapse_user:root -R $final_path
|
|
chown $synapse_user:root -R /var/lib/matrix-$app
|
|
chown $synapse_user:root -R /var/log/matrix-$app
|
|
chown $synapse_user:root -R /etc/matrix-$app
|
|
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
|
|
chmod 600 /etc/matrix-$app/dh.pem
|
|
setfacl -R -m user:turnserver:rX /etc/matrix-$app
|
|
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
|
|
|
|
#=================================================
|
|
# UPDATE VERSION SETTINGS
|
|
#=================================================
|
|
|
|
ynh_app_setting_set $app synapse_version $upstream_version
|
|
|
|
#=================================================
|
|
# RELOAD SERVICES
|
|
#=================================================
|
|
|
|
systemctl restart coturn-$app.service
|
|
ynh_check_starting "Synapse now listening on port $synapse_tls_port" "/var/log/matrix-$app/homeserver.log" 300 "matrix-$app"
|