mirror of
https://github.com/YunoHost-Apps/synapse_ynh.git
synced 2024-09-03 20:26:38 +02:00
663ae2c352
* Update README.md * Update manifest.json * a * Delete a * avoid boolean for public but ask a clear choice Yes/No * Update check_process Add server_name="domain2.tld" (DOMAIN) * .well-known DNS conf become optionnal with .well-known edition * .well-known redirection for access by federation Create .well-known redirection for access by federation * .well-known redirection for access by federation If not existing, create .well-known redirection for access by federation * Update README.md back to 0.99.5.2 * back to 0.99.5.2 * back to 0.99.5.2 * back to 0.99.5.2 * Update install * Update upgrade * Update install * Update upgrade * Update install * Update upgrade * Update .well-known redirection for access by federation and applications like Riot.im * Update .well-known redirection for access by federation and applications like Riot.im * update to 1.1.0 * update to 1.1.0 * update to 1.1.0 * update to 1.1.0 * update to 1.1.0 * update to 1.1.0 * Update install * Update upgrade * Update to 1.2.1 * Update to 1.2.1 * Update to 1.2.1 * Back to v1.1.0 * Back to v1.1.0 * Back to v1.1.0 * Update to v1.2.1 * Update to v1.2.1 * Update to v1.2.1 * Important update of upgrade script ynh_replace_string __SERVER_NAME__ $server_name "$homeserver_config_path" was missing * Back to v1.1.0 * Back to v1.1.0 * Back to v1.1.0 * Fix typo for ipv6 validation * Upgrade to v1.2.1 * Upgrade to v1.2.1 * Upgrade to v1.2.1 * remove server_name's nginx conf remove /etc/nginx/conf.d/${server_name}.d/server_name.conf * Create server_name.conf To allow the automatic well-known system for server-name detection instead of DNS record * Update install In # Create .well-known redirection for access by federation change cat > /etc/nginx/conf.d/${server_name}.d/server_name.conf <<EOF location /.well-known/matrix/ { return 200 '{"m.server": "$domain", "m.homeserver": "https://$domain"}'; add_header Content-Type application/json; add_header Access-Control-Allow-Origin '*'; } EOF to cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/server_name.conf after creation of ../conf/server_name.conf file. * Update upgrade In # Create .well-known redirection for access by federation if it doesn't exist change cat > /etc/nginx/conf.d/${server_name}.d/server_name.conf <<EOF location /.well-known/matrix/ { return 200 '{"m.server": "$domain", "m.homeserver": "https://$domain"}'; add_header Content-Type application/json; add_header Access-Control-Allow-Origin '*'; } EOF to cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/server_name.conf * backup well.known server_name nginx cond add ynh_backup "/etc/nginx/conf.d/${server_name}.d/server_name.conf" * Backup well.known server-name nging conf add server_name=$(ynh_app_setting_get $app server_name) to make ynh_backup "/etc/nginx/conf.d/${server_name}.d/server_name.conf" understood * Update backup * Update scripts/install Co-Authored-By: Josue-T <josue@tille.ch> * Update install * Update README.md Co-Authored-By: Josue-T <josue@tille.ch> * Update scripts/upgrade Co-Authored-By: Josue-T <josue@tille.ch> * Update conf/server_name.conf Co-Authored-By: Josue-T <josue@tille.ch> * move .well-known redirection to config section move #Create .well-known redirection for access by federation to end of config section * move .well-known redirection to config section move #Create .well-known redirection to the end of config section and Indentation * add checksum management for server_name.conf add checksum management for server_name.conf with the helper ynh_store_file_checksum * add checksum management for server_name.conf add checksum management for server_name.conf with the helper ynh_store_file_checksum * replace __SERVER_NAME__ * replace __SERVER_NAME__ * delete a blank line * Update upgrade * Update install * Update check_process Co-Authored-By: Josue-T <josue@tille.ch> * Update conf/server_name.conf Co-Authored-By: Josue-T <josue@tille.ch> * remove blank line * ynh_store_file_checksum after cp inside if block * change order checksum and cp change order to ynh_backup_if_checksum_is_different then cp then ynh_store_file_checksum * Update install * Update upgrade * Update backup * Update backup * Update scripts/backup Co-Authored-By: Josue-T <josue@tille.ch> * Update scripts/install Co-Authored-By: Josue-T <josue@tille.ch> * Update scripts/install Co-Authored-By: Josue-T <josue@tille.ch> * Update scripts/install Co-Authored-By: Josue-T <josue@tille.ch> * Update install * Update remove * Update upgrade
455 lines
20 KiB
Bash
455 lines
20 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source _common.sh
|
|
source experimental_helper.sh
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# MANAGE SCRIPT FAILURE
|
|
#=================================================
|
|
|
|
ynh_clean_setup () {
|
|
# Clean installation remainings that are not handled by the remove script.
|
|
ynh_clean_check_starting
|
|
}
|
|
# Exit if an error occurs during the execution of the script
|
|
ynh_abort_if_errors
|
|
|
|
#=================================================
|
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
|
#=================================================
|
|
|
|
domain=$YNH_APP_ARG_DOMAIN
|
|
is_public=$YNH_APP_ARG_IS_PUBLIC
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
|
|
#=================================================
|
|
# SET CONSTANTS
|
|
#=================================================
|
|
|
|
synapse_user="matrix-$app"
|
|
synapse_db_name="matrix_$app"
|
|
synapse_db_user="matrix_$app"
|
|
upstream_version=$(ynh_app_upstream_version)
|
|
report_stats="False"
|
|
default_domain_value="Same than the domain"
|
|
|
|
#=================================================
|
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
|
#=================================================
|
|
|
|
domain=$YNH_APP_ARG_DOMAIN
|
|
server_name=$YNH_APP_ARG_SERVER_NAME
|
|
is_public=$YNH_APP_ARG_IS_PUBLIC
|
|
path_url="/_matrix"
|
|
final_path="/opt/yunohost/matrix-$app"
|
|
|
|
if [[ "$server_name" == "$default_domain_value" ]]; then
|
|
server_name=$domain
|
|
fi
|
|
|
|
#=================================================
|
|
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
|
#=================================================
|
|
ynh_script_progression --message="Validating installation parameters..." --weight=2
|
|
|
|
[ $(ynh_webpath_available --domain=$domain --path_url=$path_url) == "True" ] || ynh_die --message="$domain is not available as domain, please use an other domain."
|
|
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain."
|
|
|
|
# Check Final Path availability
|
|
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
|
|
|
|
#=================================================
|
|
# STORE SETTINGS FROM MANIFEST
|
|
#=================================================
|
|
ynh_script_progression --message="Storing installation settings..." --weight=1
|
|
|
|
# For the domain and the path we can't use the standard keys "domain" and "path" with the standard function ynh_webpath_register because it create automatically a button on the user pannel.
|
|
# The idea is to create a custom key (specia_domain and special_path instead of domain and key).
|
|
# By this the ssowatconf fonction don't create a button on the pannel.
|
|
# This hack solve the issue : https://github.com/YunoHost-Apps/synapse_ynh/issues/14
|
|
ynh_app_setting_set --app=$app --key=special_domain --value=$domain
|
|
ynh_app_setting_set --app=$app --key=special_path --value=$path_url
|
|
ynh_app_setting_set --app=$app --key=server_name --value=$server_name
|
|
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
|
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
|
|
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
|
|
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
|
|
|
|
#=================================================
|
|
# STANDARD MODIFICATIONS
|
|
#=================================================
|
|
# FIND AND OPEN A PORT
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring firewall..." --weight=19
|
|
|
|
# Find a free port
|
|
synapse_tls_port=$(ynh_find_port --port=8448)
|
|
port=$(ynh_find_port --port=8008)
|
|
turnserver_tls_port=$(ynh_find_port --port=5349)
|
|
turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
|
|
cli_port=$(ynh_find_port --port=5766)
|
|
|
|
# Open this port
|
|
ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port
|
|
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
|
|
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
|
|
|
|
# Store opened ports
|
|
ynh_app_setting_set --app=$app --key=synapse_port --value=$port
|
|
ynh_app_setting_set --app=$app --key=synapse_tls_port --value=$synapse_tls_port
|
|
ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port
|
|
ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
|
|
ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
|
|
|
|
#=================================================
|
|
# CREATE A DH FILE
|
|
#=================================================
|
|
ynh_script_progression --message="Creating a dh file..." --weight=3
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
|
# For any update do it in all files
|
|
|
|
# Make dh cert for synapse if it doesn't exist
|
|
if [ ! -e /etc/ssl/private/dh2048.pem ]
|
|
then
|
|
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
|
|
chown root:ssl-cert /etc/ssl/private/dh2048.pem
|
|
chmod 640 /etc/ssl/private/dh2048.pem
|
|
fi
|
|
|
|
#=================================================
|
|
# INSTALL DEPENDENCIES
|
|
#=================================================
|
|
ynh_script_progression --message="Installing dependencies..." --weight=80
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
|
# For any update do it in all files
|
|
ynh_install_app_dependencies $dependances
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring system user..." --weight=3
|
|
|
|
ynh_system_user_create --username=$synapse_user --home_dir=/var/lib/matrix-$app
|
|
adduser $synapse_user ssl-cert
|
|
adduser turnserver ssl-cert
|
|
|
|
#=================================================
|
|
# CREATE A POSTGRESQL DATABASE
|
|
#=================================================
|
|
ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4
|
|
|
|
ynh_print_OFF
|
|
synapse_db_pwd=$(ynh_string_random --length=30)
|
|
ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd
|
|
ynh_print_ON
|
|
|
|
# Create postgresql database
|
|
ynh_psql_test_if_first_run
|
|
ynh_print_OFF
|
|
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
|
|
ynh_print_ON
|
|
ynh_psql_execute_as_root \
|
|
--sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
|
|
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
ynh_script_progression --message="Setting up source files..." --weight=50
|
|
|
|
# Create empty dir for synapse
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE
|
|
# For any update do it in all files
|
|
mkdir -p /var/lib/matrix-$app
|
|
mkdir -p /var/log/matrix-$app
|
|
mkdir -p /etc/matrix-$app/conf.d
|
|
mkdir -p $final_path
|
|
|
|
# Install synapse in virtualenv
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE (2 times)
|
|
# For any update do it in all files
|
|
if [ -n "$(uname -m | grep arm)" ]
|
|
then
|
|
ynh_setup_source --dest_dir=$final_path/ --source_id="armv7_$(lsb_release --codename --short)"
|
|
else
|
|
# Install virtualenv if it don't exist
|
|
test -e $final_path/bin/python3 || python3 -m venv $final_path
|
|
|
|
# Install synapse in virtualenv
|
|
cp ../conf/virtualenv_activate $final_path/bin/activate
|
|
ynh_replace_string --match_string=__FINAL_PATH__ --replace_string=$final_path --target_file=$final_path/bin/activate
|
|
|
|
# We set all necessary environement variable to create a python virtualenvironnement.
|
|
source $final_path/bin/activate
|
|
pip3 install --upgrade pip
|
|
pip3 install --upgrade setuptools wheel
|
|
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
|
|
pip3 install --upgrade matrix-synapse==$upstream_version matrix-synapse-ldap3
|
|
|
|
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does
|
|
deactivate
|
|
fi
|
|
|
|
#=================================================
|
|
# CREATE SYNAPSE CONFIG
|
|
#=================================================
|
|
ynh_script_progression --message="Creating synapse config..." --weight=3
|
|
|
|
# Go in virtualenvironnement
|
|
PS1=${PS1:-}
|
|
source $final_path/bin/activate
|
|
|
|
# Generate config
|
|
python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml
|
|
|
|
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does
|
|
deactivate
|
|
|
|
# Get random values from config
|
|
ynh_print_OFF
|
|
registration_shared_secret=$(egrep "^registration_shared_secret" homeserver.yml | cut -d'"' -f2)
|
|
form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f2)
|
|
|
|
# store in yunohost settings
|
|
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
|
|
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
|
|
ynh_print_ON
|
|
|
|
#=================================================
|
|
# SETUP SYSTEMD
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring a systemd service..." --weight=2
|
|
|
|
# Create systemd service for synapse and turnserver
|
|
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
|
|
ynh_add_systemd_config --service=matrix-$app --template=matrix-synapse.service
|
|
|
|
cp ../conf/default_coturn /etc/default/coturn-$app
|
|
ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring nginx web server..." --weight=2
|
|
|
|
ynh_add_nginx_config
|
|
|
|
#=================================================
|
|
# SET SYNAPSE CONFIG
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring synapse..." --weight=2
|
|
|
|
# Find password for turnserver and database
|
|
ynh_print_OFF
|
|
turnserver_pwd=$(ynh_string_random --length=30)
|
|
ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
|
|
ynh_print_ON
|
|
|
|
# Configure Synapse
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG (3 times)
|
|
# For any update do it in all files
|
|
|
|
homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
|
|
|
|
cp ../conf/homeserver.yaml "$homeserver_config_path"
|
|
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
|
|
|
|
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$homeserver_config_path"
|
|
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$homeserver_config_path"
|
|
ynh_replace_string --match_string=__SERVER_NAME__ --replace_string=$server_name --target_file="$homeserver_config_path"
|
|
ynh_replace_string --match_string=__SYNAPSE_DB_USER__ --replace_string=$synapse_db_user --target_file="$homeserver_config_path"
|
|
ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file="$homeserver_config_path"
|
|
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path"
|
|
ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path"
|
|
ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path"
|
|
ynh_print_OFF
|
|
ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
|
|
ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path"
|
|
ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path"
|
|
ynh_replace_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
|
|
ynh_print_ON
|
|
|
|
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml"
|
|
|
|
if [ $is_public -eq 0 ]
|
|
then
|
|
ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=False --target_file="$homeserver_config_path"
|
|
else
|
|
ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=True --target_file="$homeserver_config_path"
|
|
fi
|
|
|
|
ynh_store_file_checksum --file="$homeserver_config_path"
|
|
ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml"
|
|
|
|
|
|
# Create .well-known redirection for access by federation
|
|
if yunohost --output-as plain domain list | grep -q "^$server_name$"
|
|
then
|
|
cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
|
|
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
|
|
ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
|
|
ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
|
|
fi
|
|
|
|
#=================================================
|
|
# SET COTURN CONFIG
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring coturn..." --weight=1
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE
|
|
# For any update do it in all files
|
|
|
|
coturn_config_path="/etc/matrix-$app/coturn.conf"
|
|
|
|
cp ../conf/turnserver.conf "$coturn_config_path"
|
|
|
|
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
|
|
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
|
|
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
|
|
ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
|
|
ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
|
|
ynh_print_OFF
|
|
ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
|
|
ynh_print_ON
|
|
|
|
# Get public IP and set as external IP for coturn
|
|
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
|
|
public_ip4="$(curl ip.yunohost.org)" || true
|
|
public_ip6="$(curl ipv6.yunohost.org)" || true
|
|
|
|
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
|
|
then
|
|
ynh_replace_string --match_string='__IPV4__' --replace_string="$public_ip4" --target_file="$coturn_config_path"
|
|
else
|
|
ynh_replace_string --match_string='__IPV4__,' --replace_string="" --target_file="$coturn_config_path"
|
|
fi
|
|
|
|
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
|
|
then
|
|
ynh_replace_string --match_string='__IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config_path"
|
|
else
|
|
ynh_replace_string --match_string=',__IPV6__' --replace_string="" --target_file="$coturn_config_path"
|
|
fi
|
|
|
|
ynh_store_file_checksum --file="$coturn_config_path"
|
|
|
|
#=================================================
|
|
# SETUP LOGROTATE
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring log rotation..." --weight=2
|
|
|
|
ynh_use_logrotate --logfile "/var/log/matrix-$app"
|
|
|
|
#=================================================
|
|
# ADD SCRIPT FOR COTURN CRON
|
|
#=================================================
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE
|
|
# For any update do it in all files
|
|
|
|
cp ../sources/Coturn_config_rotate.sh $final_path/
|
|
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
|
|
|
|
#=================================================
|
|
# GENERIC FINALIZATION
|
|
#=================================================
|
|
# SETUP SSOWAT
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring SSOwat..." --weight=1
|
|
|
|
# Open access to server without a button the home
|
|
# The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls".
|
|
python3 ../conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app. For more information see here: https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
|
|
|
|
#=================================================
|
|
# UPDATE HOOKS
|
|
#=================================================
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE
|
|
# For any update do it in all files
|
|
ynh_replace_string __APP__ $app ../hooks/post_cert_update
|
|
ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update
|
|
|
|
#=================================================
|
|
# SECURE FILES AND DIRECTORIES
|
|
#=================================================
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
|
|
# For any update do it in all files
|
|
chown $synapse_user:root -R $final_path
|
|
chmod 770 $final_path/Coturn_config_rotate.sh
|
|
chown $synapse_user:root -R /var/lib/matrix-$app
|
|
chown $synapse_user:root -R /var/log/matrix-$app
|
|
chown $synapse_user:root -R /etc/matrix-$app
|
|
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
|
|
chmod 600 /etc/matrix-$app/$server_name.signing.key
|
|
setfacl -R -m user:turnserver:rX /etc/matrix-$app
|
|
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
|
|
|
|
#=================================================
|
|
# ADVERTISE SERVICE IN ADMIN PANEL
|
|
#=================================================
|
|
|
|
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log"
|
|
yunohost service add coturn-$app
|
|
|
|
#=================================================
|
|
# RELOAD SERVICES
|
|
#=================================================
|
|
ynh_script_progression --message="Restarting synapse services..." --weight=11
|
|
|
|
ynh_systemd_action --service_name=coturn-$app.service --action=restart
|
|
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
|
|
|
|
#=================================================
|
|
# SETUP FAIL2BAN
|
|
#=================================================
|
|
ynh_script_progression --message="Configuring fail2ban..." --weight=10
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE
|
|
# For any update do it in all files
|
|
|
|
ynh_add_fail2ban_config --use_template
|
|
|
|
#=================================================
|
|
# SEND A README FOR THE ADMIN
|
|
#=================================================
|
|
|
|
# WARNING : theses command are used in INSTALL, RESTORE
|
|
# For any update do it in all files
|
|
|
|
echo "If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
|
|
|
|
If not, you may need to put the following line in the dns configuration:
|
|
|
|
_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain.
|
|
|
|
For more details, see : https://github.com/matrix-org/synapse#setting-up-federation
|
|
|
|
You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done.
|
|
|
|
Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
|
|
|
|
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh
|
|
|
|
You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en" > mail_to_send
|
|
|
|
ynh_send_readme_to_admin --app_message="mail_to_send" --type="install"
|
|
|
|
#=================================================
|
|
# END OF SCRIPT
|
|
#=================================================
|
|
|
|
ynh_script_progression --message="Installation of $app completed" --last
|