1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/synapse_ynh.git synced 2024-09-03 20:26:38 +02:00
synapse_ynh/scripts/install
Thatoo 663ae2c352 well-known support (#136)
* Update README.md

* Update manifest.json

* a

* Delete a

* avoid boolean for public but ask a clear choice Yes/No

* Update check_process

Add server_name="domain2.tld"    (DOMAIN)

* .well-known

DNS conf become optionnal with .well-known edition

* .well-known redirection for access by federation

Create .well-known redirection for access by federation

* .well-known redirection for access by federation

If not existing, create .well-known redirection for access by federation

* Update README.md

back to 0.99.5.2

* back to 0.99.5.2

* back to 0.99.5.2

* back to 0.99.5.2

* Update install

* Update upgrade

* Update install

* Update upgrade

* Update install

* Update upgrade

* Update .well-known redirection

for access by federation and applications like Riot.im

* Update .well-known redirection

for access by federation and applications like Riot.im

* update to 1.1.0

* update to 1.1.0

* update to 1.1.0

* update to 1.1.0

* update to 1.1.0

* update to 1.1.0

* Update install

* Update upgrade

* Update to 1.2.1

* Update to 1.2.1

* Update to 1.2.1

* Back to v1.1.0

* Back to v1.1.0

* Back to v1.1.0

* Update to v1.2.1

* Update to v1.2.1

* Update to v1.2.1

* Important update of upgrade script

ynh_replace_string __SERVER_NAME__ $server_name "$homeserver_config_path" was missing

* Back to v1.1.0

* Back to v1.1.0

* Back to v1.1.0

* Fix typo for ipv6 validation

* Upgrade to v1.2.1

* Upgrade to v1.2.1

* Upgrade to v1.2.1

* remove server_name's nginx conf

remove /etc/nginx/conf.d/${server_name}.d/server_name.conf

* Create server_name.conf

To allow the automatic well-known system for server-name detection instead of DNS record

* Update install

In
# Create .well-known redirection for access by federation
change
  cat > /etc/nginx/conf.d/${server_name}.d/server_name.conf <<EOF
    location /.well-known/matrix/ {
        return 200 '{"m.server": "$domain", "m.homeserver": "https://$domain"}';
        add_header Content-Type application/json;
        add_header Access-Control-Allow-Origin '*';
        }
EOF
to 
cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/server_name.conf
after creation of ../conf/server_name.conf file.

* Update upgrade

In
# Create .well-known redirection for access by federation if it doesn't exist
change
  cat > /etc/nginx/conf.d/${server_name}.d/server_name.conf <<EOF
    location /.well-known/matrix/ {
        return 200 '{"m.server": "$domain", "m.homeserver": "https://$domain"}';
        add_header Content-Type application/json;
        add_header Access-Control-Allow-Origin '*';
        }
EOF
to
cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/server_name.conf

* backup well.known server_name nginx cond

add
ynh_backup "/etc/nginx/conf.d/${server_name}.d/server_name.conf"

* Backup well.known server-name nging conf

add
server_name=$(ynh_app_setting_get $app server_name) 
to make
ynh_backup "/etc/nginx/conf.d/${server_name}.d/server_name.conf"
understood

* Update backup

* Update scripts/install

Co-Authored-By: Josue-T <josue@tille.ch>

* Update install

* Update README.md

Co-Authored-By: Josue-T <josue@tille.ch>

* Update scripts/upgrade

Co-Authored-By: Josue-T <josue@tille.ch>

* Update conf/server_name.conf

Co-Authored-By: Josue-T <josue@tille.ch>

* move .well-known redirection to config section

move #Create .well-known redirection for access by federation to end of config section

* move .well-known redirection to config section 

move #Create .well-known redirection to the end of config section and Indentation

* add checksum management for server_name.conf

add checksum management for server_name.conf with the helper ynh_store_file_checksum

* add checksum management for server_name.conf

add checksum management for server_name.conf with the helper ynh_store_file_checksum

* replace __SERVER_NAME__

* replace __SERVER_NAME__

* delete a blank line

* Update upgrade

* Update install

* Update check_process

Co-Authored-By: Josue-T <josue@tille.ch>

* Update conf/server_name.conf

Co-Authored-By: Josue-T <josue@tille.ch>

* remove blank line

* ynh_store_file_checksum after cp inside if block

* change order checksum and cp

change order to ynh_backup_if_checksum_is_different then cp then ynh_store_file_checksum

* Update install

* Update upgrade

* Update backup

* Update backup

* Update scripts/backup

Co-Authored-By: Josue-T <josue@tille.ch>

* Update scripts/install

Co-Authored-By: Josue-T <josue@tille.ch>

* Update scripts/install

Co-Authored-By: Josue-T <josue@tille.ch>

* Update scripts/install

Co-Authored-By: Josue-T <josue@tille.ch>

* Update install

* Update remove

* Update upgrade
2019-12-01 22:18:56 +01:00

455 lines
20 KiB
Bash

#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source experimental_helper.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
# Clean installation remainings that are not handled by the remove script.
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
is_public=$YNH_APP_ARG_IS_PUBLIC
app=$YNH_APP_INSTANCE_NAME
#=================================================
# SET CONSTANTS
#=================================================
synapse_user="matrix-$app"
synapse_db_name="matrix_$app"
synapse_db_user="matrix_$app"
upstream_version=$(ynh_app_upstream_version)
report_stats="False"
default_domain_value="Same than the domain"
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
server_name=$YNH_APP_ARG_SERVER_NAME
is_public=$YNH_APP_ARG_IS_PUBLIC
path_url="/_matrix"
final_path="/opt/yunohost/matrix-$app"
if [[ "$server_name" == "$default_domain_value" ]]; then
server_name=$domain
fi
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=2
[ $(ynh_webpath_available --domain=$domain --path_url=$path_url) == "True" ] || ynh_die --message="$domain is not available as domain, please use an other domain."
test ! -e "/etc/nginx/conf.d/$domain.d/synapse*.conf" || ynh_die --message="$domain is not available as domain, please use an other domain."
# Check Final Path availability
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..." --weight=1
# For the domain and the path we can't use the standard keys "domain" and "path" with the standard function ynh_webpath_register because it create automatically a button on the user pannel.
# The idea is to create a custom key (specia_domain and special_path instead of domain and key).
# By this the ssowatconf fonction don't create a button on the pannel.
# This hack solve the issue : https://github.com/YunoHost-Apps/synapse_ynh/issues/14
ynh_app_setting_set --app=$app --key=special_domain --value=$domain
ynh_app_setting_set --app=$app --key=special_path --value=$path_url
ynh_app_setting_set --app=$app --key=server_name --value=$server_name
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
ynh_app_setting_set --app=$app --key=synapse_version --value=$upstream_version
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=report_stats --value=$report_stats
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Configuring firewall..." --weight=19
# Find a free port
synapse_tls_port=$(ynh_find_port --port=8448)
port=$(ynh_find_port --port=8008)
turnserver_tls_port=$(ynh_find_port --port=5349)
turnserver_alt_tls_port=$(ynh_find_port --port=$((turnserver_tls_port+1)))
cli_port=$(ynh_find_port --port=5766)
# Open this port
ynh_exec_warn_less yunohost firewall allow TCP $synapse_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_tls_port
ynh_exec_warn_less yunohost firewall allow Both $turnserver_alt_tls_port
# Store opened ports
ynh_app_setting_set --app=$app --key=synapse_port --value=$port
ynh_app_setting_set --app=$app --key=synapse_tls_port --value=$synapse_tls_port
ynh_app_setting_set --app=$app --key=turnserver_tls_port --value=$turnserver_tls_port
ynh_app_setting_set --app=$app --key=turnserver_alt_tls_port --value=$turnserver_alt_tls_port
ynh_app_setting_set --app=$app --key=cli_port --value=$cli_port
#=================================================
# CREATE A DH FILE
#=================================================
ynh_script_progression --message="Creating a dh file..." --weight=3
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
# Make dh cert for synapse if it doesn't exist
if [ ! -e /etc/ssl/private/dh2048.pem ]
then
ynh_exec_warn_less openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 -dsaparam
chown root:ssl-cert /etc/ssl/private/dh2048.pem
chmod 640 /etc/ssl/private/dh2048.pem
fi
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=80
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
ynh_install_app_dependencies $dependances
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=3
ynh_system_user_create --username=$synapse_user --home_dir=/var/lib/matrix-$app
adduser $synapse_user ssl-cert
adduser turnserver ssl-cert
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Creating a PostgreSQL database..." --weight=4
ynh_print_OFF
synapse_db_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=synapse_db_pwd --value=$synapse_db_pwd
ynh_print_ON
# Create postgresql database
ynh_psql_test_if_first_run
ynh_print_OFF
ynh_psql_create_user $synapse_db_user $synapse_db_pwd
ynh_print_ON
ynh_psql_execute_as_root \
--sql="CREATE DATABASE $synapse_db_name ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER $synapse_db_user;"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=50
# Create empty dir for synapse
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
mkdir -p /var/lib/matrix-$app
mkdir -p /var/log/matrix-$app
mkdir -p /etc/matrix-$app/conf.d
mkdir -p $final_path
# Install synapse in virtualenv
# WARNING : theses command are used in INSTALL, UPGRADE (2 times)
# For any update do it in all files
if [ -n "$(uname -m | grep arm)" ]
then
ynh_setup_source --dest_dir=$final_path/ --source_id="armv7_$(lsb_release --codename --short)"
else
# Install virtualenv if it don't exist
test -e $final_path/bin/python3 || python3 -m venv $final_path
# Install synapse in virtualenv
cp ../conf/virtualenv_activate $final_path/bin/activate
ynh_replace_string --match_string=__FINAL_PATH__ --replace_string=$final_path --target_file=$final_path/bin/activate
# We set all necessary environement variable to create a python virtualenvironnement.
source $final_path/bin/activate
pip3 install --upgrade pip
pip3 install --upgrade setuptools wheel
pip3 install --upgrade cffi ndg-httpsclient psycopg2 lxml jinja2
pip3 install --upgrade matrix-synapse==$upstream_version matrix-synapse-ldap3
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does
deactivate
fi
#=================================================
# CREATE SYNAPSE CONFIG
#=================================================
ynh_script_progression --message="Creating synapse config..." --weight=3
# Go in virtualenvironnement
PS1=${PS1:-}
source $final_path/bin/activate
# Generate config
python -m synapse.app.homeserver --keys-directory /etc/matrix-$app/ --generate-config --generate-keys --server-name $server_name --report-stats=no -c homeserver.yml
# This function was defined when we called "source $final_path/bin/activate". With this function we undo what "$final_path/bin/activate" does
deactivate
# Get random values from config
ynh_print_OFF
registration_shared_secret=$(egrep "^registration_shared_secret" homeserver.yml | cut -d'"' -f2)
form_secret=$(egrep "^form_secret" homeserver.yml | cut -d'"' -f2)
# store in yunohost settings
ynh_app_setting_set --app=$app --key=registration_shared_secret --value="$registration_shared_secret"
ynh_app_setting_set --app=$app --key=form_secret --value="$form_secret"
ynh_print_ON
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Configuring a systemd service..." --weight=2
# Create systemd service for synapse and turnserver
cp ../conf/default_matrix-synapse /etc/default/matrix-$app
ynh_add_systemd_config --service=matrix-$app --template=matrix-synapse.service
cp ../conf/default_coturn /etc/default/coturn-$app
ynh_add_systemd_config --service=coturn-$app --template=coturn-synapse.service
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring nginx web server..." --weight=2
ynh_add_nginx_config
#=================================================
# SET SYNAPSE CONFIG
#=================================================
ynh_script_progression --message="Configuring synapse..." --weight=2
# Find password for turnserver and database
ynh_print_OFF
turnserver_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=turnserver_pwd --value=$turnserver_pwd
ynh_print_ON
# Configure Synapse
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG (3 times)
# For any update do it in all files
homeserver_config_path="/etc/matrix-$app/homeserver.yaml"
cp ../conf/homeserver.yaml "$homeserver_config_path"
cp ../conf/log.yaml /etc/matrix-$app/log.yaml
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__SERVER_NAME__ --replace_string=$server_name --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__SYNAPSE_DB_USER__ --replace_string=$synapse_db_user --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__PORT__ --replace_string=$port --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$synapse_tls_port --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__TURNSERVER_TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__REPORT_STATS__ --replace_string="$report_stats" --target_file="$homeserver_config_path"
ynh_print_OFF
ynh_replace_string --match_string=__SYNAPSE_DB_PWD__ --replace_string=$synapse_db_pwd --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$homeserver_config_path"
ynh_replace_special_string --match_string=__REGISTRATION_SECRET__ --replace_string="$registration_shared_secret" --target_file="$homeserver_config_path"
ynh_replace_string --match_string=__FORM_SECRET__ --replace_string="$form_secret" --target_file="$homeserver_config_path"
ynh_print_ON
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="/etc/matrix-$app/log.yaml"
if [ $is_public -eq 0 ]
then
ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=False --target_file="$homeserver_config_path"
else
ynh_replace_string --match_string=__ALLOWED_ACCESS__ --replace_string=True --target_file="$homeserver_config_path"
fi
ynh_store_file_checksum --file="$homeserver_config_path"
ynh_store_file_checksum --file="/etc/matrix-$app/log.yaml"
# Create .well-known redirection for access by federation
if yunohost --output-as plain domain list | grep -q "^$server_name$"
then
cp ../conf/server_name.conf /etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
ynh_replace_string --match_string=__PORT__ --replace_string=$synapse_tls_port --target_file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
ynh_store_file_checksum --file="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
fi
#=================================================
# SET COTURN CONFIG
#=================================================
ynh_script_progression --message="Configuring coturn..." --weight=1
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
coturn_config_path="/etc/matrix-$app/coturn.conf"
cp ../conf/turnserver.conf "$coturn_config_path"
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$coturn_config_path"
ynh_replace_string --match_string=__DOMAIN__ --replace_string=$domain --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_PORT__ --replace_string=$turnserver_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__TLS_ALT_PORT__ --replace_string=$turnserver_alt_tls_port --target_file="$coturn_config_path"
ynh_replace_string --match_string=__CLI_PORT__ --replace_string=$cli_port --target_file="$coturn_config_path"
ynh_print_OFF
ynh_replace_string --match_string=__TURNPWD__ --replace_string=$turnserver_pwd --target_file="$coturn_config_path"
ynh_print_ON
# Get public IP and set as external IP for coturn
# note : '|| true' is used to ignore the errors if we can't get the public ipv4 or ipv6
public_ip4="$(curl ip.yunohost.org)" || true
public_ip6="$(curl ipv6.yunohost.org)" || true
if [ -n "$public_ip4" ] && ynh_validate_ip4 --ip_address="$public_ip4"
then
ynh_replace_string --match_string='__IPV4__' --replace_string="$public_ip4" --target_file="$coturn_config_path"
else
ynh_replace_string --match_string='__IPV4__,' --replace_string="" --target_file="$coturn_config_path"
fi
if [ -n "$public_ip6" ] && ynh_validate_ip6 --ip_address="$public_ip6"
then
ynh_replace_string --match_string='__IPV6__' --replace_string="$public_ip6" --target_file="$coturn_config_path"
else
ynh_replace_string --match_string=',__IPV6__' --replace_string="" --target_file="$coturn_config_path"
fi
ynh_store_file_checksum --file="$coturn_config_path"
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..." --weight=2
ynh_use_logrotate --logfile "/var/log/matrix-$app"
#=================================================
# ADD SCRIPT FOR COTURN CRON
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
cp ../sources/Coturn_config_rotate.sh $final_path/
ynh_replace_string --match_string=__APP__ --replace_string=$app --target_file="$final_path/Coturn_config_rotate.sh"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring SSOwat..." --weight=1
# Open access to server without a button the home
# The script "add_sso_conf.py" will just add en entry for the path "/_matrix" in the sso conf.json.persistent file in the cathegory "skipped_urls".
python3 ../conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app. For more information see here: https://github.com/YunoHost-Apps/synapse_ynh/issues/32"
#=================================================
# UPDATE HOOKS
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
ynh_replace_string __APP__ $app ../hooks/post_cert_update
ynh_replace_string __DOMAIN__ $domain ../hooks/post_cert_update
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
# WARNING : theses command are used in INSTALL, UPGRADE, RESTORE
# For any update do it in all files
chown $synapse_user:root -R $final_path
chmod 770 $final_path/Coturn_config_rotate.sh
chown $synapse_user:root -R /var/lib/matrix-$app
chown $synapse_user:root -R /var/log/matrix-$app
chown $synapse_user:root -R /etc/matrix-$app
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
chmod 600 /etc/matrix-$app/$server_name.signing.key
setfacl -R -m user:turnserver:rX /etc/matrix-$app
setfacl -R -m user:turnserver:rwX /var/log/matrix-$app
#=================================================
# ADVERTISE SERVICE IN ADMIN PANEL
#=================================================
yunohost service add matrix-$app --log "/var/log/matrix-$app/homeserver.log"
yunohost service add coturn-$app
#=================================================
# RELOAD SERVICES
#=================================================
ynh_script_progression --message="Restarting synapse services..." --weight=11
ynh_systemd_action --service_name=coturn-$app.service --action=restart
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring fail2ban..." --weight=10
# WARNING : theses command are used in INSTALL, UPGRADE
# For any update do it in all files
ynh_add_fail2ban_config --use_template
#=================================================
# SEND A README FOR THE ADMIN
#=================================================
# WARNING : theses command are used in INSTALL, RESTORE
# For any update do it in all files
echo "If your server name is identical to the domain on which synapse is installed, and the default port 8448 is used, your server is normally already accessible by the federation.
If not, you may need to put the following line in the dns configuration:
_matrix._tcp.$domain. 3600 IN SRV 10 0 $synapse_tls_port $domain.
For more details, see : https://github.com/matrix-org/synapse#setting-up-federation
You also need to open the TCP port $synapse_tls_port on your ISP box if it's not automatically done.
Your synapse server also implements a turnserver (for VoIP), to have this fully functional please read the 'Turnserver' section in the README available here: https://github.com/YunoHost-Apps/synapse_ynh .
If you're facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/synapse_ynh
You also need a valid TLS certificate for the domain used by synapse. To do that you can refer to the documentation here : https://yunohost.org/#/certificate_en" > mail_to_send
ynh_send_readme_to_admin --app_message="mail_to_send" --type="install"
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --last