mirror of
https://github.com/YunoHost-Apps/synapse_ynh.git
synced 2024-09-03 20:26:38 +02:00
752f2d3bf6
Co-authored-by: Josué Tille <josue@tille.ch>
133 lines
5.6 KiB
Bash
133 lines
5.6 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
|
|
# IMPORT GENERIC HELPERS
|
|
source /usr/share/yunohost/helpers
|
|
|
|
# Exit if an error occurs during the execution of the script
|
|
ynh_abort_if_errors
|
|
|
|
# Import common cmd
|
|
source ./experimental_helper.sh
|
|
source ./_common.sh
|
|
|
|
ynh_script_progression --message="Loading installation settings..."
|
|
|
|
# RETRIEVE ARGUMENTS
|
|
old_domain=$YNH_APP_OLD_DOMAIN
|
|
domain=$YNH_APP_NEW_DOMAIN
|
|
path_url=$(ynh_normalize_url_path --path_url $YNH_APP_NEW_PATH)
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
|
|
server_name=$(ynh_app_setting_get --app=$app --key=server_name)
|
|
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
|
synapse_old_version=$(ynh_app_setting_get --app=$app --key=synapse_version)
|
|
jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
|
|
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
|
port=$(ynh_app_setting_get --app=$app --key=synapse_port)
|
|
synapse_tls_port=$(ynh_app_setting_get --app=$app --key=synapse_tls_port)
|
|
turnserver_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_tls_port)
|
|
turnserver_alt_tls_port=$(ynh_app_setting_get --app=$app --key=turnserver_alt_tls_port)
|
|
cli_port=$(ynh_app_setting_get --app=$app --key=cli_port)
|
|
report_stats=$(ynh_app_setting_get --app=$app --key=report_stats)
|
|
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
|
|
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
|
|
ynh_print_OFF
|
|
synapse_db_pwd=$(ynh_app_setting_get --app=$app --key=synapse_db_pwd)
|
|
turnserver_pwd=$(ynh_app_setting_get --app=$app --key=turnserver_pwd)
|
|
registration_shared_secret=$(ynh_app_setting_get --app=$app --key=registration_shared_secret)
|
|
form_secret=$(ynh_app_setting_get --app=$app --key=form_secret)
|
|
macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
|
|
ynh_print_ON
|
|
|
|
synapse_user="matrix-$app"
|
|
synapse_db_name="matrix_$app"
|
|
synapse_db_user="matrix_$app"
|
|
synapse_db_name="matrix_$app"
|
|
upstream_version=$(ynh_app_upstream_version)
|
|
|
|
# Check if the new path stay /_matrix if not exit
|
|
|
|
if [[ $path_url != "/_matrix" ]]
|
|
then
|
|
ynh_die --message "You can't use an other path than '/_matrix'. You can only change the domain."
|
|
fi
|
|
|
|
# We stop the service before to set ynh_clean_setup
|
|
ynh_systemd_action --service_name=matrix-$app.service --action=stop
|
|
|
|
#=================================================
|
|
# STANDARD MODIFICATIONS
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
|
|
ynh_script_progression --message="Updating nginx configuration..."
|
|
|
|
# MODIFY URL IN NGINX CONF
|
|
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
|
|
|
|
# Change the domain for nginx
|
|
# Delete file checksum for the old conf file location
|
|
ynh_delete_file_checksum --file "$nginx_conf_path"
|
|
mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf
|
|
# Store file checksum for the new config file location
|
|
ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf"
|
|
|
|
# Create .well-known redirection for access by federation
|
|
if yunohost --output-as plain domain list | grep -q "^$server_name$"
|
|
then
|
|
ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
|
|
fi
|
|
|
|
#=================================================
|
|
# UPDATE SYNAPSE CONFIG
|
|
#=================================================
|
|
|
|
ynh_script_progression --message="Updating synapse config..." --weight=2
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times)
|
|
# For any update do it in all files
|
|
|
|
if [ -z $macaroon_secret_key ]; then
|
|
# Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice.
|
|
# For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
|
|
# The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
|
|
# So for the old install we just leave this as it is. And for the new install we use a real macaroon.
|
|
macaroon_secret_key_param='# macaroon_secret_key: ""'
|
|
else
|
|
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
|
|
fi
|
|
|
|
if [ $is_public -eq 0 ]
|
|
then
|
|
allowed_access=False
|
|
sso_enabled=True
|
|
else
|
|
allowed_access=True
|
|
sso_enabled=False
|
|
fi
|
|
|
|
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
|
|
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
|
|
|
|
#=================================================
|
|
# SECURE FILES AND DIRECTORIES
|
|
#=================================================
|
|
|
|
# Only setting permissions for the two config files updated above
|
|
chown $synapse_user:root -R /etc/matrix-$app
|
|
chmod u=rwX,g=rX,o= -R /etc/matrix-$app
|
|
|
|
#=================================================
|
|
# RELOAD SERVICES
|
|
#=================================================
|
|
ynh_script_progression --message="Restarting synapse services..." --weight=5
|
|
|
|
ynh_systemd_action --service_name=coturn-$app.service --action=restart
|
|
ynh_systemd_action --service_name=matrix-$app --action=restart --line_match="Synapse now listening on TCP port $synapse_tls_port" --log_path="/var/log/matrix-$app/homeserver.log" --timeout=300
|
|
|
|
ynh_script_progression --message="Change of URL completed for $app" --last
|