mirror of
https://github.com/YunoHost-Apps/synapse_ynh.git
synced 2024-09-03 20:26:38 +02:00
261 lines
8.9 KiB
Bash
261 lines
8.9 KiB
Bash
#!/bin/bash
|
|
|
|
######## Actually we cant use common script in backup / restore script see this issue for more informations : https://dev.yunohost.org/issues/621
|
|
# # Import common cmd
|
|
# source ./_common.sh
|
|
#
|
|
|
|
######## We implement manually this fonctions
|
|
|
|
#!/bin/bash
|
|
|
|
md5sum_python_nacl="34c44f8f5100170bae3b4329ffb43087"
|
|
md5sum_python_ujson="5b65f8cb6bedef7971fdc557e09effbe"
|
|
python_nacl_version="1.0.1-2"
|
|
python_ujson_version="1.35-1"
|
|
|
|
init_script() {
|
|
# Exit on command errors and treat unset variables as an error
|
|
set -eu
|
|
|
|
# Source YunoHost helpers
|
|
source /usr/share/yunohost/helpers
|
|
|
|
# Retrieve arguments
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
CHECK_VAR "$app" "app name not set"
|
|
GET_DEBIAN_VERSION
|
|
|
|
if [ -n "$(uname -m | grep 64)" ]; then
|
|
ARCHITECTURE="amd64"
|
|
elif [ -n "$(uname -m | grep 86)" ]; then
|
|
ARCHITECTURE="386"
|
|
elif [ -n "$(uname -m | grep arm)" ]; then
|
|
ARCHITECTURE="arm"
|
|
else
|
|
ynh_die "Unable to find arch"
|
|
fi
|
|
}
|
|
|
|
install_arm_package_dep() {
|
|
|
|
wget -q -O '/tmp/python-nacl.deb' "http://ftp.ch.debian.org/debian/pool/main/p/python-nacl/python-nacl_${python_nacl_version}_armhf.deb"
|
|
wget -q -O '/tmp/python-ujson.deb' "http://ftp.ch.debian.org/debian/pool/main/u/ujson/python-ujson_${python_ujson_version}_armhf.deb"
|
|
|
|
if ([[ ! -e '/tmp/python-nacl.deb' ]] || [[ $(md5sum '/tmp/python-nacl.deb' | cut -d' ' -f1) != $md5sum_python_nacl ]]) || \
|
|
([[ ! -e '/tmp/python-ujson.deb' ]] || [[ $(md5sum '/tmp/python-ujson.deb' | cut -d' ' -f1) != $md5sum_python_ujson ]])
|
|
then
|
|
ynh_die "Error : can't get debian dependance package"
|
|
fi
|
|
|
|
sudo dpkg -i /tmp/python-nacl.deb || true
|
|
sudo dpkg -i /tmp/python-ujson.deb || true
|
|
}
|
|
|
|
GET_DEBIAN_VERSION() {
|
|
debian_version=$(sudo lsb_release -sc)
|
|
test -z $debian_version && ynh_die "Can't find debian version"
|
|
test $debian_version == 'jessie' || ynh_die "This package is not available for your debian version"
|
|
}
|
|
|
|
enable_backport_repos() {
|
|
if [[ -z "$(grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list ; grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list.d/*)" ]]
|
|
then
|
|
echo "deb $(grep -m 1 "^deb .* $debian_version .*main" /etc/apt/sources.list | cut -d ' ' -f2) $debian_version-backports main contrib non-free" | sudo tee -a "/etc/apt/sources.list"
|
|
fi
|
|
ynh_package_update
|
|
}
|
|
|
|
set_access() { # example : set_access USER FILE
|
|
user="$1"
|
|
file_to_set="$2"
|
|
while [[ 0 ]]
|
|
do
|
|
path_to_set=""
|
|
oldIFS="$IFS"
|
|
IFS="/"
|
|
for dirname in $file_to_set
|
|
do
|
|
if [[ -n "$dirname" ]]
|
|
then
|
|
sudo test -f "$path_to_set"/"$dirname" && sudo setfacl -m d:u:$user:r "$path_to_set"
|
|
|
|
path_to_set="$path_to_set/$dirname"
|
|
|
|
if $(sudo sudo -u $user test ! -r "$path_to_set")
|
|
then
|
|
sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx "$path_to_set"
|
|
sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r "$path_to_set"
|
|
fi
|
|
fi
|
|
done
|
|
IFS="$oldIFS"
|
|
|
|
if $(sudo test -L "$file_to_set")
|
|
then
|
|
if [[ -n "$(sudo readlink "$file_to_set" | grep -e "^/")" ]]
|
|
then
|
|
file_to_set=$(sudo readlink "$file_to_set") # If it is an absolute path
|
|
else
|
|
file_to_set=$(sudo realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(sudo readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path)
|
|
fi
|
|
else
|
|
break
|
|
fi
|
|
done
|
|
}
|
|
|
|
CHECK_VAR () { # Vérifie que la variable n'est pas vide.
|
|
# $1 = Variable à vérifier
|
|
# $2 = Texte à afficher en cas d'erreur
|
|
test -n "$1" || (echo "$2" >&2 && false)
|
|
}
|
|
|
|
# Ignore the yunohost-cli log to prevent errors with conditionals commands
|
|
# usage: NO_LOG COMMAND
|
|
# Simply duplicate the log, execute the yunohost command and replace the log without the result of this command
|
|
# It's a very badly hack...
|
|
# Petite copie perso à mon usage ;)
|
|
NO_LOG() {
|
|
ynh_cli_log=/var/log/yunohost/yunohost-cli.log
|
|
sudo cp -a ${ynh_cli_log} ${ynh_cli_log}-move
|
|
eval $@
|
|
exit_code=$?
|
|
sudo mv ${ynh_cli_log}-move ${ynh_cli_log}
|
|
return $?
|
|
}
|
|
|
|
CHECK_PATH () { # Vérifie la présence du / en début de path. Et son absence à la fin.
|
|
if [ "${path:0:1}" != "/" ]; then # Si le premier caractère n'est pas un /
|
|
path="/$path" # Ajoute un / en début de path
|
|
fi
|
|
if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # Si le dernier caractère est un / et que ce n'est pas le seul caractère.
|
|
path="${path:0:${#path}-1}" # Supprime le dernier caractère
|
|
fi
|
|
}
|
|
|
|
CHECK_DOMAINPATH () { # Vérifie la disponibilité du path et du domaine.
|
|
sudo yunohost app checkurl $domain$path -a $app
|
|
}
|
|
|
|
CHECK_FINALPATH () { # Vérifie que le dossier de destination n'est pas déjà utilisé.
|
|
final_path=/var/www/$app
|
|
if [ -e "$final_path" ]
|
|
then
|
|
echo "This path already contains a folder" >&2
|
|
false
|
|
fi
|
|
}
|
|
|
|
FIND_PORT () { # Cherche un port libre.
|
|
# $1 = Numéro de port pour débuter la recherche.
|
|
port=$1
|
|
while ! sudo yunohost app checkport $port ; do
|
|
port=$((port+1))
|
|
done
|
|
CHECK_VAR "$port" "port empty"
|
|
}
|
|
|
|
|
|
### REMOVE SCRIPT
|
|
|
|
REMOVE_NGINX_CONF () { # Suppression de la configuration nginx
|
|
if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then # Delete nginx config
|
|
echo "Delete nginx config"
|
|
sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf"
|
|
sudo service nginx reload
|
|
fi
|
|
}
|
|
|
|
REMOVE_LOGROTATE_CONF () { # Suppression de la configuration de logrotate
|
|
if [ -e "/etc/logrotate.d/$app" ]; then
|
|
echo "Delete logrotate config"
|
|
sudo rm "/etc/logrotate.d/$app"
|
|
fi
|
|
}
|
|
|
|
######## End of common fonctions
|
|
|
|
# Init script
|
|
init_script
|
|
|
|
# Retrieve arguments
|
|
domain=$(ynh_app_setting_get $app domain)
|
|
synapse_port=$(ynh_app_setting_get $app synapse_port)
|
|
synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
|
|
turnserver_port=$(ynh_app_setting_get $app turnserver_port)
|
|
turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
|
|
|
|
# Restore Nginx
|
|
conf=/etc/nginx/conf.d/$domain.d/$app.conf
|
|
if [ -f $conf ]; then
|
|
ynh_die "There is already a nginx conf file at this path: $conf"
|
|
fi
|
|
sudo cp -a ./nginx.conf "/etc/nginx/conf.d/${domain}.d/${app}.conf"
|
|
|
|
# Make dh cert for synapse if it not exist
|
|
test ! -e /etc/yunohost/certs/$domain/dh.pem && sudo openssl dhparam -out /etc/yunohost/certs/$domain/dh.pem 2048 > /dev/null
|
|
|
|
# Get Matrix key repos
|
|
wget -q -O '/tmp/matrix-repo-key.asc' "https://matrix.org/packages/debian/repo-key.asc"
|
|
sudo apt-key add "/tmp/matrix-repo-key.asc"
|
|
|
|
echo "matrix-synapse matrix-synapse/server-name select $domain" | sudo debconf-set-selections # Configure dpkg for no questions
|
|
echo "matrix-synapse matrix-synapse/report-stats select false" | sudo debconf-set-selections # Configure dpkg for no questions
|
|
|
|
# Install coturn (the turn server)
|
|
ynh_package_install coturn
|
|
|
|
# Enable debian-backports repos
|
|
enable_backport_repos
|
|
|
|
# Enable Synapse repos
|
|
if [[ -n "$(uname -m | grep arm)" ]]
|
|
then
|
|
# Use special conf for arm arch because some binary are not available in jessie backport or in matrix repos
|
|
install_arm_package_dep
|
|
ynh_package_install -t $debian_version-backports -f
|
|
echo "deb [arch=i386] http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list"
|
|
ynh_package_update
|
|
else
|
|
echo "deb http://matrix.org/packages/debian/ $debian_version main" | sudo tee -a "/etc/apt/sources.list.d/matrix.list"
|
|
ynh_package_update
|
|
fi
|
|
|
|
# Install synapse package
|
|
# We neet to install python-cryptography to Solve a python error about dependance (from cryptography.hazmat.primitives.asymmetric.utils)
|
|
ynh_package_install -t $debian_version-backports matrix-synapse python-matrix-synapse-ldap3 python-cryptography
|
|
|
|
# Restaure la configuration de logrotate
|
|
sudo cp -a ./logrotate /etc/logrotate.d/$app
|
|
|
|
# Restore synapse config
|
|
sudo cp -a ./synapse_config/. "/etc/matrix-synapse/."
|
|
|
|
# Restore coturn server
|
|
sudo cp -a ./coturn_config "/etc/turnserver.conf"
|
|
sudo cp -a ./coturn_config_default "/etc/default/coturn"
|
|
|
|
# Restore synapse database
|
|
sudo cp -a ./data/. "/var/lib/matrix-synapse/."
|
|
|
|
# Configure access for certificates
|
|
set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
|
|
set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
|
|
set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
|
|
|
|
set_access turnserver /etc/yunohost/certs/$domain/crt.pem
|
|
set_access turnserver /etc/yunohost/certs/$domain/key.pem
|
|
set_access turnserver /etc/yunohost/certs/$domain/dh.pem
|
|
|
|
# Ouvre le port dans le firewall
|
|
sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
|
|
sudo yunohost firewall allow --no-upnp Both $turnserver_tls_port > /dev/null 2>&1
|
|
|
|
# Régénère la configuration de SSOwat
|
|
sudo yunohost app ssowatconf
|
|
|
|
# Reload webserver
|
|
sudo service nginx reload
|
|
sudo service matrix-synapse restart
|
|
sudo service coturn restart
|