mirror of
https://github.com/YunoHost-Apps/synapse_ynh.git
synced 2024-09-03 20:26:38 +02:00
e53b469ff1
When generating the domain list for the option `sso/client_whitelist`, the line break is taken into account to create a real list of URLs.
165 lines
7.4 KiB
Bash
165 lines
7.4 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source /usr/share/yunohost/helpers
|
|
|
|
# Stop script if errors
|
|
ynh_abort_if_errors
|
|
|
|
# Import common fonctions
|
|
source ./experimental_helper.sh
|
|
source ./_common.sh
|
|
|
|
#=================================================
|
|
# RETRIEVE ARGUMENTS
|
|
#=================================================
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
report_stats=$(ynh_app_setting_get --app $app --key report_stats)
|
|
allow_public_rooms=$(ynh_app_setting_get --app=$app --key=allow_public_rooms)
|
|
disable_backup_before_upgrade=$(ynh_app_setting_get --app $app --key disable_backup_before_upgrade)
|
|
is_free_registration=$(ynh_app_setting_get --app $app --key is_free_registration)
|
|
jitsi_server=$(ynh_app_setting_get --app=$app --key=jitsi_server)
|
|
e2e_enabled_by_default=$(ynh_app_setting_get --app=$app --key=e2e_enabled_by_default)
|
|
synapse_user_app_pwd=$(ynh_app_setting_get --app=$app --key=synapse_user_app_pwd)
|
|
domain_whitelist_client_=$(get_domain_list)
|
|
domain_whitelist_client=${domain_whitelist_client_%"\n"}
|
|
main_domain=$(yunohost domain list --output-as json | jq -r .main)
|
|
|
|
#=================================================
|
|
# SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND
|
|
#=================================================
|
|
|
|
show_config() {
|
|
# here you are supposed to read some config file/database/other then print the values
|
|
# ynh_return "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value"
|
|
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS=$report_stats"
|
|
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS=$allow_public_rooms"
|
|
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER=$jitsi_server"
|
|
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_FREE_REGISTRATION=${is_free_registration}"
|
|
ynh_return "YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT=${e2e_enabled_by_default}"
|
|
|
|
if [[ ${disable_backup_before_upgrade:-0} -eq 1 ]]
|
|
then
|
|
ynh_return "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=0"
|
|
else
|
|
ynh_return "YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE=1"
|
|
fi
|
|
}
|
|
|
|
#=================================================
|
|
# MODIFY THE CONFIGURATION
|
|
#=================================================
|
|
|
|
apply_config() {
|
|
report_stats=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_SERVER_STATISTICS:-$report_stats}
|
|
allow_public_rooms=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_ALLOW_PUBLIC_ROOMS:-$allow_public_rooms}
|
|
do_backup_before_upgrade=${YNH_CONFIG_PACKAGE_CONFIG_PACKAGE_CONFIG_BACKUP_BEFORE_UPGRADE:-}
|
|
is_free_registration=${YNH_CONFIG_SYNAPSE_CONFIG_SERVER_CONFIG_IS_FREE_REGISTRATION:-$is_free_registration}
|
|
jitsi_server=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_JITSI_SERVER:-$jitsi_server}
|
|
e2e_enabled_by_default=${YNH_CONFIG_SYNAPSE_CONFIG_CLIENT_CONFIG_E2E_ENABLED_BY_DEFAULT:-$e2e_enabled_by_default}
|
|
|
|
if [ $report_stats == 1 ]; then
|
|
report_stats=true
|
|
fi
|
|
if [ $report_stats == 0 ]; then
|
|
report_stats=false
|
|
fi
|
|
if [ $allow_public_rooms == 1 ]; then
|
|
allow_public_rooms=true
|
|
fi
|
|
if [ $allow_public_rooms == 0 ]; then
|
|
allow_public_rooms=false
|
|
fi
|
|
if [ $e2e_enabled_by_default == 1 ]; then
|
|
e2e_enabled_by_default=true
|
|
fi
|
|
if [ $e2e_enabled_by_default == 0 ]; then
|
|
e2e_enabled_by_default=false
|
|
fi
|
|
|
|
ynh_app_setting_set --app $app --key report_stats --value $report_stats
|
|
ynh_app_setting_set --app $app --key allow_public_rooms --value $allow_public_rooms
|
|
ynh_app_setting_set --app $app --key is_free_registration --value $is_free_registration
|
|
ynh_app_setting_set --app $app --key jitsi_server --value $jitsi_server
|
|
ynh_app_setting_set --app=$app --key=e2e_enabled_by_default --value=$e2e_enabled_by_default
|
|
|
|
if [[ -n $do_backup_before_upgrade ]]; then
|
|
if [ $do_backup_before_upgrade -eq 1 ]; then
|
|
ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 0
|
|
else
|
|
ynh_app_setting_set --app $app --key disable_backup_before_upgrade --value 1
|
|
fi
|
|
fi
|
|
|
|
domain=$(ynh_app_setting_get --app $app --key domain)
|
|
server_name=$(ynh_app_setting_get --app $app --key server_name)
|
|
synapse_db_pwd=$(ynh_app_setting_get --app $app --key synapse_db_pwd)
|
|
is_free_registration=$(ynh_app_setting_get --app $app --key is_free_registration)
|
|
port=$(ynh_app_setting_get --app $app --key synapse_port)
|
|
synapse_tls_port=$(ynh_app_setting_get --app $app --key synapse_tls_port)
|
|
turnserver_tls_port=$(ynh_app_setting_get --app $app --key turnserver_tls_port)
|
|
turnserver_pwd=$(ynh_app_setting_get --app $app --key turnserver_pwd)
|
|
registration_shared_secret=$(ynh_app_setting_get --app $app --key registration_shared_secret)
|
|
form_secret=$(ynh_app_setting_get --app $app --key form_secret)
|
|
macaroon_secret_key=$(ynh_app_setting_get --app=$app --key=macaroon_secret_key)
|
|
|
|
synapse_user="matrix-$app"
|
|
synapse_db_name="matrix_$app"
|
|
synapse_db_user="matrix_$app"
|
|
|
|
# Configure Synapse
|
|
|
|
# WARNING : theses command are used in INSTALL, UPGRADE, CONFIG, CHANGE-URL (4 times)
|
|
# For any update do it in all files
|
|
|
|
if [ -z $macaroon_secret_key ]; then
|
|
# Well, in this package this value was not managed because it was not needed, synapse is able to generate this with some other secret in the config file but after some vulnerability was found with this practice.
|
|
# For more detail about this issue you can see : https://matrix.org/blog/2019/01/15/further-details-on-critical-security-update-in-synapse-affecting-all-versions-prior-to-0-34-1-cve-2019-5885/
|
|
# The problem is that we can't just say generate a new value if the package has not already defined a value. The reason is that changing this value logout all user. And in case of a user has enabled the encryption, the user might lost all conversation !!
|
|
# So for the old install we just leave this as it is. And for the new install we use a real macaroon.
|
|
macaroon_secret_key_param='# macaroon_secret_key: ""'
|
|
else
|
|
macaroon_secret_key_param='macaroon_secret_key: "'$macaroon_secret_key'"'
|
|
fi
|
|
|
|
if [ $is_free_registration -eq 0 ]
|
|
then
|
|
allowed_access=False
|
|
sso_enabled=True
|
|
else
|
|
allowed_access=True
|
|
sso_enabled=False
|
|
fi
|
|
|
|
ynh_replace_string __DOMAIN_WHITELIST_CLIENT__ "$domain_whitelist_client" $YNH_APP_BASEDIR/conf/homeserver.yaml
|
|
ynh_add_config --template="homeserver.yaml" --destination="/etc/matrix-$app/homeserver.yaml"
|
|
ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml"
|
|
|
|
# Create .well-known redirection for access by federation
|
|
if yunohost --output-as plain domain list | grep -q "^$server_name$"
|
|
then
|
|
ynh_add_config --template="server_name.conf" --destination="/etc/nginx/conf.d/${server_name}.d/${app}_server_name.conf"
|
|
fi
|
|
|
|
ynh_store_file_checksum --file "$homeserver_config_path"
|
|
setfacl -R -m user:turnserver:rX /etc/matrix-$app
|
|
|
|
systemctl restart matrix-$app
|
|
systemctl reload nginx
|
|
}
|
|
|
|
#=================================================
|
|
# GENERIC FINALIZATION
|
|
#=================================================
|
|
# SELECT THE ACTION FOLLOWING THE GIVEN ARGUMENT
|
|
#=================================================
|
|
case $1 in
|
|
show) show_config;;
|
|
apply) apply_config;;
|
|
esac
|