From 51ab10094e6979fd8dd4ec6329fad8aaba6d5d8c Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Fri, 30 Dec 2016 23:16:21 +0000
Subject: [PATCH] Handle onion only installs of matrix

---
 src/freedombone-app-matrix | 18 ++++++++++++++++++
 src/freedombone-utils-turn |  7 +++++--
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/src/freedombone-app-matrix b/src/freedombone-app-matrix
index 067fd15f..bf3f448f 100755
--- a/src/freedombone-app-matrix
+++ b/src/freedombone-app-matrix
@@ -59,6 +59,19 @@ function matrix_nginx {
         proxy_buffering on; \
     }'
 
+    if [[ $ONION_ONLY != 'no' ]]; then
+        matrix_proxy_str=' \
+    location /matrix { \
+        proxy_pass http://localhost:8448; \
+        proxy_buffering on; \
+    }'
+        turn_proxy_str=' \
+    location /turn { \
+        proxy_pass http://localhost:3478; \
+        proxy_buffering on; \
+    }'
+    fi
+
     if [ ! -f /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME} ]; then
         matrix_nginx_site=/etc/nginx/sites-available/$DEFAULT_DOMAIN_NAME
         if [[ $ONION_ONLY == "no" ]]; then
@@ -450,6 +463,7 @@ function install_matrix {
     groupadd matrix
     useradd -c "Matrix system account" -d $MATRIX_DATA_DIR -m -r -g matrix matrix
 
+    chmod -R 700 /var/lib/matrix/homeserver.yaml
     chown -R matrix:matrix /etc/matrix
     chown -R matrix:matrix $MATRIX_DATA_DIR
 
@@ -471,6 +485,10 @@ function install_matrix {
     systemctl daemon-reload
     systemctl start matrix
 
+    if [ -f /var/lib/matrix/homeserver.db ]; then
+        chmod -R 700 /var/lib/matrix/homeserver.db
+    fi
+
     update_default_domain
 
     firewall_add matrix ${MATRIX_PORT}
diff --git a/src/freedombone-utils-turn b/src/freedombone-utils-turn
index 97a31f39..14c61a1a 100755
--- a/src/freedombone-utils-turn
+++ b/src/freedombone-utils-turn
@@ -38,8 +38,10 @@ function generate_turn_key {
     echo "use-auth-secret" >> "${filepath}"
     echo "static-auth-secret=${turnkey}" >> "${filepath}"
     echo "realm=turn.${DEFAULT_DOMAIN_NAME}" >> "${filepath}"
-    echo "cert=$MATRIX_DATA_DIR/${DEFAULT_DOMAIN_NAME}.tls.crt" >> "${filepath}"
-    echo "pkey=$MATRIX_DATA_DIR/${DEFAULT_DOMAIN_NAME}.tls.key" >> "${filepath}"
+    if [[ $ONION_ONLY == 'no' ]]; then
+        echo "cert=$MATRIX_DATA_DIR/${DEFAULT_DOMAIN_NAME}.tls.crt" >> "${filepath}"
+        echo "pkey=$MATRIX_DATA_DIR/${DEFAULT_DOMAIN_NAME}.tls.key" >> "${filepath}"
+    fi
 }
 
 function remove_turn {
@@ -84,6 +86,7 @@ function install_turn {
     turnkey="$(create_password 30)"
     generate_turn_key $turnkey /var/lib/turn/turnserver.conf
 
+    chmod -R 700 /var/lib/turn/turnserver.conf
     chown -R matrix:matrix /var/lib/turn
 
     echo '[Unit]' > /etc/systemd/system/turn.service