diff --git a/src/freedombone-app-matrix b/src/freedombone-app-matrix new file mode 100755 index 00000000..cd702770 --- /dev/null +++ b/src/freedombone-app-matrix @@ -0,0 +1,394 @@ +#!/bin/bash +# +# .---. . . +# | | | +# |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. +# | | (.-' (.-' ( | ( )| | | | )( )| | (.-' +# ' ' --' --' -' - -' ' ' -' -' -' ' - --' +# +# Freedom in the Cloud +# +# matrix server +# +# https://raw.githubusercontent.com/silvio/docker-matrix +# +# License +# ======= +# +# Copyright (C) 2016 Bob Mottram +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . + +VARIANTS='' + +IN_DEFAULT_INSTALL=0 +SHOW_ON_ABOUT=1 + +MATRIX_DATA_DIR='/var/lib/matrix' +MATRIX_TURN_PORT=3478 +MATRIX_PORT=8448 +MATRIX_REPO="https://github.com/matrix-org/synapse" +MATRIX_COMMIT='f5a4001bb116c468cc5e8e0ae04a1c570e2cb171' + +matrix_variables=(ONION_ONLY + MY_USERNAME + MATRIX_PASSWORD + DEFAULT_DOMAIN_NAME) + +function matrix_generate_turn_key { + local turnkey="${1}" + local filepath="${2}" + + echo "lt-cred-mech" > "${filepath}" + echo "use-auth-secret" >> "${filepath}" + echo "static-auth-secret=${turnkey}" >> "${filepath}" + echo "realm=turn.${DEFAULT_DOMAIN_NAME}" >> "${filepath}" + echo "cert=${MATRIX_DATA_DIR}/${DEFAULT_DOMAIN_NAME}.tls.crt" >> "${filepath}" + echo "pkey=${MATRIX_DATA_DIR}/${DEFAULT_DOMAIN_NAME}.tls.key" >> "${filepath}" +} + +function matrix_generate_synapse_file { + local filepath="${1}" + + cd /etc/matrix + python -m synapse.app.homeserver \ + --config-path "${filepath}" \ + --generate-config \ + --report-stats ${REPORT_STATS} \ + --server-name ${DEFAULT_DOMAIN_NAME} +} + +function matrix_configure_homeserver_yaml { + local turnkey="${1}" + local filepath="${2}" + + local ymltemp="$(mktemp)" + + awk -v TURNURIES="turn_uris: [\"turn:${DEFAULT_DOMAIN_NAME}:${MATRIX_TURN_PORT}?transport=udp\", \"turn:${DEFAULT_DOMAIN_NAME}:${MATRIX_TURN_PORT}?transport=tcp\"]" \ + -v TURNSHAREDSECRET="turn_shared_secret: \"${turnkey}\"" \ + -v PIDFILE="pid_file: ${MATRIX_DATA_DIR}/homeserver.pid" \ + -v DATABASE="database: \"${MATRIX_DATA_DIR}/homeserver.db\"" \ + -v LOGFILE="log_file: \"${MATRIX_DATA_DIR}/homeserver.log\"" \ + -v MEDIASTORE="media_store_path: \"${MATRIX_DATA_DIR}/media_store\"" \ + '{ + sub(/turn_shared_secret: "YOUR_SHARED_SECRET"/, TURNSHAREDSECRET); + sub(/turn_uris: \[\]/, TURNURIES); + sub(/pid_file: \/homeserver.pid/, PIDFILE); + sub(${MATRIX_DATA_DIR}base: "\/homeserver.db"/, DATABASE); + sub(/log_file: "\/homeserver.log"/, LOGFILE); + sub(/media_store_path: "\/media_store"/, MEDIASTORE); + print; + }' "${filepath}" > "${ymltemp}" + + mv ${ymltemp} "${filepath}" +} + +function matrix_start { + if [ -f ${MATRIX_DATA_DIR}/turnserver.conf ]; then + echo "-=> start turn" + /usr/bin/turnserver --daemon -c ${MATRIX_DATA_DIR}/turnserver.conf + fi + + echo "-=> start riot.im client" + ( + if [ -f ${MATRIX_DATA_DIR}/vector.im.conf ] || [ -f ${MATRIX_DATA_DIR}/riot.im.conf ] ; then + echo "The riot web client is now handled via silvio/matrix-riot-docker" + fi + ) + + echo "-=> start matrix" + python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml +} + +function matrix_stop { + echo "-=> stop matrix" + echo "-=> via docker stop ..." +} + + +function matrix_diff { + echo "-=> Diff between local configfile and a fresh generated config file" + echo "-=> some values are different in technical point of view, like" + echo "-=> autogenerated secret keys etc..." + + DIFFPARAMS="${DIFFPARAMS:-Naur}" + DEFAULT_DOMAIN_NAME="${DEFAULT_DOMAIN_NAME:-demo_server_name}" + REPORT_STATS="${REPORT_STATS:-no_or_yes}" + export DEFAULT_DOMAIN_NAME REPORT_STATS + + matrix_generate_synapse_file /tmp/homeserver.synapse.yaml + diff -${DIFFPARAMS} /tmp/homeserver.synapse.yaml ${MATRIX_DATA_DIR}/homeserver.yaml + rm /tmp/homeserver.synapse.yaml +} + +function matrix_generate { + breakup="0" + [[ -z "${DEFAULT_DOMAIN_NAME}" ]] && echo "STOP! environment variable DEFAULT_DOMAIN_NAME must be set" && breakup="1" + [[ -z "${REPORT_STATS}" ]] && echo "STOP! environment variable REPORT_STATS must be set to 'no' or 'yes'" && breakup="1" + [[ "${breakup}" == "1" ]] && exit 1 + + [[ "${REPORT_STATS}" != "yes" ]] && [[ "${REPORT_STATS}" != "no" ]] && \ + echo "STOP! REPORT_STATS needs to be 'no' or 'yes'" && breakup="1" + + echo "-=> generate turn config" + turnkey=$(pwgen -s 64 1) + matrix_generate_turn_key $turnkey ${MATRIX_DATA_DIR}/turnserver.conf + + echo "-=> generate synapse config" + matrix_generate_synapse_file ${MATRIX_DATA_DIR}/homeserver.tmp + + echo "-=> configure some settings in homeserver.yaml" + matrix_configure_homeserver_yaml $turnkey ${MATRIX_DATA_DIR}/homeserver.tmp + + mv ${MATRIX_DATA_DIR}/homeserver.tmp ${MATRIX_DATA_DIR}/homeserver.yaml +} + +function remove_user_matrix { + remove_username="$1" + + ${PROJECT_NAME}-pass -u $remove_username --rmapp matrix + + # TODO +} + +function add_user_matrix { + new_username="$1" + new_user_password="$2" + + ${PROJECT_NAME}-pass -u $new_username -a matrix -p "$new_user_password" + + cd /etc/matrix + register_new_matrix_user -c ${MATRIX_DATA_DIR}/homeserver.yaml https://localhost:${MATRIX_PORT} -u "${new_username}" -p "${new_user_password}" -a + echo '0' +} + +function install_interactive_matrix { + echo -n '' + APP_INSTALLED=1 +} + +function change_password_matrix { + curr_username="$1" + new_user_password="$2" + + #${PROJECT_NAME}-pass -u "$curr_username" -a matrix -p "$new_user_password" +} + +function reconfigure_matrix { + echo -n '' +} + +function upgrade_matrix { + function_check set_repo_commit + set_repo_commit /etc/matrix "matrix commit" "$MATRIX_COMMIT" $MATRIX_REPO + + pip install --upgrade --process-dependency-links . + chown -R matrix:matrix /etc/matrix + chown -R matrix:matrix /var/lib/matrix +} + +function backup_local_matrix { + source_directory=/etc/matrix + if [ -d $source_directory ]; then + systemctl stop matrix + function_check backup_directory_to_usb + backup_directory_to_usb $source_directory matrix + source_directory=/var/lib/matrix + if [ -d $source_directory ]; then + backup_directory_to_usb $source_directory matrixdata + fi + systemctl start matrix + fi +} + +function restore_local_matrix { + if [ -d /etc/matrix ]; then + systemctl stop matrix + + temp_restore_dir=/root/tempmatrix + function_check restore_directory_from_usb + restore_directory_from_usb $temp_restore_dir matrix + cp -r $temp_restore_dir/etc/matrix/* /etc/matrix + if [ ! "$?" = "0" ]; then + function_check backup_unmount_drive + backup_unmount_drive + exit 3783 + fi + rm -rf $temp_restore_dir + chown -R matrix:matrix /etc/matrix + + temp_restore_dir=/root/tempmatrixdata + restore_directory_from_usb $temp_restore_dir matrixdata + cp -r $temp_restore_dir/var/lib/matrix/* /var/lib/matrix + if [ ! "$?" = "0" ]; then + function_check backup_unmount_drive + backup_unmount_drive + exit 78352 + fi + rm -rf $temp_restore_dir + chown -R matrix:matrix /var/lib/matrix + + systemctl start matrix + fi +} + +function backup_remote_matrix { + source_directory=/etc/matrix + if [ -d $source_directory ]; then + systemctl stop matrix + function_check backup_directory_to_friend + backup_directory_to_friend $source_directory matrix + source_directory=/var/lib/matrix + if [ -d $source_directory ]; then + backup_directory_to_friend $source_directory matrixdata + fi + systemctl start matrix + fi +} + +function restore_remote_synapse { + if [ -d /etc/matrix ]; then + systemctl stop matrix + + temp_restore_dir=/root/tempmatrix + function_check restore_directory_from_friend + restore_directory_from_friend $temp_restore_dir matrix + cp -r $temp_restore_dir/etc/matrix/* /etc/matrix + if [ ! "$?" = "0" ]; then + exit 38935 + fi + rm -rf $temp_restore_dir + chown -R matrix:matrix /etc/matrix + + temp_restore_dir=/root/tempmatrixdata + restore_directory_from_friend $temp_restore_dir matrixdata + cp -r $temp_restore_dir/var/lib/matrix/* /var/lib/matrix + if [ ! "$?" = "0" ]; then + exit 60923 + fi + rm -rf $temp_restore_dir + chown -R matrix:matrix /var/lib/matrix + + systemctl start matrix + fi +} + +function remove_matrix { + firewall_remove ${MATRIX_PORT} + firewall_remove ${MATRIX_TURN_PORT} + systemctl stop matrix + systemcrl disable matrix + if [ -f /etc/systemd/system/matrix.service ]; then + rm /etc/systemd/system/matrix.service + fi + apt-get -y remove --purge coturn + cd /etc/matrix + pip uninstall . + rm -rf $MATRIX_DATA_DIR + rm -rf /etc/matrix + deluser matrix + delgroup matrix + remove_onion_service matrix ${MATRIX_PORT} + + remove_completion_param install_matrix + sed -i '/matrix/d' $COMPLETION_FILE +} + +function install_matrix { + if [[ ${ONION_ONLY} == 'no' ]]; then + # obtain a cert for the default domain + if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then + echo $'Obtaining certificate for the main domain' + create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes' + fi + fi + + REBUILD=1 + export DEBIAN_FRONTEND=noninteractive + apt-get -yq install coreutils coturn \ + curl file gcc git libevent-2.0-5 \ + libevent-dev libffi-dev libffi6 \ + libgnutls28-dev libjpeg62-turbo \ + libjpeg62-turbo-dev libldap-2.4-2 \ + libldap2-dev libsasl2-dev \ + libsqlite3-dev libssl-dev \ + libssl1.0.0 libtool libxml2 \ + libxml2-dev libxslt1-dev libxslt1.1 \ + make pwgen python python-dev \ + python-pip python-psycopg2 \ + python-virtualenv sqlite unzip \ + zlib1g zlib1g-dev + + pip install --upgrade pip + pip install --upgrade python-ldap + pip install --upgrade lxml + + if [ ! -d /etc/matrix ]; then + function_check git_clone + git_clone $MATRIX_REPO /etc/matrix + if [ ! -d /etc/matrix ]; then + echo $'Unable to clone matrix repo' + exit 6724683 + fi + fi + + cd /etc/matrix + git checkout $MATRIX_COMMIT -b $MATRIX_COMMIT + set_completion_param "matrix commit" "$MATRIX_COMMIT" + pip install --upgrade --process-dependency-links . + if [ ! "$?" = "0" ]; then + exit 782542 + fi + + groupadd matrix + useradd -c "Matrix system account" -d /var/lib/matrix -m -r -g matrix matrix + + chown -R matrix:matrix /etc/matrix + chown -R matrix:matrix /var/lib/matrix + + echo '[Unit]' > /etc/systemd/system/matrix.service + echo 'Description=Matrix federated messaging' >> /etc/systemd/system/matrix.service + echo '' >> /etc/systemd/system/matrix.service + echo '[Service]' >> /etc/systemd/system/matrix.service + echo 'Type=simple' >> /etc/systemd/system/matrix.service + echo 'User=matrix' >> /etc/systemd/system/matrix.service + echo "WorkingDirectory=/etc/matrix" >> /etc/systemd/system/matrix.service + echo "ExecStart=/usr/bin/turnserver --daemon -c ${MATRIX_DATA_DIR}/turnserver.conf" >> /etc/systemd/system/matrix.service + echo "ExecStart=/usr/bin/python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml" >> /etc/systemd/system/matrix.service + echo 'Restart=always' >> /etc/systemd/system/matrix.service + echo 'RestartSec=10' >> /etc/systemd/system/matrix.service + echo '' >> /etc/systemd/system/matrix.service + echo '[Install]' >> /etc/systemd/system/matrix.service + echo 'WantedBy=multi-user.target' >> /etc/systemd/system/matrix.service + systemctl enable matrix + systemctl daemon-reload + systemctl start matrix + + update_default_domain + + firewall_add matrix ${MATRIX_PORT} + firewall_add matrix-turn ${MATRIX_TURN_PORT} + + MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_PORT}) + if [ ! ${MATRIX_PASSWORD} ]; then + if [ -f ${IMAGE_PASSWORD_FILE} ]; then + MATRIX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)" + else + MATRIX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})" + fi + fi + + add_user_matrix "${MY_USERNAME}" "${MATRIX_PASSWORD}" + APP_INSTALLED=1 +}