Newer
Older
# _____ _ _
# | __|___ ___ ___ _| |___ _____| |_ ___ ___ ___
# | __| _| -_| -_| . | . | | . | . | | -_|
# |__| |_| |___|___|___|___|_|_|_|___|___|_|_|___|
# Test by visiting https://$MATRIX_DOMAIN_NAME/_matrix/key/v2/server/auto
# If working then telnet $MATRIX_DOMAIN_NAME 8448 should return a response
#
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
MATRIX_DOMAIN_NAME=
MATRIX_CODE=
MATRIX_REPO="https://github.com/matrix-org/synapse"
MATRIX_COMMIT='ac6a0d72b25e69bd945a97954e72df3b43e72f9b'
MATRIX_PIP=/usr/bin/pip3
MATRIX_PYTHON=/usr/bin/python3
MATRIX_SHORT_DESCRIPTION=$'Chat system'
MATRIX_DESCRIPTION=$'Chat system'
MATRIX_MOBILE_APP_URL='https://f-droid.org/packages/im.vector.alpha'
# used to enable retries for user creation during install
matrix_is_installing=
DEFAULT_DOMAIN_NAME
MATRIX_DOMAIN_NAME
function upgrade_distro_matrix {
target_distro="$1"
if [[ "$target_distro" == 'buster' ]]; then
$INSTALL_PACKAGES libevent-2.1-6 libpq-dev
fi
}
function matrix_generate_certs_for_onion {
if [[ "$ONION_ONLY" == 'no' ]]; then
return
fi
# generate self-signed certs for onion installs
"${PROJECT_NAME}-addcert" -h matrix
cp /etc/ssl/certs/matrix* /var/lib/matrix
cp /etc/ssl/private/matrix* /var/lib/matrix
chown -R matrix:matrix /var/lib/matrix/*
sed -i 's|tls_certificate_path:.*|tls_certificate_path: "/var/lib/matrix/matrix.crt"|g' /var/lib/matrix/homeserver.yaml
sed -i 's|tls_private_key_path:.*|tls_private_key_path: "/var/lib/matrix/matrix.key"|g' /var/lib/matrix/homeserver.yaml
rm /etc/ssl/certs/matrix*
rm /etc/ssl/private/matrix*
}
function change_default_domain_name_matrix {
new_default_domain_name="$1"
homeserver_config="${MATRIX_DATA_DIR}/homeserver.yaml"
sed -i "s|$DEFAULT_DOMAIN_NAME|$new_default_domain_name|g" $homeserver_config
change_default_domain_name_turn "$new_default_domain_name"
systemctl restart matrix
}
function matrix_add_onion_federation {
if grep -q ":$MATRIX_HTTP_PORT" "/etc/torrc.d/${PROJECT_NAME}"; then
return
fi
sed -i "/:${MATRIX_ONION_PORT}/a HiddenServicePort ${MATRIX_HTTP_PORT} 127.0.0.1:${MATRIX_HTTP_PORT}" "/etc/torrc.d/${PROJECT_NAME}"
systemctl restart tor
}
function matrix_systemd_daemon {
matrix_systemd_daemon_recreate=
if [ ! -f /etc/matrix/run-matrix ]; then
matrix_systemd_daemon_recreate=1
else
if ! grep -q "$MATRIX_PYTHON " /etc/matrix/run-matrix; then
matrix_systemd_daemon_recreate=1
fi
fi
if [ ! -f /etc/systemd/system/matrix.service ]; then
matrix_systemd_daemon_recreate=1
fi
if [ ! $matrix_systemd_daemon_recreate ]; then
return
fi
{ echo '#!/bin/bash';
echo 'cd /etc/matrix || exit 1';
echo "alias python='$MATRIX_PYTHON'";
echo "$MATRIX_PYTHON -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml"; } > /etc/matrix/run-matrix
chmod +x /etc/matrix/run-matrix
{ echo '[Unit]';
echo 'Description=Synapse Matrix homeserver';
echo 'After=network.target nginx.target';
echo '';
echo '[Service]';
echo 'Type=simple';
echo 'User=matrix';
echo "WorkingDirectory=/etc/matrix";
echo 'ExecStart=/etc/matrix/run-matrix';
echo 'Restart=on-failure';
echo 'RestartSec=10';
echo 'PrivateTmp=true';
echo 'PrivateDevices=false';
echo 'NoNewPrivileges=true';
echo 'CapabilityBoundingSet=~CAP_SYS_ADMIN';
echo '';
echo '[Install]';
echo 'WantedBy=multi-user.target'; } > /etc/systemd/system/matrix.service
systemctl enable matrix
systemctl daemon-reload
}
read_config_param MY_USERNAME
read_config_param MATRIX_DOMAIN_NAME
read_config_param MATRIX_EXPIRE_MONTHS
matrix_remove_posts=/usr/bin/matrix-remove
curl_command='curl'
homebase="https://$MATRIX_DOMAIN_NAME"
if [[ "$ONION_ONLY" != 'no' ]]; then
curl_command='torsocks curl'
homebase="http://$(cat /var/lib/tor/hidden_service_matrix/hostname)"
fi
echo "cd $MATRIX_DATA_DIR || exit 1";
echo "HOMEBASE=\"$homebase\"";
echo "TOKEN=\$(sqlite3 homeserver.db \"SELECT token FROM access_tokens WHERE user_id='\$ADMIN' ORDER BY id DESC LIMIT 1;\")";
echo "TIME=\"$MATRIX_EXPIRE_MONTHS months ago\"";
echo "UNIX_TIMESTAMP=\$(date +%s%3N --date='TZ=\"UTC\" '\"$TIME\")";
echo "ROOMS=\$(sqlite3 homeserver.db \"SELECT room_id FROM rooms;\")";
echo "date --date='TZ=\"UTC\" '\"\$TIME\"";
echo "for ROOM_NAME in \$ROOMS; do";
echo " $curl_command --silent --header \"Content-Type: application/json\" --request POST --data '{\"purge_up_to_ts\":'\$UNIX_TIMESTAMP',\"delete_local_events\": true}' \$HOMEBASE':$MATRIX_HTTP_PORT/_matrix/client/r0/admin/purge_history/'\$ROOM_NAME'?access_token='\$TOKEN";
echo 'done';
echo "$curl_command --silent --request POST \$HOMEBASE':$MATRIX_HTTP_PORT/_matrix/client/r0/admin/purge_media_cache?before_ts='\$UNIX_TIMESTAMP'&access_token='\$TOKEN";
echo 'sqlite3 homeserver.db "VACUUM;"';
echo 'sqlite3 homeserver.db "PRAGMA auto_vacuum;"'; } > $matrix_remove_posts
echo '#!/bin/bash' > /etc/cron.monthly/matrix-purge
echo "$matrix_remove_posts 2> /dev/null" >> /etc/cron.monthly/matrix-purge
chmod +x /etc/cron.monthly/matrix-purge
function logging_on_matrix {
if [ -f "${MATRIX_DATA_DIR}/homeserver.yaml" ]; then
if ! grep -q "log_file: /etc/matrix/homeserver.log" "${MATRIX_DATA_DIR}/homeserver.yaml"; then
sed -i 's|log_file:.*|log_file: /etc/matrix/homeserver.log|g' "${MATRIX_DATA_DIR}/homeserver.yaml"
if ! grep -q "#log_config:" "${MATRIX_DATA_DIR}/homeserver.yaml"; then
sed -i 's|log_config:|#log_config:|g' "${MATRIX_DATA_DIR}/homeserver.yaml"
}
function logging_off_matrix {
if [ -f "${MATRIX_DATA_DIR}/homeserver.yaml" ]; then
if ! grep -q "log_file: /dev/null" "${MATRIX_DATA_DIR}/homeserver.yaml"; then
sed -i 's|log_file:.*|log_file: /dev/null|g' "${MATRIX_DATA_DIR}/homeserver.yaml"
if ! grep -q "#log_config:" "${MATRIX_DATA_DIR}/homeserver.yaml"; then
sed -i 's|log_config:|#log_config:|g' "${MATRIX_DATA_DIR}/homeserver.yaml"
fi
if [ -f /etc/matrix/homeserver.log ]; then
$REMOVE_FILES_COMMAND /etc/matrix/homeserver.log
fi
if [ -f /etc/matrix/homeserver.log.1 ]; then
$REMOVE_FILES_COMMAND /etc/matrix/homeserver.log.1
fi
if [ -f /etc/matrix/homeserver.log.2 ]; then
$REMOVE_FILES_COMMAND /etc/matrix/homeserver.log.2
fi
if [ -f /etc/matrix/homeserver.log.3 ]; then
$REMOVE_FILES_COMMAND /etc/matrix/homeserver.log.3
fi
MATRIX_ONION_HOSTNAME=$(add_onion_service matrix 80 ${MATRIX_ONION_PORT})
matrix_nginx_site=/etc/nginx/sites-available/$MATRIX_DOMAIN_NAME
if [[ $ONION_ONLY == "no" ]]; then
function_check nginx_ssl
nginx_ssl ${MATRIX_DOMAIN_NAME}
nginx_security_options "${MATRIX_DOMAIN_NAME}"
nginx_robots "${MATRIX_DOMAIN_NAME}"
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo '';
echo ' index index.html;';
echo '';
echo ' location /_matrix {'; } >> $matrix_nginx_site
nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
{ echo " proxy_pass http://localhost:${MATRIX_PORT};";
echo ' }';
echo '}';
echo '';
echo 'server {';
echo " server_name ${MATRIX_DOMAIN_NAME};";
echo '';
echo ' # Security'; } >> $matrix_nginx_site
function_check nginx_ssl
nginx_ssl ${MATRIX_DOMAIN_NAME}
function_check nginx_security_options
nginx_security_options ${MATRIX_DOMAIN_NAME}
{ echo ' add_header Strict-Transport-Security max-age=15768000;';
echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo '';
echo ' # Index';
echo ' index index.html;';
echo '';
echo ' # Location';
echo ' location /_matrix {'; } >> $matrix_nginx_site
nginx_limits ${MATRIX_DOMAIN_NAME} '15m'
{ echo " proxy_pass http://localhost:${MATRIX_PORT};";
echo ' }';
echo '}';
echo ''; } >> $matrix_nginx_site
else
echo -n '' > $matrix_nginx_site
fi
{ echo 'server {';
echo " listen 127.0.0.1:$MATRIX_ONION_PORT default_server;";
function_check nginx_security_options
nginx_security_options $MATRIX_DOMAIN_NAME
{ echo '';
echo ' # Logs';
echo ' access_log /dev/null;';
echo ' error_log /dev/null;';
echo '';
echo '';
echo ' # Location';
echo ' location /_matrix {'; } >> $matrix_nginx_site
{ echo " proxy_pass http://localhost:${MATRIX_PORT};";
echo ' }';
if [ ! -d "/var/www/$MATRIX_DOMAIN_NAME" ]; then
mkdir -p "/var/www/$MATRIX_DOMAIN_NAME/htdocs"
sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 50;|g' "$matrix_nginx_site"
sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=50 nodelay;|g' "$matrix_nginx_site"
function_check add_ddns_domain
add_ddns_domain $MATRIX_DOMAIN_NAME
domain=${MATRIX_DOMAIN_NAME}
if [[ "$ONION_ONLY" != 'no' ]]; then
domain=$(cat /var/lib/tor/hidden_service_matrix/hostname)
fi
cd /etc/matrix || exit 46
$MATRIX_PYTHON -m synapse.app.homeserver \
--config-path "${filepath}" \
--generate-config \
--report-stats ${REPORT_STATS} \
}
function matrix_configure_homeserver_yaml {
awk -v TURNURIES="turn_uris: [\"turn:${DEFAULT_DOMAIN_NAME}:${TURN_PORT}?transport=udp\", \"turn:${DEFAULT_DOMAIN_NAME}:${TURN_PORT}?transport=tcp\"]" \
-v TURNSHAREDSECRET="turn_shared_secret: \"${turnkey}\"" \
-v PIDFILE="pid_file: ${MATRIX_DATA_DIR}/homeserver.pid" \
-v DATABASE="database: \"${MATRIX_DATA_DIR}/homeserver.db\"" \
-v MEDIASTORE="media_store_path: \"${MATRIX_DATA_DIR}/media_store\"" \
'{
sub(/turn_shared_secret: "YOUR_SHARED_SECRET"/, TURNSHAREDSECRET);
sub(/turn_uris: \[\]/, TURNURIES);
sub(/pid_file: \/homeserver.pid/, PIDFILE);
sub(/log_file: "\/homeserver.log"/, LOGFILE);
sub(/media_store_path: "\/media_store"/, MEDIASTORE);
print;
}' "${filepath}" > "${ymltemp}"
# shellcheck disable=SC2086
mv ${ymltemp} ${filepath}
if [[ $ONION_ONLY == "no" ]]; then
sed -i "s|tls_certificate_path:.*|tls_certificate_path: \"/etc/ssl/certs/${MATRIX_DOMAIN_NAME}.pem\"|g" "${filepath}"
if ! grep -q '#tls_private_key_path' "${filepath}"; then
sed -i 's|tls_private_key_path|#tls_private_key_path|g' "${filepath}"
fi
sed -i "s|tls_dh_params_path:.*|tls_dh_params_path: \"/etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam\"|g" "${filepath}"
fi
sed -i "s|${MATRIX_HTTP_PORT}|8449|g" "${filepath}"
sed -i "s|8008|${MATRIX_PORT}|g" "${filepath}"
sed -i 's|tls:.*|tls: False|g' "${filepath}"
sed -i 's|no_tls: .*|no_tls: True|g' "${filepath}"
sed -i 's|enable_registration_captcha.*|enable_registration_captcha: False|g' "${filepath}"
sed -i "s|database: \".*|database: \"${MATRIX_DATA_DIR}/homeserver.db\"|g" "${filepath}"
sed -i "s|media_store_path:.*|media_store_path: \"${MATRIX_DATA_DIR}/media_store\"|g" "${filepath}"
sed -i "s|pid_file:.*|pid_file: \"${MATRIX_DATA_DIR}/homeserver.pid\"|g" "${filepath}"
sed -i "s|log_file:.*|log_file: \"/dev/null\"|g" "${filepath}"
sed -i 's|bind_address:.*|bind_address: 127.0.0.1|g' "${filepath}"
sed -i "s|bind_addresses:.*|bind_addresses: ['127.0.0.1']|g" "${filepath}"
sed -i 's|x_forwarded:.*|x_forwarded: false|g' "${filepath}"
sed -i "s|server_name:.*|server_name: \"${MATRIX_DOMAIN_NAME}\"|g" "${filepath}"
sed -i "/trusted_third_party_id_servers:/a - ${MATRIX_DOMAIN_NAME}" "${filepath}"
sed -i "s|- ${MATRIX_DOMAIN_NAME}| - ${MATRIX_DOMAIN_NAME}|g" "${filepath}"
sed -i "s|enable_registration:.*|enable_registration: False|g" "${filepath}"
}
function matrix_diff {
DIFFPARAMS="${DIFFPARAMS:-Naur}"
MATRIX_DOMAIN_NAME="${MATRIX_DOMAIN_NAME:-demo_server_name}"
export MATRIX_DOMAIN_NAME REPORT_STATS
matrix_generate_synapse_file "$INSTALL_DIR/homeserver.synapse.yaml"
# shellcheck disable=SC2086
diff -${DIFFPARAMS} "$INSTALL_DIR/homeserver.synapse.yaml" "${MATRIX_DATA_DIR}/homeserver.yaml"
rm "$INSTALL_DIR/homeserver.synapse.yaml"
}
function matrix_generate {
breakup="0"
[[ -z "${MATRIX_DOMAIN_NAME}" ]] && echo "STOP! environment variable MATRIX_DOMAIN_NAME must be set" && breakup="1"
[[ -z "${REPORT_STATS}" ]] && echo "STOP! environment variable REPORT_STATS must be set to 'no' or 'yes'" && breakup="1"
[[ "${breakup}" == "1" ]] && exit 1
[[ "${REPORT_STATS}" != "yes" ]] && [[ "${REPORT_STATS}" != "no" ]] && \
echo "STOP! REPORT_STATS needs to be 'no' or 'yes'" && breakup="1"
if [ -f $homeserver_config ]; then
rm $homeserver_config
fi
matrix_generate_homeserver_file $homeserver_config
turnkey=$(grep 'static-auth-secret' /var/lib/turn/turnserver.conf | awk -F '=' '{print $2}')
matrix_configure_homeserver_yaml "${turnkey}" $homeserver_config
}
function create_matrix_user_removal_script {
read_config_param MY_USERNAME
read_config_param MATRIX_DOMAIN_NAME
curl_command='curl'
homebase="https://$MATRIX_DOMAIN_NAME"
if [[ "$ONION_ONLY" != 'no' ]]; then
curl_command='torsocks curl'
homebase="http://$(cat /var/lib/tor/hidden_service_matrix/hostname)"
fi
matrix_domain=$MATRIX_DOMAIN_NAME
if [[ "$ONION_ONLY" != 'no' ]]; then
matrix_domain=$(cat /var/lib/tor/hidden_service_matrix/hostname)
fi
matrix_remove_user=/usr/bin/matrix-remove-user
echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"";
echo 'BUSY="pragma busy_timeout=20000"';
echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")";
echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')";
echo 'set -x';
echo "${curl_command} -X POST \"${homebase}/_matrix/client/r0/admin/deactivate/%40\$remove_username%3A$matrix_domain?access_token=\$TOKEN\" --data '{\"erase\": true}'"; } > $matrix_remove_user
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
function create_matrix_whois_script {
read_config_param ONION_ONLY
read_config_param MY_USERNAME
read_config_param MATRIX_DOMAIN_NAME
curl_command='curl'
homebase="https://$MATRIX_DOMAIN_NAME"
if [[ "$ONION_ONLY" != 'no' ]]; then
curl_command='torsocks curl'
homebase="http://$(cat /var/lib/tor/hidden_service_matrix/hostname)"
fi
matrix_domain=$MATRIX_DOMAIN_NAME
if [[ "$ONION_ONLY" != 'no' ]]; then
matrix_domain=$(cat /var/lib/tor/hidden_service_matrix/hostname)
fi
matrix_whois_filename=/usr/bin/matrix-whois
{ echo '#!/bin/bash';
echo "cd $MATRIX_DATA_DIR || exit 1";
echo "username=\$1";
echo "if [ ! \"\$username\" ]; then";
echo ' exit 1';
echo 'fi';
echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"";
echo 'BUSY="pragma busy_timeout=20000"';
echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")";
echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')";
echo 'set -x';
echo "${curl_command} -X POST \"${homebase}/_matrix/client/r0/admin/whois/%40\$username%3A$matrix_domain?access_token=\$TOKEN\" --data '{}'"; } > $matrix_whois_filename
chmod +x $matrix_whois_filename
}
function remove_user_matrix {
remove_username="$1"
create_matrix_user_removal_script
}
function add_user_matrix {
new_username="$1"
new_user_password="$2"
if [[ "$new_username" == "$MY_USERNAME" ]]; then
add_user_matrix_admin='--admin'
else
add_user_matrix_admin='--no-admin'
"${PROJECT_NAME}-pass" -u "$new_username" -a matrix -p "$new_user_password"
if ! register_new_matrix_user -c "${MATRIX_DATA_DIR}/homeserver.yaml" -u "${new_username}" -p "${new_user_password}" $add_user_matrix_admin http://localhost:${MATRIX_PORT}; then
if [ $matrix_is_installing ]; then
echo "1"
return
else
create_matrix_user_password_script
/usr/bin/matrix-passwd "${new_username}" "${new_user_password}"
}
function install_interactive_matrix {
ONION_ONLY='no'
fi
if [[ $ONION_ONLY != "no" ]]; then
MATRIX_DOMAIN_NAME='matrix.local'
write_config_param "MATRIX_DOMAIN_NAME" "$MATRIX_DOMAIN_NAME"
else
function_check interactive_site_details
interactive_site_details "matrix" "MATRIX_DOMAIN_NAME" "MATRIX_CODE"
if [ ! $MATRIX_DOMAIN_NAME ]; then
return
fi
read_config_param "MATRIX_DOMAIN_NAME"
read_config_param "MATRIX_CODE"
function create_matrix_user_password_script {
read_config_param ONION_ONLY
read_config_param MY_USERNAME
read_config_param MATRIX_DOMAIN_NAME
curl_command='curl'
homebase="https://$MATRIX_DOMAIN_NAME"
if [[ "$ONION_ONLY" != 'no' ]]; then
curl_command='torsocks curl'
homebase="http://$(cat /var/lib/tor/hidden_service_matrix/hostname)"
fi
matrix_domain=$MATRIX_DOMAIN_NAME
if [[ "$ONION_ONLY" != 'no' ]]; then
matrix_domain=$(cat /var/lib/tor/hidden_service_matrix/hostname)
fi
matrix_passwd_filename=/usr/bin/matrix-passwd
{ echo '#!/bin/bash';
echo "cd $MATRIX_DATA_DIR || exit 1";
echo "username=\$1";
echo "if [ ! \"\$username\" ]; then";
echo ' echo "No username given"';
echo ' exit 1';
echo 'fi';
echo "new_password=\$2";
echo "if [ ! \"\$new_password\" ]; then";
echo ' echo "No password given"';
echo ' exit 2';
echo 'fi';
echo "ADMIN=\"@${MY_USERNAME}:$MATRIX_DOMAIN_NAME\"";
echo 'BUSY="pragma busy_timeout=20000"';
echo "BUFFER=\$(sqlite3 homeserver.db \"\$BUSY;select token from access_tokens where user_id like '\$ADMIN' order by id desc limit 1;\")";
echo "TOKEN=\$(echo \$BUFFER|awk '{print \$2}')";
echo 'set -x';
echo "${curl_command} -X POST \"${homebase}/_matrix/client/r0/admin/reset_password/%40\$username%3A$matrix_domain?access_token=\$TOKEN\" --data '{\"new_password\":\"\$new_password\"}'"; } > $matrix_passwd_filename
create_matrix_user_password_script
/usr/bin/matrix-passwd "$curr_username" "$new_user_password"
"${PROJECT_NAME}-pass" -u "$curr_username" -a matrix -p "$new_user_password"
}
function reconfigure_matrix {
echo -n ''
}
function upgrade_matrix {
if [ ! -d /etc/matrix ]; then
return
fi
# update connection rate limits
read_config_param MATRIX_DOMAIN_NAME
matrix_nginx_site=/etc/nginx/sites-available/$MATRIX_DOMAIN_NAME
if ! grep -q 'req_limit_per_ip burst=50 ' "$matrix_nginx_site"; then
sed -i 's|limit_req zone.*|limit_req zone=req_limit_per_ip burst=50 nodelay;|g' "$matrix_nginx_site"
fi
if ! grep -q 'conn_limit_per_ip 50;' "$matrix_nginx_site"; then
sed -i 's|limit_conn conn_limit_per_ip.*|limit_conn conn_limit_per_ip 50;|g' "$matrix_nginx_site"
fi
CURR_MATRIX_COMMIT=$(get_completion_param "matrix commit")
if [[ "$CURR_MATRIX_COMMIT" == "$MATRIX_COMMIT" ]]; then
# alter systemd daemon if necessary for the current python version
if [ ! -f /etc/matrix/run-matrix ]; then
matrix_systemd_daemon
systemctl restart matrix
else
if ! grep -q "$MATRIX_PYTHON " /etc/matrix/run-matrix; then
matrix_systemd_daemon
systemctl restart matrix
fi
fi
systemctl stop turn
systemctl stop matrix
function_check set_repo_commit
set_repo_commit /etc/matrix "matrix commit" "$MATRIX_COMMIT" $MATRIX_REPO
cd /etc/matrix || exit 62
if [ ! -d /etc/matrix/tmp ]; then
mkdir /etc/matrix/tmp
fi
export TMPDIR=/etc/matrix/tmp
if ! grep -q "$MATRIX_PYTHON " /etc/matrix/run-matrix; then
if [[ "$MATRIX_PYTHON" != '/usr/bin/python' ]]; then
if [ -d /usr/local/lib/python3.5/dist-packages/pip ]; then
rm -rf /usr/local/lib/python3.5/dist-packages/pip
fi
$INSTALL_PACKAGES --reinstall python3-pip
$INSTALL_PACKAGES python3 python3-dev \
python3-pip python3-psycopg2 python3-venv \
python3-setuptools libpq-dev \
python3-lxml python3-treq
if [[ "$ONION_ONLY" == 'no' ]]; then
if ! grep -q 'encoding: utf8' "$MATRIX_DATA_DIR/matrix.${MATRIX_DOMAIN_NAME}.log.config"; then
sed -i '/filters:/a encoding: utf8' "$MATRIX_DATA_DIR/matrix.${MATRIX_DOMAIN_NAME}.log.config"
sed -i 's|encoding: utf8| encoding: utf8|g' "$MATRIX_DATA_DIR/matrix.${MATRIX_DOMAIN_NAME}.log.config"
fi
else
if ! grep -q 'encoding: utf8' "$MATRIX_DATA_DIR/matrix.${MATRIX_ONION_HOSTNAME}.log.config"; then
sed -i '/filters:/a encoding: utf8' "$MATRIX_DATA_DIR/matrix.${MATRIX_ONION_HOSTNAME}.log.config"
sed -i 's|encoding: utf8| encoding: utf8|g' "$MATRIX_DATA_DIR/matrix.${MATRIX_ONION_HOSTNAME}.log.config"
fi
fi
# recreate the daemon if needed
matrix_systemd_daemon
$MATRIX_PIP install --upgrade --force "pynacl>=1.2.1"
sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user
# upgrade option causes breakage on ARM
$MATRIX_PIP install --upgrade --force "python-ldap"
$MATRIX_PIP install --upgrade --force "pynacl>=1.2.1"
$MATRIX_PIP install --upgrade --force "canonicaljson>=1.1.3"
$MATRIX_PIP install --upgrade --force "phonenumbers>=8.2.0"
$MATRIX_PIP install --upgrade --force "sortedcontainers>=2.0.4"
$MATRIX_PIP install --upgrade --force "daemonize>=2.3.1"
$MATRIX_PIP install --upgrade --force "pymacaroons-pynacl>=0.9.3"
$MATRIX_PIP install --upgrade --force "Twisted>=17.1.0"
$MATRIX_PIP install --upgrade --force "msgpack-python>=0.4.2"
$MATRIX_PIP install --upgrade --force "unpaddedbase64>=1.1.0"
$MATRIX_PIP install --upgrade --force "netaddr>=0.7.18"
$MATRIX_PIP install --upgrade --force "signedjson>=1.0.0"
$MATRIX_PIP install --upgrade --force "pysaml2>=3.0.0"
$MATRIX_PIP install --upgrade --force "signedjson>=1.0.0"
$MATRIX_PIP install --upgrade --force "psutil>=2.0.0"
$MATRIX_PIP install --upgrade --force "prometheus_client>=0.0.18,<0.4.0"
$MATRIX_PIP install --upgrade --force "pymacaroons>=0.13.0" "msgpack>=0.5.0"
echo 'Upgrading Matrix/Synapse. This may take a long time.'
$MATRIX_PIP install --upgrade --process-dependency-links .
chown -R matrix:matrix /etc/matrix
if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then
chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
fi
systemctl start turn
systemctl start matrix
export TMPDIR=/tmp
if [ -d /etc/matrix/tmp ]; then
rm -rf /etc/matrix/tmp/*
fi
}
function backup_local_matrix {
source_directory=/etc/matrix
if [ -d $source_directory ]; then
function_check backup_directory_to_usb
backup_directory_to_usb $source_directory matrix
if [ -d $source_directory ]; then
backup_directory_to_usb $source_directory matrixdata
fi
systemctl start matrix
fi
}
function restore_local_matrix {
if [ -d /etc/matrix ]; then
systemctl stop matrix
temp_restore_dir=/root/tempmatrix
function_check restore_directory_from_usb
restore_directory_from_usb $temp_restore_dir matrix
if [ -d $temp_restore_dir/etc/matrix ]; then
cp -r $temp_restore_dir/etc/matrix/* /etc/matrix
else
cp -r $temp_restore_dir/* /etc/matrix/
fi
if [ ! "$?" = "0" ]; then
function_check backup_unmount_drive
backup_unmount_drive
fi
rm -rf $temp_restore_dir
chown -R matrix:matrix /etc/matrix
temp_restore_dir=/root/tempmatrixdata
restore_directory_from_usb $temp_restore_dir matrixdata
if [ -d "$temp_restore_dir$MATRIX_DATA_DIR" ]; then
cp -r "$temp_restore_dir$MATRIX_DATA_DIR"/* $MATRIX_DATA_DIR
else
cp -r $temp_restore_dir/* $MATRIX_DATA_DIR/
fi
if [ ! "$?" = "0" ]; then
function_check backup_unmount_drive
backup_unmount_drive
if [ -f /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam ]; then
chmod 755 /etc/ssl/certs/${MATRIX_DOMAIN_NAME}.dhparam
fi
fi
systemctl start matrix
fi
}
function backup_remote_matrix {
if [[ "$ONION_ONLY" == 'no' ]]; then
firewall_remove ${MATRIX_HTTP_PORT}
fi
nginx_dissite $MATRIX_DOMAIN_NAME
remove_certs $MATRIX_DOMAIN_NAME
if [ -f /etc/nginx/sites-available/$MATRIX_DOMAIN_NAME ]; then
rm /etc/nginx/sites-available/$MATRIX_DOMAIN_NAME
fi
if [ ! -d /var/www/$MATRIX_DOMAIN_NAME ]; then
rm -rf /var/www/$MATRIX_DOMAIN_NAME
fi
function_check remove_ddns_domain
remove_ddns_domain $MATRIX_DOMAIN_NAME
function_check remove_turn
remove_turn
systemctl disable matrix
if [ -f /etc/systemd/system/matrix.service ]; then
rm /etc/systemd/system/matrix.service
fi
cd /etc/matrix || exit 26
rm -rf $MATRIX_DATA_DIR
rm -rf /etc/matrix
remove_onion_service matrix ${MATRIX_ONION_PORT} ${MATRIX_HTTP_PORT}
#sed -i "/# Matrix Server/,/# End of Matrix Server/d" /etc/nginx/sites-available/${MATRIX_DOMAIN_NAME}
rm /etc/avahi/services/matrix.service
systemctl restart avahi-daemon
function matrix_wait_for_database {
# remove any pre-existing database
systemctl start matrix
else
systemctl stop matrix
systemctl restart matrix
fi
systemctl restart nginx
echo $'Waiting for the database to be created'
# shellcheck disable=SC2034
for i in {1..60}
do
echo -n '.'
sleep 2
echo $'No matrix home server database was created'
exit 23
fi
if [ -d /etc/matrix ]; then
rm -rf /etc/matrix
fi
if [ -d /repos/matrix ]; then
mkdir /etc/matrix
cp -r -p /repos/matrix/. /etc/matrix
cd /etc/matrix || exit 23
git pull
else
function_check git_clone
git_clone $MATRIX_REPO /etc/matrix
fi
if [ ! -d /etc/matrix ]; then
echo $'Unable to clone matrix repo'
exit 67
cd /etc/matrix || exit 73
git checkout $MATRIX_COMMIT -b $MATRIX_COMMIT
set_completion_param "matrix commit" "$MATRIX_COMMIT"
if [ ! -d "$INSTALL_DIR/matrix" ]; then
mkdir -p "$INSTALL_DIR/matrix"
rm -rf /usr/local/lib/python2.7/dist-packages/ldap*
rm -rf /usr/local/lib/python3.5/dist-packages/ldap*
if ! $MATRIX_PIP install --upgrade --process-dependency-links . -b "$INSTALL_DIR/matrix"; then
useradd -c "Matrix system account" -d "$MATRIX_DATA_DIR" -m -r -g matrix matrix
function_check matrix_generate
matrix_generate
sed -i 's|web_client:.*|web_client: False|g' "$MATRIX_DATA_DIR/homeserver.yaml"
sed -i 's|, webclient||g' "$MATRIX_DATA_DIR/homeserver.yaml"
sed -i "/- '0.0.0.0'/d" "$MATRIX_DATA_DIR/homeserver.yaml"
if ! grep -q "# - '::'" "$MATRIX_DATA_DIR/homeserver.yaml"; then
sed -i "s| - '::'|# - '::'|g" "$MATRIX_DATA_DIR/homeserver.yaml"
if [[ "$ONION_ONLY" != 'no' ]]; then
sed -i "s|- matrix.local|- $MATRIX_ONION_HOSTNAME|g" "$MATRIX_DATA_DIR/homeserver.yaml"
sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user
matrix_systemd_daemon
echo $'Accessing the homeserver database'
cd "$MATRIX_DATA_DIR" || exit 36
homeserver_database_updated=
# shellcheck disable=SC2034
for i in {1..60}
do
echo -n '.'
sleep 2
if sqlite3 homeserver.db "PRAGMA auto_vacuum = FULL;"; then
homeserver_database_updated=1
break
fi
done
echo ''
if [ ! $homeserver_database_updated ]; then
echo $"$MATRIX_DATA_DIR/homeserver.db could not be accessed"
fi
if [ ! "${MATRIX_PASSWORD}" ]; then
if [ -f "${IMAGE_PASSWORD_FILE}" ]; then
MATRIX_PASSWORD="$(printf "%s" "$(cat "$IMAGE_PASSWORD_FILE")")"
MATRIX_PASSWORD="$(create_password "${MINIMUM_PASSWORD_LENGTH}")"
if [[ "$ONION_ONLY" == 'no' ]]; then
firewall_add matrix ${MATRIX_HTTP_PORT}
fi