Matrix identity server

src/freedombone-app-matrix

@@ -37,8 +37,11 @@ SHOW_ON_ABOUT=1
 
 MATRIX_DATA_DIR='/var/lib/matrix'
 MATRIX_PORT=8448
+MATRID_ID_PORT=8090
 MATRIX_REPO="https://github.com/matrix-org/synapse"
 MATRIX_COMMIT='f5a4001bb116c468cc5e8e0ae04a1c570e2cb171'
+SYDENT_REPO="https://github.com/matrix-org/sydent"
+SYDENT_COMMIT='99edbd4c80c42b76e26f696054fcbbceecb25d5f'
 REPORT_STATS="no"
 MATRIX_SECRET=
 
@@ -48,6 +51,11 @@ matrix_variables=(ONION_ONLY
                   DEFAULT_DOMAIN_NAME)
 
 function matrix_nginx {
+    matrix_identityserver_proxy_str=' \
+    location /matrix-id { \
+        proxy_pass http://localhost:8090; \
+        proxy_buffering on; \
+    }'
     matrix_proxy_str=' \
     location /matrix { \
         proxy_pass https://localhost:8448; \
@@ -149,6 +157,10 @@ function matrix_nginx {
         nginx_ensite $DEFAULT_DOMAIN_NAME
     fi
 
+    if ! grep "localhost:${MATRIX_ID_PORT}" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}; then
+        sed -i "s|:443 ssl;|:443 ssl;${matrix_identityserver_proxy_str}|g" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+        sed -i "s| default_server;| default_server;${matrix_identityserver_proxy_str}|g" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
+    fi
     if ! grep "localhost:${MATRIX_PORT}" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}; then
         sed -i "s|:443 ssl;|:443 ssl;${matrix_proxy_str}|g" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
         sed -i "s| default_server;| default_server;${matrix_proxy_str}|g" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
@@ -164,7 +176,7 @@ function matrix_nginx {
     sleep 5
 }
 
-function matrix_generate_synapse_file {
+function matrix_generate_homeserver_file {
     local filepath="${1}"
 
     cd /etc/matrix
@@ -175,6 +187,17 @@ function matrix_generate_synapse_file {
            --server-name ${DEFAULT_DOMAIN_NAME}
 }
 
+function matrix_generate_identityserver_file {
+    local filepath="${1}"
+
+    cd /etc/sydent
+    python -m sydent.sydent \
+           --config-path "${filepath}" \
+           --generate-config \
+           --report-stats ${REPORT_STATS} \
+           --server-name ${DEFAULT_DOMAIN_NAME}
+}
+
 function matrix_configure_homeserver_yaml {
     local turnkey="${1}"
     local filepath="${2}"
@@ -209,6 +232,16 @@ function matrix_configure_homeserver_yaml {
     sed -i "s|log_file:.*|log_file: \"/dev/null\"|g" "${filepath}"
 }
 
+function matrix_configure_identityserver_yaml {
+    local filepath="${1}"
+
+    sed -i "s|http.port:.*|http.port: $MATRIX_ID_PORT|g" "${filepath}"
+    sed -i "s|db.file:.*|db.file: \"${MATRIX_DATA_DIR}/identityserver.db\"|g" "${filepath}"
+    sed -i "s|Sydent Validation|Freedombone Matrix Account Validation|g" "${filepath}"
+    sed -i "s|pidfile.path:.*|pidfile.path: \"${MATRIX_DATA_DIR}/identityserver.pid\"|g" "${filepath}"
+    sed -i "s|log.path:.*|log.path: \"/dev/null\"|g" "${filepath}"
+}
+
 function matrix_diff {
     DIFFPARAMS="${DIFFPARAMS:-Naur}"
     DEFAULT_DOMAIN_NAME="${DEFAULT_DOMAIN_NAME:-demo_server_name}"
@@ -229,11 +262,29 @@ function matrix_generate {
     [[ "${REPORT_STATS}" != "yes" ]] && [[ "${REPORT_STATS}" != "no" ]] && \
         echo "STOP! REPORT_STATS needs to be 'no' or 'yes'" && breakup="1"
 
-    if [ -f ${MATRIX_DATA_DIR}/homeserver.yaml ]; then
-        rm ${MATRIX_DATA_DIR}/homeserver.yaml
+    homeserver_config=${MATRIX_DATA_DIR}/homeserver.yaml
+    if [ -f $homeserver_config ]; then
+        rm $homeserver_config
+    fi
+    matrix_generate_homeserver_file $homeserver_config
+    matrix_configure_homeserver_yaml "${turnkey}" $homeserver_config
+}
+
+function identity_server_generate {
+    breakup="0"
+    [[ -z "${DEFAULT_DOMAIN_NAME}" ]] && echo "STOP! environment variable DEFAULT_DOMAIN_NAME must be set" && breakup="1"
+    [[ -z "${REPORT_STATS}" ]] && echo "STOP! environment variable REPORT_STATS must be set to 'no' or 'yes'" && breakup="1"
+    [[ "${breakup}" == "1" ]] && exit 1
+
+    [[ "${REPORT_STATS}" != "yes" ]] && [[ "${REPORT_STATS}" != "no" ]] && \
+        echo "STOP! REPORT_STATS needs to be 'no' or 'yes'" && breakup="1"
+
+    identityserver_config=${MATRIX_DATA_DIR}/identityserver.yaml
+    if [ -f $identityserver_config ]; then
+        rm $identityserver_config
     fi
-    matrix_generate_synapse_file ${MATRIX_DATA_DIR}/homeserver.yaml
-    matrix_configure_homeserver_yaml "${turnkey}" ${MATRIX_DATA_DIR}/homeserver.yaml
+    matrix_generate_identityserver_file $identityserver_config
+    matrix_configure_identityserver_yaml $identityserver_config
 }
 
 function remove_user_matrix {
@@ -368,19 +419,27 @@ function restore_remote_matrix {
 function remove_matrix {
     firewall_remove ${MATRIX_PORT}
     systemctl stop matrix
+    systemctl stop sydent
 
     function_check remove_turn
     remove_turn
 
     systemctl disable matrix
+    systemctl disable sydent
     if [ -f /etc/systemd/system/matrix.service ]; then
         rm /etc/systemd/system/matrix.service
     fi
+    if [ -f /etc/systemd/system/sydent.service ]; then
+        rm /etc/systemd/system/sydent.service
+    fi
     apt-get -y remove --purge coturn
     cd /etc/matrix
     pip uninstall .
+    cd /etc/sydent
+    pip uninstall .
     rm -rf $MATRIX_DATA_DIR
     rm -rf /etc/matrix
+    rm -rf /etc/sydent
     deluser matrix
     delgroup matrix
     remove_onion_service matrix ${MATRIX_PORT}
@@ -392,37 +451,67 @@ function remove_matrix {
     sed -i '/matrix/d' $COMPLETION_FILE
 }
 
-function install_matrix {
-    if [ ! -d $INSTALL_DIR ]; then
-        mkdir -p $INSTALL_DIR
+function install_identity_server {
+    if [ ! -d /etc/sydent ]; then
+        function_check git_clone
+        git_clone $SYDENT_REPO /etc/sydent
+        if [ ! -d /etc/sydent ]; then
+            echo $'Unable to clone sydent repo'
+            exit 936525
+        fi
     fi
 
-    if [[ ${ONION_ONLY} == 'no' ]]; then
-        if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
-            echo $'Obtaining certificate for the main domain'
-            create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
-        fi
+    cd /etc/sydent
+    git checkout $SYDENT_COMMIT -b $SYDENT_COMMIT
+    set_completion_param "sydent commit" "$SYDENT_COMMIT"
+    if [ ! -d $INSTALL_DIR/sydent ]; then
+        mkdir -p $INSTALL_DIR/sydent
+    fi
+    pip install --upgrade --process-dependency-links . -b $INSTALL_DIR/sydent
+    if [ ! "$?" = "0" ]; then
+        echo $'Failed to install matrix identity server'
+        exit 798362
     fi
 
-    export DEBIAN_FRONTEND=noninteractive
-    apt-get -yq install coreutils \
-            curl file gcc git libevent-2.0-5 \
-            libevent-dev libffi-dev libffi6 \
-            libgnutls28-dev libjpeg62-turbo \
-            libjpeg62-turbo-dev libldap-2.4-2 \
-            libldap2-dev libsasl2-dev \
-            libsqlite3-dev libssl-dev \
-            libssl1.0.0 libtool libxml2 \
-            libxml2-dev libxslt1-dev libxslt1.1 \
-            make python python-dev \
-            python-pip python-psycopg2 \
-            python-virtualenv sqlite unzip \
-            zlib1g zlib1g-dev
+    function_check identity_server_generate
+    identity_server_generate
 
-    pip install --upgrade pip
-    pip install --upgrade python-ldap
-    pip install --upgrade lxml
+    if [ ! -f $MATRIX_DATA_DIR/identityserver.yaml ]; then
+        echo $'Matrix identity server config was not generated'
+        exit 82352
+    fi
+
+    chmod -R 700 $MATRIX_DATA_DIR/identityserver.yaml
+    chown -R matrix:matrix /etc/sydent
+
+    echo '[Unit]' > /etc/systemd/system/sydent.service
+    echo 'Description=Sydent Matrix identity server' >> /etc/systemd/system/sydent.service
+    echo 'After=network.target nginx.target' >> /etc/systemd/system/sydent.service
+    echo '' >> /etc/systemd/system/sydent.service
+    echo '[Service]' >> /etc/systemd/system/sydent.service
+    echo 'Type=simple' >> /etc/systemd/system/sydent.service
+    echo 'User=matrix' >> /etc/systemd/system/sydent.service
+    echo "WorkingDirectory=/etc/sydent" >> /etc/systemd/system/sydent.service
+    echo "ExecStart=/usr/bin/python -m sydent.sydent --config-path ${MATRIX_DATA_DIR}/identityserver.yaml" >> /etc/systemd/system/sydent.service
+    echo 'Restart=always' >> /etc/systemd/system/sydent.service
+    echo 'RestartSec=10' >> /etc/systemd/system/sydent.service
+    echo '' >> /etc/systemd/system/sydent.service
+    echo '[Install]' >> /etc/systemd/system/sydent.service
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sydent.service
+    systemctl enable sydent
+    systemctl daemon-reload
+    systemctl start sydent
+
+    sleep 4
+
+    if [ ! -f $MATRIX_DATA_DIR/identityserver.db ]; then
+        echo $'No matrix identity server database was created'
+        exit 7354383
+    fi
+    chmod -R 700 $MATRIX_DATA_DIR/identityserver.db
+}
 
+function install_home_server {
     if [ ! -d /etc/matrix ]; then
         function_check git_clone
         git_clone $MATRIX_REPO /etc/matrix
@@ -440,6 +529,7 @@ function install_matrix {
     fi
     pip install --upgrade --process-dependency-links . -b $INSTALL_DIR/matrix
     if [ ! "$?" = "0" ]; then
+        echo $'Failed to install matrix home server'
         exit 782542
     fi
 
@@ -458,7 +548,7 @@ function install_matrix {
     groupadd matrix
     useradd -c "Matrix system account" -d $MATRIX_DATA_DIR -m -r -g matrix matrix
 
-    chmod -R 700 /var/lib/matrix/homeserver.yaml
+    chmod -R 700 $MATRIX_DATA_DIR/homeserver.yaml
     chown -R matrix:matrix /etc/matrix
     chown -R matrix:matrix $MATRIX_DATA_DIR
 
@@ -480,11 +570,12 @@ function install_matrix {
     systemctl daemon-reload
     systemctl start matrix
 
-    if [ -f /var/lib/matrix/homeserver.db ]; then
-        chmod -R 700 /var/lib/matrix/homeserver.db
-    fi
+    sleep 4
 
-    update_default_domain
+    if [ ! -f $MATRIX_DATA_DIR/homeserver.db ]; then
+        echo $'No matrix home server database was created'
+    fi
+    chmod -R 700 $MATRIX_DATA_DIR/homeserver.db
 
     firewall_add matrix ${MATRIX_PORT}
 
@@ -503,7 +594,43 @@ function install_matrix {
     rm -f ${MATRIX_DATA_DIR}/.mutt-alias
     rm -f ${MATRIX_DATA_DIR}/.procmailrc
     rm -f ${MATRIX_DATA_DIR}/.emacs-mutt
+}
+
+function install_matrix {
+    if [ ! -d $INSTALL_DIR ]; then
+        mkdir -p $INSTALL_DIR
+    fi
+
+    if [[ ${ONION_ONLY} == 'no' ]]; then
+        if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+            echo $'Obtaining certificate for the main domain'
+            create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
+        fi
+    fi
 
+    export DEBIAN_FRONTEND=noninteractive
+    apt-get -yq install coreutils \
+            curl file gcc git libevent-2.0-5 \
+            libevent-dev libffi-dev libffi6 \
+            libgnutls28-dev libjpeg62-turbo \
+            libjpeg62-turbo-dev libldap-2.4-2 \
+            libldap2-dev libsasl2-dev \
+            libsqlite3-dev libssl-dev \
+            libssl1.0.0 libtool libxml2 \
+            libxml2-dev libxslt1-dev libxslt1.1 \
+            make python python-dev \
+            python-pip python-psycopg2 \
+            python-virtualenv sqlite unzip \
+            zlib1g zlib1g-dev
+
+    pip install --upgrade pip
+    pip install --upgrade python-ldap
+    pip install --upgrade lxml
+
+    install_home_server
+    install_identity_server
+
+    update_default_domain
     matrix_nginx
 
     if [[ $(add_user_matrix "${MY_USERNAME}" "${MATRIX_PASSWORD}" | tail -n 1) != "0" ]]; then