|
@@ -15,6 +15,8 @@
|
15
|
15
|
#
|
16
|
16
|
# Test by visiting https://$MATRIX_DOMAIN_NAME/_matrix/key/v2/server/auto
|
17
|
17
|
#
|
|
18
|
+# If working then telnet $MATRIX_DOMAIN_NAME 8448 should return a response
|
|
19
|
+#
|
18
|
20
|
# License
|
19
|
21
|
# =======
|
20
|
22
|
#
|
|
@@ -45,15 +47,12 @@ MATRIX_CODE=
|
45
|
47
|
|
46
|
48
|
MATRIX_DATA_DIR='/var/lib/matrix'
|
47
|
49
|
MATRIX_HTTP_PORT=8448
|
48
|
|
-MATRIX_ID_HTTP_PORT=8557
|
49
|
50
|
MATRIX_PORT=8008
|
50
|
51
|
MATRIX_ID_PORT=8081
|
51
|
52
|
MATRIX_ONION_PORT=8109
|
52
|
53
|
MATRIX_ID_ONION_PORT=8111
|
53
|
54
|
MATRIX_REPO="https://github.com/matrix-org/synapse"
|
54
|
55
|
MATRIX_COMMIT='c45dc6c62aa2a2e83a10d8116a709dfd8c144e3c'
|
55
|
|
-SYDENT_REPO="https://github.com/matrix-org/sydent"
|
56
|
|
-SYDENT_COMMIT='d087278afd712222653b69ff72bd8ff4aa0180ec'
|
57
|
56
|
REPORT_STATS="no"
|
58
|
57
|
MATRIX_SECRET=
|
59
|
58
|
|
|
@@ -67,9 +66,8 @@ matrix_variables=(ONION_ONLY
|
67
|
66
|
function matrix_nginx {
|
68
|
67
|
matrix_nginx_site=/etc/nginx/sites-available/$MATRIX_DOMAIN_NAME
|
69
|
68
|
if [[ $ONION_ONLY == "no" ]]; then
|
70
|
|
- echo 'server {' > $matrix_nginx_site
|
71
|
|
- echo " listen 443 ssl;" >> $matrix_nginx_site
|
72
|
|
- echo " listen [::]:443 ssl;" >> $matrix_nginx_site
|
|
69
|
+ echo 'server {' >> $matrix_nginx_site
|
|
70
|
+ echo " listen 0.0.0.0:443;" >> $matrix_nginx_site
|
73
|
71
|
echo " server_name ${MATRIX_DOMAIN_NAME};" >> $matrix_nginx_site
|
74
|
72
|
echo '' >> $matrix_nginx_site
|
75
|
73
|
echo ' # Security' >> $matrix_nginx_site
|
|
@@ -98,8 +96,7 @@ function matrix_nginx {
|
98
|
96
|
echo '}' >> $matrix_nginx_site
|
99
|
97
|
echo '' >> $matrix_nginx_site
|
100
|
98
|
echo 'server {' >> $matrix_nginx_site
|
101
|
|
- echo " listen ${MATRIX_ID_HTTP_PORT} ssl;" >> $matrix_nginx_site
|
102
|
|
- echo " listen [::]:${MATRIX_ID_HTTP_PORT} ssl;" >> $matrix_nginx_site
|
|
99
|
+ echo " listen 0.0.0.0:8448;" >> $matrix_nginx_site
|
103
|
100
|
echo " server_name ${MATRIX_DOMAIN_NAME};" >> $matrix_nginx_site
|
104
|
101
|
echo '' >> $matrix_nginx_site
|
105
|
102
|
echo ' # Security' >> $matrix_nginx_site
|
|
@@ -149,26 +146,6 @@ function matrix_nginx {
|
149
|
146
|
echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site
|
150
|
147
|
echo ' }' >> $matrix_nginx_site
|
151
|
148
|
echo '}' >> $matrix_nginx_site
|
152
|
|
- echo '' >> $matrix_nginx_site
|
153
|
|
- echo 'server {' >> $matrix_nginx_site
|
154
|
|
- echo " listen 127.0.0.1:$MATRIX_ID_ONION_PORT default_server;" >> $matrix_nginx_site
|
155
|
|
- echo " server_name $MATRIX_DOMAIN_NAME;" >> $matrix_nginx_site
|
156
|
|
- echo '' >> $matrix_nginx_site
|
157
|
|
- function_check nginx_disable_sniffing
|
158
|
|
- nginx_disable_sniffing $MATRIX_DOMAIN_NAME
|
159
|
|
- echo '' >> $matrix_nginx_site
|
160
|
|
- echo ' # Logs' >> $matrix_nginx_site
|
161
|
|
- echo ' access_log /dev/null;' >> $matrix_nginx_site
|
162
|
|
- echo ' error_log /dev/null;' >> $matrix_nginx_site
|
163
|
|
- echo '' >> $matrix_nginx_site
|
164
|
|
- echo ' # Location' >> $matrix_nginx_site
|
165
|
|
- echo ' location / {' >> $matrix_nginx_site
|
166
|
|
- function_check nginx_limits
|
167
|
|
- nginx_limits $MATRIX_DOMAIN_NAME '15m'
|
168
|
|
- echo " proxy_pass http://localhost:${MATRIX_ID_PORT};" >> $matrix_nginx_site
|
169
|
|
- echo ' proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site
|
170
|
|
- echo ' }' >> $matrix_nginx_site
|
171
|
|
- echo '}' >> $matrix_nginx_site
|
172
|
149
|
|
173
|
150
|
if [ ! -d /var/www/$MATRIX_DOMAIN_NAME ]; then
|
174
|
151
|
mkdir -p /var/www/$MATRIX_DOMAIN_NAME/htdocs
|
|
@@ -183,9 +160,6 @@ function matrix_nginx {
|
183
|
160
|
systemctl restart nginx
|
184
|
161
|
systemctl restart turn
|
185
|
162
|
systemctl restart matrix
|
186
|
|
- if [ -f /etc/systemd/system/sydent.service ]; then
|
187
|
|
- systemctl restart sydent
|
188
|
|
- fi
|
189
|
163
|
|
190
|
164
|
# wait for nginx to start otherwise user add fails later
|
191
|
165
|
sleep 5
|
|
@@ -202,17 +176,6 @@ function matrix_generate_homeserver_file {
|
202
|
176
|
--server-name ${MATRIX_DOMAIN_NAME}
|
203
|
177
|
}
|
204
|
178
|
|
205
|
|
-function matrix_generate_identityserver_file {
|
206
|
|
- local filepath="${1}"
|
207
|
|
-
|
208
|
|
- cd /etc/sydent
|
209
|
|
- python -m sydent.sydent \
|
210
|
|
- --config-path "${filepath}" \
|
211
|
|
- --generate-config \
|
212
|
|
- --report-stats ${REPORT_STATS} \
|
213
|
|
- --server-name ${MATRIX_DOMAIN_NAME}
|
214
|
|
-}
|
215
|
|
-
|
216
|
179
|
function matrix_configure_homeserver_yaml {
|
217
|
180
|
local turnkey="${1}"
|
218
|
181
|
local filepath="${2}"
|
|
@@ -237,7 +200,9 @@ function matrix_configure_homeserver_yaml {
|
237
|
200
|
|
238
|
201
|
mv ${ymltemp} "${filepath}"
|
239
|
202
|
|
240
|
|
- sed -i 's|no_tls: .*|no_tls: False|g' "${filepath}"
|
|
203
|
+ sed -i 's|8448|8449|g' "${filepath}"
|
|
204
|
+ sed -i 's|tls:.*|tls: False|g' "${filepath}"
|
|
205
|
+ sed -i 's|no_tls: .*|no_tls: True|g' "${filepath}"
|
241
|
206
|
sed -i ':a;N;$!ba;s/ tls: [^\n]*/ tls: False/2' "${filepath}"
|
242
|
207
|
sed -i 's|enable_registration_captcha.*|enable_registration_captcha: False|g' "${filepath}"
|
243
|
208
|
sed -i "s|database: \".*|database: \"${MATRIX_DATA_DIR}/homeserver.db\"|g" "${filepath}"
|
|
@@ -253,17 +218,6 @@ function matrix_configure_homeserver_yaml {
|
253
|
218
|
sed -i "s|enable_registration:.*|enable_registration: False|g" "${filepath}"
|
254
|
219
|
}
|
255
|
220
|
|
256
|
|
-function matrix_configure_identityserver {
|
257
|
|
- local filepath=/etc/sydent/sydent.conf
|
258
|
|
-
|
259
|
|
- sed -i "s|http.port.*|http.port = $MATRIX_ID_PORT|g" ${filepath}
|
260
|
|
- sed -i "s|db.file.*|db.file = /etc/sydent/sydent.db|g" ${filepath}
|
261
|
|
- sed -i "s|Sydent Validation|Freedombone Matrix Account Validation|g" ${filepath}
|
262
|
|
- sed -i "s|pidfile.path.*|pidfile.path = /etc/sydent/sydent.pid|g" ${filepath}
|
263
|
|
- sed -i "s|log.path.*|log.path = /dev/null|g" ${filepath}
|
264
|
|
- sed -i "s|server.name.*|server.name = ${MATRIX_DOMAIN_NAME}|g" ${filepath}
|
265
|
|
-}
|
266
|
|
-
|
267
|
221
|
function matrix_diff {
|
268
|
222
|
DIFFPARAMS="${DIFFPARAMS:-Naur}"
|
269
|
223
|
MATRIX_DOMAIN_NAME="${MATRIX_DOMAIN_NAME:-demo_server_name}"
|
|
@@ -351,36 +305,26 @@ function reconfigure_matrix {
|
351
|
305
|
}
|
352
|
306
|
|
353
|
307
|
function upgrade_matrix {
|
354
|
|
- if [ ! -d /etc/sydent ]; then
|
355
|
|
- return
|
356
|
|
- fi
|
357
|
308
|
if [ ! -d /etc/matrix ]; then
|
358
|
309
|
return
|
359
|
310
|
fi
|
360
|
311
|
systemctl stop turn
|
361
|
312
|
systemctl stop matrix
|
362
|
|
- systemctl stop sydent
|
363
|
313
|
|
364
|
314
|
function_check set_repo_commit
|
365
|
315
|
set_repo_commit /etc/matrix "matrix commit" "$MATRIX_COMMIT" $MATRIX_REPO
|
366
|
316
|
cd /etc/matrix
|
367
|
317
|
pip install --upgrade --process-dependency-links .
|
368
|
318
|
|
369
|
|
- set_repo_commit /etc/sydent "sydent commit" "$SYDENT_COMMIT" $SYDENT_REPO
|
370
|
|
- cd /etc/sydent
|
371
|
|
- pip install --upgrade --process-dependency-links .
|
372
|
|
-
|
373
|
319
|
sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user
|
374
|
320
|
|
375
|
321
|
chown -R matrix:matrix /etc/matrix
|
376
|
|
- chown -R matrix:matrix /etc/sydent
|
377
|
322
|
chown -R matrix:matrix $MATRIX_DATA_DIR
|
378
|
323
|
|
379
|
324
|
pip install --upgrade --force "pynacl==0.3.0"
|
380
|
325
|
|
381
|
326
|
systemctl start turn
|
382
|
327
|
systemctl start matrix
|
383
|
|
- systemctl start sydent
|
384
|
328
|
}
|
385
|
329
|
|
386
|
330
|
function backup_local_matrix {
|
|
@@ -388,7 +332,6 @@ function backup_local_matrix {
|
388
|
332
|
if [ -d $source_directory ]; then
|
389
|
333
|
systemctl stop turn
|
390
|
334
|
systemctl stop matrix
|
391
|
|
- systemctl stop sydent
|
392
|
335
|
|
393
|
336
|
function_check backup_directory_to_usb
|
394
|
337
|
backup_directory_to_usb $source_directory matrix
|
|
@@ -396,14 +339,9 @@ function backup_local_matrix {
|
396
|
339
|
if [ -d $source_directory ]; then
|
397
|
340
|
backup_directory_to_usb $source_directory matrixdata
|
398
|
341
|
fi
|
399
|
|
- source_directory=/etc/sydent
|
400
|
|
- if [ -d $source_directory ]; then
|
401
|
|
- backup_directory_to_usb $source_directory matrixid
|
402
|
|
- fi
|
403
|
342
|
|
404
|
343
|
systemctl start turn
|
405
|
344
|
systemctl start matrix
|
406
|
|
- systemctl start sydent
|
407
|
345
|
fi
|
408
|
346
|
}
|
409
|
347
|
|
|
@@ -411,7 +349,6 @@ function restore_local_matrix {
|
411
|
349
|
if [ -d /etc/matrix ]; then
|
412
|
350
|
systemctl stop turn
|
413
|
351
|
systemctl stop matrix
|
414
|
|
- systemctl stop sydent
|
415
|
352
|
|
416
|
353
|
temp_restore_dir=/root/tempmatrix
|
417
|
354
|
function_check restore_directory_from_usb
|
|
@@ -436,20 +373,8 @@ function restore_local_matrix {
|
436
|
373
|
rm -rf $temp_restore_dir
|
437
|
374
|
chown -R matrix:matrix $MATRIX_DATA_DIR
|
438
|
375
|
|
439
|
|
- temp_restore_dir=/root/tempmatrixid
|
440
|
|
- restore_directory_from_usb $temp_restore_dir matrixid
|
441
|
|
- cp -r $temp_restore_dir/etc/sydent/* /etc/sydent
|
442
|
|
- if [ ! "$?" = "0" ]; then
|
443
|
|
- function_check backup_unmount_drive
|
444
|
|
- backup_unmount_drive
|
445
|
|
- exit 29562
|
446
|
|
- fi
|
447
|
|
- rm -rf $temp_restore_dir
|
448
|
|
- chown -R matrix:matrix /etc/sydent
|
449
|
|
-
|
450
|
376
|
systemctl start turn
|
451
|
377
|
systemctl start matrix
|
452
|
|
- systemctl start sydent
|
453
|
378
|
fi
|
454
|
379
|
}
|
455
|
380
|
|
|
@@ -458,7 +383,6 @@ function backup_remote_matrix {
|
458
|
383
|
if [ -d $source_directory ]; then
|
459
|
384
|
systemctl stop turn
|
460
|
385
|
systemctl stop matrix
|
461
|
|
- systemctl stop sydent
|
462
|
386
|
|
463
|
387
|
function_check backup_directory_to_friend
|
464
|
388
|
backup_directory_to_friend $source_directory matrix
|
|
@@ -466,14 +390,9 @@ function backup_remote_matrix {
|
466
|
390
|
if [ -d $source_directory ]; then
|
467
|
391
|
backup_directory_to_friend $source_directory matrixdata
|
468
|
392
|
fi
|
469
|
|
- source_directory=/etc/sydent
|
470
|
|
- if [ -d $source_directory ]; then
|
471
|
|
- backup_directory_to_friend $source_directory matrixid
|
472
|
|
- fi
|
473
|
393
|
|
474
|
394
|
systemctl start turn
|
475
|
395
|
systemctl start matrix
|
476
|
|
- systemctl start sydent
|
477
|
396
|
fi
|
478
|
397
|
}
|
479
|
398
|
|
|
@@ -481,7 +400,6 @@ function restore_remote_matrix {
|
481
|
400
|
if [ -d /etc/matrix ]; then
|
482
|
401
|
systemctl stop turn
|
483
|
402
|
systemctl stop matrix
|
484
|
|
- systemctl stop sydent
|
485
|
403
|
|
486
|
404
|
temp_restore_dir=/root/tempmatrix
|
487
|
405
|
function_check restore_directory_from_friend
|
|
@@ -502,18 +420,8 @@ function restore_remote_matrix {
|
502
|
420
|
rm -rf $temp_restore_dir
|
503
|
421
|
chown -R matrix:matrix $MATRIX_DATA_DIR
|
504
|
422
|
|
505
|
|
- temp_restore_dir=/root/tempmatrixid
|
506
|
|
- restore_directory_from_friend $temp_restore_dir matrixid
|
507
|
|
- cp -r $temp_restore_dir/etc/sydent/* /etc/sydent
|
508
|
|
- if [ ! "$?" = "0" ]; then
|
509
|
|
- exit 738356
|
510
|
|
- fi
|
511
|
|
- rm -rf $temp_restore_dir
|
512
|
|
- chown -R matrix:matrix /etc/sydent
|
513
|
|
-
|
514
|
423
|
systemctl start turn
|
515
|
424
|
systemctl start matrix
|
516
|
|
- systemctl start sydent
|
517
|
425
|
fi
|
518
|
426
|
}
|
519
|
427
|
|
|
@@ -532,29 +440,17 @@ function remove_matrix {
|
532
|
440
|
remove_ddns_domain $MATRIX_DOMAIN_NAME
|
533
|
441
|
|
534
|
442
|
systemctl stop matrix
|
535
|
|
- if [ -f /etc/systemd/system/sydent.service ]; then
|
536
|
|
- systemctl stop sydent
|
537
|
|
- fi
|
538
|
443
|
|
539
|
444
|
function_check remove_turn
|
540
|
445
|
remove_turn
|
541
|
446
|
|
542
|
447
|
systemctl disable matrix
|
543
|
|
- if [ -f /etc/systemd/system/sydent.service ]; then
|
544
|
|
- systemctl disable sydent
|
545
|
|
- rm /etc/systemd/system/sydent.service
|
546
|
|
- fi
|
547
|
448
|
if [ -f /etc/systemd/system/matrix.service ]; then
|
548
|
449
|
rm /etc/systemd/system/matrix.service
|
549
|
450
|
fi
|
550
|
451
|
apt-get -y remove --purge coturn
|
551
|
452
|
cd /etc/matrix
|
552
|
453
|
pip uninstall .
|
553
|
|
- if [ -d /etc/sydent ]; then
|
554
|
|
- cd /etc/sydent
|
555
|
|
- pip uninstall .
|
556
|
|
- rm -rf /etc/sydent
|
557
|
|
- fi
|
558
|
454
|
rm -rf $MATRIX_DATA_DIR
|
559
|
455
|
rm -rf /etc/matrix
|
560
|
456
|
deluser matrix
|
|
@@ -569,79 +465,6 @@ function remove_matrix {
|
569
|
465
|
sed -i '/matrix/d' $COMPLETION_FILE
|
570
|
466
|
}
|
571
|
467
|
|
572
|
|
-function install_identity_server {
|
573
|
|
- if [ ! -d /etc/sydent ]; then
|
574
|
|
- function_check git_clone
|
575
|
|
- git_clone $SYDENT_REPO /etc/sydent
|
576
|
|
- if [ ! -d /etc/sydent ]; then
|
577
|
|
- echo $'Unable to clone sydent repo'
|
578
|
|
- exit 936525
|
579
|
|
- fi
|
580
|
|
- fi
|
581
|
|
-
|
582
|
|
- cd /etc/sydent
|
583
|
|
- git checkout $SYDENT_COMMIT -b $SYDENT_COMMIT
|
584
|
|
- set_completion_param "sydent commit" "$SYDENT_COMMIT"
|
585
|
|
- if [ ! -d $INSTALL_DIR/sydent ]; then
|
586
|
|
- mkdir -p $INSTALL_DIR/sydent
|
587
|
|
- fi
|
588
|
|
- if [ -d $INSTALL_DIR/sydent ]; then
|
589
|
|
- rm -rf $INSTALL_DIR/sydent/*
|
590
|
|
- fi
|
591
|
|
- sed -i "s|8090|${MATRIX_ID_PORT}|g" /etc/sydent/sydent/sydent.py
|
592
|
|
- python setup.py install
|
593
|
|
- pip install --upgrade --process-dependency-links . -b $INSTALL_DIR/sydent
|
594
|
|
- if [ ! "$?" = "0" ]; then
|
595
|
|
- echo $'Failed to install matrix identity server'
|
596
|
|
- exit 798362
|
597
|
|
- fi
|
598
|
|
-
|
599
|
|
- #function_check matrix_generate_identityserver_file
|
600
|
|
- #matrix_generate_identityserver_file /etc/sydent/sydent.conf
|
601
|
|
-
|
602
|
|
- #if [ ! -f /etc/sydent/sydent.conf ]; then
|
603
|
|
- # echo $'Matrix identity server configuration not generated'
|
604
|
|
- # exit 72528
|
605
|
|
- #fi
|
606
|
|
-
|
607
|
|
- #function_check matrix_configure_identityserver
|
608
|
|
- #matrix_configure_identityserver
|
609
|
|
-
|
610
|
|
- chmod -R 700 /etc/sydent/sydent.conf
|
611
|
|
- chown -R matrix:matrix /etc/sydent
|
612
|
|
-
|
613
|
|
- echo '[Unit]' > /etc/systemd/system/sydent.service
|
614
|
|
- echo 'Description=Sydent Matrix identity server' >> /etc/systemd/system/sydent.service
|
615
|
|
- echo 'After=network.target nginx.target' >> /etc/systemd/system/sydent.service
|
616
|
|
- echo '' >> /etc/systemd/system/sydent.service
|
617
|
|
- echo '[Service]' >> /etc/systemd/system/sydent.service
|
618
|
|
- echo 'Type=simple' >> /etc/systemd/system/sydent.service
|
619
|
|
- echo 'User=matrix' >> /etc/systemd/system/sydent.service
|
620
|
|
- echo "WorkingDirectory=/etc/sydent" >> /etc/systemd/system/sydent.service
|
621
|
|
- echo "ExecStart=/usr/bin/python -m sydent.sydent --config-path /etc/sydent/sydent.conf --report-stats ${REPORT_STATS} --server-name ${MATRIX_DOMAIN_NAME}" >> /etc/systemd/system/sydent.service
|
622
|
|
- echo 'Restart=always' >> /etc/systemd/system/sydent.service
|
623
|
|
- echo 'RestartSec=10' >> /etc/systemd/system/sydent.service
|
624
|
|
- echo '' >> /etc/systemd/system/sydent.service
|
625
|
|
- echo '[Install]' >> /etc/systemd/system/sydent.service
|
626
|
|
- echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sydent.service
|
627
|
|
- systemctl enable sydent
|
628
|
|
- systemctl daemon-reload
|
629
|
|
- systemctl start sydent
|
630
|
|
-
|
631
|
|
- sleep 5
|
632
|
|
-
|
633
|
|
- if [ ! -f /etc/sydent/sydent.conf ]; then
|
634
|
|
- echo $'Matrix identity server config was not generated'
|
635
|
|
- exit 82352
|
636
|
|
- fi
|
637
|
|
-
|
638
|
|
- if [ ! -f /etc/sydent/sydent.db ]; then
|
639
|
|
- echo $'No matrix identity server database was created'
|
640
|
|
- exit 7354383
|
641
|
|
- fi
|
642
|
|
- chmod -R 700 /etc/sydent/sydent.db
|
643
|
|
-}
|
644
|
|
-
|
645
|
468
|
function install_home_server {
|
646
|
469
|
if [ ! -d /etc/matrix ]; then
|
647
|
470
|
function_check git_clone
|
|
@@ -781,9 +604,6 @@ function install_matrix {
|
781
|
604
|
function_check install_home_server
|
782
|
605
|
install_home_server
|
783
|
606
|
|
784
|
|
- #function_check install_identity_server
|
785
|
|
- #install_identity_server
|
786
|
|
-
|
787
|
607
|
function_check update_default_domain
|
788
|
608
|
update_default_domain
|
789
|
609
|
|