Separate turn server

src/freedombone-app-gnusocial

@@ -40,7 +40,7 @@ GNUSOCIAL_REPO="https://git.gnu.io/gnu/gnu-social.git"
 GNUSOCIAL_COMMIT='7d67eefdf501f492e29f59971ac288e0414dc5b0'
 GNUSOCIAL_ADMIN_PASSWORD=
 GNUSOCIAL_THEME_REPO="https://git.gnu.io/h2p/Qvitter.git"
-GNUSOCIAL_THEME_COMMIT='474376938b0e55c2e3d0c06d308a44a48d98ba88'
+GNUSOCIAL_THEME_COMMIT='a7f82628402db3a7579bb9b2877da3c5737da77b'
 GNUSOCIAL_WELCOME_MESSAGE=$'<h1>Welcome to GNU Social – a federated social metwork</h1><p>Another Freedombone site</p>'
 GNUSOCIAL_BACKGROUND_IMAGE_URL=
 GNUSOCIAL_MARKDOWN_REPO="https://git.gnu.io/chimo/markdown.git"

src/freedombone-app-matrix

@@ -36,7 +36,6 @@ IN_DEFAULT_INSTALL=0
 SHOW_ON_ABOUT=1
 
 MATRIX_DATA_DIR='/var/lib/matrix'
-MATRIX_TURN_PORT=3478
 MATRIX_PORT=8448
 MATRIX_REPO="https://github.com/matrix-org/synapse"
 MATRIX_COMMIT='f5a4001bb116c468cc5e8e0ae04a1c570e2cb171'
@@ -46,18 +45,6 @@ matrix_variables=(ONION_ONLY
                   MATRIX_PASSWORD
                   DEFAULT_DOMAIN_NAME)
 
-function matrix_generate_turn_key {
-    local turnkey="${1}"
-    local filepath="${2}"
-
-    echo "lt-cred-mech" > "${filepath}"
-    echo "use-auth-secret" >> "${filepath}"
-    echo "static-auth-secret=${turnkey}" >> "${filepath}"
-    echo "realm=turn.${DEFAULT_DOMAIN_NAME}" >> "${filepath}"
-    echo "cert=${MATRIX_DATA_DIR}/${DEFAULT_DOMAIN_NAME}.tls.crt" >> "${filepath}"
-    echo "pkey=${MATRIX_DATA_DIR}/${DEFAULT_DOMAIN_NAME}.tls.key" >> "${filepath}"
-}
-
 function matrix_generate_synapse_file {
     local filepath="${1}"
 
@@ -75,7 +62,7 @@ function matrix_configure_homeserver_yaml {
 
     local ymltemp="$(mktemp)"
 
-    awk -v TURNURIES="turn_uris: [\"turn:${DEFAULT_DOMAIN_NAME}:${MATRIX_TURN_PORT}?transport=udp\", \"turn:${DEFAULT_DOMAIN_NAME}:${MATRIX_TURN_PORT}?transport=tcp\"]" \
+    awk -v TURNURIES="turn_uris: [\"turn:${DEFAULT_DOMAIN_NAME}:${TURN_PORT}?transport=udp\", \"turn:${DEFAULT_DOMAIN_NAME}:${TURN_PORT}?transport=tcp\"]" \
         -v TURNSHAREDSECRET="turn_shared_secret: \"${turnkey}\"" \
         -v PIDFILE="pid_file: ${MATRIX_DATA_DIR}/homeserver.pid" \
         -v DATABASE="database: \"${MATRIX_DATA_DIR}/homeserver.db\"" \
@@ -94,42 +81,15 @@ function matrix_configure_homeserver_yaml {
     mv ${ymltemp} "${filepath}"
 }
 
-function matrix_start {
-    if [ -f ${MATRIX_DATA_DIR}/turnserver.conf ]; then
-        echo "-=> start turn"
-        /usr/bin/turnserver --daemon -c ${MATRIX_DATA_DIR}/turnserver.conf
-    fi
-
-    echo "-=> start riot.im client"
-    (
-        if [ -f ${MATRIX_DATA_DIR}/vector.im.conf ] || [ -f ${MATRIX_DATA_DIR}/riot.im.conf ] ; then
-            echo "The riot web client is now handled via silvio/matrix-riot-docker"
-        fi
-    )
-
-    echo "-=> start matrix"
-    python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml
-}
-
-function matrix_stop {
-    echo "-=> stop matrix"
-    echo "-=> via docker stop ..."
-}
-
-
 function matrix_diff {
-    echo "-=> Diff between local configfile and a fresh generated config file"
-    echo "-=>      some values are different in technical point of view, like"
-    echo "-=>      autogenerated secret keys etc..."
-
     DIFFPARAMS="${DIFFPARAMS:-Naur}"
     DEFAULT_DOMAIN_NAME="${DEFAULT_DOMAIN_NAME:-demo_server_name}"
     REPORT_STATS="${REPORT_STATS:-no_or_yes}"
     export DEFAULT_DOMAIN_NAME REPORT_STATS
 
-    matrix_generate_synapse_file /tmp/homeserver.synapse.yaml
-    diff -${DIFFPARAMS} /tmp/homeserver.synapse.yaml ${MATRIX_DATA_DIR}/homeserver.yaml
-    rm /tmp/homeserver.synapse.yaml
+    matrix_generate_synapse_file $INSTALL_DIR/homeserver.synapse.yaml
+    diff -${DIFFPARAMS} $INSTALL_DIR/homeserver.synapse.yaml ${MATRIX_DATA_DIR}/homeserver.yaml
+    rm $INSTALL_DIR/homeserver.synapse.yaml
 }
 
 function matrix_generate {
@@ -141,14 +101,7 @@ function matrix_generate {
     [[ "${REPORT_STATS}" != "yes" ]] && [[ "${REPORT_STATS}" != "no" ]] && \
         echo "STOP! REPORT_STATS needs to be 'no' or 'yes'" && breakup="1"
 
-    echo "-=> generate turn config"
-    turnkey=$(pwgen -s 64 1)
-    matrix_generate_turn_key $turnkey ${MATRIX_DATA_DIR}/turnserver.conf
-
-    echo "-=> generate synapse config"
     matrix_generate_synapse_file ${MATRIX_DATA_DIR}/homeserver.tmp
-
-    echo "-=> configure some settings in homeserver.yaml"
     matrix_configure_homeserver_yaml $turnkey ${MATRIX_DATA_DIR}/homeserver.tmp
 
     mv ${MATRIX_DATA_DIR}/homeserver.tmp ${MATRIX_DATA_DIR}/homeserver.yaml
@@ -286,9 +239,12 @@ function restore_remote_synapse {
 
 function remove_matrix {
     firewall_remove ${MATRIX_PORT}
-    firewall_remove ${MATRIX_TURN_PORT}
     systemctl stop matrix
-    systemcrl disable matrix
+
+    function_check remove_turn
+    remove_turn
+
+    systemctl disable matrix
     if [ -f /etc/systemd/system/matrix.service ]; then
         rm /etc/systemd/system/matrix.service
     fi
@@ -306,17 +262,19 @@ function remove_matrix {
 }
 
 function install_matrix {
+    if [ ! -d $INSTALL_DIR ]; then
+        mkdir -p $INSTALL_DIR
+    fi
+
     if [[ ${ONION_ONLY} == 'no' ]]; then
-        # obtain a cert for the default domain
-        if [[ "$(cert_exists ${DEFAULT_DOMAIN_NAME} pem)" == "0" ]]; then
+        if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
             echo $'Obtaining certificate for the main domain'
             create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
         fi
     fi
 
-    REBUILD=1
     export DEBIAN_FRONTEND=noninteractive
-    apt-get -yq install coreutils coturn \
+    apt-get -yq install coreutils \
             curl file gcc git libevent-2.0-5 \
             libevent-dev libffi-dev libffi6 \
             libgnutls28-dev libjpeg62-turbo \
@@ -325,7 +283,7 @@ function install_matrix {
             libsqlite3-dev libssl-dev \
             libssl1.0.0 libtool libxml2 \
             libxml2-dev libxslt1-dev libxslt1.1 \
-            make pwgen python python-dev \
+            make python python-dev \
             python-pip python-psycopg2 \
             python-virtualenv sqlite unzip \
             zlib1g zlib1g-dev
@@ -357,6 +315,12 @@ function install_matrix {
     chown -R matrix:matrix /etc/matrix
     chown -R matrix:matrix /var/lib/matrix
 
+    function_check install_turn
+    install_turn
+
+    function_check matrix_generate
+    matrix_generate
+
     echo '[Unit]' > /etc/systemd/system/matrix.service
     echo 'Description=Matrix federated messaging' >> /etc/systemd/system/matrix.service
     echo '' >> /etc/systemd/system/matrix.service
@@ -364,7 +328,6 @@ function install_matrix {
     echo 'Type=simple' >> /etc/systemd/system/matrix.service
     echo 'User=matrix' >> /etc/systemd/system/matrix.service
     echo "WorkingDirectory=/etc/matrix" >> /etc/systemd/system/matrix.service
-    echo "ExecStart=/usr/bin/turnserver --daemon -c ${MATRIX_DATA_DIR}/turnserver.conf" >> /etc/systemd/system/matrix.service
     echo "ExecStart=/usr/bin/python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml" >> /etc/systemd/system/matrix.service
     echo 'Restart=always' >> /etc/systemd/system/matrix.service
     echo 'RestartSec=10' >> /etc/systemd/system/matrix.service
@@ -378,7 +341,6 @@ function install_matrix {
     update_default_domain
 
     firewall_add matrix ${MATRIX_PORT}
-    firewall_add matrix-turn ${MATRIX_TURN_PORT}
 
     MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_PORT})
     if [ ! ${MATRIX_PASSWORD} ]; then

src/freedombone-utils-turn

@@ -0,0 +1,111 @@
+#!/bin/bash
+#
+# .---.                  .              .
+# |                      |              |
+# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
+# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
+# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
+#
+#                    Freedom in the Cloud
+#
+# TURN server functions
+#
+# License
+# =======
+#
+# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+TURN_PORT=3478
+
+function generate_turn_key {
+    local turnkey="${1}"
+    local filepath="${2}"
+
+    echo "lt-cred-mech" > "${filepath}"
+    echo "use-auth-secret" >> "${filepath}"
+    echo "static-auth-secret=${turnkey}" >> "${filepath}"
+    echo "realm=turn.${DEFAULT_DOMAIN_NAME}" >> "${filepath}"
+    if [ -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
+        echo "cert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem" >> "${filepath}"
+    else
+        echo "cert=/etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.crt" >> "${filepath}"
+    fi
+    echo "pkey=/etc/ssl/private/${DEFAULT_DOMAIN_NAME}.key" >> "${filepath}"
+}
+
+function remove_turn {
+    firewall_remove ${TURN_PORT}
+}
+
+function remove_turn {
+    firewall_remove ${TURN_PORT}
+    systemctl stop turn
+    systemctl disable turn
+    if [ -f /etc/systemd/system/turn.service ]; then
+        rm /etc/systemd/system/turn.service
+    fi
+    apt-get -y remove coturn
+    rm -rf /var/lib/turn
+}
+
+function install_turn {
+    export DEBIAN_FRONTEND=noninteractive
+    apt-get -yq install coreutils coturn \
+            curl file gcc git libevent-2.0-5 \
+            libevent-dev libffi-dev libffi6 \
+            libgnutls28-dev libjpeg62-turbo \
+            libjpeg62-turbo-dev libldap-2.4-2 \
+            libldap2-dev libsasl2-dev \
+            libsqlite3-dev libssl-dev \
+            libssl1.0.0 libtool libxml2 \
+            libxml2-dev libxslt1-dev libxslt1.1 \
+            make python python-dev \
+            python-pip python-psycopg2 \
+            python-virtualenv sqlite unzip \
+            zlib1g zlib1g-dev
+
+    pip install --upgrade pip
+    pip install --upgrade python-ldap
+    pip install --upgrade lxml
+
+    if [ ! -d /var/lib/turn ]; then
+        mkdir /var/lib/turn
+    fi
+
+    turnkey="$(create_password 30)"
+    generate_turn_key $turnkey /var/lib/turn/turnserver.conf
+
+    chown -R matrix:matrix /var/lib/turn
+
+    echo '' >> /etc/systemd/system/turn.service
+    echo '[Service]' >> /etc/systemd/system/turn.service
+    echo 'Type=simple' >> /etc/systemd/system/turn.service
+    echo 'User=matrix' >> /etc/systemd/system/turn.service
+    echo "WorkingDirectory=/var/lib/turn" >> /etc/systemd/system/turn.service
+    echo "ExecStart=/usr/bin/turnserver -c /var/lib/turn/turnserver.conf" >> /etc/systemd/system/turn.service
+    echo 'Restart=always' >> /etc/systemd/system/turn.service
+    echo 'RestartSec=10' >> /etc/systemd/system/turn.service
+    echo '' >> /etc/systemd/system/turn.service
+    echo '[Install]' >> /etc/systemd/system/turn.service
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/turn.service
+    systemctl enable turn
+    systemctl daemon-reload
+    systemctl start turn
+
+    firewall_add turn ${TURN_PORT}
+}
+
+# NOTE: deliberately no exit 0