freedombone/src/freedombone-app-matrix

#!/bin/bash
#
# .---.                  .              .
# |                      |              |
# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
#
#                    Freedom in the Cloud
#
# matrix server
#
# https://raw.githubusercontent.com/silvio/docker-matrix
#
# License
# =======
#
# Copyright (C) 2016 Bob Mottram <bob@freedombone.net>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

VARIANTS='full full-vim chat'

IN_DEFAULT_INSTALL=0
SHOW_ON_ABOUT=1

MATRIX_DATA_DIR='/var/lib/matrix'
MATRIX_HTTP_PORT=8558
MATRIX_ID_HTTP_PORT=8557
MATRIX_PORT=8448
MATRIX_ID_PORT=8081
MATRIX_ONION_PORT=8109
MATRIX_ID_ONION_PORT=8111
MATRIX_REPO="https://github.com/matrix-org/synapse"
MATRIX_COMMIT='f5a4001bb116c468cc5e8e0ae04a1c570e2cb171'
SYDENT_REPO="https://github.com/matrix-org/sydent"
SYDENT_COMMIT='99edbd4c80c42b76e26f696054fcbbceecb25d5f'
REPORT_STATS="no"
MATRIX_SECRET=

matrix_variables=(ONION_ONLY
                  MY_USERNAME
                  MATRIX_SECRET
                  DEFAULT_DOMAIN_NAME)

function matrix_nginx {
    create_default_web_site

    # append the matrix server to the web site config
    matrix_nginx_site=/etc/nginx/sites-available/$DEFAULT_DOMAIN_NAME
    if ! grep -q "# End of Matrix Server" $matrix_nginx_site; then
        if [[ $ONION_ONLY == "no" ]]; then
            echo '# Matrix Server' >> $matrix_nginx_site
            echo 'server {' >> $matrix_nginx_site
            echo "  listen ${MATRIX_HTTP_PORT} ssl;" >> $matrix_nginx_site
            echo "  listen [::]:${MATRIX_HTTP_PORT} ssl;" >> $matrix_nginx_site
            echo "  server_name ${DEFAULT_DOMAIN_NAME};" >> $matrix_nginx_site
            echo '' >> $matrix_nginx_site
            echo '  # Security' >> $matrix_nginx_site
            function_check nginx_ssl
            nginx_ssl ${DEFAULT_DOMAIN_NAME}

            function_check nginx_disable_sniffing
            nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME}

            echo '  add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site
            echo '' >> $matrix_nginx_site
            echo '  # Logs' >> $matrix_nginx_site
            echo '  access_log /dev/null;' >> $matrix_nginx_site
            echo '  error_log /dev/null;' >> $matrix_nginx_site
            echo '' >> $matrix_nginx_site
            echo '  # Index' >> $matrix_nginx_site
            echo '  index index.html;' >> $matrix_nginx_site
            echo '' >> $matrix_nginx_site
            echo '  # Location' >> $matrix_nginx_site
            echo '  location / {' >> $matrix_nginx_site
            function_check nginx_limits
            nginx_limits ${DEFAULT_DOMAIN_NAME} '15m'
            echo "      proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
            echo '      proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site
            echo '  }' >> $matrix_nginx_site
            echo '}' >> $matrix_nginx_site
            echo '' >> $matrix_nginx_site
            echo 'server {' >> $matrix_nginx_site
            echo "  listen ${MATRIX_ID_HTTP_PORT} ssl;" >> $matrix_nginx_site
            echo "  listen [::]:${MATRIX_ID_HTTP_PORT} ssl;" >> $matrix_nginx_site
            echo "  server_name ${DEFAULT_DOMAIN_NAME};" >> $matrix_nginx_site
            echo '' >> $matrix_nginx_site
            echo '  # Security' >> $matrix_nginx_site
            function_check nginx_ssl
            nginx_ssl ${DEFAULT_DOMAIN_NAME}

            function_check nginx_disable_sniffing
            nginx_disable_sniffing ${DEFAULT_DOMAIN_NAME}

            echo '  add_header Strict-Transport-Security max-age=15768000;' >> $matrix_nginx_site
            echo '' >> $matrix_nginx_site
            echo '  # Logs' >> $matrix_nginx_site
            echo '  access_log /dev/null;' >> $matrix_nginx_site
            echo '  error_log /dev/null;' >> $matrix_nginx_site
            echo '' >> $matrix_nginx_site
            echo '  # Index' >> $matrix_nginx_site
            echo '  index index.html;' >> $matrix_nginx_site
            echo '' >> $matrix_nginx_site
            echo '  # Location' >> $matrix_nginx_site
            echo '  location / {' >> $matrix_nginx_site
            function_check nginx_limits
            nginx_limits ${DEFAULT_DOMAIN_NAME} '15m'
            echo "      proxy_pass http://localhost:${MATRIX_ID_PORT};" >> $matrix_nginx_site
            echo '      proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site
            echo '  }' >> $matrix_nginx_site
            echo '}' >> $matrix_nginx_site
            echo '' >> $matrix_nginx_site
        else
            echo '# Matrix Server' >> $matrix_nginx_site
        fi
        echo 'server {' >> $matrix_nginx_site
        echo "    listen 127.0.0.1:$MATRIX_ONION_PORT default_server;" >> $matrix_nginx_site
        echo "    server_name $DEFAULT_DOMAIN_NAME;" >> $matrix_nginx_site
        echo '' >> $matrix_nginx_site
        function_check nginx_disable_sniffing
        nginx_disable_sniffing $DEFAULT_DOMAIN_NAME
        echo '' >> $matrix_nginx_site
        echo '  # Logs' >> $matrix_nginx_site
        echo '  access_log /dev/null;' >> $matrix_nginx_site
        echo '  error_log /dev/null;' >> $matrix_nginx_site
        echo '' >> $matrix_nginx_site
        echo '  # Location' >> $matrix_nginx_site
        echo '  location / {' >> $matrix_nginx_site
        function_check nginx_limits
        nginx_limits $DEFAULT_DOMAIN_NAME '15m'
        echo "      proxy_pass http://localhost:${MATRIX_PORT};" >> $matrix_nginx_site
        echo '      proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site
        echo '  }' >> $matrix_nginx_site
        echo '}' >> $matrix_nginx_site
        echo '' >> $matrix_nginx_site
        echo 'server {' >> $matrix_nginx_site
        echo "    listen 127.0.0.1:$MATRIX_ID_ONION_PORT default_server;" >> $matrix_nginx_site
        echo "    server_name $DEFAULT_DOMAIN_NAME;" >> $matrix_nginx_site
        echo '' >> $matrix_nginx_site
        function_check nginx_disable_sniffing
        nginx_disable_sniffing $DEFAULT_DOMAIN_NAME
        echo '' >> $matrix_nginx_site
        echo '  # Logs' >> $matrix_nginx_site
        echo '  access_log /dev/null;' >> $matrix_nginx_site
        echo '  error_log /dev/null;' >> $matrix_nginx_site
        echo '' >> $matrix_nginx_site
        echo '  # Location' >> $matrix_nginx_site
        echo '  location / {' >> $matrix_nginx_site
        function_check nginx_limits
        nginx_limits $DEFAULT_DOMAIN_NAME '15m'
        echo "      proxy_pass http://localhost:${MATRIX_ID_PORT};" >> $matrix_nginx_site
        echo '      proxy_set_header X-Forwarded-For $remote_addr;' >> $matrix_nginx_site
        echo '  }' >> $matrix_nginx_site
        echo '}' >> $matrix_nginx_site
        echo '# End of Matrix Server' >> $matrix_nginx_site
    fi

    systemctl restart nginx
    systemctl restart turn
    systemctl restart matrix
    systemctl restart sydent

    # wait for nginx to start otherwise user add fails later
    sleep 5
}

function matrix_generate_homeserver_file {
    local filepath="${1}"

    cd /etc/matrix
    python -m synapse.app.homeserver \
           --config-path "${filepath}" \
           --generate-config \
           --report-stats ${REPORT_STATS} \
           --server-name ${DEFAULT_DOMAIN_NAME}
}

function matrix_generate_identityserver_file {
    local filepath="${1}"

    cd /etc/sydent
    python -m sydent.sydent \
           --config-path "${filepath}" \
           --generate-config \
           --report-stats ${REPORT_STATS} \
           --server-name ${DEFAULT_DOMAIN_NAME}
}

function matrix_configure_homeserver_yaml {
    local turnkey="${1}"
    local filepath="${2}"

    local ymltemp="$(mktemp)"

    awk -v TURNURIES="turn_uris: [\"turn:${DEFAULT_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=udp\", \"turn:${DEFAULT_DOMAIN_NAME}:${TURN_HTTP_PORT}?transport=tcp\"]" \
        -v TURNSHAREDSECRET="turn_shared_secret: \"${turnkey}\"" \
        -v PIDFILE="pid_file: ${MATRIX_DATA_DIR}/homeserver.pid" \
        -v DATABASE="database: \"${MATRIX_DATA_DIR}/homeserver.db\"" \
        -v LOGFILE="log_file: \"/dev/null\"" \
        -v MEDIASTORE="media_store_path: \"${MATRIX_DATA_DIR}/media_store\"" \
        '{
        sub(/turn_shared_secret: "YOUR_SHARED_SECRET"/, TURNSHAREDSECRET);
        sub(/turn_uris: \[\]/, TURNURIES);
        sub(/pid_file: \/homeserver.pid/, PIDFILE);
        sub(/database: "\/homeserver.db"/, DATABASE);
        sub(/log_file: "\/homeserver.log"/, LOGFILE);
        sub(/media_store_path: "\/media_store"/, MEDIASTORE);
        print;
        }' "${filepath}" > "${ymltemp}"

    mv ${ymltemp} "${filepath}"

    sed -i 's|no_tls: .*|no_tls: true|g' "${filepath}"
    sed -i 's| tls: .*| tls: false|g' "${filepath}"
    sed -i 's|enable_registration_captcha.*|enable_registration_captcha: False|g' "${filepath}"
    sed -i "s|database: \".*|database: \"${MATRIX_DATA_DIR}/homeserver.db\"|g" "${filepath}"
    sed -i "s|media_store_path:.*|media_store_path: \"${MATRIX_DATA_DIR}/media_store\"|g" "${filepath}"
    sed -i "s|pid_file:.*|pid_file: \"${MATRIX_DATA_DIR}/homeserver.pid\"|g" "${filepath}"
    sed -i "s|log_file:.*|log_file: \"/dev/null\"|g" "${filepath}"
    sed -i 's|bind_address:.*|bind_address: 127.0.0.1|g' "${filepath}"
    sed -i '0,/x_forwarded:.*/s//x_forwarded: true/' "${filepath}"
    sed -i "s|server_name:.*|server_name: \"${DEFAULT_DOMAIN_NAME}\"|g" "${filepath}"
    sed -i "/trusted_third_party_id_servers:/a     - ${DEFAULT_DOMAIN_NAME}" "${filepath}"
    sed -i "s|- ${DEFAULT_DOMAIN_NAME}|    - ${DEFAULT_DOMAIN_NAME}|g" "${filepath}"
    sed -i "s|enable_registration:.*|enable_registration: False|g" "${filepath}"
}

function matrix_configure_identityserver {
    local filepath=/etc/sydent/sydent.conf

    sed -i "s|http.port.*|http.port = $MATRIX_ID_PORT|g" ${filepath}
    sed -i "s|db.file.*|db.file = /etc/sydent/sydent.db|g" ${filepath}
    sed -i "s|Sydent Validation|Freedombone Matrix Account Validation|g" ${filepath}
    sed -i "s|pidfile.path.*|pidfile.path = /etc/sydent/sydent.pid|g" ${filepath}
    sed -i "s|log.path.*|log.path = /dev/null|g" ${filepath}
    sed -i "s|server.name.*|server.name = ${DEFAULT_DOMAIN_NAME}|g" ${filepath}
}

function matrix_diff {
    DIFFPARAMS="${DIFFPARAMS:-Naur}"
    DEFAULT_DOMAIN_NAME="${DEFAULT_DOMAIN_NAME:-demo_server_name}"
    REPORT_STATS="${REPORT_STATS:-no_or_yes}"
    export DEFAULT_DOMAIN_NAME REPORT_STATS

    matrix_generate_synapse_file $INSTALL_DIR/homeserver.synapse.yaml
    diff -${DIFFPARAMS} $INSTALL_DIR/homeserver.synapse.yaml ${MATRIX_DATA_DIR}/homeserver.yaml
    rm $INSTALL_DIR/homeserver.synapse.yaml
}

function matrix_generate {
    breakup="0"
    [[ -z "${DEFAULT_DOMAIN_NAME}" ]] && echo "STOP! environment variable DEFAULT_DOMAIN_NAME must be set" && breakup="1"
    [[ -z "${REPORT_STATS}" ]] && echo "STOP! environment variable REPORT_STATS must be set to 'no' or 'yes'" && breakup="1"
    [[ "${breakup}" == "1" ]] && exit 1

    [[ "${REPORT_STATS}" != "yes" ]] && [[ "${REPORT_STATS}" != "no" ]] && \
        echo "STOP! REPORT_STATS needs to be 'no' or 'yes'" && breakup="1"

    homeserver_config=${MATRIX_DATA_DIR}/homeserver.yaml
    if [ -f $homeserver_config ]; then
        rm $homeserver_config
    fi
    matrix_generate_homeserver_file $homeserver_config
    matrix_configure_homeserver_yaml "${turnkey}" $homeserver_config
}

function remove_user_matrix {
    remove_username="$1"

    ${PROJECT_NAME}-pass -u $remove_username --rmapp matrix

    # TODO: There is no user removal script within synapse
}

function add_user_matrix {
    new_username="$1"
    new_user_password="$2"

    ${PROJECT_NAME}-pass -u $new_username -a matrix -p "$new_user_password"

    retval=$(register_new_matrix_user -c ${MATRIX_DATA_DIR}/homeserver.yaml -u "${new_username}" -p "${new_user_password}" -a)
    echo "0"
}

function install_interactive_matrix {
    APP_INSTALLED=1
}

function change_password_matrix {
    curr_username="$1"
    new_user_password="$2"

    #${PROJECT_NAME}-pass -u "$curr_username" -a matrix -p "$new_user_password"
}

function reconfigure_matrix {
    echo -n ''
}

function upgrade_matrix {
    systemctl stop turn
    systemctl stop matrix
    systemctl stop sydent

    function_check set_repo_commit
    set_repo_commit /etc/matrix "matrix commit" "$MATRIX_COMMIT" $MATRIX_REPO
    cd /etc/matrix
    pip install --upgrade --process-dependency-links .

    set_repo_commit /etc/sydent "sydent commit" "$SYDENT_COMMIT" $SYDENT_REPO
    cd /etc/sydent
    pip install --upgrade --process-dependency-links .

    sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user

    chown -R matrix:matrix /etc/matrix
    chown -R matrix:matrix /etc/sydent
    chown -R matrix:matrix $MATRIX_DATA_DIR

    systemctl start turn
    systemctl start matrix
    systemctl start sydent
}

function backup_local_matrix {
    source_directory=/etc/matrix
    if [ -d $source_directory ]; then
        systemctl stop turn
        systemctl stop matrix
        systemctl stop sydent

        function_check backup_directory_to_usb
        backup_directory_to_usb $source_directory matrix
        source_directory=$MATRIX_DATA_DIR
        if [ -d $source_directory ]; then
            backup_directory_to_usb $source_directory matrixdata
        fi
        source_directory=/etc/sydent
        if [ -d $source_directory ]; then
            backup_directory_to_usb $source_directory matrixid
        fi

        systemctl start turn
        systemctl start matrix
        systemctl start sydent
    fi
}

function restore_local_matrix {
    if [ -d /etc/matrix ]; then
        systemctl stop turn
        systemctl stop matrix
        systemctl stop sydent

        temp_restore_dir=/root/tempmatrix
        function_check restore_directory_from_usb
        restore_directory_from_usb $temp_restore_dir matrix
        cp -r $temp_restore_dir/etc/matrix/* /etc/matrix
        if [ ! "$?" = "0" ]; then
            function_check backup_unmount_drive
            backup_unmount_drive
            exit 3783
        fi
        rm -rf $temp_restore_dir
        chown -R matrix:matrix /etc/matrix

        temp_restore_dir=/root/tempmatrixdata
        restore_directory_from_usb $temp_restore_dir matrixdata
        cp -r $temp_restore_dir$MATRIX_DATA_DIR/* $MATRIX_DATA_DIR
        if [ ! "$?" = "0" ]; then
            function_check backup_unmount_drive
            backup_unmount_drive
            exit 78352
        fi
        rm -rf $temp_restore_dir
        chown -R matrix:matrix $MATRIX_DATA_DIR

        temp_restore_dir=/root/tempmatrixid
        restore_directory_from_usb $temp_restore_dir matrixid
        cp -r $temp_restore_dir/etc/sydent/* /etc/sydent
        if [ ! "$?" = "0" ]; then
            function_check backup_unmount_drive
            backup_unmount_drive
            exit 29562
        fi
        rm -rf $temp_restore_dir
        chown -R matrix:matrix /etc/sydent

        systemctl start turn
        systemctl start matrix
        systemctl start sydent
    fi
}

function backup_remote_matrix {
    source_directory=/etc/matrix
    if [ -d $source_directory ]; then
        systemctl stop turn
        systemctl stop matrix
        systemctl stop sydent

        function_check backup_directory_to_friend
        backup_directory_to_friend $source_directory matrix
        source_directory=$MATRIX_DATA_DIR
        if [ -d $source_directory ]; then
            backup_directory_to_friend $source_directory matrixdata
        fi
        source_directory=/etc/sydent
        if [ -d $source_directory ]; then
            backup_directory_to_friend $source_directory matrixid
        fi

        systemctl start turn
        systemctl start matrix
        systemctl start sydent
    fi
}

function restore_remote_matrix {
    if [ -d /etc/matrix ]; then
        systemctl stop turn
        systemctl stop matrix
        systemctl stop sydent

        temp_restore_dir=/root/tempmatrix
        function_check restore_directory_from_friend
        restore_directory_from_friend $temp_restore_dir matrix
        cp -r $temp_restore_dir/etc/matrix/* /etc/matrix
        if [ ! "$?" = "0" ]; then
            exit 38935
        fi
        rm -rf $temp_restore_dir
        chown -R matrix:matrix /etc/matrix

        temp_restore_dir=/root/tempmatrixdata
        restore_directory_from_friend $temp_restore_dir matrixdata
        cp -r $temp_restore_dir$MATRIX_DATA_DIR/* $MATRIX_DATA_DIR
        if [ ! "$?" = "0" ]; then
            exit 60923
        fi
        rm -rf $temp_restore_dir
        chown -R matrix:matrix $MATRIX_DATA_DIR

        temp_restore_dir=/root/tempmatrixid
        restore_directory_from_friend $temp_restore_dir matrixid
        cp -r $temp_restore_dir/etc/sydent/* /etc/sydent
        if [ ! "$?" = "0" ]; then
            exit 738356
        fi
        rm -rf $temp_restore_dir
        chown -R matrix:matrix /etc/sydent

        systemctl start turn
        systemctl start matrix
        systemctl start sydent
    fi
}

function remove_matrix {
    firewall_remove ${MATRIX_HTTP_PORT}

    systemctl stop matrix
    systemctl stop sydent

    function_check remove_turn
    remove_turn

    systemctl disable matrix
    systemctl disable sydent
    if [ -f /etc/systemd/system/matrix.service ]; then
        rm /etc/systemd/system/matrix.service
    fi
    if [ -f /etc/systemd/system/sydent.service ]; then
        rm /etc/systemd/system/sydent.service
    fi
    apt-get -y remove --purge coturn
    cd /etc/matrix
    pip uninstall .
    cd /etc/sydent
    pip uninstall .
    rm -rf $MATRIX_DATA_DIR
    rm -rf /etc/matrix
    rm -rf /etc/sydent
    deluser matrix
    delgroup matrix
    remove_onion_service matrix ${MATRIX_ONION_PORT}
    remove_onion_service matrix ${MATRIX_ID_ONION_PORT}

    sed -i "/# Matrix Server/,/# End of Matrix Server/d" /etc/nginx/sites-available/${DEFAULT_DOMAIN_NAME}
    systemctl restart nginx

    remove_completion_param install_matrix
    sed -i '/matrix/d' $COMPLETION_FILE
}

function install_identity_server {
    if [ ! -d /etc/sydent ]; then
        function_check git_clone
        git_clone $SYDENT_REPO /etc/sydent
        if [ ! -d /etc/sydent ]; then
            echo $'Unable to clone sydent repo'
            exit 936525
        fi
    fi

    cd /etc/sydent
    git checkout $SYDENT_COMMIT -b $SYDENT_COMMIT
    set_completion_param "sydent commit" "$SYDENT_COMMIT"
    if [ ! -d $INSTALL_DIR/sydent ]; then
        mkdir -p $INSTALL_DIR/sydent
    fi
    pip install --upgrade --process-dependency-links . -b $INSTALL_DIR/sydent
    if [ ! "$?" = "0" ]; then
        echo $'Failed to install matrix identity server'
        exit 798362
    fi

    function_check matrix_generate_identityserver_file
    matrix_generate_identityserver_file /etc/sydent/sydent.conf

    if [ ! -f /etc/sydent/sydent.conf ]; then
        echo $'Matrix identity server configuration not generated'
        exit 72528
    fi

    function_check matrix_configure_identityserver
    matrix_configure_identityserver

    if [ ! -f /etc/sydent/sydent.conf ]; then
        echo $'Matrix identity server config was not generated'
        exit 82352
    fi

    chmod -R 700 /etc/sydent/sydent.conf
    chown -R matrix:matrix /etc/sydent

    echo '[Unit]' > /etc/systemd/system/sydent.service
    echo 'Description=Sydent Matrix identity server' >> /etc/systemd/system/sydent.service
    echo 'After=network.target nginx.target' >> /etc/systemd/system/sydent.service
    echo '' >> /etc/systemd/system/sydent.service
    echo '[Service]' >> /etc/systemd/system/sydent.service
    echo 'Type=simple' >> /etc/systemd/system/sydent.service
    echo 'User=matrix' >> /etc/systemd/system/sydent.service
    echo "WorkingDirectory=/etc/sydent" >> /etc/systemd/system/sydent.service
    echo "ExecStart=/usr/bin/python -m sydent.sydent --config-path /etc/sydent/sydent.conf" >> /etc/systemd/system/sydent.service
    echo 'Restart=always' >> /etc/systemd/system/sydent.service
    echo 'RestartSec=10' >> /etc/systemd/system/sydent.service
    echo '' >> /etc/systemd/system/sydent.service
    echo '[Install]' >> /etc/systemd/system/sydent.service
    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/sydent.service
    systemctl enable sydent
    systemctl daemon-reload
    systemctl start sydent

    if [ ! -f /etc/sydent/sydent.db ]; then
        echo $'No matrix identity server database was created'
        exit 7354383
    fi
    chmod -R 700 /etc/sydent/sydent.db
}

function install_home_server {
    if [ ! -d /etc/matrix ]; then
        function_check git_clone
        git_clone $MATRIX_REPO /etc/matrix
        if [ ! -d /etc/matrix ]; then
            echo $'Unable to clone matrix repo'
            exit 6724683
        fi
    fi

    cd /etc/matrix
    git checkout $MATRIX_COMMIT -b $MATRIX_COMMIT
    set_completion_param "matrix commit" "$MATRIX_COMMIT"
    if [ ! -d $INSTALL_DIR/matrix ]; then
        mkdir -p $INSTALL_DIR/matrix
    fi
    pip install --upgrade --process-dependency-links . -b $INSTALL_DIR/matrix
    if [ ! "$?" = "0" ]; then
        echo $'Failed to install matrix home server'
        exit 782542
    fi

    if [ ! -d $MATRIX_DATA_DIR ]; then
        mkdir $MATRIX_DATA_DIR
    fi

    groupadd matrix
    useradd -c "Matrix system account" -d $MATRIX_DATA_DIR -m -r -g matrix matrix

    function_check install_turn
    install_turn
    MATRIX_SECRET="${turnkey}"

    function_check matrix_generate
    matrix_generate

    if [[ -z ${MATRIX_DATA_DIR}/homeserver.yaml ]]; then
        echo $'homeserver.yaml is zero size'
        exit 783724
    fi

    chmod -R 700 $MATRIX_DATA_DIR/homeserver.yaml
    chown -R matrix:matrix /etc/matrix
    chown -R matrix:matrix $MATRIX_DATA_DIR

    sed -i 's/ssl.PROTOCOL_SSLv23/ssl.PROTOCOL_TLSv1/g' /usr/local/bin/register_new_matrix_user

    echo '[Unit]' > /etc/systemd/system/matrix.service
    echo 'Description=Synapse Matrix homeserver' >> /etc/systemd/system/matrix.service
    echo 'After=network.target nginx.target' >> /etc/systemd/system/matrix.service
    echo '' >> /etc/systemd/system/matrix.service
    echo '[Service]' >> /etc/systemd/system/matrix.service
    echo 'Type=simple' >> /etc/systemd/system/matrix.service
    echo 'User=matrix' >> /etc/systemd/system/matrix.service
    echo "WorkingDirectory=/etc/matrix" >> /etc/systemd/system/matrix.service
    echo "ExecStart=/usr/bin/python -m synapse.app.homeserver --config-path ${MATRIX_DATA_DIR}/homeserver.yaml" >> /etc/systemd/system/matrix.service
    echo 'Restart=always' >> /etc/systemd/system/matrix.service
    echo 'RestartSec=10' >> /etc/systemd/system/matrix.service
    echo '' >> /etc/systemd/system/matrix.service
    echo '[Install]' >> /etc/systemd/system/matrix.service
    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/matrix.service
    systemctl enable matrix
    systemctl daemon-reload
    systemctl start matrix

    if [ ! -f $MATRIX_DATA_DIR/homeserver.db ]; then
        echo $'No matrix home server database was created'
    fi
    chmod -R 700 $MATRIX_DATA_DIR/homeserver.db

    MATRIX_ONION_HOSTNAME=$(add_onion_service matrix ${MATRIX_PORT} ${MATRIX_ONION_PORT})
    MATRIX_ID_ONION_HOSTNAME=$(add_onion_service matrixid ${MATRIX_ID_PORT} ${MATRIX_ID_ONION_PORT})
    if [ ! ${MATRIX_PASSWORD} ]; then
        if [ -f ${IMAGE_PASSWORD_FILE} ]; then
            MATRIX_PASSWORD="$(printf `cat $IMAGE_PASSWORD_FILE`)"
        else
            MATRIX_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
        fi
    fi

    firewall_add matrix ${MATRIX_HTTP_PORT}

    rm -rf ${MATRIX_DATA_DIR}/Maildir
    rm -rf ${MATRIX_DATA_DIR}/.mutt
    rm -f ${MATRIX_DATA_DIR}/.muttrc
    rm -f ${MATRIX_DATA_DIR}/.mutt-alias
    rm -f ${MATRIX_DATA_DIR}/.procmailrc
    rm -f ${MATRIX_DATA_DIR}/.emacs-mutt
}

function install_matrix {
    if [ ! -d $INSTALL_DIR ]; then
        mkdir -p $INSTALL_DIR
    fi

    if [[ ${ONION_ONLY} == 'no' ]]; then
        if [ ! -f /etc/ssl/certs/${DEFAULT_DOMAIN_NAME}.pem ]; then
            echo $'Obtaining certificate for the main domain'
            create_site_certificate ${DEFAULT_DOMAIN_NAME} 'yes'
        fi
    fi

    export DEBIAN_FRONTEND=noninteractive
    apt-get -yq install coreutils \
            curl file gcc git libevent-2.0-5 \
            libevent-dev libffi-dev libffi6 \
            libgnutls28-dev libjpeg62-turbo \
            libjpeg62-turbo-dev libldap-2.4-2 \
            libldap2-dev libsasl2-dev \
            libsqlite3-dev libssl-dev \
            libssl1.0.0 libtool libxml2 \
            libxml2-dev libxslt1-dev libxslt1.1 \
            make python python-dev \
            python-pip python-psycopg2 \
            python-virtualenv sqlite unzip \
            zlib1g zlib1g-dev

    pip install --upgrade pip
    pip install --upgrade python-ldap
    pip install --upgrade lxml

    function_check install_home_server
    install_home_server

    function_check install_identity_server
    install_identity_server

    function_check update_default_domain
    update_default_domain

    pip install --upgrade --force "pynacl==0.3.0"

    function_check matrix_nginx
    matrix_nginx

    if [[ $(add_user_matrix "${MY_USERNAME}" "${MATRIX_PASSWORD}" | tail -n 1) != "0" ]]; then
        echo $'Failed to add matrix admin user';
        exit 879352
    fi

    APP_INSTALLED=1
}