#!/bin/bash readonly toolName=synapse toolDeps="build-essential python3-dev libffi-dev python3-pip python3-venv python3-setuptools postgresql libssl-dev libjpeg-dev libxslt1-dev libpq5 libpq-dev" readonly toolDeps+=" jq" # used as helper for api access toolDepsRaspi="libopenjp2-7 libtiff5" readonly toolUser="synapse" readonly toolGroup="synapse" readonly toolServiceName="matrix-synapse" readonly synapseHashTool="venv/bin/hash_password" readonly toolUrlLocal="http://localhost:8008" # Filled by configuration toolConfig= toolUrl= # Needed for different steps postgresDb="" postgresUser="" postgresPass="" sq_aptOpt= sq_config=0 seq_config() { if [ "$(which lsb_release)" == "" ] ; then warning -e "Cannot detect OS. Assuming Raspberry Pi OS" osName="Raspbian" else osName=$(lsb_release -is) distName=$(lsb_release -cs) fi if [ "$osName" == "" ] ; then warning -e "Error dedecting OS. Assuming Raspberry Pi OS" osName="Raspbian" fi info "Detected OS: $osName $distName" if initSeqConfig "${seq_configName:?}" "${seq_configTemplate:?}" ; then sq_config=1 toolConfig="${MATRIX_HOME}/homeserver.yaml" toolUrl="https://$MATRIX_DOMAIN" localHome="$MATRIX_HOME" info -a "$toolName home: $MATRIX_HOME" info -a "$toolName domain: $MATRIX_DOMAIN" else # End if no configuration file exists dry || return 1 fi ## Apt cmdline option to suppress user interaction interactive || sq_aptOpt="-y" return 0 } step_1_info() { echo "Installing $toolName dependencies"; } step_1_alias() { echo "install"; } step_1() { exe apt update endReturn -o $? "Updating apt repositories failed" if [ "$osName" != "Raspbian" ] ; then toolDepsRaspi="" fi exe apt install $toolDeps $toolDepsRaspi ${sq_aptOpt} } step_2_info() { echo "Create postgres database for $toolName"; } step_2_alias() { echo "createdb"; } step_2() { readDatabaseInfos exe cd ~postgres exe su -c "psql -c \"CREATE USER ${postgresUser} WITH ENCRYPTED password '${postgresPass}';\"" - postgres exe su -c "psql -c \"CREATE DATABASE ${postgresDb} ENCODING \"UTF8\" LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER ${postgresUser};\"" - postgres exe su -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE \"${postgresDb}\" to ${postgresUser};\"" - postgres } step_3_info() { echo "Create $toolName user and group"; } step_3() { exe addgroup "$toolGroup" exe adduser --system --home ${MATRIX_HOME}/ --no-create-home --disabled-password --shell /bin/nologin --ingroup "$toolGroup" "$toolUser" } step_4_info() { echo "Install $toolName"; } step_4_alias() { echo "virtualenv"; } step_4() { exe mkdir -p "$MATRIX_HOME" exe python3 -m venv "${MATRIX_HOME}/venv" exe cd "$MATRIX_HOME" disableErrorCheck exe source "${MATRIX_HOME}/venv/bin/activate" enableErrorCheck exe pip install --upgrade pip exe pip install --upgrade setuptools # bcrypt and cryptography last version before requiring rust to compile # hiredis and txredisapi needed by redis exe pip install matrix-synapse[postgres] lxml psycopg2 hiredis txredisapi } step_5_info() { echo "Create default configuration and folder structure"; } step_5_alias() { echo "defaultconfig"; } step_5() { # Create default configuration exe python3 -m synapse.app.homeserver --server-name "$MATRIX_DOMAIN" --config-path homeserver.yaml --generate-config --report-stats=no exe deactivate # Create media directories exe mkdir -p ${MATRIX_HOME}/media_store ${MATRIX_HOME}/uploads exe chmod 770 "${MATRIX_HOME}/media_store" "${MATRIX_HOME}/uploads" # Allow matrix to write its logs in /opt/synapse exe chmod 755 "${MATRIX_HOME}" exe chown ${toolUser}:${toolGroup} "${MATRIX_HOME}" "${MATRIX_HOME}/media_store" "${MATRIX_HOME}/uploads" } step_6_info() { echo "Open $toolName configuration file"; } step_6() { exe vi "$toolConfig" } step_7_info() { echo "Create $toolName systemd service"; } step_7_alias() { echo "systemd"; } step_7() { # eval needed to expand sourced configuration variables local localService=`eval "echo \"$toolService\""` addConf -c "$localService" "$toolServiceLoc" exe systemctl daemon-reload exe systemctl enable ${toolServiceName}.service exe service ${toolServiceName} start } toolServiceLoc="/etc/systemd/system/${toolServiceName}.service" toolService="[Unit] Description=Matrix Synapse service After=network.target postgresql.service [Service] Type=forking WorkingDirectory=\${MATRIX_HOME}/ ExecStart=\${MATRIX_HOME}/venv/bin/synctl start ExecStop=\${MATRIX_HOME}/venv/bin/synctl stop ExecReload=\${MATRIX_HOME}/venv/bin/synctl restart User=\${toolUser} Group=\${toolGroup} Restart=always StandardOutput=syslog StandardError=syslog SyslogIdentifier=synapse [Install] WantedBy=multi-user.target" step_10_info() { echo -n "Upgrade $toolName installation" if ! contextHelp ; then echo " at $MATRIX_HOME" else echo fi } step_10_alias() { echo "upgrade"; } step_10() { if [[ -z "$(command -v rustc)" ]] ; then info "Rust compiler not found an might be needed." confirm "Continue without Rust?" || return 1 fi info "Upgrading $toolName" disableErrorCheck exe source "${MATRIX_HOME}/venv/bin/activate" exe pip install --upgrade pip exe pip install --upgrade matrix-synapse saveReturn $? exe deactivate enableErrorCheck endReturn "Error upgrading $toolName" info "Restarting $toolName" step restart info "New Version:" exe sleep 2 step version } step_12_info() { echo "Restart $toolName systemd service"; echo; } step_12_alias() { echo "restart"; } step_12() { exe service ${toolServiceName} restart } step_14_info() { echo "Show $toolName version" } step_14_options() { echo "[IP]:8008"; } step_14_alias() { echo "version"; } step_14() { local synapseIP=localhost shift [ -n "${1:-}" ] && synapseIP="$1" local apiCall="http://${synapseIP}:8008/_synapse/admin/v1/server_version" # -sS to suppress download progress of curl exep "curl -sS \"$apiCall\" | python -m json.tool | grep _version" } step_16_info() { echo "List all registered users" echoinfo "[OPTION]" echoinfo " -r : Raw json output" } step_16_options() { echo "[OPTION] [IP]:8008"; } step_16_alias() { echo "listuser"; } step_16() { adminTokenCheck endReturn -o $? "Admin token needed. Check $seq_configFile" shift local synapseIP=localhost local grepOut=" | grep -E '(\"total\":|\"name\":)'" for _ in "$@" ; do case "$1" in -r) grepOut="" shift ;; *) break ;; esac done [ -n "${1:-}" ] && synapseIP="$1" local apiCall="http://${synapseIP}:8008/_synapse/admin/v2/users" exep "curl -sS --header \"Authorization: Bearer $MATRIX_ACCESS\" \"$apiCall\" | python -m json.tool $grepOut" } step_18_info() { echo "Create new user"; } step_18_alias() { echo "adduser"; } step_18() { exe /opt/synapse/venv/bin/register_new_matrix_user -c "$MATRIX_HOME/homeserver.yaml" $toolUrlLocal } step_20_info() { shift echo -n "Reset user password" contextExe && echoinfo " for ${1:-}" || echo } step_20_options() { echo "[USER NAME]"; } step_20_alias() { echo "resetpw"; } step_20() { shift local user= if [ -n "${1:-}" ]; then user="$1" else exe read -p "User name: " user fi if [ -z $user ]; then error -e "No user name provided" return 1 fi local pw="$("${MATRIX_HOME}/${synapseHashTool}")" # Escaping twice because password contains $ which would be treated as variables local string="\"UPDATE users SET password_hash=\''${pw}'\' WHERE name=\''@${user}:${MATRIX_DOMAIN}'\'\"" exep "echo \"$string\" | su postgres -c 'psql -d synapse -f -'" } step_22_info() { echo "List all rooms" echoinfo "[OPTION]" echoinfo " -r : Raw json output" } step_22_options() { echo "[OPTION] [IP]:8008"; } step_22_alias() { echo "listrooms"; } step_22() { adminTokenCheck endReturn -o $? "Admin token needed. Check $seq_configFile" shift local arg local synapseIP=localhost local grepOut=" | grep -E '(\"total\":|\"name\":|\"room_id\":)'" for _ in "$@" ; do case "$1" in -r) grepOut="" shift ;; *) break ;; esac done [ -n "${1:-}" ] && synapseIP="$1" local apiCall="http://${synapseIP}:8008/_synapse/admin/v1/rooms" exep "curl -sS --header \"Authorization: Bearer $MATRIX_ACCESS\" \"$apiCall\" | python -m json.tool $grepOut" } step_24_info() { echo "List all room members" echoinfo "[OPTION]" echoinfo " -r : Raw json output" } step_24_options() { echo "[OPTION] [ROOM ID] [IP]:8008"; } step_24_alias() { echo "listmember"; } step_24() { adminTokenCheck endReturn -o $? "Admin token needed. Check $seq_configFile" shift local roomId="" local synapseIP=localhost local grepOut=" | grep -E '(\"total\":|\"members\":|\"@)'" for _ in "$@" ; do case "$1" in -r) grepOut="" shift ;; *) break ;; esac done if [ -n "${1:-}" ]; then roomId="$1" shift fi [ -n "${1:-}" ] && synapseIP="$1" local apiCall="http://${synapseIP}:8008/_synapse/admin/v1/rooms/$roomId/members" exep "curl -sS --header \"Authorization: Bearer $MATRIX_ACCESS\" \"$apiCall\" | python -m json.tool $grepOut" } step_26_info() { echo "Delete rooms without local users" echoinfo " [IP] : default is localhost" } step_26_options() { echo "[IP]:8008"; } step_26_alias() { echo "purge"; } step_26() { adminTokenCheck endReturn -o $? "Admin token needed. Check $seq_configFile" shift local i local arg local synapseIP=localhost [ -n "${1:-}" ] && synapseIP="$1" local apiCall="http://${synapseIP}:8008/_synapse/admin/v1/rooms" local arrRoom=( $(curl -sS --header "Authorization: Bearer $MATRIX_ACCESS" "$apiCall" | jq '.rooms[] | select(.joined_local_members == 0) | .room_id') ) for i in "${!arrRoom[@]}" ; do arrRoom[$i]="${arrRoom[$i]:1:${#arrRoom[$i]}-2}" done for i in "${arrRoom[@]}" ; do step deleteroom "$i" done } step_28_info() { echo "Delete room"; } step_28_options() { echo " [IP]:8008"; } step_28_alias() { echo "deleteroom"; } step_28() { adminTokenCheck endReturn -o $? "Admin token needed. Check $seq_configFile" shift local roomId="" local synapseIP=localhost if [ -n "${1:-}" ]; then roomId="$1" shift else endReturn -o 1 "No room ID specified" fi [ -n "${1:-}" ] && synapseIP="$1" echo " [I] Deleting room with ID: $roomId" local apiCall="http://${synapseIP}:8008/_synapse/admin/v2/rooms/$roomId" exep "curl -sS --header \"Authorization: Bearer $MATRIX_ACCESS\" \ -X DELETE \ -H \"Content-Type: application/json\" -d \"{}\" \ \"$apiCall\" | python -m json.tool" #end } # As note for further improvement # See https://github.com/matrix-org/synapse/blob/develop/docs/admin_api/rooms.md#delete-room-api postDataDeleteRoom() { cat < ${toolDbBackupFolder}/$(date +%Y-%m-%d\"_\"%H-%M-%S).backup.bz2" exe rm -f ${toolDbBackupFolder}/${DELYEAR}* } toolDbBackupFolder=/root/backupdb step_54_info() { echo "Postgres database restore"; } step_54_alias() { echo "restoredb"; } step_54() { info "Postgres database restore procedure" cat < -U -d -W -f e.g. psql -h 127.0.0.1 -U synapse -d synapse -W -f 2018-06-07_18-10-56.sql or 3. Custom postgres format dump restore: pg_restore -h localhost -p 5432 -U synapse -d new_db -v "10.70.0.61.backup" RESTORE_END info "Available postgresql databases:" exe cd ~postgres exe su postgres -c "psql -c '\l'" info -a "Available postgresql user:" exe su postgres -c "psql -c '\du'" } step_56_info() { echo "$toolName migration notes"; } step_56_alias() { echo "migrate"; } step_56() { color green cat <