efelon/shell_sequencer
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity
Files
master
shell_sequencer/seqs/matrix.sh

564 lines
15 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
toolName=synapse
toolDeps="build-essential python3-dev libffi-dev python3-pip python3-setuptools postgresql libssl-dev virtualenv libjpeg-dev libxslt1-dev libpq5 libpq-dev"
toolDeps+=" jq" # used as helper for api access
toolDepsRaspi="libopenjp2-7 libtiff5"
toolUser="synapse"
toolGroup="synapse"
toolServiceName="matrix-synapse"
synapseHashTool="env/bin/hash_password"
toolUrlLocal="http://localhost:8008"
# Filled by configuration
toolConfig=
toolUrl=
# Needed for different steps
postgresDb=""
postgresUser=""
postgresPass=""
# Get script working directory
# (when called from a different directory)
WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )"
CONFIG=0
CONFIG_FILE_NAME="matrix.cfg"
CONFIG_FILE_TEMPLATE="$WDIR/${CONFIG_FILE_NAME}.example"
step_config() {
if [ "$(which lsb_release)" == "" ] ; then
echoerr " [W] Cannot detect OS. Assuming Raspberry Pi OS"
osName="Raspbian"
else
osName=$(lsb_release -is)
distName=$(lsb_release -cs)
fi
if [ "$osName" == "" ] ; then
echoerr " [W] Error dedecting OS. Assuming Raspberry Pi OS"
osName="Raspbian"
fi
echo " [I] Detected OS: $osName $distName"
initSeqConfig "$CONFIG_FILE_NAME" "$CONFIG_FILE_TEMPLATE"
if [ $? -eq 0 ] ; then
CONFIG=1
toolConfig="${MATRIX_HOME}/homeserver.yaml"
toolUrl="https://$MATRIX_DOMAIN"
localHome="$MATRIX_HOME"
echo " $toolName home: $MATRIX_HOME"
echo " $toolName domain: $MATRIX_DOMAIN"
fi
return 0
}
step_1_info() { echo "Installing $toolName dependencies"; }
step_1_alias() { ALIAS="install"; }
step_1() {
local aptOption=
exe apt update
endReturn -o $? "Updating apt repositories failed"
if [ $QUIET -ne 0 ] ; then
aptOption="-y"
else
aptOption=""
fi
if [ "$osName" != "Raspbian" ] ; then
toolDepsRaspi=""
fi
exe apt install $toolDeps $toolDepsRaspi $aptOption
}
step_2_info() { echo "Create postgres database for $toolName"; }
step_2_alias() { ALIAS="createdb"; }
step_2() {
readDatabaseInfos
exe cd ~postgres
exe su -c "psql -c \"CREATE USER ${postgresUser} WITH ENCRYPTED password '${postgresPass}';\"" - postgres
exe su -c "psql -c \"CREATE DATABASE ${postgresDb} ENCODING \"UTF8\" LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER ${postgresUser};\"" - postgres
exe su -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE \"${postgresDb}\" to ${postgresUser};\"" - postgres
}
step_3_info() { echo "Create $toolName user and group"; }
step_3() {
exe addgroup "$toolGroup"
exe adduser --system --home ${MATRIX_HOME}/ --no-create-home --disabled-password --shell /bin/nologin --ingroup "$toolGroup" "$toolUser"
}
step_4_info() { echo "Install $toolName"; }
step_4_alias() { ALIAS="virtualenv"; }
step_4() {
exe mkdir -p "$MATRIX_HOME"
exe virtualenv -p python3 "${MATRIX_HOME}/env"
exe cd "$MATRIX_HOME"
exe source "${MATRIX_HOME}/env/bin/activate"
exe pip install --upgrade pip
exe pip install --upgrade setuptools
exe pip install matrix-synapse[postgres] lxml
}
step_5_info() { echo "Create default configuration and folder structure"; }
step_5_alias() { ALIAS="defaultconfig"; }
step_5() {
# Create default configuration
exe python3 -m synapse.app.homeserver --server-name "$MATRIX_DOMAIN" --config-path homeserver.yaml --generate-config --report-stats=no
exe deactivate
# Create media directories
exe mkdir -p ${MATRIX_HOME}/media_store ${MATRIX_HOME}/uploads
exe chmod 770 "${MATRIX_HOME}/media_store" "${MATRIX_HOME}/uploads"
# Allow matrix to write its logs in /opt/synapse
exe chmod 755 "${MATRIX_HOME}"
exe chown ${toolUser}:${toolGroup} "${MATRIX_HOME}" "${MATRIX_HOME}/media_store" "${MATRIX_HOME}/uploads"
}
step_6_info() { echo "Open $toolName configuration file"; }
step_6() {
exe vi "$toolConfig"
}
step_7_info() { echo "Create $toolName systemd service"; }
step_7_alias() { ALIAS="systemd"; }
step_7() {
# eval needed to expand sourced configuration variables
local localService=`eval "echo \"$toolService\""`
addConf -c "$localService" "$toolServiceLoc"
exe systemctl daemon-reload
exe systemctl enable ${toolServiceName}.service
exe service ${toolServiceName} start
}
toolServiceLoc="/etc/systemd/system/${toolServiceName}.service"
toolService="[Unit]
Description=Matrix Synapse service
After=network.target postgresql.service
[Service]
Type=forking
WorkingDirectory=\${MATRIX_HOME}/
ExecStart=\${MATRIX_HOME}/env/bin/synctl start
ExecStop=\${MATRIX_HOME}/env/bin/synctl stop
ExecReload=\${MATRIX_HOME}/env/bin/synctl restart
User=\${toolUser}
Group=\${toolGroup}
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=synapse
[Install]
WantedBy=multi-user.target"
step_10_info() {
echo -n "Upgrade $toolName installation"
if [ $CONTEXT_HELP -eq 0 ] ; then
echo " at $MATRIX_HOME"
else
echo
fi
}
step_10_alias() { ALIAS="upgrade"; }
step_10() {
echo " [I] Upgrading $toolName"
exe source "${MATRIX_HOME}/env/bin/activate"
exe pip install --upgrade pip
exe pip install --upgrade matrix-synapse
saveReturn $?
exe deactivate
endReturn "Error upgrading $toolName"
echo " [I] Restarting $toolName"
step restart
echo " [I] New Version:"
exe sleep 2
step version
}
step_12_info() { echo "Restart $toolName systemd service"; echo; }
step_12_alias() { ALIAS="restart"; }
step_12() {
exe service ${toolServiceName} restart
}
step_14_info() {
echoinfoArgs "[IP]:8008"
echo "Show $toolName version"
}
step_14_alias() { ALIAS="version"; }
step_14() {
local synapseIP=localhost
shift
if [ ! -z $1 ]; then
synapseIP="$1"
fi
local apiCall="http://${synapseIP}:8008/_synapse/admin/v1/server_version"
# -sS to suppress download progress of curl
exep "curl -sS \"$apiCall\" | python -m json.tool | grep _version"
}
step_16_info() {
echoinfoArgs "[OPTION] [IP]:8008"
echo "List all registered users"
echoinfo "[OPTION]"
echoinfo " -r : Raw json output"
}
step_16_alias() { ALIAS="listuser"; }
step_16() {
adminTokenCheck
endReturn -o $? "Admin token needed. Check $SEQ_CONFIG_FILE"
shift
local synapseIP=localhost
local grepOut=" | grep -E '(\"total\":|\"name\":)'"
for arg in "$@" ; do
case "$1" in
-r)
grepOut=""
shift
;;
*)
break
;;
esac
done
if [ ! -z $1 ]; then
synapseIP="$1"
fi
local apiCall="http://${synapseIP}:8008/_synapse/admin/v2/users"
exep "curl -sS --header \"Authorization: Bearer $MATRIX_ACCESS\" \"$apiCall\" | python -m json.tool $grepOut"
}
step_18_info() { echo "Create new user"; }
step_18_alias() { ALIAS="adduser"; }
step_18() {
exe /opt/synapse/env/bin/register_new_matrix_user -c "$MATRIX_HOME/homeserver.yaml" $toolUrlLocal
}
step_20_info() {
shift
echoinfoArgs "[USER NAME]"
echo -n "Reset user password"
[ $CONTEXT_EXE -ne 0 ] && echoinfo " for $1" || echo
}
step_20_alias() { ALIAS="resetpw"; }
step_20() {
shift
local user=
if [ ! -z $1 ]; then
user="$1"
else
exe read -p "User name: " user
fi
if [ -z $user ]; then
echoerr "No user name provided"
return 1
fi
local pw="$("${MATRIX_HOME}/${synapseHashTool}")"
# Escaping twice because password contains $ which would be treated as variables
local string="\"UPDATE users SET password_hash=\''${pw}'\' WHERE name=\''@${user}:${MATRIX_DOMAIN}'\'\""
exep "echo \"$string\" | su postgres -c 'psql -d synapse -f -'"
}
step_22_info() {
echoinfoArgs "[OPTION] [IP]:8008"
echo "List all rooms"
echoinfo "[OPTION]"
echoinfo " -r : Raw json output"
}
step_22_alias() { ALIAS="listrooms"; }
step_22() {
adminTokenCheck
endReturn -o $? "Admin token needed. Check $SEQ_CONFIG_FILE"
shift
local arg
local synapseIP=localhost
local grepOut=" | grep -E '(\"total\":|\"name\":|\"room_id\":)'"
for arg in "$@" ; do
case "$1" in
-r)
grepOut=""
shift
;;
*)
break
;;
esac
done
if [ ! -z $1 ]; then
synapseIP="$1"
fi
local apiCall="http://${synapseIP}:8008/_synapse/admin/v1/rooms"
exep "curl -sS --header \"Authorization: Bearer $MATRIX_ACCESS\" \"$apiCall\" | python -m json.tool $grepOut"
}
step_24_info() {
echoinfoArgs "[OPTION] [ROOM ID] [IP]:8008"
echo "List all room members"
echoinfo "[OPTION]"
echoinfo " -r : Raw json output"
}
step_24_alias() { ALIAS="listmember"; }
step_24() {
adminTokenCheck
endReturn -o $? "Admin token needed. Check $SEQ_CONFIG_FILE"
shift
local roomId=""
local synapseIP=localhost
local grepOut=" | grep -E '(\"total\":|\"members\":|\"@)'"
for arg in "$@" ; do
case "$1" in
-r)
grepOut=""
shift
;;
*)
break
;;
esac
done
if [ ! -z $1 ]; then
roomId="$1"
shift
fi
if [ ! -z $1 ]; then
synapseIP="$1"
fi
local apiCall="http://${synapseIP}:8008/_synapse/admin/v1/rooms/$roomId/members"
exep "curl -sS --header \"Authorization: Bearer $MATRIX_ACCESS\" \"$apiCall\" | python -m json.tool $grepOut"
}
step_26_info() {
echoinfoArgs "[IP]:8008"
echo "Delete rooms without local users"
echoinfo " [IP] : default is localhost"
}
step_26_alias() { ALIAS="purge"; }
step_26() {
adminTokenCheck
endReturn -o $? "Admin token needed. Check $SEQ_CONFIG_FILE"
shift
local i
local arg
local synapseIP=localhost
if [ ! -z $1 ]; then
synapseIP="$1"
fi
local apiCall="http://${synapseIP}:8008/_synapse/admin/v1/rooms"
local arrRoom=( $(curl -sS --header "Authorization: Bearer $MATRIX_ACCESS" "$apiCall" | jq '.rooms[] | select(.joined_local_members == 0) | .room_id') )
for i in "${!arrRoom[@]}" ; do
arrRoom[$i]="${arrRoom[$i]:1:${#arrRoom[$i]}-2}"
done
for i in "${arrRoom[@]}" ; do
step deleteroom "$i"
done
}
step_28_info() {
echoinfoArgs "<ROOM ID> [IP]:8008"
echo "Delete room"
}
step_28_alias() { ALIAS="deleteroom"; }
step_28() {
adminTokenCheck
endReturn -o $? "Admin token needed. Check $SEQ_CONFIG_FILE"
shift
local roomId=""
local synapseIP=localhost
if [ ! -z $1 ]; then
roomId="$1"
shift
else
endReturn -o 1 "No room ID specified"
fi
if [ ! -z $1 ]; then
synapseIP="$1"
fi
echo " [I] Deleting room with ID: $roomId"
local apiCall="http://${synapseIP}:8008/_synapse/admin/v2/rooms/$roomId"
exep "curl -sS --header \"Authorization: Bearer $MATRIX_ACCESS\" \
-X DELETE \
-H \"Content-Type: application/json\" -d \"{}\" \
\"$apiCall\" | python -m json.tool"
#end
}
# As note for further improvement
# See https://github.com/matrix-org/synapse/blob/develop/docs/admin_api/rooms.md#delete-room-api
postDataDeleteRoom()
{
cat <<EOF
{
"new_room_user_id": "@someuser:example.com",
"room_name": "Content Violation Notification",
"message": "Bad Room has been shutdown due to content violations on this server. Please review our Terms of Service.",
"block": true,
"purge": true
}
EOF
}
step_30_info() { echoinfoArgs "[DATABASE]"; echo "Debloat postgres"; echo; }
step_30_alias() { ALIAS="debloat"; }
step_30() {
shift
local pgVerboseReId=" (VERBOSE) "
local pgVerboseVac=" VERBOSE"
if [ $VERBOSE == 0 ]; then
pgVerboseReId=" "
pgVerboseVac=""
fi
if [ -z $1 ]; then
readDatabaseInfos
else
postgresDb="$1"
fi
echo " [I] Stopping ${toolServiceName}"
exe service ${toolServiceName} stop
endReturn -o $? "Couldn't stop ${toolServiceName}. Stopping debloat."
exe cd ~postgres
exe su -c "psql -d ${postgresDb} -c \"REINDEX${pgVerboseReId}DATABASE ${postgresDb};\"" - postgres
exe su -c "psql -c \"VACUUM FULL${pgVerboseVac};\"" - postgres
echo -e "\n [I] Starting ${toolServiceName}"
exe service ${toolServiceName} start
}
step_50_info() { echo "Drop postgres database for $toolName"; }
step_50_alias() { ALIAS="dropdb"; }
step_50() {
readDatabaseInfos
exe cd ~postgres
exe su -c "psql -c \"DROP DATABASE ${postgresDb};\"" - postgres
}
step_52_info() { echo "Backup postgres database"; }
step_52_alias() { ALIAS="backupdb"; }
step_52() {
local DELYEAR=$(($(date +%Y)-2))
if [ ! -s ~/.pgpass ] ; then
echo " [I] For unattended backup please define ~/.pgpass containing credentials"
echo " e.g. localhost:5432:database:user:pass"
echo "Backup custom pg format with standard user / database: synapse / synapse"
fi
exep "pg_dump -h 127.0.0.1 -U synapse -Fc synapse | bzip2 -c > ${toolDbBackupFolder}/`date +%Y-%m-%d\"_\"%H-%M-%S`.backup.bz2"
exe rm -f ${toolDbBackupFolder}/${DELYEAR}*
}
toolDbBackupFolder=/root/backupdb
step_54_info() { echo "Postgres database restore"; }
step_54_alias() { ALIAS="restoredb"; }
step_54() {
echo " [I] Postgres database restore procedure"
echo "1. Create a empty postgres database first (step 4)"
echo "2. psql -h <host> -U <database user> -d <database name> -W -f <sql dump file>"
echo " e.g. psql -h 127.0.0.1 -U synapse -d synapse -W -f 2018-06-07_18-10-56.sql"
echo "or"
echo "3. Custom postgres format dump restore:"
echo " pg_restore -h localhost -p 5432 -U synapse -d new_db -v \"10.70.0.61.backup\""
echo
echo "Available postgresql databases:"
exe cd ~postgres
exe su postgres -c "psql -c '\l'"
echo "Available postgresql user:"
exe su postgres -c "psql -c '\du'"
}
step_56_info() { echo "$toolName migration notes"; }
step_56_alias() { ALIAS="migrate"; }
step_56() {
echo " [I] Backup database"
echo " ./postgres.sh backupdb synapse"
echo
echo " [I] Backup virtual env folders except \"env\""
echo " cd ${MATRIX_HOME}"
echo " tar czf ../\`date +%Y-%m-%d\"_\"%H-%M-%S\`.synapse_bu.tar.gz --exclude=\"./env\" ."
echo
echo " [I] Transfer both backup files to target server"
echo
echo " [I] Install $toolName on the target server up to step \"virtualenv\""
echo " (Stop after first run and edit $SEQ_CONFIG_FILE)"
echo " ./matrix.sh install"
echo " cd ${MATRIX_HOME}"
echo " tar xf ...synapse_bu.tar.gz"
echo " Follow the instructions of:"
echo " ./matrix.sh restoredb"
echo " ./matrix.sh systemd"
echo
echo " [I] $toolName should be running. Now modify the reverse proxy configuration"
}
# Read postgres database information dbname/user/pass if empty
readDatabaseInfos() {
if [ "$postgresDb" == "" ] ; then
read -p "Enter postgres database name: " postgresDb
endCheckEmpty postgresDb "database"
fi
if [ "$postgresUser" == "" ] ; then
read -p "Enter postgres user name: " postgresUser
endCheckEmpty postgresUser "user name"
fi
if [ "$postgresPass" == "" ] ; then
read -s -p "Enter postgres password: " postgresPass
endCheckEmpty postgresPass "password"
fi
echo
}
# Needs readDatabaseInfos() to execute some commands
toolScript() {
if [ ! -z "$1" ] ; then
readDatabaseInfos
fi
}
# End step if no admin access token is configured
adminTokenCheck() {
if [ -z "$MATRIX_ACCESS" ] ; then
[ $QUIET -eq 0 ] && read -s -p "Please enter admin access tocken: " MATRIX_ACCESS
# return 1 if it is still empty
[ -z "$MATRIX_ACCESS" ] && return 1
fi
return 0
}
VERSION_SEQREV=15
. /usr/local/bin/sequencer.sh
Reference in New Issue View Git Blame Copy Permalink