efelon/shell_sequencer
1
0
Fork 0
Code Issues Pull Requests Releases 1 Wiki Activity
Files
b9f8ee7599e3795d9ab02106617de192e61f3b88
shell_sequencer/seqs/matrix.sh

562 lines
15 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
readonly toolName=synapse
toolDeps="build-essential python3-dev libffi-dev python3-pip python3-venv python3-setuptools postgresql libssl-dev libjpeg-dev libxslt1-dev libpq5 libpq-dev"
readonly toolDeps+=" jq" # used as helper for api access
toolDepsRaspi="libopenjp2-7 libtiff5"
readonly toolUser="synapse"
readonly toolGroup="synapse"
readonly toolServiceName="matrix-synapse"
readonly synapseHashTool="venv/bin/hash_password"
readonly toolUrlLocal="http://localhost:8008"
# Filled by configuration
toolConfig=
toolUrl=
# Needed for different steps
postgresDb=""
postgresUser=""
postgresPass=""
sq_aptOpt=
sq_config=0
seq_config() {
if [ "$(which lsb_release)" == "" ] ; then
warning -e "Cannot detect OS. Assuming Raspberry Pi OS"
osName="Raspbian"
else
osName=$(lsb_release -is)
distName=$(lsb_release -cs)
fi
if [ "$osName" == "" ] ; then
warning -e "Error dedecting OS. Assuming Raspberry Pi OS"
osName="Raspbian"
fi
info "Detected OS: $osName $distName"
if initSeqConfig "${seq_configName:?}" "${seq_configTemplate:?}" ; then
sq_config=1
toolConfig="${MATRIX_HOME}/homeserver.yaml"
toolUrl="https://$MATRIX_DOMAIN"
localHome="$MATRIX_HOME"
info -a "$toolName home: $MATRIX_HOME"
info -a "$toolName domain: $MATRIX_DOMAIN"
else
# End if no configuration file exists
dry || return 1
fi
## Apt cmdline option to suppress user interaction
interactive || sq_aptOpt="-y"
return 0
}
step_1_info() { echo "Installing $toolName dependencies"; }
step_1_alias() { echo "install"; }
step_1() {
exe apt update
endReturn -o $? "Updating apt repositories failed"
if [ "$osName" != "Raspbian" ] ; then
toolDepsRaspi=""
fi
exe apt install $toolDeps $toolDepsRaspi ${sq_aptOpt}
}
step_2_info() { echo "Create postgres database for $toolName"; }
step_2_alias() { echo "createdb"; }
step_2() {
readDatabaseInfos
exe cd ~postgres
exe su -c "psql -c \"CREATE USER ${postgresUser} WITH ENCRYPTED password '${postgresPass}';\"" - postgres
exe su -c "psql -c \"CREATE DATABASE ${postgresDb} ENCODING \"UTF8\" LC_COLLATE='C' LC_CTYPE='C' template=template0 OWNER ${postgresUser};\"" - postgres
exe su -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE \"${postgresDb}\" to ${postgresUser};\"" - postgres
}
step_3_info() { echo "Create $toolName user and group"; }
step_3() {
exe addgroup "$toolGroup"
exe adduser --system --home ${MATRIX_HOME}/ --no-create-home --disabled-password --shell /bin/nologin --ingroup "$toolGroup" "$toolUser"
}
step_4_info() { echo "Install $toolName"; }
step_4_alias() { echo "virtualenv"; }
step_4() {
exe mkdir -p "$MATRIX_HOME"
exe python3 -m venv "${MATRIX_HOME}/venv"
exe cd "$MATRIX_HOME"
disableErrorCheck
exe source "${MATRIX_HOME}/venv/bin/activate"
enableErrorCheck
exe pip install --upgrade pip
exe pip install --upgrade setuptools
# bcrypt and cryptography last version before requiring rust to compile
# hiredis and txredisapi needed by redis
exe pip install matrix-synapse[postgres] lxml psycopg2 hiredis txredisapi
}
step_5_info() { echo "Create default configuration and folder structure"; }
step_5_alias() { echo "defaultconfig"; }
step_5() {
# Create default configuration
exe python3 -m synapse.app.homeserver --server-name "$MATRIX_DOMAIN" --config-path homeserver.yaml --generate-config --report-stats=no
exe deactivate
# Create media directories
exe mkdir -p ${MATRIX_HOME}/media_store ${MATRIX_HOME}/uploads
exe chmod 770 "${MATRIX_HOME}/media_store" "${MATRIX_HOME}/uploads"
# Allow matrix to write its logs in /opt/synapse
exe chmod 755 "${MATRIX_HOME}"
exe chown ${toolUser}:${toolGroup} "${MATRIX_HOME}" "${MATRIX_HOME}/media_store" "${MATRIX_HOME}/uploads"
}
step_6_info() { echo "Open $toolName configuration file"; }
step_6() {
exe vi "$toolConfig"
}
step_7_info() { echo "Create $toolName systemd service"; }
step_7_alias() { echo "systemd"; }
step_7() {
# eval needed to expand sourced configuration variables
local localService=`eval "echo \"$toolService\""`
addConf -c "$localService" "$toolServiceLoc"
exe systemctl daemon-reload
exe systemctl enable ${toolServiceName}.service
exe service ${toolServiceName} start
}
toolServiceLoc="/etc/systemd/system/${toolServiceName}.service"
toolService="[Unit]
Description=Matrix Synapse service
After=network.target postgresql.service
[Service]
Type=forking
WorkingDirectory=\${MATRIX_HOME}/
ExecStart=\${MATRIX_HOME}/venv/bin/synctl start
ExecStop=\${MATRIX_HOME}/venv/bin/synctl stop
ExecReload=\${MATRIX_HOME}/venv/bin/synctl restart
User=\${toolUser}
Group=\${toolGroup}
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=synapse
[Install]
WantedBy=multi-user.target"
step_10_info() {
echo -n "Upgrade $toolName installation"
if ! contextHelp ; then
echo " at $MATRIX_HOME"
else
echo
fi
}
step_10_alias() { echo "upgrade"; }
step_10() {
if [[ -z "$(command -v rustc)" ]] ; then
info "Rust compiler not found an might be needed."
confirm "Continue without Rust?" || return 1
fi
info "Upgrading $toolName"
disableErrorCheck
exe source "${MATRIX_HOME}/venv/bin/activate"
exe pip install --upgrade pip
exe pip install --upgrade matrix-synapse
saveReturn $?
exe deactivate
enableErrorCheck
endReturn "Error upgrading $toolName"
info "Restarting $toolName"
step restart
info "New Version:"
exe sleep 2
step version
}
step_12_info() { echo "Restart $toolName systemd service"; echo; }
step_12_alias() { echo "restart"; }
step_12() {
exe service ${toolServiceName} restart
}
step_14_info() {
echo "Show $toolName version"
}
step_14_options() { echo "[IP]:8008"; }
step_14_alias() { echo "version"; }
step_14() {
local synapseIP=localhost
shift
[ -n "${1:-}" ] && synapseIP="$1"
local apiCall="http://${synapseIP}:8008/_synapse/admin/v1/server_version"
# -sS to suppress download progress of curl
exep "curl -sS \"$apiCall\" | python -m json.tool | grep _version"
}
step_16_info() {
echo "List all registered users"
echoinfo "[OPTION]"
echoinfo " -r : Raw json output"
}
step_16_options() { echo "[OPTION] [IP]:8008"; }
step_16_alias() { echo "listuser"; }
step_16() {
adminTokenCheck
endReturn -o $? "Admin token needed. Check $seq_configFile"
shift
local synapseIP=localhost
local grepOut=" | grep -E '(\"total\":|\"name\":)'"
for _ in "$@" ; do
case "$1" in
-r)
grepOut=""
shift
;;
*)
break
;;
esac
done
[ -n "${1:-}" ] && synapseIP="$1"
local apiCall="http://${synapseIP}:8008/_synapse/admin/v2/users"
exep "curl -sS --header \"Authorization: Bearer $MATRIX_ACCESS\" \"$apiCall\" | python -m json.tool $grepOut"
}
step_18_info() { echo "Create new user"; }
step_18_alias() { echo "adduser"; }
step_18() {
exe /opt/synapse/venv/bin/register_new_matrix_user -c "$MATRIX_HOME/homeserver.yaml" $toolUrlLocal
}
step_20_info() {
shift
echo -n "Reset user password"
contextExe && echoinfo " for ${1:-}" || echo
}
step_20_options() { echo "[USER NAME]"; }
step_20_alias() { echo "resetpw"; }
step_20() {
shift
local user=
if [ -n "${1:-}" ]; then
user="$1"
else
exe read -p "User name: " user
fi
if [ -z $user ]; then
error -e "No user name provided"
return 1
fi
local pw="$("${MATRIX_HOME}/${synapseHashTool}")"
# Escaping twice because password contains $ which would be treated as variables
local string="\"UPDATE users SET password_hash=\''${pw}'\' WHERE name=\''@${user}:${MATRIX_DOMAIN}'\'\""
exep "echo \"$string\" | su postgres -c 'psql -d synapse -f -'"
}
step_22_info() {
echo "List all rooms"
echoinfo "[OPTION]"
echoinfo " -r : Raw json output"
}
step_22_options() { echo "[OPTION] [IP]:8008"; }
step_22_alias() { echo "listrooms"; }
step_22() {
adminTokenCheck
endReturn -o $? "Admin token needed. Check $seq_configFile"
shift
local arg
local synapseIP=localhost
local grepOut=" | grep -E '(\"total\":|\"name\":|\"room_id\":)'"
for _ in "$@" ; do
case "$1" in
-r)
grepOut=""
shift
;;
*)
break
;;
esac
done
[ -n "${1:-}" ] && synapseIP="$1"
local apiCall="http://${synapseIP}:8008/_synapse/admin/v1/rooms"
exep "curl -sS --header \"Authorization: Bearer $MATRIX_ACCESS\" \"$apiCall\" | python -m json.tool $grepOut"
}
step_24_info() {
echo "List all room members"
echoinfo "[OPTION]"
echoinfo " -r : Raw json output"
}
step_24_options() { echo "[OPTION] [ROOM ID] [IP]:8008"; }
step_24_alias() { echo "listmember"; }
step_24() {
adminTokenCheck
endReturn -o $? "Admin token needed. Check $seq_configFile"
shift
local roomId=""
local synapseIP=localhost
local grepOut=" | grep -E '(\"total\":|\"members\":|\"@)'"
for _ in "$@" ; do
case "$1" in
-r)
grepOut=""
shift
;;
*)
break
;;
esac
done
if [ -n "${1:-}" ]; then
roomId="$1"
shift
fi
[ -n "${1:-}" ] && synapseIP="$1"
local apiCall="http://${synapseIP}:8008/_synapse/admin/v1/rooms/$roomId/members"
exep "curl -sS --header \"Authorization: Bearer $MATRIX_ACCESS\" \"$apiCall\" | python -m json.tool $grepOut"
}
step_26_info() {
echo "Delete rooms without local users"
echoinfo " [IP] : default is localhost"
}
step_26_options() { echo "[IP]:8008"; }
step_26_alias() { echo "purge"; }
step_26() {
adminTokenCheck
endReturn -o $? "Admin token needed. Check $seq_configFile"
shift
local i
local arg
local synapseIP=localhost
[ -n "${1:-}" ] && synapseIP="$1"
local apiCall="http://${synapseIP}:8008/_synapse/admin/v1/rooms"
local arrRoom=( $(curl -sS --header "Authorization: Bearer $MATRIX_ACCESS" "$apiCall" | jq '.rooms[] | select(.joined_local_members == 0) | .room_id') )
for i in "${!arrRoom[@]}" ; do
arrRoom[$i]="${arrRoom[$i]:1:${#arrRoom[$i]}-2}"
done
for i in "${arrRoom[@]}" ; do
step deleteroom "$i"
done
}
step_28_info() { echo "Delete room"; }
step_28_options() { echo "<ROOM ID> [IP]:8008"; }
step_28_alias() { echo "deleteroom"; }
step_28() {
adminTokenCheck
endReturn -o $? "Admin token needed. Check $seq_configFile"
shift
local roomId=""
local synapseIP=localhost
if [ -n "${1:-}" ]; then
roomId="$1"
shift
else
endReturn -o 1 "No room ID specified"
fi
[ -n "${1:-}" ] && synapseIP="$1"
echo " [I] Deleting room with ID: $roomId"
local apiCall="http://${synapseIP}:8008/_synapse/admin/v2/rooms/$roomId"
exep "curl -sS --header \"Authorization: Bearer $MATRIX_ACCESS\" \
-X DELETE \
-H \"Content-Type: application/json\" -d \"{}\" \
\"$apiCall\" | python -m json.tool"
#end
}
# As note for further improvement
# See https://github.com/matrix-org/synapse/blob/develop/docs/admin_api/rooms.md#delete-room-api
postDataDeleteRoom()
{
cat <<EOF
{
"new_room_user_id": "@someuser:example.com",
"room_name": "Content Violation Notification",
"message": "Bad Room has been shutdown due to content violations on this server. Please review our Terms of Service.",
"block": true,
"purge": true
}
EOF
}
step_30_info() { echo "Debloat postgres"; echo; }
step_30_options() { echo "[DATABASE]"; }
step_30_alias() { echo "debloat"; }
step_30() {
shift
local pgVerboseReId=" (VERBOSE) "
local pgVerboseVac=" VERBOSE"
if ! verbose; then
pgVerboseReId=" "
pgVerboseVac=""
fi
if [ -z "${1:-}" ]; then
readDatabaseInfos
else
postgresDb="$1"
fi
echo " [I] Stopping ${toolServiceName}"
exe service ${toolServiceName} stop
endReturn -o $? "Couldn't stop ${toolServiceName}. Stopping debloat."
exe cd ~postgres
exe su -c "psql -d ${postgresDb} -c \"REINDEX${pgVerboseReId}DATABASE ${postgresDb};\"" - postgres
exe su -c "psql -c \"VACUUM FULL${pgVerboseVac};\"" - postgres
echo -e "\n [I] Starting ${toolServiceName}"
exe service ${toolServiceName} start
}
step_50_info() { echo "Drop postgres database for $toolName"; }
step_50_alias() { echo "dropdb"; }
step_50() {
readDatabaseInfos
exe cd ~postgres
exe su -c "psql -c \"DROP DATABASE ${postgresDb};\"" - postgres
}
step_52_info() { echo "Backup postgres database"; }
step_52_alias() { echo "backupdb"; }
step_52() {
local DELYEAR=$(($(date +%Y)-2))
if [ ! -s ~/.pgpass ] ; then
info "For unattended backup please define ~/.pgpass containing credentials"
info -a " e.g. localhost:5432:database:user:pass"
info -a "Backup custom pg format with standard user / database: synapse / synapse"
fi
exep "pg_dump -h 127.0.0.1 -U synapse -Fc synapse | bzip2 -c > ${toolDbBackupFolder}/$(date +%Y-%m-%d\"_\"%H-%M-%S).backup.bz2"
exe rm -f ${toolDbBackupFolder}/${DELYEAR}*
}
toolDbBackupFolder=/root/backupdb
step_54_info() { echo "Postgres database restore"; }
step_54_alias() { echo "restoredb"; }
step_54() {
info "Postgres database restore procedure"
cat <<RESTORE_END
1. Create a empty postgres database first (step 4)
2. psql -h <host> -U <database user> -d <database name> -W -f <sql dump file>
e.g. psql -h 127.0.0.1 -U synapse -d synapse -W -f 2018-06-07_18-10-56.sql
or
3. Custom postgres format dump restore:
pg_restore -h localhost -p 5432 -U synapse -d new_db -v "10.70.0.61.backup"
RESTORE_END
info "Available postgresql databases:"
exe cd ~postgres
exe su postgres -c "psql -c '\l'"
info -a "Available postgresql user:"
exe su postgres -c "psql -c '\du'"
}
step_56_info() { echo "$toolName migration notes"; }
step_56_alias() { echo "migrate"; }
step_56() {
color green
cat <<MIGRATE_END
# Backup database
./postgres.sh backupdb synapse
# Backup virtual venv folders except "venv"
cd ${MATRIX_HOME}
tar czf ../\$(date +%Y-%m-%d"_"%H-%M-%S).synapse_bu.tar.gz --exclude="./venv" .
# Transfer both backup files to target server
# Install $toolName on the target server up to step "virtualenv"
(Stop after first run and edit $seq_configFile)
./matrix.sh install
cd ${MATRIX_HOME}
tar xf ...synapse_bu.tar.gz
Follow the instructions of:
./matrix.sh restoredb
./matrix.sh systemd
# $toolName should be running. Now modify the reverse proxy configuration
MIGRATE_END
}
# Read postgres database information dbname/user/pass if empty
readDatabaseInfos() {
if [ "$postgresDb" == "" ] ; then
read -p "Enter postgres database name: " postgresDb
endIfEmpty postgresDb "database"
fi
if [ "$postgresUser" == "" ] ; then
read -p "Enter postgres user name: " postgresUser
endIfEmpty postgresUser "user name"
fi
if [ "$postgresPass" == "" ] ; then
read -s -p "Enter postgres password: " postgresPass
endIfEmpty postgresPass "password"
fi
echo
}
# Needs readDatabaseInfos() to execute some commands
toolScript() {
if [ -n "${1:-}" ] ; then
readDatabaseInfos
fi
}
# End step if no admin access token is configured
adminTokenCheck() {
if [ -z "$MATRIX_ACCESS" ] ; then
interactive && read -s -p "Please enter admin access tocken: " MATRIX_ACCESS
# return 1 if it is still empty
[ -z "$MATRIX_ACCESS" ] && return 1
fi
return 0
}
# shellcheck disable=SC2034 # Appears unused
readonly sqr_minVersion=16
# shellcheck disable=SC1091 # Don't follow this source
. /usr/local/bin/sequencer.sh
Reference in New Issue View Git Blame Copy Permalink