From 678dea3213b975882d7d72521b020ec54ef4895b Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 5 Mar 2022 12:46:12 +0100 Subject: [PATCH 1/8] Add /_synapse path permission for administration API --- scripts/install | 3 +++ scripts/upgrade | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/scripts/install b/scripts/install index 8c62ee9a..1248241f 100644 --- a/scripts/install +++ b/scripts/install @@ -336,6 +336,9 @@ ynh_permission_update --permission=main --show_tile=false --protected=true ynh_permission_create --permission=server_api --url=$domain/_matrix \ --label="Server access for client apps." --show_tile=false --allowed=visitors \ --auth_header=false --protected=true +ynh_permission_create --permission=admin_api --url=$domain/_synapse \ + --label="Server administration API." --show_tile=false \ + --auth_header=false if yunohost --output-as plain domain list | grep -q "^$server_name$"; then ynh_permission_create --permission=server_client_infos --url=$server_name/.well-known/matrix \ --label="Server info for clients. (well-known)" --show_tile=false --allowed=visitors \ diff --git a/scripts/upgrade b/scripts/upgrade index 536ca48d..cc7a2ec2 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -439,6 +439,12 @@ elif yunohost --output-as plain domain list | grep -q "^$server_name"'$'; then --protected=true fi +if ! ynh_permission_exists --permission=admin_api; then + ynh_permission_create --permission=admin_api --url=$domain/_synapse \ + --label="Server administration API." --show_tile=false \ + --auth_header=false +fi + #================================================= # SECURE FILES AND DIRECTORIES #================================================= From 918fe60b7ab9c422577e6ef02040646aadfb1525 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sun, 18 Sep 2022 12:29:14 +0200 Subject: [PATCH 2/8] Add documentation on admin API --- doc/DISCLAIMER.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 9661fd14..197e63a2 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -105,6 +105,14 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information +### Administration API + +Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. +By default, no one has access to this path. + +If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), +you need to give this permission to visitors. + ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: From 8e3f7d978c9fd799b23886605543e5463b2710d3 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 9 Apr 2022 01:05:29 +0200 Subject: [PATCH 3/8] Handle /_synapse permission in change_url too --- scripts/change_url | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/change_url b/scripts/change_url index fa8668ed..699a5020 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -122,7 +122,9 @@ ynh_add_config --template="log.yaml" --destination="/etc/matrix-$app/log.yaml" ynh_script_progression --message="Configuring permissions..." --weight=1 ynh_permission_url --permission=server_api --clear_urls -ynh_permission_url --permission=server_api --url=$domain/_matrix --additional_urls=$server_name/.well-known/matrix \ +ynh_permission_url --permission=server_api --url=$domain/_matrix --additional_urls=$server_name/.well-known/matrix +ynh_permission_url --permission=admin_api --clear_urls +ynh_permission_url --permission=admin_api --url=$domain/_synapse #================================================= # RELOAD SERVICES From d34d6e93ddf29145df35f11acaba7fd147a720ee Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 18 Sep 2022 10:29:50 +0000 Subject: [PATCH 4/8] Auto-update README --- README.md | 8 ++++++++ README_fr.md | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/README.md b/README.md index 3be92bb3..94f70d41 100644 --- a/README.md +++ b/README.md @@ -131,6 +131,14 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information +### Administration API + +Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. +By default, no one has access to this path. + +If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), +you need to give this permission to visitors. + ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: diff --git a/README_fr.md b/README_fr.md index 7742b040..85c5f4d5 100644 --- a/README_fr.md +++ b/README_fr.md @@ -131,6 +131,14 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information +### Administration API + +Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. +By default, no one has access to this path. + +If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), +you need to give this permission to visitors. + ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: From 64fa0716c5cdc1c6232fac8b4859326c2490f786 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Tue, 20 Sep 2022 21:04:22 +0200 Subject: [PATCH 5/8] Readd missing disclaimer items --- doc/DISCLAIMER.md | 56 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 197e63a2..c813daaf 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -105,6 +105,23 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information +## Administation + +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** + +Before any manipulation it's recommended to do a backup by this following command : + +`sudo yunohost backup create --apps synapse` + +### Set user as admin + +Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. + +The following command will grant admin privilege to the specified user: +``` +su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" +``` + ### Administration API Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. @@ -113,6 +130,45 @@ By default, no one has access to this path. If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), you need to give this permission to visitors. +Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). + +### Upgrade + +By default a backup is made before the upgrade. To avoid this you have theses following possibilites: +- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` +- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command: + +`yunohost app setting synapse disable_backup_before_upgrade -v 1` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade synapse` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop synapse service with theses following command: + +`systemctl stop synapse.service` + +- Launch the backup of synapse with this following command: + +`yunohost backup create --app synapse` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. +- Restart the synapse service with these command: + +`systemctl start synapse.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. + +Use the `--purge` flag with the command, or remove it manually to purge app user data. + ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: From b29f96fcf1d0be1255d0d3567947baf8e154fc80 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 20 Sep 2022 19:04:57 +0000 Subject: [PATCH 6/8] Auto-update README --- README.md | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++ README_fr.md | 56 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 112 insertions(+) diff --git a/README.md b/README.md index 94f70d41..9e648d7b 100644 --- a/README.md +++ b/README.md @@ -131,6 +131,23 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information +## Administation + +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** + +Before any manipulation it's recommended to do a backup by this following command : + +`sudo yunohost backup create --apps synapse` + +### Set user as admin + +Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. + +The following command will grant admin privilege to the specified user: +``` +su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" +``` + ### Administration API Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. @@ -139,6 +156,45 @@ By default, no one has access to this path. If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), you need to give this permission to visitors. +Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). + +### Upgrade + +By default a backup is made before the upgrade. To avoid this you have theses following possibilites: +- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` +- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command: + +`yunohost app setting synapse disable_backup_before_upgrade -v 1` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade synapse` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop synapse service with theses following command: + +`systemctl stop synapse.service` + +- Launch the backup of synapse with this following command: + +`yunohost backup create --app synapse` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. +- Restart the synapse service with these command: + +`systemctl start synapse.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. + +Use the `--purge` flag with the command, or remove it manually to purge app user data. + ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: diff --git a/README_fr.md b/README_fr.md index 85c5f4d5..1daa9a2a 100644 --- a/README_fr.md +++ b/README_fr.md @@ -131,6 +131,23 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information +## Administation + +**All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** + +Before any manipulation it's recommended to do a backup by this following command : + +`sudo yunohost backup create --apps synapse` + +### Set user as admin + +Actually there are no functions in the client interface to set a user as admin. So it's possible to enable it manually in the database. + +The following command will grant admin privilege to the specified user: +``` +su --command="psql matrix_synapse" postgres <<< "UPDATE users SET admin = 1 WHERE name = '@user_to_be_admin:domain.tld'" +``` + ### Administration API Synapse's administration API endpoints are under `/_synapse` path and protected with the `admin_api` permission. @@ -139,6 +156,45 @@ By default, no one has access to this path. If you wish to access it, for example to use [Synapse Admin](https://github.com/YunoHost-Apps/synapse-admin_ynh), you need to give this permission to visitors. +Then, to log in the API with your credentials, you need to set your user as admin (cf. precedent section). + +### Upgrade + +By default a backup is made before the upgrade. To avoid this you have theses following possibilites: +- Call the command with the `-b` flag: `yunohost app upgrade synapse -b` +- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command: + +`yunohost app setting synapse disable_backup_before_upgrade -v 1` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade synapse` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop synapse service with theses following command: + +`systemctl stop synapse.service` + +- Launch the backup of synapse with this following command: + +`yunohost backup create --app synapse` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/matrix-synapse`. +- Restart the synapse service with these command: + +`systemctl start synapse.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/matrix-synapse` **is not removed**. + +Use the `--purge` flag with the command, or remove it manually to purge app user data. + ### Multi instance support To give a possibility to have multiple domains you can use multiple instances of synapse. In this case all instances will run on different ports so it's really important to put a SRV record in your domain. You can get the port that you need to put in your SRV record with this following command: From dbb80b4a0930b0f2ced2bc3f647725b5363387f3 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Tue, 20 Sep 2022 21:06:47 +0200 Subject: [PATCH 7/8] Typo in disclaimer --- doc/DISCLAIMER.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index c813daaf..62381c90 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -105,7 +105,7 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information -## Administation +## Administration **All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** From b6108b7d69d44881cc63cc15492f6af269c4f1be Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 20 Sep 2022 19:07:01 +0000 Subject: [PATCH 8/8] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9e648d7b..0063f708 100644 --- a/README.md +++ b/README.md @@ -131,7 +131,7 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information -## Administation +## Administration **All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.** diff --git a/README_fr.md b/README_fr.md index 1daa9a2a..450f0345 100644 --- a/README_fr.md +++ b/README_fr.md @@ -131,7 +131,7 @@ This app doesn't provide any real good web interface. So it's recommended to use ## Additional information -## Administation +## Administration **All documentation of this section is not warranted. A bad use of command could break the app and all the data. So use these commands at your own risk.**