- This will allow us to remove the code needed for force upgrading. Upgrade code
can be dropped after a while.
- This will ensure that all our users have a single configuration format which
will make future testing easier.
- We can notify the users of a single overwrite now and be assured that in
future, the overwrites of configuration will not happen.
- We don't have to monitor for changes to configuration files in future version
of the package.
- Keep old configuration as a backup file and restore a pristine copy with
--reinstall and --force-confmiss.
Tests:
- Install the app freshly. Configuration file is unchanged, new config snippets
are created. App is running.
- Install the app with code before new configuration changes. Notice that old
configuration format is used. Then switch the code to a branch with current
changes. Setup is automatically executed. The package is reinstalled. After
re-installation, the main config file is restored. Configuration snippets exist.
value of public registration and domain is preserved. Backup file exists with
previous configuration contents.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Pass the `mail` attribute as an empty string instead of None (null in yaml)
Fixes#1484
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Whatever function is passed in post_exit can simply be called by the caller
itself as the next statement.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
If a valid certificate is available but not yet setup, the earlier code assumes
there is a valid certificate.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Immediately after the installation, a self-signed certificate is used because
domain name is not available. However, after domain name becomes available,
setup a Let's Encrypt certificate.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Setting permissions after copying the file will lead to momentary exposure of
the private key to other users on the system. Use umask instead.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Don't match the hook's domain against domain set in configuration. We already
check if the domain matches the Matrix Synapse configured domain.
- Fix un-checking letsencrypt option for matrixsynapse. Keep the old certificate
but don't throw error. This means future certificates are not renewed.
- Use utility get_configured_domain_name()
- Style function names without uppercase.
- Style multi-line docstrings correctly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Matrix requires valid certificates for federation with other servers from
version 1.0 onward. If the FreedomBox server already has LE cert and private
key, copy them into /etc/matrix-synapse
- Add certificate renewal hooks for Matrix Synapse. Reusing the certificate
renewal mechanism built for ejabberd with matrix-synapse as well. One notable
difference is that Matrix Synapse doesn't support switching the domain name or
dropping the Let's Encrypt certificate.
- Use self-signed certificate if there is no LE certificate. Matrix Synapse
server startup fails if the files homeserver.tls.crt and homeserver.tls.key
are missing.
- Copy Apache's snakeoil certificates to /etc/matrix-synapse when LE
certificates are not available. Prefer LE certificates if available.
- Display warning if no valid LE certificate is found.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
- Drop the `bind_address` key during upgrade
- Use the new `bind_addresses` key instead
Fixes#1420
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
/etc/matrix-synapse/homeserver.yaml file has several complex cases of inline
comments which are introducing bugs when parsed with ruamel.yaml
Eliminated the problem by discarding comments altogether since the YAML data is
only read by Plinth and not by a human.
Closes#1214
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This does not effect the first install but is necessary when upgrading to newer
Plinth module version.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
* Fixing wrong function calls leading to error 500.
* Merging enable/disabling/status into single action, to improve
handling in cli, and reduce code duplication.
* Fixing order of restart and enabling of public registration option.
* Minor, cosmetic fixes of code and user-facing strings.
* Overall code design now almost identical to Ejabberd service page.
Signed-off-by: Johannes Keyser <johanneskeyser@posteo.de>
- Change the configuration minimally and more reliably.
- Rename the Apache configuration and add comments.
- Rename firewalld description file.
- Enable the matrixsynapse module by default.
- Improve category, description texts and warnings.
- Remove unused variable.
- Add missing docstrings.
- Minor styling updates.
- Fix i18n in templates.
- Fix showing description in main service view.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
