0k-charms/synapse/lib/common

# -*- mode: shell-script -*-


yaml_opt_flatten() {
    local prefix="$1" key value
    while read-0 key value; do
        if [ "$prefix" ]; then
            new_prefix="${prefix}-${key}"
        else
            new_prefix="${key}"
        fi
        if [[ "$(echo "$value" | shyaml get-type)" == "struct" ]]; then
            echo "$value" | yaml_opt_flatten "${new_prefix}"
        else
            printf "%s\0%s\0" "${new_prefix}" "$value"
        fi
    done < <(shyaml key-values-0)
}


CFG_DIR=/etc/synapse
DATA_DIR=/var/lib/synapse
CONFIG_FILE="$CFG_DIR/config.yml"
HOST_CONFIG_FILE="${SERVICE_CONFIGSTORE}$CONFIG_FILE"


setup_dirs() {
    local dirs dir

    dirs=("$SERVICE_DATASTORE/var/lib/synapse")
    uid_gid=($(docker_get_uid_gid "$SERVICE_NAME" "synapse" "synapse")) || {
        err "Could not fetch uid/gid on image of service ${DARKYELLOW}$SERVICE_NAME${NORMAL}."
        return 1
    }
    uid="${uid_gid[0]}"
    gid="${uid_gid[1]}"
    for dir in "${dirs[@]}"; do
        mkdir -p "$dir"
        find "$dir" \! -uid "$uid" -exec chown -v "$uid" {} \;
        find "$dir" \! -gid "$gid" -exec chgrp -v "$gid" {} \;
    done

    dirs=(
        "${SERVICE_CONFIGSTORE}/$CFG_DIR"
        "${SERVICE_DATASTORE}/var/lib/synapse/keys"
    )
    for dir in "${dirs[@]}"; do
        mkdir -p "$dir"
        chown "$uid:$gid" "$dir"
    done
}


cfg-merge() {
    local yaml="$1"
    merge_yaml_str "$(cat "$HOST_CONFIG_FILE" 2>/dev/null)" \
                    "$yaml" > "$HOST_CONFIG_FILE.tmp" || return 1
    mv "$HOST_CONFIG_FILE.tmp" "$HOST_CONFIG_FILE"
}


cfg-base() {
    cat <<EOF > "$HOST_CONFIG_FILE"

## Server

## Not running as a daemon
# pid_file: /var/run/synapse/synapse.pid
web_client: False
soft_file_limit: 0
log_config: "$CFG_DIR/logging.yml"

## Ports

listeners:
  - port: 8008
    tls: false
    bind_addresses: ['::']
    type: http
    x_forwarded: false

    resources:
      - names: [client]
        compress: true
      - names: [federation]
        compress: false

## Database ##

database:
  name: "sqlite3"
  args:
    database: "$DATA_DIR/homeserver.db"

## Performance ##

event_cache_size: 10K

## Ratelimiting ##

rc_messages_per_second: 0.2
rc_message_burst_count: 10.0
federation_rc_window_size: 1000
federation_rc_sleep_limit: 10
federation_rc_sleep_delay: 500
federation_rc_reject_limit: 50
federation_rc_concurrent: 3

## Files ##

media_store_path: "$DATA_DIR/media"
uploads_path: "$DATA_DIR/uploads"
max_upload_size: "10M"
max_image_pixels: "32M"
dynamic_thumbnails: false

# List of thumbnail to precalculate when an image is uploaded.
thumbnail_sizes:
- width: 32
  height: 32
  method: crop
- width: 96
  height: 96
  method: crop
- width: 320
  height: 240
  method: scale
- width: 640
  height: 480
  method: scale
- width: 800
  height: 600
  method: scale

url_preview_enabled: false
max_spider_size: "10M"

## Registration ##

enable_registration: false
enable_registration_captcha: false

bcrypt_rounds: 12
allow_guest_access: true
enable_group_creation: true

## TURN

turn_allow_guests: true
turn_shared_secret: YOUR_SHARED_SECRET
turn_uris: []
turn_user_lifetime: 1h


# The list of identity servers trusted to verify third party
# identifiers by this server.
#
# Also defines the ID server which will be called when an account is
# deactivated (one will be picked arbitrarily).
trusted_third_party_id_servers:
    - matrix.org
    - vector.im

## Metrics

enable_metrics: false
report_stats: false

## API Configuration

room_invite_state_types:
    - "m.room.join_rules"
    - "m.room.canonical_alias"
    - "m.room.avatar"
    - "m.room.name"

expire_access_token: False

## Signing Keys ##

signing_key_path: "$DATA_DIR/keys/synapse.signing.key"
old_signing_keys: {}
key_refresh_interval: "1d" # 1 Day.


# The trusted servers to download signing keys from.
perspectives:
  servers:
    "matrix.org":
      verify_keys:
        "ed25519:auto":
          key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"


password_config:
   enabled: true


recaptcha_siteverify_api: https://www.google.com/recaptcha/api/siteverify

app_service_config_files: []

EOF

    cat <<EOF > "$SERVICE_CONFIGSTORE$CFG_DIR"/logging.yml
version: 1

formatters:
  precise:
   format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'

filters:
  context:
    (): synapse.util.logcontext.LoggingContextFilter
    request: ""

handlers:
  console:
    class: logging.StreamHandler
    formatter: precise
    filters: [context]

loggers:
    synapse:
        level: WARNING

    synapse.storage.SQL:
        # beware: increasing this to DEBUG will make synapse log sensitive
        # information such as access tokens.
        level: WARNING

root:
    level: WARNING
    handlers: [console]

EOF
}


config_hash() {
    debug "Adding config hash to enable recreating upon config change."
    config_hash=$({
                     cat "$HOST_CONFIG_FILE"
                  } | md5_compat) || exit 1
    init-config-add "
$SERVICE_NAME:
  labels:
  - compose.config_hash=$config_hash
"
}