255 lines
5.1 KiB

  1. # -*- mode: shell-script -*-
  2. yaml_opt_flatten() {
  3. local prefix="$1" key value
  4. while read-0 key value; do
  5. if [ "$prefix" ]; then
  6. new_prefix="${prefix}-${key}"
  7. else
  8. new_prefix="${key}"
  9. fi
  10. if [[ "$(echo "$value" | shyaml get-type)" == "struct" ]]; then
  11. echo "$value" | yaml_opt_flatten "${new_prefix}"
  12. else
  13. printf "%s\0%s\0" "${new_prefix}" "$value"
  14. fi
  15. done < <(shyaml key-values-0)
  16. }
  17. CFG_DIR=/etc/synapse
  18. DATA_DIR=/var/lib/synapse
  19. CONFIG_FILE="$CFG_DIR/config.yml"
  20. HOST_CONFIG_FILE="${SERVICE_CONFIGSTORE}$CONFIG_FILE"
  21. setup_dirs() {
  22. local dirs dir
  23. dirs=("$SERVICE_DATASTORE/var/lib/synapse")
  24. uid_gid=($(docker_get_uid_gid "$SERVICE_NAME" "synapse" "synapse")) || {
  25. err "Could not fetch uid/gid on image of service ${DARKYELLOW}$SERVICE_NAME${NORMAL}."
  26. return 1
  27. }
  28. uid="${uid_gid[0]}"
  29. gid="${uid_gid[1]}"
  30. for dir in "${dirs[@]}"; do
  31. mkdir -p "$dir"
  32. find "$dir" \! -uid "$uid" -print0 | while read-0 f; do
  33. chown -v "$uid" "$f" || return 1
  34. done
  35. find "$dir" \! -gid "$gid" -print0 | while read-0 f; do
  36. chgrp -v "$gid" "$f" || return 1
  37. done
  38. done
  39. dirs=(
  40. "${SERVICE_CONFIGSTORE}/$CFG_DIR"
  41. "${SERVICE_DATASTORE}/var/lib/synapse/keys"
  42. )
  43. for dir in "${dirs[@]}"; do
  44. mkdir -p "$dir"
  45. chown "$uid:$gid" "$dir"
  46. done
  47. }
  48. cfg-merge() {
  49. local yaml="$1"
  50. merge_yaml_str "$(cat "$HOST_CONFIG_FILE" 2>/dev/null)" \
  51. "$yaml" > "$HOST_CONFIG_FILE.tmp" || return 1
  52. mv "$HOST_CONFIG_FILE.tmp" "$HOST_CONFIG_FILE"
  53. }
  54. cfg-base() {
  55. cat <<EOF > "$HOST_CONFIG_FILE"
  56. ## Server
  57. ## Not running as a daemon
  58. # pid_file: /var/run/synapse/synapse.pid
  59. web_client: False
  60. soft_file_limit: 0
  61. log_config: "$CFG_DIR/logging.yml"
  62. ## Ports
  63. listeners:
  64. - port: 8008
  65. tls: false
  66. bind_addresses: ['::']
  67. type: http
  68. x_forwarded: false
  69. resources:
  70. - names: [client]
  71. compress: true
  72. - names: [federation]
  73. compress: false
  74. ## Database ##
  75. database:
  76. name: "sqlite3"
  77. args:
  78. database: "$DATA_DIR/homeserver.db"
  79. ## Performance ##
  80. event_cache_size: 10K
  81. ## Ratelimiting ##
  82. rc_messages_per_second: 0.2
  83. rc_message_burst_count: 10.0
  84. federation_rc_window_size: 1000
  85. federation_rc_sleep_limit: 10
  86. federation_rc_sleep_delay: 500
  87. federation_rc_reject_limit: 50
  88. federation_rc_concurrent: 3
  89. ## Files ##
  90. media_store_path: "$DATA_DIR/media"
  91. uploads_path: "$DATA_DIR/uploads"
  92. max_upload_size: "10M"
  93. max_image_pixels: "32M"
  94. dynamic_thumbnails: false
  95. # List of thumbnail to precalculate when an image is uploaded.
  96. thumbnail_sizes:
  97. - width: 32
  98. height: 32
  99. method: crop
  100. - width: 96
  101. height: 96
  102. method: crop
  103. - width: 320
  104. height: 240
  105. method: scale
  106. - width: 640
  107. height: 480
  108. method: scale
  109. - width: 800
  110. height: 600
  111. method: scale
  112. url_preview_enabled: false
  113. max_spider_size: "10M"
  114. ## Registration ##
  115. enable_registration: false
  116. enable_registration_captcha: false
  117. bcrypt_rounds: 12
  118. allow_guest_access: true
  119. enable_group_creation: true
  120. ## TURN
  121. turn_allow_guests: true
  122. turn_shared_secret: YOUR_SHARED_SECRET
  123. turn_uris: []
  124. turn_user_lifetime: 1h
  125. # The list of identity servers trusted to verify third party
  126. # identifiers by this server.
  127. #
  128. # Also defines the ID server which will be called when an account is
  129. # deactivated (one will be picked arbitrarily).
  130. trusted_third_party_id_servers:
  131. - matrix.org
  132. - vector.im
  133. ## Metrics
  134. enable_metrics: false
  135. report_stats: false
  136. ## API Configuration
  137. room_invite_state_types:
  138. - "m.room.join_rules"
  139. - "m.room.canonical_alias"
  140. - "m.room.avatar"
  141. - "m.room.name"
  142. expire_access_token: False
  143. ## Signing Keys ##
  144. signing_key_path: "$DATA_DIR/keys/synapse.signing.key"
  145. old_signing_keys: {}
  146. key_refresh_interval: "1d" # 1 Day.
  147. # The trusted servers to download signing keys from.
  148. perspectives:
  149. servers:
  150. "matrix.org":
  151. verify_keys:
  152. "ed25519:auto":
  153. key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
  154. password_config:
  155. enabled: true
  156. recaptcha_siteverify_api: https://www.google.com/recaptcha/api/siteverify
  157. app_service_config_files: []
  158. EOF
  159. cat <<EOF > "$SERVICE_CONFIGSTORE$CFG_DIR"/logging.yml
  160. version: 1
  161. formatters:
  162. precise:
  163. format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
  164. filters:
  165. context:
  166. (): synapse.util.logcontext.LoggingContextFilter
  167. request: ""
  168. handlers:
  169. console:
  170. class: logging.StreamHandler
  171. formatter: precise
  172. filters: [context]
  173. loggers:
  174. synapse:
  175. level: WARNING
  176. synapse.storage.SQL:
  177. # beware: increasing this to DEBUG will make synapse log sensitive
  178. # information such as access tokens.
  179. level: WARNING
  180. root:
  181. level: WARNING
  182. handlers: [console]
  183. EOF
  184. }
  185. config_hash() {
  186. debug "Adding config hash to enable recreating upon config change."
  187. config_hash=$({
  188. cat "$HOST_CONFIG_FILE"
  189. } | md5_compat) || exit 1
  190. init-config-add "
  191. $SERVICE_NAME:
  192. labels:
  193. - compose.config_hash=$config_hash
  194. "
  195. }