# -*- mode: shell-script -*- yaml_opt_flatten() { local prefix="$1" key value while read-0 key value; do if [ "$prefix" ]; then new_prefix="${prefix}-${key}" else new_prefix="${key}" fi if [[ "$(echo "$value" | shyaml get-type)" == "struct" ]]; then echo "$value" | yaml_opt_flatten "${new_prefix}" else printf "%s\0%s\0" "${new_prefix}" "$value" fi done < <(shyaml key-values-0) } CFG_DIR=/etc/synapse DATA_DIR=/data CONFIG_FILE="$DATA_DIR/homeserver.yaml" HOST_CONFIG_FILE="${SERVICE_DATASTORE}$CONFIG_FILE" setup_dirs() { local dirs dir dirs=("$SERVICE_DATASTORE/data") uid_gid=($(docker_get_uid_gid "$SERVICE_NAME" "root" "root")) || { err "Could not fetch uid/gid on image of service ${DARKYELLOW}$SERVICE_NAME${NORMAL}." return 1 } uid="991" gid="991" for dir in "${dirs[@]}"; do mkdir -p "$dir" find "$dir" \! -uid "$uid" -print0 | while read-0 f; do chown -v "$uid" "$f" || return 1 done find "$dir" \! -gid "$gid" -print0 | while read-0 f; do chgrp -v "$gid" "$f" || return 1 done done dirs=( "${SERVICE_CONFIGSTORE}/$CFG_DIR" "${SERVICE_DATASTORE}/$DATA_DIR/keys" "${SERVICE_DATASTORE}/$DATA_DIR/media" ) for dir in "${dirs[@]}"; do mkdir -p "$dir" chown "$uid:$gid" "$dir" done } cfg-merge() { local yaml="$1" merge_yaml_str "$(cat "$HOST_CONFIG_FILE" 2>/dev/null)" \ "$yaml" > "$HOST_CONFIG_FILE.tmp" || return 1 mv "$HOST_CONFIG_FILE.tmp" "$HOST_CONFIG_FILE" } cfg-base() { cat < "$HOST_CONFIG_FILE" ## Server ## Not running as a daemon # pid_file: /var/run/synapse/synapse.pid web_client: False soft_file_limit: 0 log_config: "$DATA_DIR/logging.yml" ## Ports listeners: - port: 8008 tls: false bind_addresses: ['::'] type: http x_forwarded: false resources: - names: [client] compress: true - names: [federation] compress: false ## Database ## database: name: "sqlite3" args: database: "$DATA_DIR/homeserver.db" ## Performance ## event_cache_size: 10K ## Ratelimiting ## rc_messages_per_second: 0.2 rc_message_burst_count: 10.0 federation_rc_window_size: 1000 federation_rc_sleep_limit: 10 federation_rc_sleep_delay: 500 federation_rc_reject_limit: 50 federation_rc_concurrent: 3 ## Files ## media_store_path: "$DATA_DIR/media" uploads_path: "$DATA_DIR/uploads" max_upload_size: "10M" max_image_pixels: "32M" dynamic_thumbnails: false # List of thumbnail to precalculate when an image is uploaded. thumbnail_sizes: - width: 32 height: 32 method: crop - width: 96 height: 96 method: crop - width: 320 height: 240 method: scale - width: 640 height: 480 method: scale - width: 800 height: 600 method: scale url_preview_enabled: false max_spider_size: "10M" ## Registration ## enable_registration: false enable_registration_captcha: false bcrypt_rounds: 12 allow_guest_access: true enable_group_creation: true ## TURN turn_allow_guests: true turn_shared_secret: YOUR_SHARED_SECRET turn_uris: [] turn_user_lifetime: 1h # The list of identity servers trusted to verify third party # identifiers by this server. # # Also defines the ID server which will be called when an account is # deactivated (one will be picked arbitrarily). trusted_third_party_id_servers: - matrix.org - vector.im suppress_key_server_warning: true ## Metrics enable_metrics: false report_stats: false ## API Configuration room_invite_state_types: - "m.room.join_rules" - "m.room.canonical_alias" - "m.room.avatar" - "m.room.name" expire_access_token: False ## Signing Keys ## signing_key_path: "$DATA_DIR/keys/synapse.signing.key" old_signing_keys: {} key_refresh_interval: "1d" # 1 Day. # The trusted servers to download signing keys from. perspectives: servers: "matrix.org": verify_keys: "ed25519:auto": key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw" password_config: enabled: true recaptcha_siteverify_api: https://www.google.com/recaptcha/api/siteverify app_service_config_files: [] EOF cat < "$SERVICE_DATASTORE$DATA_DIR"/logging.yml version: 1 formatters: precise: format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s' filters: context: (): synapse.util.logcontext.LoggingContextFilter request: "" handlers: console: class: logging.StreamHandler formatter: precise filters: [context] loggers: synapse: level: WARNING synapse.storage.SQL: # beware: increasing this to DEBUG will make synapse log sensitive # information such as access tokens. level: WARNING root: level: WARNING handlers: [console] EOF } config_hash() { debug "Adding config hash to enable recreating upon config change." config_hash=$({ cat "$HOST_CONFIG_FILE" } | md5_compat) || exit 1 init-config-add " $SERVICE_NAME: labels: - compose.config_hash=$config_hash " }