You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
258 lines
5.1 KiB
258 lines
5.1 KiB
# -*- mode: shell-script -*-
|
|
|
|
|
|
yaml_opt_flatten() {
|
|
local prefix="$1" key value
|
|
while read-0 key value; do
|
|
if [ "$prefix" ]; then
|
|
new_prefix="${prefix}-${key}"
|
|
else
|
|
new_prefix="${key}"
|
|
fi
|
|
if [[ "$(echo "$value" | shyaml get-type)" == "struct" ]]; then
|
|
echo "$value" | yaml_opt_flatten "${new_prefix}"
|
|
else
|
|
printf "%s\0%s\0" "${new_prefix}" "$value"
|
|
fi
|
|
done < <(shyaml key-values-0)
|
|
}
|
|
|
|
|
|
CFG_DIR=/etc/synapse
|
|
DATA_DIR=/data
|
|
CONFIG_FILE="$DATA_DIR/homeserver.yaml"
|
|
HOST_CONFIG_FILE="${SERVICE_DATASTORE}$CONFIG_FILE"
|
|
|
|
|
|
setup_dirs() {
|
|
local dirs dir
|
|
|
|
dirs=("$SERVICE_DATASTORE/data")
|
|
uid_gid=($(docker_get_uid_gid "$SERVICE_NAME" "root" "root")) || {
|
|
err "Could not fetch uid/gid on image of service ${DARKYELLOW}$SERVICE_NAME${NORMAL}."
|
|
return 1
|
|
}
|
|
uid="991"
|
|
gid="991"
|
|
for dir in "${dirs[@]}"; do
|
|
mkdir -p "$dir"
|
|
find "$dir" \! -uid "$uid" -print0 | while read-0 f; do
|
|
chown -v "$uid" "$f" || return 1
|
|
done
|
|
find "$dir" \! -gid "$gid" -print0 | while read-0 f; do
|
|
chgrp -v "$gid" "$f" || return 1
|
|
done
|
|
done
|
|
|
|
dirs=(
|
|
"${SERVICE_CONFIGSTORE}/$CFG_DIR"
|
|
"${SERVICE_DATASTORE}/$DATA_DIR/keys"
|
|
"${SERVICE_DATASTORE}/$DATA_DIR/media"
|
|
)
|
|
for dir in "${dirs[@]}"; do
|
|
mkdir -p "$dir"
|
|
chown "$uid:$gid" "$dir"
|
|
done
|
|
}
|
|
|
|
|
|
cfg-merge() {
|
|
local yaml="$1"
|
|
merge_yaml_str "$(cat "$HOST_CONFIG_FILE" 2>/dev/null)" \
|
|
"$yaml" > "$HOST_CONFIG_FILE.tmp" || return 1
|
|
mv "$HOST_CONFIG_FILE.tmp" "$HOST_CONFIG_FILE"
|
|
}
|
|
|
|
|
|
|
|
|
|
cfg-base() {
|
|
cat <<EOF > "$HOST_CONFIG_FILE"
|
|
|
|
## Server
|
|
|
|
## Not running as a daemon
|
|
# pid_file: /var/run/synapse/synapse.pid
|
|
web_client: False
|
|
soft_file_limit: 0
|
|
log_config: "$DATA_DIR/logging.yml"
|
|
|
|
## Ports
|
|
|
|
listeners:
|
|
- port: 8008
|
|
tls: false
|
|
bind_addresses: ['::']
|
|
type: http
|
|
x_forwarded: false
|
|
|
|
resources:
|
|
- names: [client]
|
|
compress: true
|
|
- names: [federation]
|
|
compress: false
|
|
|
|
## Database ##
|
|
|
|
database:
|
|
name: "sqlite3"
|
|
args:
|
|
database: "$DATA_DIR/homeserver.db"
|
|
|
|
## Performance ##
|
|
|
|
event_cache_size: 10K
|
|
|
|
## Ratelimiting ##
|
|
|
|
rc_messages_per_second: 0.2
|
|
rc_message_burst_count: 10.0
|
|
federation_rc_window_size: 1000
|
|
federation_rc_sleep_limit: 10
|
|
federation_rc_sleep_delay: 500
|
|
federation_rc_reject_limit: 50
|
|
federation_rc_concurrent: 3
|
|
|
|
## Files ##
|
|
|
|
media_store_path: "$DATA_DIR/media"
|
|
uploads_path: "$DATA_DIR/uploads"
|
|
max_upload_size: "10M"
|
|
max_image_pixels: "32M"
|
|
dynamic_thumbnails: false
|
|
|
|
# List of thumbnail to precalculate when an image is uploaded.
|
|
thumbnail_sizes:
|
|
- width: 32
|
|
height: 32
|
|
method: crop
|
|
- width: 96
|
|
height: 96
|
|
method: crop
|
|
- width: 320
|
|
height: 240
|
|
method: scale
|
|
- width: 640
|
|
height: 480
|
|
method: scale
|
|
- width: 800
|
|
height: 600
|
|
method: scale
|
|
|
|
url_preview_enabled: false
|
|
max_spider_size: "10M"
|
|
|
|
## Registration ##
|
|
|
|
enable_registration: false
|
|
enable_registration_captcha: false
|
|
|
|
bcrypt_rounds: 12
|
|
allow_guest_access: true
|
|
enable_group_creation: true
|
|
|
|
## TURN
|
|
|
|
turn_allow_guests: true
|
|
turn_shared_secret: YOUR_SHARED_SECRET
|
|
turn_uris: []
|
|
turn_user_lifetime: 1h
|
|
|
|
|
|
# The list of identity servers trusted to verify third party
|
|
# identifiers by this server.
|
|
#
|
|
# Also defines the ID server which will be called when an account is
|
|
# deactivated (one will be picked arbitrarily).
|
|
trusted_third_party_id_servers:
|
|
- matrix.org
|
|
- vector.im
|
|
suppress_key_server_warning: true
|
|
## Metrics
|
|
|
|
enable_metrics: false
|
|
report_stats: false
|
|
|
|
## API Configuration
|
|
|
|
room_invite_state_types:
|
|
- "m.room.join_rules"
|
|
- "m.room.canonical_alias"
|
|
- "m.room.avatar"
|
|
- "m.room.name"
|
|
|
|
expire_access_token: False
|
|
|
|
## Signing Keys ##
|
|
|
|
signing_key_path: "$DATA_DIR/keys/synapse.signing.key"
|
|
old_signing_keys: {}
|
|
key_refresh_interval: "1d" # 1 Day.
|
|
|
|
|
|
# The trusted servers to download signing keys from.
|
|
perspectives:
|
|
servers:
|
|
"matrix.org":
|
|
verify_keys:
|
|
"ed25519:auto":
|
|
key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
|
|
|
|
|
|
password_config:
|
|
enabled: true
|
|
|
|
|
|
recaptcha_siteverify_api: https://www.google.com/recaptcha/api/siteverify
|
|
|
|
app_service_config_files: []
|
|
|
|
EOF
|
|
|
|
cat <<EOF > "$SERVICE_DATASTORE$DATA_DIR"/logging.yml
|
|
version: 1
|
|
|
|
formatters:
|
|
precise:
|
|
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
|
|
|
|
filters:
|
|
context:
|
|
(): synapse.util.logcontext.LoggingContextFilter
|
|
request: ""
|
|
|
|
handlers:
|
|
console:
|
|
class: logging.StreamHandler
|
|
formatter: precise
|
|
filters: [context]
|
|
|
|
loggers:
|
|
synapse:
|
|
level: WARNING
|
|
|
|
synapse.storage.SQL:
|
|
# beware: increasing this to DEBUG will make synapse log sensitive
|
|
# information such as access tokens.
|
|
level: WARNING
|
|
|
|
root:
|
|
level: WARNING
|
|
handlers: [console]
|
|
|
|
EOF
|
|
}
|
|
|
|
|
|
config_hash() {
|
|
debug "Adding config hash to enable recreating upon config change."
|
|
config_hash=$({
|
|
cat "$HOST_CONFIG_FILE"
|
|
} | md5_compat) || exit 1
|
|
init-config-add "
|
|
$SERVICE_NAME:
|
|
labels:
|
|
- compose.config_hash=$config_hash
|
|
"
|
|
}
|
|
|