207 lines
6.5 KiB

#!/bin/bash
## Init is run on host
## For now it is run every time the script is launched, but
## it should be launched only once after build.
## Accessible variables are:
## - SERVICE_NAME Name of current service
## - DOCKER_BASE_IMAGE Base image from which this service might be built if any
## - SERVICE_DATASTORE Location on host of the DATASTORE of this service
## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service
. lib/common
# Please note that postgres detect on its own if its datadir needs to be populated
service_def=$(get_compose_service_def "$SERVICE_NAME") || return 1
options="$(e "$service_def" | shyaml -y get-value options)" || true
SYNAPSE_OPTIONS=(
server_name:string ## The server name
report_stats:bool ## Enable anon stat reporting back to the Matrix project
enable_registration:bool ## Enable registration on the Synapse instance.
allow_guest_access:bool ## allow guest joining this server.
event_cache_size:size ## event cache size [default 10K].
max_upload_size:size ## max upload size [default 10M].
## shared secrets
registration_shared_secret:string ## registrering users if registration is disable.
macaroon_secret_key:string ## secret for signing access tokens to the server.
## recaptcha
recaptcha_public_key:string ## required to have recaptcha upon registration
recaptcha_private_key:string ## required to have recaptcha upon registration
enable_registration_captcha:bool ## required to have recaptcha upon registration
recaptcha_siteverify_api:string
## others
soft_file_limit:numeric
rc_messages_per_second:float
rc_message_burst_count:float
federation_rc_window_size:numeric
federation_rc_sleep_limit:numeric
federation_rc_sleep_delay:numeric
federation_rc_reject_limit:numeric
federation_rc_concurrent:numeric
max_image_pixels:size
dynamic_thumbnails:bool
url_preview_enabled:bool
max_spider_size:size
bcrypt_rounds:numeric
enable_group_creation:bool
trusted_third_party_id_servers:sequence
enable_metrics:bool
room_invite_state_types:sequence
expire_access_token:bool
key_refresh_interval:string
perspectives:struct
password_config:struct
## NOT SUPPORTED YET
#thumbnail_sizes
)
OPTIONS_CONCAT=" ${SYNAPSE_OPTIONS[*]} "
yaml_opts=()
while read-0 key val; do
key_option="$key"
case "$OPTIONS_CONCAT" in
*" ${key_option}:bool "*)
case "${val,,}" in
true|ok|yes|y|1)
val="\"yes\""
;;
false|ko|nok|no|n|0)
val="\"no\""
;;
*)
die "Invalid value for ${WHITE}$key$NORMAL, please use a boolean value."
;;
esac
;;
*" ${key_option}:numeric "*)
if ! is_int "$val"; then
die "Invalid value for ${WHITE}$key$NORMAL, please use numeric value."
fi
;;
*" ${key_option}:float "*)
if ! is_float "$val"; then
die "Invalid value for ${WHITE}$key$NORMAL, please use float value."
fi
;;
*" ${key_option}:struct "*)
val_type=$(e "$val" | shyaml get-type) || return 1
if [ "$val_type" != "struct" ]; then
die "Invalid value for ${WHITE}$key$NORMAL, please use struct value."
fi
;;
*" ${key_option}:sequence "*)
val_type=$(e "$val" | shyaml get-type) || return 1
if [ "$val_type" != "sequence" ]; then
die "Invalid value for ${WHITE}$key$NORMAL, please use sequence value."
fi
;;
*" ${key_option}:string "*)
:
;;
*" ${key_option}:size "*)
[[ "${val}" =~ ^[0-9\.]+[KkMmGgTtPp]$ ]] || {
die "Unknown size specification '${val}'."
}
;;
*)
case "${key//_/-}" in
*) die "Unknown option ${WHITE}$key$NORMAL.";;
esac
continue
;;
esac
yaml_opts+=("$key" "$val")
done < <(e "$options" | shyaml key-values-0)
setup_dirs || exit 1
cfg-base || exit 1
cfg-merge "$options" || exit 1
HOST_KEY_DIR=$SERVICE_DATASTORE$DATA_DIR/keys
for name_secret in registration_shared_secret macaroon_secret_key; do
secret=$(e "$options" | shyaml -q get-value "$name_secret") || true
if [ "$secret" == "None" ]; then
secret=""
fi
coming_from_file=
key_file="$HOST_KEY_DIR/${name_secret}.key"
if [ -z "$secret" ]; then
if [ -e "$key_file" ]; then
secret="$(cat "$key_file")"
coming_from_file=true
else
secret="$(gen_password 64)"
fi
cfg-merge "${name_secret}: \"$secret\"" || exit 1
fi
if [ -z "$coming_from_file" ]; then
e "$secret" > "$key_file"
chown -v "$uid:$gid" "$key_file" &&
chmod -v 600 "$key_file" || exit 1
fi
done
## XXXvlab: what to do with appservices ?
# environ["SYNAPSE_APPSERVICES"] = glob.glob("/data/appservices/*.yaml")
# {% if SYNAPSE_APPSERVICES %}
# app_service_config_files:
# {% for appservice in SYNAPSE_APPSERVICES %} - "{{ appservice }}"
# {% endfor %}
# {% else %}
# app_service_config_files: []
# {% endif %}
# ## Turn ##
# {% if SYNAPSE_TURN_URIS %}
# turn_uris:
# {% for uri in SYNAPSE_TURN_URIS.split(',') %} - "{{ uri }}"
# {% endfor %}
# turn_shared_secret: "{{ SYNAPSE_TURN_SECRET }}"
# turn_user_lifetime: "1h"
# turn_allow_guests: True
# {% else %}
# turn_uris: []
# turn_shared_secret: "YOUR_SHARED_SECRET"
# turn_user_lifetime: "1h"
# turn_allow_guests: True
# {% endif %}
## XXXvlab: for SMTP relation
# {% if SYNAPSE_SMTP_HOST %}
# email:
# enable_notifs: false
# smtp_host: "{{ SYNAPSE_SMTP_HOST }}"
# smtp_port: {{ SYNAPSE_SMTP_PORT or "25" }}
# smtp_user: "{{ SYNAPSE_SMTP_USER }}"
# smtp_pass: "{{ SYNAPSE_SMTP_PASSWORD }}"
# require_transport_security: False
# notif_from: "{{ SYNAPSE_SMTP_FROM or "hostmaster@" + SYNAPSE_SERVER_NAME }}"
# app_name: Matrix
# # if template_dir is unset, uses the example templates that are part of
# # the Synapse distribution.
# #template_dir: res/templates
# notif_template_html: notif_mail.html
# notif_template_text: notif_mail.txt
# notif_for_new_users: True
# riot_base_url: "https://{{ SYNAPSE_SERVER_NAME }}"
# {% endif %}