255 lines
5.1 KiB

# -*- mode: shell-script -*-
yaml_opt_flatten() {
local prefix="$1" key value
while read-0 key value; do
if [ "$prefix" ]; then
new_prefix="${prefix}-${key}"
else
new_prefix="${key}"
fi
if [[ "$(echo "$value" | shyaml get-type)" == "struct" ]]; then
echo "$value" | yaml_opt_flatten "${new_prefix}"
else
printf "%s\0%s\0" "${new_prefix}" "$value"
fi
done < <(shyaml key-values-0)
}
CFG_DIR=/etc/synapse
DATA_DIR=/var/lib/synapse
CONFIG_FILE="$CFG_DIR/config.yml"
HOST_CONFIG_FILE="${SERVICE_CONFIGSTORE}$CONFIG_FILE"
setup_dirs() {
local dirs dir
dirs=("$SERVICE_DATASTORE/var/lib/synapse")
uid_gid=($(docker_get_uid_gid "$SERVICE_NAME" "synapse" "synapse")) || {
err "Could not fetch uid/gid on image of service ${DARKYELLOW}$SERVICE_NAME${NORMAL}."
return 1
}
uid="${uid_gid[0]}"
gid="${uid_gid[1]}"
for dir in "${dirs[@]}"; do
mkdir -p "$dir"
find "$dir" \! -uid "$uid" -print0 | while read-0 f; do
chown -v "$uid" "$f" || return 1
done
find "$dir" \! -gid "$gid" -print0 | while read-0 f; do
chgrp -v "$gid" "$f" || return 1
done
done
dirs=(
"${SERVICE_CONFIGSTORE}/$CFG_DIR"
"${SERVICE_DATASTORE}/var/lib/synapse/keys"
)
for dir in "${dirs[@]}"; do
mkdir -p "$dir"
chown "$uid:$gid" "$dir"
done
}
cfg-merge() {
local yaml="$1"
merge_yaml_str "$(cat "$HOST_CONFIG_FILE" 2>/dev/null)" \
"$yaml" > "$HOST_CONFIG_FILE.tmp" || return 1
mv "$HOST_CONFIG_FILE.tmp" "$HOST_CONFIG_FILE"
}
cfg-base() {
cat <<EOF > "$HOST_CONFIG_FILE"
## Server
## Not running as a daemon
# pid_file: /var/run/synapse/synapse.pid
web_client: False
soft_file_limit: 0
log_config: "$CFG_DIR/logging.yml"
## Ports
listeners:
- port: 8008
tls: false
bind_addresses: ['::']
type: http
x_forwarded: false
resources:
- names: [client]
compress: true
- names: [federation]
compress: false
## Database ##
database:
name: "sqlite3"
args:
database: "$DATA_DIR/homeserver.db"
## Performance ##
event_cache_size: 10K
## Ratelimiting ##
rc_messages_per_second: 0.2
rc_message_burst_count: 10.0
federation_rc_window_size: 1000
federation_rc_sleep_limit: 10
federation_rc_sleep_delay: 500
federation_rc_reject_limit: 50
federation_rc_concurrent: 3
## Files ##
media_store_path: "$DATA_DIR/media"
uploads_path: "$DATA_DIR/uploads"
max_upload_size: "10M"
max_image_pixels: "32M"
dynamic_thumbnails: false
# List of thumbnail to precalculate when an image is uploaded.
thumbnail_sizes:
- width: 32
height: 32
method: crop
- width: 96
height: 96
method: crop
- width: 320
height: 240
method: scale
- width: 640
height: 480
method: scale
- width: 800
height: 600
method: scale
url_preview_enabled: false
max_spider_size: "10M"
## Registration ##
enable_registration: false
enable_registration_captcha: false
bcrypt_rounds: 12
allow_guest_access: true
enable_group_creation: true
## TURN
turn_allow_guests: true
turn_shared_secret: YOUR_SHARED_SECRET
turn_uris: []
turn_user_lifetime: 1h
# The list of identity servers trusted to verify third party
# identifiers by this server.
#
# Also defines the ID server which will be called when an account is
# deactivated (one will be picked arbitrarily).
trusted_third_party_id_servers:
- matrix.org
- vector.im
## Metrics
enable_metrics: false
report_stats: false
## API Configuration
room_invite_state_types:
- "m.room.join_rules"
- "m.room.canonical_alias"
- "m.room.avatar"
- "m.room.name"
expire_access_token: False
## Signing Keys ##
signing_key_path: "$DATA_DIR/keys/synapse.signing.key"
old_signing_keys: {}
key_refresh_interval: "1d" # 1 Day.
# The trusted servers to download signing keys from.
perspectives:
servers:
"matrix.org":
verify_keys:
"ed25519:auto":
key: "Noi6WqcDj0QmPxCNQqgezwTlBKrfqehY1u2FyWP9uYw"
password_config:
enabled: true
recaptcha_siteverify_api: https://www.google.com/recaptcha/api/siteverify
app_service_config_files: []
EOF
cat <<EOF > "$SERVICE_CONFIGSTORE$CFG_DIR"/logging.yml
version: 1
formatters:
precise:
format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s'
filters:
context:
(): synapse.util.logcontext.LoggingContextFilter
request: ""
handlers:
console:
class: logging.StreamHandler
formatter: precise
filters: [context]
loggers:
synapse:
level: WARNING
synapse.storage.SQL:
# beware: increasing this to DEBUG will make synapse log sensitive
# information such as access tokens.
level: WARNING
root:
level: WARNING
handlers: [console]
EOF
}
config_hash() {
debug "Adding config hash to enable recreating upon config change."
config_hash=$({
cat "$HOST_CONFIG_FILE"
} | md5_compat) || exit 1
init-config-add "
$SERVICE_NAME:
labels:
- compose.config_hash=$config_hash
"
}