diff --git a/synapse/hooks/init b/synapse/hooks/init new file mode 100755 index 0000000..0ad6d36 --- /dev/null +++ b/synapse/hooks/init @@ -0,0 +1,94 @@ +#!/bin/bash + +## Init is run on host +## For now it is run every time the script is launched, but +## it should be launched only once after build. + +## Accessible variables are: +## - SERVICE_NAME Name of current service +## - DOCKER_BASE_IMAGE Base image from which this service might be built if any +## - SERVICE_DATASTORE Location on host of the DATASTORE of this service +## - SERVICE_CONFIGSTORE Location on host of the CONFIGSTORE of this service + +. lib/common + +# Please note that postgres detect on its own if its datadir needs to be populated + +service_def=$(get_compose_service_def "$SERVICE_NAME") || return 1 +options="$(e "$service_def" | shyaml -y get-value options)" || true + + +SYNAPSE_OPTIONS=( + report-stats:bool ## Enable anon stat reporting back to the Matrix project + enable-registration:bool ## Enable registration on the Synapse instance. + allow-guest:bool ## allow guest joining this server. + event-cache-size:size ## event cache size [default 10K]. + max-upload-size:size ## max upload size [default 10M]. + + ## shared secrets + registration-shared-secret:string ## registrering users if registration is disable. + macaroon-secret-key:string ## secret for signing access tokens to the server. + + ## recaptcha + recaptcha-public-key:string ## required in order to enable recaptcha upon registration + recaptcha-private-key:string ## required in order to enable recaptcha upon registration + + ## turn + turn-uris:string ## coma-separated list of TURN uris to enable TURN for this homeserver. + turn-secret:string ## TURN shared secret if required. +) + +OPTIONS_CONCAT=" ${SYNAPSE_OPTIONS[*]} " + +yaml_opts=() +while read-0 key val; do + key_option="$key" + case "$OPTIONS_CONCAT" in + *" ${key_option}:bool "*) + case "${val,,}" in + true|ok|yes|y|1) + val="\"yes\"" + ;; + false|ko|nok|no|n|0) + val="\"no\"" + ;; + *) + die "Invalid value for ${WHITE}$key$NORMAL, please use a boolean value." + ;; + esac + ;; + *" ${key_option}:numeric "*) + if ! is_int "$val"; then + die "Invalid value for ${WHITE}$key$NORMAL, please use numeric value." + fi + ;; + *" ${key_option}:string "*) + : + ;; + *" ${key_option}:size "*) + [[ "${val}" =~ ^[0-9\.]+[KkMmGgTtPp]$ ]] || { + die "Unknown size specification '${val}'." + } + ;; + *) + case "${key//_/-}" in + *) die "Unknown option ${WHITE}$key$NORMAL.";; + esac + continue + ;; + esac + yaml_opts+=("$key" "$val") +done < <(e "$options" | yaml_opt_flatten) + +config="\ +$SERVICE_NAME: + environment: + SYNAPSE_NO_TLS: \"yes\" +" + +while read-0 key value; do + key=${key//-/_} + config+="$(printf "\n SYNAPSE_%s: %s" "${key^^}" "$value")" +done < <(array_values_to_stdin yaml_opts) + +init-config-add "$config" diff --git a/synapse/hooks/postgres_database-relation-joined b/synapse/hooks/postgres_database-relation-joined new file mode 100755 index 0000000..2d2d530 --- /dev/null +++ b/synapse/hooks/postgres_database-relation-joined @@ -0,0 +1,26 @@ +#!/bin/bash + +set -e + +PASSWORD="$(relation-get password)" +USER="$(relation-get user)" +DBNAME="$(relation-get dbname)" + +control=$(echo -en "$USER\0$DBNAME\0$PASSWORD" | md5_compat) + + +init-config-add " +$SERVICE_NAME: + environment: + POSTGRES_HOST: $MASTER_TARGET_SERVICE_NAME + POSTGRES_DB: $DBNAME + POSTGRES_USER: $USER + POSTGRES_PASSWORD: $PASSWORD +" + +[ "$control" == "$(relation-get control 2>/dev/null)" ] && exit 0 + + +relation-set control "$control" + +info "Configured $SERVICE_NAME code for $TARGET_SERVICE_NAME access." diff --git a/synapse/hooks/web_proxy-relation-joined b/synapse/hooks/web_proxy-relation-joined new file mode 100755 index 0000000..4e3e1f2 --- /dev/null +++ b/synapse/hooks/web_proxy-relation-joined @@ -0,0 +1,23 @@ +#!/bin/bash + +set -e + +. lib/common + +DOMAIN=$(relation-get domain) || exit 1 + +url=$(relation-get url) + +if [ "${url%://*}" == "https" ]; then + no_tls=" SYNAPSE_NO_TLS: 'yes'" +else + no_tls= +fi + +init-config-add " +$SERVICE_NAME: + environment: + SYNAPSE_SERVER_NAME: $DOMAIN +$no_tls +" || exit 1 + diff --git a/synapse/lib/common b/synapse/lib/common new file mode 100644 index 0000000..3d1cb8d --- /dev/null +++ b/synapse/lib/common @@ -0,0 +1,20 @@ +# -*- mode: shell-script -*- + + +yaml_opt_flatten() { + local prefix="$1" key value + while read-0 key value; do + if [ "$prefix" ]; then + new_prefix="${prefix}-${key}" + else + new_prefix="${key}" + fi + if [[ "$(echo "$value" | shyaml get-type)" == "struct" ]]; then + echo "$value" | yaml_opt_flatten "${new_prefix}" + else + printf "%s\0%s\0" "${new_prefix}" "$value" + fi + done < <(shyaml key-values-0) +} + + diff --git a/synapse/metadata.yml b/synapse/metadata.yml new file mode 100644 index 0000000..6b22bd4 --- /dev/null +++ b/synapse/metadata.yml @@ -0,0 +1,46 @@ +description: Synapse +maintainer: "Valentin Lab " +docker-image: docker.0k.io/synapse:py3.6 +data-resources: + - /data +host-resources: + - /etc/localtime:ro + +default-options: + report-stats: no + enable-registration: no + allow-guest: no + event-cache-size: 10K + max-upload-size: 10M + + # recaptcha: + # ## https://www.google.com/recaptcha/admin/create + # public-key: XXX + # private-key: XXX + # turn: + # uris: + # secret: + +# docker-compose: +# ports: + +uses: + postgres-database: + constraint: required + auto: summon + solves: + database: "main storage" + # log-rotate: + # constraint: recommended + # auto: pair + # solves: + # disk-leak: "/data/logs" + web-proxy: + constraint: recommended + auto: pair + solves: + proxy: "Public access" + default-options: + ## ``nocanon`` is mandatory + ## see: https://github.com/matrix-org/synapse/blob/master/docs/reverse_proxy.rst + apache-proxy-pass-options: retry=0 nocanon \ No newline at end of file