Use yq to generate configs

start.sh

@@ -0,0 +1,67 @@
+#!/bin/bash
+
+set -eu
+
+mkdir -p /app/data/data /app/data/configs /run/synapse
+
+if [[ ! -f /app/data/configs/homeserver.yaml ]]; then
+    echo "==> Detected first run"
+
+    python3 -m synapse.app.homeserver \
+        --server-name ${CLOUDRON_APP_DOMAIN} \
+        --config-path /app/data/configs/homeserver.yaml \
+        --config-directory /app/data/configs \
+        --data-directory /app/data/data \
+        --generate-config \
+        --report-stats=no 
+
+    # fix logging configuration
+    cp /app/pkg/homeserver.yaml.template /app/data/configs/homeserver.yaml
+    mv /app/data/configs/${CLOUDRON_APP_DOMAIN}.log.config /app/data/configs/log.config
+    yq w -i /app/data/configs/homeserver.yaml log_config /app/data/configs/log.config
+    yq w -i /app/data/configs/log.config handlers.file.filename /run/synapse/homeserver.log
+
+    mv /app/data/configs/${CLOUDRON_APP_DOMAIN}.signing.key /app/data/configs/signing.key
+
+    yq w -i /app/data/configs/homeserver.yaml registration_shared_secret "$(pwgen -1s 64)"
+fi
+
+echo "==> Configuring synapse"
+yq w -i /app/data/configs/homeserver.yaml server_name "${CLOUDRON_APP_DOMAIN}"
+yq w -i /app/data/configs/homeserver.yaml public_baseurl "${CLOUDRON_APP_ORIGIN}"
+
+# tls
+yq w -i /app/data/configs/homeserver.yaml tls_certificate_path "/app/data/configs/${CLOUDRON_APP_DOMAIN}.tls.crt"
+yq w -i /app/data/configs/homeserver.yaml tls_private_key_path "/app/data/configs/${CLOUDRON_APP_DOMAIN}.tls.key"
+
+# database
+yq w -i /app/data/configs/homeserver.yaml database.args.user "${CLOUDRON_POSTGRESQL_USERNAME}"
+yq w -i /app/data/configs/homeserver.yaml database.args.password "${CLOUDRON_POSTGRESQL_PASSWORD}"
+yq w -i /app/data/configs/homeserver.yaml database.args.database "${CLOUDRON_POSTGRESQL_DATABASE}"
+yq w -i /app/data/configs/homeserver.yaml database.args.host "${CLOUDRON_POSTGRESQL_HOST}"
+
+# email
+yq w -i /app/data/configs/homeserver.yaml email.smtp_host "${CLOUDRON_MAIL_SMTP_SERVER}"
+yq w -i /app/data/configs/homeserver.yaml email.smtp_port "${CLOUDRON_MAIL_SMTP_PORT}"
+yq w -i /app/data/configs/homeserver.yaml email.smtp_user "${CLOUDRON_MAIL_SMTP_USERNAME}"
+yq w -i /app/data/configs/homeserver.yaml email.smtp_pass "${CLOUDRON_MAIL_SMTP_PASSWORD}"
+yq w -i /app/data/configs/homeserver.yaml email.notif_from "%(app)s <${CLOUDRON_MAIL_FROM}>"
+
+# ldap
+yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.uri' "${CLOUDRON_LDAP_URL}"
+yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.start_tls' false
+yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.base' "${CLOUDRON_LDAP_USERS_BASE_DN}"
+yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.bind_dn' "${CLOUDRON_LDAP_BIND_DN}"
+yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.bind_password' "${CLOUDRON_LDAP_BIND_PASSWORD}"
+yq w -i /app/data/configs/homeserver.yaml 'password_providers[0].config.filter' "(objectClass=user)"
+
+# turn
+yq w -i /app/data/configs/homeserver.yaml turn_uris "[\"turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=udp\", \"turn:${CLOUDRON_TURN_SERVER}:${CLOUDRON_TURN_TLS_PORT}?transport=tcp\"]"
+yq w -i /app/data/configs/homeserver.yaml turn_shared_secret "${CLOUDRON_TURN_SECRET}"
+
+# fix permissions
+echo "==> Fixing permissions"
+chown -R cloudron.cloudron /app/data /run/synapse
+
+echo "==> Starting synapse"
+gosu cloudron:cloudron python3 -m synapse.app.homeserver --config-path /app/data/configs/homeserver.yaml