andreas/synapse-app-mas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sync config with upstream

Browse Source
This commit is contained in:
Girish Ramakrishnan
2025-05-24 08:51:09 +02:00
parent 64c1afc544
commit 62360cca09
3 changed files with 38 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@@ -23,8 +23,6 @@ RUN curl -L https://publicsuffix.org/list/public_suffix_list.dat -o /app/code/en
RUN ln -sf /app/data/index.html /app/code/env/lib/python3.12/site-packages/synapse/static/index.html
RUN chown -R cloudron:cloudron /app/code
ADD index.html homeserver.yaml.template start.sh /app/pkg/
CMD [ "/app/pkg/start.sh" ]

96
homeserver.yaml.template
View File

@@ -13,7 +13,6 @@ listeners:
type: http
x_forwarded: true
bind_addresses: ['0.0.0.0']
resources:
- names: [client,federation]
compress: false
@@ -21,7 +20,6 @@ listeners:
database:
name: "psycopg2"
args:
# Path to the database
user: ${POSTGRESQL_USERNAME}
password: ${POSTGRESQL_PASSWORD}
database: ${POSTGRESQL_DATABASE}
@@ -29,6 +27,17 @@ database:
cp_min: 5
cp_max: 10
log_config: "/app/data/configs/log.config"
media_store_path: "/app/data/data/media_store"
registration_shared_secret: "some_shared_secret"
report_stats: false
macaroon_secret_key: "some_macaroon_secret"
form_secret: "some_form_secret"
signing_key_path: "/app/data/configs/signing.key"
trusted_key_servers:
- server_name: "matrix.org"
## Cloudron packaging
email:
smtp_host: mail.server
smtp_port: 587
@@ -40,74 +49,35 @@ email:
enable_notifs: true
notif_for_new_users: true
password_providers:
- module: "synapse.util.ldap_auth_provider.LdapAuthProvider"
config:
enabled: true
uri: "ldap://ldap.example.com:389"
start_tls: true
base: "ou=users,dc=example,dc=com"
attributes:
uid: "username"
mail: "mail"
name: "username"
bind_dn: "ou=users,dc=cloudron"
bind_password: "password"
filter: "(objectClass=posixAccount)"
# turn
turn_uris: []
turn_shared_secret: "sharedsecret"
turn_allow_guests: true
federation_ip_range_blacklist:
- '127.0.0.0/8'
- '10.0.0.0/8'
- '172.16.0.0/12'
- '192.168.0.0/16'
- '100.64.0.0/10'
- '169.254.0.0/16'
- '::1/128'
- 'fe80::/64'
- 'fc00::/7'
# sso (https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#single-sign-on-integration)
enable_registration: false
enable_registration_without_verification: true
registration_shared_secret: "somesecret"
allow_guest_access: false
enable_group_creation: true
report_stats: False
signing_key_path: "/app/data/configs/signing.key"
url_preview_enabled: true
url_preview_ip_range_blacklist:
- '127.0.0.0/8'
- '10.0.0.0/8'
- '172.16.0.0/12'
- '192.168.0.0/16'
- '100.64.0.0/10'
- '169.254.0.0/16'
- '::1/128'
- 'fe80::/64'
- 'fc00::/7'
media_store_path: "/app/data/data/media_store"
max_upload_size: 200M
max_image_pixels: "32M"
dynamic_thumbnails: false
autocreate_auto_join_rooms: true
auto_join_rooms:
- "#discuss:example.com"
trusted_key_servers:
- server_name: "matrix.org"
suppress_key_server_warning: true
oidc_providers:
- idp_id: cloudron
idp_name: "CLOUDRON_OIDC_PROVIDER_NAME"
issuer: "CLOUDRON_OIDC_ISSUER"
client_id: "CLOUDRON_OIDC_CLIENT_ID"
client_secret: "CLOUDRON_OIDC_CLIENT_SECRET"
scopes: ["openid", "profile", "email"]
authorization_endpoint: "CLOUDRON_OIDC_AUTH_ENDPOINT"
token_endpoint: "CLOUDRON_OIDC_TOKEN_ENDPOINT"
userinfo_endpoint: "CLOUDRON_OIDC_AUTH_ENDPOINT"
allow_existing_users: true
enable_registration: true
backchannel_logout_enabled: false
user_mapping_provider:
config:
localpart_template: "{{ user.sub }}"
display_name_template: "{{ user.name }}"
email_template: "{{ '{{ user.email }}' }}"
password_config:
enabled: true
localdb_enabled: false
enabled: false
localdb_enabled: false
pepper: "some_pepper_secret"

13
start.sh
View File

@@ -33,14 +33,14 @@ if [[ ! -f /app/data/configs/homeserver.yaml ]]; then
yq eval -i ".server_name=\"${server_name}\"" /app/data/configs/homeserver.yaml
yq eval -i ".registration_shared_secret=\"$(pwgen -1s 64)\"" /app/data/configs/homeserver.yaml
yq eval -i ".auto_join_rooms=[]" /app/data/configs/homeserver.yaml
yq eval -i ".auto_join_rooms[0]=\"#discuss:${server_name}\"" /app/data/configs/homeserver.yaml
yq eval -i ".macaroon_secret_key=\"$(pwgen -1s 64)\"" /app/data/configs/homeserver.yaml
yq eval -i ".form_secret=\"$(pwgen -1s 64)\"" /app/data/configs/homeserver.yaml
if [[ -z "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
yq eval -i ".enable_registration=true" /app/data/configs/homeserver.yaml
# just setting enabled to false is not enough. see https://github.com/matrix-org/matrix-synapse-ldap3/issues/123
yq eval -i "del(.password_providers)" /app/data/configs/homeserver.yaml
yq eval -i ".password_config.enabled=true" /app/data/configs/homeserver.yaml
yq eval -i ".password_config.localdb_enabled=true" /app/data/configs/homeserver.yaml
yq eval -i "del(.oidc_providers)" /app/data/configs/homeserver.yaml
fi
yq eval -i ".password_config.pepper=\"$(pwgen -1s 12)\"" /app/data/configs/homeserver.yaml # always set this so that users can enable password login if needed
fi
@@ -69,7 +69,6 @@ yq eval -i ".email.notif_from=\"${CLOUDRON_MAIL_FROM_DISPLAY_NAME:-Matrix} <${CL
# oidc
if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
yq eval -i "del(.password_providers)" /app/data/configs/homeserver.yaml # remove old ldap config
echo " ==> Configuring OIDC auth"
yq eval -i ".oidc_providers[0].idp_id=\"cloudron\"" /app/data/configs/homeserver.yaml
yq eval -i ".oidc_providers[0].idp_name=\"${CLOUDRON_OIDC_PROVIDER_NAME:-Cloudron}\"" /app/data/configs/homeserver.yaml
@@ -88,8 +87,6 @@ if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
yq eval -i ".oidc_providers[0].user_mapping_provider.config.display_name_template=\"{{ user.name }}\"" /app/data/configs/homeserver.yaml
else
yq eval -i ".password_config.localdb_enabled=true" /app/data/configs/homeserver.yaml
# just setting enabled to false is not enough. see https://github.com/matrix-org/matrix-synapse-ldap3/issues/123
yq eval -i "del(.password_providers)" /app/data/configs/homeserver.yaml
fi
# turn (https://github.com/matrix-org/synapse/blob/master/docs/turn-howto.md#synapse-setup)