Compare commits
5 Commits
Author | SHA1 | Date |
---|---|---|
3wc | 309122240a | |
3wc | fd3c7a606a | |
3wc | ad6a1c87dd | |
3wc | cfbd809761 | |
3wc | 2d78fff08f |
10
.drone.yml
10
.drone.yml
|
@ -1,10 +0,0 @@
|
|||
---
|
||||
kind: pipeline
|
||||
name: recipe release
|
||||
steps:
|
||||
- name: release a new version
|
||||
image: thecoopcloud/drone-abra:latest
|
||||
settings:
|
||||
command: recipe matrix-synapse release
|
||||
deploy_key:
|
||||
from_secret: abra_bot_deploy_key
|
|
@ -1,4 +0,0 @@
|
|||
DOMAIN=matrix.example.com
|
||||
TYPE=matrix
|
||||
|
||||
LETS_ENCRYPT_ENV=production
|
|
@ -0,0 +1,11 @@
|
|||
export STACK_NAME=matrix
|
||||
export APP=matrix
|
||||
|
||||
export DOMAIN=matrix.example.com
|
||||
export LETS_ENCRYPT_ENV=production
|
||||
|
||||
export ENTRYPOINT_CONF_VERSION=v1
|
||||
|
||||
## TURN server
|
||||
#export TURNSERVER_CONF_VERSION=v1
|
||||
#export COTURN_SHARED_SECRET_VERSION=v1
|
38
README.md
38
README.md
|
@ -1,29 +1,19 @@
|
|||
# Matrix (Synapse)
|
||||
# Matrix Synapse
|
||||
|
||||
[![Build Status](https://drone.autonomic.zone/api/badges/coop-cloud/matrix-synapse/status.svg?ref=refs/heads/main)](https://drone.autonomic.zone/coop-cloud/matrix-synapse)
|
||||
Matrix Synapse, based on the [official `matrixdotorg/synapse`
|
||||
image][synapse-docker].
|
||||
|
||||
<!-- metadata -->
|
||||
* **Category**: Apps
|
||||
* **Status**: ❹💣
|
||||
* **Image**: [`matrixdotorg/synapse`](https://hub.docker.com/r/matrixdotorg/synapse), ❶💚, upstream
|
||||
* **Healthcheck**: Yes
|
||||
* **Backups**: No
|
||||
* **Email**: No
|
||||
* **Tests**: No
|
||||
* **SSO**: No
|
||||
<!-- endmetadata -->
|
||||
|
||||
## Basic usage
|
||||
|
||||
1. Set up Docker Swarm and [`abra`]
|
||||
2. Deploy [`coop-cloud/traefik`]
|
||||
3. `abra app new matrix-synapse --secrets` (optionally with `--pass` if you'd like
|
||||
to save secrets in `pass`)
|
||||
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
|
||||
1. Set up Docker Swarm and [`abra`][abra]
|
||||
2. Deploy [`compose-stacks/traefik`][compose-traefik]
|
||||
2. `cp .envrc.sample .envrc`
|
||||
3. Edit `.envrc` - be sure to change `$DOMAIN` to something that resolves to
|
||||
your Docker swarm box
|
||||
5. `abra app YOURAPPDOMAIN deploy`
|
||||
6. Create an initial user:
|
||||
`abra app YOURAPPDOMAIN run app register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008`
|
||||
4. `direnv allow` (or `. .envrc`)
|
||||
4. `abra secret_generate coturn_shared_secret`
|
||||
5. `abra deploy`
|
||||
6. `abra service_run synapse` to open a shell
|
||||
7. `abra register_new_matrix_user`
|
||||
|
||||
[synapse-docker]: https://hub.docker.com/r/matrixdotorg/synapse
|
||||
[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
|
||||
[cc-traefik]: https://git.autonomic.zone/coop-cloud/traefik
|
||||
[compose-traefik]: https://git.autonomic.zone/compose-stacks/traefik
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
sub_register_new_matrix_user() {
|
||||
abra run synapse register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008
|
||||
}
|
2
abra.sh
2
abra.sh
|
@ -1,2 +0,0 @@
|
|||
export ENTRYPOINT_CONF_VERSION=v1
|
||||
export TURNSERVER_CONF_VERSION=v1
|
46
compose.yml
46
compose.yml
|
@ -1,16 +1,20 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: "matrixdotorg/synapse:v1.38.0"
|
||||
synapse:
|
||||
image: "matrixdotorg/synapse:latest"
|
||||
volumes:
|
||||
- "data:/data"
|
||||
- "synapse:/data"
|
||||
environment:
|
||||
- VIRTUAL_HOST=${DOMAIN}
|
||||
- VIRTUAL_PORT=8008
|
||||
- LETSENCRYPT_HOST=${DOMAIN}
|
||||
- SYNAPSE_SERVER_NAME=${DOMAIN}
|
||||
- SYNAPSE_REPORT_STATS=no
|
||||
networks:
|
||||
- TURN_SERVER=${DOMAIN}
|
||||
- TURN_PORT=3478
|
||||
networks:
|
||||
- proxy
|
||||
deploy:
|
||||
labels:
|
||||
|
@ -19,7 +23,6 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- coop-cloud.${STACK_NAME}.app.version=v1.38.0-c9ed13d0
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
delay: "60s"
|
||||
|
@ -30,14 +33,45 @@ services:
|
|||
- source: entrypoint_conf
|
||||
target: /docker-entrypoint.sh
|
||||
mode: 0555
|
||||
secrets:
|
||||
- coturn_shared_secret
|
||||
|
||||
coturn:
|
||||
image: instrumentisto/coturn:latest
|
||||
networks:
|
||||
- swarm_host
|
||||
secrets:
|
||||
- coturn_shared_secret
|
||||
configs:
|
||||
- source: turnserver_conf
|
||||
target: /etc/coturn/turnserver.conf
|
||||
|
||||
volumes:
|
||||
data:
|
||||
synapse:
|
||||
traefik_letsencrypt:
|
||||
external: true
|
||||
|
||||
networks:
|
||||
proxy:
|
||||
external: true
|
||||
internal:
|
||||
# use host-mode networking until Docker can handle mass port-forwards:
|
||||
# https://github.com/moby/moby/issues/11185
|
||||
swarm_host:
|
||||
external:
|
||||
name: 'host'
|
||||
|
||||
configs:
|
||||
entrypoint_conf:
|
||||
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
|
||||
file: entrypoint.sh.tmpl
|
||||
template_driver: golang
|
||||
turnserver_conf:
|
||||
name: ${STACK_NAME}_turnserver_conf_${TURNSERVER_CONF_VERSION}
|
||||
file: turnserver.conf.tmpl
|
||||
template_driver: golang
|
||||
|
||||
secrets:
|
||||
coturn_shared_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_coturn_shared_secret_${COTURN_SHARED_SECRET_VERSION}
|
||||
|
|
|
@ -2,6 +2,17 @@
|
|||
|
||||
if [[ ! -f /data/homeserver.yaml ]]; then
|
||||
/start.py generate
|
||||
|
||||
apt update && apt install -y wget
|
||||
wget https://github.com/mikefarah/yq/releases/download/3.3.2/yq_linux_amd64 && \
|
||||
chmod +x yq_linux_amd64 && \
|
||||
mv yq_linux_amd64 /bin/yq
|
||||
|
||||
# turn (https://github.com/matrix-org/synapse/blob/master/docs/turn-howto.md#synapse-setup)
|
||||
yq w -i /data/homeserver.yaml turn_uris "[]"
|
||||
yq w -i /data/homeserver.yaml turn_uris\[0\] "turn:${TURN_SERVER}:${TURN_PORT}?transport=udp"
|
||||
yq w -i /data/homeserver.yaml turn_uris\[1\] "turn:${TURN_SERVER}:${TURN_PORT}?transport=tcp"
|
||||
yq w -i /data/homeserver.yaml coturn_shared_secret "$(tr -d \"\n\" < /run/secrets/coturn_shared_secret)"
|
||||
fi
|
||||
|
||||
/start.py
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"extends": [
|
||||
"config:base"
|
||||
]
|
||||
}
|
|
@ -0,0 +1,15 @@
|
|||
use-auth-secret
|
||||
static-auth-secret={{ secret "coturn_shared_secret" }}
|
||||
realm=turn.{{ env "DOMAIN" }}
|
||||
|
||||
log-file=stdout
|
||||
pidfile=/var/tmp/turnserver.pid
|
||||
userdb=/var/tmp/turnserver.db
|
||||
|
||||
no-cli
|
||||
|
||||
no-tls
|
||||
no-dtls
|
||||
|
||||
prod
|
||||
no-tcp-relay
|
Reference in New Issue