Compare commits

..

5 Commits
main ... coturn

Author SHA1 Message Date
3wc 309122240a SERVICE -> APP 2020-10-29 19:42:05 +02:00
3wc fd3c7a606a Rejig .envrc.sample
[ci skip]
2020-10-06 01:52:00 +02:00
3wc ad6a1c87dd Simplify set-up using custom abra command 2020-09-11 18:14:16 +02:00
3wc cfbd809761 Working(?) TURN server 2020-09-11 18:14:02 +02:00
3wc 2d78fff08f Add initial coturn server 2020-09-11 00:10:21 +02:00
10 changed files with 94 additions and 52 deletions

View File

@ -1,10 +0,0 @@
---
kind: pipeline
name: recipe release
steps:
- name: release a new version
image: thecoopcloud/drone-abra:latest
settings:
command: recipe matrix-synapse release
deploy_key:
from_secret: abra_bot_deploy_key

View File

@ -1,4 +0,0 @@
DOMAIN=matrix.example.com
TYPE=matrix
LETS_ENCRYPT_ENV=production

11
.envrc.sample Normal file
View File

@ -0,0 +1,11 @@
export STACK_NAME=matrix
export APP=matrix
export DOMAIN=matrix.example.com
export LETS_ENCRYPT_ENV=production
export ENTRYPOINT_CONF_VERSION=v1
## TURN server
#export TURNSERVER_CONF_VERSION=v1
#export COTURN_SHARED_SECRET_VERSION=v1

View File

@ -1,29 +1,19 @@
# Matrix (Synapse)
# Matrix Synapse
[![Build Status](https://drone.autonomic.zone/api/badges/coop-cloud/matrix-synapse/status.svg?ref=refs/heads/main)](https://drone.autonomic.zone/coop-cloud/matrix-synapse)
Matrix Synapse, based on the [official `matrixdotorg/synapse`
image][synapse-docker].
<!-- metadata -->
* **Category**: Apps
* **Status**: ❹💣
* **Image**: [`matrixdotorg/synapse`](https://hub.docker.com/r/matrixdotorg/synapse), ❶💚, upstream
* **Healthcheck**: Yes
* **Backups**: No
* **Email**: No
* **Tests**: No
* **SSO**: No
<!-- endmetadata -->
## Basic usage
1. Set up Docker Swarm and [`abra`]
2. Deploy [`coop-cloud/traefik`]
3. `abra app new matrix-synapse --secrets` (optionally with `--pass` if you'd like
to save secrets in `pass`)
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
1. Set up Docker Swarm and [`abra`][abra]
2. Deploy [`compose-stacks/traefik`][compose-traefik]
2. `cp .envrc.sample .envrc`
3. Edit `.envrc` - be sure to change `$DOMAIN` to something that resolves to
your Docker swarm box
5. `abra app YOURAPPDOMAIN deploy`
6. Create an initial user:
`abra app YOURAPPDOMAIN run app register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008`
4. `direnv allow` (or `. .envrc`)
4. `abra secret_generate coturn_shared_secret`
5. `abra deploy`
6. `abra service_run synapse` to open a shell
7. `abra register_new_matrix_user`
[synapse-docker]: https://hub.docker.com/r/matrixdotorg/synapse
[abra]: https://git.autonomic.zone/autonomic-cooperative/abra
[cc-traefik]: https://git.autonomic.zone/coop-cloud/traefik
[compose-traefik]: https://git.autonomic.zone/compose-stacks/traefik

3
abra-commands.sh Normal file
View File

@ -0,0 +1,3 @@
sub_register_new_matrix_user() {
abra run synapse register_new_matrix_user -c /data/homeserver.yaml http://localhost:8008
}

View File

@ -1,2 +0,0 @@
export ENTRYPOINT_CONF_VERSION=v1
export TURNSERVER_CONF_VERSION=v1

View File

@ -1,16 +1,20 @@
---
version: "3.8"
services:
app:
image: "matrixdotorg/synapse:v1.38.0"
synapse:
image: "matrixdotorg/synapse:latest"
volumes:
- "data:/data"
- "synapse:/data"
environment:
- VIRTUAL_HOST=${DOMAIN}
- VIRTUAL_PORT=8008
- LETSENCRYPT_HOST=${DOMAIN}
- SYNAPSE_SERVER_NAME=${DOMAIN}
- SYNAPSE_REPORT_STATS=no
networks:
- TURN_SERVER=${DOMAIN}
- TURN_PORT=3478
networks:
- proxy
deploy:
labels:
@ -19,7 +23,6 @@ services:
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
- coop-cloud.${STACK_NAME}.app.version=v1.38.0-c9ed13d0
restart_policy:
condition: on-failure
delay: "60s"
@ -30,14 +33,45 @@ services:
- source: entrypoint_conf
target: /docker-entrypoint.sh
mode: 0555
secrets:
- coturn_shared_secret
coturn:
image: instrumentisto/coturn:latest
networks:
- swarm_host
secrets:
- coturn_shared_secret
configs:
- source: turnserver_conf
target: /etc/coturn/turnserver.conf
volumes:
data:
synapse:
traefik_letsencrypt:
external: true
networks:
proxy:
external: true
internal:
# use host-mode networking until Docker can handle mass port-forwards:
# https://github.com/moby/moby/issues/11185
swarm_host:
external:
name: 'host'
configs:
entrypoint_conf:
name: ${STACK_NAME}_entrypoint_${ENTRYPOINT_CONF_VERSION}
file: entrypoint.sh.tmpl
template_driver: golang
turnserver_conf:
name: ${STACK_NAME}_turnserver_conf_${TURNSERVER_CONF_VERSION}
file: turnserver.conf.tmpl
template_driver: golang
secrets:
coturn_shared_secret:
external: true
name: ${STACK_NAME}_coturn_shared_secret_${COTURN_SHARED_SECRET_VERSION}

View File

@ -2,6 +2,17 @@
if [[ ! -f /data/homeserver.yaml ]]; then
/start.py generate
apt update && apt install -y wget
wget https://github.com/mikefarah/yq/releases/download/3.3.2/yq_linux_amd64 && \
chmod +x yq_linux_amd64 && \
mv yq_linux_amd64 /bin/yq
# turn (https://github.com/matrix-org/synapse/blob/master/docs/turn-howto.md#synapse-setup)
yq w -i /data/homeserver.yaml turn_uris "[]"
yq w -i /data/homeserver.yaml turn_uris\[0\] "turn:${TURN_SERVER}:${TURN_PORT}?transport=udp"
yq w -i /data/homeserver.yaml turn_uris\[1\] "turn:${TURN_SERVER}:${TURN_PORT}?transport=tcp"
yq w -i /data/homeserver.yaml coturn_shared_secret "$(tr -d \"\n\" < /run/secrets/coturn_shared_secret)"
fi
/start.py

View File

@ -1,6 +0,0 @@
{
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:base"
]
}

15
turnserver.conf.tmpl Normal file
View File

@ -0,0 +1,15 @@
use-auth-secret
static-auth-secret={{ secret "coturn_shared_secret" }}
realm=turn.{{ env "DOMAIN" }}
log-file=stdout
pidfile=/var/tmp/turnserver.pid
userdb=/var/tmp/turnserver.db
no-cli
no-tls
no-dtls
prod
no-tcp-relay