Compare commits
17 Commits
1.2.0+v1.5
...
2.0.0+v1.5
| Author | SHA1 | Date | |
|---|---|---|---|
| dcc9ec543d | |||
| 65a149eac3 | |||
| 6041ad6112 | |||
| 1afa8cf7b7 | |||
| b5831114f4 | |||
| 02d78e9aa9 | |||
| af3c8fd252 | |||
| 40d6b1df4e | |||
| 0378e8d89f | |||
| c542629264 | |||
| 005ce43f61 | |||
| bca2a983c0 | |||
| 89892ed818 | |||
| 1b32621af9 | |||
| 919e9253ae | |||
| c71f3bc519 | |||
| e9b5a5360f |
18
.env.sample
18
.env.sample
@ -15,6 +15,12 @@ COMPOSE_FILE="compose.yml"
|
||||
|
||||
#DISABLE_FEDERATION=1
|
||||
|
||||
# Set "true" to enable federation endpoint on $DOMAIN/.well-known/matrix/server
|
||||
SERVE_SERVER_WELLKNOWN=false
|
||||
|
||||
ENABLE_REGISTRATION=false
|
||||
PASSWORD_LOGIN_ENABLED=true
|
||||
|
||||
#AUTO_JOIN_ROOM_ENABLED=1
|
||||
#AUTO_JOIN_ROOM="#example:example.com"
|
||||
|
||||
@ -23,30 +29,34 @@ ROOT_LOG_LEVEL=WARN
|
||||
|
||||
REDACTION_RETENTION_PERIOD=7d
|
||||
|
||||
RETENTION_MAX_LIFETIME=1m
|
||||
RETENTION_MAX_LIFETIME=4w
|
||||
|
||||
ENABLE_3PID_LOOKUP=true
|
||||
|
||||
USER_IPS_MAX_AGE=1d
|
||||
|
||||
ENCRYPTED_BY_DEFAULT=all
|
||||
|
||||
#ENABLE_ALLOWLIST=1
|
||||
#FEDERATION_ALLOWLIST="[]"
|
||||
|
||||
#COMPOSE_FILE="compose.yml:compose.keycloak.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.keycloak.yml"
|
||||
#KEYCLOAK_ENABLED=1
|
||||
#KEYCLOAK_ID=keycloak
|
||||
#KEYCLOAK_NAME=
|
||||
#KEYCLOAK_URL=
|
||||
#KEYCLOAK_CLIENT_ID=
|
||||
#KEYCLOAK_CLIENT_DOMAIN=
|
||||
#KEYCLOAK_ALLOW_EXISTING_USERS=false
|
||||
#SECRET_KEYCLOAK_CLIENT_SECRET_VERSION=v1
|
||||
|
||||
#COMPOSE_FILE="compose.yml:compose.turn.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.turn.yml"
|
||||
#TURN_ENABLED=1
|
||||
#TURN_URIS="[\"turns:coturn.foo.zone?transport=udp\", \"turns:coturn.foo.zone?transport=tcp\"]"
|
||||
#TURN_ALLOW_GUESTS=true
|
||||
#SECRET_TURN_SHARED_SECRET_VERSION=v1
|
||||
|
||||
#COMPOSE_FILE="compose.yml:compose.smtp.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
|
||||
#SMTP_ENABLED=1
|
||||
#SMTP_APP_NAME=
|
||||
#SMTP_FROM=
|
||||
|
||||
@ -34,6 +34,12 @@
|
||||
- use `DISABLE_FEDERATION=1` to turn off federation listeners
|
||||
- don't use [`compose.matrix.yml`](https://git.coopcloud.tech/coop-cloud/traefik/src/branch/master/compose.matrix.yml) in your traefik config to keep the federation ports closed
|
||||
|
||||
### Enabling federation
|
||||
|
||||
See [`#27`](https://git.coopcloud.tech/coop-cloud/matrix-synapse/pulls/27) for more.
|
||||
|
||||
Depending on your setup, using `SERVE_SERVER_WELLKNOWN=true` might work to start federating.
|
||||
|
||||
### Seeing what changed in `homeserver.yaml` between versions
|
||||
|
||||
Change the version range to suit your needs.
|
||||
|
||||
2
abra.sh
2
abra.sh
@ -1,3 +1,3 @@
|
||||
export ENTRYPOINT_CONF_VERSION=v1
|
||||
export HOMESERVER_YAML_VERSION=v3
|
||||
export HOMESERVER_YAML_VERSION=v9
|
||||
export LOG_CONFIG_VERSION=v2
|
||||
|
||||
@ -14,7 +14,9 @@ services:
|
||||
- KEYCLOAK_CLIENT_ID
|
||||
- KEYCLOAK_ENABLED
|
||||
- KEYCLOAK_NAME
|
||||
- KEYCLOAK_ID
|
||||
- KEYCLOAK_URL
|
||||
- KEYCLOAK_ALLOW_EXISTING_USERS
|
||||
|
||||
secrets:
|
||||
keycloak_client_secret:
|
||||
|
||||
17
compose.keycloak2.yml
Normal file
17
compose.keycloak2.yml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
secrets:
|
||||
- keycloak2_client_secret
|
||||
environment:
|
||||
- KEYCLOAK2_CLIENT_ID
|
||||
- KEYCLOAK2_ENABLED
|
||||
- KEYCLOAK2_NAME
|
||||
- KEYCLOAK2_URL
|
||||
|
||||
secrets:
|
||||
keycloak2_client_secret:
|
||||
external: true
|
||||
name: ${STACK_NAME}_keycloak2_client_secret_${SECRET_KEYCLOAK2_CLIENT_SECRET_VERSION}
|
||||
19
compose.yml
19
compose.yml
@ -3,7 +3,7 @@ version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
image: "matrixdotorg/synapse:v1.52.0"
|
||||
image: "matrixdotorg/synapse:v1.58.1"
|
||||
volumes:
|
||||
- "data:/data"
|
||||
secrets:
|
||||
@ -12,16 +12,20 @@ services:
|
||||
- macaroon_secret_key
|
||||
- form_secret
|
||||
environment:
|
||||
- ENCRYPTED_BY_DEFAULT
|
||||
- AUTO_JOIN_ROOM
|
||||
- AUTO_JOIN_ROOM_ENABLED
|
||||
- DISABLE_FEDERATION
|
||||
- DOMAIN
|
||||
- ENABLE_3PID_LOOKUP
|
||||
- ENABLE_ALLOWLIST
|
||||
- ENABLE_REGISTRATION
|
||||
- FEDERATION_ALLOWLIST
|
||||
- LETSENCRYPT_HOST=${DOMAIN}
|
||||
- PASSWORD_LOGIN_ENABLED
|
||||
- REDACTION_RETENTION_PERIOD
|
||||
- ROOT_LOG_LEVEL
|
||||
- SERVE_SERVER_WELLKNOWN
|
||||
- SQL_LOG_LEVEL
|
||||
- STACK_NAME
|
||||
- SYNAPSE_ADMIN_EMAIL
|
||||
@ -30,6 +34,7 @@ services:
|
||||
- USER_IPS_MAX_AGE
|
||||
- VIRTUAL_HOST=${DOMAIN}
|
||||
- VIRTUAL_PORT=8008
|
||||
- RETENTION_MAX_LIFETIME
|
||||
networks:
|
||||
- proxy
|
||||
- internal
|
||||
@ -51,15 +56,17 @@ services:
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.2.0+v1.52.0"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.0.0+v1.58.1"
|
||||
|
||||
db:
|
||||
image: postgres:13-alpine
|
||||
secrets:
|
||||
- db_password
|
||||
environment:
|
||||
- LC_COLLATE=C
|
||||
- LC_CTYPE=C
|
||||
- POSTGRES_DB=synapse
|
||||
- POSTGRES_INITDB_ARGS="--encoding=UTF-8 --lc-collate=C --lc-ctype=C"
|
||||
- POSTGRES_INITDB_ARGS="-E \"UTF8\""
|
||||
- POSTGRES_PASSWORD_FILE=/run/secrets/db_password
|
||||
- POSTGRES_USER=synapse
|
||||
networks:
|
||||
@ -68,6 +75,12 @@ services:
|
||||
test: ["CMD", "pg_isready", "-U", "synapse"]
|
||||
volumes:
|
||||
- postgres:/var/lib/postgresql/data
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
||||
backupbot.backup.path: "/tmp/backup/"
|
||||
|
||||
volumes:
|
||||
data:
|
||||
|
||||
@ -85,7 +85,7 @@ public_baseurl: https://{{ env "DOMAIN" }}/
|
||||
#
|
||||
# Defaults to 'false'.
|
||||
#
|
||||
#serve_server_wellknown: true
|
||||
serve_server_wellknown: {{ env "SERVE_SERVER_WELLKNOWN" }}
|
||||
|
||||
# Set the soft limit on the number of file descriptors synapse can use
|
||||
# Zero is used to indicate synapse should set the soft limit to the
|
||||
@ -1169,7 +1169,7 @@ turn_allow_guests: {{ env "TURN_ALLOW_GUESTS" }}
|
||||
|
||||
# Enable registration for new users.
|
||||
#
|
||||
#enable_registration: false
|
||||
enable_registration: {{ env "ENABLE_REGISTRATION" }}
|
||||
|
||||
# Time that a user's session remains valid for, after they log in.
|
||||
#
|
||||
@ -1885,12 +1885,26 @@ saml2_config:
|
||||
oidc_providers:
|
||||
|
||||
{{ if eq (env "KEYCLOAK_ENABLED") "1" }}
|
||||
- idp_id: keycloak
|
||||
- idp_id: {{ env "KEYCLOAK_ID" }}
|
||||
idp_name: {{ env "KEYCLOAK_NAME" }}
|
||||
issuer: "{{ env "KEYCLOAK_URL" }}"
|
||||
client_id: "{{ env "KEYCLOAK_CLIENT_ID" }}"
|
||||
client_secret: "{{ secret "keycloak_client_secret" }}"
|
||||
scopes: ["openid", "profile"]
|
||||
allow_existing_users: {{ env "KEYCLOAK_ALLOW_EXISTING_USERS" }}
|
||||
user_mapping_provider:
|
||||
config:
|
||||
localpart_template: "{{ "{{ user.preferred_username }}" }}"
|
||||
display_name_template: "{{ "{{ user.name }}" }}"
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "KEYCLOAK2_ENABLED") "1" }}
|
||||
- idp_id: keycloak2
|
||||
idp_name: {{ env "KEYCLOAK2_NAME" }}
|
||||
issuer: "{{ env "KEYCLOAK2_URL" }}"
|
||||
client_id: "{{ env "KEYCLOAK2_CLIENT_ID" }}"
|
||||
client_secret: "{{ secret "keycloak2_client_secret" }}"
|
||||
scopes: ["openid", "profile"]
|
||||
user_mapping_provider:
|
||||
config:
|
||||
localpart_template: "{{ "{{ user.preferred_username }}" }}"
|
||||
@ -2035,7 +2049,7 @@ sso:
|
||||
password_config:
|
||||
# Uncomment to disable password login
|
||||
#
|
||||
#enabled: false
|
||||
enabled: {{ env "PASSWORD_LOGIN_ENABLED" }}
|
||||
|
||||
# Uncomment to disable authentication against the local password
|
||||
# database. This is ignored if `enabled` is false, and is only useful
|
||||
@ -2303,7 +2317,7 @@ push:
|
||||
# Note that this option will only affect rooms created after it is set. It
|
||||
# will also not affect rooms created by other servers.
|
||||
#
|
||||
#encryption_enabled_by_default_for_room_type: invite
|
||||
encryption_enabled_by_default_for_room_type: {{ env "ENCRYPTED_BY_DEFAULT" }}
|
||||
|
||||
|
||||
# Uncomment to allow non-server-admin users to create groups on this server
|
||||
|
||||
6
release/1.3.0+v1.55.2
Normal file
6
release/1.3.0+v1.55.2
Normal file
@ -0,0 +1,6 @@
|
||||
The deployment failed due to the app/db getting confused. I think this is just
|
||||
due to the recipe not having good healthcheck config. After the app container
|
||||
flapped a bit, everything came up nicely. d1 @ autonomic co-op.
|
||||
|
||||
Same thing happened to me when deploying this for another instance. Also d1 @
|
||||
autonomic co-op.
|
||||
9
release/2.0.0+v1.58.1
Normal file
9
release/2.0.0+v1.58.1
Normal file
@ -0,0 +1,9 @@
|
||||
This upgrade adds new env variables for homeserver.yml, please add them to your .env file:
|
||||
|
||||
```
|
||||
ENCRYPTED_BY_DEFAULT=all
|
||||
SERVE_SERVER_WELLKNOWN=false
|
||||
|
||||
#KEYCLOAK_ID=keycloak
|
||||
#KEYCLOAK_ALLOW_EXISTING_USERS=false
|
||||
```
|
||||
Reference in New Issue
Block a user