chore: publish 7.0.2+v1.149.1 release

Reviewed-on: https://git.coopcloud.tech/coop-cloud/matrix-synapse/pulls/55

.env.sample

@@ -39,9 +39,7 @@ PASSWORD_LOGIN_ENABLED=true
 ## Room auto-join
 
 #AUTO_JOIN_ROOM_ENABLED=1
-#AUTO_JOIN_ROOM is deprecated, but kept for backward compatibility. Please use only one, and prefer AUTO_JOIN_ROOM_LIST.
 #AUTO_JOIN_ROOM="#example:example.com"
-#AUTO_JOIN_ROOM_LIST="[\"#room1:example.com\",\"#room2:example.com\"]"
 
 ## Logging
 
@@ -88,8 +86,6 @@ RETENTION_MAX_LIFETIME=4w
 #MEDIA_RETENTION_LOCAL_LIFETIME=30d
 #MEDIA_RETENTION_REMOTE_LIFETIME=14d
 
-MAX_UPLOAD_SIZE=50M
-
 ## Old Signing Key
 #OLD_SIGNING_KEY_ID=a_OLDKEYID
 #OLD_SIGNING_KEY=base64string

abra.sh

@@ -1,14 +1,14 @@
 export DISCORD_BRIDGE_YAML_VERSION=v2
 export ENTRYPOINT_CONF_VERSION=v3
-export HOMESERVER_YAML_VERSION=v34
+export HOMESERVER_YAML_VERSION=v35
 export LOG_CONFIG_VERSION=v2
 export SHARED_SECRET_AUTH_VERSION=v2
 export SIGNAL_BRIDGE_YAML_VERSION=v6
 export TELEGRAM_BRIDGE_YAML_VERSION=v6
-export NGINX_CONFIG_VERSION=v11
+export NGINX_CONFIG_VERSION=v12
 export WK_SERVER_VERSION=v1
 export WK_CLIENT_VERSION=v1
-export PG_BACKUP_VERSION=v1
+export PG_BACKUP_VERSION=v2
 export ADMIN_CONFIG_VERSION=v1
 
 set_admin () {

compose.admin.yml

@@ -3,13 +3,13 @@ version: "3.8"
 
 services:
   admin:
-    image: awesometechnologies/synapse-admin:0.11.1
+    image: awesometechnologies/synapse-admin:0.11.4
     networks:
       - proxy
     deploy:
       labels:
         - "traefik.enable=true"
-        - "traefik.docker.network=proxy"
+        - "traefik.swarm.network=proxy"
         - "traefik.http.services.${STACK_NAME}_admin.loadbalancer.server.port=80"
         - "traefik.http.routers.${STACK_NAME}_admin.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})&&PathPrefix(`/admin`)"
         - "traefik.http.routers.${STACK_NAME}_admin.entrypoints=web-secure"

compose.shared_secret_auth.yml

@@ -9,7 +9,7 @@ services:
       - shared_secret_auth
     configs:
       - source: shared_secret_auth
-        target: /usr/local/lib/python3.12/site-packages/shared_secret_authenticator.py
+        target: /usr/local/lib/python3.13/site-packages/shared_secret_authenticator.py
 
 configs:
   shared_secret_auth:

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   web:
-    image: nginx:1.29.2
+    image: nginx:1.29.6
     networks:
       - proxy
       - internal
@@ -22,7 +22,7 @@ services:
         target: /var/www/.well-known/matrix/client
     deploy:
       restart_policy:
-        condition: on-failure
+        condition: any
       labels:
         - "traefik.enable=true"
         - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
@@ -31,12 +31,13 @@ services:
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
     healthcheck:
       test: curl -f http://${STACK_NAME}_app:8008/health || exit 1
-      interval: 20s
+      interval: 30s
       timeout: 15s
-      retries: 20
+      retries: 90
+      start_period: 2m
 
   app:
-    image: "matrixdotorg/synapse:v1.139.2"
+    image: "matrixdotorg/synapse:v1.149.1"
     volumes:
       - "data:/data"
     secrets:
@@ -48,7 +49,6 @@ services:
       - ALLOWED_LIFETIME_MAX
       - ALLOW_PUBLIC_ROOMS_FEDERATION
       - AUTO_JOIN_ROOM
-      - AUTO_JOIN_ROOM_LIST
       - AUTO_JOIN_ROOM_ENABLED
       - DISABLE_FEDERATION
       - DOMAIN
@@ -91,7 +91,6 @@ services:
       - LOGIN_LIMIT_ACCOUNT_PER_SECOND=${LOGIN_LIMIT_ACCOUNT_PER_SECOND:-0.003}
       - LOGIN_LIMIT_ACCOUNT_BURST=${LOGIN_LIMIT_ACCOUNT_BURST:-5}
       - WEB_CLIENT_LOCATION
-      - MAX_UPLOAD_SIZE
     networks:
       - internal
     entrypoint: /docker-entrypoint.sh
@@ -107,34 +106,33 @@ services:
       restart_policy:
         condition: on-failure
       labels:
-        - "coop-cloud.${STACK_NAME}.version=6.8.1+v1.139.2"
+        - "coop-cloud.${STACK_NAME}.version=7.0.2+v1.149.1"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT}"
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8008/health"]
       interval: 30s
       timeout: 10s
-      retries: 10
+      retries: 30
       start_period: 1m
 
   db:
-    image: postgres:13-alpine
+    image: pgautoupgrade/pgautoupgrade:17-alpine
     secrets:
       - db_password
     environment:
       - LC_COLLATE=C
       - LC_CTYPE=C
       - POSTGRES_DB=synapse
-      - POSTGRES_INITDB_ARGS="-E \"UTF8\""
+      - POSTGRES_INITDB_ARGS=-E UTF8
       - POSTGRES_PASSWORD_FILE=/run/secrets/db_password
       - POSTGRES_USER=synapse
       - DOMAIN
     networks:
       - internal
     healthcheck:
-      test: ["CMD", "pg_isready", "-U", "synapse"]
       interval: 30s
       timeout: 10s
-      retries: 10
+      retries: 20
       start_period: 1m
     volumes:
       - postgres:/var/lib/postgresql/data
@@ -143,11 +141,11 @@ services:
         backupbot.backup: "${ENABLE_BACKUPS:-true}"
         backupbot.backup.pre-hook: "/pg_backup.sh backup"
         backupbot.backup.volumes.postgres.path: "backup.sql"
-        backupbot.restore.post-hook: '/pg_backup.sh restore'
+        backupbot.restore.post-hook: "/pg_backup.sh restore"
     configs:
-        - source: pg_backup
+      - source: pg_backup
-          target: /pg_backup.sh
+        target: /pg_backup.sh
-          mode: 0555
+        mode: 0555
 
 volumes:
   data:

homeserver.yaml.tmpl

@@ -130,7 +130,7 @@ log_config: "/data/log.config"
 media_store_path: "/data/media_store"
 
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#max_upload_size 
-max_upload_size: {{ or (env "MAX_UPLOAD_SIZE") 50M }}
+max_upload_size: 50M
 
 # https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#turn
 {{ if eq (env "TURN_ENABLED") "1" }}

nginx.conf.tmpl

@@ -28,7 +28,7 @@ http {
       proxy_set_header X-Forwarded-For $remote_addr;
       proxy_set_header X-Forwarded-Proto https;
       proxy_set_header Host $host;
-      client_max_body_size {{ or (env "MAX_UPLOAD_SIZE") "50M" }};
+      client_max_body_size 50M;
       proxy_http_version 1.1;
     }
     
@@ -37,7 +37,7 @@ http {
       proxy_set_header X-Forwarded-For $remote_addr;
       proxy_set_header X-Forwarded-Proto https;
       proxy_set_header Host $host;
-      client_max_body_size {{ or (env "MAX_UPLOAD_SIZE") "50M" }};
+      client_max_body_size 50M;
       proxy_http_version 1.1;
     }
 
@@ -56,7 +56,7 @@ http {
       proxy_set_header X-Forwarded-For $remote_addr;
       proxy_set_header X-Forwarded-Proto https;
       proxy_set_header Host $host;
-      client_max_body_size {{ or (env "MAX_UPLOAD_SIZE") "50M" }};
+      client_max_body_size 50M;
       proxy_http_version 1.1;
     }
 {{ end }}

pg_backup.sh

@@ -6,7 +6,7 @@ BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
 
 function backup {
   export PGPASSWORD=$(cat $POSTGRES_PASSWORD_FILE)
-  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
+  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} | gzip > $BACKUP_FILE
 }
 
 function restore {
@@ -25,7 +25,7 @@ function restore {
     # Recreate Database
     psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
     createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
-    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
+    gunzip -c $BACKUP_FILE | psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f -
 
     trap - EXIT INT TERM
     restore_config

release/6.8.2+v1.139.2

@@ -0,0 +1 @@
+this patch is a reset to the state of the last known deploying version 6.8.0 – so better skip 6.8.1

release/7.0.0+v1.149.1

@@ -0,0 +1,2 @@
+WARNING: Backup your database!
+This upgrade switches the database image from postgres to pgautoupgrade and performs an in-place database upgrades from version 13 to 17.