bundlewrap/bundles/matrix-synapse/metadata.py

176 lines
5 KiB
Python
Raw Permalink Normal View History

from json import dumps
2020-08-18 13:27:55 +00:00
defaults = {
'apt': {
'repos': {
'matrix': {
'items': {
2021-07-23 05:58:15 +00:00
'deb https://packages.matrix.org/{os} {os_release} main',
},
2020-04-05 09:38:31 +00:00
},
2020-08-18 13:27:55 +00:00
},
'packages': {
'matrix-synapse-py3': {},
},
},
2020-11-13 11:37:26 +00:00
'backups': {
'paths': {
'/etc/matrix-synapse', # to backup the signing key
2020-11-13 11:37:26 +00:00
'/var/lib/matrix-synapse',
},
},
2020-11-21 17:55:06 +00:00
'icinga2_api': {
'matrix-synapse': {
'services': {
2021-04-10 14:40:44 +00:00
'MATRIX-SYNAPSE PROCESS': {
'command_on_monitored_host': '/usr/lib/nagios/plugins/check_procs -a synapse.app.homeserver -c 1:',
2021-01-02 11:26:37 +00:00
'vars.notification.sms': True,
2020-11-21 17:55:06 +00:00
},
},
},
},
2020-11-13 11:37:26 +00:00
'matrix-synapse': {
2020-08-18 13:27:55 +00:00
'registration_shared_secret': repo.vault.human_password_for('{} matrix-synapse registration_shared_secret'.format(node.name)),
'database': {
'user': 'synapse_user',
'password': repo.vault.password_for('{} postgresql synapse_user'.format(node.name)),
'database': 'synapse',
},
'appservice_configs': set(),
2020-08-18 13:27:55 +00:00
},
'postgresql': {
'roles': {
2020-08-18 13:27:55 +00:00
'synapse_user': {
2020-04-05 09:38:31 +00:00
'password': repo.vault.password_for('{} postgresql synapse_user'.format(node.name)),
},
},
2020-08-18 13:27:55 +00:00
'databases': {
'synapse': {
'owner': 'synapse_user',
'when_creating': {
'collation': 'C',
'ctype': 'C',
},
},
2020-08-18 13:27:55 +00:00
},
},
'zfs': {
'datasets': {
'tank/matrix-synapse': {
'mountpoint': '/var/lib/matrix-synapse',
'needed_by': {
'pkg_apt:matrix-synapse-py3',
},
},
},
},
2020-08-18 13:27:55 +00:00
}
if node.has_bundle('telegraf'):
defaults['telegraf'] = {
'input_plugins': {
'prometheus': {
'matrix_synapse': {
'urls': [
'http://[::1]:20081/_synapse/metrics'
],
'metric_version': 2,
},
},
},
}
@metadata_reactor.provides(
'nginx/vhosts',
)
def nginx(metadata):
if not node.has_bundle('nginx'):
raise DoNotRunAgain
wellknown = {
'/.well-known/matrix/client': {
'content': dumps({
'm.homeserver': {
'base_url': 'https://{}'.format(metadata.get('matrix-synapse/baseurl')),
},
'm.identity_server': {
'base_url': metadata.get('matrix-synapse/identity_server', 'https://matrix.org'),
},
**metadata.get('matrix-synapse/additional_client_config', {}),
}, sort_keys=True),
'return': 200,
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
'/.well-known/matrix/server': {
'content': dumps({
'm.server': '{}:443'.format(metadata.get('matrix-synapse/baseurl')),
}, sort_keys=True),
'return': 200,
'additional_config': {
'default_type application/json',
'add_header Access-Control-Allow-Origin *',
},
},
}
locations = {
'/_matrix': {
'target': 'http://[::1]:20080',
'max_body_size': '50M',
},
'/_synapse': {
'target': 'http://[::1]:20080',
},
**wellknown,
}
if node.has_bundle('matrix-media-repo'):
locations['/_matrix/media'] = {
'target': 'http://localhost:20090',
'max_body_size': '{}M'.format(metadata.get('matrix-media-repo/upload_max_mb')),
# matrix-media-repo needs this to be the
# homeserver address.
'x_forwarded_host': metadata.get('matrix-synapse/server_name'),
}
vhosts = {
'matrix-synapse': {
'domain': metadata.get('matrix-synapse/baseurl'),
'locations': locations,
'website_check_path': '/_matrix/static/',
'website_check_string': 'Synapse is running',
},
}
for vname in metadata.get('matrix-synapse/wellknown_also_on_vhosts', set()):
vhosts[vname] = {
'locations': wellknown,
}
return {
'nginx': {
'vhosts': vhosts
},
}
@metadata_reactor.provides(
'matrix-synapse/trusted_key_servers',
)
def autotrust_our_own_servers(metadata):
domains = set()
for rnode in repo.nodes:
if not rnode.has_bundle('matrix-synapse'):
continue
domains.add(rnode.metadata.get('matrix-synapse/server_name'))
return {
'matrix-synapse': {
'trusted_key_servers': domains,
},
}