From 2607049f8d0ed898a11a21f80f732003c94de66f Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 20 May 2023 15:15:35 +0200 Subject: [PATCH] add bundle:matrix-registration --- bundles/matrix-registration/files/config.yaml | 40 ++++++++++++ .../files/matrix-registration.service | 14 ++++ bundles/matrix-registration/items.py | 64 +++++++++++++++++++ bundles/matrix-registration/metadata.py | 25 ++++++++ 4 files changed, 143 insertions(+) create mode 100644 bundles/matrix-registration/files/config.yaml create mode 100644 bundles/matrix-registration/files/matrix-registration.service create mode 100644 bundles/matrix-registration/items.py create mode 100644 bundles/matrix-registration/metadata.py diff --git a/bundles/matrix-registration/files/config.yaml b/bundles/matrix-registration/files/config.yaml new file mode 100644 index 0000000..27d2467 --- /dev/null +++ b/bundles/matrix-registration/files/config.yaml @@ -0,0 +1,40 @@ +server_location: 'http://localhost:20080' +server_name: '${server_name}' +registration_shared_secret: '${reg_secret}' +admin_api_shared_secret: '${admin_secret}' +base_url: '${base_url}' +client_redirect: 'https://app.element.io/#/login' +client_logo: 'static/images/element-logo.png' # use '{cwd}' for current working directory +#db: 'sqlite:///opt/matrix-registration/data/db.sqlite3' +db: 'postgresql://${database['user']}:${database['password']}@localhost/${database['database']}' +host: 'localhost' +port: 20100 +rate_limit: ["100 per day", "10 per minute"] +allow_cors: false +ip_logging: false +logging: + disable_existing_loggers: false + version: 1 + root: + level: DEBUG + handlers: [console] + formatters: + brief: + format: '%(name)s - %(levelname)s - %(message)s' + handlers: + console: + class: logging.StreamHandler + level: INFO + formatter: brief + stream: ext://sys.stdout +# password requirements +password: + min_length: 8 +# username requirements +username: + validation_regex: [] #list of regexes that the selected username must match. Example: '[a-zA-Z]\.[a-zA-Z]' + invalidation_regex: #list of regexes that the selected username must NOT match. Example: '(admin|support)' + - '^abuse' + - 'admin' + - 'support' + - 'help' diff --git a/bundles/matrix-registration/files/matrix-registration.service b/bundles/matrix-registration/files/matrix-registration.service new file mode 100644 index 0000000..bf6ace9 --- /dev/null +++ b/bundles/matrix-registration/files/matrix-registration.service @@ -0,0 +1,14 @@ +[Unit] +Description=matrix-registration +After=network.target + +[Service] +User=matrix-registration +Group=matrix-registration +WorkingDirectory=/opt/matrix-registration/src +ExecStart=/opt/matrix-registration/venv/bin/matrix-registration --config-path /opt/matrix-registration/config.yaml serve +Restart=always +RestartSec=5 + +[Install] +WantedBy=multi-user.target diff --git a/bundles/matrix-registration/items.py b/bundles/matrix-registration/items.py new file mode 100644 index 0000000..a1fe4f8 --- /dev/null +++ b/bundles/matrix-registration/items.py @@ -0,0 +1,64 @@ +actions['matrix-registration_create_virtualenv'] = { + 'command': '/usr/bin/python3 -m virtualenv -p python3 /opt/matrix-registration/venv/', + 'unless': 'test -d /opt/matrix-registration/venv/', + 'needs': { + # actually /opt/matrix-registration, but we don't create that + 'directory:/opt/matrix-registration/src', + }, +} + +actions['matrix-registration_install'] = { + 'command': ' && '.join([ + 'cd /opt/matrix-registration/src', + '/opt/matrix-registration/venv/bin/pip install psycopg2-binary', + '/opt/matrix-registration/venv/bin/pip install -e .', + ]), + 'needs': { + 'action:matrix-registration_create_virtualenv', + }, + 'triggered': True, +} + +users['matrix-registration'] = { + 'home': '/opt/matrix-registration', +} + +directories['/opt/matrix-registration/src'] = {} + +git_deploy['/opt/matrix-registration/src'] = { + 'repo': 'https://github.com/zeratax/matrix-registration.git', + 'rev': 'master', + 'triggers': { + 'action:matrix-registration_install', + 'svc_systemd:matrix-registration:restart', + }, +} + +files['/opt/matrix-registration/config.yaml'] = { + 'content_type': 'mako', + 'context': { + 'server_name': node.metadata.get('matrix-synapse/server_name'), + 'reg_secret': '', + 'admin_secret': node.metadata.get('matrix-registration/admin_secret'), + 'database': node.metadata.get('matrix-registration/database'), + 'base_url': node.metadata.get('matrix-registration/base_path', ''), + }, + 'triggers': { + 'svc_systemd:matrix-registration:restart', + }, +} + +files['/usr/local/lib/systemd/system/matrix-registration.service'] = { + 'triggers': { + 'action:systemd-reload', + 'svc_systemd:matrix-registration:restart', + }, +} + +svc_systemd['matrix-registration'] = { + 'needs': { + 'action:matrix-registration_install', + 'file:/opt/matrix-registration/config.yaml', + 'file:/usr/local/lib/systemd/system/matrix-registration.service', + }, +} diff --git a/bundles/matrix-registration/metadata.py b/bundles/matrix-registration/metadata.py new file mode 100644 index 0000000..f5e4e7c --- /dev/null +++ b/bundles/matrix-registration/metadata.py @@ -0,0 +1,25 @@ +defaults = { + 'bash_aliases': { + 'matrix-registration': '/opt/matrix-registration/venv/bin/matrix-registration --config-path /opt/matrix-registration/config.yaml', + }, + 'matrix-registration': { + 'admin_secret': repo.vault.password_for(f'{node.name} matrix-registration admin secret'), + 'database': { + 'user': 'matrix-registration', + 'password': repo.vault.password_for(f'{node.name} postgresql matrix-registration'), + 'database': 'matrix-registration', + }, + }, + 'postgresql': { + 'roles': { + 'matrix-registration': { + 'password': repo.vault.password_for(f'{node.name} postgresql matrix-registration'), + }, + }, + 'databases': { + 'matrix-registration': { + 'owner': 'matrix-registration', + }, + }, + }, +}