add matrix-synapse bundle

bundles/matrix-synapse/files/homeserver.yaml

@@ -0,0 +1,85 @@
+server_name: "${server_name}"
+pid_file: "/var/run/matrix-synapse.pid"
+public_baseurl: https://${baseurl}/
+use_presence: true
+allow_public_rooms_without_auth: false
+allow_public_rooms_over_federation: false
+
+federation_ip_range_blacklist:
+  - '127.0.0.0/8'
+  - '10.0.0.0/8'
+  - '172.16.0.0/12'
+  - '192.168.0.0/16'
+  - '100.64.0.0/10'
+  - '169.254.0.0/16'
+  - '::1/128'
+  - 'fe80::/64'
+  - 'fc00::/7'
+
+listeners:
+  - port: 8009
+    tls: false
+    bind_addresses: ['::1']
+    type: http
+    x_forwarded: true
+
+    resources:
+      - names: [metrics]
+        compress: false
+
+  - port: 8008
+    tls: false
+    bind_addresses: ['::1']
+    type: http
+    x_forwarded: true
+
+    resources:
+      - names: [client, federation]
+        compress: false
+
+admin_contact: '${admin_contact}'
+database:
+  name: "psycopg2"
+  args:
+    user: "${database['user']}"
+    database: "${database['database']}"
+    password: "${database['password']}"
+    host: "${database.get('host', 'localhost')}"
+    cp_min: 5
+    cp_max: 10
+
+event_cache_size: 1M
+log_config: "/etc/matrix-synapse/log.yaml"
+
+enable_media_repo: false
+enable_registration: false
+registration_shared_secret: "${registration_shared_secret}"
+allow_guest_access: false
+#default_identity_server: https://matrix.org
+#trusted_third_party_id_servers:
+#  - matrix.org
+#  - vector.im
+
+enable_metrics: True
+
+app_service_config_files:
+% for config in sorted(appservice_configs):
+  - "${config}"
+% endfor
+
+signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
+trusted_key_servers:
+% for server in sorted(trusted_key_servers):
+  - server_name: "${server}"
+% endfor
+
+password_config:
+   enabled: true
+
+email:
+   enable_notifs: false
+   notif_from: "Matrix <noreply@${server_name}"
+
+enable_group_creation: true
+
+report_stats: true

bundles/matrix-synapse/items.py

@@ -0,0 +1,35 @@
+pkg_apt = {
+    'matrix-synapse-py3': {}
+}
+
+files = {
+    '/etc/matrix-synapse/homeserver.yaml': {
+        'content_type': 'mako',
+        'context': node.metadata['matrix-synapse'],
+        'needs': {
+            'pkg_apt:matrix-synapse-py3',
+        },
+        'triggers': {
+            'svc_systemd:matrix-synapse:restart',
+        },
+    },
+    '/etc/matrix-synapse/homeserver.signing.key': {
+        'content': repo.vault.decrypt_file('matrix-synapse/{}/homeserver_signing.key.vault'.format(node.name)),
+    },
+}
+
+directories = {
+    '/etc/matrix-synapse/conf.d': {
+        'purge': True,
+    },
+}
+
+svc_systemd = {
+    'matrix-synapse': {
+        'needs': {
+            'file:/etc/matrix-synapse/homeserver.yaml',
+            'directory:/etc/matrix-synapse/conf.d',
+            'pkg_apt:matrix-synapse-py3',
+        },
+    },
+}

bundles/matrix-synapse/metadata.py

@@ -0,0 +1,32 @@
+@metadata_processor
+def nodejs_apt_repos(metadata):
+    return {
+        'apt': {
+            'repos': {
+                'matrix': {
+                    'key': 'AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058',
+                    'items': [
+                        'deb https://packages.matrix.org/debian buster main',
+                    ],
+                },
+            },
+            'unattended-upgrades': {
+                'sites': {
+                    'packages.matrix.org',
+                },
+            },
+        },
+    }, DEFAULTS, DONE
+
+@metadata_processor
+def synapse_defaults(metadata):
+    return {
+        'matrix-synapse': {
+            'registration_shared_secret': repo.vault.human_password_for('{} matrix-synapse registration_shared_secret'.format(node.name)),
+            'database': {
+                'user': 'synapse_user',
+                'password': repo.vault.password_for('{} postgresql synapse_user'.format(node.name)),
+                'database': 'synapse',
+            },
+        },
+    }, DEFAULTS, DONE