add matrix-synapse bundle

This commit is contained in:
Franzi 2020-04-05 11:38:31 +02:00
parent 29eeffbdc3
commit 8a26def21c
Signed by: kunsi
GPG key ID: 12E3D2136B818350
8 changed files with 267 additions and 6 deletions

View file

@ -0,0 +1,85 @@
server_name: "${server_name}"
pid_file: "/var/run/matrix-synapse.pid"
public_baseurl: https://${baseurl}/
use_presence: true
allow_public_rooms_without_auth: false
allow_public_rooms_over_federation: false
federation_ip_range_blacklist:
- '127.0.0.0/8'
- '10.0.0.0/8'
- '172.16.0.0/12'
- '192.168.0.0/16'
- '100.64.0.0/10'
- '169.254.0.0/16'
- '::1/128'
- 'fe80::/64'
- 'fc00::/7'
listeners:
- port: 8009
tls: false
bind_addresses: ['::1']
type: http
x_forwarded: true
resources:
- names: [metrics]
compress: false
- port: 8008
tls: false
bind_addresses: ['::1']
type: http
x_forwarded: true
resources:
- names: [client, federation]
compress: false
admin_contact: '${admin_contact}'
database:
name: "psycopg2"
args:
user: "${database['user']}"
database: "${database['database']}"
password: "${database['password']}"
host: "${database.get('host', 'localhost')}"
cp_min: 5
cp_max: 10
event_cache_size: 1M
log_config: "/etc/matrix-synapse/log.yaml"
enable_media_repo: false
enable_registration: false
registration_shared_secret: "${registration_shared_secret}"
allow_guest_access: false
#default_identity_server: https://matrix.org
#trusted_third_party_id_servers:
# - matrix.org
# - vector.im
enable_metrics: True
app_service_config_files:
% for config in sorted(appservice_configs):
- "${config}"
% endfor
signing_key_path: "/etc/matrix-synapse/homeserver.signing.key"
trusted_key_servers:
% for server in sorted(trusted_key_servers):
- server_name: "${server}"
% endfor
password_config:
enabled: true
email:
enable_notifs: false
notif_from: "Matrix <noreply@${server_name}"
enable_group_creation: true
report_stats: true

View file

@ -0,0 +1,35 @@
pkg_apt = {
'matrix-synapse-py3': {}
}
files = {
'/etc/matrix-synapse/homeserver.yaml': {
'content_type': 'mako',
'context': node.metadata['matrix-synapse'],
'needs': {
'pkg_apt:matrix-synapse-py3',
},
'triggers': {
'svc_systemd:matrix-synapse:restart',
},
},
'/etc/matrix-synapse/homeserver.signing.key': {
'content': repo.vault.decrypt_file('matrix-synapse/{}/homeserver_signing.key.vault'.format(node.name)),
},
}
directories = {
'/etc/matrix-synapse/conf.d': {
'purge': True,
},
}
svc_systemd = {
'matrix-synapse': {
'needs': {
'file:/etc/matrix-synapse/homeserver.yaml',
'directory:/etc/matrix-synapse/conf.d',
'pkg_apt:matrix-synapse-py3',
},
},
}

View file

@ -0,0 +1,32 @@
@metadata_processor
def nodejs_apt_repos(metadata):
return {
'apt': {
'repos': {
'matrix': {
'key': 'AAF9AE843A7584B5A3E4CD2BCF45A512DE2DA058',
'items': [
'deb https://packages.matrix.org/debian buster main',
],
},
},
'unattended-upgrades': {
'sites': {
'packages.matrix.org',
},
},
},
}, DEFAULTS, DONE
@metadata_processor
def synapse_defaults(metadata):
return {
'matrix-synapse': {
'registration_shared_secret': repo.vault.human_password_for('{} matrix-synapse registration_shared_secret'.format(node.name)),
'database': {
'user': 'synapse_user',
'password': repo.vault.password_for('{} postgresql synapse_user'.format(node.name)),
'database': 'synapse',
},
},
}, DEFAULTS, DONE

View file

@ -85,3 +85,6 @@ svc_systemd = {
},
},
}
if node.has_bundle('matrix-synapse'):
actions['mx-puppet-discord_generate_registration']['triggers'].add('svc_systemd:matrix-synapse:restart')

View file

@ -9,3 +9,26 @@ def mx_puppet_discord_user(metadata):
},
},
}, DEFAULTS, DONE
@metadata_processor
def add_mx_puppet_discord_to_synapse(metadata):
return {
'matrix-synapse': {
'appservice_configs': {
'/opt/mx-puppet-discord/registration.yaml',
},
},
}, DEFAULTS, DONE
@metadata_processor
def bridge_defaults(metadata):
return {
'mx-puppet-discord': {
'database': {
'user': 'mx-puppet-discord',
'password': repo.vault.password_for('{} postgresql mx-puppet-discord'.format(node.name)),
'database': 'mx-puppet-discord',
},
},
}, DEFAULTS, DONE

View file

@ -0,0 +1,65 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFy1EC0BEADB9mmN7jMrmgzdZAT0vNMmnaOGH1aIYEHQvEWKwR0mbDDCOxTW
pls54sRHgHGAeJ8e5YbytypOkx2+q/4mWTKRyhFPv/MIGLNYi/1EspNvyl0VapUr
XAIHEn7EVJXq929rshS6MBQ0cXWMwqtIXYScqIYpQU6ZQQAKfsKTr2XE4v33WDWQ
Vjv7A1SLaA7pgSZrW83JbLFJS8OoaBfUUXyA73NQTgygH28r7xOQnwE3VG/TPlS5
0rpZ7U1MpoA8xgzyAgUU3ae3wERDmXAljAGmSD60RqB9E6Bj+s86i0Qw0GQKgb6Y
usf1jKhRMpSpBgCKa9TcvQQG6Ci4kYqQQ4NPyySoBDvlDgln8JO0/zFXzhxqxfku
ehMpFotTmy3hQrSzaflVgLsEDO+J0oD6Vd0/8qUFD/iV8aiA83kprZSKGg2yyyIk
BNOVYkceG5eh/PUGENxrddfu8aooVLO+9v5QDcV1bBs5DPQlAn8LoEH9OyAjOGfF
s0UuBxwDV/x4AiFTbvYEncYwlXME4scNoeQkESj6bT/EAK50WduMyG7XHULeAD86
i4cSG9mbhDLGaOB084gRb+Jhk6mNUbXiy7TwsNmDaanrP4CO1g8vIRwSCl0l6ayz
uFGv3BRVuC+6yN1gvh82DgQm6iWeWdHxkIkNdO3lP5JDZy2Y3LpahsWTfwARAQAB
tCltYXRyaXgub3JnIHBhY2thZ2VzIDxwYWNrYWdlc0BtYXRyaXgub3JnPokCVAQT
AQoAPhYhBKr5roQ6dYS1o+TNK89FpRLeLaBYBQJctRAtAhsDBQkJZgGABQsJCAcC
BhUKCQgLAgQWAgMBAh4BAheAAAoJEM9FpRLeLaBYWwAP/3dNMHj+hu6Nn583H5Wu
UuTGKbxb7LlWpGtYVd5qt0to/fkYEms3koYJ5X+K71bv8weto+TKyhXM1yoaVHT+
yvAhQGA8X/jpXUgQpmF48cw1vKFf4guw+hXMhr9Tuiald+7qEi6neLxXt6kh+k7c
+MeZAJ1jsKbPeehGrzJJCjSrQHeYiK9+krw5jfpwCpL3Aqo6wrizWlzBScHmxckP
XPXVc6xsKtQ/EsD8dM7c5LuJA1Na21HzGfFoMUODEg6bjp7rvs4GrY4MGx7jJG6E
xYYArVh4rzy82GJaV6SOKHLqoTMyVdSw3gwL4LoKdfUiv92vszY7un3466eruLcv
fHEA6jRYl7Da8Csb9odFWFrua1Jo9TrT9dZZUFxkSNDSwSHYT8qjCDoPemi9/5T1
7EY8htVjEv+pE7l33SP1GURvQhWvg8rdJLHILVTzwOz33y30OGOGqWV9P1wqcfbf
ZLcwZIX8HQCBmxPf4+i8augXnBEzVIfUBHh4SJ+md9UNK5Sx1rYRvb/Epd1GenQr
On5NJlNkthyUBCvKDfrFquW5UDTW6TOyhXcmycWcL2lSFueS1psBtiJNeBWnhxc0
c8OHGV5x3CqigVya5kFL4/47Ay7ldiGXQzLl1RxCBxCaw+0sDbKQlJx2b3/f45V9
ukVK4rmFVlUeO1ULo/dpOo1ZiQEzBBABCgAdFiEEQlNDQm4FMsm53u1sih+T1XW1
6NUFAly1FdkACgkQih+T1XW16NXYhQf9GhByPudQZCeW4pKq5MlXCP8o0ZplZKC4
0qT/t25bfU/Gf7ZtVEl0/O7gLTvCEPoZfR9vALN0I7YB7WEZC2OyPU5v2oeQkGeh
u6LskHf6KDCh1eSU4Bl5zcuSOOZ6J8p7NwwbZR5wheZhD/pNjXahRFKRpY0poLFt
HQ+FwPqaCi2uMa6NCxe+UJZn5/hANQO6E9tsHDXVGkwoVpfMjqelHSjWQZcfqZ/s
pb38u+yoOiWiN2P4cNnlGZa+QvazgeuhlkvGKZ5gHRWHPwfINZ6uAsslGsE3ebjQ
6XzRF5jDuLMriNDyPb3CfPezYZJEA3OA8MfH6XKJCdR7aRFCXrgfkLkBjQRctRFe
AQwAyJcFrHweLUCBK0VR2mw9TVOrgVxzaFxt89WnJMgcgi0mcw+a+B2wHHYHgI2D
2XQZ8a7QIV43OCeWdiE2ZKuK4hX2FVLLmrLa6xVyjvF8AO3/CD4aClQ0WyYkY9Eu
IRJ8ME/Mh/2zsCayRFvezrjHikOJFtH844P4nzVeAtIGM6O7LjixOJXDhoPnM5sj
l61TDJbgarB4oXTYBFPOB7f96TxSe6H24GoCR8nG4v0GXSLRAJEVpVz5dpO4joe5
zTDQzBn5wIfkjhKprv9Xf9PPzf8PbRVFd9vqB05AEwAxeTp55wrgICxt1jQSCjsg
NTr/ntEphZNUqNYVPphOt+Pb9K6d0S6VdkEQ6yAHJ+sFBy7BKskAQK71j/nIOSbj
wC2Ed2QRIGoedrUoJzhp71VsjzxzaNG4QBWfWBk6A7hN6j1frnfKjXuJ0+6rGaOD
XXxXdyYAR1egmlcHUTLZLrfF445rfQ4lWh0tYYIvjBExDBV3YclzEsBSx+gwxelJ
8vS7ABEBAAGJA/IEGAEKACYWIQSq+a6EOnWEtaPkzSvPRaUS3i2gWAUCXLURXgIb
AgUJA8JnAAHACRDPRaUS3i2gWMD0IAQZAQoAHRYhBFWGzMDLu+/HolgRrfRz3URz
Nl3hBQJctRFeAAoJEPRz3URzNl3hTmoL/AtgbO+lP4wjtI2DWh//V6R5FfO9dzyb
wkL9wcCGsHNRojzP0snvGdrYMa3bt6p5O279KG2Sef7/xVpf37vCbtRoYdZWY8WR
K3VGzXHk6nGjqRpstzgfEZJzlu43H5rDJsUS31VB1JQPeGIGBNCm7QJIyVxkiToL
rFAeCa6tIOP0BDTG0s+o/Vk79w4qTQDW0WNUYN0f2AS5Uk8AUXzrPf2GIY2dglyK
TJVeiCPBA+zk537c90ZDX2F5mnyf7atWSGX73JloIeT4sDHC5Aml7myS+PU2uMPd
tInjse7s85J+0ldxKYty3YZbuNMxloISkpxw19ICm8VFFveHJFZNG0tCGFozDfNL
B6QDxWMpKKdPI7GdE9retzv+s6pvlvxlQAjOlMt3tqXv4TR+Y5+J73cpiH4FXoW4
vQonRE0ebvOuBpVluMOio0iCQcrvf7dr02dJ5+yBuYJXE7E0zeVjsm6fUT9/8oTp
1NjtUY8/ppO1Ctyrj1mPUzA9zRIbtWVmTFuBEACJHM/QMvuBGJwknBTqo5+FutqG
1ouvzSZOOkDBm19yRakQ6ER5vo1ul5SOM5jjdkk0saFGYjVcyOADNIxub298fbBa
36kfzPJKFQbJKHQnCSOnr+MX+GNeFiCZ3LZExl5g7XFD56clkjFHSWgY295ssPWQ
slPO/8aNFUCx4ydKHNWeUlzL5UZ//p1XFdzApmCiayOKx2awVH2sKb2vgskDpzk2
e3x/YPzL4GCLOwtVsscvl7NmY5xEMfP+AoqszVsRdZDhZZgJ8AbwmLNiiiO9/YKe
pIV+7qoK5z+AWESbkRkBdmPoMTZE6PRk1t7GGW3kbxQJrEDfHLTc1OclFsOmrov/
KdOuYX8yU8lEfNkeGnY3bin69vxeFo7N3hU1Ocre/Byr/q4WA4Kzvpy27QxeCSaY
mi3EXQXn4zjzAQnI7Lg3cb9YdQKHYA+9OKNHzxr1Tc4kMfMqrbuVBwYdy75UriUa
XboiSIiMkEPYF2ZvdcV5f6fuONIes0EBtYhpIyIBu+/RWHeVPNkUrGlEtJN39qGc
JG1cGyvHn3aW9YDwh/s6FZSD8B+fmVE9WWCPnpMGL3bfoPyquZwXXLkTgI3bNYF6
gGYZTkEmuOmxb6oDtKLaOMbOrnQbLupG36O3AiCvWaC6c+I4wgsbXe9pJheXCPgE
c9welNUwmnmoaZfmyg==
=FnsY
-----END PGP PUBLIC KEY BLOCK-----

View file

@ -0,0 +1 @@
encrypt$gAAAAABeiaEqyvC5b9qRtL9I760dD51BJ9ZMKjofyORoSedhjqfHM0Pp-x_UECvoZgrtY8dgcq0Ste27YlSofnPwLM6Jr6wXfNX-Ih8WZD7hV6yQdEQ6wmj2FYilmMknGdQ_yVnu5TRe_malgW78n6hRQc7DsdsEfw==

View file

@ -1,5 +1,6 @@
nodes['htz.ex42-1048908'] = {
'bundles': [
'matrix-synapse',
'mx-puppet-discord',
'nginx',
'nodejs',
@ -22,16 +23,26 @@ nodes['htz.ex42-1048908'] = {
},
},
},
'matrix-synapse': {
'server_name': 'franzi.business',
'baseurl': 'matrix.franzi.business',
'admin_contact': 'mailto:hostmaster@kunbox.net',
'appservice_configs': {
'/opt/matrix-bridges/mautrix-whatsapp/registration.yaml',
'/opt/matrix-bridges/mautrix-telegram/registration.yaml',
'/opt/matrix-bridges/matrix-appservice-discord/discord-registration.yaml',
},
'trusted_key_servers': {
'matrix.org',
'finallycoffee.eu',
'nyantec.com',
},
},
'mx-puppet-discord': {
'homeserver': {
'domain': 'franzi.business',
'url': 'http://[::1]:8008',
},
'database': {
'user': 'mx-puppet-discord',
'password': vault.password_for('htz.ex42-1048908 postgres mx-puppet-discord'),
'database': 'mx-puppet-discord',
},
'allowed-users': {
'@.*:franzi\\\\.business',
},
@ -53,13 +64,19 @@ nodes['htz.ex42-1048908'] = {
'postgresql': {
'users': {
'mx-puppet-discord': {
'password': vault.password_for('htz.ex42-1048908 postgres mx-puppet-discord'),
'password': vault.password_for('htz.ex42-1048908 postgresql mx-puppet-discord'),
},
'synapse_user': {
'password': vault.password_for('htz.ex42-1048908 postgresql synapse_user'),
},
},
'databases': {
'mx-puppet-discord': {
'owner': 'mx-puppet-discord',
},
'synapse': {
'owner': 'synapse_user',
},
},
},
'users': {