bw/htz-cloud.miniserver install matrix and other components

2021-05-14 20:07:55 +02:00 · 2021-05-14 20:07:55 +02:00 · 8bde57be4b
parent d3c9550463
commit 8bde57be4b
5 changed files with 132 additions and 2 deletions
--- a/data/matrix-synapse/htz-cloud.miniserver/homeserver_signing.key.vault
+++ b/data/matrix-synapse/htz-cloud.miniserver/homeserver_signing.key.vault
@ -0,0 +1 @@
+encrypt$gAAAAABgnpPCtotoGnJ5XK2ZrCBPGUOE7KxxpjaayiJ3kQZ9Xi6F_NuBAmFwTCGOsdzd_9HCaHxMjXGpf-X4TVIdcABquUH9ZMQ6QsBjGNtLAeVz64E9aNF8R4OgKeCn5cd_XT87awFR6budL7gOp7hzFvwtkJVs4w==
--- a/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu
+++ b/data/nginx/files/extras/htz-cloud.miniserver/dimension.sophies-kitchen.eu
@ -0,0 +1,6 @@
+    add_header Content-Security-Policy "frame-ancestors 'self' chat.sophies-kitchen.eu";
+
+    location /.well-known/matrix/ {
+        alias /etc/matrix-synapse/wellknown/;
+        add_header Access-Control-Allow-Origin *;
+    }
--- a/data/nginx/files/extras/htz-cloud.miniserver/matrix.sophies-kitchen.eu
+++ b/data/nginx/files/extras/htz-cloud.miniserver/matrix.sophies-kitchen.eu
@ -0,0 +1,22 @@
+    location /.well-known/matrix/ {
+        types { } default_type "application/json";
+        alias /etc/matrix-synapse/wellknown/;
+        add_header Access-Control-Allow-Origin *;
+    }
+
+    location /_matrix {
+        proxy_pass http://[::1]:20080;
+        proxy_set_header Host "sophies-kitchen.eu";
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+    }
+
+    location /_matrix/media {
+        client_max_body_size 500M;
+
+        proxy_read_timeout 600s;
+        proxy_set_header Host "sophies-kitchen.eu";
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_pass http://localhost:20090;
+    }
--- a/data/nginx/files/extras/htz-cloud.miniserver/sophies-kitchen.eu
+++ b/data/nginx/files/extras/htz-cloud.miniserver/sophies-kitchen.eu
@ -0,0 +1,10 @@
+location /.well-known/matrix/client {
+    return 200 '{"m.homeserver": {"base_url": "https://matrix.sophies-kitchen.eu"},"m.identity_server": {"base_url": "https://matrix.org"}}';
+    default_type application/json;
+    add_header Access-Control-Allow-Origin *;
+}
+location /.well-known/matrix/server {
+    return 200 '{"m.server": "matrix.sophies-kitchen.eu:443"}';
+    default_type application/json;
+    add_header Access-Control-Allow-Origin *;
+}
--- a/nodes/htz-cloud/miniserver.py
+++ b/nodes/htz-cloud/miniserver.py
@ -2,11 +2,18 @@
 # mostly unmanaged

 nodes['htz-cloud.miniserver'] = {
+    'bundles': {
+        'element-web',
+        'matrix-media-repo',
+        'matrix-synapse',
+        'nodejs',
+        'mautrix-telegram',
+        'postgresql',
+    },
    'groups': {
        'debian-buster',
        'webserver',
    },
-    'bundles': set(),
    'metadata': {
        'interfaces': {
            'eth0': {
@ -40,8 +47,31 @@ nodes['htz-cloud.miniserver'] = {
        'backups': {
            'exclude_from_backups': True,
        },
+        'element-web': {
+            'url': 'chat.sophies-kitchen.eu',
+            'version': 'v1.7.27',
+            'config': {
+                'default_server_config': {
+                    'm.homeserver': {
+                        'base_url': 'https://matrix.sophies-kitchen.eu',
+                        'server_name': 'sophies-kitchen.eu',
+                    },
+                },
+                'brand': 'sophies-kitchen.eu',
+                'showLabsSettings': True,
+                #'integrations_ui_url': 'https://dimension.sophies-kitchen.eu/riot',
+                #'integrations_rest_url': 'https://dimension.sophies-kitchen.eu/api/v1/scalar',
+                #'integrations_widgets_urls': {
+                #    'https://dimension.sophies-kitchen.eu/widgets'
+                #},
+                'default_theme': 'dark',
+                'defaultCountryCode': 'DE',
+                'jitsi': {
+                    'preferredDomain': 'meet.ffmuc.net',
+                },
+            },
+        },
        'icinga_options': {
-            'exclude_from_monitoring': True,
            'vars.notification.sms': False,
        },
        'iptables': {
@ -66,10 +96,71 @@ nodes['htz-cloud.miniserver'] = {
            'domains': {
                'i.sophies-kitchen.eu': set(),
                'webdump.sophies-kitchen.eu': set(),
+                'matrix.sophies-kitchen.eu': {
+                    'sophies-kitchen.eu',
+                },
+            },
+        },
+        'matrix-media-repo': {
+            'version': 'v1.2.8',
+            'homeservers': {
+                'sophies-kitchen.eu': {
+                    'domain': 'http://[::1]:20080/',
+                    'api': 'synapse',
+                },
+            },
+            'admins': {
+                '@sophie:sophies-kitchen.eu',
+            },
+            'upload_max_mb': 500,
+        },
+        'matrix-synapse': {
+            'server_name': 'sophies-kitchen.eu',
+            'baseurl': 'matrix.sophies-kitchen.eu',
+            'admin_contact': 'mailto:foobar@sophies-kitchen.eu',
+            'trusted_key_servers': {
+                'matrix.org',
+            },
+        },
+        'mautrix-telegram': {
+            'version': 'v0.9.0',
+            'homeserver': {
+                'domain': 'sophies-kitchen.eu',
+                'url': 'https://matrix.sophies-kitchen.eu',
+            },
+            'provisioning': {
+                'enabled': False,
+                'shared_secret': '""',
+            },
+            'permissions': {
+                'sophies-kitchen.eu': 'full',
+                "'@sophie:sophies-kitchen.eu'": 'admin',
+            },
+            'telegram': {
+                'api_id': vault.decrypt('encrypt$gAAAAABgnqdXhCTwtCXJhSaCZsiNfHPtjwlYtV1sUAux7JZdejN3xItU9RJLeNu4gUniv36XbBoxKwVtqqyV3RcAs-PgumcfYQ=='),
+                'api_token': vault.decrypt('encrypt$gAAAAABgnqd5IdpYRmW-C4ONBSXQfiJrpTVQX0rP0eKoDnLnVTLg-5olSjcw2gVvEKWLnsGEZIgVcG7yEs-sqYRxeiQLFFpSn-Z4We0mhj0CUeFoD-eXJsp-bAgLv9PJoMv5Gjb8r9i6'),
+                'bot_token': '""',
            },
        },
        'nginx': {
            'vhosts': {
+                #'dimension.sophies-kitchen.eu': {
+                #    'extras': True,
+                #    'do_not_set_content_security_headers': True,
+                #    'max_body_size': '50M',
+                #    'proxy': {
+                #        '/': {
+                #            'target': 'http://127.0.0.1:8184',
+                #        },
+                #    },
+                #},
+                'sophies-kitchen.eu': {
+                    'webroot': '/var/www/sophies-kitchen.eu/_site/',
+                    'extras': True,
+                },
+                'matrix.sophies-kitchen.eu': {
+                    'extras': True,
+                },
                'webdump.sophies-kitchen.eu': {
                    'webroot_config': {
                        'owner': 'sophie',
				`@ -0,0 +1 @@`
				`encrypt$gAAAAABgnpPCtotoGnJ5XK2ZrCBPGUOE7KxxpjaayiJ3kQZ9Xi6F_NuBAmFwTCGOsdzd_9HCaHxMjXGpf-X4TVIdcABquUH9ZMQ6QsBjGNtLAeVz64E9aNF8R4OgKeCn5cd_XT87awFR6budL7gOp7hzFvwtkJVs4w==`