From 3ede224d7b3bc95f45c73a73375c0ad1b911fa1c Mon Sep 17 00:00:00 2001 From: Cullum Smith Date: Fri, 13 Dec 2024 20:53:47 -0500 Subject: add matrix hostclass --- .../matrix-synapse/homeserver.yaml.matrix_server | 19 ++++----- .../etc/matrix-synapse/log.config.matrix_server | 36 +++++++++++++++++ .../etc/matrix-synapse/signing.key.matrix_server | 1 + .../usr/local/etc/nginx/vhosts.conf.matrix_server | 46 ++++++++++++++++++++++ .../local/etc/poudriere.d/pkglist.pkg_repository | 1 + files/usr/local/etc/sudoers.d/acme.matrix_server | 1 + 6 files changed, 95 insertions(+), 9 deletions(-) create mode 100644 files/usr/local/etc/matrix-synapse/log.config.matrix_server create mode 100644 files/usr/local/etc/matrix-synapse/signing.key.matrix_server create mode 100644 files/usr/local/etc/nginx/vhosts.conf.matrix_server create mode 100644 files/usr/local/etc/sudoers.d/acme.matrix_server (limited to 'files/usr/local/etc') diff --git a/files/usr/local/etc/matrix-synapse/homeserver.yaml.matrix_server b/files/usr/local/etc/matrix-synapse/homeserver.yaml.matrix_server index d52c351..d255bd3 100644 --- a/files/usr/local/etc/matrix-synapse/homeserver.yaml.matrix_server +++ b/files/usr/local/etc/matrix-synapse/homeserver.yaml.matrix_server @@ -1,6 +1,6 @@ server_name: ${synapse_domain} pid_file: /var/run/matrix-synapse/homeserver.pid -public_baseurl: https://${synapse_public_fqdn}:${synapse_client_port}/ +public_baseurl: https://${synapse_public_fqdn}/ listeners: - port: ${synapse_local_client_port} @@ -32,9 +32,9 @@ client_base_url: https://${synapse_public_fqdn} database: name: psycopg2 args: - user: ${synapse_db_user} - database: ${synapse_username} - host: ${synapse_db_host} + user: ${synapse_username} + database: ${synapse_dbname} + host: ${synapse_dbhost} cp_min: 5 cp_max: 10 keepalives_idle: 10 @@ -78,15 +78,15 @@ autocreate_auto_join_rooms: true autocreate_auto_join_rooms_federated: false turn_uris: ['turn:${synapse_turn_host}'] -turn_shared_secret: ${synapse_turn_secret} +turn_shared_secret: "${synapse_turn_secret}" turn_allow_guests: false report_stats: false -macaroon_secret_key: ${synapse_macaroon_secret_key} -form_secret: ${synapse_form_secret} +macaroon_secret_key: "${synapse_macaroon_secret_key}" +form_secret: "${synapse_form_secret}" -signing_key_path: ${synapse_conf_dir}/${synapse_domain}.signing.key +signing_key_path: ${synapse_conf_dir}/signing.key trusted_key_servers: - server_name: matrix.org @@ -96,7 +96,8 @@ modules: - module: ldap_auth_provider.LdapAuthProviderModule config: enabled: true - uri: ${ldap_uri} + uri: +$(printf -- ' - ldap://%s:389\n' $ldap_hosts) start_tls: true base: ${users_basedn} attributes: diff --git a/files/usr/local/etc/matrix-synapse/log.config.matrix_server b/files/usr/local/etc/matrix-synapse/log.config.matrix_server new file mode 100644 index 0000000..c131919 --- /dev/null +++ b/files/usr/local/etc/matrix-synapse/log.config.matrix_server @@ -0,0 +1,36 @@ +version: 1 + +formatters: + precise: + format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s- %(message)s' + +filters: + context: + (): synapse.util.logcontext.LoggingContextFilter + request: "" + +handlers: + file: + class: logging.handlers.RotatingFileHandler + formatter: precise + filename: /var/log/matrix-synapse/homeserver.log + maxBytes: 104857600 + backupCount: 10 + filters: [context] + level: INFO + encoding: utf8 + console: + class: logging.StreamHandler + formatter: precise + filters: [context] + +loggers: + synapse: + level: INFO + + synapse.storage.SQL: + level: INFO + +root: + level: INFO + handlers: [file, console] diff --git a/files/usr/local/etc/matrix-synapse/signing.key.matrix_server b/files/usr/local/etc/matrix-synapse/signing.key.matrix_server new file mode 100644 index 0000000..896f036 --- /dev/null +++ b/files/usr/local/etc/matrix-synapse/signing.key.matrix_server @@ -0,0 +1 @@ +${synapse_signing_key} diff --git a/files/usr/local/etc/nginx/vhosts.conf.matrix_server b/files/usr/local/etc/nginx/vhosts.conf.matrix_server new file mode 100644 index 0000000..4819b4d --- /dev/null +++ b/files/usr/local/etc/nginx/vhosts.conf.matrix_server @@ -0,0 +1,46 @@ +server { + listen ${synapse_federation_port} ssl default_server; + listen [::]:${synapse_federation_port} ssl default_server; + + http2 on; + + ssl_certificate ${synapse_https_cert}; + ssl_certificate_key ${synapse_https_key}; + ssl_trusted_certificate ${synapse_https_cacert}; + + add_header Strict-Transport-Security "max-age=63072000" always; + + location / { + proxy_http_version 1.1; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + proxy_pass http://127.0.0.1:${synapse_local_federation_port}; + } +} + +server { + listen 443 ssl default_server; + listen [::]:433 ssl default_server; + + http2 on; + + ssl_certificate ${synapse_https_cert}; + ssl_certificate_key ${synapse_https_key}; + ssl_trusted_certificate ${synapse_https_cacert}; + + root ${synapse_element_webroot}; + + add_header Strict-Transport-Security "max-age=63072000" always; + client_max_body_size ${synapse_upload_sizelimit}; + + location ~ ^(/_matrix|/_synapse/client) { + proxy_http_version 1.1; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + proxy_pass http://127.0.0.1:${synapse_local_client_port}; + } +} diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository index a310d67..0af0716 100644 --- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository +++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository @@ -159,6 +159,7 @@ textproc/py-docutils textproc/py-markdown textproc/py-pygments www/chromium +www/element-web www/fcgiwrap www/firefox www/linux-widevine-cdm diff --git a/files/usr/local/etc/sudoers.d/acme.matrix_server b/files/usr/local/etc/sudoers.d/acme.matrix_server new file mode 100644 index 0000000..9ca89b8 --- /dev/null +++ b/files/usr/local/etc/sudoers.d/acme.matrix_server @@ -0,0 +1 @@ +${acme_user} ALL=(root) NOPASSWD: /usr/sbin/service nginx reload -- cgit v1.2.3